Cyber crims smash through Windows into the great beyond

How malware became a multi-platform game

Save our servers

Clients are not the only targets either. Any piece of infrastructure connected to the internet is attractive to hackers for various reasons.

Servers, given the valuable data passing through them, have become increasingly tempting for digital crooks, as evidenced by Operation Windigo, uncovered by ESET researchers this year.

The Windigo malware infected more than 25,000 Unix servers, including those running nginx, Lighttpd, and Apache web servers. The aim appeared to be rather banal: to send out reams of spam from infected machines.

But it was more complex than that, as visitors to those servers were targeted by further malware which would steal information from the clients. Crooks are upping their cross-platform attacks.

Routers are also receiving a lot of attention. Malware known as the Moon was spotted earlier this year hitting various LinkSys routers and access points.

The Moon worm bypassed authentication on the router by logging in without knowing the admin credentials. It wasn’t clear what the attackers were doing, other than causing latency issues.

Once infected, the router would start flooding the network with traffic over ports 80 and 8080. The Moon may have just been a trial, however, with hackers testing whether self-replicating malware could work across routers.

Attacks on network devices have become more severe in recent months. In March, non-profit security organisation Team Cymru disclosed an epic attack campaign on 300,000 machines from  D-Link, Micronet, Tenda and TP-Link, among others.

The hackers were seen altering domain name system configurations, opening up the potential for sending victims to malicious websites.

Embracing diversity

The myriad platforms entering the workplace and the vulnerabilities residing in all of them have brought about a hugely complex environment, one fraught with risk. Innovation among black hats, as seen with the server and router attacks, isn’t helping either.

“The greater the diversity of a company's IT infrastructure, the harder it becomes to keep everything updated and secure. Multiple devices running different versions of software mean not only more problems for IT administrators but also more opportunities for cyber criminals to get in,” says Janus.

"A data breach may occur because of a single outdated smartphone"

“For example, even if all Windows workstations in a company are adequately protected, always up-to-date, used with secure policies and running security software, a data breach may occur because of a single outdated smartphone or a misconfigured router.”

There is some sort of good news here: threats that are not cross-platform obviously won’t affect the entire client environment.

“On the other hand, platform diversity means that a security failure on one platform will not necessarily repeat for other platforms,” says Charles Brett, analyst at Freeform Dynamics.

“This is a difficult balancing act, just like it is in a global supply chain – one low-cost specialist supplier or three higher cost ones with possibly lower quality overall.

“In a modern multi-platform environment it is essential for IT managers to pay close attention to the security of every single device, not only the ones that are considered to be most at risk of being targeted.”

In-depth risk assessments have to focus not just on the operating systems in use but on the applications and content passing through them.

“Take a long look at all the platforms in use in the organisation, not just those officially supported,” says Tony Lock, analyst at Freeform Dynamics.

“Then consider who is using them and which systems and information they can reach. Effective security solutions can be built only with this knowledge and with the acceptance of the need for security among the users. Training users could be the most effective way forward.”

Indeed, training in different operating systems, even if it seems unnecessarily in-depth, should help boost organisational security.

“There is a dilemma here: security is dull, complex, ever-changing or evolving and by its nature restrictive, which does not make it very attractive for teaching,” says Brett.

Mind the hole

“The alternative to not making people aware of the security implications is to lock down tight, but this is often unpleasantly restrictive. It encourages workarounds that in turn create security holes because people do not understand the implications of what they are doing.

“CIOs seem to have nailed their colours to the fence, not wishing to offend with perceived excess security and rarely possessing a budget for coherent, enterprise-wide  security awareness. The key, which may be unobtainable, is friendly lock-down.”

Despite all of the attacks across different machines and the rise of Android malware, Windows still has to be a major worry for IT.

“Windows remains one of the most vulnerable as so many still run it in admin mode. Android does not run like this and has better base security, so we still need to be focussed on Windows security,” says Tarzey.

And with Microsoft having finally pulled the plug on XP support in April, Windows will be getting even more attention from malicious hackers in the coming months. ®

Other stories you might like

Biting the hand that feeds IT © 1998–2022