Malwarebytes has come up with its detailed report about the major threats we met this year.
Ransomware
This ransomware enters your computer network and encrypts your files using public-key encryption, and unlike other malware this encryption key remains on the hacker’s server. Attacked users are then asked to pay huge ransoms ranging $200-$400 to receive this private key. Hackers usually use the exploit kit to spread this malware.
Phone scams
Phone scammers work along the same lines as Fake AVs, where you have a third-party source telling a user that they have tons of malware on their system and it needs to be cleaned up, usually for a high price.
Phone scammers are not exclusive to 2013 but the amount of reports we get and the different types of scams these guys are using seem to be peaking.
In 2013, we have seen scammers:
- Pose as Microsoft
- Pose as an antivirus company
- Pretend they can remove malware from a Mac
- Claim that not being able to connect to an inactive web server means you are infected
- Pose as law enforcement
- …and much more!
Malwarebytes Senior Researcher Jerome Segura has made three videos based on phone scammers and the tactics they use to fool unsuspecting users; I highly recommend checking them out.
- http://www.youtube.com/watch?v=3P6uv8Fy3ik
- http://www.youtube.com/watch?v=FDJWixw4TCI
- http://www.youtube.com/watch?v=s60jLxInYb4
The biggest defense against this type of scam is knowledge, you will most likely never receive a call from a legitimate software company or antivirus/anti-malware firm to remove malware they have “detected” on your system.
The principles of identifying scams is age old. However, when presented with evidence of a problem in a method that the normal person does not understand, those principles go out the window. That is what these scammers try to exploit so do not become a victim.
Android malware
Since we knew mobile phones were going to run operating systems, we knew that mobile malware would be inevitable. And 2013 showed us an increase in mobile scams and malware.
A large portion of mobile malware consists of what we refer to as SMS Trojans, malware that sends premium text messages or makes premium phone calls without the phone owners knowing about it. The user doesn’t discover what has happened until after they have received the bill. While these types of attacks are primarily seen in Eastern Europe, others exist worldwide.
A similar threat example is the Perkle crimeware kit; it infects the user’s desktop, poses as an authentication measure for the user’s banking web site and requires the scan of a QR code that downloads malware onto the user’s mobile device.
The mobile side waits for confirmation texts sent by the bank, intercepts the codes and sends them back to the desktop to gain access to the victim’s bank account.
Either way, the amount of mobile malware seen this year has increased substantially enough for the community to consider it something we are going to be dealing with much more in the future.
The Blackhole Exploit Kit
In 2012 and a large portion of 2013, the BlackHole Exploit Kit was the primary method of malware delivery for cyber criminals looking to setup drive-by attacks. It hosted an assortment of different malware, depending on the need of the criminal using it, for example:
- Zeus Trojan
- ZeroAccess Rootkit
- Reveton Ransomware
- And more
The kit was sold on cyber-crime forums and black markets to would-be criminals to setup on their own (or compromised) web servers. The criminals would define which payload was to be loaded (the malware) and what exploit to use. From there, once a user visited an exploit page, the malware would be installed.
In many cases, exploit kits are rented out, purchased for a high price from one criminal and then offering to host another criminals malware for a fee.
In early October, law enforcement arrested the creator of the BlackHole Exploit Kit, “Paunch”, and since then, the use of BlackHole has steadily decreased.
With older versions still lingering and being used by cyber criminals as well as modified versions released by third-party sources.
As we enter 2014, we may see less and less of the older variants of BlackHole, however it’s doubtful that it will drop off the map entirely.
At the same time, we may see the emergence of a brand new dominant exploit kit that has all the ability and threat of BlackHole but with new exploits targeting more current operating systems.
DDoS attacks against banks
2013 had its fair share of bank attacks, be it through the use of malware or just hacking. One of the most notable examples were attacks against US banks in August: The attack began as a Distributed Denial of Service Attack against the target bank, the IT staff was able to respond and worked hard to fend off the attack, keeping their servers and services available to customers.
However, while the staff was busy dealing with the DDoS attack, malicious attackers were able to infiltrate the banks systems, unnoticed due to being concealed under the massive amount of traffic from the DDoS.
The attackers made off with a significant amount of money in this highly organized and effective cyber bank robbery.
Crime on all levels has been duplicated online, bank robbery included. Will we see more attacks? Definitely. Will they get worse? Yes. However, with every attack comes the lessons learned and shared with the community, making banking experiences even more secure.
PUPs
Potentially unwanted programs are the slightly less harmful cousins of malware, installing things on your computer you neither want or need, devouring system resources and making your computing experience a nightmare.
You might be wondering what exactly PUPs are, well a few examples are:
- Toolbars
- Search Agents
- Value Finders
- Etc
In July of 2013, Malwarebytes Anti-Malware began detecting PUPs and offering their removal to our users, we do not automatically flag them for removal but allow the user to choose whether they want to run the software or not.
In late November, they discovered a new type of threat with some PUP peddlers, the inclusion of a Bitcoin miner installed on the system. This is a serious threat in that running a miner on a system that is not designed to do so may cause serious damage to the system itself.
They expected such things from malware like Ransomware, however, it is an entirely different story when programs that were potentially harmless, are now doing harm to unsuspecting users.
Online threats predictions for 2014
While these threats gained huge attention this year, security firm Malwarebytes believes the some of these malware are expected to evolve further. These forms will see a rise:
- Ransomware will evolve and attacks increase
- Mobile and Device based Malware will increase
- Attacks to exploit vulnerabilities in user’s firmware and hardware will rise
- 2014 will have more attacks against Mac operating systems.
Says, Malwarebytes:
“We will see ransomware making more of a presence on previously less targeted platforms, such as OS X and mobile devices.”
Furthermore, the company also states that the tablets and Smartphone will be more prone to such attacks next year. While countries like Russia will face more of SMS-based scams, Western countries will notice an increase in malware which may steal your credentials and purchase some unwanted apps for your device. These malware may also add your devices to botnets for DDoS attacks. Firm further reports that, Mac operating systems are also more prone to such cyber-attacks next year.
Mac OS Malware
2014 will have more attacks against Mac operating systems, period.
Recent history has shown us that Macs are being targeted with similar attacks as PC users. We’ve seen Ransomware, malicious browser plugins, rogue antivirus software and a slew of other malware.
In addition, computer repair scams exist for Mac users just as much as for PC users, a threat that doesn’t even require a malware infection but rather just an unsuspecting and uninformed user.
Finally, many of the plugins, extensions and third-party applications that are exploited on Windows are also used on Mac platforms and therefore susceptible to the same threats when it comes to remote code execution.
0 comments:
Post a Comment