Author Archives: Hacker Medic

The Florentine Deception: 100% thriller, 100% plausible, 100% for charity

Symantec’s Carey Nachenberg has published an exciting new cybersecurity novel, the proceeds of which will benefit some worthy charities.

Read More

Symantec’s essential guide to today’s threat landscape. Part 1 Out now

In 2014 , the foundations of Internet security were shook by the Hearthbleed bug, a vulnerability of human-built software that reminds us of the need for vigilance, better implementation and more diligent website security.

As part of that story, we saw criminals grow more professional, sophisticated and aggressive in their tactics to the detriment of businesses and individuals.  Poodle and Shellshock provided ways to criminals to use websites to access servers, steal data and install malware;  cryptoware – variant of ransomware encrypts a victim’s files – increased significantly  and  even social media and phishing scams took advantage of people’s fears around hacking to entice them into clicking.

Symantec  has the most comprehensive source of Internet threat data in the world and also maintains one of the world’s most comprehensive vulnerability databases. Spam, phishing and malware data is captured through sources including   Symantec.cloud and other Symantec security technologies; Our websites security solutions provides 100 percent availability and processes over 6 billion online certificate status protocol looks-ups per day.  These resources give Symantec analysts unparalleled sources of data with which to identify, analyse, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam.

The result is the Symantec Website Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their systems effectively now and into the future.

Let’s start to point out some of the trends in cybercrime we saw last year:

Web threats

Web threats got bigger and much more aggressive in 2014 as holes in commonly used tools and encryption protocols were exposed and criminals made it harder to escape their malicious clutches.

With no doubt, Heartbleed was the most remarkable security event last year;  a vulnerability in the OpenSSL cryptographic software library meant attackers could access the data stored in a web server’s memory during an encrypted session. Although the response was swift and within five days, that event caused many more people to take note and improve standards in SSL and TLS implementation.

ShellShock and Poodle were other example of vulnerability that appeared last year.

Of all the websites Symantec scanned for vulnerabilities in 2014, around three quarters were found to have vulnerabilities – about the same as last year, however,  the number of websites actually found with malware was much lower than last year, having reduced from 1 in 566 to 1 in 1,126.

Ecrime & Malware

Every day, personal banking details are phished by fake emails and websites. Computers infected with malware are used to send out spam or contribute to distributed denial-of-service attacks. Perhaps the most unlucky see all their files encrypted and their computer made unusable by ransomware.

The underground black market is thriving. Criminals are moving their illegal marketplaces further from public gaze; they have become more professionals and have sophisticated their cybercrime techniques.

Malware – distributed by email- has declined in 2014 but it still reminds as a very dangerous tool of cybercrime or  Ransomware, alternative way of cybercrime-  used to encrypt the data on victims hard drives and demand payment to unlock the files; both are some examples of how criminals work.

Malvertising

During 2014, we saw ransomware and malvertising cross paths as the number of victims getting redirected to the Browlock website hit new heights.

Browlock itself is one of the less aggressive variants of ransomware. Rather than malicious code that runs on the victim’s computer, it’s simply a web page that uses JavaScript tricks to prevent the victim from closing the browser tab.  But iIt’s not just ransomware that malvertising helps to spread: malicious adverts also redirect to sites that install Trojans.

From the website side, it is hard to prevent malvertising, as they have no direct control over the ad networks and their customers. However, site managers can reduce risk by choosing networks that restrict ad functionality so advertisers cannot embed malicious code in their promotions. And of course, when selecting an ad network, due diligence goes a long way.

15948-Symantec-WSTR-403x403fb-V2_0.jpg

Download your free copy of the Symantec Website Security Threat Report Part 1 here: https://www.symantec-wss.com/uk/WSTR-2015-1/social

Discover more about today’s threat landscape in Part 2 of the WSTR. Coming soon.