Tuesday, 1 September 2015


The 6 Most Dangerous Security Threats of 2015
By Dan Price,
Make Use Of, 31 August 2015.

Cyber-attacks continue to grow in 2015. According to anti-virus testing site AV-TEST, more than 390,000 new malicious programs are now registered every single day, and the total amount of malware attacks in circulation now stands around the 425,000,000 mark.

On the positive side, the rate of growth of new malware doesn’t seem to have changed much since last year. By the end of the year it is expected that around 150,000,000 new strains will have been detected, up from 142,000,000 in 2014. To put that in context, between 2013 and 2014 the amount of new malware almost doubled from 81,000,000.

Out of this vast amount of malware, some are more important than others. Here’s our rundown of the five most significant…

1. Facebook Porn

In late-January/early-February, a Trojan horse tore its way through Facebook, infecting 110,000 users in just two days.

The malware worked by tagging an infected user’s friends in a post, which when opened, started to play a preview of a porn video. At the end of the preview it asked them to download a fake Flash player in order to be able to see the rest of the footage. That fake download is actually the malware downloader.

The Trojan is especially dangerous due to a new technique called “magnet.” Previous iterations of social media malware worked by sending messages to an infected person’s friends, thus limiting its progress to direct friends only. The new technique of tagging people in a public post means the tag may be seen by friends of the victim’s friends as well - thus allowing it to spread faster.

Why is it important?

Virtually everyone has a social media account of some description. While some users are more security-savvy than others, the youngest (Facebook takes users from age 13) are arguably more vulnerable than most. It means that (a) your child could be exposed to videos that they really shouldn’t be at that age, and (b) if your child uses your computer, they could infect it without you realizing.

2. Syrian Spies

At the same time as the Facebook scandal was happening, another malware attack was rumbling along in the Middle East.

Using a combination of malware on Windows and Android, a group that aligned with embattled Syrian President Bashar Al-Assad managed to haul in a vast amount of intelligence about Syrian rebels. Data collected included personal information, battle plans, troop locations, political strategies, and information on alliances between the various rebel groups.

The attack worked by using fake Skype and social media accounts that purported to be female supporters of the rebels that were based in Lebanon and other surrounding countries. The accounts lured the rebel fighters into "sexy chats." After asking the rebels what operating system they used, they would send photos, videos, and other chat software downloads to infect their victims’ machines.

Why is it important?

Hackers and malware attacks no longer originate solely out of geeks’ bedrooms. They are now a weapon in the geo-political arena and are being actively used to influence the outcomes of wars. Horror stories of nuclear reactors and missile silos getting hijacked by an enemy are not far away.

3. Mac Firmware Worm

While the amount of Mac-based crapware, homepage hijackers, and content trackers has been steadily rising for the last few years, it’s always been (incorrectly) assumed that Apple systems are locked down in ways that Windows-based PCs aren’t - thus making them almost invincible to the torrent of attacks that Microsoft users have to withstand.

A little under a month ago, news broke that two white hat researchers had successfully created the world’s first firmware worm for Mac.

While this worm isn’t “on the market” at the moment - the proof-of-concept virus is dangerous. It can be delivered either via an email, an infected USB stick, or a peripheral device (like an Ethernet adaptor). Once it’s on your machine it cannot be removed from the firmware manually (you’d have to re-flash the chip), and it can’t be detected by any existing security software.

If the concept has been proved, it’s only a matter of time until black hat hackers start exploiting it. If you’re a Mac user, take appropriate security steps now.

Why is it important?

Lots of Mac users are blissfully ignorant about the threats they face and how to combat them. The anti-virus market is significantly under developed when compared to that of Windows, providing would-be criminals with a huge, and easy, opportunity.

4. Hacked Jeep

The hacked Jeep story made headlines around the world in July.

The vulnerability arose from carmakers’ new-found desire to turn their products into “smart” cars - enabling drivers to control and monitor certain aspects of their vehicles remotely.

One such system - Uconnect - makes use of a cellular connection that allows anyone who knows the car’s IP address gain access from anywhere in the country. One of the hackers described the loophole as "a super nice vulnerability."

After gaining access, the hackers implanted their own firmware on the car’s entertainment system. They then used it as a springboard to send commands through the car’s internal computer network to its physical components such as the engine, brakes, gears, and steering.

Thankfully the men behind the hack, Charlie Miller and Chris Valasek, have been working with Chysler for almost a year in order to shore-up their vehicles. However, like the Mac worm, the fact that a proof-of-concept hack worked means it’s only a matter of time until less honest people start to find their own exploitations.

Why is it important?

Hacking has moved on from computers. In the age of the smart home, smart car, smart TV, and smart everything else, there are now far more vulnerable access points than ever before. With common protocols not yet widespread, hackers have a rich array of targets. Some of these targets have the ability to cause physical harm to a victim, as well as costing them a lot of money.

5. Rowhammer

What’s the worst kind of security hack? The answer is almost certainly one that cannot be fixed.

Rowhammer.js is a new security attack that was revealed in a paper by security researchers earlier this year. It’s so dangerous because it doesn’t attack your software, but instead targets a physical problem with how current memory chips are constructed.

Apparently the manufacturers have known about the hack since 2012, with chips from 2009 all affected.

It’s so worrying because it doesn’t matter what type of operating system you’re using - Linux, Windows, and iOS are all equally vulnerable.

Worst of all, it can be exploited by a simple webpage - there is no requirement for a machine to already be partially compromised. As one researcher behind the paper explained, "It’s the first remote software-induced hardware-fault attack."

Why is it important?

Like the Mac worm, it shows that previously safe Linux and Apple users are now fair game. It also shows that old methods of anti-virus protection might not be enough; users who previously thought of themselves as security-aware might now find themselves exposed.

6. Android Texts

During the summer it was reported that a staggering 950 million Android phones and tablets were vulnerable to hacks that could install malicious code via text message or via a website.

If an attacker has the phone number of their victim, they can send a modified multimedia message (MMS), which, once opened, would execute the code. The phone’s owner would have no idea that they were being attacked, and there would be nothing obviously wrong with the device.

It is claimed that all versions of Android from 2.2 onwards are susceptible.

As with the Jeep hack, this exploit was found by white hat hackers who reported it to Google. As yet, there is no evidence that it’s being used by criminals.

Why is it important?

“A fully weaponized successful attack could delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.
The vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual - with a trojaned phone.”
We know this is just a snapshot of the important hacks that have taken place this year. There has been so many that it’s impossible to list them all in a single article.

Top image credit: Perspecsys Photos/Flickr.

[Source: Make Use Of. Edited. Top image and some links added.]

No comments:

Post a Comment

Please adhere to proper blog etiquette when posting your comments. This blog owner will exercise his absolution discretion in allowing or rejecting any comments that are deemed seditious, defamatory, libelous, racist, vulgar, insulting, and other remarks that exhibit similar characteristics. If you insist on using anonymous comments, please write your name or other IDs at the end of your message.