Kategorie

Introduction to RATs Once a hacker has gained initial access to a target machine, expanding and solidifying that foothold is the next logical step. In the case of a phishing attack, this involves using malware to take advantage of the access provided by the email. A common way of expanding this beachhead on the target […]

The post Top 5 Remote Access Trojans appeared first on Infosec Resources.

Top 5 Remote Access Trojans was first posted on September 19, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Of the 2,300 archiving systems looked at, 590 were accessible from the internet, exposing 24 million medical records from 52 countries.

Odborníci z AdaptiveMobile Security publikovali minulý týden informaci o nové bezpečnostní díře, kterou označují jako Simjacker. Podle nich je možné zasláním textové zprávy získat vzdálený přístup k postiženému zařízení. Tentokrát však nejde jen o teoretickou hrozbu – dle expertů byl tento ...

The government, alleging that Snowden violated NDAs with the CIA and NSA, isn't looking to stop the book's publication or distribution.

The latest Naked Security Podcast is live - listen now!

Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.

Popular software hosting service GitHub has acquired Semmle, a code analysis platform that helps product developers and security researchers discover potential zero-days and critical vulnerabilities in large codebases. Learn more in a great The Next Web article:

Policie v několika evropských zemích rozbila skupinu, která organizovala podvody při sledování obsahu placených televizních kanálů. Informovala o tom agentura evropské justiční spolupráce Eurojust, která akci koordinovala. Podle vyjádření italské policie se zátah týkal ilegálních streamovacích služeb na internetu.

Have you heard that a severe critical privilege escalation vulnerability has been found in Harbor open-source registry software? Learn more:

An in-depth study of reported bugs has produced a list of the top 25 bug categories in software today - with some old familiar names topping the list.

Škodlivé kódy nepředstavují již dávno riziko pouze pro počítače a notebooky. Stále častěji se s nimi setkáváme také na chytrých telefonech a počítačových tabletech. Dokazuje to i nejnovější statistika kyberbezpečnostní společnosti CheckPoint, která se zaměřuje právě na nejrozšířenější mobilní hrozby.

The Kaspersky Industrial Cybersecurity Conference 2019 takes place this week in Sochi, the seventh such conference dedicated to the problems of industrial cybersecurity. Among other things, the conference will address the security of automation systems in buildings — industrial versions of the now common smart home. Typically, such a system consists of various sensors and controllers to manage elevators, ventilation, heating, lighting, electricity, water supply, video surveillance, alarm systems, fire extinguishing systems, etc.; it also includes servers that manage the controllers, as well as computers of engineers and dispatchers. Such automation systems are used not only in office and residential buildings, but in hospitals, shopping malls, prisons, industrial production, public transport, and other places where large work and/or living areas need to be controlled.

We decided to study the live threats to building-based automation systems and to see what malware their owners encountered in the first six months of 2019.

Malware and target systems

According to KSN, in H1 2019 Kaspersky products blocked malicious objects on 37.8% of computers in building-based automation systems (from a random sample of more than 40,000 sources).

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,r.id=s,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","https://e.infogram.com/js/dist/embed-loader-min.js");

Share of smart building systems on which malware was blocked, 2018-2019 (download)

It should be mentioned right away that most of the blocked threats are neither targeted, nor specific to building-based automation systems. In other words, it is ordinary malware regularly found on corporate networks unrelated to automation systems. This does not mean, however, that such malware can be ignored — it has numerous side effects that can have a significant impact on the availability and integrity of automation systems, from file encryption (including databases) to denial of service on network equipment and workstations as a result of malicious traffic and unstable exploits. Spyware and backdoors (botnet agents) pose a far greater threat, since stolen authentication data and the remote control it provides can be used to plan and carry out a targeted attack on a building’s automation system.

What are the threats of a targeted attack? First off, there is disruption of the computers that control the automation systems, and subsequent failure of the systems themselves, since not all of them are totally autonomous. The result may be a disruption of the normal operation of the building: electricity, water, and ventilation are likely to continue to work as before, but there may be problems with opening/closing doors or using elevators. There may also be problems with the fire extinguishing system, for example, a false alarm or, worse, no signal in the event of a fire.

Geographical distribution of threats

Share of smart building systems on which malware was blocked, by country, H1 2019

Top 10 countries

Country %* Italy 48.5 Spain 47.6 Britain 44.4 Czech Republic 42.1 Romania 41.7 Belgium 38.5 Switzerland 36.8 India 36.8 China 36.0 Brazil 33.3

*Share of computers on which malware was blocked
Sources of threats to building-based automation systems

When studying the sources of threats to building-based automation systems, we decided to compare them with similar statistics on industrial systems that we regularly compile and publish. Here’s the result:

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,r.id=s,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","https://e.infogram.com/js/dist/embed-loader-min.js");

Sources of threats to building-based automation systems by share of attacked computers, H1 2019 (download)

The graph shows that in building-based automation systems the share of attacked computers is consistently higher than in industrial systems. That being the case, the total share of attacked computers over the same period is greater in industrial systems (41.2%). This is due to the fact that building-based automation systems are more similar to systems in the IT segment — on the one hand, they are better protected than industrial ones, so the overall percentage is lower; on the other, they have a large attack surface (i.e. the majority have access to the Internet and often use corporate mail and removable drives), so each computer is exposed to more threats from different sources.

!function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script")[0],d=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=d+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var r=e.createElement("script");r.async=1,r.id=s,r.src=i,o.parentNode.insertBefore(r,o)}}(document,0,"infogram-async","https://e.infogram.com/js/dist/embed-loader-min.js");

Types of malware detected in building-based automation systems, by share of users attacked, H1 2019 (download)

Note that it is not only the networks of automation systems in specific buildings (stations, airports, hospitals, etc.) that face threats. The networks of developers, integrators, and operators of such systems, who have (often privileged) remote access to a huge number and variety of objects, are also subjected to “random” and targeted attacks. Having gained access to computers in the network of an integrator or dispatcher, the cybercriminals can, theoretically, attack many remote objects simultaneously. At the same time, the remote connection to the automation object on the side of the integrator/operator is considered trusted and often effectively uncontrolled.

The threat landscape for smart buildings and how to minimize it will be discussed in more detail at the conference. One final note is to mention the importance of monitoring network communications on the perimeter and inside the network of automation systems. Even minimal monitoring will reveal current issues and violations, the elimination of which will significantly increase the object’s level of security.

Kolik stojí firemní únik dat? Odpověď na tuto otázku přinesla studie společností IBM Security a Ponemon Institute. V průměru vyjde oběti únik na 3,92 milionu dolarů, tedy v přepočtu na více než 91 milionů korun. V rámci studie byli osloveni IT specialisté z více než pěti stovek společností napříč celým světem.

Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.

The fake emails direct victims to log into a bogus IRS site.

The post What’s New in Infosec IQ: Fall 2019 appeared first on Infosec Resources.

What’s New in Infosec IQ: Fall 2019 was first posted on September 18, 2019 at 3:58 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.

Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading

The ever-changing malware is jumping in the middle of people's existing email conversations to spread itself without suspicion.

Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured