servicespastebin
pastebin 时间:2021-04-04 阅读:()
2012SummaryPandaLabsannualReport01Introduction06AboutPandaLabs05Conclusion042013SecurityTrends032012infigures022012ataglance-MobilePhoneMalware-Ransomware:"PoliceVirus"-SocialNetworks-Mac-Cyber-crime-Cyber-warIntroduction01|IntroductionTheyear2012hascometoanend,anditistimetotakealookbackandanalyzeeverythingthathashappenedinthesecurityworldoverthelasttwelvemonths.
Malwarecreationshowednosignofslowingdown,asshownbythefactthatin2012wedetectedarecord-high27millionnewmalwarestrainsatthelaboratory,atanaverageof74,000newsamplesperday.
Inaddition,cyber-attacksagainstmultinationalcorporationscontinuedtoincrease,withvictimsrangingfromcompaniesinthevideogameindustry(Blizzard)toautogiants(Nissan).
Wealsoanalyzethemostimportanteventsinthemobilephoneindustry.
AsAndroid'smarketsharecontinuestogrow,themotivationforcyber-crookstotargettheplatformalsoincreases.
Thereportalsocovershowsocialmedia(Facebookespecially)wasusedbycyber-criminalstospreadmalwarebymakinguseofsocialengineeringtechniques.
Furthermore,wetakealookatthelargestMacinfectiontodateanditsconsequences.
2012hasseensomeremarkableeventsinthecyber-war/cyber-espionagearena,withFlamegrabbingheadlines.
WeanalyzethisandotherattacksthattookplaceintheMiddleEast.
Summingup,thisreportrecapsthemajorcomputersecurityeventsthatoccurredin2012,andforecastsfuturetrendsfor2013.
Sitbackandenjoy!
2012ataglance02|2012ataglanceAsAndroidmarketsharecontinuestogrow,sodoestheamountofmalwaretargetingtheplatform.
InJanuary,GooglehadtoremoveseveralmaliciousappsfromitsAndroidMarket(renamedto'PlayStore').
Basically,cyber-crooksrepackagedpopulargameslikeAngryBirdsorCutTheRopewithmaliciouscodeanduploadedthemtoPlayStore.
UsersthendownloadedandinstalledtheappsunawarethattheywerealsoinstallingaTrojanthatsentSMSmessagestoapremiumratenumber.
MobilePhoneMalwareInfact,welearnedthatGoogle,tiredofthemaliciousappsfoundonPlayStore,hasstartedanalyzingappsbeforeputtingthemintheircataloginordertodetectanomalousbehavior.
Accordingtotheirownsources,theyhavemanagedtoreducemaliciousappdownloadsby40percent.
Unfortunately,despitetheseefforts,criminalscontinuedtotargettheAndroidmobileplatformthroughappsnotalwaysaccessiblethroughPlayStore.
ThiswasthecaseofBmaster,aremoteaccessTrojan(RAT)ontheAndroidplatformthattriedtopassitselfoffasalegitimateapplication.
WealsosawTrojansexclusivelydesignedtostealdatafrominfecteddevices:fromcallandtextmessagerecordstousers'contactlists.
Androidispotentiallyexposedtofarmoresecurityrisksthanitsbiggestcompetitor(iPhoneanditsiOS),asitallowsuserstogettheirappsfromanywheretheirwant.
However,usingtheofficialAndroidmarketplaceisnosecurityguaranteeeither,asithasalsobeentargetedbycyber-crooksluringusersintoinstallingTrojansdisguisedaslegitimateapps.
Somethingwhich,bytheway,hasalsohappenedtoApple'sAppStore,buttoalesserextentthantoGoogle'sPlayStore.
2012ataglanceOperaMiniisaWebbrowserdesignedprimarilyformobilephones.
Overthelastfewmonths,OperaMinihasgainedinpopularityasamobilebrowseralternativeonAndroidsmartphones,becomingatargetforcyber-criminalstotrickusers.
Inthelatestattack,criminalsofferedthebrowsertousersfromastoreotherthanGoogle'sPlaystore.
However,installingtheapplicationinstalledtheactualOperabrowser,andalsoaTrojanthatsentSMSmessagestopremium-ratenumbers.
UnlikeothercasesinwhichTrojansattemptedtopassthemselvesoffaspopularmobileapps,inthiscasethemalwarecamebundledwithalegitimateversionoftheOperaMinimobilebrowsertohelptrickusersintothinkingthatnothingwaswrongastheycouldsimplyusetherealsoftwareasexpected.
FIG.
01.
CHINAMOBILE.
Wesawanother'unusual'attackinChina,asaTrojanwasreleasedthatpurchasedapplicationsfromtheinfecteddevice.
TheTrojanaffectedChinesesubscriberstoChinaMobile,oneoftheworld'slargestmobilephonecarrierswithmorethan600millionsubscribers.
Onceinfected,themobilestartedbuyingapplicationsfromChinaMobile'smarketplaceonbehalfoftheuser.
ThisTrojanwasdeliveredonnineunofficialappstores.
Atthispoint,manyusersbelievethatitissafertobuyandinstallappsfromofficialstores.
Thisistruetosomeextent,buttherehavealsobeeninstancesofmalwarecreepingontoofficialstores.
Thisquarter,forexample,anewmalwarestrainwasdiscoveredhidingoutinthePlayStore,posingastwogames:SuperMarioBrosandGTA3MoscowCity.
Themalwaremanagedtoremainundetectedforweeksuntilitwasfinallyremoved.
FIG.
02.
500millionAndroiddevicesnowactivated.
WhyisAndroidthemosttargetedmobileplatformWell,thisisduetoanumberofreasons:Firstly,Androidallowsitsuserstogettheirappsfromanywheretheywant.
Theydon'tnecessarilyhavetogototheofficialstore,normustapplicationsbedigitallysignedaswithiOS.
Secondly,cyber-crookswouldhaveneversettheireyesonthisplatformifitweren'tforthelargenumberofusersithas.
InJune,Googleannouncedthat400millionAndroiddeviceshadbeenactivated,afigurethatreached500millionatthebeginningofSeptember,with1.
3millionactivationsperday.
PoliceVirusScamOneofthisyear'stopthreatshasundoubtedlybeenanewmalwareepidemicthatinfectedhundredsofthousandsofcomputersaroundtheworldusingfearandblackmailingtechniquestoextortmoneyfromcomputerusers.
WhileweareusedtoseeingthiskindoffakemessageinEnglish,inthiscasetheattackswerelocalized.
WesawEnglish,German,Spanish,DutchandItalianmessages(amongothers)dependingonthetargetedcountry.
AlloftheattackstargetedsomeEuropeannation,soitlooksliketheywererelatedandthesamecyber-criminalgangcouldbebehindthem.
FIG.
3.
Iconusedbyoneofthe"PoliceVirus"variants.
Let'stakeacloserlookatoneoftheattacks.
Thefile'siconwasthepopularlogousedbyLulzSecintheircommunications:2012ataglanceOncetheircomputerwasinfected,theuserwasconfrontedwiththefollowingfull-screenwindowcoveringtheentiredesktop:FIG.
04.
FakewarningmessagedisplayedbytheTrojan.
Themessageinformedtheuserthattheyhadaccessedillegalmaterial(suchaschildpornography)orsentspammessageswithterroristmotives,andtheircomputerhadbeenlockedtopreventfurtherabuse.
Tounlocktheircomputer,theyhadtopaya100'fine'.
TheworstthingfortheuserwasthattheTrojanactuallyblockedthecomputer,soitwasnoteasytoremoveit.
Todoit,theuserhadtorestartthecomputerinsafemodeandrunascanwithanantivirussolutionsthatwasabletodetectit.
Howcomethemessagewasdisplayedinthevictim'sownlanguageandhowdidtheTrojanpurporttocomefromlocalauthoritiesWell,that'seasytoexplain:Afterinfectingthecomputer,themalwareconnectedtoacertainURLand,basedonthevictim'sIPaddress,retrievedthelocalizedversionofthemessagethatappearedonthecomputer.
MostmessagespretendedtocomefromEuropeanauthorities(althoughwealsosawexamplestargetingusersinothercountries,likeCanadaforexample).
BelowaresomeexamplesofsimilarattackslaunchedinQ12012:FIG.
05.
FakewarningmessagedisplayedbytheTrojaninGerman.
2012ataglanceFIG.
06.
FakewarningmessagedisplayedbytheTrojaninDutch.
FIG.
07.
FakewarningmessagedisplayedbytheTrojaninItalian.
2012ataglanceFIG.
08.
FakewarningmessagedisplayedbytheTrojaninEnglish.
FIG.
09.
FakewarningmessagedisplayedbytheTrojaninSpanish.
However,theattackbecamemorecomplexovertime.
Themalwarewentontouseransomwaretechniques,'takingover'infectedcomputersbyencryptingsomeoftheircontentandforcinguserstopayafineorloseaccess.
Basically,attackerstookthisfunctionalityfromthePGPCoderTrojan,amaliciouscodedesignedtoencryptfilesandkeepthemlockedunlessthevictimagreedtopayaransom.
ThefirstversionsofthenewPoliceVirusonlyencrypted.
docfiles,andtheencryptionwasn'ttoohardtocrack,soitwaspossibletodecryptthefileswithoutthekey.
Now,however,amoresophisticatedencryptionisbeingused,andthedecryptionkeyisrequiredtounlockthefiles.
Andnotonlythat,thefilesareencryptedwithadifferentkeyforeachinfectedcomputer,so,unlessyouareabletoaccesstheserverthatstoresallkeys,itisabsolutelyimpossibletoaccessthefiles.
Additionally,therangeoffilesbeingencryptedisalsomostsophisticated.
Somevariantsuseablacklistofextensionstoencrypt;othersuseawhitelistofcriticalsystemfilesnottoencrypt.
2012ataglanceFIG.
10.
WarningusedbythePoliceVirusuntilnow.
Andreplaceditwithoneincludingimagestakenbytheirwebcam:FIG.
11.
NewwarningusedbythePoliceVirus,showingtheimagescapturedbythecomputer'swebcam.
Asyoucansee,thepageincludesasmallwindowshowingtheimagestakenbythewebcaminrealtime,togetherwiththetext:"Liverecording".
However,noimagesareactuallybeingrecordedorsenttolawenforcement.
Thewarningjustdisplaystheimagescurrentlycapturedbythewebcam.
Users,however,don'tknowthis,andmostofthemwillstarttopanicandbewillingtopaythe'fine'tostoplawenforcementfromspyingonthem,astheyaremadetobelieve.
Aspreviouslysaid,thisnewvariantdoesn'tuseencryption,probablybecausecyber-criminalsthinkthatthewebcamtrickisenoughtoscarepotentialvictims.
Thequestionis,howmuchfurthercanthismalwaregoIntheend,thepurposeofscarewareissimplytofrightentheuserintopayingthemoney(or,asattackerscallit,"thefine").
AnewvariantofthePoliceVirustakesovertheuser'swebcam.
WhatforWell,themalwarehaschangedthescreenitdisplayedsofartowarntheuserthat'illegalactivity'hadbeentracedtotheircomputer…2012ataglanceSocialNetworksFacebookcontinuesitsreignasthenumberonesocialnetworkingsitebutitalsoisafavoritetargetofcyber-crooks.
InJanuary,awormwasdiscoveredthathadstolenover45,000Facebooklogincredentials.
Researchersfearthatthecriminalsusedthese'infected'accountstosendlinkstopeople'sFacebookfriends,spreadingthecomputerwormfurther.
Meanwhile,whatdoesFacebookdotoprotectusersWell,thegoodnewsisthatatleasttheytakethefightagainstcyber-crimeseriously.
FIG.
12.
FacebookrevealedthenamesofthesuspectsbehindtheKoobfaceattack.
InJanuary,FacebookfinallyrevealedthefullnamesandonlinenamesoftheperpetratorsbehindtheKoobfacebotnetthathasaffectedthesocialsiteforafewyears.
Theidentitiesofthoseresponsiblefortheattacksare:StanislavAvdeyko(leDed),AlexanderKoltysehv(Floppy),AntonKorotchenko(KrotReal),RomanP.
Koturbach(PoMuc)andSvyatoslavE.
Polichuck(PsViatandPsycoMan).
Unfortunately,themenlivecomfortablelivesinSt.
Petersburg(Russia),andhavebecomerichfromtheirvariousonlineschemes.
Allfivehaveyettobechargedwithacrime,norhasanylawenforcementagencyconfirmedtheyareunderinvestigation.
FIG.
13.
Maliciousmessage.
FIG.
14.
Maliciouswebsite.
DespitethemyriadmalwareandspamscamspreyingonFacebook,curiositystillgetsusersintotrouble.
ThisyearwesawanewscaminvolvingasupposedtapeofKatyPerryandRussellBrandpostedtothewallsofhundredsofusers.
Themaliciouspostlookedasfollows:2012ataglanceHowever,allthe'Likes',comments,etc.
displayedonthepagewerefalseasthe'page'itselfdidn'texist,itwassimplyanimage.
Ifyouclickedon"InstallPlugin"andyouwereusingFirefoxorChrome,theworminstalledabrowserplug-inandusedittopostthescamtothevictims'friends'pages.
OnInternetExplorer,astherewasnoplug-inthatcouldcarryoutthistask,thewormdisplayedanageverificationpagetoaccessanapplicationcalled'X-RayScanner'.
ThispageinformsyouthatyourTwittersessionhastimedoutandasksthatyouloginagain.
Tomakethephishingscamlookasrealaspossible,allthelinksdisplayedonthepageareactuallyTwitterlinksexceptforthe"Signin"and"Signup"buttons,whichwilltransmittheuserdatatotheattackers.
OncetheyhaveyourTwitterloginandpassword,theywillbeginsendingthesamemisleadingTwitterDMtoallofyourfollowers.
Thisway,theywillstealtheirTwitterloginaswell,andusetheiraccountstospreadmalware,sendspamorturnthosecredentialsintomoneybysellingthemtoothercyber-crooks.
SocialnetworkingsiteLinkedInhad6.
5millionuserpasswordsstolenandleakedonline.
Fortunatelyenough,however,thesepasswordswerenotstoredinplaintextfiles,butwereencrypted.
Thebadnewsisthattherewasnootheradditionalprotection,soincaseyouhaven'talreadydoneso,weadvisethatyouchangeyourLinkedInpasswordrightnow.
Andifyouusethatpasswordforanyotherserviceaswell,changeittoo,andalwaysusedifferentpasswordsfordifferentprogramsandservices.
FIG.
15.
Message.
Asyoucansee,thepagelookedlikeaFacebookpagetotrickusersintobelievingtheywerestillonthesocialnetworkingsite.
Ifthevictimclickedanyofthelinkstheyweretakentoapagewheretheywereaskedtoentertheircellphonenumber.
However,afterdoingso,theystartedreceivingunwantedpremiumratetextmessages.
Oneoftheprimaryobjectivescyber-crookshavewhenlaunchingattacksonsocialmediasitesistogainaccesstousers'accountssothattheycanimpersonatethemandaccesstheirpersonaldetailsorinformationsharedwithotherusers.
OnTwitter,forexample,accessingauser'saccountwillallowthemtosenddirectmessages(DMs)tothevictims'friends.
Atypicalexamplewouldbeasfollows:YoureceiveaDMfromoneofyourcontactsinformingyouthatsomeonehasjustpostedsomeembarrassingpicturesofyou.
Ifyouclickthelink,you'llbetakentothefollowingpage:FIG.
16.
PhishingpagethatstealsTwittercredentials.
2012ataglanceMacEverytimewediscussMacthreats,wepresentyouwiththecasesthatmostcaughtourattention.
Luckilyenough,theseinfectionsarenotmassive,asdespitethegrowthofMacmalware,thePCremainsthebiggesttargetforcyber-criminals.
Unfortunately,manyMacusersstillbelievetheyareimmunetothreats,eventhoughlittlebylittlepeople,evenatApple,arebeginningtorealizethatthatisnotthecase.
TheApplepagethatexplainsthereasonswhyMacsarebetterthanPCspreviouslyboastedthatMacsystems'don'tgetviruses'(afalsestatement,sincemacroviruses,forexample,affectbothplatforms).
However,itseemsthatAppleisbeginningtoacknowledgethetruth,astheyhavereplacedtheprevioustextwiththisone:FIG.
17.
Apple'swebsitesaiditsoperatingsystemwasvirusfree.
ThischangeisprobablyrelatedtotherecentoutbreakoftheFlashbackTrojan,amalwarespecimenresponsibleforthesinglemostsignificantmalwareinfectiontoeverhittheMaccommunity.
Thismalwareinfectedupto600,000Maccomputersaroundtheworld,creatingthelargestbotnetevertotargetApplecomputers.
OneoftheTrojan'smostuniquefeatureswasthatbeforeinfectingacomputer,itcheckedtoseeifithadsomekindofantivirusinstalled.
Ifthecomputerwasprotected,Flashbackdidn'tinfectit;otherwise,itinfectedtheMacandtriggereditspayload.
Thisattackhasonceagaindemonstratedthat,contrarytopopularbelief,Macsareinfactnotimmunetovirusinfectionandmalware,amythlargelyexploitedbycyber-criminals.
Cyber-crimeInatypicalphishingattack,offendersusuallystealconsumers'identitiestoimpersonatethemandemptytheirbankaccounts.
However,theyearstartedoffwithquiteanunusualcase.
Thefirstmayorcyber-crimeof2012tookplaceinSouthAfrica,ashackersgotawaywithabout$6.
7millionfromSouthAfricanPostbank.
Therobberytookplaceoverthreedays,fromJan1toJan3.
Thehackers,whohadplannedtheattackformonths,usedstolenlogindetailsfromaPostbanktellertotransferthestolenmoneyintomultiplebankaccountsthatwereopenedacrossthecountry.
FIG.
18.
Appleremovesclaimofvirusimmunity.
2012ataglanceMegauploadcaseInJanuary,theFBIshutdownthepopularMegauploadfile-sharingwebsite,chargingthefoundersfor"copyrightinfringement"(youcanreadtheFBIpressreleasehere,withmoreinformationaboutthecase).
Ifconvicted,thoseinvolvedfaceupto50yearsinprisononallcharges.
HackergroupAnonymousreactedswiftlytothenews,launchingDDoSattacksonseveralWebpages,includingthesitesoftheU.
S.
DepartmentofJustice,RIAA(RecordingIndustryAssociationofAmerica)andUniversalMusicGroup.
Goingbacktothepressrelease,theFBIstatedthat:"ThiscaseispartofeffortsbeingundertakenbytheDepartmentofJusticeTaskForceonIntellectualProperty(IPTaskForce)tostopthetheftofintellectualproperty.
"Well,asweallknow,inthe'realworld'cyber-criminalsaresiphoningmillionsofdollarsintotheirpocketseveryyearbyattackinghundredsofthousandsofcomputers.
However,itseemsthatauthoritiesconsidercopyrightinfringementtobefarmoreserious.
Asalways,thisisaquestionofpriorities,anditseemsthatinthiscasethehighestpriorityoflawenforcementagenciesisnotexactlytoprotecttheindividual.
FIG.
19.
ImagedisplayedonaccessingMegaupload'ssiteaftertheFBI'sintervention.
BothAnonymousandLulzSechavebeenverybusyoverthelastyear.
InJanuary,inthewakeofcontroversiallegislationsuchasSOPAandACTA,thehackinggrouppostedthefollowingTwittermessage:"Ifyouhated#SOPA,you'llburstintoflamesabout#ACTAhttp://is.
gd/Bo68r4Negotiatedinsecret.
iPodsearchesatbordercrossings.
"Soonafter,theylaunchedanunprecedentedstringofattacksongovernmentandbusinesssitesaroundtheworld.
InFebruary,theyrecordedandreleasedasensitiveconferencecallbetweentheFBIandScotlandYard.
Amidgrowingspeculationabouthowthehackershadbeenabletoobtaintherecording,AnonymouspublishedanemailpurportedlysentbyanFBIagenttointernationallawenforcementagencies,withaphonenumberandpasswordforaccessingthecall.
2012ataglanceFIG.
20.
FBImessageinterceptedbyAnonymous.
InFebruary,AnonymouspublishedthesourcecodeofPCAnywhereandNorton,stolenin2006.
Thetheftwascommittedbyagroupofcyber-criminalswhoaimedtoblackmailSymantec.
However,onceitbecamecleartheAmericansecurityfirmwasnotgoingtogiveintotheblackmail,theydecidedtopassthedatatoAnonymoustomakeitpublic.
InMarch,severalallegedmembersofLulzSecwerearrestedinthecourseofapoliceoperationlaunchedin2011.
ItwasimmediatelydiscoveredthatSabu,theallegedleaderofLulzSec,hadbeensecretlyarrestedbytheFBIandhadbeenworkingforthegovernmenttoarrestothermembersofthehackercollective.
LuisCorrons,technicaldirectorofPandaLabs,laudedthearrestsonthelaboratory'sblogandAnonymousreactedswiftlybybreakingintotheexternalserverthathostedthebloganddefacingit.
Anonymousmakeabigdealaboutfreedomofspeech,callingthemselves'theVoiceofFreeSpeech'and'aggressiveproponentsfortheFreedomofSpeech'.
However,inreality,theselfappointeddefendersoffreespeechshutdownpeople'swebsiteswhentheydon'tlikewhattheyread.
Uhmm…Itisironic,isn'titItseemsthatAnonymousareonlyinterestedindefendingfreedomofspeechwhenitservestheirowninterests.
Actually,aBritishjournalistaskedthemaboutthisapparentcontradictiononTweeterbuthisquestion,unsurprisingly,wentunanswered.
FIG.
21.
PandaLabsblogpostpraisingthelatestLulzSecarrests.
2012ataglanceFIG.
22.
UnansweredquestiontoAnonymousfromaBritishjournalist.
Onedaylater,theylaunchedanattackonthemainwebsiteoftheVatican,renderingitinaccessible.
AndfivedayslatertheyattackedtheVaticanagain,thistimebreakingintotheVaticanRadiodatabaseandpostingusernamesandpasswords.
Unfortunately,AnonymousandLulzsecarenottheonlyoneswholaunchthesetypesofattacks.
InFebruary,theonlineMicrosoftStoreinIndiawascompromisedbyagroupofChinesehackers.
TheteamofhackersdefacedthesiteandstoledatafromthousandsofMicrosoftcustomers.
FIG.
23.
MicrosoftIndiaWebstorehacked.
FIG.
24.
Screenshotshownbycyber-criminalstoprovetheyhadstolendatafromMicrosoft'scustomers.
2012ataglanceAlsoinFebruary,itwasreportedthatattackersstoleinformationfrommillionsofusersofYouPorn,oneoftheworld'smostpopularpornvideowebsites.
ThisdatawaspostedonPastebin,apopulardumpinggroundforcyber-attackers,potentiallycompromisingthesecurityofthousandsofuserswhoreusepasswordsonmultiplesites.
InMarch,itwasrevealedthatMichaelJackson'sentirebackcataloguehadbeenstolenfromSonyMusic,includingsomepreviouslyunreleasedmaterial.
Thisfollowslastyear'sattacksonSonythatexposedpersonaldatafrommorethan100millionaccountsatSonyOnlineEntertainmentandthePlayStationNetwork(PSN).
Itseemsthatthecyber-criminalswhohackedintoSonyMusic'ssystemsthoughtitwouldbeeasytoaccessthecompany'sinformation.
Unfortunately,theywereright,althoughinthiscasetheywerearrestedandareduetostandtrialin2013.
FIG.
25.
MichaelJackson'sentiremusiccataloguestoleninSonyMusichack.
Wikipediasufferedanattackthatforcedtheorganizationtoreleaseastatementwarningitsusersthatseeingadsonitswebsitemeanttheircomputershadbeeninfected.
TheattackersusedarogueGoogleChromeadd-onthatinsertedadsintothesite.
ThefoundationbehindWikipediatooktheopportunitytoremindusersthatWikipediaisfundedbydonorsandtheydon'trunadvertisementsontheirpages.
FIG.
26.
RogueGoogleChromeextensioninjectedadsintoWikipedia.
Wehavementionedonmanyoccasionshowcyber-criminalsarebecomingmoresophisticatedandareconstantlyimprovingtheirtechniques.
AnexampleofthiswastheappearanceofanewvariantoftheSpyEyebankingTrojan,whichhijackedthewebcamofinfectedcomputers.
WhatforTomonitorhowvictimsreactedwhentheyreadthesocially-engineeredmessagesdisplayedbythemalwareonspoofbankingwebsites,andseehoweffectivetheirsocialengineeringturnedouttobe.
NissanMotorCompanyfellvictimtoabreachofemployeeinformation.
TheattackerscompromiseduserIDsandpasswords,whichseemstoindicatethatthemalwarewasdesignedforindustrialespionage.
KhosrowZarefarid,anIraniansecurityexpert,discoveredacriticalflawinIran'sbankingsystem,providingaffectedinstitutionswiththedetails.
Whentheaffectedbanksdidn'trespond,hehacked3millionaccountsacrossatleast22banks.
Hethendroppedthesedetails–includingcardnumbersandPINs–onhisblog.
GoogletookdownZarefarid'sBlogger-hostedblog,whereasaffectedinstitutionswarnedcustomerstochangetheirdebitcardPINs.
2012ataglanceHackers,perhapsfromEasternEurope,stolethepersonaldetailsofover900,000ofUtah'sMedicaidbeneficiariesfromaserveroperatedbyUtah'sHealthDepartmentTheDropboxfilesharingservicesufferedahugesecuritybreachthatledtotheftofusernamesandpasswordsfromthousandsofusers.
Accordingtoreports,itwasusersthemselvesthatraisedthealarmafterstartingtoreceivespamataddressesusedonlyforDropbox.
FIG27.
DROPBOX.
FIG.
28.
REUTERS.
InSouthKorea,mobilecarrierKTCorporationsufferedadatabreachwhichexposedpersonalinformationofover8.
7millioncustomers.
Shortlyafterthehack,SouthKoreanpoliceannouncedthearrestoftwoprogrammerswhowereallegedlyinvolvedwiththetheft.
TheReutersnewsservicesufferedtwosuccessfulhackerattacksonitsbloggingplatform.
ThenewsagencywasfirsthitatthebeginningofAugustwhenafalseinterviewwithaSyrianrebelleaderwaspublished.
Asaresult,Reuterstookitsbloggingplatformofflineforafewhours.
Twoweekslater,asimilarincidenttookplaceinvolvinganarticlethatfalselyclaimedSaudiArabia'sforeignministerSaudal-Faisalhaddied.
Blizzard,theAmericanvideogamedeveloperandpublisheroftitleslikeWorldofWarcraft,StarcraftorDiablo,confirmedinAugustthattheyhadsufferedasecuritybreachandurgeduserstochangethelogincredentialstoitsonlinegamingserviceBattle.
net.
Theyconfirmedthathackerswereabletoobtainusers'emailaddressesandencryptedpasswords.
FIG.
29.
BLIZZARD.
InSeptember,itwasrevealedthatAdobehadalsobeenattackedbyhackers.
Inthiscasethough,theattackerswerenotinterestedinstealingcustomerdata,butinaccessingoneofthecompany'sinternalserverstobeabletosigntheirmalwarewithavaliddigitalcertificatefromAdobe.
TheattacktookplaceinJuly.
U.
S.
insurerNationwidesufferedadatabreachthatrevealedthepersonalinformationofoveronemillioncustomersandemployees.
Thisinformationincludedtheirfullnames,homeaddresses,socialsecuritynumbersandotherpersonalinformation.
Inadditiontoprivatecompanies,publicinstitutionshavealsosufferedtargetedattacksanddatabreaches.
InNovember,theUNnuclearwatchdogInternationalAtomicEnergyAgencywasattackedbyagroupcalled"Parastoo",whichlaterpublishedthestolendataonPastebin.
AlsoinNovember,theJapanAerospaceExplorationAgencysaidithadfoundevidencethatoneofitscomputershadbeeninfectedbyavirusthatcollectedinformationandtransmitteditexternally.
Thecomputerinquestioncontainedspecificationsandinformationontheagency'ssolid-fuelrocketprogram.
Nevertheless,apartfromalltheseattacks,therehasalsobeengoodnewsinthefightagainstcyber-crime:Interpolhasannouncedtheyareplanningtoopena"GlobalCybercrimeCenter"inSingaporein2014toimproveglobalcooperationamonglawenforcement.
UKcyber-crookEdwardPearsonwasjailedfor26monthsafterstealingthepersonalinformation2012ataglanceFIG.
30.
PicturedpostedbyHiginioO.
OchoaIIIthatledtohisarrest.
InApril,theFBIannouncedthearrestofJohnAnthonyBorellIII,anotherallegedmemberofAnonymous,inOhio.
Onthisoccasion,theFBIfoundTwitterdirectmessagesandtweetsinwhichBorelladmittedtotakingdownanumberofwebsites.
JunaidHussainofBirmingham,UnitedKingdom,theleaderoftheTeaMp0isoNcollective,pleadedguiltytohackingintotheGmailaccountofformerUKPrimeMinisterTonyBlair.
Afewweekslaterhewassentencedtosixmonthsinprison.
FIG.
31.
TonyBlair'semailaccounthackedbygroupTeaMpOisoN.
HackerJoshuaSchichtel,ofPhoenix,UnitedStates,receiveda30-monthsprisonsentenceforhijacking72,000computers.
Moreprecisely,hewaspaidtoinstallorhaveinstalledmalwareonthosecomputers.
Inonecase,acustomerpaidhim$1,500toinstallaTrojanoneverycomputeronhisbotnet.
ChristopherChaney,whomadeheadlinesbyhackingintothepersonalonlineaccountsofsuchstarsasScarlettJohanssonorMilaKunis,wassentencedto10yearsinjailforillegallyaccessingtheemailaccountsofmorethan50peopleintheentertainmentindustry.
Allofthesestoriesprovideclearexamplesofthewaythefightagainstcyber-crimeischanging.
Forexample,Japan'sNationalPoliceAgency(Japan'sequivalenttotheAmericanFBI)offereditsfirst-evermonetaryreward(US$36,000)forawantedhacker.
Upuntilnow,thistypeofrewardwasreservedforcasesinvolvingcrimelikemurderandarson,neverforcyber-criminals.
ofabout8millionpeople.
AlsointheUK,LewysMartin,aBritwhodistributedaTrojanhorsethatposedasapatchforthepopularCallofDutygame,wasjailedfor18monthsforstealinguserdataandsellingitontheblackmarket.
RyanCleary-a19-year-oldfromEssex,UnitedKingdom,whowasarrestedlastyearforparticipatinginvariousLulzSecattacks-,wassentbacktojailforbreachinghisbailconditions.
Cleary,whoisn'tallowedtoaccesstheInternet,useditlastChristmastocontactHectorXavierMonsegur(a.
k.
a"Sabu"),theLulzSechackerwhotheFBIusedasasecretinformantformonthslastyear.
HiginioO.
OchoaIII,fromGalveston,Texas,wasarrestedbytheFBIforallegedlyhackingintothewebsitesofseveralU.
S.
lawenforcementagenciesandreleasingthepersonalinformation(names,addressesandphonenumbers)ofdozensofpoliceofficers.
Inthiscase,Ochoa'sarrestwaslargelyduetohisownmistake,ashetwittedaphotoofhisgirlfriend'sbreastswithasignattachedtoherbellythatmentionedthehacker'sonlinename("w0rmer").
ThepicturewastakenwithaniPhone4,whichcontainsaGPSdevicethatinsertsGPSco-ordinatesinallpicturestaken.
Asaresult,thepoliceonlyhadtousetheGPSco-ordinatesembeddedinthephotototracetheexactstreetandhousewherethepicturewastaken.
Thisservedtoidentifythewoman,whohappenedtobeOchoa'sAustraliangirlfriend.
2012ataglanceCyber-warTheyear2012hasseensomeremarkableeventsinthecyber-wararena.
OnJanuary2,thousandsofcreditcardnumbersbelongingtoIsraelicitizenswerestolen.
ASaudihacker,callinghimself0x0mar,tookcreditforthehackattack,althoughfurtherinvestigationrevealedthehacker'srealidentity:19-year-oldcomputersciencestudentOmarHabib,bornintheUnitedArabEmirates,butcurrentlylivinginMexico.
Lateron,0x0mardeniedtheallegations32.
Screenshotfrom0x0mar'sonlineclaimofanIsraelihackattack.
Soonafter,awarbegantobrewbetweenthehackersofIsraelandSaudiArabia:ArabhackersparalyzedthewebsitesoftheTelAvivStockExchange,ElAlAirlinesandseveralIsraelibanks,whereasIsraelihackersbroughtdownthewebsitesofboththeSaudiStockExchange(Tadawul)andtheAbuDhabiSecuritiesExchange(ADX)inretaliation,claimingtoactonbehalfoftheIsraeliDefenseForcesandvowingtostrikeArabcountries'websitesrelatedtotheireconomiesunlessattacksonIsraelisiteswerehalted.
Tomakemattersworse,Tariqal-Suwaidan,oneofKuwait'smostfamousTVpreachers,calledforacyber-waragainstIsrael.
HeusedhisTwitteraccounttocallonallMuslimhackerstouniteagainstIsraelina"cyber-jihadagainstZionistenemy,whichwillberewardedbyGod".
AlsointheMiddleEast,thousandsofemailsreceivedandsentbySyrianpresidentBasharal-AssadwerestolenbySaudihackers.
IntheFarEast,itwasreportedthatJapan'sDefenseMinistryhadcommissionedFujitsutodevelopacyber-weaponviruscapableoftracinganddisablingcomputersbeingusedincyber-attacksagainstthecountry.
Theinformationisabitconfusing,anditlookslikeabadideaanywayas,evenifcreatedwiththebestofintentions,theremaybeadverseeffectsthatturntheweaponagainstitscreatorsortheentireworld.
Inanyevent,usersofPandaSecurity'ssolutionscansettheirmindatease,aswewilldetecteveryviruscreated,eitherbypublicorprivatewriters.
Let'slooknowattwoofthecountriesthatusuallytakethespotlightinthissection:ChinaandtheUnitedStates.
InJanuary,itwasrevealedthatChinesehackershaddeployedaTrojantargetingsmartcardreadersusedbytheU.
S.
DepartmentofHomelandSecurity.
Thesecardsareastandardmeansofgrantingusersaccesstointranets,networksandphysicallocations.
Hadthehackersactuallymanagedtocrackthesmartcards,theycouldeasilyaccesslotsofconfidentialinformation.
AlsoinChina,welearnedthatagroupofhackersmanagedtopenetratethecorporatenetworkofNortel,usingpasswordsstolenfromseventopNortelexecutives,includingtheCEO.
Apparently,theyhadbeenspyingonthecompanyfromasfarbackas2000.
Inmostcyber-warorcyber-espionageoperationsallyoucandoisspeculateaboutwhoisbehindtheattack.
Itisextremelyunlikelythatacountryopenlyadmitstobeingresponsibleforcarryingoutthistypeofaction.
However,thingsmightbecwebsitesbeingusedbyAlQaeda'saffiliateinYemen.
Morespecifically,theU.
S.
cyberexpertshackedintoJihadistWebpagesandsubstitutedmaterialthatbraggedaboutkillingAmericanswithinformationaboutMuslimcivilianskilledinterroriststrikes.
Meanwhile,inSouthKorea,intelligencesourcesaccusedNorthKoreaofrunningaspecialunitofelitehackerstostealmilitarysecretsandsabotageinformationsystemsofSeoul.
2012ataglanceFlameTheFlamecomputervirushasbeenthehighlightoftheyearwithoutanydoubts.
FlameisacomplexpieceofmalwareusedforinformationgatheringandespionageinMiddleEastcountries.
Thismaliciouscodeismostlikelycreatedbyagovernmentorintelligenceagency,andisclearlytiedtotheinfamousStuxnetmalware(aTrojanreportedlydesignedandlaunchedbytheU.
S.
andIsraeligovernmentsinanattempttosabotageIran'snuclearprogram).
TargetedattacksaregenerallycarriedoutusingTrojans,butinthiscasewearetalkingaboutaworm,whichintroducesanewfactor:Wormscanreplicatethemselvesautomatically,sovirusauthorscouldeventuallylosecontrolofwhoorwhosecomputerstheircreationsareinfecting.
Thatisreallynotadvisableifyouhaveaspecifictargettoattackandwanttostayundertheradarinordertoavoiddetection.
HowdidFlameresolvethisWell,thewormhasaverycuriousandsomewhatinnovativefeature:itsabilitytoturnitsspreadingfunctionalityonandoff,somethingextremelyhandywhenyouwanttogounnoticed.
OneofthemoststrikingfeaturesofFlameisthatitcanstealallkindsofdatainmultipleways,evenbyturningonvictims'microphonestorecordconversations.
Aspreviouslymentioned,thiswasundoubtedlyatargetedattackaimedatspecificindividualsandorganizationsintheMiddleEast.
Anditseemsthatthecyber-espionagewormmighthavebeenactiveformanyyearswithoutbeingdetectedbysecuritycompanies,whichhasproducedanumberofconspiracytheoriesclaimingthatgovernmentspressedantivirusvendorstonotdetecttheworm.
Obviously,thisiscompletelyfalse,andassoonasthewormhasbeendiscovered,ithasbeendetectedbyallofthem.
But,whydidittakesolongtodetectFlameWell,noantivirussolutionhasa100-percentsuccessrateatcatchingnew,unknownthreats.
Thisisquitesimpletounderstand:professionalcybercriminalsmakesuretheirmaliciouscreationswillgoundetectedbeforespreadingthem.
Theytestthemagainstallpopularantivirusenginestomakesuretheycannotbedetectedbysignaturefilesoranyotherprotectionsystems(behavioralandheuristicscanning,etc.
).
Ifyouhavethenecessaryresourcesatyourdisposal,youcansetupaQualityAssuranceprocessthateliminatesthepossibilityofthemalwarebeingfound,atleastatthestart.
Thethreatwillbeeventuallydetectedbyantivirussolutions,butmakingitgounnoticedforaslongaspossibleisthekeytosuccess.
Forexample,byinfectingasmallnumberoftargetedcomputersinsteadoftriggeringamassiveinfection.
FIG.
33.
SAUDIARAMCO.
FIG.
34.
RASGAS.
Throughouttheyearwehaveseenanumberofcyber-espionageattacksaimedatjournalistsindifferentpartsoftheworld.
Forexample,inMorocco,agroupofindependentjournalistswhoreceivedanawardfromGooglefortheireffortsduringtheArabSpringrevolution,wasinfectedwithaMacTrojan.
InChina,agroupofforeigncorrespondentswastargetedbytwomalwareattacksviaemailafewweeksbeforetheCongressoftheChineseCommunistParty.
ThisyearwehavealsoseenacoupleofmalwareinfectionsincompaniesoperatingintheenergysectorintheMiddleEast.
Itisstillnotknowniftheseincidentsarerelatedorareduetosometypeofcyber-attack,butalltheevidenceseemstoindicateso.
TheSaudiArabianOilCompany(SaudiAramco)washitbyamalwareinfectionthatledthecompanytosevereitsconnectionstotheInternetasapreventivemeasure.
Inadditiontothis,avirusinfectedQatarinaturalgascompanyRasGas.
However,neitherRasGasnorSaudiAramcosawtheirproductionhaltedduetotheseincidents.
2012infiguresFIG.
35.
NEWMALWARECREATEDIN2012,BYTYPE.
03|2012infiguresApproximately,27millionnewstrainsofmalwarewerecreatedin2012,74,000everyday.
Asaresult,PandaLabshasnowatotalof125millionclassifiedmalwaresamples.
Andthenumberkeepsgrowing,aidedbycyber-crookseagertobypassantivirusprotectionstoincreasetheirprofits.
Trojanscontinuedtoaccountformostofthenewthreats,asthreeoutofeveryfournewmalwarestrainscreatedwereTrojans.
Herearethedetails:Overthelastfewyears,thenumberofTrojansincirculationhasbeenconstantlyincreasing.
In2010theyaccountedformorethanhalfofallmalwarecreated(56percent),in2011theyrosespectacularlyto73.
31percent,whereasin2012theyreached76.
57percent.
Wormscamesecond(11.
33percentcomparedto8.
13percentin2011),whereasvirusesdroppedtothirdplaceat9.
67percentcomparedto14.
24percentin2011.
FIG.
36.
MALWAREINFECTIONSBYTYPEIN2012.
FIG.
37.
MOSTMALWARE-INFECTEDCOUNTRIESIN2012.
2012infiguresWhenitcomestothenumberofinfectionscausedbyeachmalwarecategory,asrecordedbyourCollectiveIntelligencetechnologies,Trojansonceagaindominatedtherankingat76.
56percent,almostthesamepercentageasthatofTrojansincirculation.
Itseemsthatcyber-criminalshavemanagedtoinfectmorecomputerswithTrojansthisyearthaninpreviousyears.
In2011,thepercentageofTrojan-infectedcomputerswas66.
18percents,sotherehasbeena10pointriseinthisrespect.
OneofthereasonsforthisgrowthistheincreaseduseofexploitkitssuchasBlackHole,whicharecapableofexploitingmultiplesystemvulnerabilitiestoinfectcomputersautomaticallywithoutuserintervention.
Herearevisualsdepictingthesetrends:However,noteverythingwasgoodnewsforcyber-criminals.
Theproportionofinfectedcomputersworldwidedecreasedsignificantlyfrom38.
49percentin2011to31.
98percentin2012.
Let'snowlookatthegeographicdistributionofinfections.
WhichcountriesweremostinfectedWhichcountrieswerebestprotectedChinawasonceagaintopofthelistofcountrieswithmostinfectionswithmorethan50percentofinfectedPCs(54.
89percent),followedbySouthKorea(54.
15percent),andTaiwanatadistantthird(42.
14percent).
Hereisagraphrepresentingthecountrieswithmostmalware-infectedcomputers:2012infiguresThelistoftoptenmostinfectedcountriesismadeupofnationsfromalmosteverypartoftheworld:Asia,Europe,CentralAmericaandSouthAmerica.
Othercountrieswhosenumberofmalwareinfectionswasabovetheglobalaverageare:Lithuania(35.
46percent),Thailand(35.
37percent),Peru(35.
05percent),Argentina(34.
79percent),Spain(34.
06percent),Nicaragua(34.
03percent),Guatemala(33.
89percent),Ecuador(33.
68percent),ElSalvador(32.
86percent),Brazil(32.
09percent)andChile(31.
98percent).
NineofthetenleastinfectedcountriesareinEuropewiththeonlyexceptionbeingCanada.
ThecountrywiththefewestinfectionsisSweden(20.
25percentofinfectedPCs),followedbySwitzerland(20.
35percent),andNorway(21.
03percent).
Here'sagraphrepresentingthecountrieswiththefewestinfectionsin2012:FIG.
38.
LEASTMALWARE-INFECTEDCOUNTRIES.
Othercountrieswhosenumberofmalwareinfectionswasbelowtheglobalaverageare:CzechRepublic(31.
84percent),Romania(31.
54percent),Colombia(31.
49percent),Estonia(31.
33percent),UnitedStates(30.
52percent),Slovenia(30.
37percent),Italy(30.
25percent),Venezuela(29.
81percent),Mexico(29.
81percent),CostaRica(29.
73percent),Panama(29.
61percent),France(29.
19percent),Paraguay(28.
57percent),SouthAfrica(27.
94percent),Denmark(27.
65percent),Hungary(27.
37percent),Uruguay(27.
23percent),Austria(27.
03percent),Belgium(27.
02percent),Portugal(26.
78percent),Australia(26.
60percent),Latvia(26.
06percent),Japan(26.
00percent)andNewZealand(25.
76percent).
2013SecurityTrends04|2013SecurityTrendsWehaveseenwhathashappenedin2012:attacksinsocialnetworksandcyber-wareverywhere.
Whatdowehavetoexpectforthenext12monthsVulnerabilitiesSoftwarevulnerabilitieswillbethemaintargetofcyber-criminalsnextyear.
Itisundoubtedlythepreferredmethodofinfectionforcompromisingsystemstransparently,usedbybothcyber-criminalsandintelligenceagenciesincountriesaroundtheworld.
In2012,wesawhowJava,whichisinstalledonhundredsofmillionsofdevices,wasrepeatedlycompromisedandusedtoactivelyinfectmillionsofusers.
InsecondplaceisAdobe,asgiventhepopularityofitsapplications(AcrobatReader,Flash,etc.
)anditsmultiplesecurityflaws,itisoneofthefavoritetoolsformassivelyinfectingusersaswellasfortargetedattacks.
Althoughwemaythinkthathomeusersareexposedtothehighestrisk,rememberthatupdatingapplications,whichisessentialforprotectingagainstthesetypesofattacks,isaverycomplexprocessincompanies,whereupdatingallcomputersmustbecoordinated.
Atthesametime,itisessentialtoensurethatalltheapplicationsusedinacompanyworkcorrectly.
Thismakestheupdateprocessesslow,whichopensawindowthatisexploitedtostealinformationingeneralandlaunchtargetedattacksinsearchofconfidentialdata.
2013SecurityTrendsSocialnetworksThesecondmostwidelyusedtechniqueissocialengineering.
Trickingusersintocollaboratingtoinfecttheircomputersandstealtheirdataisaneasytask,astherearenosecurityapplicationstoprotectusersfromthemselves.
Inthiscontext,useofsocialnetworks(Facebook,Twitter,etc.
),placeswherehundredsofmillionsofusersexchangeinformation,onmanyoccasionspersonaldata,makesthemthepreferredhuntinggroundfortrickingusers.
ParticularattentionshouldbepaidtoSkype,whichafterreplacingMessenger,couldbecomeatargetforcyber-criminals.
MalwareformobiledevicesAndroidhasbecomethedominantmobileoperatingsystem.
InSeptember2012,Googleannouncedthatithadreachedtheincrediblefigureof700millionAndroidactivations.
Althoughitismainlyusedonsmartphonesandtablets,itsflexibilityandthefactthatyoudonothavetobuyalicensetouseitaregoingtoresultinnewdevicesoptingtouseGoogle'soperatingsystem.
Itsuseisgoingtobecomeincreasinglywidespread,fromtelevisionstoalltypesofhomeappliances,whichopensupaworldofpossibleattacksasyetunknown.
Cyber-warfare/Cyber-espionageThroughout2012,differenttypesofattackshavebeenlaunchedagainstnations.
TheMiddleEastisworthmentioning,wheretheconflictisalsopresentincyber-space.
Infact,manyoftheseattacksarenotevencarriedoutbynationalgovernmentsbutbycitizens,whofeelthattheyshoulddefendtheirnationbyattackingtheirneighborsusinganymeansavailable.
Furthermore,thegovernmentsoftheworld'sleadingnationsarecreatingcybercommandostopreparebothdefenseandattackandtherefore,thecyber-armsracewillescalate.
GrowthofmalwareFortwodecades,theamountofmalwarehasbeengrowingdramatically.
Thefiguresarestratospheric,withtensofthousandsofnewmalwarestrainsappearingeverydayandtherefore,thissustainedgrowthseemsveryfarfromcomingtoanend.
Despitesecurityforcesbeingbetterpreparedtocombatthistypeofcrime,theyarestillhandicappedbytheabsenceofbordersontheinternet.
Apoliceforcecanonlyactwithinitsjurisdiction,whereasacyber-crookcanlaunchanattackfromcountryA,stealdatafromcitizensofcountryB,sendthestolendatatoaserversituatedincountryCandcouldbelivingincountryD.
Thiscanbedoneinjustafewclicks,whereascoordinatedactionofsecurityforcesacrossvariouscountriescouldtakemonths.
Forthisreason,cyber-criminalsarestilllivingtheirowngoldenera.
MalwareforMacCaseslikeFlashback,whichoccurredin2012,havedemonstratedthatnotonlyisMacsusceptibletomalwareattacksbutthattherearealsomassiveinfectionsaffectinghundredsofthousandsofusers.
AlthoughthenumberofmalwarestrainsforMacisstillrelativelylowcomparedtomalwareforPCs,weexpectittocontinuerising.
Agrowingnumberofusersaddedtosecurityflawsandlackofuserawareness(duetoover-confidence),meanthattheattractionofthisplatformforcyber-crookswillcontinuetoincreasenextyear.
Windows8Lastbutnotleast,Windows8.
Microsoft'slatestoperatingsystem,alongwithallofitspredecessors,willalsosufferattacks.
Cyber-criminalsarenotgoingtofocusonthisoperatingsystemonlybuttheywillalsomakesurethattheircreationsworkequallywellonWindowsXPtoWindows8,throughWindows7.
OneoftheattractionsofMicrosoft'snewoperatingsystemisthatitrunsonPCs,aswellasontabletsandsmartphones.
Forthisreason,iffunctionalmalwarestrainsthatallowinformationtobestolenregardlessofthetypeofdeviceusedaredeveloped,wecouldseeaspecificdevelopmentofmalwareforWindows8thatcouldtakeattackstoanewlevel.
05|ConclusionConclusionTheyear2013presentsitselffullofchallengesinthecomputersecurityworld.
Androiduserswillhavetofaceagrowingnumberofattacksfromcyber-crookswantingtostealprivateinformation.
Cyber-espionageandcyber-warwillalsobeontherise,asmoreandmorecountriesareorganizingtheirowncyber-commandounits.
Thereisgrowingconcernfortheinformationthatcouldbecompromisedandthepossibilityofusingmalwaretolaunchdirectattacksoncriticalinfrastructure.
Companieswillhavetotightenupsecuritymeasurestoavoidfallingvictimtotheincreasingnumberofcyber-attacks,whilespecialcarewillhavetobetakentoprotectnetworksagainstoperatingsystemandapplicationvulnerabilities,withJavaposingthebiggestthreatduetoitsmultiplesecurityflaws.
VisitthePandaLabsblog(http://www.
pandalabs.
com)tostayuptodatewithallthedevelopmentsanddiscoveriesmadeatthelaboratory.
06|AboutPandaLabsAboutPandaLabsPandaLabsisPandaSecurity'santi-malwarelaboratory,andrepresentsthecompany'snervecenterformalwaretreatment:PandaLabscreatescontinuallyandinreal-timethecounter-measuresnecessarytoprotectPandaSecurityclientsfromallkindofmaliciouscodeonagloballevel.
PandaLabsisinthiswayresponsibleforcarryingoutdetailedscansofallkindsofmalware,withtheaimofimprovingtheprotectionofferedtoPandaSecurityclients,aswellaskeepingthegeneralpublicinformed.
Likewise,PandaLabsmaintainsaconstantstateofvigilance,closelyobservingthevarioustrendsanddevelopmentstakingplaceinthefieldofmalwareandsecurity.
Itsaimistowarnandprovidealertsonimminentdangersandthreats,aswellastoforecastfutureevents.
Forfurtherinformationaboutthelastthreatsdiscovered,consultthePandaLabsblogat:http://pandalabs.
pandasecurity.
com/facebookhttps://www.
facebook.
com/PandaUSAtwitterhttps://twitter.
com/PandaSecuritygoogle+http://www.
gplus.
to/pandasecurityyoutubehttp://www.
youtube.
com/pandasecurity1Thisreportinwholeorinpartmaynotbeduplicated,reproduced,storedinaretrievalsystemorretransmittedwithoutpriorwrittenpermissionofPandaSecurity.
PandaSecurity2013.
AllRightsReserved.
Malwarecreationshowednosignofslowingdown,asshownbythefactthatin2012wedetectedarecord-high27millionnewmalwarestrainsatthelaboratory,atanaverageof74,000newsamplesperday.
Inaddition,cyber-attacksagainstmultinationalcorporationscontinuedtoincrease,withvictimsrangingfromcompaniesinthevideogameindustry(Blizzard)toautogiants(Nissan).
Wealsoanalyzethemostimportanteventsinthemobilephoneindustry.
AsAndroid'smarketsharecontinuestogrow,themotivationforcyber-crookstotargettheplatformalsoincreases.
Thereportalsocovershowsocialmedia(Facebookespecially)wasusedbycyber-criminalstospreadmalwarebymakinguseofsocialengineeringtechniques.
Furthermore,wetakealookatthelargestMacinfectiontodateanditsconsequences.
2012hasseensomeremarkableeventsinthecyber-war/cyber-espionagearena,withFlamegrabbingheadlines.
WeanalyzethisandotherattacksthattookplaceintheMiddleEast.
Summingup,thisreportrecapsthemajorcomputersecurityeventsthatoccurredin2012,andforecastsfuturetrendsfor2013.
Sitbackandenjoy!
2012ataglance02|2012ataglanceAsAndroidmarketsharecontinuestogrow,sodoestheamountofmalwaretargetingtheplatform.
InJanuary,GooglehadtoremoveseveralmaliciousappsfromitsAndroidMarket(renamedto'PlayStore').
Basically,cyber-crooksrepackagedpopulargameslikeAngryBirdsorCutTheRopewithmaliciouscodeanduploadedthemtoPlayStore.
UsersthendownloadedandinstalledtheappsunawarethattheywerealsoinstallingaTrojanthatsentSMSmessagestoapremiumratenumber.
MobilePhoneMalwareInfact,welearnedthatGoogle,tiredofthemaliciousappsfoundonPlayStore,hasstartedanalyzingappsbeforeputtingthemintheircataloginordertodetectanomalousbehavior.
Accordingtotheirownsources,theyhavemanagedtoreducemaliciousappdownloadsby40percent.
Unfortunately,despitetheseefforts,criminalscontinuedtotargettheAndroidmobileplatformthroughappsnotalwaysaccessiblethroughPlayStore.
ThiswasthecaseofBmaster,aremoteaccessTrojan(RAT)ontheAndroidplatformthattriedtopassitselfoffasalegitimateapplication.
WealsosawTrojansexclusivelydesignedtostealdatafrominfecteddevices:fromcallandtextmessagerecordstousers'contactlists.
Androidispotentiallyexposedtofarmoresecurityrisksthanitsbiggestcompetitor(iPhoneanditsiOS),asitallowsuserstogettheirappsfromanywheretheirwant.
However,usingtheofficialAndroidmarketplaceisnosecurityguaranteeeither,asithasalsobeentargetedbycyber-crooksluringusersintoinstallingTrojansdisguisedaslegitimateapps.
Somethingwhich,bytheway,hasalsohappenedtoApple'sAppStore,buttoalesserextentthantoGoogle'sPlayStore.
2012ataglanceOperaMiniisaWebbrowserdesignedprimarilyformobilephones.
Overthelastfewmonths,OperaMinihasgainedinpopularityasamobilebrowseralternativeonAndroidsmartphones,becomingatargetforcyber-criminalstotrickusers.
Inthelatestattack,criminalsofferedthebrowsertousersfromastoreotherthanGoogle'sPlaystore.
However,installingtheapplicationinstalledtheactualOperabrowser,andalsoaTrojanthatsentSMSmessagestopremium-ratenumbers.
UnlikeothercasesinwhichTrojansattemptedtopassthemselvesoffaspopularmobileapps,inthiscasethemalwarecamebundledwithalegitimateversionoftheOperaMinimobilebrowsertohelptrickusersintothinkingthatnothingwaswrongastheycouldsimplyusetherealsoftwareasexpected.
FIG.
01.
CHINAMOBILE.
Wesawanother'unusual'attackinChina,asaTrojanwasreleasedthatpurchasedapplicationsfromtheinfecteddevice.
TheTrojanaffectedChinesesubscriberstoChinaMobile,oneoftheworld'slargestmobilephonecarrierswithmorethan600millionsubscribers.
Onceinfected,themobilestartedbuyingapplicationsfromChinaMobile'smarketplaceonbehalfoftheuser.
ThisTrojanwasdeliveredonnineunofficialappstores.
Atthispoint,manyusersbelievethatitissafertobuyandinstallappsfromofficialstores.
Thisistruetosomeextent,buttherehavealsobeeninstancesofmalwarecreepingontoofficialstores.
Thisquarter,forexample,anewmalwarestrainwasdiscoveredhidingoutinthePlayStore,posingastwogames:SuperMarioBrosandGTA3MoscowCity.
Themalwaremanagedtoremainundetectedforweeksuntilitwasfinallyremoved.
FIG.
02.
500millionAndroiddevicesnowactivated.
WhyisAndroidthemosttargetedmobileplatformWell,thisisduetoanumberofreasons:Firstly,Androidallowsitsuserstogettheirappsfromanywheretheywant.
Theydon'tnecessarilyhavetogototheofficialstore,normustapplicationsbedigitallysignedaswithiOS.
Secondly,cyber-crookswouldhaveneversettheireyesonthisplatformifitweren'tforthelargenumberofusersithas.
InJune,Googleannouncedthat400millionAndroiddeviceshadbeenactivated,afigurethatreached500millionatthebeginningofSeptember,with1.
3millionactivationsperday.
PoliceVirusScamOneofthisyear'stopthreatshasundoubtedlybeenanewmalwareepidemicthatinfectedhundredsofthousandsofcomputersaroundtheworldusingfearandblackmailingtechniquestoextortmoneyfromcomputerusers.
WhileweareusedtoseeingthiskindoffakemessageinEnglish,inthiscasetheattackswerelocalized.
WesawEnglish,German,Spanish,DutchandItalianmessages(amongothers)dependingonthetargetedcountry.
AlloftheattackstargetedsomeEuropeannation,soitlooksliketheywererelatedandthesamecyber-criminalgangcouldbebehindthem.
FIG.
3.
Iconusedbyoneofthe"PoliceVirus"variants.
Let'stakeacloserlookatoneoftheattacks.
Thefile'siconwasthepopularlogousedbyLulzSecintheircommunications:2012ataglanceOncetheircomputerwasinfected,theuserwasconfrontedwiththefollowingfull-screenwindowcoveringtheentiredesktop:FIG.
04.
FakewarningmessagedisplayedbytheTrojan.
Themessageinformedtheuserthattheyhadaccessedillegalmaterial(suchaschildpornography)orsentspammessageswithterroristmotives,andtheircomputerhadbeenlockedtopreventfurtherabuse.
Tounlocktheircomputer,theyhadtopaya100'fine'.
TheworstthingfortheuserwasthattheTrojanactuallyblockedthecomputer,soitwasnoteasytoremoveit.
Todoit,theuserhadtorestartthecomputerinsafemodeandrunascanwithanantivirussolutionsthatwasabletodetectit.
Howcomethemessagewasdisplayedinthevictim'sownlanguageandhowdidtheTrojanpurporttocomefromlocalauthoritiesWell,that'seasytoexplain:Afterinfectingthecomputer,themalwareconnectedtoacertainURLand,basedonthevictim'sIPaddress,retrievedthelocalizedversionofthemessagethatappearedonthecomputer.
MostmessagespretendedtocomefromEuropeanauthorities(althoughwealsosawexamplestargetingusersinothercountries,likeCanadaforexample).
BelowaresomeexamplesofsimilarattackslaunchedinQ12012:FIG.
05.
FakewarningmessagedisplayedbytheTrojaninGerman.
2012ataglanceFIG.
06.
FakewarningmessagedisplayedbytheTrojaninDutch.
FIG.
07.
FakewarningmessagedisplayedbytheTrojaninItalian.
2012ataglanceFIG.
08.
FakewarningmessagedisplayedbytheTrojaninEnglish.
FIG.
09.
FakewarningmessagedisplayedbytheTrojaninSpanish.
However,theattackbecamemorecomplexovertime.
Themalwarewentontouseransomwaretechniques,'takingover'infectedcomputersbyencryptingsomeoftheircontentandforcinguserstopayafineorloseaccess.
Basically,attackerstookthisfunctionalityfromthePGPCoderTrojan,amaliciouscodedesignedtoencryptfilesandkeepthemlockedunlessthevictimagreedtopayaransom.
ThefirstversionsofthenewPoliceVirusonlyencrypted.
docfiles,andtheencryptionwasn'ttoohardtocrack,soitwaspossibletodecryptthefileswithoutthekey.
Now,however,amoresophisticatedencryptionisbeingused,andthedecryptionkeyisrequiredtounlockthefiles.
Andnotonlythat,thefilesareencryptedwithadifferentkeyforeachinfectedcomputer,so,unlessyouareabletoaccesstheserverthatstoresallkeys,itisabsolutelyimpossibletoaccessthefiles.
Additionally,therangeoffilesbeingencryptedisalsomostsophisticated.
Somevariantsuseablacklistofextensionstoencrypt;othersuseawhitelistofcriticalsystemfilesnottoencrypt.
2012ataglanceFIG.
10.
WarningusedbythePoliceVirusuntilnow.
Andreplaceditwithoneincludingimagestakenbytheirwebcam:FIG.
11.
NewwarningusedbythePoliceVirus,showingtheimagescapturedbythecomputer'swebcam.
Asyoucansee,thepageincludesasmallwindowshowingtheimagestakenbythewebcaminrealtime,togetherwiththetext:"Liverecording".
However,noimagesareactuallybeingrecordedorsenttolawenforcement.
Thewarningjustdisplaystheimagescurrentlycapturedbythewebcam.
Users,however,don'tknowthis,andmostofthemwillstarttopanicandbewillingtopaythe'fine'tostoplawenforcementfromspyingonthem,astheyaremadetobelieve.
Aspreviouslysaid,thisnewvariantdoesn'tuseencryption,probablybecausecyber-criminalsthinkthatthewebcamtrickisenoughtoscarepotentialvictims.
Thequestionis,howmuchfurthercanthismalwaregoIntheend,thepurposeofscarewareissimplytofrightentheuserintopayingthemoney(or,asattackerscallit,"thefine").
AnewvariantofthePoliceVirustakesovertheuser'swebcam.
WhatforWell,themalwarehaschangedthescreenitdisplayedsofartowarntheuserthat'illegalactivity'hadbeentracedtotheircomputer…2012ataglanceSocialNetworksFacebookcontinuesitsreignasthenumberonesocialnetworkingsitebutitalsoisafavoritetargetofcyber-crooks.
InJanuary,awormwasdiscoveredthathadstolenover45,000Facebooklogincredentials.
Researchersfearthatthecriminalsusedthese'infected'accountstosendlinkstopeople'sFacebookfriends,spreadingthecomputerwormfurther.
Meanwhile,whatdoesFacebookdotoprotectusersWell,thegoodnewsisthatatleasttheytakethefightagainstcyber-crimeseriously.
FIG.
12.
FacebookrevealedthenamesofthesuspectsbehindtheKoobfaceattack.
InJanuary,FacebookfinallyrevealedthefullnamesandonlinenamesoftheperpetratorsbehindtheKoobfacebotnetthathasaffectedthesocialsiteforafewyears.
Theidentitiesofthoseresponsiblefortheattacksare:StanislavAvdeyko(leDed),AlexanderKoltysehv(Floppy),AntonKorotchenko(KrotReal),RomanP.
Koturbach(PoMuc)andSvyatoslavE.
Polichuck(PsViatandPsycoMan).
Unfortunately,themenlivecomfortablelivesinSt.
Petersburg(Russia),andhavebecomerichfromtheirvariousonlineschemes.
Allfivehaveyettobechargedwithacrime,norhasanylawenforcementagencyconfirmedtheyareunderinvestigation.
FIG.
13.
Maliciousmessage.
FIG.
14.
Maliciouswebsite.
DespitethemyriadmalwareandspamscamspreyingonFacebook,curiositystillgetsusersintotrouble.
ThisyearwesawanewscaminvolvingasupposedtapeofKatyPerryandRussellBrandpostedtothewallsofhundredsofusers.
Themaliciouspostlookedasfollows:2012ataglanceHowever,allthe'Likes',comments,etc.
displayedonthepagewerefalseasthe'page'itselfdidn'texist,itwassimplyanimage.
Ifyouclickedon"InstallPlugin"andyouwereusingFirefoxorChrome,theworminstalledabrowserplug-inandusedittopostthescamtothevictims'friends'pages.
OnInternetExplorer,astherewasnoplug-inthatcouldcarryoutthistask,thewormdisplayedanageverificationpagetoaccessanapplicationcalled'X-RayScanner'.
ThispageinformsyouthatyourTwittersessionhastimedoutandasksthatyouloginagain.
Tomakethephishingscamlookasrealaspossible,allthelinksdisplayedonthepageareactuallyTwitterlinksexceptforthe"Signin"and"Signup"buttons,whichwilltransmittheuserdatatotheattackers.
OncetheyhaveyourTwitterloginandpassword,theywillbeginsendingthesamemisleadingTwitterDMtoallofyourfollowers.
Thisway,theywillstealtheirTwitterloginaswell,andusetheiraccountstospreadmalware,sendspamorturnthosecredentialsintomoneybysellingthemtoothercyber-crooks.
SocialnetworkingsiteLinkedInhad6.
5millionuserpasswordsstolenandleakedonline.
Fortunatelyenough,however,thesepasswordswerenotstoredinplaintextfiles,butwereencrypted.
Thebadnewsisthattherewasnootheradditionalprotection,soincaseyouhaven'talreadydoneso,weadvisethatyouchangeyourLinkedInpasswordrightnow.
Andifyouusethatpasswordforanyotherserviceaswell,changeittoo,andalwaysusedifferentpasswordsfordifferentprogramsandservices.
FIG.
15.
Message.
Asyoucansee,thepagelookedlikeaFacebookpagetotrickusersintobelievingtheywerestillonthesocialnetworkingsite.
Ifthevictimclickedanyofthelinkstheyweretakentoapagewheretheywereaskedtoentertheircellphonenumber.
However,afterdoingso,theystartedreceivingunwantedpremiumratetextmessages.
Oneoftheprimaryobjectivescyber-crookshavewhenlaunchingattacksonsocialmediasitesistogainaccesstousers'accountssothattheycanimpersonatethemandaccesstheirpersonaldetailsorinformationsharedwithotherusers.
OnTwitter,forexample,accessingauser'saccountwillallowthemtosenddirectmessages(DMs)tothevictims'friends.
Atypicalexamplewouldbeasfollows:YoureceiveaDMfromoneofyourcontactsinformingyouthatsomeonehasjustpostedsomeembarrassingpicturesofyou.
Ifyouclickthelink,you'llbetakentothefollowingpage:FIG.
16.
PhishingpagethatstealsTwittercredentials.
2012ataglanceMacEverytimewediscussMacthreats,wepresentyouwiththecasesthatmostcaughtourattention.
Luckilyenough,theseinfectionsarenotmassive,asdespitethegrowthofMacmalware,thePCremainsthebiggesttargetforcyber-criminals.
Unfortunately,manyMacusersstillbelievetheyareimmunetothreats,eventhoughlittlebylittlepeople,evenatApple,arebeginningtorealizethatthatisnotthecase.
TheApplepagethatexplainsthereasonswhyMacsarebetterthanPCspreviouslyboastedthatMacsystems'don'tgetviruses'(afalsestatement,sincemacroviruses,forexample,affectbothplatforms).
However,itseemsthatAppleisbeginningtoacknowledgethetruth,astheyhavereplacedtheprevioustextwiththisone:FIG.
17.
Apple'swebsitesaiditsoperatingsystemwasvirusfree.
ThischangeisprobablyrelatedtotherecentoutbreakoftheFlashbackTrojan,amalwarespecimenresponsibleforthesinglemostsignificantmalwareinfectiontoeverhittheMaccommunity.
Thismalwareinfectedupto600,000Maccomputersaroundtheworld,creatingthelargestbotnetevertotargetApplecomputers.
OneoftheTrojan'smostuniquefeatureswasthatbeforeinfectingacomputer,itcheckedtoseeifithadsomekindofantivirusinstalled.
Ifthecomputerwasprotected,Flashbackdidn'tinfectit;otherwise,itinfectedtheMacandtriggereditspayload.
Thisattackhasonceagaindemonstratedthat,contrarytopopularbelief,Macsareinfactnotimmunetovirusinfectionandmalware,amythlargelyexploitedbycyber-criminals.
Cyber-crimeInatypicalphishingattack,offendersusuallystealconsumers'identitiestoimpersonatethemandemptytheirbankaccounts.
However,theyearstartedoffwithquiteanunusualcase.
Thefirstmayorcyber-crimeof2012tookplaceinSouthAfrica,ashackersgotawaywithabout$6.
7millionfromSouthAfricanPostbank.
Therobberytookplaceoverthreedays,fromJan1toJan3.
Thehackers,whohadplannedtheattackformonths,usedstolenlogindetailsfromaPostbanktellertotransferthestolenmoneyintomultiplebankaccountsthatwereopenedacrossthecountry.
FIG.
18.
Appleremovesclaimofvirusimmunity.
2012ataglanceMegauploadcaseInJanuary,theFBIshutdownthepopularMegauploadfile-sharingwebsite,chargingthefoundersfor"copyrightinfringement"(youcanreadtheFBIpressreleasehere,withmoreinformationaboutthecase).
Ifconvicted,thoseinvolvedfaceupto50yearsinprisononallcharges.
HackergroupAnonymousreactedswiftlytothenews,launchingDDoSattacksonseveralWebpages,includingthesitesoftheU.
S.
DepartmentofJustice,RIAA(RecordingIndustryAssociationofAmerica)andUniversalMusicGroup.
Goingbacktothepressrelease,theFBIstatedthat:"ThiscaseispartofeffortsbeingundertakenbytheDepartmentofJusticeTaskForceonIntellectualProperty(IPTaskForce)tostopthetheftofintellectualproperty.
"Well,asweallknow,inthe'realworld'cyber-criminalsaresiphoningmillionsofdollarsintotheirpocketseveryyearbyattackinghundredsofthousandsofcomputers.
However,itseemsthatauthoritiesconsidercopyrightinfringementtobefarmoreserious.
Asalways,thisisaquestionofpriorities,anditseemsthatinthiscasethehighestpriorityoflawenforcementagenciesisnotexactlytoprotecttheindividual.
FIG.
19.
ImagedisplayedonaccessingMegaupload'ssiteaftertheFBI'sintervention.
BothAnonymousandLulzSechavebeenverybusyoverthelastyear.
InJanuary,inthewakeofcontroversiallegislationsuchasSOPAandACTA,thehackinggrouppostedthefollowingTwittermessage:"Ifyouhated#SOPA,you'llburstintoflamesabout#ACTAhttp://is.
gd/Bo68r4Negotiatedinsecret.
iPodsearchesatbordercrossings.
"Soonafter,theylaunchedanunprecedentedstringofattacksongovernmentandbusinesssitesaroundtheworld.
InFebruary,theyrecordedandreleasedasensitiveconferencecallbetweentheFBIandScotlandYard.
Amidgrowingspeculationabouthowthehackershadbeenabletoobtaintherecording,AnonymouspublishedanemailpurportedlysentbyanFBIagenttointernationallawenforcementagencies,withaphonenumberandpasswordforaccessingthecall.
2012ataglanceFIG.
20.
FBImessageinterceptedbyAnonymous.
InFebruary,AnonymouspublishedthesourcecodeofPCAnywhereandNorton,stolenin2006.
Thetheftwascommittedbyagroupofcyber-criminalswhoaimedtoblackmailSymantec.
However,onceitbecamecleartheAmericansecurityfirmwasnotgoingtogiveintotheblackmail,theydecidedtopassthedatatoAnonymoustomakeitpublic.
InMarch,severalallegedmembersofLulzSecwerearrestedinthecourseofapoliceoperationlaunchedin2011.
ItwasimmediatelydiscoveredthatSabu,theallegedleaderofLulzSec,hadbeensecretlyarrestedbytheFBIandhadbeenworkingforthegovernmenttoarrestothermembersofthehackercollective.
LuisCorrons,technicaldirectorofPandaLabs,laudedthearrestsonthelaboratory'sblogandAnonymousreactedswiftlybybreakingintotheexternalserverthathostedthebloganddefacingit.
Anonymousmakeabigdealaboutfreedomofspeech,callingthemselves'theVoiceofFreeSpeech'and'aggressiveproponentsfortheFreedomofSpeech'.
However,inreality,theselfappointeddefendersoffreespeechshutdownpeople'swebsiteswhentheydon'tlikewhattheyread.
Uhmm…Itisironic,isn'titItseemsthatAnonymousareonlyinterestedindefendingfreedomofspeechwhenitservestheirowninterests.
Actually,aBritishjournalistaskedthemaboutthisapparentcontradictiononTweeterbuthisquestion,unsurprisingly,wentunanswered.
FIG.
21.
PandaLabsblogpostpraisingthelatestLulzSecarrests.
2012ataglanceFIG.
22.
UnansweredquestiontoAnonymousfromaBritishjournalist.
Onedaylater,theylaunchedanattackonthemainwebsiteoftheVatican,renderingitinaccessible.
AndfivedayslatertheyattackedtheVaticanagain,thistimebreakingintotheVaticanRadiodatabaseandpostingusernamesandpasswords.
Unfortunately,AnonymousandLulzsecarenottheonlyoneswholaunchthesetypesofattacks.
InFebruary,theonlineMicrosoftStoreinIndiawascompromisedbyagroupofChinesehackers.
TheteamofhackersdefacedthesiteandstoledatafromthousandsofMicrosoftcustomers.
FIG.
23.
MicrosoftIndiaWebstorehacked.
FIG.
24.
Screenshotshownbycyber-criminalstoprovetheyhadstolendatafromMicrosoft'scustomers.
2012ataglanceAlsoinFebruary,itwasreportedthatattackersstoleinformationfrommillionsofusersofYouPorn,oneoftheworld'smostpopularpornvideowebsites.
ThisdatawaspostedonPastebin,apopulardumpinggroundforcyber-attackers,potentiallycompromisingthesecurityofthousandsofuserswhoreusepasswordsonmultiplesites.
InMarch,itwasrevealedthatMichaelJackson'sentirebackcataloguehadbeenstolenfromSonyMusic,includingsomepreviouslyunreleasedmaterial.
Thisfollowslastyear'sattacksonSonythatexposedpersonaldatafrommorethan100millionaccountsatSonyOnlineEntertainmentandthePlayStationNetwork(PSN).
Itseemsthatthecyber-criminalswhohackedintoSonyMusic'ssystemsthoughtitwouldbeeasytoaccessthecompany'sinformation.
Unfortunately,theywereright,althoughinthiscasetheywerearrestedandareduetostandtrialin2013.
FIG.
25.
MichaelJackson'sentiremusiccataloguestoleninSonyMusichack.
Wikipediasufferedanattackthatforcedtheorganizationtoreleaseastatementwarningitsusersthatseeingadsonitswebsitemeanttheircomputershadbeeninfected.
TheattackersusedarogueGoogleChromeadd-onthatinsertedadsintothesite.
ThefoundationbehindWikipediatooktheopportunitytoremindusersthatWikipediaisfundedbydonorsandtheydon'trunadvertisementsontheirpages.
FIG.
26.
RogueGoogleChromeextensioninjectedadsintoWikipedia.
Wehavementionedonmanyoccasionshowcyber-criminalsarebecomingmoresophisticatedandareconstantlyimprovingtheirtechniques.
AnexampleofthiswastheappearanceofanewvariantoftheSpyEyebankingTrojan,whichhijackedthewebcamofinfectedcomputers.
WhatforTomonitorhowvictimsreactedwhentheyreadthesocially-engineeredmessagesdisplayedbythemalwareonspoofbankingwebsites,andseehoweffectivetheirsocialengineeringturnedouttobe.
NissanMotorCompanyfellvictimtoabreachofemployeeinformation.
TheattackerscompromiseduserIDsandpasswords,whichseemstoindicatethatthemalwarewasdesignedforindustrialespionage.
KhosrowZarefarid,anIraniansecurityexpert,discoveredacriticalflawinIran'sbankingsystem,providingaffectedinstitutionswiththedetails.
Whentheaffectedbanksdidn'trespond,hehacked3millionaccountsacrossatleast22banks.
Hethendroppedthesedetails–includingcardnumbersandPINs–onhisblog.
GoogletookdownZarefarid'sBlogger-hostedblog,whereasaffectedinstitutionswarnedcustomerstochangetheirdebitcardPINs.
2012ataglanceHackers,perhapsfromEasternEurope,stolethepersonaldetailsofover900,000ofUtah'sMedicaidbeneficiariesfromaserveroperatedbyUtah'sHealthDepartmentTheDropboxfilesharingservicesufferedahugesecuritybreachthatledtotheftofusernamesandpasswordsfromthousandsofusers.
Accordingtoreports,itwasusersthemselvesthatraisedthealarmafterstartingtoreceivespamataddressesusedonlyforDropbox.
FIG27.
DROPBOX.
FIG.
28.
REUTERS.
InSouthKorea,mobilecarrierKTCorporationsufferedadatabreachwhichexposedpersonalinformationofover8.
7millioncustomers.
Shortlyafterthehack,SouthKoreanpoliceannouncedthearrestoftwoprogrammerswhowereallegedlyinvolvedwiththetheft.
TheReutersnewsservicesufferedtwosuccessfulhackerattacksonitsbloggingplatform.
ThenewsagencywasfirsthitatthebeginningofAugustwhenafalseinterviewwithaSyrianrebelleaderwaspublished.
Asaresult,Reuterstookitsbloggingplatformofflineforafewhours.
Twoweekslater,asimilarincidenttookplaceinvolvinganarticlethatfalselyclaimedSaudiArabia'sforeignministerSaudal-Faisalhaddied.
Blizzard,theAmericanvideogamedeveloperandpublisheroftitleslikeWorldofWarcraft,StarcraftorDiablo,confirmedinAugustthattheyhadsufferedasecuritybreachandurgeduserstochangethelogincredentialstoitsonlinegamingserviceBattle.
net.
Theyconfirmedthathackerswereabletoobtainusers'emailaddressesandencryptedpasswords.
FIG.
29.
BLIZZARD.
InSeptember,itwasrevealedthatAdobehadalsobeenattackedbyhackers.
Inthiscasethough,theattackerswerenotinterestedinstealingcustomerdata,butinaccessingoneofthecompany'sinternalserverstobeabletosigntheirmalwarewithavaliddigitalcertificatefromAdobe.
TheattacktookplaceinJuly.
U.
S.
insurerNationwidesufferedadatabreachthatrevealedthepersonalinformationofoveronemillioncustomersandemployees.
Thisinformationincludedtheirfullnames,homeaddresses,socialsecuritynumbersandotherpersonalinformation.
Inadditiontoprivatecompanies,publicinstitutionshavealsosufferedtargetedattacksanddatabreaches.
InNovember,theUNnuclearwatchdogInternationalAtomicEnergyAgencywasattackedbyagroupcalled"Parastoo",whichlaterpublishedthestolendataonPastebin.
AlsoinNovember,theJapanAerospaceExplorationAgencysaidithadfoundevidencethatoneofitscomputershadbeeninfectedbyavirusthatcollectedinformationandtransmitteditexternally.
Thecomputerinquestioncontainedspecificationsandinformationontheagency'ssolid-fuelrocketprogram.
Nevertheless,apartfromalltheseattacks,therehasalsobeengoodnewsinthefightagainstcyber-crime:Interpolhasannouncedtheyareplanningtoopena"GlobalCybercrimeCenter"inSingaporein2014toimproveglobalcooperationamonglawenforcement.
UKcyber-crookEdwardPearsonwasjailedfor26monthsafterstealingthepersonalinformation2012ataglanceFIG.
30.
PicturedpostedbyHiginioO.
OchoaIIIthatledtohisarrest.
InApril,theFBIannouncedthearrestofJohnAnthonyBorellIII,anotherallegedmemberofAnonymous,inOhio.
Onthisoccasion,theFBIfoundTwitterdirectmessagesandtweetsinwhichBorelladmittedtotakingdownanumberofwebsites.
JunaidHussainofBirmingham,UnitedKingdom,theleaderoftheTeaMp0isoNcollective,pleadedguiltytohackingintotheGmailaccountofformerUKPrimeMinisterTonyBlair.
Afewweekslaterhewassentencedtosixmonthsinprison.
FIG.
31.
TonyBlair'semailaccounthackedbygroupTeaMpOisoN.
HackerJoshuaSchichtel,ofPhoenix,UnitedStates,receiveda30-monthsprisonsentenceforhijacking72,000computers.
Moreprecisely,hewaspaidtoinstallorhaveinstalledmalwareonthosecomputers.
Inonecase,acustomerpaidhim$1,500toinstallaTrojanoneverycomputeronhisbotnet.
ChristopherChaney,whomadeheadlinesbyhackingintothepersonalonlineaccountsofsuchstarsasScarlettJohanssonorMilaKunis,wassentencedto10yearsinjailforillegallyaccessingtheemailaccountsofmorethan50peopleintheentertainmentindustry.
Allofthesestoriesprovideclearexamplesofthewaythefightagainstcyber-crimeischanging.
Forexample,Japan'sNationalPoliceAgency(Japan'sequivalenttotheAmericanFBI)offereditsfirst-evermonetaryreward(US$36,000)forawantedhacker.
Upuntilnow,thistypeofrewardwasreservedforcasesinvolvingcrimelikemurderandarson,neverforcyber-criminals.
ofabout8millionpeople.
AlsointheUK,LewysMartin,aBritwhodistributedaTrojanhorsethatposedasapatchforthepopularCallofDutygame,wasjailedfor18monthsforstealinguserdataandsellingitontheblackmarket.
RyanCleary-a19-year-oldfromEssex,UnitedKingdom,whowasarrestedlastyearforparticipatinginvariousLulzSecattacks-,wassentbacktojailforbreachinghisbailconditions.
Cleary,whoisn'tallowedtoaccesstheInternet,useditlastChristmastocontactHectorXavierMonsegur(a.
k.
a"Sabu"),theLulzSechackerwhotheFBIusedasasecretinformantformonthslastyear.
HiginioO.
OchoaIII,fromGalveston,Texas,wasarrestedbytheFBIforallegedlyhackingintothewebsitesofseveralU.
S.
lawenforcementagenciesandreleasingthepersonalinformation(names,addressesandphonenumbers)ofdozensofpoliceofficers.
Inthiscase,Ochoa'sarrestwaslargelyduetohisownmistake,ashetwittedaphotoofhisgirlfriend'sbreastswithasignattachedtoherbellythatmentionedthehacker'sonlinename("w0rmer").
ThepicturewastakenwithaniPhone4,whichcontainsaGPSdevicethatinsertsGPSco-ordinatesinallpicturestaken.
Asaresult,thepoliceonlyhadtousetheGPSco-ordinatesembeddedinthephotototracetheexactstreetandhousewherethepicturewastaken.
Thisservedtoidentifythewoman,whohappenedtobeOchoa'sAustraliangirlfriend.
2012ataglanceCyber-warTheyear2012hasseensomeremarkableeventsinthecyber-wararena.
OnJanuary2,thousandsofcreditcardnumbersbelongingtoIsraelicitizenswerestolen.
ASaudihacker,callinghimself0x0mar,tookcreditforthehackattack,althoughfurtherinvestigationrevealedthehacker'srealidentity:19-year-oldcomputersciencestudentOmarHabib,bornintheUnitedArabEmirates,butcurrentlylivinginMexico.
Lateron,0x0mardeniedtheallegations32.
Screenshotfrom0x0mar'sonlineclaimofanIsraelihackattack.
Soonafter,awarbegantobrewbetweenthehackersofIsraelandSaudiArabia:ArabhackersparalyzedthewebsitesoftheTelAvivStockExchange,ElAlAirlinesandseveralIsraelibanks,whereasIsraelihackersbroughtdownthewebsitesofboththeSaudiStockExchange(Tadawul)andtheAbuDhabiSecuritiesExchange(ADX)inretaliation,claimingtoactonbehalfoftheIsraeliDefenseForcesandvowingtostrikeArabcountries'websitesrelatedtotheireconomiesunlessattacksonIsraelisiteswerehalted.
Tomakemattersworse,Tariqal-Suwaidan,oneofKuwait'smostfamousTVpreachers,calledforacyber-waragainstIsrael.
HeusedhisTwitteraccounttocallonallMuslimhackerstouniteagainstIsraelina"cyber-jihadagainstZionistenemy,whichwillberewardedbyGod".
AlsointheMiddleEast,thousandsofemailsreceivedandsentbySyrianpresidentBasharal-AssadwerestolenbySaudihackers.
IntheFarEast,itwasreportedthatJapan'sDefenseMinistryhadcommissionedFujitsutodevelopacyber-weaponviruscapableoftracinganddisablingcomputersbeingusedincyber-attacksagainstthecountry.
Theinformationisabitconfusing,anditlookslikeabadideaanywayas,evenifcreatedwiththebestofintentions,theremaybeadverseeffectsthatturntheweaponagainstitscreatorsortheentireworld.
Inanyevent,usersofPandaSecurity'ssolutionscansettheirmindatease,aswewilldetecteveryviruscreated,eitherbypublicorprivatewriters.
Let'slooknowattwoofthecountriesthatusuallytakethespotlightinthissection:ChinaandtheUnitedStates.
InJanuary,itwasrevealedthatChinesehackershaddeployedaTrojantargetingsmartcardreadersusedbytheU.
S.
DepartmentofHomelandSecurity.
Thesecardsareastandardmeansofgrantingusersaccesstointranets,networksandphysicallocations.
Hadthehackersactuallymanagedtocrackthesmartcards,theycouldeasilyaccesslotsofconfidentialinformation.
AlsoinChina,welearnedthatagroupofhackersmanagedtopenetratethecorporatenetworkofNortel,usingpasswordsstolenfromseventopNortelexecutives,includingtheCEO.
Apparently,theyhadbeenspyingonthecompanyfromasfarbackas2000.
Inmostcyber-warorcyber-espionageoperationsallyoucandoisspeculateaboutwhoisbehindtheattack.
Itisextremelyunlikelythatacountryopenlyadmitstobeingresponsibleforcarryingoutthistypeofaction.
However,thingsmightbecwebsitesbeingusedbyAlQaeda'saffiliateinYemen.
Morespecifically,theU.
S.
cyberexpertshackedintoJihadistWebpagesandsubstitutedmaterialthatbraggedaboutkillingAmericanswithinformationaboutMuslimcivilianskilledinterroriststrikes.
Meanwhile,inSouthKorea,intelligencesourcesaccusedNorthKoreaofrunningaspecialunitofelitehackerstostealmilitarysecretsandsabotageinformationsystemsofSeoul.
2012ataglanceFlameTheFlamecomputervirushasbeenthehighlightoftheyearwithoutanydoubts.
FlameisacomplexpieceofmalwareusedforinformationgatheringandespionageinMiddleEastcountries.
Thismaliciouscodeismostlikelycreatedbyagovernmentorintelligenceagency,andisclearlytiedtotheinfamousStuxnetmalware(aTrojanreportedlydesignedandlaunchedbytheU.
S.
andIsraeligovernmentsinanattempttosabotageIran'snuclearprogram).
TargetedattacksaregenerallycarriedoutusingTrojans,butinthiscasewearetalkingaboutaworm,whichintroducesanewfactor:Wormscanreplicatethemselvesautomatically,sovirusauthorscouldeventuallylosecontrolofwhoorwhosecomputerstheircreationsareinfecting.
Thatisreallynotadvisableifyouhaveaspecifictargettoattackandwanttostayundertheradarinordertoavoiddetection.
HowdidFlameresolvethisWell,thewormhasaverycuriousandsomewhatinnovativefeature:itsabilitytoturnitsspreadingfunctionalityonandoff,somethingextremelyhandywhenyouwanttogounnoticed.
OneofthemoststrikingfeaturesofFlameisthatitcanstealallkindsofdatainmultipleways,evenbyturningonvictims'microphonestorecordconversations.
Aspreviouslymentioned,thiswasundoubtedlyatargetedattackaimedatspecificindividualsandorganizationsintheMiddleEast.
Anditseemsthatthecyber-espionagewormmighthavebeenactiveformanyyearswithoutbeingdetectedbysecuritycompanies,whichhasproducedanumberofconspiracytheoriesclaimingthatgovernmentspressedantivirusvendorstonotdetecttheworm.
Obviously,thisiscompletelyfalse,andassoonasthewormhasbeendiscovered,ithasbeendetectedbyallofthem.
But,whydidittakesolongtodetectFlameWell,noantivirussolutionhasa100-percentsuccessrateatcatchingnew,unknownthreats.
Thisisquitesimpletounderstand:professionalcybercriminalsmakesuretheirmaliciouscreationswillgoundetectedbeforespreadingthem.
Theytestthemagainstallpopularantivirusenginestomakesuretheycannotbedetectedbysignaturefilesoranyotherprotectionsystems(behavioralandheuristicscanning,etc.
).
Ifyouhavethenecessaryresourcesatyourdisposal,youcansetupaQualityAssuranceprocessthateliminatesthepossibilityofthemalwarebeingfound,atleastatthestart.
Thethreatwillbeeventuallydetectedbyantivirussolutions,butmakingitgounnoticedforaslongaspossibleisthekeytosuccess.
Forexample,byinfectingasmallnumberoftargetedcomputersinsteadoftriggeringamassiveinfection.
FIG.
33.
SAUDIARAMCO.
FIG.
34.
RASGAS.
Throughouttheyearwehaveseenanumberofcyber-espionageattacksaimedatjournalistsindifferentpartsoftheworld.
Forexample,inMorocco,agroupofindependentjournalistswhoreceivedanawardfromGooglefortheireffortsduringtheArabSpringrevolution,wasinfectedwithaMacTrojan.
InChina,agroupofforeigncorrespondentswastargetedbytwomalwareattacksviaemailafewweeksbeforetheCongressoftheChineseCommunistParty.
ThisyearwehavealsoseenacoupleofmalwareinfectionsincompaniesoperatingintheenergysectorintheMiddleEast.
Itisstillnotknowniftheseincidentsarerelatedorareduetosometypeofcyber-attack,butalltheevidenceseemstoindicateso.
TheSaudiArabianOilCompany(SaudiAramco)washitbyamalwareinfectionthatledthecompanytosevereitsconnectionstotheInternetasapreventivemeasure.
Inadditiontothis,avirusinfectedQatarinaturalgascompanyRasGas.
However,neitherRasGasnorSaudiAramcosawtheirproductionhaltedduetotheseincidents.
2012infiguresFIG.
35.
NEWMALWARECREATEDIN2012,BYTYPE.
03|2012infiguresApproximately,27millionnewstrainsofmalwarewerecreatedin2012,74,000everyday.
Asaresult,PandaLabshasnowatotalof125millionclassifiedmalwaresamples.
Andthenumberkeepsgrowing,aidedbycyber-crookseagertobypassantivirusprotectionstoincreasetheirprofits.
Trojanscontinuedtoaccountformostofthenewthreats,asthreeoutofeveryfournewmalwarestrainscreatedwereTrojans.
Herearethedetails:Overthelastfewyears,thenumberofTrojansincirculationhasbeenconstantlyincreasing.
In2010theyaccountedformorethanhalfofallmalwarecreated(56percent),in2011theyrosespectacularlyto73.
31percent,whereasin2012theyreached76.
57percent.
Wormscamesecond(11.
33percentcomparedto8.
13percentin2011),whereasvirusesdroppedtothirdplaceat9.
67percentcomparedto14.
24percentin2011.
FIG.
36.
MALWAREINFECTIONSBYTYPEIN2012.
FIG.
37.
MOSTMALWARE-INFECTEDCOUNTRIESIN2012.
2012infiguresWhenitcomestothenumberofinfectionscausedbyeachmalwarecategory,asrecordedbyourCollectiveIntelligencetechnologies,Trojansonceagaindominatedtherankingat76.
56percent,almostthesamepercentageasthatofTrojansincirculation.
Itseemsthatcyber-criminalshavemanagedtoinfectmorecomputerswithTrojansthisyearthaninpreviousyears.
In2011,thepercentageofTrojan-infectedcomputerswas66.
18percents,sotherehasbeena10pointriseinthisrespect.
OneofthereasonsforthisgrowthistheincreaseduseofexploitkitssuchasBlackHole,whicharecapableofexploitingmultiplesystemvulnerabilitiestoinfectcomputersautomaticallywithoutuserintervention.
Herearevisualsdepictingthesetrends:However,noteverythingwasgoodnewsforcyber-criminals.
Theproportionofinfectedcomputersworldwidedecreasedsignificantlyfrom38.
49percentin2011to31.
98percentin2012.
Let'snowlookatthegeographicdistributionofinfections.
WhichcountriesweremostinfectedWhichcountrieswerebestprotectedChinawasonceagaintopofthelistofcountrieswithmostinfectionswithmorethan50percentofinfectedPCs(54.
89percent),followedbySouthKorea(54.
15percent),andTaiwanatadistantthird(42.
14percent).
Hereisagraphrepresentingthecountrieswithmostmalware-infectedcomputers:2012infiguresThelistoftoptenmostinfectedcountriesismadeupofnationsfromalmosteverypartoftheworld:Asia,Europe,CentralAmericaandSouthAmerica.
Othercountrieswhosenumberofmalwareinfectionswasabovetheglobalaverageare:Lithuania(35.
46percent),Thailand(35.
37percent),Peru(35.
05percent),Argentina(34.
79percent),Spain(34.
06percent),Nicaragua(34.
03percent),Guatemala(33.
89percent),Ecuador(33.
68percent),ElSalvador(32.
86percent),Brazil(32.
09percent)andChile(31.
98percent).
NineofthetenleastinfectedcountriesareinEuropewiththeonlyexceptionbeingCanada.
ThecountrywiththefewestinfectionsisSweden(20.
25percentofinfectedPCs),followedbySwitzerland(20.
35percent),andNorway(21.
03percent).
Here'sagraphrepresentingthecountrieswiththefewestinfectionsin2012:FIG.
38.
LEASTMALWARE-INFECTEDCOUNTRIES.
Othercountrieswhosenumberofmalwareinfectionswasbelowtheglobalaverageare:CzechRepublic(31.
84percent),Romania(31.
54percent),Colombia(31.
49percent),Estonia(31.
33percent),UnitedStates(30.
52percent),Slovenia(30.
37percent),Italy(30.
25percent),Venezuela(29.
81percent),Mexico(29.
81percent),CostaRica(29.
73percent),Panama(29.
61percent),France(29.
19percent),Paraguay(28.
57percent),SouthAfrica(27.
94percent),Denmark(27.
65percent),Hungary(27.
37percent),Uruguay(27.
23percent),Austria(27.
03percent),Belgium(27.
02percent),Portugal(26.
78percent),Australia(26.
60percent),Latvia(26.
06percent),Japan(26.
00percent)andNewZealand(25.
76percent).
2013SecurityTrends04|2013SecurityTrendsWehaveseenwhathashappenedin2012:attacksinsocialnetworksandcyber-wareverywhere.
Whatdowehavetoexpectforthenext12monthsVulnerabilitiesSoftwarevulnerabilitieswillbethemaintargetofcyber-criminalsnextyear.
Itisundoubtedlythepreferredmethodofinfectionforcompromisingsystemstransparently,usedbybothcyber-criminalsandintelligenceagenciesincountriesaroundtheworld.
In2012,wesawhowJava,whichisinstalledonhundredsofmillionsofdevices,wasrepeatedlycompromisedandusedtoactivelyinfectmillionsofusers.
InsecondplaceisAdobe,asgiventhepopularityofitsapplications(AcrobatReader,Flash,etc.
)anditsmultiplesecurityflaws,itisoneofthefavoritetoolsformassivelyinfectingusersaswellasfortargetedattacks.
Althoughwemaythinkthathomeusersareexposedtothehighestrisk,rememberthatupdatingapplications,whichisessentialforprotectingagainstthesetypesofattacks,isaverycomplexprocessincompanies,whereupdatingallcomputersmustbecoordinated.
Atthesametime,itisessentialtoensurethatalltheapplicationsusedinacompanyworkcorrectly.
Thismakestheupdateprocessesslow,whichopensawindowthatisexploitedtostealinformationingeneralandlaunchtargetedattacksinsearchofconfidentialdata.
2013SecurityTrendsSocialnetworksThesecondmostwidelyusedtechniqueissocialengineering.
Trickingusersintocollaboratingtoinfecttheircomputersandstealtheirdataisaneasytask,astherearenosecurityapplicationstoprotectusersfromthemselves.
Inthiscontext,useofsocialnetworks(Facebook,Twitter,etc.
),placeswherehundredsofmillionsofusersexchangeinformation,onmanyoccasionspersonaldata,makesthemthepreferredhuntinggroundfortrickingusers.
ParticularattentionshouldbepaidtoSkype,whichafterreplacingMessenger,couldbecomeatargetforcyber-criminals.
MalwareformobiledevicesAndroidhasbecomethedominantmobileoperatingsystem.
InSeptember2012,Googleannouncedthatithadreachedtheincrediblefigureof700millionAndroidactivations.
Althoughitismainlyusedonsmartphonesandtablets,itsflexibilityandthefactthatyoudonothavetobuyalicensetouseitaregoingtoresultinnewdevicesoptingtouseGoogle'soperatingsystem.
Itsuseisgoingtobecomeincreasinglywidespread,fromtelevisionstoalltypesofhomeappliances,whichopensupaworldofpossibleattacksasyetunknown.
Cyber-warfare/Cyber-espionageThroughout2012,differenttypesofattackshavebeenlaunchedagainstnations.
TheMiddleEastisworthmentioning,wheretheconflictisalsopresentincyber-space.
Infact,manyoftheseattacksarenotevencarriedoutbynationalgovernmentsbutbycitizens,whofeelthattheyshoulddefendtheirnationbyattackingtheirneighborsusinganymeansavailable.
Furthermore,thegovernmentsoftheworld'sleadingnationsarecreatingcybercommandostopreparebothdefenseandattackandtherefore,thecyber-armsracewillescalate.
GrowthofmalwareFortwodecades,theamountofmalwarehasbeengrowingdramatically.
Thefiguresarestratospheric,withtensofthousandsofnewmalwarestrainsappearingeverydayandtherefore,thissustainedgrowthseemsveryfarfromcomingtoanend.
Despitesecurityforcesbeingbetterpreparedtocombatthistypeofcrime,theyarestillhandicappedbytheabsenceofbordersontheinternet.
Apoliceforcecanonlyactwithinitsjurisdiction,whereasacyber-crookcanlaunchanattackfromcountryA,stealdatafromcitizensofcountryB,sendthestolendatatoaserversituatedincountryCandcouldbelivingincountryD.
Thiscanbedoneinjustafewclicks,whereascoordinatedactionofsecurityforcesacrossvariouscountriescouldtakemonths.
Forthisreason,cyber-criminalsarestilllivingtheirowngoldenera.
MalwareforMacCaseslikeFlashback,whichoccurredin2012,havedemonstratedthatnotonlyisMacsusceptibletomalwareattacksbutthattherearealsomassiveinfectionsaffectinghundredsofthousandsofusers.
AlthoughthenumberofmalwarestrainsforMacisstillrelativelylowcomparedtomalwareforPCs,weexpectittocontinuerising.
Agrowingnumberofusersaddedtosecurityflawsandlackofuserawareness(duetoover-confidence),meanthattheattractionofthisplatformforcyber-crookswillcontinuetoincreasenextyear.
Windows8Lastbutnotleast,Windows8.
Microsoft'slatestoperatingsystem,alongwithallofitspredecessors,willalsosufferattacks.
Cyber-criminalsarenotgoingtofocusonthisoperatingsystemonlybuttheywillalsomakesurethattheircreationsworkequallywellonWindowsXPtoWindows8,throughWindows7.
OneoftheattractionsofMicrosoft'snewoperatingsystemisthatitrunsonPCs,aswellasontabletsandsmartphones.
Forthisreason,iffunctionalmalwarestrainsthatallowinformationtobestolenregardlessofthetypeofdeviceusedaredeveloped,wecouldseeaspecificdevelopmentofmalwareforWindows8thatcouldtakeattackstoanewlevel.
05|ConclusionConclusionTheyear2013presentsitselffullofchallengesinthecomputersecurityworld.
Androiduserswillhavetofaceagrowingnumberofattacksfromcyber-crookswantingtostealprivateinformation.
Cyber-espionageandcyber-warwillalsobeontherise,asmoreandmorecountriesareorganizingtheirowncyber-commandounits.
Thereisgrowingconcernfortheinformationthatcouldbecompromisedandthepossibilityofusingmalwaretolaunchdirectattacksoncriticalinfrastructure.
Companieswillhavetotightenupsecuritymeasurestoavoidfallingvictimtotheincreasingnumberofcyber-attacks,whilespecialcarewillhavetobetakentoprotectnetworksagainstoperatingsystemandapplicationvulnerabilities,withJavaposingthebiggestthreatduetoitsmultiplesecurityflaws.
VisitthePandaLabsblog(http://www.
pandalabs.
com)tostayuptodatewithallthedevelopmentsanddiscoveriesmadeatthelaboratory.
06|AboutPandaLabsAboutPandaLabsPandaLabsisPandaSecurity'santi-malwarelaboratory,andrepresentsthecompany'snervecenterformalwaretreatment:PandaLabscreatescontinuallyandinreal-timethecounter-measuresnecessarytoprotectPandaSecurityclientsfromallkindofmaliciouscodeonagloballevel.
PandaLabsisinthiswayresponsibleforcarryingoutdetailedscansofallkindsofmalware,withtheaimofimprovingtheprotectionofferedtoPandaSecurityclients,aswellaskeepingthegeneralpublicinformed.
Likewise,PandaLabsmaintainsaconstantstateofvigilance,closelyobservingthevarioustrendsanddevelopmentstakingplaceinthefieldofmalwareandsecurity.
Itsaimistowarnandprovidealertsonimminentdangersandthreats,aswellastoforecastfutureevents.
Forfurtherinformationaboutthelastthreatsdiscovered,consultthePandaLabsblogat:http://pandalabs.
pandasecurity.
com/facebookhttps://www.
facebook.
com/PandaUSAtwitterhttps://twitter.
com/PandaSecuritygoogle+http://www.
gplus.
to/pandasecurityyoutubehttp://www.
youtube.
com/pandasecurity1Thisreportinwholeorinpartmaynotbeduplicated,reproduced,storedinaretrievalsystemorretransmittedwithoutpriorwrittenpermissionofPandaSecurity.
PandaSecurity2013.
AllRightsReserved.
- servicespastebin相关文档
- OSpastebin
- DLLpastebin
- letterspastebin
- testedpastebin
- storingpastebin
- DASpastebin
SunthyCloud阿里云国际版分销商注册教程,即可PayPal信用卡分销商服务器
阿里云国际版注册认证教程-免绑卡-免实名买服务器安全、便宜、可靠、良心,支持人民币充值,提供代理折扣简介SunthyCloud成立于2015年,是阿里云国际版正规战略级渠道商,也是阿里云国际版最大的分销商,专业为全球企业客户提供阿里云国际版开户注册、认证、充值等服务,通过SunthyCloud开通阿里云国际版只需要一个邮箱,不需要PayPal信用卡就可以帮你开通、充值、新购、续费阿里云国际版,服务...
HostSailor:罗马尼亚机房,内容宽松;罗马尼亚VPS七折优惠,罗马尼亚服务器95折
hostsailor怎么样?hostsailor成立多年,是一家罗马尼亚主机商家,机房就设在罗马尼亚,具说商家对内容管理的还是比较宽松的,商家提供虚拟主机、VPS及独立服务器,今天收到商家推送的八月优惠,针对所有的产品都有相应的优惠,商家的VPS产品分为KVM和OpenVZ两种架构,OVZ的比较便宜,有这方面需要的朋友可以看看。点击进入:hostsailor商家官方网站HostSailor优惠活动...
老用户专享福利 腾讯云 免费领取轻量云2核4G服务器一年
感恩一年有你!免费领取2核4G套餐!2核4G轻量应用服务器2核 CPU 4GB内存 60G SSD云硬盘 6Mbps带宽领取地址:https://cloud.tencent.com/act/pro/lighthousethankyou活动规则活动时间2021年9月23日 ~ 2021年10月23日活动对象腾讯云官网已注册且完成实名认证的国内站用户(协作者与子用户账号除外),且符合以下活动条件:账号...
pastebin为你推荐
-
newworldtheworld中文是什么意思梦之队官网梦之队是什么呢?是那个国家的呢?他们又是参加那个项目的呢?得了几块金牌呢?firetrap流言终结者 中的银幕神偷 和开保险柜 的流言是 取材与 那几部电影的嘀动网动网和爱动网各自的优势是什么?巫正刚阿迪三叶草彩虹板鞋的鞋带怎么穿?详细点,最后有图解。高分求百度关键词工具如何利用百度关键词推荐工具选取关键词baqizi.cc汉字的故事100字www.gogo.comNEO春之色直径?bk乐乐BK乐乐和沈珂什么关系?朴容熙给我介绍几个韩国 ulzzang 最好是像柳惠珠那样的 不要出道的...