Chemical Safety Incidents
Posts Tagged ‘social media’
Friday, September 27, 2013 @ 06:09 PM gHale
Knowing compromised social media accounts can be highly valuable, cyber criminals are leveraging those accounts for reconnaissance and future attacks, a new report said.
That was just one of the findings in the IBM X-Force Research and Development team’s 2013 mid-year report on cyber security trends and risks. The results of the study are from the analysis of 4,100 new vulnerabilities, and 900 million new webpages and images.
“IBM X-Force expects to see these newer applications of social engineering become more sophisticated as attackers create complex internetworks of identities while refining the art of deceiving victims,” said Leslie Horacek, worldwide threat response manager for IBM X-Force and senior editor of the report on a blog.
“Users must adopt a mindset of guilty until proven innocent when it comes to social media and companies should engender suspicion to protect users and assets,” she added.
As far as vulnerabilities go, researchers found the number of new vulnerabilities reported in the first half of 2013 was similar to the number reported last year. However, the amount of web application vulnerabilities slightly decreased this year.
When it comes to web vulnerabilities, cross-site scripting (XSS) remains the most common type, accounting for over half of all security holes.
In 28 percent of the cases, successful exploitation of a vulnerability resulted in gaining access to a system or application.
The report names the United States as the country that hosts most malicious links at 42 percent. Germany (9.8 percent), China (5.9 percent) and Russia (4.5 percent) all follow the U.S.
The IBM X-Force report also covers mobile malware, watering hole attacks, Zero Day attacks, and distraction and diversion techniques.
Click here to download the complete report.
Friday, September 20, 2013 @ 06:09 PM gHale
Cyber threats are continuing to grow and get more sophisticated, a new report said.
Along those lines, there has been an increase in threats to the infrastructure through targeted attacks; mobile devices, and social media identity thefts carried out by cyber-criminals over Cloud services, according to the ENISA’s interim Threat Landscape 2013 report.
Some key trends identified in the study:
• Cyber-criminals increasingly use advanced methods to implement attack vectors that are non-traceable and difficult to take down. Anonymization technologies and peer-to peer systems play an important role in this. It is clear cyber criminals are increasingly exploiting mobile technology. Threats of all kinds encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms.
• The wide spread usage of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media.
• The availability of malware and cyber hacking tools and services, together with digital currencies and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.
There is a real possibility of large impact events when attacks combining various threats successfully launch.
As reported by ENISA in its report on major cyber attacks, cyber attack is the sixth most important cause of outages in telecommunication infrastructures, and it has an impact upon a considerable number of users. Taking into account these incidents, and denial of service threat developments, there has been an increase in infrastructure threats in 2013, the report said.
The study identifies the following top threats with major impact since 2012:
Drive-by-exploits: Browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.
Code Injection: Attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber criminals. Cloud service provider networks see use as host tools for automated attacks.
Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning are the other trending threats.
A full ENISA Threat Landscape 2013 report is due by the end of the year.
This short, interim report informs security stakeholders as early as possible about developments in cyber threats, so that they are able to take countermeasures,” said Professor Udo Helmbrecht, the ENISA executive director.
Tuesday, August 20, 2013 @ 05:08 PM gHale
A California-based firm that two years ago used browser plugins to deliver ads by injecting them into Facebook and Google pages is working a similar program, researchers said.
At the time, the company, Sambreel, named the two plugins “PageRage” and “BuzzDock,” but today their names are “Easy YouTube Video Downloader” and “Best Video Downloader” which are part of a software browser tool suite provided by two subsidiaries of Sambreel, said the researchers from UK-based Spider.io.
“When a user who has installed these plugins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages,” the researchers said. “These display ad slots are being bought today by premium advertisers like Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union.”
In one example, the injected ad sports a fake alert saying the user should update their Java, but clicking on the “OK” button will take them to a third-party site, the researchers said.
“This sort of malvertising would be unlikely to impact YouTube users without Sambreel’s involvement. Google has strict ad-quality processes, and Sambreel’s plugins bypass these,” the researchers said. So, not only does the company hurt legitimate advertisers, but random users as well.
According to BBC News, one of the Sambreel subsidiaries said it discontinued one of the browser plugins, but that only occurred after the researchers made the company’s actions public.
A Google spokeswoman said the company is aware of the practice and banned all of them from using Google’s monetization and marketing tools.
According to Spider.io, 3.5 million people installed one of Sambreel’s YouTube-focused adware plugins before this.
Monday, August 19, 2013 @ 04:08 PM gHale
Newer versions of the ZeuS malware are doing much more than just stealing sensitive information from computers.
One variant of the malware uses compromised systems to check for availability of Instagram usernames, said researchers at RSA.
Once it lands on a computer, the malware downloads several additional components. The hashes of the threat change often to avoid detection by antivirus solutions, but the size of the file is always the same.
After the additional malicious components end up downloaded and installed, ZeuS performs search engine queries, most likely in an effort to promote malicious websites in search engine results.
Then, it starts checking for the availability of Instagram usernames via the social media network’s mobile API.
“For servers and virtual machines running Windows operating systems, Instagram API calls are pushed into Instagram by spoofing User-Agent strings in an attempt to disguise the traffic as a Smartphone running an Android operating system,” said RSA senior researcher “Fielder.”
The threat checks usernames comprised of a dictionary word followed by a series of four or more random characters.
Experts believe the malware is checking the availability of Instagram usernames in an effort to create an army of fake Instagram users that can later end up sold as followers to individuals or organizations that want to boost their popularity.
In addition to checking for usernames, the malware is also capable of automatically liking photos posted on other Instagram accounts.
“The latest Zbot variant appears to be upping its game with new features and functionality. Search engine optimization abuse and Instagram account abuse could just be the beginning,” “Fielder” said.
Thursday, August 8, 2013 @ 07:08 PM gHale
In what has potential privacy issues written all over it, the U.S. Secret Service wants to improve the way it monitors social media and collects information from “open sources” on the Internet and elsewhere.
The Secret Service issued a solicitation July 29, completely for small business, for a software tool that can gather intelligence from a diverse group of publicly-available sources.
“The Government is seeking licenses for software solutions involving, but not limited to, real-time open source intelligence monitoring,” said the agency’s solicitation document.
The Secret Service, which typically would post the “statement of work” for a required contract on the FedBizOpps Web site, in this case is being more reticent in sharing the complete description of the required effort by the selected contractor. “The full Statement of Work (SoW) is being made available only to contractors that respond to this notice/solicitation…,” the Secret Service request said.
The agency envisions a firm-fixed-price contract that will cover a one-year base period of performance (running from Sept. 1, 2013 through August 31, 2014), plus four separate one-year option periods.
Even though no commercial company is currently performing this work, the Secret Service indicated in its solicitation the technical requirement itself is not new.
“There is not an incumbent contractor associated with this work,” said the agency, in reply to a prospective vendor’s question, adding, “This is not a brand-new requirement, as indicated in the solicitation.”
Tuesday, June 11, 2013 @ 03:06 PM gHale
In the cyber world Trojans usually live a short life and then new ones quickly replace them, but Zeus/Zbot continues moving forward with its variants continuing to perfect man in the middle (MitM) attacks, log keystrokes and grab information entered in online forms.
This Trojan usually spreads in exploit kits via drive-by-downloads, phishing schemes, and social media, however, Trend Micro researchers just found a variant that uses removable drives as another attack vector.
In this case, the malware variant delivers via a malicious PDF file disguised as a sales invoice document.
Potential victims that attempt to open the file with Adobe Reader get a notice saying it cannot open because “use of extended features is no longer available.”
But in the background, the malware has already silently dropped onto the system and run.
It first contacts its C&C center to download an updated copy of itself (if there is one available), but immediately after it checks whether there are any removable drives connected to the computer, and if there are, it drops a copy of itself in a hidden folder, then creates a shortcut to it.
Thursday, May 23, 2013 @ 03:05 PM gHale
As manufacturing automation firms work social media closer into their enterprise, security has to beef up even more. One of those social media outlets, Twitter, is looking to hike its security posture by introducing two-factor authentication.
Its two-factor authentication, which Twitter calls “login verification,” will make it more difficult for the bad guys to take over an account.
Twitter users can now opt in to login verification by checking the box under “Account security” on their account settings page. Once they add their mobile phone number to their account and activate login verification, they will have to enter a six-digit code sent by SMS in addition to their password every time they log into the service.
Users can generate a temporary password to authorize applications for Twitter and other devices when using two-factor authentication. Even if users have activated login verification, they should still use a strong password that is difficult to guess, said Jim O’Leary, a member of Twitter’s security team.
In the last few weeks, Josef Blatter, FIFA, the BBC, CBS, The Associated Press, the Guardian and the Financial Times have been just some of the victims of hacked accounts. A group called the Syrian Electronic Army claimed responsibility for the attacks, accusing western media of spreading wrong information about the civil war in Syria. The attack on AP ended up with its official Twitter account sending out false reports of explosions in the White House that injured President Barack Obama.
While not perfect, the new two-factor authentication mechanism is a good step toward a secure Twitter experience.
Wednesday, May 15, 2013 @ 04:05 PM gHale
Cyber criminals behind the U.S. Department of Labor (DoL) watering hole attack also targeted employees of the U.S. Agency for International Development (USAID) through social engineering, researchers said.
One of the other attacks in the nine websites involved in the DoL watering hole attack involves the University Research Co. of Cambodia (urccabodia.org), said security researcher Eric Romang.
One of the main attacks vectors came from social engineering as Romang found at least two social media accounts – one Twitter and one Facebook account – ended up used by the cybercriminals to lure employees of USAID to urccambodia.org in an effort to trick them into installing a variant of the Poison Ivy malware.
On Twitter, the attackers posted several tweets between March 18 and April 10, many of which directly addressed official USAID Twitter accounts.
On Facebook, the cyber criminals created a bogus profile that appeared to belong to a woman named Kelly Black. They copied a picture from the web, and made the profile of a woman that appeared to be working for USAID.
The attackers managed to befriend several individuals from USAID and started posting links that “led to a new project.”
AlienVault experts, the ones who first spotted the DoL attack, said the command and control protocol used in the campaign matches the one used by a Chinese hacker group dubbed DeepPanda.
Microsoft released a patch for the Internet Explorer 8 vulnerability exploited in these attacks. However, the attackers have had enough time to leverage the security hole.
While Microsoft is urging users to patch or update to a new version, considering users often fail to keep their software updated, attacker might be able to leverage if for quite some time.