Monday, 28 May 2012

McAfee Report on alarming growth of cyber threats

McAfee Report on alarming growth of cyber threats:
I find really interesting the report released by security firms regarding the principal cyber threats and the related evolution. This time I desire to share the data proposed in the by McAfee Labs in its McAfee Threats Report – First Quarter 2012.
Let’s start observing that this first part of year have registered an impressive increase of the malware diffusion, the experts believe that the trend of growth will be consolidated during the current year, and the area which could suffer more the incoming cyber threats will be the mobile. The number of malware in mobile environment has quadrupled respect the last year and the almost all of the agents isolated are new and related to the Android OS based devices ( 87%).   The principal reason of the rapid diffusion of malware is related to the download from third-party app store, mainly from Russia and China. The main purposes for the malware diffusion are the realizzation of frauds by cybercrime and cyber espionage for governments.  Backdoor Trojans are the most dangerous threats because using root exploits they could allow a total remote control of the victim device.
Very worrying is the situation related to diffusion of malware for PCs and Macs with more of 83 million malware samples detected that represents the biggest number in the last four years, and increment of 10% in just one quarter.

Within malware categories has been detected a sensible increases in rootkits, password stealers and more in general in signed malware, a growth that is expected to be increasing during the rest of 2012.
The principal vector used for malware spreading is the email, largely adopted for massive phishing campaign and also for targeted attacks. Consider that spam levels reach record lows at the end of 2011, meanwhile in the first part of the year has been detected a spike, but the situation is slowly returning to normal. The spike has been originated mainly from China, Germany, Poland, Spain,and the UK.
Over tha phishing schema the experts of McAfee have provided an alert on the increase of the number of websites hosting malicious downloads or browser exploits. This infection schema is really common and has registered a sensible growth as showed in the following picture.

Among the malware, as noted, the most active and dangerous are the rootkits which provides an enhanced capability by accessing, adding code to, or replacing portions of the core operating system.
The rootkit operate is stealthy mode to gain privileged access to the victim machine, hiding its presence to the ordinary security platforms. Many time a rootkit attack is configured in conjunction with well know trojan, such as Trojan.Koutodoor, that may download more files and install a rootkit component on the compromised machine.

In this first part of the year Apple computers have been addressed by several malware, it has been registered an increment in the development of virus and trojan able to attack devices of the famous brand. To aggravate the situation there is the belief of many Mac users that their systems are immune to such threats, thus favoring viral spread of malicious applications.
One of the more aggressive malware is Flashback Trojan, a malware created to conduct click fraud scam by hijacking people’s search engine results inside their web browsers, stealing banking or login credential. Of course one infected the system it could be used ad part of a botnet causing bigger damages. The botnet related to the Flashback Trojan is called Flashfake also designed by cyber criminals to conduct a click fraud scam, taking advantage of pay-per-click campaigns by advertising companies. Flashback was created in September 2011 to disguise itself as an Adobe Flash Player installer, using Flash player layout. Once installed the malware search user names and passwords stored on the victims.

Meanwhile Fake Antivirus and other bogus security software, AutoRun and password-stealing are still creating many problems the category of signed malware is generating a lot of concerns. Installation for certain types of software could needs that its code is digitally signed with a trusted certificate. By stealing the certificate of a trusted vendor reduces the possibility that the malicious software being detected as quickly. That is exactly what happened for Stuxnet virus and for any signed.
Craig Schmugar, McAfee senior researcher, declared:
“Attackers sign malware in an attempt to trick users and admins into trusting the file, but also in an effort to evade detection by security software and circumvent system policies. Much of this malware

is signed with stolen certificates, while other binaries are self-signed or ‘test signed.’ Test signing is sometimes used as part of a social engineering attack.”
This quarter more than 200,000 new and unique malware binaries have been detected with a valid digital signature. This technique has been already used to make more efficient cyber weapons such as Duqu and Stuxnet, is expected that the same approach will be adopted for future malware development, in cyber warfare scenario and by cybercrime.
The report alerts on the botnets diffusion observed in the last months, millions of compromised computers connected to the Internet are daily used to realize scam and cyber attacks. Observing the volume of messages exchanged between bots and command server is possible to have an indicator on the level of the threat and its diffusion. Overall messaging botnet growth jumped up sharply from last quarter, mainly in Colombia, Japan, Poland, Spain, and the United States.
Many of the leading messaging botnets (Bobax, Cutwail, Grum, Lethic and Maazben)  showed a minor growth or a decline with the exception of Cutwail botnet which increased significantly.
Behind the principal botnets there is the cybercrime industry that is pushing on the diffusion of malware to infect an increasing number of machines but also proposing new models of business, such as botnet rental or the commerce of the agents for botnet creation. The business is reaching important figures in a short time mainly due to the opportunities provided by the Deep Web.
The report addresses also “Network Threats” and “Web Threats” identifing the major cyber threats related to the registered cyber attacks, RPC, SQL Injection and Browser attacks are the most common threats.

The report closes with a reference on hacktivism and related impact on cyber security. The events connected with this new type of protests worry more and more and the resulting actions must necessarily be considered among the main threats in recent years.
The scenario illustrated by McAfee shows a worrying trend in growth common to all major threats. Cybercrime and hacktivim concern especially for the volume of users impacted, while cyber threats associated with government projects are proposing new alarming techniques of offense that could be share in the future also by criminal organizzations.

We must monitor the growth and spread of threats to be able to mitigate their effects.
Pierluigi Paganini
Posted by at No comments:

Al Qaeda continues to frighten the U.S, the cyber war is begun

Al Qaeda continues to frighten the U.S, the cyber war is begun:
Many experts are convinced that the death of Bin Laden marked the end of an ideological group that has been beheaded of its leaders and that began to slowly fall apart. The same experts are convinced that from the rubble of the group might begin small groups, definitely dangerous, but without a central coordination that can make them really offensive as the original organization.
Other security experts believe that the historical group is changing its skin exploring new offensive ways, in particular they are convinced that next wave of attacks will come from the cyber space.
A a secret report issued December 21 by the Canadian Office of Critical Infrastructure Protection and Emergency Services raises the specter of a possible future cyber attack by agents or sympathizers of Osama bin Laden’s al Qaeda terrorist organization. Although to date there is no proof of the al Qaeda’s interest in a cyber offensive the possibility of conducting a cyber attack is high considering the huge financial resources of the group to purchase the equipment required and to acquire the needed expertise.
“Bin Laden’s vast financial resources, however, would enable him or his organization to purchase the equipment and expertise required for a cyber attack and mount such an attack in very short order.”
In one of its interviews bin Laden has spoken regarding the possible constitution of a cyber army.
“hundreds of Muslim scientists were with him who would use their knowledge … ranging from computers to electronics against the infidels,”
according to the Canadian report bin Laden may have planned a cyber attacks against the West.
Recently it has been published on internet an Al Qaeda video of six-minute and that instructs Al Qaeda followers regarding U.S. vulnerability to cyberattacks inviting Muslims to the battle.
Susan Collins and Joe Lieberman, chairman of the Senate Homeland Security Committee , consider it very disturbing, they declared in fact:
“This tape is really alarming,”
“It’s essentially instructing anybody who’s sympathetic with Al Qaeda’s ideology to engage in cyberattacks, and the tape is telling them how easy it is to do so.”
The US official are scared by the video, sources of intelligence have  confirmed in recent months that many terroristic groups are trying to arrange a cyber offensive against US. Recent public reports have demonstrated that Western critical infrastructures are still too vulnerable to cyber attacks and for this reason is trying to engage a cyber war against its enemy.
Cyber security experts are continuously alerting US government regarding the increasing of number of attacks against control systems of critical infrastructure of the country.
The senators Lieberman confirmed that the Homeland Security Department responded to 100,000 cyber incidents in 2011, and informing that there has been a spike in cyber intrusions maybe made by Iranian hackers.
It’s clear that in this scenario Al Qaeda could collaborate with other hostile countries to attacks the US and also to acquire capacity and knowledge to drive an attack against US.
“There is real evidence that the Al Qaeda groups want to pursue and are beginning to pursue the capacity to launch a cyberattacks against America,”
“I mean, that is the real and present danger and that Iran will share that cyberattack capacity with terrorist groups.”
The US monitoring is focused on cyber terrorism threat, new subversive groups are planning to attack US on its soil compromising strategic plants such as nuclear facilities or power grids. CIA and international intelligence agencies have started a massive campaign of prevention that has as objective the monitor of the web to prevent cyber attacks or the organization of terroristic events.  US cyber army is also attacking the principal web site used by Al Qaeda for activities of propaganda.
Last month Al-Qaeda’s main internet forums have been attacked, they were offline for several days,many others sites were downed during last weeks including two of the terrorist organization’s top sites, al-Fida and Shamukh al-Islam.  The nature of the attacks suggested the intervention of groups of hackers hired by governments committed to the fight against terrorism.
Recently the State Department has launched several covert cyber operations against al-Qaida hacking into al-Qaida websites in Yemen, secretary of State Hillary Clinton confirmed that cyber experts based at the State Department hacked Yemeni tribal websites, replacing al-Qaeda propaganda that bragged about killing Americans.
“Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll al-Qaeda attacks have taken on the Yemeni people,”

Yemen’s al-Qaida in the Arabian Peninsula, is considered one of the most active and dangerous cells, responsible of several attacks that have killed hundreds of Yemeni soldiers and accused to be organizers for several attacks against US.
Clinton also added that the cyber attacks have been arranged creating dedicated a task force of specialists, including special operators and intelligence analysts, housed at the State Department.
Authors of the success are the experts of the Center for Strategic Counterterrorism Communications, that patrol the Internet and social media gathering information on al-Qaida’s, on its propaganda and on its recruiting campaign.
“Together, they will work to pre-empt, discredit and outmaneuver extremist propaganda,” Clinton said.
As described confirms the importance of a cyber strategy which seeks to defend the major U.S. facilities and work to prevent cyber attacks against the American people.

This is just another battle that the U.S. must prepare for.
Pierluigi Paganini
Posted by at No comments:

DDoS attack against 123-reg, the Chinese paranoia

DDoS attack against 123-reg, the Chinese paranoia:
The UK’s companies 123-reg, the biggest domain provider,  was hit this week by a “massive” DDoS attack that caused interruption of the services provided.
The company hosts three million domain names and more than 1.4 million sites. According a press published on the company web site, later removed, the attack came from a Chinese source on Wednesday morning.
In a statement reported on the 123-reg service status page the company blamed attackers in China:
From 11:30 to 22:50 our network was undergoing a massive distributed denial of service attack from China. Due to the nature and size of this attack the firewall systems in place needed to be reconfigured to block the bad traffic and allow the good traffic through.
The attack has lasted the entire day, but the company prompted reply reconfiguring its network defense system to mitigate the problem.
The CEO of 123-reg , Thomas Vollrath, has declared:
“As the largest domain provider in the UK, and coupled with the increase of these types of attacks across Europe in particular, we know we are a prime target. We are still in the process of resolving this,”
The CEO also reassured customers claiming that the company has the technical means to cope with this type of cyber threats that are becoming increasingly frequent.
“Our network of back-up servers ensured we were able to move our traffic across very quickly,” he wrote.
The success of these attacks against service provider, which should be prepared to face them, demonstrates their effectiveness and their potential destructive.  Sometimes the size of a DDoS attack can temporary overwhelm every defense system.
What is strange is the company has removed all references to the attack from its support pages, another interesting particular is that it is not the first time that a UK company was hit by similar attack, it’s already happened a month ago with another big UK service provider, the UK2.net.
What might be the reasons for such an attack? Hard to say without having additional information, the company may have been attacked because it offers services to some company or organization, or it may be the victim of an attack by competitors. In this case the Chinese origin does not provide additional elements of judgment and I doubt a direct involvement of government in Beijing.


We all know the huge potential of China on cyber espionage and cyber warfare, whose aggressive policy has offended repeatedly private Western companies.
The news circulated immediately after the attack on the Asian source ohas raised some controversy. Many are convinced that the operation was a government cyber attack , it is likely but in the absence of evidence it is useless to spread the word misleading. I refer of course to the media and not the company that handled the event well.
An attack from China is not necessarily attributable to the government, the nation now houses the major number of mobile devices in the world, a cyber threats such as a botnet could benefit from the presence of so many smartphones.
In a time when many have accused the Chinese government of its cyber strategy too aggressive, unfounded rumors such as this could complicate the difficult dialogue with Beijing.

More info regarding DDoS Attacks

Last year we have observer an impressive grow of distributed denial-of-service (DDoS) attacks mainly related to operations arranged by group of hacktivists such as Anonymous, they will continue into 2012 with a sensible increase of attacks related to cybercrime. According the Verizon report on cybercrime, hacktivism is one of the most dangerous phenomenon, and DDoS attacks are their typical attack mode, for this reason we will observe an impressive grow also supported by the worldwide spread of botnets. Regarding the attacked platforms we are observing a growing interest in the Mac world, it is expected a growth of OS X botnets able to perform DDoS attacks.
Other sensible contributions to the increment of this type of attacks are provided by the usage of mobile phones and devices as launch platform and also to imminent diffusion of IPV6 protocol.
We must also consider that DDoS attacks are largely used in warfare operations against enemy governments. Group of hackers are also engaged to attacks sensible targets with the intent make unusable services provided by agencies and institutions.It is happened earlier this year, when Israel has been victim of a true escalation in cyberwar, not identified attackers have in fact pulled down two principal national web sites, the Tel Aviv Stock Exchange and El Al, the national airline. Again financial istitution under attacks.
DDoS attacks are even more dangerous when they are used in conjunction with other types of offense. DDoS attacks are used as a diversionary strategy to distract opposing defenses from the real intent of the attackers. Precisely this strategy was occasionally adopted by organized criminals using botnets to paralyzed target defense systems and then proceed undisturbed in the development of fraud.
Pierluigi Paganini
Posted by at No comments:

CIA, FBI, NSA, differents agencies for an unique intent…global monitoring

CIA, FBI, NSA, differents agencies for an unique intent…global monitoring:
We have discussed several times regarding the intention of the FBI to create a special unit for internet monitoring and surveillance, a task force established to prevent and fight cyber crimes .In reality the Bureau already has different internal units that work with the same purpose and in the last years has promoted different projects for the development of tools and applications for the web monitoring.
The FBI has recently created a secret surveillance unit to project and develop technologic tools and software for Internet and wireless communications monitoring.
FBI is considered one of the most active agencies in this sense, in the last months it has publicly requested the design of a real time monitor for social networks that have to be able to identify suspect behaviors that could be interpreted as indicator of presence for an ongoing crime.
The FBI has been lobbying top internet companies like Yahoo and Google to support a proposal that would force them to provide backdoors for government surveillance, according to CNET. The purpose of the collaboration between FBI and major IT companies and Internet services providers is tied to the will of the agency to arrive at the definition of legislation that allows law enforcement to have the controversial backdoor.
FBI desires the collaboration of the major player of the IT sector to implement specific backdoor stubs inside their products with intent to make them wiretap-friendly, the request is related to all those communication platforms, social network, email providers, chats and instant messaging.
The FBI has trying to maintain maximum reserve on the Unit called the Domestic Communications Assistance Center, for which the Senate committee has already allocated $54 million assigning to it the mission to create technologies for law enforcement to intercept and analyze communications data.
The power conferred to the unit is wide, every single communication through social networks and over internet in general should be intercepted by the hardware platforms and software applications that the the unit have to implement.
In February 2011, CNET reported that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its “Going Dark” problem, illustrating how the wiretapping capabilities were being reduced with the progress of technology.
Caproni singled out “Web-based e-mail, social-networking sites, and peer-to-peer communications” as problems that have left the FBI “increasingly unable” to conduct the same kind of wiretapping it could in the past.
“Going Dark” is the FBI’s codename for its project to extend its ability to real time wiretap communications, it is born inside the bureau, employing 107 full-time expert starting from 2009.
According the declaration of Electronic Frontier Foundation attorney Kevin Bankston FBI already can intercept messages on social-networking sites and Web-based e-mail services, the system used is known as Carnivore, later renamed DCS1000. The interception is possible because Facebook messages and Gmail messages travel in plain text over those same broadband wires for which the FBI demanded wiretapping capability.
The main problem is related to rapid technological evolution that make obsolescent surveillance systems in short time, due this reason the request of FBI to include a backdoor in any products that could be involved in communication, like social networking and also online games consoles.
The Domestic Communications Assistance Center represents the technological factory of the “Going Dark” project for the internet wiretapping, the document, FY 2013 Performance Budget Congressional Submission refers to the recent establishment of DCAC:
While progress is expected through DEA’s participation in the recently established Department-wide Domestic Communications Assistance Center (DCAC) led by the FBI to address the growing technological gap between law enforcement’s electronic surveillance capabilities and the number and variety of communications devices available to the public, the foremost challenge confronting U.S. law enforcement is the diminishing ability to conduct lawful electronic intercepts on current and emerging communications technologies as communications providers continue to offer new and improved services and features to customers.  Addressing this issue is critical to maintain law enforcement’s ability to conduct lawful criminal intercepts.
The position of the US authorities is worrying, they want to impose to every internet service provider to give full access to Government for surveillance purpose, according the amendment to CALEA, the Communications Assistance for Law Enforcement Act.
Contrary to what one might think about the news there is no noise, no political debate, confirming a will that seems a common intent.
To confirm that the FBI is allocating new skilled personnel to the unit a job announcement for the DCAC has been published with a deadline of May 2. Analyzing the announcement we can have an idea on the technological skills requested, such as a meaningful experience with “electronic surveillance standards” including PacketCable, QChat and T1.678 (VoIP communications). One required skill for the position, which pays up to $136,771 a year, is evaluating “electronic surveillance solutions” for “emerging” technologies.

Declan McCullagh, chief political correspondent for CNET, in an excellent article on the argument has reported:
The NDCAC will have the functionality to leverage the research and development efforts of federal, state, and local law enforcement with respect to electronic surveillance capabilities and facilitate the sharing of technology among law enforcement agencies. Technical personnel from other federal, state, and local law enforcement agencies will be able to obtain advice and guidance if they have difficulty in attempting to implement lawful electronic surveillance court orders.
It is important to point out that the NDCAC will not be responsible for the actual execution of any electronic surveillance court orders and will not have any direct operational or investigative role in investigations. It will provide the technical knowledge and referrals in response to law enforcement’s requests for technical assistance.
The project is really ambitious and without doubt it will involve all the main intelligence agencies of the country, such as Drug Enforcement Administration and National Security Agency.
NSA also is massive investing in monitoring technology, a couple of months ago we have learned that the agency is building the country’s biggest Spy Center in the little known city of Bluffdale. The center, named Utah Data Center is under construction by contractors with top-secret clearances.
Its purpose is to intercept, decipher, analyze every world’s communications under investigation using every kind of transmission.  The center will have a final cost of $2 billion and should be operative in September 2013. Its databases will be store all forms of communication, including the complete private emails, cell phone calls, search engine researches and every kind of digital data related to every individual. The imperative is to monitor everything!
It’s clear the dimension of the project that has the purpose to cover monitoring need of every type includind of course satellite communication, phone calls, computer data and geostationary satellite data.  
Once the Data Center it’s operational it will be fed data collected by the agency’s eavesdropping satellites, overseas listening posts, and secret monitoring rooms in telecom facilities throughout the US. All that data will then be accessible to the NSA’s code breakers, data-miners, China analysts, counterterrorism specialists, and others working at its Fort Meade headquarters and around the world.
Someone has defined the project as the NSA monitoring cloud
The information I’m proposing should not deceive, in reality the country is already littered with centers for the analysis of data traffic and phone interception that make use of sophisticated software programs that conduct “deep packet inspection,” examining Internet traffic as it passes through the 10-gigabit-per-second cables at the speed of light.
One of the main software has been developed by company called Narus and is controlled remotely from NSA headquarters at Fort Meade in Maryland. Any suspicion communication is automatically recorded and transmitted to the NSA for futher analysis.
Also other agency are interested to monitoring and surveillance, let’s introduce project sponsorized by CIA, the intelligence agency is now interested to gather information from every intelligent devices that is surrounding us to spy on every US citizen. We have introduced months ago a spying project that has the intent to acquire information from gaming platform all over the world, a mine of data to collect and analyze.
Let’s me conclude the article speaking of the most interesting part of the web, the one defind Deep Web, that every agency is infiltrating, a volume of data impressive if compared to the ordinary web. the Deep Web represent today a mine of information with high level of interest, this invisible portion of web is considered infact the homeland for cybercrime, intelligence agancies and hacktivists, due this reason it is considered fundamental to be able to control this controversial cyberscenario.
In the Deep Web are hidden protected data, government communications and noncommercial file-sharing between trusted peers.
“The deep web contains government reports, databases, and other sources of information of high value to DOD and the intelligence community,” according to a 2010 Defense Science Board report.
“Alternative tools are needed to find and index data in the deep web … Stealing the classified secrets of a potential adversary is where the [intelligence] community is most comfortable.”
It ’clear that the huge investments mentioned are a blatant invasion of privacy in the name of security, but the scope of the projects suggests that no law or constitution can oppose.
What will invent the human intellect to escape this modern form of control?
Pierluigi Paganini

Posted by at No comments:

New cyber weapon targets systems in the Middle East

New cyber weapon targets systems in the Middle East: A new sophisticated piece of malware dubbed "Flame" has been discovered in systems belonging to users in many Middle Eastern countries and is though to have been developed by a nation state.


Rese...
Posted by at No comments:

Cyber Security Policy Guidebook

Cyber Security Policy Guidebook: Drawing upon a wealth of experience from academia, industry, and government service, Cyber Security Policy Guidebook details and dissects, in simple language, current organizational cyber security pol...
Posted by at No comments:

Google Apps win ISO 27001 certification

Google Apps win ISO 27001 certification:

FISMA fisticuffs forgotten?

Google has proudly told the world its online productivity suite, Google Apps, has gained the ISO's good cloudkeeping seal of security approval, in the form of the ISO 27001 security certification.…
Posted by at 1 comment:

Nmap 6 Released!

Nmap 6 Released!:
Posted by Fyodor on May 21
Hi folks! After almost three years of work, 3,924 code commits, and

more than a dozen point releases since Nmap 5, I'm delighted to

announce the release of Nmap 6! It includes a more powerful Nmap

Scripting Engine, 289 new scripts, better web scanning, full IPv6

support, the Nping packet prober, faster scans, and much more!



For the top 6 improvements in Nmap 6, see the release notes:



http://nmap.org/6



Or you can go straight to the...
Posted by at No comments:

Anonymous hacks Bureau of Justice and leaks 1.7GB of data

Anonymous hacks Bureau of Justice and leaks 1.7GB of data:
Anonymous hacks Bureau of Justice and leaks 1.7GB of data

Anonymous has apparently hacked the United States Bureau of Justice Statistics and posted 1.7GB of data belonging to the agency on The Pirate Bay. This is a Monday Mail Mayhem release. Online statements attributed to Anonymous said they were responsible for the security breach and that the files they obtained include emails.<!-- adsense -
Posted by at No comments:

NASA SSL Digital Certificate hacked by Iranian Hackers

NASA SSL Digital Certificate hacked by Iranian Hackers:
NASA SSL Digital Certificate hacked by Iranian Hackers
Iranian hackers 'Cyber Warriors Team' announced in an online post that it compromised an SSL certificate belonging to NASA and subsequently accessed information on thousands of NASA researchers. A space agency representative revealed that they’re currently investigating the incident.<!-- adsense -->
The group said the certificate was
Posted by at 2 comments:

Anonymous Takedown Bharatiya Janata Party, wants people to protest against 'web censorship'

Anonymous Takedown Bharatiya Janata Party, wants people to protest against 'web censorship':
A day after messing with servers maintained by Reliance Communications, Anonymous, an international hacker collective, defaced two websites belonging to BJP on Sunday. Through its Twitter account (@opindia_back) it announced that www.mumbaibjp.org and www.bjpmp.org.in were hacked by the group. After the hacking, the group posted a message to web users, asking them to organize protests against "
Posted by at No comments:

Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered By Iran National CERT (MAHER)

Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered By Iran National CERT (MAHER):
Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered by Iran National CERT (MAHER)


After "Duqu" now The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). The name “Flamer” comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals. At the time of writing, none of the 43 tested anti viruses could detect any of the malicious components. Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May. 


Key Features of “Flamer” :-
  • Distribution via removable medias
  • Distribution through local networks
  • Network sniffing, detecting network resources and collecting lists of vulnerable passwords
  • Scanning the disk of infected system looking for specific extensions and contents
  • Creating series of user’s screen captures when some specific processes or windows are active
  • Using the infected system’s attached microphone to record the environment sounds
  • Transferring saved data to control servers
  • Using more than 10 domains as C&C servers
  • Establishment of secure connection with C&C servers through SSH and HTTPS protocols
  • Bypassing tens of known antiviruses, anti malware and other security software
  • Capable of infecting Windows Xp, Vista and 7 operating systems
  • Infecting large scale local networks


For additional information about "Flamer" click Here
Posted by at No comments:

Personal Information of 123,000 US Government Employees Stolen

Personal Information of 123,000 US Government Employees Stolen:
Personal Information of 123,000 US Government Employees Stolen
Personal information of over 123,000 federal employees have been exposed after a cyber attack in last July. The cyberattack occurred against a Thrift Savings Plan (TSP) contractor, Serco Inc. The FBI notified both Serco and the TSP last month about the attack. According to the Guardian has called Serco "probably the biggest company you have never heard of." It's on the FTSE 100 (Big!), has 100,000 employees and operates everything from railways in the UK and Australia to driver licensing in Ontario, Canada to retirement accounts for US government employees, members of the armed forces and US Postal Service workers. Perhaps taking advantage of the holiday weekend in the United States, Serco announced this morning that hackers had compromised systems at its Thrift Savings Plan (TSP) operation.
After extensive forensic investigation it was determined that 43,000 members' names, addresses and Social Security Numbers had been accessed by the intruders, and the Social Security Numbers of another 80,000 may have been involved. 
"Serco regrets this incident and the inconvenience it may cause to some Thrift Savings Plan participants and payees whose personal data was involved," said Serco Chairman and CEO Ed Casey in the statement. "We have fortified our information security measures and cyber defenses."
Further information has been published that shows the original intrusion into Serco's system occurred in July 2011. Information that was accessed has been available to criminals for nearly a year before Serco was notified by the FBI.




-Source (FOX News & NS)






Posted by at No comments:

Tuesday, 1 May 2012

Identity Theft, the growing crime

Identity Theft, the growing crime:
Every day we exchange personal information with colleagues, friends and unknown people with no idea how they are treated and for what use they will be managed. Telephone number, email address or driver’s license number are example of the data we provide ordinary using new media channels like internet and the social networks.
The use of this information is of great interest for the industry of crime because it is possible to commit a wide range frauds with high profits.
With the terms Identity Theft and identity fraud are referred all types of crime in which an ill-intentioned individual obtains and uses another person’s personal data, this kind of crimes are increasing according the data provided by law enforcement all over the world.
Many organizations have tried to provide a characterization of the phenomenon trying to classify the types of identity theft in categories.
SANS Institute proposed the following characterization:
  • Financial fraud – type of identity theft that includes bank fraud, credit card fraud, computer and telecommunications fraud, social program fraud, tax refund fraud, mail fraud, and many more.  A total of 25 types of financial identity fraud are investigated by the United Secret Service.
  • Criminal activities – type of identity fraud involves taking someone else’s identity in order to commit a crime, enter a country, get special permits, hide one’s own identity, or commit acts of terrorism. The criminal activities can include:
    • Computer and cyber crimes
    • Organized crime
    • Drug trafficking
    • Alien smuggling
    • Money laundering
How do identity thieves access personal information?
There are a lot of scenarios to access to personal information and identify them is necessary to recognize and prevent this type of crime. Most common case are:
  • through a social engineering attack
  • through a retail transaction
  • by hacking into computer systems
  • through phishing campaigns
  • through stolen purses or wallets
  • through stolen personal documents
  • by stealing information from a company who had stored the data online
  • through stolen mail
  • and in many other ways
  • through dumpster diving – rummaging through trash in an attempt to find personal information

But how widespread is the crime and what are the figures that show its growth?
A global precise estimates of phenomenon is impossible due to the different legal treatment reserved for this type of crime in different countries, however, to provide a valid indication I extrapolated some data from the “2012 Identity Fraud Report 2011″  study conducted by Javelin Strategy & Research.  The company collects data related to US citizens to measure the overall impact of identity fraud on consumers.
In the next graphics is presented the progress of the Incident Rate from 2003.

The situation is worrying, 4.9% of U.S. Adults Were Victims of Fraud in 2011. After a sensible reduction of identity fraud incidence from 2009 to 2010, we see an increase this year of more than 10%. ID fraud increased to 4.90% in 2011 from 4.35% in 2010, which represents a 12.6% increase. The total number of identity fraud victims increased to about 11.6 million U.S. adults in 2011, compared to 10.2 million victims in 2010.
Despite the growth of incidents for for ID fraud, the annual overall fraud amount was at its lowest point of $18 billion since 2003 attributable to the rapid increase of thefts characterized by lower profits.

Digital Identity

Particularly alarming is the growth of such crimes in computers. Which are the information that compose our digital identity?
On the Internet, our identity composed by:
  • IP (Internet Protocol) address
  • address where we live
  • usernames
  • passwords
  • personal identification numbers (PINs)
  • social security numbers
  • birth dates
  • account numbers
  • other personal information
The data are continuously exposed to high risk of frauds, the propensity of Internet users to the usage social networks and the rapid spread of mobile platforms create the right conditions for criminals.
Unlike the classic identity theft, for digital theft victims don’t have to wait for a thief to physically steal their information that can be stolen by computer criminals from the databases of banks, retailers, ISPs and also from victim’s PC.
In internet researches have identified three main schemas to realize identity thieves
  • Phishing Attacks – This lure often comes in the form of a spam email or pop-up warning that looks like it has been sent from a company we trust. Often the companies are ones that we use regularly, like our bank, credit card company or some other online payment system. If we click on the link indicated, we are directed to a web site that is designed to look exactly like the official site of the company being mis-represented. Under the assumption that they are at an official site, victims enter specific personal information, such as social security number, credit card number or password.
  • Malware technology – The fraud is realized when users download malware just by clicking on a pop-up ad or viewing spam email. The malware gathers information, such as user IDs and passwords for bank accounts, logging all keyboard strokes, or by using Trojans and other techniques to collect information from our PCs. This information is then passed back to the Command and Control servers when victims connect to the Internet.
  • Pharming – In pharming, a cyber criminal exploits a vulnerability in an ISP’s (Internet Service Provider) DNS server and hijacks the domain name of a legitimate web site. Anyone going to the legitimate site is redirected to an identical but bogus site. Once redirected, unsuspecting site users will enter personal information, such as a password, PIN number or account number.
According a Gartner Study on Internet identity theft,  based on a survey of 5000 U.S. adult Internet users, it has been estimated that:
  • 1.78 million adults could have fallen victim to the scams
  • 57 million adults have experienced a phishing attack
  • The cost of phishing… 1.2 billion dollars!
It ‘clear that the figures mentioned are a great attraction for criminal organizations that are devoting substantial resources and investments in the sector. An increasing component of organized crime is specializing in this kind of activity characterized by high profits and low risks compared to traditional criminal activities. In the US The Federal Trade Commission is monitoring the phenomenon of Identity Theft with main national agencies promoting several activities to aware the population regarding the risks derived to the crime exposure.

Prevention, Detection and Resolution Model

According to the guidelines provided by the Federal Trade Commission the fight to the identity theft crime must be articulated in three phases, the prevention, the detection and the resolution.
The prevention actions are different mainly based on the awareness on cyber threat and a constant monitoring of real exposure of personal information. It’s essential that population, and in particular internet user must know the threats related the divulgation and the improper usage of their data.
Personal information must be protected and citizens must be aware of the real usage of their info once provided.
The protection must be completed with detection actions, operations that must be in place to discover the identity thefts and frauds. Constant alerts and bulletins must be provided by the law enforcement every time a new fraud is detected. Private sector and government institution must cooperate to realize program and project to contain this type of crime supported by an adequate legal framework providing for severe penalties for these offenses.

Applying the model to the mobile landscape and social networks

Let’s try together to apply the model to two of main worrying scenarios, mobile and social networking. To prevent fraud and identity theft in mobile device usage let’s follow simple best practices:
  • Disable as default every “always on” functionality of mobile devices.
  • Install mobile software only from the legitimate App stores and markets.
  • Be aware of permission we grant to the applications we execute on mobile.
  • Do not jailbreak or root your mobile device.
  • Install an antivirus program to mitigate instances of mobile malware.
  • Make sure the OS is upgraded to the last version applying security updates.
  • Make sure that you can erase the content of your mobile remotely in case of lost.
  • Be careful with premium SMS numbers — sometimes you are signing up for stuff when you are agreeing to the licensing terms.
Regarding the user’s behavior to have during the frequentation of social networks:
  • Do not reveal sensitive or personal information on social networking sites.
    • Such personal details are commonly used by banks and credit card companies as security questions to identify an individual  before clearing access to his or her financial accounts, credit card logins, and more.
    • Social networking sites can provide fraudsters with personal information to access accounts. Use caution when sharing such details on your profile. Also, take advantage of privacy settings so that you can control who sees your profile information.
  • Use caution when using apps on social networking sites.
    • Verify that the app does not have access to any personally identifiable information. Users of certain social media apps experience a significantly higher incidence of fraud than the general public. In 2011, users who had ever clicked new apps or updated their profiles with important events experienced a 6.8% incidence rate compared to the overall fraud incidence rate of 4.9%.
Prevention is better than cure
Pierluigi Paganini
Posted by at 1 comment:
Subscribe to: Posts (Atom)