Today may be Halloween, but security provides plenty of scare stories according to industry researchers.
We reached out to some of security’s finest minds to give us their thoughts on what the greatest threats and scares to security professionals are.
Dr David Chismon, senior security researcher at MWR – Windows XP – The Zombie OS that won’t die
Although most organisations have moved on to supported operating systems, a number retain a number of XP desktop machines on their network. These are typically retained to support specific software packages for which upgrades are either not available or are prohibitively expensive. As such, the XP machines exist as zombies and a constant risk of an outbreak.
Segregation is key to reduce the risks as far as possible. Much as you might keep a zombied dear friend locked in the basement rather than kill them outright, XP machines should be separated into their own networks and where possible, removed from the domain so that compromise does not affect domain credentials. Much as you may wish to keep an eye on a caged zombie, security teams should perform enhanced monitoring of these segregated XP machines. Hardening the builds to prevent outbreak is also important. This can be done through software whitelisting, restriction of activities and kernel protections such as EMET.
Where XP machines must be retained, selecting third party software is important as a number of key vendors are no longer supporting XP for their products, which can be a key attack surface. Anti-Virus, office packages and browsers are examples of areas that will need to be considered. In lieu of Internet Explorer updates, organisations may consider Chrome (which has pledged support for XP until at least April 2015) or Firefox and Opera that are currently continuing to support XP.
Itsik Mantin, security researcher at Imperva – Password faux pas that keep coming back to haunt us
With 500 most common passwords estimated to cover one out of nine internet users (!), weak passwords continue to provide an excellent surface for dictionary attacks, and together they continue to co-exist throughout the digital era, keeping their respectable share in hacking stories and data breaches.
The recent incident known as “Celebgate” – the iCloud breach from the last summer, where numerous private pictures of celebrities had leaked to the Internet, is believed to be the result of dictionary attack on account passwords of the attacked users. The most disturbing fact with weak passwords is that they are probably here to stay, with no practical way to avoid them.
TK Keanini, CTO at Lancope – The next level of cybercrime: click to compromise
Consider a SaaS service that helped a person compute their cyber crime – Cybercrime as a Service (CaaS). The power of big data analytics and machine learning can compute amazing insight for businesses, and it can do the same for criminals. A criminal could log in to a website and declare their objective, and the service would compute several attack plans that th
e criminal could choose from. This would work in the same way that a user is presented with multiple routes to reach a destination when getting directions online.
This Cybercrime as a Service (CaaS) would have social networks mapped, personal information on each individual, language analysis that yields a level of trust between individuals, mapping to various accounts (some of which may have been compromised), etc. All of this would be creating a corpus of data that can lead the criminal through a directed graph leading to the objective (exfiltration of a file, ransomware, etc.).
Remember, cyber crime is a business and profitable businesses only get smarter and more effective. These are things that keep me up at night because in our current state, there is nothing that makes these types of attacks hard to execute for cybercriminals, and they could easily turn from nightmare to reality.
Lisa Myers, security researcher at ESET – Top 5 scariest zombie botnets
An army of the undead, wreaking havoc on the internet – it’s a nightmare scenario that has played out time and again as the world’s online population has exploded. But time and again protectors of the worldwide web have come together to stop these malicious hordes, yet it has not been easy. There are some zombie botnets plagues that have been particularly troubling, and we will take a look at the worst of the worst.
Conficker
Malware is a tricky thing to predict. Sometimes a threat that does not seem, on its surface, particularly advanced or novel can end up mounting an overwhelming attack. At its height, Conficker had infected many millions of Windows machines: some figures say as many as 15 million.
Zeus
Zeus had not only a successful botnet on Windows machines, but it had a component that stole online banking codes from a variety of infected mobile devices (Symbian, Windows Mobile, Android and Blackberry). In 2012, the US Marshals and their tech-industry partners took down the botnet. But the original authors took pieces of their original creation and brought it back to life as Gameover Zeus, which the FBI and its partners took down this summer.
Flashback
For folks who thoughts “Macs don’t get viruses”, Flashback was a bit of a shock. But Macs can and do get malware – infected machines became part of a massive botnet. Flashback infected a huge percentage of the total number of Apple machines worldwide, with over 600,000 infected at its peak.
Windigo
On the surface, this bot appears like so many others: it steals credentials from infected machines, or it uses their processing power to send spam. And with only a few tens of thousands of infected machines at its worst, this threat would hardly seem to qualify with the likes of the rest of the botnets on this list. But on the other hand, the authors of this malware seem to have grown their zombie army very slowly, such that they managed to stay under the radar for quite some time. And those tens of thousands of machines are Linux machines, mostly servers, and many of these infected machines host websites that millions of people visit.
Storm
This is the oldest malware on our list. It had some of the first early successes in using some of the tactics that would later be used by other botnets on this list. It was massive, gaining as many as ten million Windows machines at its zenith. It was also one of the first incredibly large botnets that was used for the financial gain of its authors. The massive size of this network allowed the authors to partition it off to be sold to various different parties, for various malicious uses. And because this was such a lucrative endeavor, the malware’s creators designed it to fight
back against anti-malware researchers: it would turn its zombie forces against anyone who would try to join its command and control channel, from which the authors gave the bots orders, knocking the researchers offline.