BreachExchange mailing list archives
Key security attacks in 2013
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 30 Dec 2013 18:04:02 -0700
http://businesstech.co.za/news/it-services/50444/key-security-attacks-in-2013/ Kaspersky Lab, a security solutions provider, says that some of the revelations of the past year around cyber security raised questions about the way we use the Internet and the type of risks we face, including cyber-mercenaries, and a new threat through the evolution of a new Bitcoin ecosystem. Kaspersky says that in 2013 advanced threat actors have continued large-scale operations, and cyber-mercenaries, specialist APT groups “for hire” which focus on hit-and-run operations emerged. Hacktivists were constantly in the news, together with the term “leak”, which, according to Kaspersky, is sure to put fear into the heart of any serious sys-admin out there. In the meantime, cyber-criminals were busy devising new methods to steal money or Bitcoins, it said. Edward Snowden and the wider privacy implications of his revelations were also headline news in 2013, with one of the first visible effects being the shutdown of encrypted e-mail services such as Lavabit and Silent Circle. “The reason was their inability to provide such services under pressure from law enforcement and other governmental agencies. Another story which has implications over privacy is the NSA sabotage of the elliptic curve cryptographic algorithms released through NIST, Kaspersky said. New “old” cyber-espionage campaigns: up to 1,800 victim organisations in 2013: - The majority of the cyber-espionage campaigns that Kaspersky Lab’s analysts have seen were designed to steal data from governmental agencies and research institutions – Red October, NetTraveler, Icefog and MiniDuke all behave this way. - The most widespread campaign of the year was NetTraveler espionage which affected victims from 40 countries all over the world. - For the first time ever cyber-criminals harvested information from mobile devices connected to the victims’ networks – clear recognition of importance of mobile to hackers. - Red October, MiniDuke, NetTraveler and Icefog all started by ‘hacking the human’. They employed spear-phishing to get an initial foothold in the organisations they targeted Kaspersky warns that any organisation or person can become a victim. “Not all attacks involve high profile targets, or those involved in ‘critical infrastructure’ projects. Those who hold data could be of value to cyber-criminals, or they can be used as a ‘stepping-stones’ to reach other targets,” the security firm said. This point was amply illustrated by Icefog attacks in2013, it said. “They were part of an emerging trend that appeared in 2013 – attacks by small groups of cyber-mercenaries who conduct small hit-and-run attacks. Going forward, we predict that more of these groups will appear as an underground black market for ‘APT’ services begins to emerge,” said Costin Raiu, director of the Global Research and Analysis team, Kaspersky Lab. Why cyber crime? Stealing money – either by directly accessing bank accounts or by stealing confidential data – is not the only motive behind security breaches, Kaspersky notes. They can also be launched to undermine the reputation of the company being targeted, or as a form of political or social protest. Ongoing hacktivist activities continued through 2013. ‘Anonymous’ group has claimed responsibility for attacks on the US Department of Justice, Massachusetts Institute of Technology and the web sites of various governments. Those claiming to be part of the ‘Syrian Electronic Army’ claimed responsibility for hacking the Twitter account of Associated Press and sending a false tweet reporting explosions at the White House – which wiped $136 billion off the DOW. For those with the relevant skills, it became easier to launch an attack on a web site than it is to co-ordinate the real-world protests. Bitcoins ruling the world The Bitcoin system was implemented back in 2009. In the beginning, this crypto currency was used by hobbyists and mathematicians. Soon, they were joined by others – mostly ordinary people, but also cyber-criminals and terrorists. They provide an almost anonymous and secure means of paying for goods. In the wake of the surveillance stories of 2013, there is perhaps little surprise that people are looking for alternative forms of payment. And it is gaining popularity – in November 2013, the mark surpassed the 400$ for one Bitcoin. The methods used by cyber-criminals to make money from their victims are not always subtle. Apart from Bitcoins, which could potentially be stolen, “ransomware” programmes became a popular means of making easy money – cyber-criminals block access to a computer’s file system, or encrypt data files stored on the computer. Then they warn you that you must pay in order to recover your data. This was the case with the Cryptolocker Trojan. The cyber-criminals give their victims only three days to pay up, accepting different forms of payment, including Bitcoin.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Key security attacks in 2013 Audrey McNeil (Dec 31)