servicespastebin
pastebin 时间:2021-04-04 阅读:()
2012SummaryPandaLabsannualReport01Introduction06AboutPandaLabs05Conclusion042013SecurityTrends032012infigures022012ataglance-MobilePhoneMalware-Ransomware:"PoliceVirus"-SocialNetworks-Mac-Cyber-crime-Cyber-warIntroduction01|IntroductionTheyear2012hascometoanend,anditistimetotakealookbackandanalyzeeverythingthathashappenedinthesecurityworldoverthelasttwelvemonths.
Malwarecreationshowednosignofslowingdown,asshownbythefactthatin2012wedetectedarecord-high27millionnewmalwarestrainsatthelaboratory,atanaverageof74,000newsamplesperday.
Inaddition,cyber-attacksagainstmultinationalcorporationscontinuedtoincrease,withvictimsrangingfromcompaniesinthevideogameindustry(Blizzard)toautogiants(Nissan).
Wealsoanalyzethemostimportanteventsinthemobilephoneindustry.
AsAndroid'smarketsharecontinuestogrow,themotivationforcyber-crookstotargettheplatformalsoincreases.
Thereportalsocovershowsocialmedia(Facebookespecially)wasusedbycyber-criminalstospreadmalwarebymakinguseofsocialengineeringtechniques.
Furthermore,wetakealookatthelargestMacinfectiontodateanditsconsequences.
2012hasseensomeremarkableeventsinthecyber-war/cyber-espionagearena,withFlamegrabbingheadlines.
WeanalyzethisandotherattacksthattookplaceintheMiddleEast.
Summingup,thisreportrecapsthemajorcomputersecurityeventsthatoccurredin2012,andforecastsfuturetrendsfor2013.
Sitbackandenjoy!
2012ataglance02|2012ataglanceAsAndroidmarketsharecontinuestogrow,sodoestheamountofmalwaretargetingtheplatform.
InJanuary,GooglehadtoremoveseveralmaliciousappsfromitsAndroidMarket(renamedto'PlayStore').
Basically,cyber-crooksrepackagedpopulargameslikeAngryBirdsorCutTheRopewithmaliciouscodeanduploadedthemtoPlayStore.
UsersthendownloadedandinstalledtheappsunawarethattheywerealsoinstallingaTrojanthatsentSMSmessagestoapremiumratenumber.
MobilePhoneMalwareInfact,welearnedthatGoogle,tiredofthemaliciousappsfoundonPlayStore,hasstartedanalyzingappsbeforeputtingthemintheircataloginordertodetectanomalousbehavior.
Accordingtotheirownsources,theyhavemanagedtoreducemaliciousappdownloadsby40percent.
Unfortunately,despitetheseefforts,criminalscontinuedtotargettheAndroidmobileplatformthroughappsnotalwaysaccessiblethroughPlayStore.
ThiswasthecaseofBmaster,aremoteaccessTrojan(RAT)ontheAndroidplatformthattriedtopassitselfoffasalegitimateapplication.
WealsosawTrojansexclusivelydesignedtostealdatafrominfecteddevices:fromcallandtextmessagerecordstousers'contactlists.
Androidispotentiallyexposedtofarmoresecurityrisksthanitsbiggestcompetitor(iPhoneanditsiOS),asitallowsuserstogettheirappsfromanywheretheirwant.
However,usingtheofficialAndroidmarketplaceisnosecurityguaranteeeither,asithasalsobeentargetedbycyber-crooksluringusersintoinstallingTrojansdisguisedaslegitimateapps.
Somethingwhich,bytheway,hasalsohappenedtoApple'sAppStore,buttoalesserextentthantoGoogle'sPlayStore.
2012ataglanceOperaMiniisaWebbrowserdesignedprimarilyformobilephones.
Overthelastfewmonths,OperaMinihasgainedinpopularityasamobilebrowseralternativeonAndroidsmartphones,becomingatargetforcyber-criminalstotrickusers.
Inthelatestattack,criminalsofferedthebrowsertousersfromastoreotherthanGoogle'sPlaystore.
However,installingtheapplicationinstalledtheactualOperabrowser,andalsoaTrojanthatsentSMSmessagestopremium-ratenumbers.
UnlikeothercasesinwhichTrojansattemptedtopassthemselvesoffaspopularmobileapps,inthiscasethemalwarecamebundledwithalegitimateversionoftheOperaMinimobilebrowsertohelptrickusersintothinkingthatnothingwaswrongastheycouldsimplyusetherealsoftwareasexpected.
FIG.
01.
CHINAMOBILE.
Wesawanother'unusual'attackinChina,asaTrojanwasreleasedthatpurchasedapplicationsfromtheinfecteddevice.
TheTrojanaffectedChinesesubscriberstoChinaMobile,oneoftheworld'slargestmobilephonecarrierswithmorethan600millionsubscribers.
Onceinfected,themobilestartedbuyingapplicationsfromChinaMobile'smarketplaceonbehalfoftheuser.
ThisTrojanwasdeliveredonnineunofficialappstores.
Atthispoint,manyusersbelievethatitissafertobuyandinstallappsfromofficialstores.
Thisistruetosomeextent,buttherehavealsobeeninstancesofmalwarecreepingontoofficialstores.
Thisquarter,forexample,anewmalwarestrainwasdiscoveredhidingoutinthePlayStore,posingastwogames:SuperMarioBrosandGTA3MoscowCity.
Themalwaremanagedtoremainundetectedforweeksuntilitwasfinallyremoved.
FIG.
02.
500millionAndroiddevicesnowactivated.
WhyisAndroidthemosttargetedmobileplatformWell,thisisduetoanumberofreasons:Firstly,Androidallowsitsuserstogettheirappsfromanywheretheywant.
Theydon'tnecessarilyhavetogototheofficialstore,normustapplicationsbedigitallysignedaswithiOS.
Secondly,cyber-crookswouldhaveneversettheireyesonthisplatformifitweren'tforthelargenumberofusersithas.
InJune,Googleannouncedthat400millionAndroiddeviceshadbeenactivated,afigurethatreached500millionatthebeginningofSeptember,with1.
3millionactivationsperday.
PoliceVirusScamOneofthisyear'stopthreatshasundoubtedlybeenanewmalwareepidemicthatinfectedhundredsofthousandsofcomputersaroundtheworldusingfearandblackmailingtechniquestoextortmoneyfromcomputerusers.
WhileweareusedtoseeingthiskindoffakemessageinEnglish,inthiscasetheattackswerelocalized.
WesawEnglish,German,Spanish,DutchandItalianmessages(amongothers)dependingonthetargetedcountry.
AlloftheattackstargetedsomeEuropeannation,soitlooksliketheywererelatedandthesamecyber-criminalgangcouldbebehindthem.
FIG.
3.
Iconusedbyoneofthe"PoliceVirus"variants.
Let'stakeacloserlookatoneoftheattacks.
Thefile'siconwasthepopularlogousedbyLulzSecintheircommunications:2012ataglanceOncetheircomputerwasinfected,theuserwasconfrontedwiththefollowingfull-screenwindowcoveringtheentiredesktop:FIG.
04.
FakewarningmessagedisplayedbytheTrojan.
Themessageinformedtheuserthattheyhadaccessedillegalmaterial(suchaschildpornography)orsentspammessageswithterroristmotives,andtheircomputerhadbeenlockedtopreventfurtherabuse.
Tounlocktheircomputer,theyhadtopaya100'fine'.
TheworstthingfortheuserwasthattheTrojanactuallyblockedthecomputer,soitwasnoteasytoremoveit.
Todoit,theuserhadtorestartthecomputerinsafemodeandrunascanwithanantivirussolutionsthatwasabletodetectit.
Howcomethemessagewasdisplayedinthevictim'sownlanguageandhowdidtheTrojanpurporttocomefromlocalauthoritiesWell,that'seasytoexplain:Afterinfectingthecomputer,themalwareconnectedtoacertainURLand,basedonthevictim'sIPaddress,retrievedthelocalizedversionofthemessagethatappearedonthecomputer.
MostmessagespretendedtocomefromEuropeanauthorities(althoughwealsosawexamplestargetingusersinothercountries,likeCanadaforexample).
BelowaresomeexamplesofsimilarattackslaunchedinQ12012:FIG.
05.
FakewarningmessagedisplayedbytheTrojaninGerman.
2012ataglanceFIG.
06.
FakewarningmessagedisplayedbytheTrojaninDutch.
FIG.
07.
FakewarningmessagedisplayedbytheTrojaninItalian.
2012ataglanceFIG.
08.
FakewarningmessagedisplayedbytheTrojaninEnglish.
FIG.
09.
FakewarningmessagedisplayedbytheTrojaninSpanish.
However,theattackbecamemorecomplexovertime.
Themalwarewentontouseransomwaretechniques,'takingover'infectedcomputersbyencryptingsomeoftheircontentandforcinguserstopayafineorloseaccess.
Basically,attackerstookthisfunctionalityfromthePGPCoderTrojan,amaliciouscodedesignedtoencryptfilesandkeepthemlockedunlessthevictimagreedtopayaransom.
ThefirstversionsofthenewPoliceVirusonlyencrypted.
docfiles,andtheencryptionwasn'ttoohardtocrack,soitwaspossibletodecryptthefileswithoutthekey.
Now,however,amoresophisticatedencryptionisbeingused,andthedecryptionkeyisrequiredtounlockthefiles.
Andnotonlythat,thefilesareencryptedwithadifferentkeyforeachinfectedcomputer,so,unlessyouareabletoaccesstheserverthatstoresallkeys,itisabsolutelyimpossibletoaccessthefiles.
Additionally,therangeoffilesbeingencryptedisalsomostsophisticated.
Somevariantsuseablacklistofextensionstoencrypt;othersuseawhitelistofcriticalsystemfilesnottoencrypt.
2012ataglanceFIG.
10.
WarningusedbythePoliceVirusuntilnow.
Andreplaceditwithoneincludingimagestakenbytheirwebcam:FIG.
11.
NewwarningusedbythePoliceVirus,showingtheimagescapturedbythecomputer'swebcam.
Asyoucansee,thepageincludesasmallwindowshowingtheimagestakenbythewebcaminrealtime,togetherwiththetext:"Liverecording".
However,noimagesareactuallybeingrecordedorsenttolawenforcement.
Thewarningjustdisplaystheimagescurrentlycapturedbythewebcam.
Users,however,don'tknowthis,andmostofthemwillstarttopanicandbewillingtopaythe'fine'tostoplawenforcementfromspyingonthem,astheyaremadetobelieve.
Aspreviouslysaid,thisnewvariantdoesn'tuseencryption,probablybecausecyber-criminalsthinkthatthewebcamtrickisenoughtoscarepotentialvictims.
Thequestionis,howmuchfurthercanthismalwaregoIntheend,thepurposeofscarewareissimplytofrightentheuserintopayingthemoney(or,asattackerscallit,"thefine").
AnewvariantofthePoliceVirustakesovertheuser'swebcam.
WhatforWell,themalwarehaschangedthescreenitdisplayedsofartowarntheuserthat'illegalactivity'hadbeentracedtotheircomputer…2012ataglanceSocialNetworksFacebookcontinuesitsreignasthenumberonesocialnetworkingsitebutitalsoisafavoritetargetofcyber-crooks.
InJanuary,awormwasdiscoveredthathadstolenover45,000Facebooklogincredentials.
Researchersfearthatthecriminalsusedthese'infected'accountstosendlinkstopeople'sFacebookfriends,spreadingthecomputerwormfurther.
Meanwhile,whatdoesFacebookdotoprotectusersWell,thegoodnewsisthatatleasttheytakethefightagainstcyber-crimeseriously.
FIG.
12.
FacebookrevealedthenamesofthesuspectsbehindtheKoobfaceattack.
InJanuary,FacebookfinallyrevealedthefullnamesandonlinenamesoftheperpetratorsbehindtheKoobfacebotnetthathasaffectedthesocialsiteforafewyears.
Theidentitiesofthoseresponsiblefortheattacksare:StanislavAvdeyko(leDed),AlexanderKoltysehv(Floppy),AntonKorotchenko(KrotReal),RomanP.
Koturbach(PoMuc)andSvyatoslavE.
Polichuck(PsViatandPsycoMan).
Unfortunately,themenlivecomfortablelivesinSt.
Petersburg(Russia),andhavebecomerichfromtheirvariousonlineschemes.
Allfivehaveyettobechargedwithacrime,norhasanylawenforcementagencyconfirmedtheyareunderinvestigation.
FIG.
13.
Maliciousmessage.
FIG.
14.
Maliciouswebsite.
DespitethemyriadmalwareandspamscamspreyingonFacebook,curiositystillgetsusersintotrouble.
ThisyearwesawanewscaminvolvingasupposedtapeofKatyPerryandRussellBrandpostedtothewallsofhundredsofusers.
Themaliciouspostlookedasfollows:2012ataglanceHowever,allthe'Likes',comments,etc.
displayedonthepagewerefalseasthe'page'itselfdidn'texist,itwassimplyanimage.
Ifyouclickedon"InstallPlugin"andyouwereusingFirefoxorChrome,theworminstalledabrowserplug-inandusedittopostthescamtothevictims'friends'pages.
OnInternetExplorer,astherewasnoplug-inthatcouldcarryoutthistask,thewormdisplayedanageverificationpagetoaccessanapplicationcalled'X-RayScanner'.
ThispageinformsyouthatyourTwittersessionhastimedoutandasksthatyouloginagain.
Tomakethephishingscamlookasrealaspossible,allthelinksdisplayedonthepageareactuallyTwitterlinksexceptforthe"Signin"and"Signup"buttons,whichwilltransmittheuserdatatotheattackers.
OncetheyhaveyourTwitterloginandpassword,theywillbeginsendingthesamemisleadingTwitterDMtoallofyourfollowers.
Thisway,theywillstealtheirTwitterloginaswell,andusetheiraccountstospreadmalware,sendspamorturnthosecredentialsintomoneybysellingthemtoothercyber-crooks.
SocialnetworkingsiteLinkedInhad6.
5millionuserpasswordsstolenandleakedonline.
Fortunatelyenough,however,thesepasswordswerenotstoredinplaintextfiles,butwereencrypted.
Thebadnewsisthattherewasnootheradditionalprotection,soincaseyouhaven'talreadydoneso,weadvisethatyouchangeyourLinkedInpasswordrightnow.
Andifyouusethatpasswordforanyotherserviceaswell,changeittoo,andalwaysusedifferentpasswordsfordifferentprogramsandservices.
FIG.
15.
Message.
Asyoucansee,thepagelookedlikeaFacebookpagetotrickusersintobelievingtheywerestillonthesocialnetworkingsite.
Ifthevictimclickedanyofthelinkstheyweretakentoapagewheretheywereaskedtoentertheircellphonenumber.
However,afterdoingso,theystartedreceivingunwantedpremiumratetextmessages.
Oneoftheprimaryobjectivescyber-crookshavewhenlaunchingattacksonsocialmediasitesistogainaccesstousers'accountssothattheycanimpersonatethemandaccesstheirpersonaldetailsorinformationsharedwithotherusers.
OnTwitter,forexample,accessingauser'saccountwillallowthemtosenddirectmessages(DMs)tothevictims'friends.
Atypicalexamplewouldbeasfollows:YoureceiveaDMfromoneofyourcontactsinformingyouthatsomeonehasjustpostedsomeembarrassingpicturesofyou.
Ifyouclickthelink,you'llbetakentothefollowingpage:FIG.
16.
PhishingpagethatstealsTwittercredentials.
2012ataglanceMacEverytimewediscussMacthreats,wepresentyouwiththecasesthatmostcaughtourattention.
Luckilyenough,theseinfectionsarenotmassive,asdespitethegrowthofMacmalware,thePCremainsthebiggesttargetforcyber-criminals.
Unfortunately,manyMacusersstillbelievetheyareimmunetothreats,eventhoughlittlebylittlepeople,evenatApple,arebeginningtorealizethatthatisnotthecase.
TheApplepagethatexplainsthereasonswhyMacsarebetterthanPCspreviouslyboastedthatMacsystems'don'tgetviruses'(afalsestatement,sincemacroviruses,forexample,affectbothplatforms).
However,itseemsthatAppleisbeginningtoacknowledgethetruth,astheyhavereplacedtheprevioustextwiththisone:FIG.
17.
Apple'swebsitesaiditsoperatingsystemwasvirusfree.
ThischangeisprobablyrelatedtotherecentoutbreakoftheFlashbackTrojan,amalwarespecimenresponsibleforthesinglemostsignificantmalwareinfectiontoeverhittheMaccommunity.
Thismalwareinfectedupto600,000Maccomputersaroundtheworld,creatingthelargestbotnetevertotargetApplecomputers.
OneoftheTrojan'smostuniquefeatureswasthatbeforeinfectingacomputer,itcheckedtoseeifithadsomekindofantivirusinstalled.
Ifthecomputerwasprotected,Flashbackdidn'tinfectit;otherwise,itinfectedtheMacandtriggereditspayload.
Thisattackhasonceagaindemonstratedthat,contrarytopopularbelief,Macsareinfactnotimmunetovirusinfectionandmalware,amythlargelyexploitedbycyber-criminals.
Cyber-crimeInatypicalphishingattack,offendersusuallystealconsumers'identitiestoimpersonatethemandemptytheirbankaccounts.
However,theyearstartedoffwithquiteanunusualcase.
Thefirstmayorcyber-crimeof2012tookplaceinSouthAfrica,ashackersgotawaywithabout$6.
7millionfromSouthAfricanPostbank.
Therobberytookplaceoverthreedays,fromJan1toJan3.
Thehackers,whohadplannedtheattackformonths,usedstolenlogindetailsfromaPostbanktellertotransferthestolenmoneyintomultiplebankaccountsthatwereopenedacrossthecountry.
FIG.
18.
Appleremovesclaimofvirusimmunity.
2012ataglanceMegauploadcaseInJanuary,theFBIshutdownthepopularMegauploadfile-sharingwebsite,chargingthefoundersfor"copyrightinfringement"(youcanreadtheFBIpressreleasehere,withmoreinformationaboutthecase).
Ifconvicted,thoseinvolvedfaceupto50yearsinprisononallcharges.
HackergroupAnonymousreactedswiftlytothenews,launchingDDoSattacksonseveralWebpages,includingthesitesoftheU.
S.
DepartmentofJustice,RIAA(RecordingIndustryAssociationofAmerica)andUniversalMusicGroup.
Goingbacktothepressrelease,theFBIstatedthat:"ThiscaseispartofeffortsbeingundertakenbytheDepartmentofJusticeTaskForceonIntellectualProperty(IPTaskForce)tostopthetheftofintellectualproperty.
"Well,asweallknow,inthe'realworld'cyber-criminalsaresiphoningmillionsofdollarsintotheirpocketseveryyearbyattackinghundredsofthousandsofcomputers.
However,itseemsthatauthoritiesconsidercopyrightinfringementtobefarmoreserious.
Asalways,thisisaquestionofpriorities,anditseemsthatinthiscasethehighestpriorityoflawenforcementagenciesisnotexactlytoprotecttheindividual.
FIG.
19.
ImagedisplayedonaccessingMegaupload'ssiteaftertheFBI'sintervention.
BothAnonymousandLulzSechavebeenverybusyoverthelastyear.
InJanuary,inthewakeofcontroversiallegislationsuchasSOPAandACTA,thehackinggrouppostedthefollowingTwittermessage:"Ifyouhated#SOPA,you'llburstintoflamesabout#ACTAhttp://is.
gd/Bo68r4Negotiatedinsecret.
iPodsearchesatbordercrossings.
"Soonafter,theylaunchedanunprecedentedstringofattacksongovernmentandbusinesssitesaroundtheworld.
InFebruary,theyrecordedandreleasedasensitiveconferencecallbetweentheFBIandScotlandYard.
Amidgrowingspeculationabouthowthehackershadbeenabletoobtaintherecording,AnonymouspublishedanemailpurportedlysentbyanFBIagenttointernationallawenforcementagencies,withaphonenumberandpasswordforaccessingthecall.
2012ataglanceFIG.
20.
FBImessageinterceptedbyAnonymous.
InFebruary,AnonymouspublishedthesourcecodeofPCAnywhereandNorton,stolenin2006.
Thetheftwascommittedbyagroupofcyber-criminalswhoaimedtoblackmailSymantec.
However,onceitbecamecleartheAmericansecurityfirmwasnotgoingtogiveintotheblackmail,theydecidedtopassthedatatoAnonymoustomakeitpublic.
InMarch,severalallegedmembersofLulzSecwerearrestedinthecourseofapoliceoperationlaunchedin2011.
ItwasimmediatelydiscoveredthatSabu,theallegedleaderofLulzSec,hadbeensecretlyarrestedbytheFBIandhadbeenworkingforthegovernmenttoarrestothermembersofthehackercollective.
LuisCorrons,technicaldirectorofPandaLabs,laudedthearrestsonthelaboratory'sblogandAnonymousreactedswiftlybybreakingintotheexternalserverthathostedthebloganddefacingit.
Anonymousmakeabigdealaboutfreedomofspeech,callingthemselves'theVoiceofFreeSpeech'and'aggressiveproponentsfortheFreedomofSpeech'.
However,inreality,theselfappointeddefendersoffreespeechshutdownpeople'swebsiteswhentheydon'tlikewhattheyread.
Uhmm…Itisironic,isn'titItseemsthatAnonymousareonlyinterestedindefendingfreedomofspeechwhenitservestheirowninterests.
Actually,aBritishjournalistaskedthemaboutthisapparentcontradictiononTweeterbuthisquestion,unsurprisingly,wentunanswered.
FIG.
21.
PandaLabsblogpostpraisingthelatestLulzSecarrests.
2012ataglanceFIG.
22.
UnansweredquestiontoAnonymousfromaBritishjournalist.
Onedaylater,theylaunchedanattackonthemainwebsiteoftheVatican,renderingitinaccessible.
AndfivedayslatertheyattackedtheVaticanagain,thistimebreakingintotheVaticanRadiodatabaseandpostingusernamesandpasswords.
Unfortunately,AnonymousandLulzsecarenottheonlyoneswholaunchthesetypesofattacks.
InFebruary,theonlineMicrosoftStoreinIndiawascompromisedbyagroupofChinesehackers.
TheteamofhackersdefacedthesiteandstoledatafromthousandsofMicrosoftcustomers.
FIG.
23.
MicrosoftIndiaWebstorehacked.
FIG.
24.
Screenshotshownbycyber-criminalstoprovetheyhadstolendatafromMicrosoft'scustomers.
2012ataglanceAlsoinFebruary,itwasreportedthatattackersstoleinformationfrommillionsofusersofYouPorn,oneoftheworld'smostpopularpornvideowebsites.
ThisdatawaspostedonPastebin,apopulardumpinggroundforcyber-attackers,potentiallycompromisingthesecurityofthousandsofuserswhoreusepasswordsonmultiplesites.
InMarch,itwasrevealedthatMichaelJackson'sentirebackcataloguehadbeenstolenfromSonyMusic,includingsomepreviouslyunreleasedmaterial.
Thisfollowslastyear'sattacksonSonythatexposedpersonaldatafrommorethan100millionaccountsatSonyOnlineEntertainmentandthePlayStationNetwork(PSN).
Itseemsthatthecyber-criminalswhohackedintoSonyMusic'ssystemsthoughtitwouldbeeasytoaccessthecompany'sinformation.
Unfortunately,theywereright,althoughinthiscasetheywerearrestedandareduetostandtrialin2013.
FIG.
25.
MichaelJackson'sentiremusiccataloguestoleninSonyMusichack.
Wikipediasufferedanattackthatforcedtheorganizationtoreleaseastatementwarningitsusersthatseeingadsonitswebsitemeanttheircomputershadbeeninfected.
TheattackersusedarogueGoogleChromeadd-onthatinsertedadsintothesite.
ThefoundationbehindWikipediatooktheopportunitytoremindusersthatWikipediaisfundedbydonorsandtheydon'trunadvertisementsontheirpages.
FIG.
26.
RogueGoogleChromeextensioninjectedadsintoWikipedia.
Wehavementionedonmanyoccasionshowcyber-criminalsarebecomingmoresophisticatedandareconstantlyimprovingtheirtechniques.
AnexampleofthiswastheappearanceofanewvariantoftheSpyEyebankingTrojan,whichhijackedthewebcamofinfectedcomputers.
WhatforTomonitorhowvictimsreactedwhentheyreadthesocially-engineeredmessagesdisplayedbythemalwareonspoofbankingwebsites,andseehoweffectivetheirsocialengineeringturnedouttobe.
NissanMotorCompanyfellvictimtoabreachofemployeeinformation.
TheattackerscompromiseduserIDsandpasswords,whichseemstoindicatethatthemalwarewasdesignedforindustrialespionage.
KhosrowZarefarid,anIraniansecurityexpert,discoveredacriticalflawinIran'sbankingsystem,providingaffectedinstitutionswiththedetails.
Whentheaffectedbanksdidn'trespond,hehacked3millionaccountsacrossatleast22banks.
Hethendroppedthesedetails–includingcardnumbersandPINs–onhisblog.
GoogletookdownZarefarid'sBlogger-hostedblog,whereasaffectedinstitutionswarnedcustomerstochangetheirdebitcardPINs.
2012ataglanceHackers,perhapsfromEasternEurope,stolethepersonaldetailsofover900,000ofUtah'sMedicaidbeneficiariesfromaserveroperatedbyUtah'sHealthDepartmentTheDropboxfilesharingservicesufferedahugesecuritybreachthatledtotheftofusernamesandpasswordsfromthousandsofusers.
Accordingtoreports,itwasusersthemselvesthatraisedthealarmafterstartingtoreceivespamataddressesusedonlyforDropbox.
FIG27.
DROPBOX.
FIG.
28.
REUTERS.
InSouthKorea,mobilecarrierKTCorporationsufferedadatabreachwhichexposedpersonalinformationofover8.
7millioncustomers.
Shortlyafterthehack,SouthKoreanpoliceannouncedthearrestoftwoprogrammerswhowereallegedlyinvolvedwiththetheft.
TheReutersnewsservicesufferedtwosuccessfulhackerattacksonitsbloggingplatform.
ThenewsagencywasfirsthitatthebeginningofAugustwhenafalseinterviewwithaSyrianrebelleaderwaspublished.
Asaresult,Reuterstookitsbloggingplatformofflineforafewhours.
Twoweekslater,asimilarincidenttookplaceinvolvinganarticlethatfalselyclaimedSaudiArabia'sforeignministerSaudal-Faisalhaddied.
Blizzard,theAmericanvideogamedeveloperandpublisheroftitleslikeWorldofWarcraft,StarcraftorDiablo,confirmedinAugustthattheyhadsufferedasecuritybreachandurgeduserstochangethelogincredentialstoitsonlinegamingserviceBattle.
net.
Theyconfirmedthathackerswereabletoobtainusers'emailaddressesandencryptedpasswords.
FIG.
29.
BLIZZARD.
InSeptember,itwasrevealedthatAdobehadalsobeenattackedbyhackers.
Inthiscasethough,theattackerswerenotinterestedinstealingcustomerdata,butinaccessingoneofthecompany'sinternalserverstobeabletosigntheirmalwarewithavaliddigitalcertificatefromAdobe.
TheattacktookplaceinJuly.
U.
S.
insurerNationwidesufferedadatabreachthatrevealedthepersonalinformationofoveronemillioncustomersandemployees.
Thisinformationincludedtheirfullnames,homeaddresses,socialsecuritynumbersandotherpersonalinformation.
Inadditiontoprivatecompanies,publicinstitutionshavealsosufferedtargetedattacksanddatabreaches.
InNovember,theUNnuclearwatchdogInternationalAtomicEnergyAgencywasattackedbyagroupcalled"Parastoo",whichlaterpublishedthestolendataonPastebin.
AlsoinNovember,theJapanAerospaceExplorationAgencysaidithadfoundevidencethatoneofitscomputershadbeeninfectedbyavirusthatcollectedinformationandtransmitteditexternally.
Thecomputerinquestioncontainedspecificationsandinformationontheagency'ssolid-fuelrocketprogram.
Nevertheless,apartfromalltheseattacks,therehasalsobeengoodnewsinthefightagainstcyber-crime:Interpolhasannouncedtheyareplanningtoopena"GlobalCybercrimeCenter"inSingaporein2014toimproveglobalcooperationamonglawenforcement.
UKcyber-crookEdwardPearsonwasjailedfor26monthsafterstealingthepersonalinformation2012ataglanceFIG.
30.
PicturedpostedbyHiginioO.
OchoaIIIthatledtohisarrest.
InApril,theFBIannouncedthearrestofJohnAnthonyBorellIII,anotherallegedmemberofAnonymous,inOhio.
Onthisoccasion,theFBIfoundTwitterdirectmessagesandtweetsinwhichBorelladmittedtotakingdownanumberofwebsites.
JunaidHussainofBirmingham,UnitedKingdom,theleaderoftheTeaMp0isoNcollective,pleadedguiltytohackingintotheGmailaccountofformerUKPrimeMinisterTonyBlair.
Afewweekslaterhewassentencedtosixmonthsinprison.
FIG.
31.
TonyBlair'semailaccounthackedbygroupTeaMpOisoN.
HackerJoshuaSchichtel,ofPhoenix,UnitedStates,receiveda30-monthsprisonsentenceforhijacking72,000computers.
Moreprecisely,hewaspaidtoinstallorhaveinstalledmalwareonthosecomputers.
Inonecase,acustomerpaidhim$1,500toinstallaTrojanoneverycomputeronhisbotnet.
ChristopherChaney,whomadeheadlinesbyhackingintothepersonalonlineaccountsofsuchstarsasScarlettJohanssonorMilaKunis,wassentencedto10yearsinjailforillegallyaccessingtheemailaccountsofmorethan50peopleintheentertainmentindustry.
Allofthesestoriesprovideclearexamplesofthewaythefightagainstcyber-crimeischanging.
Forexample,Japan'sNationalPoliceAgency(Japan'sequivalenttotheAmericanFBI)offereditsfirst-evermonetaryreward(US$36,000)forawantedhacker.
Upuntilnow,thistypeofrewardwasreservedforcasesinvolvingcrimelikemurderandarson,neverforcyber-criminals.
ofabout8millionpeople.
AlsointheUK,LewysMartin,aBritwhodistributedaTrojanhorsethatposedasapatchforthepopularCallofDutygame,wasjailedfor18monthsforstealinguserdataandsellingitontheblackmarket.
RyanCleary-a19-year-oldfromEssex,UnitedKingdom,whowasarrestedlastyearforparticipatinginvariousLulzSecattacks-,wassentbacktojailforbreachinghisbailconditions.
Cleary,whoisn'tallowedtoaccesstheInternet,useditlastChristmastocontactHectorXavierMonsegur(a.
k.
a"Sabu"),theLulzSechackerwhotheFBIusedasasecretinformantformonthslastyear.
HiginioO.
OchoaIII,fromGalveston,Texas,wasarrestedbytheFBIforallegedlyhackingintothewebsitesofseveralU.
S.
lawenforcementagenciesandreleasingthepersonalinformation(names,addressesandphonenumbers)ofdozensofpoliceofficers.
Inthiscase,Ochoa'sarrestwaslargelyduetohisownmistake,ashetwittedaphotoofhisgirlfriend'sbreastswithasignattachedtoherbellythatmentionedthehacker'sonlinename("w0rmer").
ThepicturewastakenwithaniPhone4,whichcontainsaGPSdevicethatinsertsGPSco-ordinatesinallpicturestaken.
Asaresult,thepoliceonlyhadtousetheGPSco-ordinatesembeddedinthephotototracetheexactstreetandhousewherethepicturewastaken.
Thisservedtoidentifythewoman,whohappenedtobeOchoa'sAustraliangirlfriend.
2012ataglanceCyber-warTheyear2012hasseensomeremarkableeventsinthecyber-wararena.
OnJanuary2,thousandsofcreditcardnumbersbelongingtoIsraelicitizenswerestolen.
ASaudihacker,callinghimself0x0mar,tookcreditforthehackattack,althoughfurtherinvestigationrevealedthehacker'srealidentity:19-year-oldcomputersciencestudentOmarHabib,bornintheUnitedArabEmirates,butcurrentlylivinginMexico.
Lateron,0x0mardeniedtheallegations32.
Screenshotfrom0x0mar'sonlineclaimofanIsraelihackattack.
Soonafter,awarbegantobrewbetweenthehackersofIsraelandSaudiArabia:ArabhackersparalyzedthewebsitesoftheTelAvivStockExchange,ElAlAirlinesandseveralIsraelibanks,whereasIsraelihackersbroughtdownthewebsitesofboththeSaudiStockExchange(Tadawul)andtheAbuDhabiSecuritiesExchange(ADX)inretaliation,claimingtoactonbehalfoftheIsraeliDefenseForcesandvowingtostrikeArabcountries'websitesrelatedtotheireconomiesunlessattacksonIsraelisiteswerehalted.
Tomakemattersworse,Tariqal-Suwaidan,oneofKuwait'smostfamousTVpreachers,calledforacyber-waragainstIsrael.
HeusedhisTwitteraccounttocallonallMuslimhackerstouniteagainstIsraelina"cyber-jihadagainstZionistenemy,whichwillberewardedbyGod".
AlsointheMiddleEast,thousandsofemailsreceivedandsentbySyrianpresidentBasharal-AssadwerestolenbySaudihackers.
IntheFarEast,itwasreportedthatJapan'sDefenseMinistryhadcommissionedFujitsutodevelopacyber-weaponviruscapableoftracinganddisablingcomputersbeingusedincyber-attacksagainstthecountry.
Theinformationisabitconfusing,anditlookslikeabadideaanywayas,evenifcreatedwiththebestofintentions,theremaybeadverseeffectsthatturntheweaponagainstitscreatorsortheentireworld.
Inanyevent,usersofPandaSecurity'ssolutionscansettheirmindatease,aswewilldetecteveryviruscreated,eitherbypublicorprivatewriters.
Let'slooknowattwoofthecountriesthatusuallytakethespotlightinthissection:ChinaandtheUnitedStates.
InJanuary,itwasrevealedthatChinesehackershaddeployedaTrojantargetingsmartcardreadersusedbytheU.
S.
DepartmentofHomelandSecurity.
Thesecardsareastandardmeansofgrantingusersaccesstointranets,networksandphysicallocations.
Hadthehackersactuallymanagedtocrackthesmartcards,theycouldeasilyaccesslotsofconfidentialinformation.
AlsoinChina,welearnedthatagroupofhackersmanagedtopenetratethecorporatenetworkofNortel,usingpasswordsstolenfromseventopNortelexecutives,includingtheCEO.
Apparently,theyhadbeenspyingonthecompanyfromasfarbackas2000.
Inmostcyber-warorcyber-espionageoperationsallyoucandoisspeculateaboutwhoisbehindtheattack.
Itisextremelyunlikelythatacountryopenlyadmitstobeingresponsibleforcarryingoutthistypeofaction.
However,thingsmightbecwebsitesbeingusedbyAlQaeda'saffiliateinYemen.
Morespecifically,theU.
S.
cyberexpertshackedintoJihadistWebpagesandsubstitutedmaterialthatbraggedaboutkillingAmericanswithinformationaboutMuslimcivilianskilledinterroriststrikes.
Meanwhile,inSouthKorea,intelligencesourcesaccusedNorthKoreaofrunningaspecialunitofelitehackerstostealmilitarysecretsandsabotageinformationsystemsofSeoul.
2012ataglanceFlameTheFlamecomputervirushasbeenthehighlightoftheyearwithoutanydoubts.
FlameisacomplexpieceofmalwareusedforinformationgatheringandespionageinMiddleEastcountries.
Thismaliciouscodeismostlikelycreatedbyagovernmentorintelligenceagency,andisclearlytiedtotheinfamousStuxnetmalware(aTrojanreportedlydesignedandlaunchedbytheU.
S.
andIsraeligovernmentsinanattempttosabotageIran'snuclearprogram).
TargetedattacksaregenerallycarriedoutusingTrojans,butinthiscasewearetalkingaboutaworm,whichintroducesanewfactor:Wormscanreplicatethemselvesautomatically,sovirusauthorscouldeventuallylosecontrolofwhoorwhosecomputerstheircreationsareinfecting.
Thatisreallynotadvisableifyouhaveaspecifictargettoattackandwanttostayundertheradarinordertoavoiddetection.
HowdidFlameresolvethisWell,thewormhasaverycuriousandsomewhatinnovativefeature:itsabilitytoturnitsspreadingfunctionalityonandoff,somethingextremelyhandywhenyouwanttogounnoticed.
OneofthemoststrikingfeaturesofFlameisthatitcanstealallkindsofdatainmultipleways,evenbyturningonvictims'microphonestorecordconversations.
Aspreviouslymentioned,thiswasundoubtedlyatargetedattackaimedatspecificindividualsandorganizationsintheMiddleEast.
Anditseemsthatthecyber-espionagewormmighthavebeenactiveformanyyearswithoutbeingdetectedbysecuritycompanies,whichhasproducedanumberofconspiracytheoriesclaimingthatgovernmentspressedantivirusvendorstonotdetecttheworm.
Obviously,thisiscompletelyfalse,andassoonasthewormhasbeendiscovered,ithasbeendetectedbyallofthem.
But,whydidittakesolongtodetectFlameWell,noantivirussolutionhasa100-percentsuccessrateatcatchingnew,unknownthreats.
Thisisquitesimpletounderstand:professionalcybercriminalsmakesuretheirmaliciouscreationswillgoundetectedbeforespreadingthem.
Theytestthemagainstallpopularantivirusenginestomakesuretheycannotbedetectedbysignaturefilesoranyotherprotectionsystems(behavioralandheuristicscanning,etc.
).
Ifyouhavethenecessaryresourcesatyourdisposal,youcansetupaQualityAssuranceprocessthateliminatesthepossibilityofthemalwarebeingfound,atleastatthestart.
Thethreatwillbeeventuallydetectedbyantivirussolutions,butmakingitgounnoticedforaslongaspossibleisthekeytosuccess.
Forexample,byinfectingasmallnumberoftargetedcomputersinsteadoftriggeringamassiveinfection.
FIG.
33.
SAUDIARAMCO.
FIG.
34.
RASGAS.
Throughouttheyearwehaveseenanumberofcyber-espionageattacksaimedatjournalistsindifferentpartsoftheworld.
Forexample,inMorocco,agroupofindependentjournalistswhoreceivedanawardfromGooglefortheireffortsduringtheArabSpringrevolution,wasinfectedwithaMacTrojan.
InChina,agroupofforeigncorrespondentswastargetedbytwomalwareattacksviaemailafewweeksbeforetheCongressoftheChineseCommunistParty.
ThisyearwehavealsoseenacoupleofmalwareinfectionsincompaniesoperatingintheenergysectorintheMiddleEast.
Itisstillnotknowniftheseincidentsarerelatedorareduetosometypeofcyber-attack,butalltheevidenceseemstoindicateso.
TheSaudiArabianOilCompany(SaudiAramco)washitbyamalwareinfectionthatledthecompanytosevereitsconnectionstotheInternetasapreventivemeasure.
Inadditiontothis,avirusinfectedQatarinaturalgascompanyRasGas.
However,neitherRasGasnorSaudiAramcosawtheirproductionhaltedduetotheseincidents.
2012infiguresFIG.
35.
NEWMALWARECREATEDIN2012,BYTYPE.
03|2012infiguresApproximately,27millionnewstrainsofmalwarewerecreatedin2012,74,000everyday.
Asaresult,PandaLabshasnowatotalof125millionclassifiedmalwaresamples.
Andthenumberkeepsgrowing,aidedbycyber-crookseagertobypassantivirusprotectionstoincreasetheirprofits.
Trojanscontinuedtoaccountformostofthenewthreats,asthreeoutofeveryfournewmalwarestrainscreatedwereTrojans.
Herearethedetails:Overthelastfewyears,thenumberofTrojansincirculationhasbeenconstantlyincreasing.
In2010theyaccountedformorethanhalfofallmalwarecreated(56percent),in2011theyrosespectacularlyto73.
31percent,whereasin2012theyreached76.
57percent.
Wormscamesecond(11.
33percentcomparedto8.
13percentin2011),whereasvirusesdroppedtothirdplaceat9.
67percentcomparedto14.
24percentin2011.
FIG.
36.
MALWAREINFECTIONSBYTYPEIN2012.
FIG.
37.
MOSTMALWARE-INFECTEDCOUNTRIESIN2012.
2012infiguresWhenitcomestothenumberofinfectionscausedbyeachmalwarecategory,asrecordedbyourCollectiveIntelligencetechnologies,Trojansonceagaindominatedtherankingat76.
56percent,almostthesamepercentageasthatofTrojansincirculation.
Itseemsthatcyber-criminalshavemanagedtoinfectmorecomputerswithTrojansthisyearthaninpreviousyears.
In2011,thepercentageofTrojan-infectedcomputerswas66.
18percents,sotherehasbeena10pointriseinthisrespect.
OneofthereasonsforthisgrowthistheincreaseduseofexploitkitssuchasBlackHole,whicharecapableofexploitingmultiplesystemvulnerabilitiestoinfectcomputersautomaticallywithoutuserintervention.
Herearevisualsdepictingthesetrends:However,noteverythingwasgoodnewsforcyber-criminals.
Theproportionofinfectedcomputersworldwidedecreasedsignificantlyfrom38.
49percentin2011to31.
98percentin2012.
Let'snowlookatthegeographicdistributionofinfections.
WhichcountriesweremostinfectedWhichcountrieswerebestprotectedChinawasonceagaintopofthelistofcountrieswithmostinfectionswithmorethan50percentofinfectedPCs(54.
89percent),followedbySouthKorea(54.
15percent),andTaiwanatadistantthird(42.
14percent).
Hereisagraphrepresentingthecountrieswithmostmalware-infectedcomputers:2012infiguresThelistoftoptenmostinfectedcountriesismadeupofnationsfromalmosteverypartoftheworld:Asia,Europe,CentralAmericaandSouthAmerica.
Othercountrieswhosenumberofmalwareinfectionswasabovetheglobalaverageare:Lithuania(35.
46percent),Thailand(35.
37percent),Peru(35.
05percent),Argentina(34.
79percent),Spain(34.
06percent),Nicaragua(34.
03percent),Guatemala(33.
89percent),Ecuador(33.
68percent),ElSalvador(32.
86percent),Brazil(32.
09percent)andChile(31.
98percent).
NineofthetenleastinfectedcountriesareinEuropewiththeonlyexceptionbeingCanada.
ThecountrywiththefewestinfectionsisSweden(20.
25percentofinfectedPCs),followedbySwitzerland(20.
35percent),andNorway(21.
03percent).
Here'sagraphrepresentingthecountrieswiththefewestinfectionsin2012:FIG.
38.
LEASTMALWARE-INFECTEDCOUNTRIES.
Othercountrieswhosenumberofmalwareinfectionswasbelowtheglobalaverageare:CzechRepublic(31.
84percent),Romania(31.
54percent),Colombia(31.
49percent),Estonia(31.
33percent),UnitedStates(30.
52percent),Slovenia(30.
37percent),Italy(30.
25percent),Venezuela(29.
81percent),Mexico(29.
81percent),CostaRica(29.
73percent),Panama(29.
61percent),France(29.
19percent),Paraguay(28.
57percent),SouthAfrica(27.
94percent),Denmark(27.
65percent),Hungary(27.
37percent),Uruguay(27.
23percent),Austria(27.
03percent),Belgium(27.
02percent),Portugal(26.
78percent),Australia(26.
60percent),Latvia(26.
06percent),Japan(26.
00percent)andNewZealand(25.
76percent).
2013SecurityTrends04|2013SecurityTrendsWehaveseenwhathashappenedin2012:attacksinsocialnetworksandcyber-wareverywhere.
Whatdowehavetoexpectforthenext12monthsVulnerabilitiesSoftwarevulnerabilitieswillbethemaintargetofcyber-criminalsnextyear.
Itisundoubtedlythepreferredmethodofinfectionforcompromisingsystemstransparently,usedbybothcyber-criminalsandintelligenceagenciesincountriesaroundtheworld.
In2012,wesawhowJava,whichisinstalledonhundredsofmillionsofdevices,wasrepeatedlycompromisedandusedtoactivelyinfectmillionsofusers.
InsecondplaceisAdobe,asgiventhepopularityofitsapplications(AcrobatReader,Flash,etc.
)anditsmultiplesecurityflaws,itisoneofthefavoritetoolsformassivelyinfectingusersaswellasfortargetedattacks.
Althoughwemaythinkthathomeusersareexposedtothehighestrisk,rememberthatupdatingapplications,whichisessentialforprotectingagainstthesetypesofattacks,isaverycomplexprocessincompanies,whereupdatingallcomputersmustbecoordinated.
Atthesametime,itisessentialtoensurethatalltheapplicationsusedinacompanyworkcorrectly.
Thismakestheupdateprocessesslow,whichopensawindowthatisexploitedtostealinformationingeneralandlaunchtargetedattacksinsearchofconfidentialdata.
2013SecurityTrendsSocialnetworksThesecondmostwidelyusedtechniqueissocialengineering.
Trickingusersintocollaboratingtoinfecttheircomputersandstealtheirdataisaneasytask,astherearenosecurityapplicationstoprotectusersfromthemselves.
Inthiscontext,useofsocialnetworks(Facebook,Twitter,etc.
),placeswherehundredsofmillionsofusersexchangeinformation,onmanyoccasionspersonaldata,makesthemthepreferredhuntinggroundfortrickingusers.
ParticularattentionshouldbepaidtoSkype,whichafterreplacingMessenger,couldbecomeatargetforcyber-criminals.
MalwareformobiledevicesAndroidhasbecomethedominantmobileoperatingsystem.
InSeptember2012,Googleannouncedthatithadreachedtheincrediblefigureof700millionAndroidactivations.
Althoughitismainlyusedonsmartphonesandtablets,itsflexibilityandthefactthatyoudonothavetobuyalicensetouseitaregoingtoresultinnewdevicesoptingtouseGoogle'soperatingsystem.
Itsuseisgoingtobecomeincreasinglywidespread,fromtelevisionstoalltypesofhomeappliances,whichopensupaworldofpossibleattacksasyetunknown.
Cyber-warfare/Cyber-espionageThroughout2012,differenttypesofattackshavebeenlaunchedagainstnations.
TheMiddleEastisworthmentioning,wheretheconflictisalsopresentincyber-space.
Infact,manyoftheseattacksarenotevencarriedoutbynationalgovernmentsbutbycitizens,whofeelthattheyshoulddefendtheirnationbyattackingtheirneighborsusinganymeansavailable.
Furthermore,thegovernmentsoftheworld'sleadingnationsarecreatingcybercommandostopreparebothdefenseandattackandtherefore,thecyber-armsracewillescalate.
GrowthofmalwareFortwodecades,theamountofmalwarehasbeengrowingdramatically.
Thefiguresarestratospheric,withtensofthousandsofnewmalwarestrainsappearingeverydayandtherefore,thissustainedgrowthseemsveryfarfromcomingtoanend.
Despitesecurityforcesbeingbetterpreparedtocombatthistypeofcrime,theyarestillhandicappedbytheabsenceofbordersontheinternet.
Apoliceforcecanonlyactwithinitsjurisdiction,whereasacyber-crookcanlaunchanattackfromcountryA,stealdatafromcitizensofcountryB,sendthestolendatatoaserversituatedincountryCandcouldbelivingincountryD.
Thiscanbedoneinjustafewclicks,whereascoordinatedactionofsecurityforcesacrossvariouscountriescouldtakemonths.
Forthisreason,cyber-criminalsarestilllivingtheirowngoldenera.
MalwareforMacCaseslikeFlashback,whichoccurredin2012,havedemonstratedthatnotonlyisMacsusceptibletomalwareattacksbutthattherearealsomassiveinfectionsaffectinghundredsofthousandsofusers.
AlthoughthenumberofmalwarestrainsforMacisstillrelativelylowcomparedtomalwareforPCs,weexpectittocontinuerising.
Agrowingnumberofusersaddedtosecurityflawsandlackofuserawareness(duetoover-confidence),meanthattheattractionofthisplatformforcyber-crookswillcontinuetoincreasenextyear.
Windows8Lastbutnotleast,Windows8.
Microsoft'slatestoperatingsystem,alongwithallofitspredecessors,willalsosufferattacks.
Cyber-criminalsarenotgoingtofocusonthisoperatingsystemonlybuttheywillalsomakesurethattheircreationsworkequallywellonWindowsXPtoWindows8,throughWindows7.
OneoftheattractionsofMicrosoft'snewoperatingsystemisthatitrunsonPCs,aswellasontabletsandsmartphones.
Forthisreason,iffunctionalmalwarestrainsthatallowinformationtobestolenregardlessofthetypeofdeviceusedaredeveloped,wecouldseeaspecificdevelopmentofmalwareforWindows8thatcouldtakeattackstoanewlevel.
05|ConclusionConclusionTheyear2013presentsitselffullofchallengesinthecomputersecurityworld.
Androiduserswillhavetofaceagrowingnumberofattacksfromcyber-crookswantingtostealprivateinformation.
Cyber-espionageandcyber-warwillalsobeontherise,asmoreandmorecountriesareorganizingtheirowncyber-commandounits.
Thereisgrowingconcernfortheinformationthatcouldbecompromisedandthepossibilityofusingmalwaretolaunchdirectattacksoncriticalinfrastructure.
Companieswillhavetotightenupsecuritymeasurestoavoidfallingvictimtotheincreasingnumberofcyber-attacks,whilespecialcarewillhavetobetakentoprotectnetworksagainstoperatingsystemandapplicationvulnerabilities,withJavaposingthebiggestthreatduetoitsmultiplesecurityflaws.
VisitthePandaLabsblog(http://www.
pandalabs.
com)tostayuptodatewithallthedevelopmentsanddiscoveriesmadeatthelaboratory.
06|AboutPandaLabsAboutPandaLabsPandaLabsisPandaSecurity'santi-malwarelaboratory,andrepresentsthecompany'snervecenterformalwaretreatment:PandaLabscreatescontinuallyandinreal-timethecounter-measuresnecessarytoprotectPandaSecurityclientsfromallkindofmaliciouscodeonagloballevel.
PandaLabsisinthiswayresponsibleforcarryingoutdetailedscansofallkindsofmalware,withtheaimofimprovingtheprotectionofferedtoPandaSecurityclients,aswellaskeepingthegeneralpublicinformed.
Likewise,PandaLabsmaintainsaconstantstateofvigilance,closelyobservingthevarioustrendsanddevelopmentstakingplaceinthefieldofmalwareandsecurity.
Itsaimistowarnandprovidealertsonimminentdangersandthreats,aswellastoforecastfutureevents.
Forfurtherinformationaboutthelastthreatsdiscovered,consultthePandaLabsblogat:http://pandalabs.
pandasecurity.
com/facebookhttps://www.
facebook.
com/PandaUSAtwitterhttps://twitter.
com/PandaSecuritygoogle+http://www.
gplus.
to/pandasecurityyoutubehttp://www.
youtube.
com/pandasecurity1Thisreportinwholeorinpartmaynotbeduplicated,reproduced,storedinaretrievalsystemorretransmittedwithoutpriorwrittenpermissionofPandaSecurity.
PandaSecurity2013.
AllRightsReserved.
Malwarecreationshowednosignofslowingdown,asshownbythefactthatin2012wedetectedarecord-high27millionnewmalwarestrainsatthelaboratory,atanaverageof74,000newsamplesperday.
Inaddition,cyber-attacksagainstmultinationalcorporationscontinuedtoincrease,withvictimsrangingfromcompaniesinthevideogameindustry(Blizzard)toautogiants(Nissan).
Wealsoanalyzethemostimportanteventsinthemobilephoneindustry.
AsAndroid'smarketsharecontinuestogrow,themotivationforcyber-crookstotargettheplatformalsoincreases.
Thereportalsocovershowsocialmedia(Facebookespecially)wasusedbycyber-criminalstospreadmalwarebymakinguseofsocialengineeringtechniques.
Furthermore,wetakealookatthelargestMacinfectiontodateanditsconsequences.
2012hasseensomeremarkableeventsinthecyber-war/cyber-espionagearena,withFlamegrabbingheadlines.
WeanalyzethisandotherattacksthattookplaceintheMiddleEast.
Summingup,thisreportrecapsthemajorcomputersecurityeventsthatoccurredin2012,andforecastsfuturetrendsfor2013.
Sitbackandenjoy!
2012ataglance02|2012ataglanceAsAndroidmarketsharecontinuestogrow,sodoestheamountofmalwaretargetingtheplatform.
InJanuary,GooglehadtoremoveseveralmaliciousappsfromitsAndroidMarket(renamedto'PlayStore').
Basically,cyber-crooksrepackagedpopulargameslikeAngryBirdsorCutTheRopewithmaliciouscodeanduploadedthemtoPlayStore.
UsersthendownloadedandinstalledtheappsunawarethattheywerealsoinstallingaTrojanthatsentSMSmessagestoapremiumratenumber.
MobilePhoneMalwareInfact,welearnedthatGoogle,tiredofthemaliciousappsfoundonPlayStore,hasstartedanalyzingappsbeforeputtingthemintheircataloginordertodetectanomalousbehavior.
Accordingtotheirownsources,theyhavemanagedtoreducemaliciousappdownloadsby40percent.
Unfortunately,despitetheseefforts,criminalscontinuedtotargettheAndroidmobileplatformthroughappsnotalwaysaccessiblethroughPlayStore.
ThiswasthecaseofBmaster,aremoteaccessTrojan(RAT)ontheAndroidplatformthattriedtopassitselfoffasalegitimateapplication.
WealsosawTrojansexclusivelydesignedtostealdatafrominfecteddevices:fromcallandtextmessagerecordstousers'contactlists.
Androidispotentiallyexposedtofarmoresecurityrisksthanitsbiggestcompetitor(iPhoneanditsiOS),asitallowsuserstogettheirappsfromanywheretheirwant.
However,usingtheofficialAndroidmarketplaceisnosecurityguaranteeeither,asithasalsobeentargetedbycyber-crooksluringusersintoinstallingTrojansdisguisedaslegitimateapps.
Somethingwhich,bytheway,hasalsohappenedtoApple'sAppStore,buttoalesserextentthantoGoogle'sPlayStore.
2012ataglanceOperaMiniisaWebbrowserdesignedprimarilyformobilephones.
Overthelastfewmonths,OperaMinihasgainedinpopularityasamobilebrowseralternativeonAndroidsmartphones,becomingatargetforcyber-criminalstotrickusers.
Inthelatestattack,criminalsofferedthebrowsertousersfromastoreotherthanGoogle'sPlaystore.
However,installingtheapplicationinstalledtheactualOperabrowser,andalsoaTrojanthatsentSMSmessagestopremium-ratenumbers.
UnlikeothercasesinwhichTrojansattemptedtopassthemselvesoffaspopularmobileapps,inthiscasethemalwarecamebundledwithalegitimateversionoftheOperaMinimobilebrowsertohelptrickusersintothinkingthatnothingwaswrongastheycouldsimplyusetherealsoftwareasexpected.
FIG.
01.
CHINAMOBILE.
Wesawanother'unusual'attackinChina,asaTrojanwasreleasedthatpurchasedapplicationsfromtheinfecteddevice.
TheTrojanaffectedChinesesubscriberstoChinaMobile,oneoftheworld'slargestmobilephonecarrierswithmorethan600millionsubscribers.
Onceinfected,themobilestartedbuyingapplicationsfromChinaMobile'smarketplaceonbehalfoftheuser.
ThisTrojanwasdeliveredonnineunofficialappstores.
Atthispoint,manyusersbelievethatitissafertobuyandinstallappsfromofficialstores.
Thisistruetosomeextent,buttherehavealsobeeninstancesofmalwarecreepingontoofficialstores.
Thisquarter,forexample,anewmalwarestrainwasdiscoveredhidingoutinthePlayStore,posingastwogames:SuperMarioBrosandGTA3MoscowCity.
Themalwaremanagedtoremainundetectedforweeksuntilitwasfinallyremoved.
FIG.
02.
500millionAndroiddevicesnowactivated.
WhyisAndroidthemosttargetedmobileplatformWell,thisisduetoanumberofreasons:Firstly,Androidallowsitsuserstogettheirappsfromanywheretheywant.
Theydon'tnecessarilyhavetogototheofficialstore,normustapplicationsbedigitallysignedaswithiOS.
Secondly,cyber-crookswouldhaveneversettheireyesonthisplatformifitweren'tforthelargenumberofusersithas.
InJune,Googleannouncedthat400millionAndroiddeviceshadbeenactivated,afigurethatreached500millionatthebeginningofSeptember,with1.
3millionactivationsperday.
PoliceVirusScamOneofthisyear'stopthreatshasundoubtedlybeenanewmalwareepidemicthatinfectedhundredsofthousandsofcomputersaroundtheworldusingfearandblackmailingtechniquestoextortmoneyfromcomputerusers.
WhileweareusedtoseeingthiskindoffakemessageinEnglish,inthiscasetheattackswerelocalized.
WesawEnglish,German,Spanish,DutchandItalianmessages(amongothers)dependingonthetargetedcountry.
AlloftheattackstargetedsomeEuropeannation,soitlooksliketheywererelatedandthesamecyber-criminalgangcouldbebehindthem.
FIG.
3.
Iconusedbyoneofthe"PoliceVirus"variants.
Let'stakeacloserlookatoneoftheattacks.
Thefile'siconwasthepopularlogousedbyLulzSecintheircommunications:2012ataglanceOncetheircomputerwasinfected,theuserwasconfrontedwiththefollowingfull-screenwindowcoveringtheentiredesktop:FIG.
04.
FakewarningmessagedisplayedbytheTrojan.
Themessageinformedtheuserthattheyhadaccessedillegalmaterial(suchaschildpornography)orsentspammessageswithterroristmotives,andtheircomputerhadbeenlockedtopreventfurtherabuse.
Tounlocktheircomputer,theyhadtopaya100'fine'.
TheworstthingfortheuserwasthattheTrojanactuallyblockedthecomputer,soitwasnoteasytoremoveit.
Todoit,theuserhadtorestartthecomputerinsafemodeandrunascanwithanantivirussolutionsthatwasabletodetectit.
Howcomethemessagewasdisplayedinthevictim'sownlanguageandhowdidtheTrojanpurporttocomefromlocalauthoritiesWell,that'seasytoexplain:Afterinfectingthecomputer,themalwareconnectedtoacertainURLand,basedonthevictim'sIPaddress,retrievedthelocalizedversionofthemessagethatappearedonthecomputer.
MostmessagespretendedtocomefromEuropeanauthorities(althoughwealsosawexamplestargetingusersinothercountries,likeCanadaforexample).
BelowaresomeexamplesofsimilarattackslaunchedinQ12012:FIG.
05.
FakewarningmessagedisplayedbytheTrojaninGerman.
2012ataglanceFIG.
06.
FakewarningmessagedisplayedbytheTrojaninDutch.
FIG.
07.
FakewarningmessagedisplayedbytheTrojaninItalian.
2012ataglanceFIG.
08.
FakewarningmessagedisplayedbytheTrojaninEnglish.
FIG.
09.
FakewarningmessagedisplayedbytheTrojaninSpanish.
However,theattackbecamemorecomplexovertime.
Themalwarewentontouseransomwaretechniques,'takingover'infectedcomputersbyencryptingsomeoftheircontentandforcinguserstopayafineorloseaccess.
Basically,attackerstookthisfunctionalityfromthePGPCoderTrojan,amaliciouscodedesignedtoencryptfilesandkeepthemlockedunlessthevictimagreedtopayaransom.
ThefirstversionsofthenewPoliceVirusonlyencrypted.
docfiles,andtheencryptionwasn'ttoohardtocrack,soitwaspossibletodecryptthefileswithoutthekey.
Now,however,amoresophisticatedencryptionisbeingused,andthedecryptionkeyisrequiredtounlockthefiles.
Andnotonlythat,thefilesareencryptedwithadifferentkeyforeachinfectedcomputer,so,unlessyouareabletoaccesstheserverthatstoresallkeys,itisabsolutelyimpossibletoaccessthefiles.
Additionally,therangeoffilesbeingencryptedisalsomostsophisticated.
Somevariantsuseablacklistofextensionstoencrypt;othersuseawhitelistofcriticalsystemfilesnottoencrypt.
2012ataglanceFIG.
10.
WarningusedbythePoliceVirusuntilnow.
Andreplaceditwithoneincludingimagestakenbytheirwebcam:FIG.
11.
NewwarningusedbythePoliceVirus,showingtheimagescapturedbythecomputer'swebcam.
Asyoucansee,thepageincludesasmallwindowshowingtheimagestakenbythewebcaminrealtime,togetherwiththetext:"Liverecording".
However,noimagesareactuallybeingrecordedorsenttolawenforcement.
Thewarningjustdisplaystheimagescurrentlycapturedbythewebcam.
Users,however,don'tknowthis,andmostofthemwillstarttopanicandbewillingtopaythe'fine'tostoplawenforcementfromspyingonthem,astheyaremadetobelieve.
Aspreviouslysaid,thisnewvariantdoesn'tuseencryption,probablybecausecyber-criminalsthinkthatthewebcamtrickisenoughtoscarepotentialvictims.
Thequestionis,howmuchfurthercanthismalwaregoIntheend,thepurposeofscarewareissimplytofrightentheuserintopayingthemoney(or,asattackerscallit,"thefine").
AnewvariantofthePoliceVirustakesovertheuser'swebcam.
WhatforWell,themalwarehaschangedthescreenitdisplayedsofartowarntheuserthat'illegalactivity'hadbeentracedtotheircomputer…2012ataglanceSocialNetworksFacebookcontinuesitsreignasthenumberonesocialnetworkingsitebutitalsoisafavoritetargetofcyber-crooks.
InJanuary,awormwasdiscoveredthathadstolenover45,000Facebooklogincredentials.
Researchersfearthatthecriminalsusedthese'infected'accountstosendlinkstopeople'sFacebookfriends,spreadingthecomputerwormfurther.
Meanwhile,whatdoesFacebookdotoprotectusersWell,thegoodnewsisthatatleasttheytakethefightagainstcyber-crimeseriously.
FIG.
12.
FacebookrevealedthenamesofthesuspectsbehindtheKoobfaceattack.
InJanuary,FacebookfinallyrevealedthefullnamesandonlinenamesoftheperpetratorsbehindtheKoobfacebotnetthathasaffectedthesocialsiteforafewyears.
Theidentitiesofthoseresponsiblefortheattacksare:StanislavAvdeyko(leDed),AlexanderKoltysehv(Floppy),AntonKorotchenko(KrotReal),RomanP.
Koturbach(PoMuc)andSvyatoslavE.
Polichuck(PsViatandPsycoMan).
Unfortunately,themenlivecomfortablelivesinSt.
Petersburg(Russia),andhavebecomerichfromtheirvariousonlineschemes.
Allfivehaveyettobechargedwithacrime,norhasanylawenforcementagencyconfirmedtheyareunderinvestigation.
FIG.
13.
Maliciousmessage.
FIG.
14.
Maliciouswebsite.
DespitethemyriadmalwareandspamscamspreyingonFacebook,curiositystillgetsusersintotrouble.
ThisyearwesawanewscaminvolvingasupposedtapeofKatyPerryandRussellBrandpostedtothewallsofhundredsofusers.
Themaliciouspostlookedasfollows:2012ataglanceHowever,allthe'Likes',comments,etc.
displayedonthepagewerefalseasthe'page'itselfdidn'texist,itwassimplyanimage.
Ifyouclickedon"InstallPlugin"andyouwereusingFirefoxorChrome,theworminstalledabrowserplug-inandusedittopostthescamtothevictims'friends'pages.
OnInternetExplorer,astherewasnoplug-inthatcouldcarryoutthistask,thewormdisplayedanageverificationpagetoaccessanapplicationcalled'X-RayScanner'.
ThispageinformsyouthatyourTwittersessionhastimedoutandasksthatyouloginagain.
Tomakethephishingscamlookasrealaspossible,allthelinksdisplayedonthepageareactuallyTwitterlinksexceptforthe"Signin"and"Signup"buttons,whichwilltransmittheuserdatatotheattackers.
OncetheyhaveyourTwitterloginandpassword,theywillbeginsendingthesamemisleadingTwitterDMtoallofyourfollowers.
Thisway,theywillstealtheirTwitterloginaswell,andusetheiraccountstospreadmalware,sendspamorturnthosecredentialsintomoneybysellingthemtoothercyber-crooks.
SocialnetworkingsiteLinkedInhad6.
5millionuserpasswordsstolenandleakedonline.
Fortunatelyenough,however,thesepasswordswerenotstoredinplaintextfiles,butwereencrypted.
Thebadnewsisthattherewasnootheradditionalprotection,soincaseyouhaven'talreadydoneso,weadvisethatyouchangeyourLinkedInpasswordrightnow.
Andifyouusethatpasswordforanyotherserviceaswell,changeittoo,andalwaysusedifferentpasswordsfordifferentprogramsandservices.
FIG.
15.
Message.
Asyoucansee,thepagelookedlikeaFacebookpagetotrickusersintobelievingtheywerestillonthesocialnetworkingsite.
Ifthevictimclickedanyofthelinkstheyweretakentoapagewheretheywereaskedtoentertheircellphonenumber.
However,afterdoingso,theystartedreceivingunwantedpremiumratetextmessages.
Oneoftheprimaryobjectivescyber-crookshavewhenlaunchingattacksonsocialmediasitesistogainaccesstousers'accountssothattheycanimpersonatethemandaccesstheirpersonaldetailsorinformationsharedwithotherusers.
OnTwitter,forexample,accessingauser'saccountwillallowthemtosenddirectmessages(DMs)tothevictims'friends.
Atypicalexamplewouldbeasfollows:YoureceiveaDMfromoneofyourcontactsinformingyouthatsomeonehasjustpostedsomeembarrassingpicturesofyou.
Ifyouclickthelink,you'llbetakentothefollowingpage:FIG.
16.
PhishingpagethatstealsTwittercredentials.
2012ataglanceMacEverytimewediscussMacthreats,wepresentyouwiththecasesthatmostcaughtourattention.
Luckilyenough,theseinfectionsarenotmassive,asdespitethegrowthofMacmalware,thePCremainsthebiggesttargetforcyber-criminals.
Unfortunately,manyMacusersstillbelievetheyareimmunetothreats,eventhoughlittlebylittlepeople,evenatApple,arebeginningtorealizethatthatisnotthecase.
TheApplepagethatexplainsthereasonswhyMacsarebetterthanPCspreviouslyboastedthatMacsystems'don'tgetviruses'(afalsestatement,sincemacroviruses,forexample,affectbothplatforms).
However,itseemsthatAppleisbeginningtoacknowledgethetruth,astheyhavereplacedtheprevioustextwiththisone:FIG.
17.
Apple'swebsitesaiditsoperatingsystemwasvirusfree.
ThischangeisprobablyrelatedtotherecentoutbreakoftheFlashbackTrojan,amalwarespecimenresponsibleforthesinglemostsignificantmalwareinfectiontoeverhittheMaccommunity.
Thismalwareinfectedupto600,000Maccomputersaroundtheworld,creatingthelargestbotnetevertotargetApplecomputers.
OneoftheTrojan'smostuniquefeatureswasthatbeforeinfectingacomputer,itcheckedtoseeifithadsomekindofantivirusinstalled.
Ifthecomputerwasprotected,Flashbackdidn'tinfectit;otherwise,itinfectedtheMacandtriggereditspayload.
Thisattackhasonceagaindemonstratedthat,contrarytopopularbelief,Macsareinfactnotimmunetovirusinfectionandmalware,amythlargelyexploitedbycyber-criminals.
Cyber-crimeInatypicalphishingattack,offendersusuallystealconsumers'identitiestoimpersonatethemandemptytheirbankaccounts.
However,theyearstartedoffwithquiteanunusualcase.
Thefirstmayorcyber-crimeof2012tookplaceinSouthAfrica,ashackersgotawaywithabout$6.
7millionfromSouthAfricanPostbank.
Therobberytookplaceoverthreedays,fromJan1toJan3.
Thehackers,whohadplannedtheattackformonths,usedstolenlogindetailsfromaPostbanktellertotransferthestolenmoneyintomultiplebankaccountsthatwereopenedacrossthecountry.
FIG.
18.
Appleremovesclaimofvirusimmunity.
2012ataglanceMegauploadcaseInJanuary,theFBIshutdownthepopularMegauploadfile-sharingwebsite,chargingthefoundersfor"copyrightinfringement"(youcanreadtheFBIpressreleasehere,withmoreinformationaboutthecase).
Ifconvicted,thoseinvolvedfaceupto50yearsinprisononallcharges.
HackergroupAnonymousreactedswiftlytothenews,launchingDDoSattacksonseveralWebpages,includingthesitesoftheU.
S.
DepartmentofJustice,RIAA(RecordingIndustryAssociationofAmerica)andUniversalMusicGroup.
Goingbacktothepressrelease,theFBIstatedthat:"ThiscaseispartofeffortsbeingundertakenbytheDepartmentofJusticeTaskForceonIntellectualProperty(IPTaskForce)tostopthetheftofintellectualproperty.
"Well,asweallknow,inthe'realworld'cyber-criminalsaresiphoningmillionsofdollarsintotheirpocketseveryyearbyattackinghundredsofthousandsofcomputers.
However,itseemsthatauthoritiesconsidercopyrightinfringementtobefarmoreserious.
Asalways,thisisaquestionofpriorities,anditseemsthatinthiscasethehighestpriorityoflawenforcementagenciesisnotexactlytoprotecttheindividual.
FIG.
19.
ImagedisplayedonaccessingMegaupload'ssiteaftertheFBI'sintervention.
BothAnonymousandLulzSechavebeenverybusyoverthelastyear.
InJanuary,inthewakeofcontroversiallegislationsuchasSOPAandACTA,thehackinggrouppostedthefollowingTwittermessage:"Ifyouhated#SOPA,you'llburstintoflamesabout#ACTAhttp://is.
gd/Bo68r4Negotiatedinsecret.
iPodsearchesatbordercrossings.
"Soonafter,theylaunchedanunprecedentedstringofattacksongovernmentandbusinesssitesaroundtheworld.
InFebruary,theyrecordedandreleasedasensitiveconferencecallbetweentheFBIandScotlandYard.
Amidgrowingspeculationabouthowthehackershadbeenabletoobtaintherecording,AnonymouspublishedanemailpurportedlysentbyanFBIagenttointernationallawenforcementagencies,withaphonenumberandpasswordforaccessingthecall.
2012ataglanceFIG.
20.
FBImessageinterceptedbyAnonymous.
InFebruary,AnonymouspublishedthesourcecodeofPCAnywhereandNorton,stolenin2006.
Thetheftwascommittedbyagroupofcyber-criminalswhoaimedtoblackmailSymantec.
However,onceitbecamecleartheAmericansecurityfirmwasnotgoingtogiveintotheblackmail,theydecidedtopassthedatatoAnonymoustomakeitpublic.
InMarch,severalallegedmembersofLulzSecwerearrestedinthecourseofapoliceoperationlaunchedin2011.
ItwasimmediatelydiscoveredthatSabu,theallegedleaderofLulzSec,hadbeensecretlyarrestedbytheFBIandhadbeenworkingforthegovernmenttoarrestothermembersofthehackercollective.
LuisCorrons,technicaldirectorofPandaLabs,laudedthearrestsonthelaboratory'sblogandAnonymousreactedswiftlybybreakingintotheexternalserverthathostedthebloganddefacingit.
Anonymousmakeabigdealaboutfreedomofspeech,callingthemselves'theVoiceofFreeSpeech'and'aggressiveproponentsfortheFreedomofSpeech'.
However,inreality,theselfappointeddefendersoffreespeechshutdownpeople'swebsiteswhentheydon'tlikewhattheyread.
Uhmm…Itisironic,isn'titItseemsthatAnonymousareonlyinterestedindefendingfreedomofspeechwhenitservestheirowninterests.
Actually,aBritishjournalistaskedthemaboutthisapparentcontradictiononTweeterbuthisquestion,unsurprisingly,wentunanswered.
FIG.
21.
PandaLabsblogpostpraisingthelatestLulzSecarrests.
2012ataglanceFIG.
22.
UnansweredquestiontoAnonymousfromaBritishjournalist.
Onedaylater,theylaunchedanattackonthemainwebsiteoftheVatican,renderingitinaccessible.
AndfivedayslatertheyattackedtheVaticanagain,thistimebreakingintotheVaticanRadiodatabaseandpostingusernamesandpasswords.
Unfortunately,AnonymousandLulzsecarenottheonlyoneswholaunchthesetypesofattacks.
InFebruary,theonlineMicrosoftStoreinIndiawascompromisedbyagroupofChinesehackers.
TheteamofhackersdefacedthesiteandstoledatafromthousandsofMicrosoftcustomers.
FIG.
23.
MicrosoftIndiaWebstorehacked.
FIG.
24.
Screenshotshownbycyber-criminalstoprovetheyhadstolendatafromMicrosoft'scustomers.
2012ataglanceAlsoinFebruary,itwasreportedthatattackersstoleinformationfrommillionsofusersofYouPorn,oneoftheworld'smostpopularpornvideowebsites.
ThisdatawaspostedonPastebin,apopulardumpinggroundforcyber-attackers,potentiallycompromisingthesecurityofthousandsofuserswhoreusepasswordsonmultiplesites.
InMarch,itwasrevealedthatMichaelJackson'sentirebackcataloguehadbeenstolenfromSonyMusic,includingsomepreviouslyunreleasedmaterial.
Thisfollowslastyear'sattacksonSonythatexposedpersonaldatafrommorethan100millionaccountsatSonyOnlineEntertainmentandthePlayStationNetwork(PSN).
Itseemsthatthecyber-criminalswhohackedintoSonyMusic'ssystemsthoughtitwouldbeeasytoaccessthecompany'sinformation.
Unfortunately,theywereright,althoughinthiscasetheywerearrestedandareduetostandtrialin2013.
FIG.
25.
MichaelJackson'sentiremusiccataloguestoleninSonyMusichack.
Wikipediasufferedanattackthatforcedtheorganizationtoreleaseastatementwarningitsusersthatseeingadsonitswebsitemeanttheircomputershadbeeninfected.
TheattackersusedarogueGoogleChromeadd-onthatinsertedadsintothesite.
ThefoundationbehindWikipediatooktheopportunitytoremindusersthatWikipediaisfundedbydonorsandtheydon'trunadvertisementsontheirpages.
FIG.
26.
RogueGoogleChromeextensioninjectedadsintoWikipedia.
Wehavementionedonmanyoccasionshowcyber-criminalsarebecomingmoresophisticatedandareconstantlyimprovingtheirtechniques.
AnexampleofthiswastheappearanceofanewvariantoftheSpyEyebankingTrojan,whichhijackedthewebcamofinfectedcomputers.
WhatforTomonitorhowvictimsreactedwhentheyreadthesocially-engineeredmessagesdisplayedbythemalwareonspoofbankingwebsites,andseehoweffectivetheirsocialengineeringturnedouttobe.
NissanMotorCompanyfellvictimtoabreachofemployeeinformation.
TheattackerscompromiseduserIDsandpasswords,whichseemstoindicatethatthemalwarewasdesignedforindustrialespionage.
KhosrowZarefarid,anIraniansecurityexpert,discoveredacriticalflawinIran'sbankingsystem,providingaffectedinstitutionswiththedetails.
Whentheaffectedbanksdidn'trespond,hehacked3millionaccountsacrossatleast22banks.
Hethendroppedthesedetails–includingcardnumbersandPINs–onhisblog.
GoogletookdownZarefarid'sBlogger-hostedblog,whereasaffectedinstitutionswarnedcustomerstochangetheirdebitcardPINs.
2012ataglanceHackers,perhapsfromEasternEurope,stolethepersonaldetailsofover900,000ofUtah'sMedicaidbeneficiariesfromaserveroperatedbyUtah'sHealthDepartmentTheDropboxfilesharingservicesufferedahugesecuritybreachthatledtotheftofusernamesandpasswordsfromthousandsofusers.
Accordingtoreports,itwasusersthemselvesthatraisedthealarmafterstartingtoreceivespamataddressesusedonlyforDropbox.
FIG27.
DROPBOX.
FIG.
28.
REUTERS.
InSouthKorea,mobilecarrierKTCorporationsufferedadatabreachwhichexposedpersonalinformationofover8.
7millioncustomers.
Shortlyafterthehack,SouthKoreanpoliceannouncedthearrestoftwoprogrammerswhowereallegedlyinvolvedwiththetheft.
TheReutersnewsservicesufferedtwosuccessfulhackerattacksonitsbloggingplatform.
ThenewsagencywasfirsthitatthebeginningofAugustwhenafalseinterviewwithaSyrianrebelleaderwaspublished.
Asaresult,Reuterstookitsbloggingplatformofflineforafewhours.
Twoweekslater,asimilarincidenttookplaceinvolvinganarticlethatfalselyclaimedSaudiArabia'sforeignministerSaudal-Faisalhaddied.
Blizzard,theAmericanvideogamedeveloperandpublisheroftitleslikeWorldofWarcraft,StarcraftorDiablo,confirmedinAugustthattheyhadsufferedasecuritybreachandurgeduserstochangethelogincredentialstoitsonlinegamingserviceBattle.
net.
Theyconfirmedthathackerswereabletoobtainusers'emailaddressesandencryptedpasswords.
FIG.
29.
BLIZZARD.
InSeptember,itwasrevealedthatAdobehadalsobeenattackedbyhackers.
Inthiscasethough,theattackerswerenotinterestedinstealingcustomerdata,butinaccessingoneofthecompany'sinternalserverstobeabletosigntheirmalwarewithavaliddigitalcertificatefromAdobe.
TheattacktookplaceinJuly.
U.
S.
insurerNationwidesufferedadatabreachthatrevealedthepersonalinformationofoveronemillioncustomersandemployees.
Thisinformationincludedtheirfullnames,homeaddresses,socialsecuritynumbersandotherpersonalinformation.
Inadditiontoprivatecompanies,publicinstitutionshavealsosufferedtargetedattacksanddatabreaches.
InNovember,theUNnuclearwatchdogInternationalAtomicEnergyAgencywasattackedbyagroupcalled"Parastoo",whichlaterpublishedthestolendataonPastebin.
AlsoinNovember,theJapanAerospaceExplorationAgencysaidithadfoundevidencethatoneofitscomputershadbeeninfectedbyavirusthatcollectedinformationandtransmitteditexternally.
Thecomputerinquestioncontainedspecificationsandinformationontheagency'ssolid-fuelrocketprogram.
Nevertheless,apartfromalltheseattacks,therehasalsobeengoodnewsinthefightagainstcyber-crime:Interpolhasannouncedtheyareplanningtoopena"GlobalCybercrimeCenter"inSingaporein2014toimproveglobalcooperationamonglawenforcement.
UKcyber-crookEdwardPearsonwasjailedfor26monthsafterstealingthepersonalinformation2012ataglanceFIG.
30.
PicturedpostedbyHiginioO.
OchoaIIIthatledtohisarrest.
InApril,theFBIannouncedthearrestofJohnAnthonyBorellIII,anotherallegedmemberofAnonymous,inOhio.
Onthisoccasion,theFBIfoundTwitterdirectmessagesandtweetsinwhichBorelladmittedtotakingdownanumberofwebsites.
JunaidHussainofBirmingham,UnitedKingdom,theleaderoftheTeaMp0isoNcollective,pleadedguiltytohackingintotheGmailaccountofformerUKPrimeMinisterTonyBlair.
Afewweekslaterhewassentencedtosixmonthsinprison.
FIG.
31.
TonyBlair'semailaccounthackedbygroupTeaMpOisoN.
HackerJoshuaSchichtel,ofPhoenix,UnitedStates,receiveda30-monthsprisonsentenceforhijacking72,000computers.
Moreprecisely,hewaspaidtoinstallorhaveinstalledmalwareonthosecomputers.
Inonecase,acustomerpaidhim$1,500toinstallaTrojanoneverycomputeronhisbotnet.
ChristopherChaney,whomadeheadlinesbyhackingintothepersonalonlineaccountsofsuchstarsasScarlettJohanssonorMilaKunis,wassentencedto10yearsinjailforillegallyaccessingtheemailaccountsofmorethan50peopleintheentertainmentindustry.
Allofthesestoriesprovideclearexamplesofthewaythefightagainstcyber-crimeischanging.
Forexample,Japan'sNationalPoliceAgency(Japan'sequivalenttotheAmericanFBI)offereditsfirst-evermonetaryreward(US$36,000)forawantedhacker.
Upuntilnow,thistypeofrewardwasreservedforcasesinvolvingcrimelikemurderandarson,neverforcyber-criminals.
ofabout8millionpeople.
AlsointheUK,LewysMartin,aBritwhodistributedaTrojanhorsethatposedasapatchforthepopularCallofDutygame,wasjailedfor18monthsforstealinguserdataandsellingitontheblackmarket.
RyanCleary-a19-year-oldfromEssex,UnitedKingdom,whowasarrestedlastyearforparticipatinginvariousLulzSecattacks-,wassentbacktojailforbreachinghisbailconditions.
Cleary,whoisn'tallowedtoaccesstheInternet,useditlastChristmastocontactHectorXavierMonsegur(a.
k.
a"Sabu"),theLulzSechackerwhotheFBIusedasasecretinformantformonthslastyear.
HiginioO.
OchoaIII,fromGalveston,Texas,wasarrestedbytheFBIforallegedlyhackingintothewebsitesofseveralU.
S.
lawenforcementagenciesandreleasingthepersonalinformation(names,addressesandphonenumbers)ofdozensofpoliceofficers.
Inthiscase,Ochoa'sarrestwaslargelyduetohisownmistake,ashetwittedaphotoofhisgirlfriend'sbreastswithasignattachedtoherbellythatmentionedthehacker'sonlinename("w0rmer").
ThepicturewastakenwithaniPhone4,whichcontainsaGPSdevicethatinsertsGPSco-ordinatesinallpicturestaken.
Asaresult,thepoliceonlyhadtousetheGPSco-ordinatesembeddedinthephotototracetheexactstreetandhousewherethepicturewastaken.
Thisservedtoidentifythewoman,whohappenedtobeOchoa'sAustraliangirlfriend.
2012ataglanceCyber-warTheyear2012hasseensomeremarkableeventsinthecyber-wararena.
OnJanuary2,thousandsofcreditcardnumbersbelongingtoIsraelicitizenswerestolen.
ASaudihacker,callinghimself0x0mar,tookcreditforthehackattack,althoughfurtherinvestigationrevealedthehacker'srealidentity:19-year-oldcomputersciencestudentOmarHabib,bornintheUnitedArabEmirates,butcurrentlylivinginMexico.
Lateron,0x0mardeniedtheallegations32.
Screenshotfrom0x0mar'sonlineclaimofanIsraelihackattack.
Soonafter,awarbegantobrewbetweenthehackersofIsraelandSaudiArabia:ArabhackersparalyzedthewebsitesoftheTelAvivStockExchange,ElAlAirlinesandseveralIsraelibanks,whereasIsraelihackersbroughtdownthewebsitesofboththeSaudiStockExchange(Tadawul)andtheAbuDhabiSecuritiesExchange(ADX)inretaliation,claimingtoactonbehalfoftheIsraeliDefenseForcesandvowingtostrikeArabcountries'websitesrelatedtotheireconomiesunlessattacksonIsraelisiteswerehalted.
Tomakemattersworse,Tariqal-Suwaidan,oneofKuwait'smostfamousTVpreachers,calledforacyber-waragainstIsrael.
HeusedhisTwitteraccounttocallonallMuslimhackerstouniteagainstIsraelina"cyber-jihadagainstZionistenemy,whichwillberewardedbyGod".
AlsointheMiddleEast,thousandsofemailsreceivedandsentbySyrianpresidentBasharal-AssadwerestolenbySaudihackers.
IntheFarEast,itwasreportedthatJapan'sDefenseMinistryhadcommissionedFujitsutodevelopacyber-weaponviruscapableoftracinganddisablingcomputersbeingusedincyber-attacksagainstthecountry.
Theinformationisabitconfusing,anditlookslikeabadideaanywayas,evenifcreatedwiththebestofintentions,theremaybeadverseeffectsthatturntheweaponagainstitscreatorsortheentireworld.
Inanyevent,usersofPandaSecurity'ssolutionscansettheirmindatease,aswewilldetecteveryviruscreated,eitherbypublicorprivatewriters.
Let'slooknowattwoofthecountriesthatusuallytakethespotlightinthissection:ChinaandtheUnitedStates.
InJanuary,itwasrevealedthatChinesehackershaddeployedaTrojantargetingsmartcardreadersusedbytheU.
S.
DepartmentofHomelandSecurity.
Thesecardsareastandardmeansofgrantingusersaccesstointranets,networksandphysicallocations.
Hadthehackersactuallymanagedtocrackthesmartcards,theycouldeasilyaccesslotsofconfidentialinformation.
AlsoinChina,welearnedthatagroupofhackersmanagedtopenetratethecorporatenetworkofNortel,usingpasswordsstolenfromseventopNortelexecutives,includingtheCEO.
Apparently,theyhadbeenspyingonthecompanyfromasfarbackas2000.
Inmostcyber-warorcyber-espionageoperationsallyoucandoisspeculateaboutwhoisbehindtheattack.
Itisextremelyunlikelythatacountryopenlyadmitstobeingresponsibleforcarryingoutthistypeofaction.
However,thingsmightbecwebsitesbeingusedbyAlQaeda'saffiliateinYemen.
Morespecifically,theU.
S.
cyberexpertshackedintoJihadistWebpagesandsubstitutedmaterialthatbraggedaboutkillingAmericanswithinformationaboutMuslimcivilianskilledinterroriststrikes.
Meanwhile,inSouthKorea,intelligencesourcesaccusedNorthKoreaofrunningaspecialunitofelitehackerstostealmilitarysecretsandsabotageinformationsystemsofSeoul.
2012ataglanceFlameTheFlamecomputervirushasbeenthehighlightoftheyearwithoutanydoubts.
FlameisacomplexpieceofmalwareusedforinformationgatheringandespionageinMiddleEastcountries.
Thismaliciouscodeismostlikelycreatedbyagovernmentorintelligenceagency,andisclearlytiedtotheinfamousStuxnetmalware(aTrojanreportedlydesignedandlaunchedbytheU.
S.
andIsraeligovernmentsinanattempttosabotageIran'snuclearprogram).
TargetedattacksaregenerallycarriedoutusingTrojans,butinthiscasewearetalkingaboutaworm,whichintroducesanewfactor:Wormscanreplicatethemselvesautomatically,sovirusauthorscouldeventuallylosecontrolofwhoorwhosecomputerstheircreationsareinfecting.
Thatisreallynotadvisableifyouhaveaspecifictargettoattackandwanttostayundertheradarinordertoavoiddetection.
HowdidFlameresolvethisWell,thewormhasaverycuriousandsomewhatinnovativefeature:itsabilitytoturnitsspreadingfunctionalityonandoff,somethingextremelyhandywhenyouwanttogounnoticed.
OneofthemoststrikingfeaturesofFlameisthatitcanstealallkindsofdatainmultipleways,evenbyturningonvictims'microphonestorecordconversations.
Aspreviouslymentioned,thiswasundoubtedlyatargetedattackaimedatspecificindividualsandorganizationsintheMiddleEast.
Anditseemsthatthecyber-espionagewormmighthavebeenactiveformanyyearswithoutbeingdetectedbysecuritycompanies,whichhasproducedanumberofconspiracytheoriesclaimingthatgovernmentspressedantivirusvendorstonotdetecttheworm.
Obviously,thisiscompletelyfalse,andassoonasthewormhasbeendiscovered,ithasbeendetectedbyallofthem.
But,whydidittakesolongtodetectFlameWell,noantivirussolutionhasa100-percentsuccessrateatcatchingnew,unknownthreats.
Thisisquitesimpletounderstand:professionalcybercriminalsmakesuretheirmaliciouscreationswillgoundetectedbeforespreadingthem.
Theytestthemagainstallpopularantivirusenginestomakesuretheycannotbedetectedbysignaturefilesoranyotherprotectionsystems(behavioralandheuristicscanning,etc.
).
Ifyouhavethenecessaryresourcesatyourdisposal,youcansetupaQualityAssuranceprocessthateliminatesthepossibilityofthemalwarebeingfound,atleastatthestart.
Thethreatwillbeeventuallydetectedbyantivirussolutions,butmakingitgounnoticedforaslongaspossibleisthekeytosuccess.
Forexample,byinfectingasmallnumberoftargetedcomputersinsteadoftriggeringamassiveinfection.
FIG.
33.
SAUDIARAMCO.
FIG.
34.
RASGAS.
Throughouttheyearwehaveseenanumberofcyber-espionageattacksaimedatjournalistsindifferentpartsoftheworld.
Forexample,inMorocco,agroupofindependentjournalistswhoreceivedanawardfromGooglefortheireffortsduringtheArabSpringrevolution,wasinfectedwithaMacTrojan.
InChina,agroupofforeigncorrespondentswastargetedbytwomalwareattacksviaemailafewweeksbeforetheCongressoftheChineseCommunistParty.
ThisyearwehavealsoseenacoupleofmalwareinfectionsincompaniesoperatingintheenergysectorintheMiddleEast.
Itisstillnotknowniftheseincidentsarerelatedorareduetosometypeofcyber-attack,butalltheevidenceseemstoindicateso.
TheSaudiArabianOilCompany(SaudiAramco)washitbyamalwareinfectionthatledthecompanytosevereitsconnectionstotheInternetasapreventivemeasure.
Inadditiontothis,avirusinfectedQatarinaturalgascompanyRasGas.
However,neitherRasGasnorSaudiAramcosawtheirproductionhaltedduetotheseincidents.
2012infiguresFIG.
35.
NEWMALWARECREATEDIN2012,BYTYPE.
03|2012infiguresApproximately,27millionnewstrainsofmalwarewerecreatedin2012,74,000everyday.
Asaresult,PandaLabshasnowatotalof125millionclassifiedmalwaresamples.
Andthenumberkeepsgrowing,aidedbycyber-crookseagertobypassantivirusprotectionstoincreasetheirprofits.
Trojanscontinuedtoaccountformostofthenewthreats,asthreeoutofeveryfournewmalwarestrainscreatedwereTrojans.
Herearethedetails:Overthelastfewyears,thenumberofTrojansincirculationhasbeenconstantlyincreasing.
In2010theyaccountedformorethanhalfofallmalwarecreated(56percent),in2011theyrosespectacularlyto73.
31percent,whereasin2012theyreached76.
57percent.
Wormscamesecond(11.
33percentcomparedto8.
13percentin2011),whereasvirusesdroppedtothirdplaceat9.
67percentcomparedto14.
24percentin2011.
FIG.
36.
MALWAREINFECTIONSBYTYPEIN2012.
FIG.
37.
MOSTMALWARE-INFECTEDCOUNTRIESIN2012.
2012infiguresWhenitcomestothenumberofinfectionscausedbyeachmalwarecategory,asrecordedbyourCollectiveIntelligencetechnologies,Trojansonceagaindominatedtherankingat76.
56percent,almostthesamepercentageasthatofTrojansincirculation.
Itseemsthatcyber-criminalshavemanagedtoinfectmorecomputerswithTrojansthisyearthaninpreviousyears.
In2011,thepercentageofTrojan-infectedcomputerswas66.
18percents,sotherehasbeena10pointriseinthisrespect.
OneofthereasonsforthisgrowthistheincreaseduseofexploitkitssuchasBlackHole,whicharecapableofexploitingmultiplesystemvulnerabilitiestoinfectcomputersautomaticallywithoutuserintervention.
Herearevisualsdepictingthesetrends:However,noteverythingwasgoodnewsforcyber-criminals.
Theproportionofinfectedcomputersworldwidedecreasedsignificantlyfrom38.
49percentin2011to31.
98percentin2012.
Let'snowlookatthegeographicdistributionofinfections.
WhichcountriesweremostinfectedWhichcountrieswerebestprotectedChinawasonceagaintopofthelistofcountrieswithmostinfectionswithmorethan50percentofinfectedPCs(54.
89percent),followedbySouthKorea(54.
15percent),andTaiwanatadistantthird(42.
14percent).
Hereisagraphrepresentingthecountrieswithmostmalware-infectedcomputers:2012infiguresThelistoftoptenmostinfectedcountriesismadeupofnationsfromalmosteverypartoftheworld:Asia,Europe,CentralAmericaandSouthAmerica.
Othercountrieswhosenumberofmalwareinfectionswasabovetheglobalaverageare:Lithuania(35.
46percent),Thailand(35.
37percent),Peru(35.
05percent),Argentina(34.
79percent),Spain(34.
06percent),Nicaragua(34.
03percent),Guatemala(33.
89percent),Ecuador(33.
68percent),ElSalvador(32.
86percent),Brazil(32.
09percent)andChile(31.
98percent).
NineofthetenleastinfectedcountriesareinEuropewiththeonlyexceptionbeingCanada.
ThecountrywiththefewestinfectionsisSweden(20.
25percentofinfectedPCs),followedbySwitzerland(20.
35percent),andNorway(21.
03percent).
Here'sagraphrepresentingthecountrieswiththefewestinfectionsin2012:FIG.
38.
LEASTMALWARE-INFECTEDCOUNTRIES.
Othercountrieswhosenumberofmalwareinfectionswasbelowtheglobalaverageare:CzechRepublic(31.
84percent),Romania(31.
54percent),Colombia(31.
49percent),Estonia(31.
33percent),UnitedStates(30.
52percent),Slovenia(30.
37percent),Italy(30.
25percent),Venezuela(29.
81percent),Mexico(29.
81percent),CostaRica(29.
73percent),Panama(29.
61percent),France(29.
19percent),Paraguay(28.
57percent),SouthAfrica(27.
94percent),Denmark(27.
65percent),Hungary(27.
37percent),Uruguay(27.
23percent),Austria(27.
03percent),Belgium(27.
02percent),Portugal(26.
78percent),Australia(26.
60percent),Latvia(26.
06percent),Japan(26.
00percent)andNewZealand(25.
76percent).
2013SecurityTrends04|2013SecurityTrendsWehaveseenwhathashappenedin2012:attacksinsocialnetworksandcyber-wareverywhere.
Whatdowehavetoexpectforthenext12monthsVulnerabilitiesSoftwarevulnerabilitieswillbethemaintargetofcyber-criminalsnextyear.
Itisundoubtedlythepreferredmethodofinfectionforcompromisingsystemstransparently,usedbybothcyber-criminalsandintelligenceagenciesincountriesaroundtheworld.
In2012,wesawhowJava,whichisinstalledonhundredsofmillionsofdevices,wasrepeatedlycompromisedandusedtoactivelyinfectmillionsofusers.
InsecondplaceisAdobe,asgiventhepopularityofitsapplications(AcrobatReader,Flash,etc.
)anditsmultiplesecurityflaws,itisoneofthefavoritetoolsformassivelyinfectingusersaswellasfortargetedattacks.
Althoughwemaythinkthathomeusersareexposedtothehighestrisk,rememberthatupdatingapplications,whichisessentialforprotectingagainstthesetypesofattacks,isaverycomplexprocessincompanies,whereupdatingallcomputersmustbecoordinated.
Atthesametime,itisessentialtoensurethatalltheapplicationsusedinacompanyworkcorrectly.
Thismakestheupdateprocessesslow,whichopensawindowthatisexploitedtostealinformationingeneralandlaunchtargetedattacksinsearchofconfidentialdata.
2013SecurityTrendsSocialnetworksThesecondmostwidelyusedtechniqueissocialengineering.
Trickingusersintocollaboratingtoinfecttheircomputersandstealtheirdataisaneasytask,astherearenosecurityapplicationstoprotectusersfromthemselves.
Inthiscontext,useofsocialnetworks(Facebook,Twitter,etc.
),placeswherehundredsofmillionsofusersexchangeinformation,onmanyoccasionspersonaldata,makesthemthepreferredhuntinggroundfortrickingusers.
ParticularattentionshouldbepaidtoSkype,whichafterreplacingMessenger,couldbecomeatargetforcyber-criminals.
MalwareformobiledevicesAndroidhasbecomethedominantmobileoperatingsystem.
InSeptember2012,Googleannouncedthatithadreachedtheincrediblefigureof700millionAndroidactivations.
Althoughitismainlyusedonsmartphonesandtablets,itsflexibilityandthefactthatyoudonothavetobuyalicensetouseitaregoingtoresultinnewdevicesoptingtouseGoogle'soperatingsystem.
Itsuseisgoingtobecomeincreasinglywidespread,fromtelevisionstoalltypesofhomeappliances,whichopensupaworldofpossibleattacksasyetunknown.
Cyber-warfare/Cyber-espionageThroughout2012,differenttypesofattackshavebeenlaunchedagainstnations.
TheMiddleEastisworthmentioning,wheretheconflictisalsopresentincyber-space.
Infact,manyoftheseattacksarenotevencarriedoutbynationalgovernmentsbutbycitizens,whofeelthattheyshoulddefendtheirnationbyattackingtheirneighborsusinganymeansavailable.
Furthermore,thegovernmentsoftheworld'sleadingnationsarecreatingcybercommandostopreparebothdefenseandattackandtherefore,thecyber-armsracewillescalate.
GrowthofmalwareFortwodecades,theamountofmalwarehasbeengrowingdramatically.
Thefiguresarestratospheric,withtensofthousandsofnewmalwarestrainsappearingeverydayandtherefore,thissustainedgrowthseemsveryfarfromcomingtoanend.
Despitesecurityforcesbeingbetterpreparedtocombatthistypeofcrime,theyarestillhandicappedbytheabsenceofbordersontheinternet.
Apoliceforcecanonlyactwithinitsjurisdiction,whereasacyber-crookcanlaunchanattackfromcountryA,stealdatafromcitizensofcountryB,sendthestolendatatoaserversituatedincountryCandcouldbelivingincountryD.
Thiscanbedoneinjustafewclicks,whereascoordinatedactionofsecurityforcesacrossvariouscountriescouldtakemonths.
Forthisreason,cyber-criminalsarestilllivingtheirowngoldenera.
MalwareforMacCaseslikeFlashback,whichoccurredin2012,havedemonstratedthatnotonlyisMacsusceptibletomalwareattacksbutthattherearealsomassiveinfectionsaffectinghundredsofthousandsofusers.
AlthoughthenumberofmalwarestrainsforMacisstillrelativelylowcomparedtomalwareforPCs,weexpectittocontinuerising.
Agrowingnumberofusersaddedtosecurityflawsandlackofuserawareness(duetoover-confidence),meanthattheattractionofthisplatformforcyber-crookswillcontinuetoincreasenextyear.
Windows8Lastbutnotleast,Windows8.
Microsoft'slatestoperatingsystem,alongwithallofitspredecessors,willalsosufferattacks.
Cyber-criminalsarenotgoingtofocusonthisoperatingsystemonlybuttheywillalsomakesurethattheircreationsworkequallywellonWindowsXPtoWindows8,throughWindows7.
OneoftheattractionsofMicrosoft'snewoperatingsystemisthatitrunsonPCs,aswellasontabletsandsmartphones.
Forthisreason,iffunctionalmalwarestrainsthatallowinformationtobestolenregardlessofthetypeofdeviceusedaredeveloped,wecouldseeaspecificdevelopmentofmalwareforWindows8thatcouldtakeattackstoanewlevel.
05|ConclusionConclusionTheyear2013presentsitselffullofchallengesinthecomputersecurityworld.
Androiduserswillhavetofaceagrowingnumberofattacksfromcyber-crookswantingtostealprivateinformation.
Cyber-espionageandcyber-warwillalsobeontherise,asmoreandmorecountriesareorganizingtheirowncyber-commandounits.
Thereisgrowingconcernfortheinformationthatcouldbecompromisedandthepossibilityofusingmalwaretolaunchdirectattacksoncriticalinfrastructure.
Companieswillhavetotightenupsecuritymeasurestoavoidfallingvictimtotheincreasingnumberofcyber-attacks,whilespecialcarewillhavetobetakentoprotectnetworksagainstoperatingsystemandapplicationvulnerabilities,withJavaposingthebiggestthreatduetoitsmultiplesecurityflaws.
VisitthePandaLabsblog(http://www.
pandalabs.
com)tostayuptodatewithallthedevelopmentsanddiscoveriesmadeatthelaboratory.
06|AboutPandaLabsAboutPandaLabsPandaLabsisPandaSecurity'santi-malwarelaboratory,andrepresentsthecompany'snervecenterformalwaretreatment:PandaLabscreatescontinuallyandinreal-timethecounter-measuresnecessarytoprotectPandaSecurityclientsfromallkindofmaliciouscodeonagloballevel.
PandaLabsisinthiswayresponsibleforcarryingoutdetailedscansofallkindsofmalware,withtheaimofimprovingtheprotectionofferedtoPandaSecurityclients,aswellaskeepingthegeneralpublicinformed.
Likewise,PandaLabsmaintainsaconstantstateofvigilance,closelyobservingthevarioustrendsanddevelopmentstakingplaceinthefieldofmalwareandsecurity.
Itsaimistowarnandprovidealertsonimminentdangersandthreats,aswellastoforecastfutureevents.
Forfurtherinformationaboutthelastthreatsdiscovered,consultthePandaLabsblogat:http://pandalabs.
pandasecurity.
com/facebookhttps://www.
facebook.
com/PandaUSAtwitterhttps://twitter.
com/PandaSecuritygoogle+http://www.
gplus.
to/pandasecurityyoutubehttp://www.
youtube.
com/pandasecurity1Thisreportinwholeorinpartmaynotbeduplicated,reproduced,storedinaretrievalsystemorretransmittedwithoutpriorwrittenpermissionofPandaSecurity.
PandaSecurity2013.
AllRightsReserved.
- servicespastebin相关文档
- OSpastebin
- DLLpastebin
- letterspastebin
- testedpastebin
- storingpastebin
- DASpastebin
Friendhosting四五折促销,VPS半年付7.5欧元起
Friendhosting发布了针对“系统管理日”(每年7月的最后一个星期五)的优惠活动,针对VPS主机提供55%的优惠(相当于四五折),支持1-6个月付款使用,首付折扣非永久,优惠后最低套餐首半年7.18欧元起。这是一家保加利亚主机商,成立于2009年4月,商家提供VDS和独立服务器租用等,数据中心目前可选美国洛杉矶、保加利亚、乌克兰、荷兰、拉脱维亚、捷克和波兰等8个地区机房。下面以最低套餐为例...
AkkoCloud(60元/月 ),英国伦敦CN2 1核 768 MB 内存 10 GB SSD 硬盘 600GB 流量 英国伦敦CN2 1核 1.5G 300Mbps
官方网站:https://www.akkocloud.com/AkkoCloud新品英国伦敦CN2 GIA已上线三网回程CN2 GIA 国内速度优秀.电信去程CN2 GIALooking Glass:http://lonlg.akkocloud.com/Speedtest:http://lonlg.akkocloud.com/speedtest/新品上线刚好碰上国庆节 特此放上国庆专属九折循环优惠...
MechanicWeb免费DirectAdmin/异地备份
MechanicWeb怎么样?MechanicWeb好不好?MechanicWeb成立于2008年,目前在美国洛杉矶、凤凰城、达拉斯、迈阿密、北卡、纽约、英国、卢森堡、德国、加拿大、新加坡有11个数据中心,主营全托管型虚拟主机、VPS主机、半专用服务器和独立服务器业务。MechanicWeb只做高端的托管vps,这次MechanicWeb上新Xeon W-1290P处理器套餐,基准3.7GHz最高...
pastebin为你推荐
-
特朗普取消访问丹麦特朗普出国访问什么飞机护送?硬盘工作原理硬盘的工作原理是什么?access数据库Access数据库对象的操作包括哪五种?百花百游百花蛇草的作用同一ip网站同一个IP不同的30个网站,是不是在一个服务器上呢?同ip站点同IP做同类站好吗?se95se.comwww.sea8.com这个网站是用什么做的 需要多少钱www.mywife.ccMywife-No 00357 MANAMI SAITO种子下载地址有么?求好心人给www.bbb551.com广州欢乐在线551要收费吗?sodu.tw给个看免费小说的网站