Saturday, 12 September 2015

Experts: Malware More Advanced, Creative Than Ever Before

Cybersecurity professionals are finding more advanced and creatively designed malware than ever before, and one of the most dangerous trends for users is complex ransomware and crypto-ransomware masquerading as legitimate applications on Android. At the annual Be Inside Technology Summit (BiTS) in New York City this week, cybersecurity and malware researchers came together to talk about the most prevalent issues, trends, and preventative strategies in cybersecurity today.

BiTS is organized by antivirus and software security provider ESET, and featured presentations from ESET cybersecurity and malware researchers, along with those of other companies including Microsoft.

“Malware is not only a domain of desktops but of mobile phones as well, particularly Android,” said Robert Lipovsky, Senior Malware Researcher at ESET. “Malware writers are getting more creative, gaining inspiration from what works with Windows, and are quite successful at getting past Google Play’s defenses.”

During his BiTS presentation, Lipovsky talked about phishing applications, “scare-ware,” ransomware, and other forms of malware often masquerading as cheats and mods for popular Android games—from Dubsmash to Minecraft. Android/Feabme malware, installed more than 500,000 times by users of games including Cowboy Adventure, phished for users’ Facebook credentials with faux-login pop-ups.

android-feabme

Android/Dubsmash malware populated more than 60 Google Play store apps purporting click-fraud. Android/Wateh, a technically legitimate Google Play app classified as “grayware” was used by major U.S. mobile carriers (including AT&T, T-Mobile, and Verizon) despite its “potentially unsafe” capabilities to take over a device’s apps, files, and services via Remote Access Trojan (RAT).

Yet, where Android malware is truly evolving, Lipovsky explained, is ransomware and so-called “crypto-ransomware”—malicious code that takes your phone hostage, locks your screen, or encrypts your data, prompting blackmail payment of anywhere up to $500 to unlock it.

Presenting ESET’s newly published research on evolving ransomware, Lipovsky spoke specifically about Simplocker, crypto-ransomware first spotted in 2014 that has morphed into more complex variants worming into an Android device’s administrator rights, and expanding its ransomed encryption to not only documents and multimedia but to archived data as well.

According to ESET’s statistics, 77 percent of Android devices affected by this kind of ransomware are located in the U.S. On its face, the ransomware could pop up screens impersonating FBI or other law enforcement agencies, ransom messages designed to intimidate the user, or new crypto-ransomware designed to hijack built-in Android lock-screen functionality to lock the device with a randomly generated PIN.

Microsoft’s View of the Malware Threat Landscape

The BiTS keynote was delivered by Dennis Batchelder, Director of the Microsoft Malware Protection Center. Batchelder broke down the malware affecting Windows devices on different operating systems and in different regions of the world, and how Microsoft is combatting it.

There are four big players in the malware/antimalware ecosystem today, according to Batchelder: Crime syndicates, the malware supply chain, antimalware vendors, and the antimalware ecosystem. Through its Digital Crimes Unit and antimalware security software aimed at proactively blocking new malware strains, Microsoft is attacking malware at its source and expanding its definition of what malware is beyond traditional notions of worms, viruses, and rootkits.

“We want to put pressure on the malware supply chain, disrupt it, and remove the malware value proposition by attacking all points of the supply chain,” said Batchelder. “We want to starve, prosecute, and imprison the people who put out malware. We want to stop malware the first time it’s ever seen, so we measure closely and have a scorecard that tracks whether we took out malware the first time.”

In August 2015, Microsoft’s Global Threat Landscape report stated that Microsoft encountered malware 3.4 percent of the time while monitoring 288.4 million Windows machines worldwide, across Windows 7, Windows 8 (no longer supported), Windows 8.1, and Windows 10—with a net infection rate of 0.6 percent.

bits-msft-aug-malware

During his BiTS keynote, Batchelder broke down malware infections by how advanced the attack is. The most prevalent malware (at 44.5 percent) is dormant or self-propagating malware—older, well-known malicious attacks largely affecting undeveloped regions of the world. This is followed closely (at 40 percent) by “active and evading malware” that security vendors are actively combatting. Emerging and newly discovered malware was responsible for 2.5 percent of attacks.

While the lion’s share of malware logged by Microsoft in August focused on stealing data or spamming users with adware, attacks also included file infections, disk and network works and ransomware—which Batchelder said requires the more advanced network infrastructure of developed regions and is far less prevalent worldwide on Windows machines than Android devices. “There’s a lot of targeted malware at the developed world,” he said. “Attackers are following where the money is.”

The Layered Riddle of Enterprise Security

The antivirus industry is all about threat detection and mitigation. For businesses, Andrew Lee, CEO of ESET North America, said this means identifying targeted attacks against a particular organization, whether it’s a large enterprise or a small business. Lee explained that the challenge of cybersecurity is dealing with multiple prongs and levels of attacks.

But he said that what really matters to everyday organizations are financially motivated malware: botnets or phishing attacks targeting credit card and account numbers, intellectual property, and design patents, as well as other financial and identity data. “One big way attackers can gain access to large quantities of that type of information is by taking down an Ashley Madison,” he said. “They suddenly get this massive ball of data.”

eset-protection-system

Cybersecurity defense rests on everything from two-factor authentication and end-to-end encryption, to suites of malware and intrusion detection tools. Every business has data it deems critically important, and Lee said depending on the size of the business could be faced with every kind of threat. “The bottom line for businesses is that you need a layered approach to security,” he said. “There’s no silver bullet, no magic approach to protect, let’s say, a financial institution from specific threats. If an attacker thinks your data is important, they’ll go after it.”

That layered security approach begins, Lee explained, at a business’ endpoint: where users interact with the data, a critical point of attack. From there, how businesses transmit data past firewalls, the level of end-to-end encryption they put in place, the level of investment they’re willing to put into IT staff, and their in-house anti-malware teams is, according to Lee, what makes the biggest difference. Beyond that, enterprises must protect against higher-value attacks on its servers by encrypting data at rest, and implementing intrusion detection measures and data leakage monitors.

Add perimeter devices such as FTP servers, third-party service integrations, cloud-based storage, and simple, connected Internet of Things (IoT) devices, and the bigger a business gets, the more it has to worry about. For smaller businesses, hiring that security out to an anti-malware vendor could be more cost-effective than handling it in-house with an overworked IT team. “It really depends on what you’re trying to protect, which assets are most important, and how much you’re prepared to spend on it,” Lee said.

View the original content and more from this author here: http://ift.tt/1Nv3DbP



from cyber security caucus http://ift.tt/1i5yL4j
via IFTTT

No comments:

Post a Comment