First Line of Defense: Stranger than Fiction: Public-Facing Technologies Under Attack

3 years ago

Text only:

This message contains graphics. If you do not see the graphics, click here to view.
View the Web version.
First Line of Defense
Your regular source of security updates from TrendLabs
August 31, 2015

Stranger than Fiction: Public-Facing Technologies Under Attack



The perils of security threats are more palpable and real than ever as seen in the slew of attacks targeting public technologies commonly overlooked. Reports of hacking in-flight network that affected an airplane’s engine as well as an attack on Poland’s national airline’s network were observed. In the past, we saw how automated vehicular systems can be compromised such as in the case of smart cars and Automatic Identification System (AIS) among others.

Domain Name System (DNS) chargers gained traction in the threat landscape, and were used to target home routers. Brazil, USA, and Japan are the top countries affected by such threat. This is alarming given that once cybercriminals control these home routers, they can see all information that connected devices to it (routers) relay. As such, this can be employed for data theft purposes.

"Despite the continuous evolution of the threat landscape, law enforcement efforts and private-public partnerships have yielded positive results: cybercriminal arrest and botnet takedowns."
The prevalence of solo cybercriminal operations

Apart from attacks on public-facing infrastructures, we also observed the increase in solo cybercriminal operations in 2Q 2015:

Nigerian cybercriminals employed a simple keylogger (that cost $35), HawkEye to target small businesses, hijacking their businesses transactions and launching attacks against the victim company’s affiliates, partners, and customers.
A cybercriminal known as AlejandroV used his point-of-sale (PoS) malware, FighterPoS to steal 22,000 unique credit card numbers.
A 20-year old student from Brazil dubbed as LordFenix created over 100 online banking Trojans.

When it comes to cybercrime, it does not matter if the perpetrators behind it are rookies or old timers, whether working solo or a group collaborating. At the end of the day, users and businesses get victimized, potentially losing confidential data and consequently, profit.

Data breach and targeted attack campaigns

Stealing an organization’s “crown jewels” (i.e. confidential information, intellectual property etc.) is one of the motivations behind targeted attacks and data breaches. Following are notable breaches and targeted attack campaigns last quarter:

The United States Office of Personal Management (OPM) was breached that exposed personal information of more than 21 million current and former federal employees.
The IRS breach resulted to the leaking 100,000 taxpayers’ records.
White House and some members of the North Atlantic Treaty Organization (NATO) were hit by the cyber-espionage campaign, Pawn Storm.
DUQU 2.0, STUXNET’s successor used zero-day vulnerabilities to infiltrate their targets’ networks.

The prevalence of such security incidents and threats highlight the importance of strengthening a company’s security measures and technologies in order to mitigate the risks that targeted attacks pose.

Silver linings

Despite the continuous evolution of the threat landscape, law enforcement efforts and private-public partnerships have yielded positive results: cybercriminal arrest and botnet takedowns. Trend Micro aided Interpol and Europol in the takedown of botnets SIMDA and BEEBONE. Aside from this, Silk Road’s mastermind Ross Ulbricht was arrested last May 2015, shedding light to Deep Web and its inner workings.

For full details on the trends, observations, and findings on the threat landscape last 2Q 2015, read our report, A Rising Tide: New Hacks Threaten Public Technologies.


Security Spotlight
Pawn Storm’s Domestic Spying Campaign Revealed

We investigated an on-going cyber espionage campaign, Pawn Storm, which has been active since 2007. Learn more about its operations and target entities in this blog entry.

Security for Home Users
Crypto Wars: Encryption is a Double-edged Sword

Encryption protects a user’s identity and privacy; however, it can be hindrance when conducting investigations. Know more about the pros and cons of encryption in this article.

Security for Business
Android, Flash Vulnerabilities on the Rise

We sum up all the notable zero-day vulnerabilities for the year in this blog entry and how Trend Micro secures users and organizations from such threats.

© 2015 Trend Micro Incorporated




Deel deze nieuwsbrief op

© 2019