Wednesday 26 June 2013

Online Security - Whose Responsibility?

Since the early days, malware has been conditioned by the way we use technology. Until the turn of the century, this meant a threat landscape dominated by cyber-vandalism. Viruses might overwrite huge chunks of data, or slowly corrupt data, or display a message on the screen, or just spread - with no payload at all. Don't misunderstand me. I'm not suggesting that the problem was trivial. Individuals or businesses on the receiving end of an infection could suffer significant losses. But there was no way for malware writers to make money from what they did.
It was only the mass use of the Internet, and the use of the web for financial transactions, that malware-for-profit became feasible. This led to a threat landscape dominated by cybercrime. For the last decade this has mainly involved random, speculative attacks on unwary individuals, designed to steal the victim's online identity and get access to their money. But things are changing.
Not only do we *use* the web, but nearly every aspect of our lives is *dependent* on it. Most of us routinely bank, shop and socialise online. Children don't reach for their library ticket to do their homework - they reach for the mouse. And the Internet has become the life-blood of organisations of all kinds - commercial, charitable, governmental. This dependence has once more brought about a shift in the nature of malware. Most of it (around 90 per cent) - is still made up of random attacks - banking Trojans, password stealers, keyloggers, etc. But in the last few years we've seen the development of malware for use in targeted attacks, aimed at a small number of organisations, or even a single company. The result is a 'mixed economy' of petty theft, major scams, political and social protest, cyber-espionage and attacks on specific companies or plants.
So whose responsibility is it to ensure that we stay safe online? Government? Businesses? Security vendors? You and me? I believe that it's a shared responsibility. It's not unlike road safety. We have a right to expect roads to be well-designed and well-maintained. We expect clear road signs. We expect car manufacturers to implement safety features in vehicles. But we also have a responsibility as drivers to take care on the road.
As consumers, we have a right to expect that online providers will secure their systems, so that nobody is able to break in and steal our personal data.
I think government has a fourfold duty. First, to make sure that there's a legislative framework that enables law enforcement agencies to prosecute cybercriminals. Second, to ensure that law enforcement bodies have the resources, knowledge and skills to deal with the problem effectively. Third, to ensure that systems under its direct control are secure. Fourth, to raise awareness of the risks we face when we go online and to highlight the things we can all do to minimise our exposure to cybercrime.
Security vendors have a responsibility to develop products that offer optimal protection to their customers.
We also all have a responsibility to make sure that we're informed about the threat, to take the necessary steps to reduce the risk of us becoming a victim of cybercrime and to ensure that our children understand the dangers - from malware, from over-sharing personal information online and from those who might want to do them harm.

Android mobile malware using Bluetooth to sneak onto Google smartphones


Google Android Malware
Mobile malware able to infect Android smartphones and tablets via Bluetooth has been uncovered operating in the wild.
McAfee researcher Jimmy Shah reported the Android/Obad.A threat, explaining it has several detection dodging features that make it difficult to spot using traditional security practices.
"If you can't find it, you can't remove it. Nearly every other piece of Android malware that doesn't have root access can be found and discovered. Android/Obad uses a vulnerability that keeps it off the standard Device Administration list. The vulnerability isn't yet closed, so it's very likely we'll see other malware authors start to exploit it," wrote Shah.
Once on the device, the malware is particularly nasty as it can remotely accept commands from its authors, letting them do things like covertly instruct the phone to message premium rate numbers owned by the hackers.
Shah said the malware can be removed using the firm's McAfee Mobile Innovations app (MMI). V3 contacted other vendors for clarification on whether their services can remove the infection, but had not received a reply at the time of publication.
Android/Obad.A is one of many advanced mobile malwares caught targeting the Android ecosystem this year. Previously, Symantec researchers unearthed a malicious FakeDefender malware attempting to infects users' machines by pretending to be a legitimate free antivirus tool.
The two malwares' discovery comes during a wider boom in the number of mobile threats facing business. Most recently, Russian security firm Kaspersky reported detecting 23,000 new mobile threats in its Q1 2013 Threat Report.

Android malware scams earn crooks £1.4m a year


Google Android logo
The number of mobile malwares active in the wild has risen by an alarming 614 percent, with many scams earning criminals £7 immediate profit per infection, according to security firm Juniper networks.
Juniper revealed it had detected a massive 276,259 malicious Android applications from March 2012 through March 2013 in its Third Annual Juniper Networks Mobile Threats Report. The report highlighted that a massive 73 percent of the malware used were FakeInstallers or SMS Trojans.
The threats are particularly nasty as they exploit holes in mobile payments to earn hackers as much as £7 immediate profit per infected device. The hacker can continue to steal money from their victims until the malware is forcibly removed from the device.

The figure means the scams are earning crooks at least £1.4m up-front profit. Trojan spy tools accounted for a further 19 percent of the detected attacks, with the remaining four percent being listed as 'other'.
Juniper researchers highlighted ongoing fragmentation in the Android ecosystem as a key reason for the marked increase in attacks targeting the platform.
"Attackers continue to benefit from the largely fragmented Android ecosystem that keeps the vast majority of devices from receiving new security measures provided by Google, leaving users exposed to even well-known and documented threats," the report states.
"Google provides protection against SMS threats in its latest OS version [4.2.2 Jelly Bean], yet according to Google, only four percent of Android phones have it as of 3 June. This threat could be largely eliminated if the Android ecosystem of OEMs and carriers found a way to regularly update devices."
Juniper is one of many security firms to criticise Android's fragmentation, with the latest official stats from the Android Developers forum confirming only four percent of phones are running using 4.2.2 Jelly Bean. The slightly older 4.2.1 version is running on 29 percent of active Android devices and the even older Ice Cream Sandwich version is active on a worrying 25.6 percent. Worse still, a massive 36.4 percent are running on the now ancient Gingerbread Android version.
Juniper highlighted Google's open policy to applications as another key issue facing the Android operating system. "Most significantly, Google's support for mobile application stores abets the work of mobile malware authors and has become a major security sticking point. These third-party marketplaces have become a favoured distribution channel for malware writers and offer a much shorter supply chain for getting their illicit wares to the public," the report advises.
"One clear problem affecting Android marketplaces is a lack of accountability. In the interest of building up their inventory, third-party app markets may have few - if any - barriers to entry for mobile application developers. That results in poor quality and malicious applications making it onto these online stores and, from there, onto Android devices."
Juniper researchers said these ongoing issues mean that 92 percent of mobile malware is designed to target Android. The figure marks a staggering increase from the 24 percent figure recorded during the same period in 2010.
Juniper is one of many security firms to detect an alarming spike in the amount of mobile malware. Russian security firm Kaspersky detected 23,000 new mobile threats in its Q1 2013 Threat Report.

Hackers leak personal data on 40,000 US troops stationed in Korea

US soldiers wearing the PASGT helmet in Hawaii
Hackers have leaked the personal information of 40,000 US troops and over two million South Korean ruling party workers, marking the latest development in the region's escalating cyber woes.
Reuters reported the details had been posted on a number of unspecified websites, reporting that many of the names were those of US Army personnel in the 25th Infantry and the 3rd Marine Divisions stationed in South Korea. At the time of publishing the US Department of Defense had not responded to V3's request for comment on the report.
The motive for the attack remains unknown and it is unclear whether the hack was state sponsored or enacted by a private group. However, the use of the data dump tactic indicates the attack was likely done by a politically motivated group, which often post stolen information online to 'shame' their victims.
The data dump is the latest in a slew of cyber attacks hitting Korea. The attacks began on the anniversary of the outbreak of the Korean War, when numerous websites in both North and South Korea were either knocked offline with distributed denial of service (DDoS) attacks or publicly defaced.
Several posts on Twitter and Pastebin have since appeared claiming hackers operating under the Anonymous collective's banner are responsible for the attack, listing them as being part of a larger #OpNorthKorea.
Despite the basic nature of the attacks, many will fear they will exacerbate the already tense political situation in the region, reigniting the tit-for-tat cyber argument between North and South Korea.
Tensions between the two countries peaked in March this year when a wave of cyber attacks paralysed several South Korean banks' and broadcasters' computer systems. The attacks are believed to have stemmed from North Korea and led to international concerns the incident could result in an outright hacking war between the two nations.

Korean sites shut down by hackers on anniversary of war

south korea
The anniversary of the outbreak of the Korean War has seen site takedowns and defacements in both North and South Korea.
Local news reports indicate that attackers have targeted government sites, in some cases altering web pages and in others performing denial of service attacks rendering sites inaccessible.
The attacks appear to be targeting both nations on the Korean Peninsula, though it is not clear whether the attacks on South Korean sites were performed as retaliation or were in fact a part of the same campaign.
Also unclear is the role being played by hackers who claim association with the Anonymous movement. Anonymous-linked groups have promoted #OpNorthKorea, a coordinated hacktivist attack on North Korea government sites which did not involve any South Korea targets.
Though some attacks on South Korea sites reference Anonymous, Twitter accounts associated with the movement in South Korea have denied any participation in attacks on the nation's government.
Rik Ferguson, vice president of security research at Trend Micro, noted some distinct differences between the two campaigns which could suggest the involvement of separate groups.
The attacks on the North Korean targets were expected as a part of Anonymous' OpNorthKorea, as is often the case, the campaign had been announced in advance and the attack appeared to be widely successful with many major North Korean web sites becoming unavailable,” he explained.
The attacks on South Korean sites appear somewhat different, less about Denial of Service and more about access, exploitation and defacement.”
The attacks come as both nations mark the anniversary of the Korean War. The conflict ran from 1950 to 1953 and saw the peninsula split into two countries. Tensions between the two nations have remained high ever since.
North Korea has long been believed to be active in cyber warfare activities and has repeatedly been accused by South Korea of targeting government sites with attacks.

Android malware scams earn crooks £1.4m a year


Google Android logo
The number of mobile malwares active in the wild has risen by an alarming 614 percent, with many scams earning criminals £7 immediate profit per infection, according to security firm Juniper networks.
Juniper revealed it had detected a massive 276,259 malicious Android applications from March 2012 through March 2013 in its Third Annual Juniper Networks Mobile Threats Report. The report highlighted that a massive 73 percent of the malware used were FakeInstallers or SMS Trojans.
The threats are particularly nasty as they exploit holes in mobile payments to earn hackers as much as £7 immediate profit per infected device. The hacker can continue to steal money from their victims until the malware is forcibly removed from the device.

The figure means the scams are earning crooks at least £1.4m up-front profit. Trojan spy tools accounted for a further 19 percent of the detected attacks, with the remaining four percent being listed as 'other'.
Juniper researchers highlighted ongoing fragmentation in the Android ecosystem as a key reason for the marked increase in attacks targeting the platform.
"Attackers continue to benefit from the largely fragmented Android ecosystem that keeps the vast majority of devices from receiving new security measures provided by Google, leaving users exposed to even well-known and documented threats," the report states.
"Google provides protection against SMS threats in its latest OS version [4.2.2 Jelly Bean], yet according to Google, only four percent of Android phones have it as of 3 June. This threat could be largely eliminated if the Android ecosystem of OEMs and carriers found a way to regularly update devices."
Juniper is one of many security firms to criticise Android's fragmentation, with the latest official stats from the Android Developers forum confirming only four percent of phones are running using 4.2.2 Jelly Bean. The slightly older 4.2.1 version is running on 29 percent of active Android devices and the even older Ice Cream Sandwich version is active on a worrying 25.6 percent. Worse still, a massive 36.4 percent are running on the now ancient Gingerbread Android version.
Juniper highlighted Google's open policy to applications as another key issue facing the Android operating system. "Most significantly, Google's support for mobile application stores abets the work of mobile malware authors and has become a major security sticking point. These third-party marketplaces have become a favoured distribution channel for malware writers and offer a much shorter supply chain for getting their illicit wares to the public," the report advises.
"One clear problem affecting Android marketplaces is a lack of accountability. In the interest of building up their inventory, third-party app markets may have few - if any - barriers to entry for mobile application developers. That results in poor quality and malicious applications making it onto these online stores and, from there, onto Android devices."
Juniper researchers said these ongoing issues mean that 92 percent of mobile malware is designed to target Android. The figure marks a staggering increase from the 24 percent figure recorded during the same period in 2010.
Juniper is one of many security firms to detect an alarming spike in the amount of mobile malware. Russian security firm Kaspersky detected 23,000 new mobile threats in its Q1 2013 Threat Report.

U.S Army Data Leaked in cyber attacks aimed at South Korea

Hackers say they have leaked personal details of tens of thousands of U.S. troops to websites, South Korean news reports and online security officials said on Wednesday, a day after cyber attacks disabled access to government and news sites.
The hacking attacks on Tuesday, the anniversary of the start of the Korean War in 1950, brought down the main websites of South Korea's presidential office and some local newspapers, prompting cyber security officials to raise the alert.
The identity and motives of the attackers were not immediately clear, but the reports come as cyber security and surveillance have become a global issue, with the United States seeking fugitive former security contractor Edward Snowden who leaked details about U.S. surveillance to the media.
North Korea has been blamed for previous cyber attacks on South Korean banks and government networks, although it denies responsibility and has said it has also been a victim.
The unidentified hackers said they had secured and released publicly personal details of more than two million South Korean ruling party workers and 40,000 U.S. troops, including those stationed in South Korea.
"We have seen the sites where the details were posted and clips that supposedly capture the process of hacking into web sites," an official at the South Korean online security firm NSHC said.
The legitimacy of the information could not be verified, the official who requested anonymity said.
An official at the Communications Ministry said authorities were probing the nature of the attacks and declined to comment on the reports of leaked information about U.S. troops.
The U.S. military in South Korea, where 28,500 U.S. troops are stationed, did not immediately comment.
North and South Korea remain technically at war after their 1950-53 conflict ended in a truce, not a peace treaty. The U.S. troops' presence is aimed at ensuring the truce holds.
News reports said personal details such as dates of birth and ranks of 40,000 U.S. troops including members of the 25th Infantry Division and the 3rd Marine Division were leaked to unspecified websites.
The websites of the presidential Blue House and the Prime Minister's office were down for more than six hours on Tuesday.
North Korea is believed to be running a large corps of computer experts aimed at hacking into the networks of governments and financial institutions and was blamed most notably for the 2011 shutdown of a South Korean commercial bank.
Last week it accused the United States of being at the forefront of rights abuse, pointing to Snowden's revelations of mass surveillance operations by the National Security Agency.
On Tuesday, access to some North Korean news sites was blocked after the hacker group Anonymous vowed to direct a denial-of-service attack direct at them.

Mobile malware explodes hits corporate networks

Smartphone users have seen an explosion of malware in the past year, dominated by schemes targeting Google's Android operating system, a survey showed Wednesday.
The attacks are also starting to hit corporate networks, possibly as part of broader espionage efforts, according to the Juniper Networks Mobile survey.
The report showed a 614 percent jump in mobile malware in the 12 months to March 2013, with Android attacks accounting for 92 percent.
The prevalence of Android malware is not surprising in light of its dominance of the global smartphone market -- around 75 percent -- Juniper said the open platform with less regulation makes it more prone to attacks.
"Android does not have as rigorous a vetting system" as rival platforms such as Apple's iOS and BlackBerry, said Karim Toubba, a Juniper vice president.
"But the reality is that all the operating systems have vulnerabilities."
Toubba said the dominant scheme to "monetize" the attacks involves SMS text messages which infect a smartphone and surreptitiously deliver new messages to a "premium" SMS service, for a fee.
These services, which mimic legitimate ones such as those for voting on TV programs, can charge small fees such as 10 cents or 50 cents. The hackers can quickly cash in by infecting large numbers of devices, and can easily shut down and set up new numbers to avoid detection.
"They can spin it down and leave no trace," said Toubba.
The typical SMS Trojan takes in a quick $10 for the attacker, with profits multiplying as the schemes are repeated.
Many users are tricked into installing malware by messages or emails disguised as software updates.
Toubba said some malicious software gets into official channels such as Google Play and the Apple App Store, but that third-party vendors have much more malware.
"These marketplaces are popular targets which provide little to no review process," Toubba said.
Not surprisingly, the survey found many of these malicious apps stemming from sites in Russia and China.
Apple users who "jailbreak" their iPhones to use on unauthorized carrier networks often use these third-party networks because they may get locked out of the App Store.
Many users fail to even notice when their device is infected, because it may result in a charge of just a few cents on their phone bill.
Juniper found that more sophisticated attacks are starting to emerge, including those that create "botnets" to expand the infections, and other schemes which can be part of a broader corporate or government espionage effort.
"They can use the mobile device to do reconnaissance and go deeper into the corporate network," Toubba said.
This is particularly worrisome for companies which allow employees to use their own devices for corporate networks.
Juniper's report said it "saw several attacks that could potentially be used to steal sensitive corporate information or stage larger network intrusions."
"It is clear that the threat of mobile malware to corporate devices is no longer a theoretical one. We expect the presence of mobile malware in the enterprise to grow exponentially in the coming years," the report said

Greens condemn EU's anti-hacker directive

The Greens/EFA group has opposed the new cyber crime directive endorsed by parliament's civil liberties, justice and home affairs committee, calling the new rules "blunt".
Speaking after the vote, the group's justice spokesperson Jan Philipp Albrecht said, "The blunt new rules on criminalising cyber attacks endorsed today take a totally flawed approach to internet security.
Albrecht, a German MEP added, "The broad strokes approach to all information system breaches, which would apply criminal penalties for minor or non-malicious attacks, risks undermining internet security."
However, Monika Hohlmeier, parliament's rapporteur on the directive, said that the new directive will ensure "a common standard for sentences for broad attacks on IT systems".
The EPP member continued, "Cyber crime has become a serious threat in the public and private sectors and requires a single framework for penalties and sentences. Also, the collaboration of authorities on the ground is essential as is the prevention of attacks."
"We do not prosecute young hackers who do not cause any damage. People who commit large-scale cyber crime, however, must face a fully-fledged sentence.
"Attacks on critical infrastructure will be subject to at least a five-year sentence. Cross-border organised crime is a serious threat for which we lack the necessary cooperation in the EU", the deputy said.
The new rules requires member states to work with each other and Europol to enhance cross-border collaboration by creating contact points which are able to respond to requests within eight hours.
Although she conceded that, "Manpower is a weak point, however. The American FBI has a few hundred staff to fight cyber crime whereas the respective Europol unit only comprises a meagre 40 people."
But Albrecht attacked the directive, saying, "The legislation confirms the trend towards ever stronger criminal sanctions despite evidence, confirmed by Europol and IT security experts, that these sanctions have had no real effect in reducing malicious cyber attacks.
"Top cyber criminals will be able to hide their tracks, whilst criminal law and sanctions are a wholly ineffective way of dealing with cyber attacks from individuals in non-EU countries or with state-sponsored attacks.
"Significantly, the legislation fails to recognise the important role played by 'white hat hackers' in identifying weaknesses in the internet's immune system, with a view to strengthening security.
This will result in cases against these individuals, who pose no real security threat and play an important role in strengthening the internet, whilst failing to properly deal with real cyber criminals.
"The result will leave hardware and software manufacturers wholly responsible for product defects and security threats, with no incentive to invest in safer systems."
The deputy added, "MEPs had initially supported a number of Green proposals aimed at ensuring this legislation can contribute to internet security, and is not simply an ineffective law to punish unauthorised log-ons to open servers.
"However, most positive elements were frittered away in the legislative negotiations, due to the resistance of EU governments. The result is a heavy-handed and misdirected law that will do little to improve internet security," he concluded.