Security Highlights for 2013 part 2
The Kapersky Security Bulletin 2013 highlights how the threat landscape is evolving, expanding into mobile attacks, become more sophisticated in ways that cover multiple nations and multiple teams working in tangent. [1] Now more than ever, businesses must stay vigilant in their security strategy.
2013 security highlights include
- New “old” cyber-espionage campaigns
- Cyber-mercenaries: a new emerging trend
- Hacktivism and leaks
- Ransomware
- Mobile malware and app store (in)security
- Watering-hole attacks
- The need to re-forge the weakest link in the security chain
- Privacy loss: Lavabit, Silent Circle, NSA and the loss of trust
- Vulnerabilities and zero-days
- The ups and downs of cryptocurrencies – how the Bitcoins rule the world
In the last post, I offered a short summary of Kapersky’s first five 2013 security highlights. In this post, I’ll offer a summary of the last six.
6. Watering-hole attacks – A watering-hole attacks combines two forms of attack: drive-by downloads and spear phishing. Cybercriminals look for insecure website and then insert a piece of malicious script onto one of the pages. When visitors reach the site, the script either installs malware on the visitors computer or it may redirect them to a malicious site controlled by cybercriminals.
Spear-phishing is a focused attack on a specific organization/person with the goal of getting at some confidential data. Emails are sent within the organization and appear to come from a trusted person or company. The person may be asked for specific information or invited to click a link. The link will launch an attachment that runs the attacker’s code on the computer.
In a watering hole attack these methods are combined. Normally, the attacked research web usage within a given company. They identify sites that are perceived as safe and try to recreate the site, luring employees to click on site and enter information on site. Over the last year, this has been a successful way to penetrate several companies.
7. The need to re-forge the weakest link in the security chain – This attack involves social engineering by focusing on specific people within the company. Sometimes called “hacking the human” this attack exploits the oft ignored human factor in security.
8. Privacy loss: Lavabit, Silent Circle, NSA and the loss of trust – 2013 was a bad year for privacy. The Edward Snowden revelations opened a Pandora’s box around the globe as nations and individuals discovered that the U.S. Government was sabotaging private data. Two secure emails services (Lavabit and Silent Circle) shut down after determining they could not really provide the level of privacy they promised as a result of government intrusions.
9. Vulnerabilities and zero-days – Exploiting software vulnerabilities remained a common attack in 2013. While most exploited vulnerabilities are known issues that already have patch updates, some vulnerabilities are known only to the criminals. These are referred to as zero-days. The biggest protection against these attacks is keeping software up-to-date.
10. The ups and downs of cryptocurrencies – how the Bitcoins rule the world – Cybercriminals are making use of the every-growing popularity of Bitcoins. The Bitcoin system is a form of anonymous cybercurrency and is gaining popularity day after day. As the popularity soars, cybercriminals are using Bitcoins currency since they like the anonymous aspect. At the same time, they also are seeking to exploit the system by impersonating Bitcoin exchange houses.
[1] Kaperksy Lap Expert. “Top security stories of 2013 – the expert opinion.” Kapersky Securelist Blog
The post Security Highlights for 2013 part 2 appeared first on Integracon Technologies Blog – Computer Support in Knoxville, TN.
Source: http://blog.integracon.com/2013/12/07/security-highlights-for-2013-part-2/
