Tag: trojans

Cyber security trends for 2011

Well, it’s this time of the year again. Scores of well-known gurus, security companies as well as some simple mortals come out with their prediction on how the cyber fraud will evolve in coming 12 months. Sometimes these “prognosis” is limited to attaching “security threat” or “attack vector” to general emerging technologies – e.g. “more fraud on smart devices”, “cloud security threats” etc. – such predictions are based on common principle of any new functionality is a potential security threat, and the fraud attempts are proportional to its popularity. Naturally, like any generalization, this approach has its limits… indeed, if a new functionality proves to have a higher bar for penetration than the existing ones, the fraudsters will happily stick to the old known methods without complicating their lives.

Having said that, I couldn’t resist the temptation myself – and came out with some prognosis of my own:

  • Trojans will become more mature and deadly. User machines are becoming both Holy Grail and the Weakest Link in the defense against the cyber criminals. With the client machine compromised most of the server-side anti-fraud technologies are useless – even in some cases 2FA may be circumvented (naturally, this is true for client-side attacks like XSS or XSRF). There’s little hope that a remedy is within reach – the trend of fraudsters to shift their attention from relatively hardened OSes to application layer (such as browser plugins, but also stand-alone ones like PDF reader) will continue to grow in 2011 resulting in a race which good guys may not be able to win.
  • Phishing – i.e. tricking netizens to reveal their passwords, PII, SSN, and other information – the problem is going to get more severe – taking spear attacks to mass production. Indeed, taking into account the volume and availability of mass information (enough to mention alleged 100 mln Facebook accounts information put on torrent) it’s only a matter of time before massive old-style phishing attacks (with the low success rate of around 0.1-0.3%) become more personal and targeted and thus much more effective (success rate may jump to 1-3%).
  • Information Security – how long it’ll take governments and corporations to move to close environments – with machines which have no burnable DVD drives or USB ports, hard drives living in clouds and isolated access to the public net (not even mentioning having our smartphones banned at workplace – as we could still take a picture of the screen and email it right away?). My take – forever. So WikiLeaks will continue making headlines and more copycats of it will proliferate in 2011.
  • IPv6 – most probably 2011 will be the first year where IPv6 starts to be used in wild (as IPv4 free space will finally be depleted). Taking into account general procrastination of big businesses (for whom security is an afterthought until it bites them in the a*s) they are going to be less prepared (to put it mildly) to the transition to IPv6 than the fraudsters community. Now imagine all the IP3 filters, IP geolocation and other techniques which became mainstream, all the infrastructure tuned to IPv4 built on back-ends of the companies start behaving “strange” as soon as requests come in with IPv6 addresses. Subsequently, if these requests prove to be more effective in hiding fraud, guess how much (or little) time fraudster will need to jump on the opportunity.
  • Smartphones – if anything, Android – being inherently more open platform than iPhone OS – but overall I do not think we’ll witness any spectacular security breaches (including using smartphones as tools to commit fraud) because of obvious smartphones proliferation; generally speaking they are safer than our desktops and laptops, harder to get by, harder to infect and inherently easier to locate (tied to a geolocation).
  • Cloud computing – if anything, it’ll be increasingly leveraged by the bad guys to achieve their nefarious goals, rather than having breaches itself (e.g. stealing data from the cloud). Not that it’s impossible, I just think there are more available and easier to access means.
  • Virtual currency – as much as it’s volumes are going through some spectacular growth period, there’s a conceivable ceiling to their expansion, and so for the associated fraud. I don’t think that they will become the Big Story for 2011, although the fraud will grow proportionally to the volume of virtual goods and services.

All the above is more intuition than science, and naturally only time will show how right or wrong I am now (fortunately, we don’t have to wait too long). Plus, many reputable specialists would disagree with my relatively low risk ranking of smartphones, clouds and virtual currency – which makes it even more intriguing and worth looking forward to.

Is conficker a (nuclear) time bomb?

Conficker malware generates a lot of buzz these days. No wonder – it represents a new generation of highly-sophisticated general-purpose software platform rapidly spreading over unsuspecting user machines. Conficker is in more than one way state-of-the-art malware:

  • Highly efficient
  • Applies the latest encryption technologies
  • Hides itself in the most sophisticated ways
  • Virtually unstoppable way of updating itself

Not surprisingly, it targets Windows machines (the main platform used across the World). Currently up to 10 mln machines are infected with Conficker. Another remarkable feature of the worm is that up until recently it hasn’t really caused any significant damage – yet. We know it just hangs in there waiting for instructions to come from the “mother ship”. When and how it’ll strike – is anybody’s guess. At the same time – judging from the hitherto behavior of the guys behind conficker – they will use the platform for many “mini-explosions” (ideally unnoticed) rather than a big “blast”. It’s anything but one-time usage platform.

For details you are welcome to go through a presentation I recently put together to raise awareness of Conficker with my colleagues:

Summary: Like any other malware which infects the end user machines, it’s very powerful and may render bulk of traditional anti-fraud tools & technologies useless. It’s possibilities are virtually limitless – from dDOS, spamming to key logging and information stealing. But sophistication of Conficker compared to more primitive trojan predecessors takes the challenge to the next level (I am sure we’ll witness more conficker-like trojans on the market – fraudsters have their own “arms races”).

What companies could to to be ready for Conficker? I can’t think of anything else but educating end users, perhaps mandating (or providing incentives for) installation of virus protection software on user machines (the trend has already started). Using 2FA will definitely slow the bad guys down, but by no means it’s the definitive remedy to Conficker’s and alike. How efficient all those measures are will become apparent in the upcoming years.