November 18, 2011 at 13:08How scary to live: from viruses in QR codes to hacking industrial giants
Recently, we have the impression that the “bad guys” have a new habit - to attack several corporations every quarter. Until recently , quarterly reports dealt primarily with new malicious programs that in the worst case threatened with a global epidemic, the creation of large botnets, theft of money from user accounts and other consequences of traditional cybercrime. In the third quarter, the scale and nature of the disasters was different.
Attack on computer systems of the manufacturer of military equipment Mitsubishi Heavy Industries. Computers are infected at several enterprises that produce rockets, submarines and military vessels. What information falls into the hands of hackers is not known, but even the most timid assumptions cause a slight thrill.
Hacking the servers of the DigiNotar certification center that issues root SSL certificates. 531 fake certificates have been issued, including those related to the CIA, Mossad and Mi6 sites. In addition, attackers are interested in government agencies in different countries, the largest Internet services (Google, Yahoo, Tor, Mozilla) and the websites of some companies. The government of the Netherlands refuses DigiNotar services, the country's state organizations have to reconfigure the system to work with new certificates, which leads to downtime. Confidence in DigiNotar is undermined, the company declares voluntary bankruptcy. However, the consequences of the attack are much more significant: it showed that with the help of fake certificates it is possible to suspend the operation of systems directly related to the country's economy and state authorities.
In the third quarter, it was not without cyber robbinguds, the notorious group Anonymous. In the list of victims of hacktivists: Italian cyber police; a number of US police units; San Francisco Transportation System (BART); Vanguard Defense (engaged in the development of military equipment) and Booz Allen Hamilton (working, inter alia, for the US government); as well as FBI contracting companies - ManTech International and IRC Federal. Data stolen from hacked servers is uploaded publicly on pastebin.com or torrent trackers. It follows from the statements by Anonymous that they are driven by a heightened sense of justice. We will bypass the controversial ethical component of their activities. One thing is indisputable: after disinterested robbing people along the beaten track they will sooner or later come from mercenary blackmailers and unscrupulous competitors. And those who do not belong to the category of traditional cybercriminals may come,
As for the self-serving cybercriminal, now it even steals processor time: TDSS owners use the powerful computing resources of the botnet (read user computers) to generate money “from the air” - currency in the Bitcoin system.
However, hackers traditionally continue to steal users ’personal data, but they don’t trifle: they have данные (!) Data from the South Korean population in their hands.
Of course, the complication of the technology of attackers and the next round of development of rootkits could not do without. We saw the combat application of the AWARD BIOS infection concept, introduced by a hacker from the Middle Kingdom in 2007. The treatment and detection of such a malware is not at all simple, because it starts almost immediately after pressing the Power button, and much earlier than the launch of protective equipment. Monetization of this creation is the loading of clicker trojans, which, in general, is not surprising for a typical “made in china”.
The ultra-high pace of development of mobile malware is also impressive. Cybercriminals have concentrated their efforts on the green robot: Android malware already accounts for 40% of all malicious programs for mobile devices (which, by the way, is indisputable evidence of the victory of Android OS on the mobile OS market). The appearance of the Zitmo mobile Trojan (zeus-in-the-mobile) for Android, which, working together with its cousin, the usual ZeuS, is alarming, allows attackers to bypass the two-factor authorization system used in many Internet banking systems.
Cybercriminals use everything they can reach. Even the harmless QR codes, the attackers managed to screw for their purposes - so far, they hide links to malware for mobile devices. However, dashing trouble began. According to the author of the report, “a much greater danger is the substitution of QR codes in various advertisements and on information posters, both on the Internet and in the real world.”
In general, how scary it is to live :) The number of malware and saved users that are destroyed inspires pessimism: in some countries of the world more than half of computers are subjected to regular attacks. This data can be found by looking at the ratings, charts and maps published at the end of our report.
Attack on computer systems of the manufacturer of military equipment Mitsubishi Heavy Industries. Computers are infected at several enterprises that produce rockets, submarines and military vessels. What information falls into the hands of hackers is not known, but even the most timid assumptions cause a slight thrill.
Hacking the servers of the DigiNotar certification center that issues root SSL certificates. 531 fake certificates have been issued, including those related to the CIA, Mossad and Mi6 sites. In addition, attackers are interested in government agencies in different countries, the largest Internet services (Google, Yahoo, Tor, Mozilla) and the websites of some companies. The government of the Netherlands refuses DigiNotar services, the country's state organizations have to reconfigure the system to work with new certificates, which leads to downtime. Confidence in DigiNotar is undermined, the company declares voluntary bankruptcy. However, the consequences of the attack are much more significant: it showed that with the help of fake certificates it is possible to suspend the operation of systems directly related to the country's economy and state authorities.
In the third quarter, it was not without cyber robbinguds, the notorious group Anonymous. In the list of victims of hacktivists: Italian cyber police; a number of US police units; San Francisco Transportation System (BART); Vanguard Defense (engaged in the development of military equipment) and Booz Allen Hamilton (working, inter alia, for the US government); as well as FBI contracting companies - ManTech International and IRC Federal. Data stolen from hacked servers is uploaded publicly on pastebin.com or torrent trackers. It follows from the statements by Anonymous that they are driven by a heightened sense of justice. We will bypass the controversial ethical component of their activities. One thing is indisputable: after disinterested robbing people along the beaten track they will sooner or later come from mercenary blackmailers and unscrupulous competitors. And those who do not belong to the category of traditional cybercriminals may come,
As for the self-serving cybercriminal, now it even steals processor time: TDSS owners use the powerful computing resources of the botnet (read user computers) to generate money “from the air” - currency in the Bitcoin system.
However, hackers traditionally continue to steal users ’personal data, but they don’t trifle: they have данные (!) Data from the South Korean population in their hands.
Of course, the complication of the technology of attackers and the next round of development of rootkits could not do without. We saw the combat application of the AWARD BIOS infection concept, introduced by a hacker from the Middle Kingdom in 2007. The treatment and detection of such a malware is not at all simple, because it starts almost immediately after pressing the Power button, and much earlier than the launch of protective equipment. Monetization of this creation is the loading of clicker trojans, which, in general, is not surprising for a typical “made in china”.
The ultra-high pace of development of mobile malware is also impressive. Cybercriminals have concentrated their efforts on the green robot: Android malware already accounts for 40% of all malicious programs for mobile devices (which, by the way, is indisputable evidence of the victory of Android OS on the mobile OS market). The appearance of the Zitmo mobile Trojan (zeus-in-the-mobile) for Android, which, working together with its cousin, the usual ZeuS, is alarming, allows attackers to bypass the two-factor authorization system used in many Internet banking systems.
Cybercriminals use everything they can reach. Even the harmless QR codes, the attackers managed to screw for their purposes - so far, they hide links to malware for mobile devices. However, dashing trouble began. According to the author of the report, “a much greater danger is the substitution of QR codes in various advertisements and on information posters, both on the Internet and in the real world.”
In general, how scary it is to live :) The number of malware and saved users that are destroyed inspires pessimism: in some countries of the world more than half of computers are subjected to regular attacks. This data can be found by looking at the ratings, charts and maps published at the end of our report.