Cyber Attacks That Made Ciso's Rethink Security- Top 5

Cyber Attacks That Made Ciso's Rethink Security- Top 5

It is been predicted that by the 2020 30% of global enterprises will be directly or indirectly compromised by the group of independent cyber activists or cyber criminals. Now a days Cybercrime is considered a profession to evade security controls where malware and exploit kits are created and sold with guarantees. An American information technology research Gartner estimates that $71 billion was spent on information security by various business but close to $400 billion was lost globally as a result of cybercrime.

Today Security is based on the basis that one can notice whether something is good or bad for e.g. web, email, files etc.  The basis is fundamentally weak as Malware continues to be cracked even the latest security technology.  The CTO Mr. Kowsik Guruswamy of Menlo Security has identified five different malware attacks that have had a deep impact on the Cyber security industry.

Let’s see the below:

Regin

Since 2008 Regin was used to spy on governments, infrastructure operators, businesses, researchers and individuals. It was not designed by someone who is looking to make quick buck and run away.  Regin is highly sophisticated five-stage threat which is fully encrypted with payloads, modular design and which is been around since 2008, is a force to deal with.  It is an extensible malware platform which has the ability to extend the core with highly targeted payloads which in turn is used for the long term collection of data and continuous monitoring of individuals.   This kind of Cyber reconnaissance was seen first time which was used as collateral not only against enterprises but also against nations and governments.  Regardless of its sophistication the infection vector of Regin aka Dropper was just another browser-based exploit like phishing site.

QWERTY (Regin revisited)

January 2015, researches linked a QWERTY keylogger plug-in to the Regin cyber-attack platform through the code given by SPIEGEL.  This QWERTY discovery was noteworthy for the security industry, nevertheless Regin malware continues to pop-up it the systems regardless.  Inside encrypted and compressed Virtual file system these QWERTY plug-ins are stored, however they don’t exist directly on the victim’s machine in native format.  As we all know that our lives depend on web and web based infection vectors are growing at a rapid pace now a days. 

SoakSoak

More than a lakh WordPress sites were infected by malware called SoakSoak in December 2014 which turned the infected sites into attack platforms.   This malware provided an perfect  example of vulnerable services becoming infection vectors themselves through internet downloads.  Malware authors have an immense install base to influence any vulnerability that shows up on the publishing platform as more than 70 million sites use WordPress as their content management system. At particular time Google flagged 11,000 sites but that wasn’t sufficient to track and patch many of the infected sites, without knowledge to the owners these sites are being used to serve malware.

Skeleton Key

Now a days the cyber kill chain is getting more smarter and more sophisticated, and malware which focuses on data extraction is on the rise.  Skeleton key was firstly seen in January 2015 which targets the keys to the authentication kingdom, such as AD controller.  Firstly it infects the AD administrators (possibly via web) this malware subsequently applies an in memory patch to the AD controller allowing it to masquerade as any other user to gain access to their data and email.  This malware completely evades existing detection mechanisms as it generates no abnormal network activity.  While the CTU researchers did not explicitly talk about the drop phase of the malware, it's likely to be web-borne and we are not surprised that signature and virtual execution products did not detect and stop this in the first place.  As being in the industry the real question is to ask ourselves is how, not if, these types of malware can be completely eliminated.

Google AdSense (malvertising)

 

More than 100,000 new websites come online every single day. When scammers began abusing Google AdSense for malvertising in January 2015, a single webpage would load up to eight different third-party scripts, resulting in the fetching of resources from about 250 unique domains. Because Google does not, and cannot, inspect the exact content served up on its platform, it only takes one of the ~1,600 "certified" ad networks to be hijacked. All of this untrusted and unknown content is executed on unsuspecting endpoints, resulting in a tremendous amount of risk any time a user visits a popular website. In this particular instance, the malvertising was aggressive and was forcing a redirect to a malware-serving page without user interaction. If the attack was subtler, chances are that this would've gone unnoticed for a long time.

Eliminating Malware

Any attempt to categorize a website as good or bad, with respect to malware, is a false notion and we are fooling ourselves into thinking that this is even possible. With billions of dollars being spent on enterprise security, we are nowhere closer to securing our users or making the Internet a safe place. As an industry, we need to step back and think about definitive ways to eliminate attacks, not just detect them or react to them after the damage is already done.

Facebook acquires Voice Recognition Firm, targets Apple Siri

Facebook acquires Voice Recognition Firm, targets Apple Siri

In ambition to extend its reach beyond computers and smartphones Facebook Inc acquired a company that makes voice recognition technology for wearable devices and internet-connected appliances.

On Monday Facebook announced it acquired wit.ai without providing a price for the deal. Wit.ai is a 18-month old company based in Palo Alto, California, makes software that can recognize spoken words as well as written text phrased in “Natural Language”

A representative from Facebook declined to provide details on how Facebook is planning to use this voice recognition technology or with in which group of Facebook wit.ai team would work.

The deal comes as technology companies are racing to bring internet connectivity to a new crop of devices, from watches to washing machines. Voice recognition, the technology that helps power services such as Apple Inc's Siri, is considered a key building block for the new devices to earn mainstream consumer appeal.

Facebook, the world's largest internet social network, with 1.3 billion users, is increasingly looking beyond the PCs, tablets and smartphones currently used to access its service. In March, it acquired virtual reality headset maker Oculus VR for $2 billion.

The deal for wit.ai is likely to have been significantly smaller. Wit.ai announced in October that it had raised $3 million in a funding round led by venture capital firm Andreessen Horowitz.