Key security attacks in 2013

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://businesstech.co.za/news/it-services/50444/key-security-attacks-in-2013/

Kaspersky Lab, a security solutions provider, says that some of the
revelations of the past year around cyber security raised questions about
the way we use the Internet and the type of risks we face, including
cyber-mercenaries, and a new threat through the evolution of a new Bitcoin
ecosystem.

Kaspersky says that in 2013 advanced threat actors have continued
large-scale operations, and cyber-mercenaries, specialist APT groups “for
hire” which focus on hit-and-run operations emerged.

Hacktivists were constantly in the news, together with the term “leak”,
which, according to Kaspersky, is sure to put fear into the heart of any
serious sys-admin out there. In the meantime, cyber-criminals were busy
devising new methods to steal money or Bitcoins, it said.

Edward Snowden and the wider privacy implications of his revelations were
also headline news in 2013, with one of the first visible effects being the
shutdown of encrypted e-mail services such as Lavabit and Silent Circle.

“The reason was their inability to provide such services under pressure
from law enforcement and other governmental agencies. Another story which
has implications over privacy is the NSA sabotage of the elliptic curve
cryptographic algorithms released through NIST, Kaspersky said.

New “old” cyber-espionage campaigns: up to 1,800 victim organisations in
2013:

- The majority of the cyber-espionage campaigns that Kaspersky Lab’s
analysts have seen were designed to steal data from governmental agencies
and research institutions – Red October, NetTraveler, Icefog and MiniDuke
all behave this way.
- The most widespread campaign of the year was NetTraveler espionage which
affected victims from 40 countries all over the world.
- For the first time ever cyber-criminals harvested information from mobile
devices connected to the victims’ networks – clear recognition of
importance of mobile to hackers.
- Red October, MiniDuke, NetTraveler and Icefog all started by ‘hacking the
human’. They employed spear-phishing to get an initial foothold in the
organisations they targeted

Kaspersky warns that any organisation or person can become a victim. “Not
all attacks involve high profile targets, or those involved in ‘critical
infrastructure’ projects. Those who hold data could be of value to
cyber-criminals, or they can be used as a ‘stepping-stones’ to reach other
targets,” the security firm said.

This point was amply illustrated by Icefog attacks in2013, it said. “They
were part of an emerging trend that appeared in 2013 – attacks by small
groups of cyber-mercenaries who conduct small hit-and-run attacks. Going
forward, we predict that more of these groups will appear as an underground
black market for ‘APT’ services begins to emerge,” said Costin Raiu,
director of the Global Research and Analysis team, Kaspersky Lab.

Why cyber crime?

Stealing money – either by directly accessing bank accounts or by stealing
confidential data – is not the only motive behind security breaches,
Kaspersky notes.

They can also be launched to undermine the reputation of the company being
targeted, or as a form of political or social protest. Ongoing hacktivist
activities continued through 2013.

‘Anonymous’ group has claimed responsibility for attacks on the US
Department of Justice, Massachusetts Institute of Technology and the web
sites of various governments.

Those claiming to be part of the ‘Syrian Electronic Army’ claimed
responsibility for hacking the Twitter account of Associated Press and
sending a false tweet reporting explosions at the White House – which wiped
$136 billion off the DOW. For those with the relevant skills, it became
easier to launch an attack on a web site than it is to co-ordinate the
real-world protests.

Bitcoins ruling the world

The Bitcoin system was implemented back in 2009. In the beginning, this
crypto currency was used by hobbyists and mathematicians. Soon, they were
joined by others – mostly ordinary people, but also cyber-criminals and
terrorists. They provide an almost anonymous and secure means of paying for
goods.

In the wake of the surveillance stories of 2013, there is perhaps little
surprise that people are looking for alternative forms of payment. And it
is gaining popularity – in November 2013, the mark surpassed the 400$ for
one Bitcoin.

The methods used by cyber-criminals to make money from their victims are
not always subtle. Apart from Bitcoins, which could potentially be stolen,
“ransomware” programmes became a popular means of making easy money –
cyber-criminals block access to a computer’s file system, or encrypt data
files stored on the computer.

Then they warn you that you must pay in order to recover your data. This
was the case with the Cryptolocker Trojan. The cyber-criminals give their
victims only three days to pay up, accepting different forms of payment,
including Bitcoin.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.