adamgifford
Sunday, April 24, 2011
  Stay one step ahead of cyber criminals
NZ Herald April 6

Listen to Tom Clare speak and you would be extremely concerned about where you go on the internet.
You'll not just consider updating your antivirus software, you might start asking questions about what your internet service provider is doing to protect you.
Clare is the principal author of the Blue Coat 2011 web security report.
Blue Coat sells a secure proxy gateway that sits between customers and the internet, rating 3 billion web requests a week from its 72 million users. In combination with the antivirus information it pulls in from partners such as Trend Micro, that sort of reach gives it a handle on the changing face of cyber-crime.
"The top categories for delivering malware used to be the traditional red light areas - hacking, gambling, personal lust," Clare says. But during the past year cyber criminals have moved their activities to known sites with good reputations.
Dynamic web links are used to load attack elements from a number of sites, rather than lurking on one dodgy server in downtown Taipei.
The criminals hack insecure sites or acquire access credentials, thus getting around reputation filters, the so-called white and black lists and commonly blocked web categories.
Death, drama and disaster are powerful lures to get people to jump on to the internet, and any news story can be used by criminals to create hooks to web links that lead to threats.
Social networking is creating new opportunities, through Facebook links or tiny URLs from Twitter. Simple keyword ratings prove ineffective against such attacks and defences need to understand wider patterns - why is this page from Boston going to Kiev to load an invisible element?
Last year opened with Operation Aurora, a sophisticated attack over the holiday period when IT shops were thinly staffed, which used flaws in Internet Explorer and Adobe's PDF technology to target more than 30 technology, finance and defence firms.
The attack seemed to be aimed at getting source code from companies such as Google and Adobe.
Once the IE vulnerability was exposed, cyber criminals were quick to launch "me too" attacks, by which time companies with updated antivirus software could expect to be protected. Clare said Aurora led to the creation of advanced PDF tools and active script analysers. "Eventually all attacks reach out to a remote host for more content or to deliver information. These dynamic links and requests are the key to effective web-defence filtering," he says.
Malvertising, or delivering malicious software through fake ads, takes patience. Clare said in one case a relatively new ad domain had existed for about six months, delivering cheap ads to web pages and passing any checks for malware.
One day in November some of the ads sent to selected targets were malicious javascript, sending the browser to an attack site. The domain then shut down.
Another attack which hit many Italian websites used Twitter search results to create domain names for each day of malware delivery.
A major Google study found fake antivirus software accounts for 15 per cent of malware found on the internet and half of the malware delivered through ads.
Users are told their system is infected so they click on the link to accept, install and pay for fake software. Scareware merges into ransomware, where payment is demanded for a tool to clean up the infected computer. Better to stick with antivirus software from major brands.
Then there's the fake update, which often links to searches for adult material but is now increasingly tied to social networking.
A cyber criminal breaks into a social networking account and sends a short message and link to all the user's friends asking, "Is this a picture of you?" Instead of leading to a picture, the dynamic link asks the users to make a software update before the picture or video can be viewed.
The 2010 Soccer World Cup created many opportunities for cyber criminals, especially for phishing attacks which outnumber malware attacks two to one. Fans looking to watch matches online would be directed to pages which would collect private information and payment credentials. Expect more of the same for this year's Rugby World Cup.
Some crime is moving to malware, which puts keyloggers on to the computer to collect logins and passwords.
Lazier criminals can buy fully developed phishing kits. They may be surprised the kits have a backdoor, so its creator can steal their catch.
 
Comments: Post a Comment

Links to this post:

Create a Link



<< Home
An online possie for Adam Gifford, a New Zealand journalist specialising in information technology, Maori news and the arts.

My Photo
Name:
Location: Auckland, New Zealand
ARCHIVES
October 2005 / February 2006 / April 2006 / May 2006 / May 2007 / June 2007 / July 2007 / August 2007 / September 2007 / November 2007 / December 2007 / February 2008 / April 2008 / July 2008 / November 2008 / December 2008 / February 2009 / March 2009 / April 2009 / May 2009 / June 2009 / August 2009 / October 2009 / June 2010 / September 2010 / October 2010 / December 2010 / February 2011 / March 2011 / April 2011 / July 2011 / September 2011 / November 2011 / January 2012 / May 2012 / July 2012 / September 2012 / August 2014 /


Powered by Blogger