Posts Tagged ‘APTs’

Thursday, February 20, 2014 @ 03:02 PM gHale

Security firms Check Point and Bit9 will combine their individual areas of expertise in a move to upgrade their service offerings.

The companies will offer the upgraded service in the first half of 2014.

VMware Deals for Mobile Security Firm
Belden, exida Ink Partnership Pact
French IT Security Firm Acquired
Palo Alto Networks Deals for Morta Security

Check Point and Bit9 said the solution will attempt to fix four key challenges posed by advanced threats: It will let IT managers prioritize alerts, respond to them, prevent incoming attacks and analyze all incoming files passing through their endpoints and servers.

“Integrating the Check Point Threat Emulation Service with the Bit9 Security Platform, now with Carbon Black, extends real-time malware prevention, detection, analysis and response to every endpoint and server,” said Brian Hazzard, vice president of product management for Bit9. “Attacks and compromise are the new normal, but complete lockdown of every machine is unrealistic.”

“The best protection is to secure as many endpoints and servers as possible and put the rest in a ‘detect-detonate-deny’ posture that allows for real-time security policy enforcement as threats appear. This is exactly the operational value and closed-loop integration we will deliver as result of our partnership with Check Point.”

“Check Point’s network-protection and threat-emulation capabilities, combined with Bit9 and Carbon Black’s advanced threat security and incident-response solutions, will deliver complete end-to-end protection,” said Dorit Dor, vice president of products at Check Point.

Check Point and Bit9 are two of many companies to bolster their advanced threat-detection and protection portfolios in recent months. IBM just unveiled a new Security QRadar Incident Forensics attack-detection tool for enterprise-level businesses.

Thursday, July 25, 2013 @ 06:07 PM gHale

There has been an uptick in more sophisticated and targeted malware attacks over the last 24 months, a new survey said.

The most likely avenue for a malware attack, and cause for successful malware attacks, is lack of user knowledge about cyber security risks, according to a survey of 315 North American-based IT security professionals working at enterprise-class organizations (1,000 employees or more) sponsored by Malwarebytes and conducted by Enterprise Strategy Group (ESG).

C-Level Fears Own Security Profile
Survey: Security Metrics Too Complicated
Cyber Report: Attackers on Network
SMBs Need Data Breach Awareness

The study found enterprise organizations are seeing an increase in more sophisticated malware and are making it a strategic priority to add new layers of endpoint security to protect their organizations against advanced Zero Day and polymorphic threats commonly used for targeted attacks.

“As cyber-attacks become more sophisticated, IT security professionals are realizing that relying on only one layer of endpoint security isn’t enough. Each endpoint needs multiple layers of malware detection to ensure complete protection,” Marcin Kleczynski, chief executive of Malwarebytes. “The reality is, most antivirus products will miss nine out of 10 Zero Day malware threats, and having a layered approach blocks advanced threats that traditional antivirus scanners may fail to detect.”

The ESG report found the majority of respondents have seen an uptick in more sophisticated and targeted malware attacks over the last 24 months. However, 62 percent of organizations surveyed said endpoint security software is not effective for detecting Zero Day and/or polymorphic malware, which leaves them vulnerable to these attacks. Likely avenues for malware to compromise an organization’s system included employees opening an infected email attachment and unwittingly clicking on an infected URL while surfing the Web. Survey respondents indicated an employee clicking on an infected URL posted within an email was the most likely vector for malware to infiltrate their organizations.

On average, it took 57 percent of respondents hours to detect that an IT asset suffered a compromise by malware. It took 19 percent of organizations several days to determine there had been an attack, and 29 percent of respondent organizations that have suffered a successful malware attack believe the increasing use of social networks is responsible for those attacks.

In addition, two-thirds of U.S.-based respondents do not believe the U.S. federal government is doing enough to help the private sector cope with the current cyber-security and threat landscape, and 85 percent of IT security professionals expressed concern about some type of massive cyber attack that could impact critical infrastructure, the economy and/or national security.

“When it comes to managing malware risk, enterprises would be best served by implementing a layered approach using proactive and reactive lines of defense through their networks. Antivirus software plays a key role in protecting organizations, but it should not be the only method used to deter malware attacks,” said Jon Oltsik, senior principal analyst at ESG. “Additionally, sometimes the biggest vulnerability in an organization is the computer users. Because employee actions can greatly impact computer security, educating employees on potential threats and how to avoid them should be made a priority.”

Thursday, July 25, 2013 @ 05:07 PM gHale

Senior executives are now becoming very aware of the cyber threat hanging over them with over 66 percent of the top brass concerned their companies will not be able to stop cyber threats, and one in five say their biggest concern is not knowing whether an attack is underway, a new survey found.

However, sometimes fears don’t always translate into fixes. Of those surveyed, 42 percent report not having an Incident Response Team in place, and nearly half (47 percent) said they are not making use of advanced malware analysis tools, according to the ThreatTrack Security report.

Survey: Security Metrics Too Complicated
Cyber Report: Attackers on Network
SMBs Need Data Breach Awareness
Breach Discovery: 10 Hours

The independent blind survey of 200 C-level executives at enterprises ended up conducted by Opinion Matters on behalf of ThreatTrack Security in June 2013. The results highlight the opinions of CSO, CIO, CEO and CTO executives related to the cyber security practices of their companies.

At a time when advanced persistent threats (APTs), targeted attacks, Zero Day threats and other sophisticated malware have become profitable businesses for malware writers and cybercriminals, many large enterprises are still struggling with how to protect themselves.

It is especially telling that, according to the study, 97 percent of enterprises with annual security budgets over $1million still report concerns they are vulnerable to malware attacks and cyber espionage tactics.

“Enterprises are facing an unprecedented surge of highly targeted and sophisticated threats that are designed to evade traditional malware detection technologies,” said Julian Waits, chief executive at ThreatTrack Security. “The only way to battle these threats effectively is with a combination of highly skilled cyber security professionals armed with the strongest malware analysis tools available. Companies that don’t employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys.”

Key findings from the survey include:
• 69 percent of executives fear their organizations may be vulnerable to targeted malware attacks, APTs and other sophisticated cybercrime and cyber-espionage tactics.
• More than one in five enterprises (21 percent) said their biggest concern is not knowing whether an attack is taking place.
• 47 percent said their cyber defense does not include an advanced malware analysis tool, such as a malware analysis sandbox; 42 percent do not have a dedicated Incident Response Team employed.
• One third of the enterprises surveyed say they are aware of a targeted malware attack against their company, including 50 percent of financial services firms and 53 percent of manufacturing companies.
• 82 percent of financial services firms fret over APTs and sophisticated attacks, but only half of them employ an advanced malware analysis tool like a sandbox.
• 36 percent of enterprises said they fear losing proprietary intellectual property and trade secrets in a breach than they are about losing their customers’ personally identifiable information (such as credit card data, social security numbers or medical records).

Friday, February 22, 2013 @ 03:02 PM gHale

Even in today’s heightened digitally aware environment, companies remain unprepared to protect themselves against an emerging, relentless cyber security danger that threatens national security and economic stability, a new survey said.

Advanced persistent threats (APTs) are not easy to eliminate, which makes them different from traditional threats, according to global IT association ISACA. But an ISACA survey of more than 1,500 security professionals found 53 percent of respondents do not believe APTs differ from traditional threats.

‘Trust’ Risk Losses Soaring
Attacks Spreading to Other Industries
More Effective DDoS Attacks on Rise
DDoS Attacks Steady; Others on Rise

This disconnect indicates IT professionals and their organizations may not be fully prepared to protect themselves against APTs, ISACA said.

“APTs are sophisticated, stealthy, and unrelenting,” ISACA International Vice President Christos Dimitriadis said. “Traditional cyber threats often move right on if they cannot penetrate their initial target. But an APT will continually attempt to penetrate the desired target until it meets its objective — and once it does, it can disguise itself and morph when needed, making it difficult to identify or stop.”

High-profile examples of APTs include the Google Aurora attack, disclosed in January 2010, and an attack on security, compliance, and risk management provider RSA in 2011. Although APTs are espionage tactics that often look to steal intellectual property, the Google Aurora and RSA attacks show these threats are not just facing government entities, the report said.

Although more than 70 percent of IT professionals surveyed said their organizations are able to detect APT attacks, and more than 70 percent said they are able to respond to APT attacks, their description of controls indicate a misunderstanding and lack of preparation, according to ISACA. Top controls enterprises use to stop APTs were anti-virus and anti-malware programs (95 percent), and network perimeter strategies such as firewalls (93 percent).

The difference is APTs can get around these types of defenses. “APTs call for many defensive approaches,” said ISACA Director Jo Stewart-Rattray.

APT hackers do use social media to learn information about employees of organizations. Then they send “spear phishing” emails that appear legitimate. Ninety percent of respondents in the ISACA survey said the use of social networking sites increases the likelihood of a successful APT attack.

While 22 percent of respondents said they suffered an APT attack, 63 percent said it is only a matter of time before their enterprise ends up targeted by an APT.

“We are only in February, and already we can declare 2013 as the year of the hack,” Tom Kellermann, vice president of cyber security for Trend Micro said in the news release. “… Enterprises are under attack, and they don’t even know it.”

Click here to register to download the report.

Thursday, February 21, 2013 @ 05:02 PM gHale

Sophisticated attacks that once targeted the financial services industry are now going out to other critical sectors, while the bad guys are employing new tactics and technologies to avoid industry-standard security measures.

Does that mean bad guys don’t want to play by the rules?

There is a continued proliferation of password-stealing Trojans and advanced persistent threats (APTs) such as Operation High Roller and Project Bliztkrieg, and the expansion of their attacks to government, manufacturing and commercial transaction infrastructure targets, according to the report from McAfee.

More Effective DDoS Attacks on Rise
DDoS Attacks Steady; Others on Rise
Mobile Number Harvesting Tool
Website Attacks up 600%

“We are seeing attacks shifting into a variety of new areas, from factories, to corporations, to government agencies, to the infrastructure that connects them together,” said Vincent Weafer, senior vice president of McAfee Labs. “This represents a new chapter in cyber security in that threat-development, driven by the lure of financial industry profits, has created a growing underground market for these cybercrime weapons, as well as creative new approaches to thwarting security measures common across industries.”

Leveraging data from McAfee’s Global Threat Intelligence (GTI) network, the McAfee Labs team of 500 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public.

In Q4 2012, McAfee Labs identified the following trends:
More threats, more availability, more industries targeted. As a group, unique password-stealing Trojans grew 72 percent in Q4 as cybercriminals realized user authentication credentials constitute some of the most valuable intellectual property stored on most computers. Now widely available, these Trojans are increasingly appearing within customized threats or combined with other “off-the-shelf” threats available on the Internet. Fourth quarter revelations around the Citadel Trojan suggest this Trojan’s information theft capabilities are going beyond the financial services sector.

Web threats shift from botnets to URLs. McAfee continued to see suspicious URLs replacing botnets as the primary distribution mechanism for malware. An analysis of web threats found the number of new suspicious URLs increased by 70 percent in Q4. New suspect URLs averaged 4.6 million per month, almost doubling the previous 2.7 million per month figure from the last two quarters. Ninety-five percent of these URLs were hosting malware, exploits or code designed specifically to compromise computers. The decline in the number of infected systems controlled by botnet operators comes in part by law enforcement efforts to bring botnets down, but perhaps more so by the declining appeal of the botnet business model.

Increase in infections beneath the OS. The volume of Master Boot Record-related malware climbed 27 percent to reach an all-time quarterly high. These threats embed themselves deep within the PC system storage stack, where standard antivirus solutions cannot detect them. Once embedded, they can steal user information, download other malicious software, or leverage the infected PC’s computing power to launch attacks against other PCs or networks. While these MBR attacks represent a relatively small portion of the overall PC malware landscape, McAfee Labs expects them to become a primary attack vector in 2013.

Malicious signed binaries circumvent system security. The number of electronically-signed malware samples doubled over the course of Q4. This indicates cyber criminals have decided that signing malware binaries is one of the best ways to circumvent standard system security measures.

Mobile malware continues to increase and evolve. The number of mobile malware samples discovered by McAfee Labs in 2012 was 44 times the number found in 2011, meaning 95 percent of all mobile malware samples appeared in the last year alone. Cyber criminals are now dedicating the majority of their efforts to attacking the mobile Android platform, with an 85 percent jump of new Android-based malware samples in Q4 alone. The motivation for deploying mobile threats roots in the inherent value of the information found on mobile devices, including passwords and address books, as well as new “business” opportunities that are not available on the PC platform. These opportunities include Trojans that send SMS messages to premium services, then charge the user for each message sent.

Click here to download the complete report.

Thursday, December 6, 2012 @ 06:12 PM gHale

The rush of mobile devices entering corporate networks, advanced persistent threats and third-party application vulnerabilities are the primary pain points for IT professionals headed into 2013.

These are new and different issues where a few years ago, these were not even a blip on the worry-meter.

New Year Threat Forecast
Lockheed: Attacks Up ‘Dramatically’
Agencies Join in Security Plan
Ensuring Software Security Policies

One of the top concerns cited in the fourth annual report researched by the Ponemon Institute was the proliferation of personally-owned mobile devices in the workplace such as smartphones and tablets. Eighty percent of those surveyed said laptops and other mobile data-bearing devices pose a significant security risk to their organization’s networks.

With 13 percent stating they use stricter security standards for personal over corporate-owned devices and 29 percent reporting no security strategy for employee-owned devices at all, there is a clear disconnect between awareness and action.

These figures are quite different compared to the 2010 survey. At that time, nine percent of respondents said mobile devices were a rising threat. This year, 73 percent rank mobile as one of the greatest risks within the IT environment.

This year’s study also found IT professionals view third-party applications as a major security threat. In fact, 67 percent of those surveyed reported they viewed third-party applications as a significant risk – second to mobile security risk.

In previous year’s surveys, the server environment, data centers and operating system vulnerabilities were primary concerns. With the proliferation of mobile devices, along with the wide range of software and removable media commonly used in today’s enterprise environment, IT practitioners increasingly worry about the attack vectors these third party tools could bring into the corporate network.

In addition to mobile security risk, the security concern that represents the biggest headache for 2013 is advanced persistent threats (APTs). Whereas worms and less harmful viruses were a concern in earlier reports, today’s IT teams consider APTs and hacktivism a real, global threat.

Of those surveyed, 36 percent reported they viewed advanced persistent threats as a “significant” threat to their environments while just 24 percent of respondents held this view last year. In addition, 12 percent of those surveyed this year stated current anti-virus/anti-malware technology is very effective in protecting their IT endpoints from today’s malware risk.

“Once again, we found the changing security terrain is preventing the state of endpoint security from improving,” said Dr. Larry Ponemon, chairman and founder, the Ponemon Institute.

“With the rise of hacktivism and advanced persistent threats, along with the sheer number of malware incidents we are seeing today, IT simply cannot keep up with the bad guys,” he said. “Add to this fact that end-users are furthering the complexity of the IT environment by bringing in mobile devices and downloading third-party applications — causing risk to exponentially proliferate. IT simply must take further action before the risk is beyond their control.”

Over 670 IT and IT security practitioners took part in this year’s study. Of those, 77 percent were in organizations with a headcount of more than 1,000 and 66 percent were in a supervisory role or higher. These professionals spanned key industries including financial services, the public sector and healthcare.

Monday, October 29, 2012 @ 12:10 PM gHale

A new generation of advanced persistent threats (APTs) forced McAfee to update its Endpoint Security platform.

In the ever changing and dynamic environment of cyber security, the company said the update would better equip systems to block highly sophisticated attack techniques, such as the use of master boot record (MBR) sabotage techniques and the use of Zero Day flaws for intrusion attempts.

Malnets Continue Growth Spurt
New Botnet Goes to Market
Revised Botnet Avoids Detection
Botnet uses Tor as a Hideout

The update would look to not only expand the scope of protections for Endpoint Security, but also the new form factors, said Candace Worley, senior vice president and general manager of Endpoint Security for McAfee.

“We believe that the endpoint has to become more dynamic and context-aware,” Worley said.

“Devices are becoming more diverse, you have everything from a laptop and desktop to a tablet form factor.”

In addition to the MBR protections introduced, McAfee is updating the Enterprise Mobility manager to add support for iOS 6 devices and adding to the whitelisting protections on the McAfee Application Control administrator tool.

Encryption is also a priority in the update. The company said it would be updating the Endpoint Encryption platform to support PC and MacOS X systems. The update will include the use of new encryption algorithms from Intel which allow for faster encryption and decryption of data.

In addition to security enhancements, the company said the new Endpoint Encryption would simplify the process of managing and updating systems required to have encryption. By integrating the tool with the company’s ePolicy Orchestrator Deep Command console, administrators will be able to remotely access and patch end user systems without the need to enter credentials.

“If you have a full-disk encryption product and you power those systems off at night you need a body to type in that password to decrypt it and that is problematic,” Worley said, “This really addresses that case.”

Monday, October 8, 2012 @ 11:10 AM gHale

Like any growing business, you need to strengthen the infrastructure to build upon a company’s success and the same holds true for cyber criminals as they are building the infrastructure behind the delivery of botnets, which could lead to stronger hits.

Botnet infections commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms, according to a new study by web security firm Blue Coat. These malware networks, or malnets, pose a growing threat.

New Botnet Goes to Market
Revised Botnet Avoids Detection
Botnet uses Tor as a Hideout
Pushdo Trojan a Master of Disguise

Malnets largely deal in mass market malware and as such are different from advanced persistent threats (APTs) associated with cyber-espionage attacks targeting large corporations and Western governments, Blue Coat said.

Attacks will update and change, but the underlying infrastructure used to lure in users and deliver these attacks ends up reused. The ease with which cyber criminals can launch attacks using malnets creates a vicious cycle, a process where individuals end up lured to malware, infected, and then used to infect others.

First the malnet drives a user to the malware. Then the user’s computer suffers an infection with a Trojan. Then the compromised computer can be an official member of the botnet which can lure new users into the malnet by using the infected machine to send spam to email contact lists. A compromised system can also steal the victim’s personal information or money, and, in some cases, can also function as a jumping-off point for attacks on neighboring machines.

“Their [malnet] infrastructure is comprised of several thousand unique domains, servers and websites that work together to funnel users to a malware payload,” Tim Van Der Horst, a senior malware researcher at Blue Coat, explained. “This infrastructure of relay and exploit servers allows malnet operators to quickly launch new attacks that can be tailored to attract large groups of potential victims.”

Blue Coat expects malnets to account for more than two-thirds of all malicious cyber attacks in 2012. The company is currently tracking more than 1,500 unique malnets, a 200 percent increase from just six months ago.

The biggest malnet, called Shnakule by Blue Coat, not only communicates frequently but also changes hostnames frequently, as the web filtering firm explains.

Shnakule is a wide ranging malnet that engages in a variety of malfeasant activities, including fake AV, codec, Flash and browser updates, pornography, gambling and work-at-home scams. To scale the infrastructure to accommodate attacks associated with these activities, Shnakule operators bring new domains and servers online. Over the course of six months Shnakule used anywhere from 50 to 5,005 unique domain names per day.

Tuesday, September 25, 2012 @ 03:09 PM gHale

As the SCADA market continues to add connectivity into control devices, Wurldtech Security Technologies and Oulu, Finland-based Codenomicon are extending their partnership to the Asia Pacific markets, focusing on China, Taiwan, Korea, Japan and Southeast Asia.

The SCADA environment is adding more connectivity, including new telecommunications and mobile capabilities, the need to protect these devices from Advanced Persistent Threats (APTs) continues to grow.

Japan Adopts ISASecure
Cyber Secure Device Certification
ISASecure Means More Security
Robustness Testing: Saves Lives, Money

Vancouver, Canada-based Wurldtech and Codenomicon extended their partnership to provide Asia Pacific device manufacturers with additional testing tools to increase the robustness of their products.

“As cyber security threats evolve, device manufacturers from around the world are seeking innovative solutions to bolster their development processes,” said Wurldtech Chief Executive Neil McDonnell. “Our partnership with Codenomicon provides Asia Pacific developers with a streamlined channel to Wurldtech products enabling us to continue to build our global presence.”

Wurldtech named Codenomicon as an authorized distributor for its Achilles test products, including the Achilles Test Platform and Achilles Test Software. Through this partnership, Codenomicon customers will have access to a new set of test tools for SCADA-specific protocols and Wurldtech will extend its reach into the Asia Pacific market.

“The Wurldtech Achilles Test products provide our customer base with an expanded line of process-control security options,” said Codenomicon Chief Executive David Chartier.

Wurldtech and Codenomicon have worked together to provide comprehensive robustness testing tools for mission critical embedded devices. With optional Codenomicon Defensics software running on the Achilles Test Platform, Wurldtech offers users testing of additional IT protocols.

Achilles Test products provide tools to developers of mission critical connected and SCADA devices to test critical software during the early development lifecycle.

By proactively exposing and correcting vulnerabilities and validating system resiliency in a real-time environment, manufacturers are able to secure products before they release and deploy in process control networks.

Monday, September 24, 2012 @ 03:09 PM gHale

Browser-related exploits, like recent ones for Internet Explorer and Java, are increasing along with renewed concerns around social media password security, a new survey found.

On top of that, there seems to be a disparity in mobile devices and corporate bring-your-own-device (BYOD) programs.

Conficker Hits Prison System
Popular Malware for July
New Trojans Covering Tracks
Trojans Learn New Infection Path

There is a continuing trend for attackers to target individuals by directing them to a trusted URL or site injected with malicious code, according to the IBM X-Force 2012 Mid-Year Trend and Risk Report.

Through browser vulnerabilities, attackers are able to install malware on the target system. In addition, the growth of SQL injection, a technique used by attackers to access a database through a website, is keeping pace with the increased usage of cross-site scripting and directory traversal commands, the survey said.

IBM also noted attackers are no longer primarily attracted to the Windows universe. The user base for the Mac operating system continues to grow worldwide, so that system is also becoming a bigger target of advanced persistent threats (APTs) and exploits.

“We’ve seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords,” said Clinton McFadden, senior operations manager for IBM X-Force research and development. “As long as these targets remain lucrative, the attacks will keep coming and in response, organizations should take proactive approaches to better protect their enterprises and data.”

At the mid-year point in 2012, IBM sees an upward trend in overall vulnerabilities, with the possibility of an all-time high by year-end. Having said that, the survey shows a decline in true exploits, with only 9.7% of all publically disclosed vulnerabilities subjected to exploits.

That’s mainly due to improvements from the top ten vendors on patching vulnerabilities and a significant decrease in the area of portable document format (PDF) vulnerabilities. IBM said this area of improvement directly relates to the new technology of sandboxing provided by the Adobe Reader X release.

Sandboxing technology works by isolating an application from the rest of the system, so if compromised, the attacker code running within the application is limited in what it can do or access. Sandboxes are proving to be a successful investment from a security perspective, IBM noted. In the X-Force report, there was a significant drop in Adobe PDF vulnerability disclosures during the first half of 2012, which coincides nicely with the adoption of Adobe Reader X, the first version of Acrobat Reader released with sandboxing technology.

In terms of mobile security, the BYOD phenomenon continues to be the main game-changing transformation. Many companies are still in their infancy in adapting policies for allowing employees to connect their personal laptops or smartphones to the company network.

While there are reports of exotic mobile malware, most smartphone users are still most at risk of premium SMS scams, which automatically send text messages to premium phone numbers in a variety of different countries from installed applications.

There are multiple scam infection approaches for this, such as offering users an application that looks legitimate in an app store but only has malicious intent; presenting an application that is a clone of a real application with a different name and some malicious code; or hacking a real application to wrap it with malicious code. The latter is typically in an alternative app store.

Archived Entries