Analysis of the most common threats to large computer networks

Posted: November 18, 2012 in Articles
Tags: , , , , , ,

Security AnalysisEvery year the information security threats are becoming more difficult to detect.

2011 for most businesses was a year of awareness of the seriousness of issues related to information security, as many well-known organizations have experienced hacking of information systems and information leakage.

During 2012, we can see that there are new types of malicious software, expands the range of virus and hacker attacks – compared to last year the malicious activity increased by 30%. World Network in the near future, of course, remain the main channel for the dissemination of malware. Attackers will continue to develop methods of social engineering designed to targeted attacks on browsers and related applications (applications that run group).

For most organizations, it becomes a serious threat information increased use of smartphones and tablet PCs. Poor control of mobile devices raises a number of employees of information security problems requiring urgent solutions, and creates a lot of challenges for IT departments.

It can be expected that cybercriminals will continue to actively use cloud technology to spread malicious code. Continue hacktivists attack groups such as LulzSec and Anonymous, leading to a denial of service, leaked documents and inaccessible sites.

Cybercriminals operate more professionally because the “black” market they are available pre-made bags of malware, for example, a popular set of exploits Blackhole kit. Distribution of similar sets of results in the creation of new versions and updates of malware and exploits, which increases the total number of malware and malicious links.

Numerous hacking password protection systems demonstrate the ineffectiveness of using weak passwords. What we have witnessed a growth in the number of infections through hidden downloads on websites (attacks drive-by-downloads), underlines the need to fix vulnerable applications, browsers and operating systems. With the increasing complexity of threats and the proliferation of new platforms and devices is a growing need for innovative solutions in the field of information security.

The appearance marks the beginning of an era Flame cyberwar

Many have heard about the famous Stuxnet – a computer worm designed to infect and decommissioning of industrial systems. Stuxnet is a very complex code and uses it to penetrate into the industrial system, several software vulnerabilities, as well as the digital certificate (now, of course, withdrawn).

However, the complexity and the possibility of detection after Stuxnet malware Flame astonished experts on information security. Occupies about 20 MB of disk space, Flame (in translation from English – the flame) is well above Stuxnet in size and complexity. Flame study has shown that he has the common areas with the Stuxnet code, which means it uses to create these two programs a common platform.
Stuxnet is aimed at disabling of industrial infrastructure, Flame – on espionage and information gathering. Flame malicious program includes functions that allow you to steal the documents, the combination keystrokes and transmitted via the built-in microphone audio, as well as to take screenshots, disable security tools and log the network traffic. One of the unique methods of Flame – data collection via Bluetooth in the vicinity of an infected machine devices. The target file formats for Flame, in particular, are the drawings AutoCAD, PDF-files and image files. Today, Flame has infected about 1,500 cars owned government organizations, educational institutions and prominent individuals. Countries, computers are most likely to be infected at the time of this writing – Iran, Israel, Sudan, Lebanon, Egypt, Saudi Arabia and Syria.

Flame study shows clearly that the development of malware, cyber weapons belonging to the class is on the rise. To predict the future development of attacks with cyber weapons necessary to continue monitoring.

Hidden websites downloadings (drive-by-downloads)

Latent downloading is not new, we have seen this type of attack for some time. In attack, drive-by-downloads using unpatched vulnerabilities in browsers, plug-ins, applications, and operating systems. To make a hidden downloads computer users vulnerable to malware lured malware sites. We have repeatedly seen as known legitimate sites are hacked to the arrangement of the malware – attracting a significant amount of traffic, are highly popular sites and spreading malware to unsuspecting users.

Attacks by Blackhole

In the current set of exploits Blackhole kit is a popular tool ferrying people to websites with malicious content hidden in order to download malware. The typical pattern of infection is: user visits an infected site or popular clicks on an untrusted link and is redirected to the target using the Blackhole malicious peyloud corresponding features of the user’s system.

Blackhole kit advertised and sold on the “black” market in the form of finished hacking kits, which implemented a very sophisticated technology (including server-side polymorphism and heavily obfuscated scripts), complicating anti-virus detection.

Usually infected sites loaded onto users’ computers the following components:

– malware bot, for example, Zbot (aka Zeus);
– rootkit loader (such as TDL and ZeroAccess);
– fake antivirus.

Malware sites that spread the infection, is aimed mainly on the vulnerability of technology Java, Flash and PDF on the attacked computers. This brings us to the next topic of discussion.

Software vulnerabilities

Software vendors to continue to lag behind the attackers in finding vulnerabilities, which allows the latter to conduct zero-day attacks, exploiting new vulnerabilities.

Microsoft Windows is the main target operating system for cyber criminals. However, today, the main vector of cyber attacks – not the OS and technologies Java, PDF and Flash on the attacked computers.

The bulk of hacking web applications is the result of SQL-injection and cross-site scripting. In 2011, we noted a number of similar Web-based attacks, and the group hacktivists, including Anonymous, hack and disable several reputable sites. This trend is also observed in the current year.

the best way to protect against any cyber attacks – constant updating software through regular updates. This contributes significantly to the security of computer systems. Do not forget about the importance of using anti-virus software, which will neutralize the threat information in real time.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s