After the cyberpunks, prepare to fight a new wave of nasties

Presagers of doom in the IT industry have sometimes got it horribly wrong. One need only look back 14 years to the millennium bug, which was supposed to bring down the world’s critical systems. The year 2000 came and went with no digital cataclysm in sight.

Even the smartest people make grand claims about imminent threats. Robert Metcalfe, who co-invented Ethernet, claimed in 1995 that the internet was on the brink of a “catastrophic collapse”.

He literally ate his own words in 1997, chowing down on a printed copy of the column in which he had made the preposterous prediction.

In the security industry, much is made of fear, uncertainty and doubt, or FUD. Many claim security companies throw FUD around to sell products, making threats seem bigger than they are.

Nevertheless, many of the buzzwords that have been buzzing around in recent years have related to genuine emerging threats that security teams would be wise to address.

“All threat vectors continue to develop, many of them at a startling rate,” says Tony Lock, an analyst at Freeform Dynamics.

“Drive-by infections from legitimate websites, especially those using third-party content such as adverts, are increasingly being used to deliver malware. But all vectors, including phishing emails and infected USB and SD drives, remain and continue to evolve.

“The means of targeting high-value individuals or people who could open a way into an organisation are now being commercialised. These threats may escalate in number.”

Real and present danger

The advanced persistent threat, which many simply call a prolonged targeted attack, is a fine example of hype becoming reality.

Criminal hackers used to cast their malware nets far and wide to try to ensnare as many random computers as possible, and many still do. Many crooks have shifted to focusing on specific companies and specific individuals within them.

Thanks to increasing trust in social networks, from Facebook to Linkedin, it is easy to glean valuable information about employees from the public internet. That can then be used to craft phishing emails that trick workers into handing over useful data, such as an application login, or to have them open files that launch executables and infect the machine.

It is then simply a case of escalating privileges and spreading across the network to set up a surreptitious surveillance operation.

“Targeted attacks have definitely arrived,” says Javvad Malik, an analyst at 451 Research.

“There was some shoulder-shrugging and chin-rubbing when targeted attacks were first introduced to the mainstream and initially many assumed it would affect only the largest of enterprises with the biggest payloads.

“But this has come downstream and even consumers are affected. One could almost say that everything is targeted these days. We’ve seen increased sophistication in phishing as well as reports of an exponential rise in ransomware.”

Attackers are developing and using zero-day vulnerabilities to target high-level organisations, from governments to energy companies. This has been evidenced numerous times in 2014.

A recent Microsoft Word zero-day was used in attacks on Taiwanese government bodies in May, while the Elderwood gang has been identified as a zero-day provider for multiple groups, including the Hidden Lynx team connected to targeted attacks on Google and Bit9.

Targeted attacks are a global problem too. The Verizon Data Breach Investigations report from April uncovered 511 incidents of cyber espionage in 2013. Almost half of those were thought to have emanated from east Asia, while a fifth came from eastern Europe.

Et tu, router

Hackers are also turning their attentions to hit various levels of the network. Over the last year, there has been an explosion in router and modem attacks, causing something of a panic in security circles.

“A couple of years ago we published an article about insecurities in small network devices, such as DSL modems and Wi-Fi routers, and the emerging threats that had already started to exploit these vulnerabilities,” says Marta Janus, security researcher at Kaspersky Lab.

“We were aware of a limited number of real-life cases and just a handful of malware samples related to this kind of attack. Having noticed that this approach may prove fruitful for cyber criminals, we predicted it would become a serious issue.”

In March, things reached a head when security-focused non-profit Team Cymru released a report detailing a network of 300,000 hacked routers.

Weak authentication and various vulnerabilities in the firmware used by the routers were exploited by a hacker crew to redirect users to certain websites. Devices from some of the best known manufacturers, including TP-Link, D-Link, Micronet and Tenda, were hacked.

Various kinds of malware specifically target routers, including families such as Darlioz and Moon, while some Windows viruses use routers to re-infect machines, as with a malware variant known as Sality.

“When we look at the widely publicised cyber threat stories from the past year or so, we see attacks on home network devices are now widely used to steal online banking credentials,” says Janus.

Hang on to your Bitcoins

Janus is also unsurprised by the growing range and quality of attacks on crypto-currencies and the organisations dealing in them.

Consumers and businesses using the likes of Bitcoin now have to fear a deluge of malware trying to pilfer wallets. The attacks are cross-platform too, putting any system in danger.

“Another trend that is currently maturing is attacks against the crypto-currencies. In addition to the growing number of Bitcoin-mining Trojans, this year we also discovered Windows and Mac OS X malware designed to steal Bitcoins, in addition to Android SMS-Trojans capable of stealing money from wallets.”

The Bitcoin exchanges are taking a battering too. Mt. Gox suffered the worst, effectively shutting down following a breach that robbed the Bitcoin exchange of $460m.

“I think we can expect more attacks on Bitcoin stock exchanges as this can be very profitable for cyber criminals,” says Janus.