Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 29 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Swizzor and IoT become the new threats on the block and Zero day exploits turn developers into cybercriminals

by The Gurus
February 29, 2016
in Editor's News
Share on FacebookShare on Twitter

Cloudmark’s Annual Security Threat Report is now available.  Through Cloudmark’s unique crowd sourced security platform, which analyses user behaviour from more than 1 billion subscribers and more than 10% of the world’s email traffic, it is able to detect the largest threats of the year and the impact they will have in 2016.

  1. 25,000 different malicious Bitly links detected, of which 97% are email spam and damaging brands such as CNN and AOL
    • Spammers using this method as an easy way to generate an unlimited number of call-to-actions URLS that redirect to a server that hosts storefronts and spam content. With so many links within the email messages – spam filtering is challenges to detect them all
    • Top brands are suffering – The CNN.it URL shortener was abused, peaking at 8,800 malicious URLs on a single day on 11th Jan 2016. 
  1. Swizzor Malware flies under the radar to deliver unsolicited ads, modifying browser setting without user permission
    • This silent threat delivers booby-trapped emails to unsuspecting users with varying subject lines such as “you have received a coupon!”
    • Each email contains a zipfile which has the malware payload – the malware uses a simple domain generation algorithm (DGA) for command and control (C&C) synchronization to create a large number of domains that then clash with legitimate websites and make it difficult to have them taken down
  1. IoT on the hitlist for cybercriminals
    • As IoT advances and creates more uses for connected devices and intelligence, criminals will find a way to take advantage for malicious purposes
    • A home security system could be hacked and instructed to unlock a door to allow a thief to enter – or worse, lock a victim in
    • Other examples include, spying on conversations, filming people in the privacy of their homes using smart TVs connected to webcams

Andrew Conway, Research Analyst at Cloudmark, told IT Security Guru “There’s usually an easy way of updating the software that runs on computers and mobile devices. Sometimes the software updates are automatic and happen in the background, and sometimes you are relentlessly nagged to install the latest release. There’s a good reason for this. Many of those updates are not there to add new features or functionality, they are there to fix bugs that would otherwise leave you vulnerable to attack. In most cases there is no such easy upgrade path for IoT devices. There may not be an upgrade path at all, and if there is it may involve, say, going to the vendor’s website on your computer, downloading new firmware, attaching your computer to the device with a USB cable, and running an installer program on your computer. That is only ever going to happen for a tiny percentage of the devices out there.
This is important because the longer any software goes without updates, the more bugs will have been found in it. Many IoT devices are running some variant of Unix in their embedded software, which means that a single critical bug may render huge numbers of IoT devices vulnerable. Even as I write, sysadmins all around the world are patching their servers for a bug in the GNU C library, which allows remote code execution by a malicious DNS packet. Are IoT devices vulnerable to the same attack? Any that can be tricked into doing an arbitrary DNS lookup may be, and the chances of them getting patched are extremely small.
Recently an engineer at a leading Email Service Provider complained to me that one of their big problems was not spammers trying to abuse their services directly, but spammers compromising their clients’ networks and using trusted devices there to send spam. But the trusted device need not be a computer or mobile device. In one case it was a copy machine.”
Other scams highlighted by the report includes:

  • 2016 predictions: zero day exploits will hold seven figure value; more factories and critical infrastructure will be cyber attacked
    • Zero days become so valuable we may see them deliberately introduced by developers – as vulnerability bounties reach 6 and 7 figures some developers will insert deliberate vulnerabilities so a friend can identify the bounty
    • The government will ruin the UK’s TechCity with legislation – the Investigatory Powers Bill will cause other major Internet companies to follow Yahoo!’s lead and move their operations out of the UK to avoid being subject to this law.
  • 91% of firms have experienced a spear phishing attack, costing companies $1.6m annually
  • Germany has become the biggest spammer in Europe, sending even more spam email than Russia, India and China

 

FacebookTweetLinkedIn
Tags: CloudmarkCyber Securityinformation securityinfosecInternet of ThingsMalware
ShareTweetShare
Previous Post

10% of UK smartphone users say not a single thing a hacker could take from their phone would upset them

Next Post

Children Given Key to the Internet First, House Keys Second

Recent News

Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023
Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information