Monday, August 12, 2013

Security - More than 700,000 APPs in the Android Market Place (High Risk)


Android Devices Remain Dangerous to the Enterprise and Small Business. Image complements of visnetwork


There is a concept in business IT to stop being "structured" and "uptight" about allowing wireless devices to be a part of a corporate campus. While a Blackberry Server and Blackberry devices were a standard for a long time, newer devices to compete with this network model have brought critics forward to claim the older Blackberry model is pointless and pre-historic.  Yet the design of Blackberry - and its security - has allowed it permission to be a standard in the enterprise. Pundits of this architecture typically have no response to the security aspect of adopting new wireless devices to a business network.  This concept is also known as Bring Your Own Device (BYOD), and continues to be a hot topic in business. While people want the easy approach of simply buying something at the store and connecting it to a corporate network, the security problems this causes are too vast and dangerous to ignore.
This is reviewed and discussed in this great post at CIO.gov.

A recent Trend-Micro report states that over 700,000 apps are likely to steal your personal information.  This is up from 509,000 last QUARTER.

According to the people at Neowin, they highlight findings of the TrendMicro report:
The majority of these malicious apps are disguised as popular apps, but contain malware that could see victims subscribe to costly services. FAKEBANK is a common and prominent malware that does just this. By spoofing "legitimate apps", it creates shortcuts to mobile banking programs. Johnathan Leopando, of Trend Micro, says infected users may then be at risk of entering their banking details into a malicious app.

Additionally, on July 23, 2013, trade magazine Infoworld printed Report: Android Spyware on the Rise discussing a recent Malware investigation report by Kindsight. The report findings review the most popular recent infections, vectors and behaviors:

The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53 percent of the total number of infections detected on Android devices.
The second-most-common Android threat was a Trojan program called QdPlugin, whose primary purpose is to install and control other adware programs. This malware is distributed as repackaged versions of legitimate games and connects to a control server located in the U.S.
A particularly worrying trend is the increase in the number of spyware threats that appear in the top 20, according to Kindsight. Spyware programs can typically record phone calls and text messages; track the phone's location; monitor email, social media and browsing activity; access photos and contact information, and more.
"Until now mobile spyware has been aimed at the consumer market, with the promise of being able to track your loved one's every move through their phone," said Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, in a blog post Tuesday. "But locating teenagers and a straying spouse are only one part of the story."
"Mobile spyware in the 'Bring Your Own Device' context poses a threat to enterprises because it can be installed surreptitiously on an employee's phone and used for industrial or corporate espionage," McNamee said.


While this is nothing new to discuss and blog about (see titles below), it remains a significant security concern for the businesses we help at Menlo Technical Consulting.

Malware Infections Soar on Android Devices Over Recent Past   3/20/2012  
Android Mobile Devices are Targets for Malware   12/26/2011  
eWeek periodical says more advanced trends for breaches 2012   12/20/2011  
Why Android is Still a Problem in the Enterprise   10/22/2011
Android – Marketplace Apps 400% Spyware Increase   5/13/2011


Interesting Infographics on the topic:
Kaspersky Labs Infographic 1

Kaspersky Labs Infographic 2



Thursday, August 8, 2013

Universities Warned to Protect Their Computer Networks from China



In a July 16, 2013 article, a New York Times article Universities Face a Rising Barrage of Cyberattacks, Stanford University computer networks were attacked by China sources according to the article.  In another article about the same incident, Stanford Probes Breach, As Attacks on Universities Soar.

The attacks have been increasing in sophistication as well as in frequency, often going undetected, which is prompting university officials to reconsider the open nature of their networks.

“A university environment is very different from a corporation or a government agency, because of the kind of openness and free flow of information you’re trying to promote,” David J. Shaw, the chief information security officer at Purdue University, told the Times. “The researchers want to collaborate with others, inside and outside the university, and to share their discoveries.”
Some research universities work with government agencies on classified projects, but even those that don’t, like Stanford, still work on projects that produce patents and other intellectual property used in commercial, medical and academic fields. And intellectual property has become the prime target of many cyberattacks, officials say.


A threat map showing trace lines of where some attacks to the USA originate.
 
University attacks are gaining momentum and are very insipid.  According to Bill Mellon of the University of Wisconsin:

“We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” said Mr. Mellon, the associate dean for research policy. “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”
China and Russian Federation are two most frequent countries where unsolicited attacks come from, as a consensus of many computer security researchers. In today's cyberthreat landscape, universities, small to large businesses  - of all types, as well as non-profits should be most concerned about blocking these Internet traffic sources as much as possible. Today a simple subscription to an annual firewall protection service may be all that is needed to avoid these attacks.  Most institutions do not need to allow Internet traffic from China nor the Russian Federation.

One source of this problem are network capable printers. Another article in GCN.com How Hackers can Turn the Internet of Things into a Weapon explains, printers can allow easy access to any hacker who has found his or her way past the security of a private computer network.  Such devices have insecure webpages to help maintain things like drum life, toner quantity, number of printed pages, etc. Until businesses who produce these devices improve the security of them, it is very important to immediately alter the security on these devices to prevent the harboring of infections on private computer networks.

To view the daily reporting of attacks over the Internet, stop by ShawdowServer.org dedicated webpage to view statistics of these attacks.  Or consider visiting the threat portal at ArborNetworks.com for their interpretation of current Internet attack trends.


Wednesday, August 7, 2013

DDoS Attacks Stopping Websites from Working Summer 2013





There used to be a misconception that if everyone flushed their toilet at the same time, the water supply demand would break. The same idea was behind a strike of buying gas when the prices go up - stop buying gas to protest the price increase. We hope that democratic societies allow for voting to get a certain politician into office works the same way.
That same concept - for many members of a group to cause a strong effect on a few, is used in the computer / Internet world. Specifically the 'bad guys' who are trying to get notoriety for respect, or earn money for doing bad things on behalf of others, have devised a similar idea in the Internet world.

The Internet is a lot like automobile roads and traffic. It was designed to handle a huge amount of traffic and do so through routes that are shortest path to their destination.  Hackers have figured out that they can take control of many computers and use them to attack a few machines at specific locations - like Visa, Bank of America, Macy's, government web sites, or even Internet providers like Comcast and website hosting places like GoDaddy.



HOW DDoS WORKS
Simply explained - the attack is easy to understand; an individual has control over a bunch of 'drone' or 'zombie' computers (which have previously been infected with a Botnet, allow hackers to control them from anywhere in the world, whenever they want) to attempt to go to a website.
Typically websites are designed to handle 30 to 75 people looking at a website at once. Bigger companies can handle much more simultaneous traffic.  When the amount of people looking at the same time goes up to 10,000, it may be difficult to 'serve' those 'webpage requests' all at once. Hackers will employ tens of thousands of machines to view a website, at the same time, which in effect with cripple the website from displaying.  This effect is called a Distributed Denial of Service Attack (DDoS) attack.  Other attacks are based around attacking the machines which help route a PC to the particular page they are trying to visit. This second explanation is what has just happened over the past several months. (BIND 9 has been patched for a vulnerability.)

Recently layman's tools to command and control these kinds of Botnet infected PC's have become readily available. As recently as mid-June 2013 through August 2013, many many websites are made unavailable because of DDoS attacks, or intercepting an unpatched website look up machine.  The effect of which is over 700,000 websites stopped working in July 2013.

MOTIVATION OF HACKERS
In some cases, their motivation is political - to free a political prisoner, or to represent ideologies.  But the DDoS tools are so common today that many attacks are now done because 'it can be done,' and it will provide credibility to various hackers for respect of other, more powerful hackers. I do not want to get into the childish psychology of these 'younger' hackers, but in general it is no longer just for a specific political purpose. It is for personal gain and an individual's ranking in a type of hacker social stratum

Neustar has created a helpful infographic showing the 2012 DDoS statistics, as compared to 2011 DDoS data. Kaspersky Labs has created this infographic to help understand how Botnet's effect your computer as well as the Internet at large.

For more detailed information on DDoS attacks, here are a few websites explaining the types, trends, technologies and effect on the world:

ArborNetworks.com Live Threat Portal
NetworkComputing.com DDoS Attacks Getting Bigger, Report Finds
ComputerWeekly.com  New Threat Portal pegs DDoS Attacks at 2570 per Day
Rivalhost.com 12 Types of DDoS Attacks Used by Hackers
Akamai.com The Challenge: Safeguarding Against DDoS Attacks
Verizon Enterprise 2013 Data Breach Investigations Report
Rivalhost.com Understanding Web Threats: Denial of Service Attacks
eWeek.com How Do Booters Work? Inside a DDoS Attack for Hire
Circleid.com 5 Steps to Prepare for a DDoS Attack
Bankinfosecurity.com Who's Really Behind DDoS?