Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
Internet Security Threat Report 2014 :: Volume 19 :: Appendices
Hardcore data from Symantec’s Internet Security Threat Report.
Real number crunching on Threat Malicious Code, Fraud & Vulnerability trends including
Threat Activity Trends
• Malicious Activity by Source
• Malicious Web-Based Attack Prevalence
• Analysis of Malicious Web Activity by Attack Toolkits
• Analysis of Web-Based Spyware, Adware, and Potentially Unwanted Programs
• Analysis of Web Policy Risks from Inappropriate Use
• Analysis of Website Categories Exploited to Deliver Malicious Code
• Bot-Infected Computers
• Analysis of Mobile Threats
• Quantified Self – A Path to Self-Enlightenment or Just Another Security Nightmare?
• Data Breaches that could lead to Identity Theft
• Threat of the Insider
• Gaming Attacks
• The New Black Market
Malicious Code Trends
• Top Malicious Code Families
• Analysis of Malicious Code Activity by Geography, Industry Sector, and Company Size
• Propagation Mechanisms
• Email-Targeted Spear-Phishing Attacks Intelligence
Spam and Fraud Activity Trends
• Analysis of Spam Activity Trends
• Analysis of Spam Activity by Geography, Industry Sector, and Company Size
• Analysis of Spam Delivered by Botnets
• Significant Spam Tactics
• Analysis of Spam by Categorization
• Phishing Activity Trends
• Analysis of Phishing Activity by Geography, Industry Sector, and Company Size
• New Spam Trend: BGP Hijacking
Vulnerability Trends
• Total Number of Vulnerabilities
• Zero-Day Vulnerabilities
• Web Browser Vulnerabilities
• Web Browser Plug-in Vulnerabilities
• Web Attack Toolkits SCADA Vulnerabilities
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
The 2014 Internet Security Threat Report gives an overview of global threat activity for the past year based on data from Symantec’s Global Intelligence Network.
Symantec's Internet Security Threat Report, Volume 18 revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
As reported in the ISTR Volume 19, 2013 saw a 500 percent increase in ransomware in the latter part of the year. Overall ransomware levels remained high through March 2014, and then slowly started to decline, in part due to the disruption of the GameOver Zeus botnet back in late May.
In contrast, crypto-style ransomware has seen a 700 percent-plus increase. These file-encrypting versions of ransomware began the year comprising 1.2 percent of all ransomware detec¬tions, but now make up 31 percent at the end of August. One variant known as Trojan.Cryptodefense began to appear in large numbers in early June. By the end of July, it made up 77 percent of all crypto-style ransomware for the year to date. This follows predictions in the ISTR saying this type of malware would become more common in 2014.
Over 31.5 million identities were reported exposed in August, from 12 incidents. The jump in exposed identities is due to a large breach in South Korea, comprising 27 million identities. In the last 12 months 53 percent of data breaches were caused by hacking and 21 percent were accidentally made public.
The average number of spear-phishing emails blocked each day for August was 20, compared with 54 in July and 88 in June. This is below the year-to-date average of 86, which is slightly higher than the daily average of 84 for all if 2013.
The most frequently used malicious file types in these email-based targeted attacks were .exe and .doc file types, with .exe attachments coming out on top this month at 31.8 percent. 29 percent of spear phishing emails were sent to Manufacturing, returning it to the top of the industries targeted.
One in 1,587 emails was identified as a phishing attempt, compared with one in 1,298 for July and one in 496 in June. While at first glance this looks like a big drop, it is not indica¬tive of a wider trend just yet, resulting in only a 0.01 percentage point decrease in the overall phishing rate.
We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
Who would win the battle for the White House to become the next President of the United States was a topic of hot debate in 2012.
Much of that debate was taking place online, with plenty of people blogging, tweeting or updating social media with their thoughts on Mitt Romney versus Barack Obama.
Photo: usatoday.com
This provided us with a rich source of information about what people were thinking and feeling about the election race. So today I've decided to cover Techniques of Digital Data Analysis that are used to predict the US election. And perhaps the 2012 election will be remembered as the first election where big data analysis played a crucial role and had a tremendous impact on the outcome of the presidential election.
I am fairly familiar with the above mentioned techniques, because I had an opportunity to meet the CEO of EMC company on January 2013 in Singapore. EMC was one of a selected few companies that Twitter had entrusted to syndicate and provide access to the full Twitter feed for use in internal analytics applications for Obama's campaign in 2012. In my humble opinion that was the reason that in 2015 this company was sold to Dell for $67B in largest deal in Tech history.
The techniques of big data analysis remain the same, so let’s jump to year 2016 and see what social media data is used to predict the US election nowadays.
Read as an article: http://news.cybergates.org/en/articles/can-you-predict-who-will-win-the-us-election
Symantec Intelligence Report September 2014Symantec
Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
The average number of spear-phishing attacks rose to 53 per day in September, after a 12-month low in August. Spear phishing activity has returned to levels seen earlier in the summer, but is still down from the 12-month average of 85 attacks per day.
The .doc file type was the most common attachment type used in spear-phishing attacks, making up more than 52.9 percent of all attachments in September. At 4.8 percent, last month’s top attachment, .exe file types, dropped to fourth.
There were only four publically disclosed data breaches that took place within the month September, resulting in the exposure of 2.5 million identities. However, there were 14 additional data breaches reported in September that took place earlier in the year. The largest data breach reported in September actually took place in April, and resulted in the exposure of 56 million identities.
Ransomware continues to decline as 2014 progresses. However, crypto-style ransomware remains high, making up 38 percent of all ransomware detected in September.
There were 600 vulnerabilities disclosed in the month of September, the highest number so far in 2014 and second highest in last 12 months.
One in 2,041 emails was identified as a phishing attempt, compared with one in 1,587 for August. While at first glance this looks like a big drop, it results in only a 0.01 percentage point decrease in the overall phishing rate.
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
The innovation, scarcely four years of age, might be at a critical point, as per Reuters interviews with organizations, specialists, policymakers and campaigners.
The largest data breach reported in June resulted in the exposure up 1.3 million identities. This seems like a small number when compared to the 145 million exposed in the largest breach of May. However, while reported in June, this breach also took place during the month of May. This brings the total number of identities exposed in May to over 147 million, which is the second-worst month for data breaches in the last 12 months.
There was an average of 88 spear-phishing attacks per day in June. This appears to be a return of spear-phishing levels seen in the months of March and April, after the average per day dropped in May.
A relatively new OSX threat by the name of OSX.Stealbit.B topped our list of OSX malware, responsible for 25.7 percent of OSX threat found on OSX systems. This threat looks for specific bitcoin-related software on OSX computers and will attempt to modify the programs in order to steal bitcoins.
The number of Android variants per family reached the lowest levels seen in the last twelve months. While there was not a significant change in the number of families discovered in June, this may indicate that attackers have had more success with their current set of threats, reducing their need to create multiple variants.
June was a quiet month for vulnerabilities, where (only) 438 were reported—tying the lowest number reported in the last 12 months. There were no zero day vulnerabilities disclosed during the month.
Highlights from June 2014 Intelligence Report
Key Findings
There was an average of 88 spear-phishing attacks per day in June.
The number of Android variants per family reached the lowest levels seen in the last twelve months, at 18 variants per family.
The largest data breach reported in June took place in May, and resulted in the exposure of 1.3 million identities.
The report for Q1 2018 includes:
- WatchGuard Firebox Feed Trends. In this regular section, we analyze threat intelligence shared by tens of thousands of WatchGuard security appliances. This analysis includes details about the top malware and network attacks we saw globally throughout the quarter. Using that data, we identify the top attack trends, and how you might defend against them.
- Top Story: GitHub DDoS Attack In Q1 2018, attackers launched a record-breaking distributed denial of service (DDoS) attack against GitHub using a technique called UDP amplification. In this section we analyze this attack and describe how the lesser-known Memcached service allowed this huge amplification.
- Announcing The 443 Podcast Rather than our normal threat research section, this quarter we announce a new podcast from the WatchGuard Threat Labs team, and the authors of this report. Learn what this new podcast contains and come subscribe wherever podcasts are found.
- The Latest Defense Tips As usual, this report isn’t just meant to inform you of the latest threats, but to help you update your defenses based on the latest attacks. Throughout the report, we share defensive learnings and tips, with a summary of the most important defenses at the end.
The application threat landscape can be described as a cyber war. In this report, we explore the technical details of this war. This Web Application Attack Report identifies how many attacks a typical application can expect to suffer annually. In addition, it exposes which countries perpetrated the most attacks and compares application risks by industry. Most importantly, this report reveals the underlying distribution of attacks, presenting an accurate picture of today’s application threat landscape.
Infiltration by the Maze malware is a two-way attack – a data breach and a ransomware attack. Read how security testing can help you tackle with the malicious ransomware attack.
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
What is Cyber Extortion? How do cybercriminals use ransomware for attacks? What to do if you are a victim of cyber extortion?
Panda Security answers all these questions and gives you some recommendations and advises to prevent Cyberattacks in this Practical Security Guide to Prevent Cyber Extortion.
We, at Panda, have developed the first solution that guarantees continuous monitoring of all the active processes: Adaptive Defense 360
http://promo.pandasecurity.com/adaptive-defense/en/
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
Internet Security Threat Report 2014 :: Volume 19 :: Appendices
Hardcore data from Symantec’s Internet Security Threat Report.
Real number crunching on Threat Malicious Code, Fraud & Vulnerability trends including
Threat Activity Trends
• Malicious Activity by Source
• Malicious Web-Based Attack Prevalence
• Analysis of Malicious Web Activity by Attack Toolkits
• Analysis of Web-Based Spyware, Adware, and Potentially Unwanted Programs
• Analysis of Web Policy Risks from Inappropriate Use
• Analysis of Website Categories Exploited to Deliver Malicious Code
• Bot-Infected Computers
• Analysis of Mobile Threats
• Quantified Self – A Path to Self-Enlightenment or Just Another Security Nightmare?
• Data Breaches that could lead to Identity Theft
• Threat of the Insider
• Gaming Attacks
• The New Black Market
Malicious Code Trends
• Top Malicious Code Families
• Analysis of Malicious Code Activity by Geography, Industry Sector, and Company Size
• Propagation Mechanisms
• Email-Targeted Spear-Phishing Attacks Intelligence
Spam and Fraud Activity Trends
• Analysis of Spam Activity Trends
• Analysis of Spam Activity by Geography, Industry Sector, and Company Size
• Analysis of Spam Delivered by Botnets
• Significant Spam Tactics
• Analysis of Spam by Categorization
• Phishing Activity Trends
• Analysis of Phishing Activity by Geography, Industry Sector, and Company Size
• New Spam Trend: BGP Hijacking
Vulnerability Trends
• Total Number of Vulnerabilities
• Zero-Day Vulnerabilities
• Web Browser Vulnerabilities
• Web Browser Plug-in Vulnerabilities
• Web Attack Toolkits SCADA Vulnerabilities
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
The 2014 Internet Security Threat Report gives an overview of global threat activity for the past year based on data from Symantec’s Global Intelligence Network.
Symantec's Internet Security Threat Report, Volume 18 revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
As reported in the ISTR Volume 19, 2013 saw a 500 percent increase in ransomware in the latter part of the year. Overall ransomware levels remained high through March 2014, and then slowly started to decline, in part due to the disruption of the GameOver Zeus botnet back in late May.
In contrast, crypto-style ransomware has seen a 700 percent-plus increase. These file-encrypting versions of ransomware began the year comprising 1.2 percent of all ransomware detec¬tions, but now make up 31 percent at the end of August. One variant known as Trojan.Cryptodefense began to appear in large numbers in early June. By the end of July, it made up 77 percent of all crypto-style ransomware for the year to date. This follows predictions in the ISTR saying this type of malware would become more common in 2014.
Over 31.5 million identities were reported exposed in August, from 12 incidents. The jump in exposed identities is due to a large breach in South Korea, comprising 27 million identities. In the last 12 months 53 percent of data breaches were caused by hacking and 21 percent were accidentally made public.
The average number of spear-phishing emails blocked each day for August was 20, compared with 54 in July and 88 in June. This is below the year-to-date average of 86, which is slightly higher than the daily average of 84 for all if 2013.
The most frequently used malicious file types in these email-based targeted attacks were .exe and .doc file types, with .exe attachments coming out on top this month at 31.8 percent. 29 percent of spear phishing emails were sent to Manufacturing, returning it to the top of the industries targeted.
One in 1,587 emails was identified as a phishing attempt, compared with one in 1,298 for July and one in 496 in June. While at first glance this looks like a big drop, it is not indica¬tive of a wider trend just yet, resulting in only a 0.01 percentage point decrease in the overall phishing rate.
We hope that you enjoy this month’s report and feel free to contact us with any comments or feedback.
Who would win the battle for the White House to become the next President of the United States was a topic of hot debate in 2012.
Much of that debate was taking place online, with plenty of people blogging, tweeting or updating social media with their thoughts on Mitt Romney versus Barack Obama.
Photo: usatoday.com
This provided us with a rich source of information about what people were thinking and feeling about the election race. So today I've decided to cover Techniques of Digital Data Analysis that are used to predict the US election. And perhaps the 2012 election will be remembered as the first election where big data analysis played a crucial role and had a tremendous impact on the outcome of the presidential election.
I am fairly familiar with the above mentioned techniques, because I had an opportunity to meet the CEO of EMC company on January 2013 in Singapore. EMC was one of a selected few companies that Twitter had entrusted to syndicate and provide access to the full Twitter feed for use in internal analytics applications for Obama's campaign in 2012. In my humble opinion that was the reason that in 2015 this company was sold to Dell for $67B in largest deal in Tech history.
The techniques of big data analysis remain the same, so let’s jump to year 2016 and see what social media data is used to predict the US election nowadays.
Read as an article: http://news.cybergates.org/en/articles/can-you-predict-who-will-win-the-us-election
Symantec Intelligence Report September 2014Symantec
Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
The average number of spear-phishing attacks rose to 53 per day in September, after a 12-month low in August. Spear phishing activity has returned to levels seen earlier in the summer, but is still down from the 12-month average of 85 attacks per day.
The .doc file type was the most common attachment type used in spear-phishing attacks, making up more than 52.9 percent of all attachments in September. At 4.8 percent, last month’s top attachment, .exe file types, dropped to fourth.
There were only four publically disclosed data breaches that took place within the month September, resulting in the exposure of 2.5 million identities. However, there were 14 additional data breaches reported in September that took place earlier in the year. The largest data breach reported in September actually took place in April, and resulted in the exposure of 56 million identities.
Ransomware continues to decline as 2014 progresses. However, crypto-style ransomware remains high, making up 38 percent of all ransomware detected in September.
There were 600 vulnerabilities disclosed in the month of September, the highest number so far in 2014 and second highest in last 12 months.
One in 2,041 emails was identified as a phishing attempt, compared with one in 1,587 for August. While at first glance this looks like a big drop, it results in only a 0.01 percentage point decrease in the overall phishing rate.
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
The innovation, scarcely four years of age, might be at a critical point, as per Reuters interviews with organizations, specialists, policymakers and campaigners.
The largest data breach reported in June resulted in the exposure up 1.3 million identities. This seems like a small number when compared to the 145 million exposed in the largest breach of May. However, while reported in June, this breach also took place during the month of May. This brings the total number of identities exposed in May to over 147 million, which is the second-worst month for data breaches in the last 12 months.
There was an average of 88 spear-phishing attacks per day in June. This appears to be a return of spear-phishing levels seen in the months of March and April, after the average per day dropped in May.
A relatively new OSX threat by the name of OSX.Stealbit.B topped our list of OSX malware, responsible for 25.7 percent of OSX threat found on OSX systems. This threat looks for specific bitcoin-related software on OSX computers and will attempt to modify the programs in order to steal bitcoins.
The number of Android variants per family reached the lowest levels seen in the last twelve months. While there was not a significant change in the number of families discovered in June, this may indicate that attackers have had more success with their current set of threats, reducing their need to create multiple variants.
June was a quiet month for vulnerabilities, where (only) 438 were reported—tying the lowest number reported in the last 12 months. There were no zero day vulnerabilities disclosed during the month.
Highlights from June 2014 Intelligence Report
Key Findings
There was an average of 88 spear-phishing attacks per day in June.
The number of Android variants per family reached the lowest levels seen in the last twelve months, at 18 variants per family.
The largest data breach reported in June took place in May, and resulted in the exposure of 1.3 million identities.
The report for Q1 2018 includes:
- WatchGuard Firebox Feed Trends. In this regular section, we analyze threat intelligence shared by tens of thousands of WatchGuard security appliances. This analysis includes details about the top malware and network attacks we saw globally throughout the quarter. Using that data, we identify the top attack trends, and how you might defend against them.
- Top Story: GitHub DDoS Attack In Q1 2018, attackers launched a record-breaking distributed denial of service (DDoS) attack against GitHub using a technique called UDP amplification. In this section we analyze this attack and describe how the lesser-known Memcached service allowed this huge amplification.
- Announcing The 443 Podcast Rather than our normal threat research section, this quarter we announce a new podcast from the WatchGuard Threat Labs team, and the authors of this report. Learn what this new podcast contains and come subscribe wherever podcasts are found.
- The Latest Defense Tips As usual, this report isn’t just meant to inform you of the latest threats, but to help you update your defenses based on the latest attacks. Throughout the report, we share defensive learnings and tips, with a summary of the most important defenses at the end.
The application threat landscape can be described as a cyber war. In this report, we explore the technical details of this war. This Web Application Attack Report identifies how many attacks a typical application can expect to suffer annually. In addition, it exposes which countries perpetrated the most attacks and compares application risks by industry. Most importantly, this report reveals the underlying distribution of attacks, presenting an accurate picture of today’s application threat landscape.
Infiltration by the Maze malware is a two-way attack – a data breach and a ransomware attack. Read how security testing can help you tackle with the malicious ransomware attack.
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
What is Cyber Extortion? How do cybercriminals use ransomware for attacks? What to do if you are a victim of cyber extortion?
Panda Security answers all these questions and gives you some recommendations and advises to prevent Cyberattacks in this Practical Security Guide to Prevent Cyber Extortion.
We, at Panda, have developed the first solution that guarantees continuous monitoring of all the active processes: Adaptive Defense 360
http://promo.pandasecurity.com/adaptive-defense/en/
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The Identity Theft Checklist – Guidance for the general public.nz- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
View on-demand webinar: http://event.on24.com/wcc/r/1238398/409AE8848D4FF1210B56EC81538788EB
Ransomware is a growing threat impacting organizations across all industries. But not all is lost. There are preventative measures that can be taken to help protect against ransomware attacks, including deploying a next-generation intrusion prevention system (IPS), such as the IBM XGS.
Join our webinar to:
Understand the current threats associated with ransomware
Learn how leading-edge research from IBM X-Force powers the XGS to stop ransomware
Hear how IBM XGS proactively blocked ransomware at a large healthcare insurance organization
Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors.
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
Welcome to the Threatsploit Report of covering some of the important cybersecurity events, incidents and exploits that occurred this month such as Application Security, Mobile App Security, Network Security, Website Security, API Security, Cloud Security, Host Level Security, Cyber Intelligence, Thick Client Security, Threat Vulnerability, Database Security, IOT Security, Wireless Security.
Welcome to the Threatsploit Report of covering some of the important cybersecurity events, incidents and exploits that occurred this month such as Application Security, Mobile App Security, Network Security, Website Security, API Security, Cloud Security, Host Level Security, Cyber Intelligence, Thick Client Security, Threat Vulnerability, Database Security, IOT Security, Wireless Security.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
In this security insight brief, 21CT researchers look at the malicious network behaviors that concern organizations the most, and how to use security analytics to find them before damage is done. Understanding these 12 indicators of compromise are critical to identifying a network breach.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
2014 information technology threat predictionsPrayukth K V
Infographic - 2014 will witness new attack vectors and evasion techniques. Threat innovation will focus on mobile, social and cloud platforms while advanced evasion techniques will plague network security systems...
Alert Logic Cloud Security Report analyze a year of security data to find insights to better help defend against latest threats.
Three interesting things found in the report are:
1. Differences between threats in the cloud and in traditional infrastructure
2. what makes a company more vulnerable to attacks
3. why having a good understanding of the Cyber Kill Chain could help take a preventative approach to cloud security
Similar to McAFEE LABS THREATS REPORT - Fourth Quarter 2013 (20)
This report solely belongs to Symantec. Credit is due to all original authors and no financial gain was made from the report, Simply sharing for educational purposes,
The FBI is the lead federal agency for investigating malicious cyber activity by criminals, nation-state adversaries, and terrorists. To fulfill this mission, the FBI often develops resources to enhance operations and collaboration. One such resource is the FBI’s Internet Crime Complaint Center (IC3) which provides the public with a trustworthy and convenient mechanism for reporting information concerning suspected Internet-facilitated criminal activity. At the end of every year, the IC3 collates information collected into an annual report.
Credit is due to all original authors and no financial gain was made from the blog, Simply sharing an interesting story for educational purposes,
This guide aims to help journalists understand their rights at protests and avoid arrest when reporting on these events. It summarizes the legal landscape and provides strategies and tools to help journalists avoid incidents with police and navigate them successfully should they arise. Credit RCFP.Org
Credit is due to all original authors and no financial gain was made from the blog, Simply sharing an interesting story for educational purposes,
Verizon Publishes 2020 Data Breach Investigation Report (DBIR) With Insights From Thousands of Confirmed Breaches. Verizon's 2020 Data Breach Investigations Report (DBIR) is the most extensive yet, with 81 contributing organizations, and more than 32,000 incidents analyzed (of which 3,950 were confirmed breaches). Credit:Verizon
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
A Resource Guide to theU.S. Foreign Corrupt Practices Act
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
The FTC takes in reports from consumers about problems they experience in the marketplace. The reportsare stored in the Consumer Sentinel Network (Sentinel), a secure online database available only to lawenforcement. While the FTC does not intervene in individual consumer disputes, its law enforcementpartners – whether they are down the street, across the nation, or around the world – can use informationin the database to spot trends, identify questionable business practices and targets, and enforce the law.
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
Below is a list of consumer reporting companies updated for 2019.1 Consumer reporting companies collect information and provide reports to other companies about you. These companies use these reports to inform decisions about providing you with credit, employment, residential rental housing, insurance, and in other decision making situations. The list below includes the three nationwide consumer reporting companies and several other reporting companies that focus on certain market areas and consumer segments. The list gives you tips so you can determine which of these companies may be important to you. It also makes it easier for you to take advantage of your legal rights to (1) obtain the information in your consumer reports, and (2) dispute suspected inaccuracies in your reports with companies as needed.
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...- Mark - Fullbright
Transnational criminal organizations (TCOs), foreign fentanyl suppliers, and Internet purchasers located in the United States engage in the trafficking of fentanyl, fentanyl analogues, and other synthetic opioids and the subsequent laundering of the proceeds from such illegal sales.
The mission of the IC3 is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity, and to develop effective alliances with industry partners. Information is analyzed and disseminated for investigative and intelligence purposes, for law enforcement, and for public awareness.
Credit is due to all original authors and no financial gain was made from the report, Simply sharing an interesting story for educational purposes,
This report is built upon analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches. We will take a look at how results are changing (or not) over the years as well as digging into the overall threat landscape and the actors, actions, and assets that are present in breaches. Windows into the most common pairs of threat actions and affected assets also are provided.
The Federal Trade Commission (FTC or Commission) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. This broad authority allows the Commission
to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models.
Sentinel sorts consumer reports into 29 top categories. Appendices B1 – B3 describe the categories,providing details, and three year figures. To reflect marketplace changes, new categories or subcategories are created or deleted over time.The Consumer Sentinel Network Data Book excludes the National Do Not Call Registry. A separate report about these complaint statistics is available at: https://www.ftc.gov/reports/national-do-not-call-registry-data-book-fiscal-year-2018. The Sentinel Data Book also excludes reports about unsolicited commercial email.Consumers can report as much or as little detail as they wish when they file a report. For the Sentinel Data Book graphics, percentages are based on the total number of Sentinel fraud, identity theft, and other report types in 2018 in which consumers provided the information displayed on each chart.Reports to Sentinel sometimes indicate money was lost, and sometimes indicate no money was lost.Often, people make these reports after they experience something problematic in the marketplace,avoid losing any money, and wish to alert others. Except where otherwise stated, numbers are based on reports both from people who indicated a loss and people who did not.Calculations of dollar amounts lost are based on reports in which consumers indicated they lost between $1 and $999,999. Prior to 2017, reported “amount paid” included values of $0 to $999,999.States and Metropolitan Areas are ranked based on the number of reports per 100,000 population.State rankings are based on 2017 U.S. Census population estimates (Annual Estimates of the Resident Population: April 1, 2010 to July 1, 2017). Metropolitan Area rankings are based on 2016 U.S. Census population estimates (Annual Estimates of the Resident Population: April 1, 2010 to July 1, 2016).This Sentinel Data Book identifies Metropolitan Areas (Metropolitan and Micropolitan Statistical Areas)with a population of 100,000 or more except where otherwise noted. Metropolitan areas are defined by Office of Management and Budget Bulletin No. 15-01, “Revised Delineations of Metropolitan Statistical Areas, Micropolitan Statistical Areas, and Combined Statistical Areas, and Guidance on Uses of the Delineations of These Areas” (July 15, 2015). Numbers change over time. The Sentinel Data Book sorts consumer reports by year, based on the date of the consumer’s report. Some data contributors transfer their complaints to Sentinel after the end of the calendar year, and new data providers often contribute reports from prior years. As a result, the total number of reports for 2018 will likely change during the next few months, and totals from previous years may differ from prior Consumer Sentinel Network Data Books. The most up to date information can be found online at ftc.gov/data
A credit score is a three -digit number that predicts how likely you are to pay back a loan on time, based on information from your credit reports.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only. - Medical identity theft has existed in various forms for decades, but it was in 2006 that World Privacy Forum published the first major report about the crime. The report called for medical data breach notification laws and more research about medical identity theft and its impacts. Since that time, medical data breach notification laws have been enacted, and other progress has been made, particularly in the quality of consumer complaint datasets gathered around identity theft, including medical forms of the crime. This report uses new data arising from consumer medical identity theft complaint reporting and medical data breach reporting to analyze and document the geography of medical identity theft and its growth patterns. The report also discusses new aspects of consumer harm resulting from the crime that the data has brought to light
The FTC takes in reports from consumers about problems they experience in the marketplace. The reports are stored in the Consumer Sentinel Network (Sentinel), a secure online database available only to law enforcement. While the FTC does not intervene in individual consumer disputes, its law enforcement partners – whether they are down the street, across the nation, or around the world – can use information in the database to spot trends, identify questionable business practices and targets, and enforce the law.
Since 1997, Sentinel has collected tens of millions of reports from consumers about fraud, identity theft, and other consumer protection topics. During 2017, Sentinel received nearly 2.7 million consumer reports, which the FTC has sorted into 30 top categories. The 2017 Consumer Sentinel Network Data Book (Sentinel Data Book) has a vibrant new look, and a lot more information about what consumers told us last year. You'll know more about how much money people lost in the aggregate, the median amount they paid, and what frauds were most costly. And you'll know much more about complaints of identity theft, fraud, and other types of problems in each state, too. The Sentinel Data Book is based on unverified reports filed by consumers. The data is not based on a consumer survey. Sentinel has a five-year data retention policy, with reports older than five years purged biannually.
This guide addresses the steps to take once a
breach has occured. For advice on implementing a
plan to protect consumers’ personal information, to
prevent breaches and unauthorized access, check
out the FTC’s Protecting Personal Information: A
Guide for Business and Start with Security: A Guide
for Business.
*Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
Consumer Sentinel Network Data Book for January 2016 - December 2016- Mark - Fullbright
FTC Consumer Sentinel Network Law enforcement's source for consumer complaints.
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
2. McAfee Labs Threats Report | Fourth Quarter 2013 2
About McAfee Labs
McAfee Labs is the world’s leading source for threat research, threat intelligence,
and cybersecurity thought leadership. With data from millions of sensors across key
threats vectors—file, web, message, and network—McAfee Labs delivers real-time
threat intelligence, critical analysis, and expert thinking to improve protection and
reduce risks.
www.mcafee.com/us/mcafee-labs.aspx
Introduction
Welcome to the McAfee Labs Threats Report: Fourth Quarter 2013. As we kick off
the New Year, we take a fresh approach to our Threats Reports. Beginning with this
edition, we present a shorter publication, with “Key Topics” covering top threats or
security issues from the quarter. We also focus (on a rotating basis) on threat concerns
surrounding the four IT megatrends: mobile, social, cloud, and big data. The report is
now visually richer and easier to navigate.
Not lost in this evolutionary approach is the rich set of threats data that we collect
through our McAfee Global Threat Intelligence network. By continuing to publish
that data—most of which is in time series—our readers can gain a better understanding
of the changing threats landscape.
This quarter, we illustrate how the malware industry aided and abetted the point-
of-sale attacks on Target and other retailers, examine how malicious signed binaries
undermine the stamp of approval that Certificate Authorities provide, describe the
impact of McAfee Labs discovering a zero-day vulnerability in Microsoft Office, and
look at the excessive data collection of mobile apps and their relationship to malware.
Vincent Weafer, Senior Vice President, McAfee Labs
We are working
to make our threats
reports more vivid
and relevant. We hope
you like the changes.
Follow McAfee Labs
3. Contents
Executive Summary 4
Key Topics of the quarter
The cybercrime industry and its role in POS attacks 6
Malicious signed binaries:
Can we trust the Certificate Authority model? 9
Microsoft Office zero-day exploit:
Discovered by McAfee Labs 11
Mobile malware: the march continues 12
Threats Statistics
Malware 15
Web threats 19
Messaging threats 21
Network threats 22
McAfee Labs Threats Report
Fourth Quarter 2013
This report was prepared
and written by:
Benjamin Cruz
Paula Greve
Barbara Kay
Haifei Li
Doug McLean
François Paget
Craig Schmugar
Rick Simon
Dan Sommer
Bing Sun
James Walter
Adam Wosotowsky
Chong Xu
4. McAfee Labs Threats Report | Fourth Quarter 2013 4
Executive Summary
The cybercrime industry and its role in POS attacks
Our lead story focuses on the headline-grabbing credit card data breaches that
occurred this quarter and how the cybercrime ecosystem supported the attackers’
efforts. The breaches were unprecedented in numbers of records stolen, but what
is even more notable is how well the malware industry served its customers. The
attackers purchased off-the-shelf point-of-sale malware, they made straightforward
modifications so they could target their attacks, and it’s likely that they both tested
their targets’ defenses and evaded those defenses using purchased software.
They even had a ready and efficient black market for selling the stolen credit card
information, including an anonymous, virtual-currency-based point-of-sale payment
system. Raw materials, manufacturing, marketplace, transaction support—it’s all
there for thieves to use.
Malicious signed binaries: Can we trust the Certificate Authority model?
The rapid escalation of malicious signed binaries quarter-over-quarter and year-over-
year bring into question the viability of the Certificate Authority model. After all, the
model is predicated on an assumption of trust, yet we’ve tallied eight million binaries
as suspicious. Many of these may be potentially unwanted programs and not truly
malicious; nonetheless, the misuse of legitimate code-signing certificates erodes user
trust. Granted, most malicious signed binaries are the work of a few bad apples.
However, it’s unreasonable to expect people to distinguish good certificates from
malicious certificates. It’s our view that the security industry should lead users out of this
morass. Which certificates can be trusted? What level of trust can we assign to them?
Microsoft Office zero-day exploit: Discovered by McAfee Labs
In November, McAfee Labs discovered a zero-day exploit1
that attacks a vulnerability
in Microsoft Office. We identified targeted attacks on entities in the Middle East and
Asia that attempted to steal sensitive data. McAfee Labs worked around the clock
with Microsoft to understand the exploit and build defenses against it. In this Key
Topic we dig deeply into the exploit and illustrate just how difficult it is to detect and
contain some zero-day attacks.
Mobile malware: The march continues
This quarter, our IT megatrend Key Topic concerns mobile malware. We reported
on that topic at length in our McAfee Labs Threats Report: First Quarter 20132
and
McAfee Labs Threats Report: Third Quarter 2013,3
including some specific and very
dangerous mobile malware families and the havoc they wreak. This quarter we
explore the prevalence of mobile apps that collect both user data and mobile device
telemetry, the relationship between “overcollecting” apps and malware, and the
common malicious activities performed by mobile malware.
Rapid growth in the number
of malicious signed binaries
is eroding user trust in the
Certificate Authority model.
The cybercrime industry played
a key role in enabling and
monetizing the results of these
point-of-sale attacks.
This is the first known zero-day
exploit of the .docx format.
Attacks based on this exploit
are ongoing.
McAfee Labs records 200 new threats every
minute—more than three every second.
Executive Summary
There appears to be a relationship
between apps that overcollect
mobile device telemetry and
apps that contain or enable
malware. Geolocation tracking
is a key concern.
Follow McAfee Labs
6. McAfee Labs Threats Report | Fourth Quarter 2013 6
In December, we began to hear of a series of point-of-sale
(POS) attacks on multiple retail chains across the United States.
The first story to break was specific to Target; this attack
has been ranked among the largest data-loss incidents of all
time.4
Soon we learned of more retail chains affected by POS
attacks. Neiman Marcus, White Lodging, Harbor Freight Tools,
Easton-Bell Sports, Michaels Stores, and ‘wichcraft all suffered
similar POS breaches in 2013. Although there has been no
public acknowledgment that the attacks are related or carried
out by the same actor, many of them leveraged off-the-shelf
malware to execute the attacks.
Although this quarter’s events are unprecedented, POS
malware is not new. During the last few years we have seen
a notable rise in the malware families POSCardStealer, Dexter,
Alina, vSkimmer, ProjectHook, and others, many of which
are available for purchase online.
WHITE LODGING
HARBOR FREIGHT
‘WICHCRAFT
NEIMAN MARCUS
MICHAELS STORES
TARGET
EASTON-BELL SPORTS
April 2013 May
White Lodging: March 30, 2013 – December 16, 2013
Harbor Freight Tools: May 6, 2013 – June 30, 2013
Neiman Marcus: July 16, 2013 – October 30, 2013
‘wichcraft: August 11, 2013 – October 2, 2013
Target: November 27, 2013 – December 15, 2013
Easton-Bell Sports: December 1, 2013 – December 15, 2013
TIMELINE OF NOTABLE POINT-OF-SALE ATTACKS
June July August September October November December January 2014
Source: McAfee Labs, 2014.
key topics
The cybercrime industry and its role in POS attacks
Follow McAfee Labs
7. McAfee Labs Threats Report | Fourth Quarter 2013 7
Target has confirmed the presence of malware on its POS
systems. In cooperation with various agencies, McAfee Labs
has gained an understanding of the exact malware used in
this attack. To date, Target is the only retailer for which we
can make that assertion with confidence. We also know
that Target employs a custom-built POS application.5
That’s
a crucial detail because it means that the attackers were
not able to learn the system “offline,” via readily available
leaks of commercial POS applications. We know that
although the Target malware was based on BlackPOS, several
customizations allowed specific behavior within Target’s
environment. Details regarding Active Directory domain
names, user accounts, and IP addresses of SMB shares were
hardcoded into scripts that were dropped by some of the
malware components.
The following script was responsible for sending the logged
credit card track data to a remote server. The script was called
by the commands in the preceding image.
key topics
Sellers offer BlackPOS (“Dump, CC Memory Grabber”) for purchase online.
This script sent credit card data to the Target attackers.
The Target malware included hardcoded scripts to steal domain
names, user accounts, and other data.
Note that this script was in plain text. Further, none of the
transmitted card data was encrypted. It was sent via FTP in
clear text all the way to its destination, unencrypted during
the whole journey.
All of these attacks were heavily covered in the news and
we may not fully understand their impact for some time.
Nonetheless, we must recognize that this class of attack is
far from “advanced.” The BlackPOS malware family is an
“off-the-shelf” exploit kit for sale that can easily be modified
and redistributed with little programming skill or knowledge
of malware functionality. BlackPOS source code has also been
leaked multiple times. Just as we have seen with Zeus/Citadel,
Gh0st, Poison Ivy, or many other leaked kits, anyone can
employ, modify, and use them for their purposes.
Follow McAfee Labs
8. McAfee Labs Threats Report | Fourth Quarter 2013 8
Furthermore, evading well-known antimalware applications
and controls is standard practice. Testing for and ensuring
that popular security apps fail to detect Trojans generated by
these kits is trivial, and the adversaries absolutely embrace
this discipline. Every day, we encounter new cryptors, packers,
and other obfuscations methods that aim to evade detection.
Software to test their targets’ defenses and exploit kits to
evade those defenses are readily available online.
What happened to the millions of credit card numbers stolen
from Target? We have tracked these and continue to see them
appear in large lots (dumps) in key “carding” marketplaces.
Typically the thieves will drop data in batches of 1 million to
4 million numbers.
One popular credit card black market is the Lampeduza
Republic. Its well-organized hierarchy and documented
constitution make for a disciplined and functional marketplace.
Lampeduza’s network of sales websites is very active and
contains many lots specific to these recent retail attacks. Thieves
can pay for the stolen credits cards using one of the many
anonymous virtual currency mechanisms, such as Bitcoin.
We believe these breaches will have long-lasting
repercussions. We expect to see changes to security
approaches and compliance mandates and, of course,
lawsuits. But the big lesson is that we face a healthy
and growing cybercrime industry which played a key role
in enabling and monetizing the results of these attacks.
key topics
Online marketplaces for stolen credit card numbers are thriving.
Follow McAfee Labs
9. McAfee Labs Threats Report | Fourth Quarter 2013 9
Malicious signed binaries
Secure access to information over the Internet is made possible by a scheme that
enlists trusted third parties—known as certificate authorities (CAs)—to provide
digital certificates to the service providers that deliver the information. In this trust
model, an application—or binary—must be “signed,” which means it has obtained
a certificate from a CA or its proxy verifying the service provider owns the application.
If an attacker can obtain a certificate for a malicious application (a malicious signed
binary), then it’s easier to execute an attack because users rely on certificates to
establish trust with the service provider.
But what if thousands or millions of malicious applications obtain certificates? At
some point, users will no longer be able to trust that applications are safe, bringing
into question the viability of the certificate authority model.
McAfee Labs has tracked the growth of digitally signed malware for several years.
This threat is not only expanding ever more rapidly, but it is also becoming more
complex. During this quarter we discovered more than 2.3 million new and unique
malicious signed binaries. That’s a 52% increase over the prior quarter. On an
annual basis the number discovered in 2013 (almost 5.7 million) more than tripled
that of 2012.
NEW MALICIOUS SIGNED BINARIES
500,000
Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
0
1,000,000
1,500,000
2,000,000
2,500,000
2011 2012 2013
Source: McAfee Labs, 2014.
Attackers sign malware in
an attempt to trick users and
administrators into trusting
the file, and also in an effort
to evade detection by security
software and circumvent system
policies. Much of this malware is
signed with purchased or stolen
certificates, while other binaries
are self-signed or “test signed.”
Test signing is sometimes used
as part of a social engineering
or targeted attack.
Users can no longer
simply rely on a
certificate. They must
rely on the reputation
of the vendor who
signed the binary,
and its ability
to secure its data.
The number of malicious signed
binaries in our library tripled
in 2013 to more than 8 million.
key topics
Follow McAfee Labs
10. McAfee Labs Threats Report | Fourth Quarter 2013 10
Where does all this signed malware come from? Although
the total is composed of stolen, purchased, or abused
certificates, the vast majority of growth is due to dubious
content distribution networks (CDNs). These are websites and
companies that allow developers to upload their programs,
or a URL that links to an external application, and wraps it
in a signed installer. Not only does this provide nefarious
developers a distribution channel, it also provides a cloak
of legitimacy.
The following chart shows the top certificate subjects,
or signers, associated with malicious signed binaries.
Digging further, we find that different certificate subjects
on malicious signed binaries trace back to the same suspect
CDNs. For example, binaries signed by Firseria SL and others
signed by PortalProgramas pull content from downloadmr.com.
Similarly, programs signed by Tuguu SL, Payments Interactive
SL, and Lunacom Interactive Ltd. reference secdls.com,
tuguu.com, or domaiq.com, which are all owned by the
same entity. These entities promote bundling, pay-per-install,
analytics, advertising, and other services.
When adjusting for these findings, the top two offenders
for the quarter, Tuguu SL and DownloadMR, represent one-
third of all new malicious signed malware. This is by no means
an exhaustive list because there are many other certificates
associated with these CDNs. However, recognizing this
practice by malware developers provides an explanation
for the rapid growth of signed malware.
TOTAL MALICIOUS SIGNED BINARIES
1,000,000
2,000,000
0
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
2011 2012 2013
Source: McAfee Labs, 2014.
CERTIFICATE SUBJECTS ON MALICIOUS SIGNED BINARIES
Firseria SL
AND LLC
PortalProgramas
ITNT SRL
Tuguu SL Lunacom Interactive Ltd.
Payments Interactive SL Artur Kozak
Corleon Group Ltd. Others
50%
4%
14%
8%
6%
6%
3%
3%
3%
3%
Source: McAfee Labs, 2014.
key topics
Follow McAfee Labs
11. McAfee Labs Threats Report | Fourth Quarter 2013 11
Microsoft Office zero-day exploit
In early November 2013, McAfee Labs detected a zero-day exploit6
that targeted
Microsoft Office.7
We observed early examples targeting high-profile organizations
in the Middle East and Asia (including some in the Pakistani military). These targeted
attacks attempted to steal sensitive data by locating and exfiltrating specific file types
(such as .pdf, .txt, .ppt, .doc, and .xls) in the victim’s environment. This vulnerability,
CVE-2013-3906,8
was fixed in Microsoft’s December patch as MS13-096. McAfee
security products have also been updated to block attacks using this exploit.9
This
zero-day attack exploits the Word Open XML format (docx)10
and apparently an
ActiveX control to “spray” heap memory.11
Heap spraying in Office via ActiveX
objects is a new exploitation trick. Previously, attackers usually chose Flash Player
to spray heap memory in Office. This is further proof that attacking techniques
always evolve.
Since McAfee Labs first identified this threat, we have worked with other researchers
and have identified more than 60 unique variants, indicating this vulnerability is
heavily leveraged by multiple attackers. We even observed variants of the Citadel
Trojan12
distributed via this exploit. About 500 unique examples of malware based
on this exploit now sit in our collection. The oldest sample we found dates to
mid-July 2013.
The CVE-2013-3906 vulnerability is the first in-the-wild exploit to take advantage
of Open XML. In the past, many people believed that .docx was quite safe compared
with the “broken” Office Binary File Format.13
They don’t believe that now.
This element of surprise could be the major reason no one had detected the threat:
Because .docx files were not considered vulnerable, they were not executed in a
sandbox environment.
The exploit also employed a novel technique to spray the heap without any scripting,
as scripting actions are more easily recognized and blocked by security improvements
in Office 2007 and later versions. More important (and more worrisome), this flaw
is fully documented, and live and proof-of-concept exploitation exists, making it
dramatically simpler for other actors to incorporate the exploit into new attacks,
exploit kits, and the like. During our analysis, we also learned that data execution
prevention (DEP) is not enabled by default in Office 2007.14
This causes us further
worries. Without DEP, even a heap spray attack less complex than this one can
successfully exploit a target.
key topics
12. McAfee Labs Threats Report | Fourth Quarter 2013 12
400,000
200,000
800,000
600,000
1,000,000
NEW MOBILE MALWARE
0
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
2011 2012 2013
Source: McAfee Labs, 2014.
TOTAL MOBILE MALWARE
1,000,000
500,000
0
2,000,000
1,500,000
3,500,000
3,000,000
2,500,000
4,000,000
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
2011 2012 2013
Source: McAfee Labs, 2014.
2.4 million new mobile malware
samples were added in 2013, up
197% from 2012.
key topics
Malicious malware
leverages user
acquiescence about
mobile app data
sharing to track
location information
and gather
personal data.
Mobile malware: the march continues
We collected 2.47 million new mobile malware samples in 2013, with 744,000 in
this quarter alone. Our mobile malware “zoo” totaled 3.73 million samples at the end
of the year, up an astounding 197% from the end of 2012.
Malware can arrive on a mobile device through just about every attack vector
commonly associated with other endpoint devices—usually as a downloaded app,
but also from visits to malicious websites, spam, malicious SMS messages, and
malware-bearing ads. It’s interesting to explore the prevalence of mobile apps
that collect both user data and mobile device telemetry, the relationship between
“overcollecting” apps and malware, and the common malicious activities performed
by mobile malware.
Beginning with the McAfee
Labs Threats Report: Third
Quarter 2013,15
we switched our
reporting of mobile malware
from a count of malware
families to unique samples (a
hash count). We did this for
two reasons: First, we wanted
the method we use for mobile
malware to be consistent with
the way we report all malware.
Second, by reporting the total
number of variants instead of the
total number of mobile malware
families, we present a better
overall picture of how mobile
malware affects users.
Follow McAfee Labs
13. McAfee Labs Threats Report | Fourth Quarter 2013 13
As we noted in the recently published McAfee Mobile Security
Report,16
we found that an astounding 82% of mobile apps
track when you use Wi-Fi and data networks, when you turn
on your device, or your current and last location; 80% of apps
collect location information; and 57% track when the phone
is used. Of course, most of the tracking is benign. We give up
our privacy and identifiable data in exchange for convenience,
access, and personalization. But what about the outlier—an
app whose data collection behavior is inconsistent with other
apps in its category?
McAfee Labs maintains a reputation database for mobile
apps. When an app behaves significantly differently than
others in its category, we may increase the riskiness reflected
in its privacy “sharing” score. The higher the score, the more
private data it shares relative to its peers. A low score, within
each category and for each app, means the app collects very
little information or behaves the way a user would expect
it to based on the description of the app.
We also discovered that there appears to be a relationship
between apps that overcollect mobile device telemetry (as
measured by our privacy sharing scores) and apps that contain
or enable malware. The more data an app collects relative to
its category peers, the more you should be concerned about
data loss and possible theft. In fact, when we looked at the
10 apps in our mobile app reputation database that had the
highest privacy-sharing scores, we found that six of them
contained malware. All 10 of these apps read the device’s ID
and track the device’s last known location.
Digging into mobile malware behavior, we see a couple of
interesting things. First, the most common behavior—shown
by more than one-third of the malware—is to collect and send
device telemetry. The malware sends data that can be used to
build a profile of the mobile device owner’s behavior. There’s
also a high prevalence of acts commonly associated with device
hijacking, such as making the mobile device into a bot and
installing other, even more malicious malware. Second, from
a trend standpoint, mobile malware appears to be evolving
from exploiting vulnerabilities toward more profile building and
device-hijacking behavior. There appears to be an increasing
value placed on the movements of the device owner.
Sharing tracking information with a mobile app may seem
benign or at most, a privacy issue, but it raises profound
business security implications in the “bring your own
device” world. A clever piece of malware installed on the
CEO’s phone directly or indirectly by a less-than-reputable
mobile app and doing nothing more than tracking location
information could actually tip off competitors, suppliers,
financial analysts, blackmailers, or even those who wish
to do someone physical harm.
NEW MOBILE MALWARE SHOWING DEVICE-HACKING BEHAVIOR
15%
10%
5%
0%
25%
20%
40%
35%
30%
45%
Send
Handset
Intro
Spyware
Adware
Send
Premium
SMS
Fraud
Exploit
Rooting
Malware
Backdoor/Botnet
Hacktool
Downloader/Installer
Destructive
SMS
Spam
Dec 2012
Dec 2013
Source: McAfee Labs, 2014.
key topics
Follow McAfee Labs
18. McAfee Labs Threats Report | Fourth Quarter 2013 18
NEW MASTER BOOT RECORD–RELATED THREATS
200,000
100,000
0
400,000
300,000
700,000
600,000
500,000
800,000
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
Identified MBR Components
Variants of Families With Known MBR Payloads
2011 2012 2013
Source: McAfee Labs, 2014.
TOTAL MASTER BOOT RECORD–RELATED THREATS
2,000,000
1,000,000
0
3,000,000
5,000,000
4,000,000
6,000,000
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
Identified MBR Components
Variants of Families With Known MBR Payloads
2011 2012 2013
Source: McAfee Labs, 2014.
McAfee Labs added 2.2 million
new MBR attack-related samples
in 2013.
THREATS STATISTICS
Follow McAfee Labs
19. McAfee Labs Threats Report | Fourth Quarter 2013 19
Web threats
NEW SUSPECT URLs
4,000,000
2,000,000
0
8,000,000
6,000,000
14,000,000
12,000,000
10,000,000
16,000,000
Q2 Q3 Q4 Q1 Q2 Q3 Q4
URLs Associated Domains
2012 2013
Source: McAfee Labs, 2014.
We recorded a 40% increase
in the number of suspect URLs
in 2013.
LOCATION OF SERVERS HOSTING SUSPECT CONTENT
North America
Africa
Asia-Pacific
Australia
Europe-Middle East
Latin America
55.9%
31.9%
3.2%
.1%
.4%
8.4%
Source: McAfee Labs, 2014.
THREATS STATISTICS
Follow McAfee Labs
20. McAfee Labs Threats Report | Fourth Quarter 2013 20
NEW PHISHING URLs
150,000
100,000
50,000
0
250,000
200,000
400,000
350,000
300,000
450,000
URLs
Associated Domains
Q2 Q3 Q4 Q1 Q2 Q3 Q4
2012 2013
Source: McAfee Labs, 2014.
TOP COUNTRIES HOSTING PHISHING URLs
Czech Republic
Germany
France
Canada
Brazil
United States
47%
6%
5%
5%
4%
27%
3%
3%
TOP COUNTRIES HOSTING SPAM URLs
Netherlands
Russia
Japan
47%
12%
5%
5%
4%
24%
3%
United Kingdom
Others
Source: McAfee Labs, 2014.
THREATS STATISTICS
Follow McAfee Labs