After the cyberpunks, prepare to fight a new wave of nasties
Sometimes the FUD is real
Android in the frame
Mobile threats have been on the horizon for some time, and malware targeting Google’s Android operating system has shown clear signs of maturity in recent months.
“These have been theoretical for some time and there has been a growing number of malicious apps in various stores cropping up but we have yet to see mobile being used as a wholesale attack vector,” says Malik.
“The access mobile devices can provide to an attacker is definitely something businesses should be planning for."
Google Play has seen some nasty pieces of mobile malware hit the market this year. Even Remote Access Trojans, surreptitious surveillance tools, were spotted on the store in March, disguised as a parental control application.
The toolkits used to make such malware, such as Dendroid, have been proliferating on underground forums too, as data-hungry digital crooks seek to profit from mobile victims.
Yet most of the threats are SMS Trojans, which send messages to premium-rate numbers controlled by the criminals. Indeed, F-Secure data shows 83 per cent of mobile malware carries out this nefarious activity.
Smartphone attacks are multiplying partly because of the immaturity of protections against them.
Google came away red-faced in April when an app called Virus Shield landed on the marketplace, only to be uncovered as a dud.
It proved Google’s app-vetting policies weren’t keeping out even basic threats
It is believed the software, which did nothing other than change its icon from a shield with an ‘X’ to one with a tick mark, was put up for sale accidentally. Yet it still sold more than 30,000 copies and made plenty of money for its creators.
Google eventually decided to refund users who had paid for the app. It proved Google’s app-vetting policies weren’t keeping out even basic threats.
Meanwhile, one of the world’s most prolific malware gangs, the Reveton group responsible for some of the most prevalent ransomware types, was seen making a move into Android in May.
Their latest creation, Android.Trojan.Koler.A, is being served up from malicious pornographic sites. As users visit those sites, an application that claims to be a video player for premium porno viewing is downloaded, if users agree.
It then tells users they have been locked out of their phone for trying to view such prurient material and asks for $300 to unlock it. It is a mean trick and a sign that cyber crooks are taking smartphones seriously, knowing there is money to be made from Android users.
At the same time, other kinds of attacks on mobiles are known to have been enacted. The Edward Snowden revelations proved snoops were exploiting data leakage vulnerabilities in mobile apps, including popular titles such as Angry Birds.
By monitoring open Wi-Fi networks, attackers can easily pick up useful data, especially as many modern mobile apps fail to do proper end-to-end encryption.
In some cases they do no encryption at all, or mixed HTTPS, meaning some transactions are secret and others are not.
As the complexity of malware has increased, so has the size and scale of distributed denial of service (DDoS) attacks.
Ever-growing botnets have provided attackers with the compute power they need to overwhelm servers with data, while vulnerabilities in web architecture have allowed them to amplify their attacks to record highs.
The latest peak came earlier this year, when a French organisation, which remains unnamed, was hit by a 325Gbps DDoS.
That attack exploited the “monlist” command vulnerability in the Network Time Protocol (NTP), which meant a small request to an NTP server would respond with many times the data sent.
By doing some IP spoofing, attackers can send the epic responses from thousands of vulnerable NTP servers to knock people offline.
Darren Anstee, director of solutions architects at anti-DDoS provider Arbor Networks, says the gaming industry is the target of many attacks.
France has some major hosting providers, such as OVH, which contain many of the servers used by gaming providers, hence the significant DDoS activity in the country, he says.
It will come as no surprise if a DDoS surpasses 500Gbps this year, given that there are numerous internet services that can be abused for amplification.
While they don’t provide the same turbo injection to DDoS attacks, the Simple Network Management Protocol and open Domain Name System resolvers are both being used en masse to flood networks.
The problem shows little sign of abating, even if companies such as Arbor and Cloudflare claim to have systems that can dampen the effect of epic attacks using traffic scrubbing alongside DDoS detection and IP blocking.
Degrees of separation
As the Internet of Things builds up and objects that weren’t previously connected get an IP address, it is easy to forget some of those devices managing critical systems are already accessible over the web and therefore hackable.
“Everything that is connected to the internet can become a potential entry point to the home or office network for the attacker,” says Janus
As a prime example, Scada machines, used in energy and water plants, transport and various other national infrastructure systems, have been shown to carry serious vulnerabilities. It is unclear how many of these systems are being hacked, but there is no doubt they can be compromised.
Due to the numerous weaknesses in critical machines, from those managing traffic lights to those helping to run the power grid, many security experts believe there will be an increase in digital attacks with a real destructive effect.
“There are those threats which kind of drop off the radar and no one is really quite sure how they are being used or if they have been used at all because they don’t need to be used en masse,” says Malik.
“For example, industrial control systems have been shown to be vulnerable but there isn’t enough public data available to show that they have been actively exploited.
“On the other hand, you have threats to medical equipment and facilities. How many people's pacemakers have been remotely turned off, or insulin levels tampered with?
“The long and short of it is that just because something isn't widespread, does that mean it hasn’t become a reality?” ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust