The New Reality of Stealth Crimeware

The New Reality of Stealth Crimeware

No Comments

Anyone who has been in information security recently knows that it has gotten easier for cybercriminals to build stealth crimeware. The malware we deal with on a regular basis grows ever more difficult to find, while high-end targeted attacks such as Stuxnet and other advanced persistent threats (APTs, the abbreviation I hate) are using ever more advanced rootkit techniques to avoid detection.

Cybercriminals use clever stealth techniques to evade detection because it allows their malware to be more effective, live on a machine or network longer, and thus maximize the compromise. McAfee Labs is now at the point where we detect more than 110,000 new unique rootkits per quarter.

To make matters worse, there is another issue that many fail to recognize:

Today’s current OS-based security model is not adequate; cybercriminals know how to get past these defenses every time.

The security industry has to find a new vantage point on cybercriminal behavior to stop and uncover their stealth techniques. It is time for our industry to start looking at security beyond the operating system to gain a more effective view of how cybercriminals operate.

We delve into these and many other issues in our latest report: “The New Reality of Stealth Crimeware,” written by myself and Thom Sawicki of Intel. Download it here.

[wp-pdf-view swf=”https://www.infostruction.com/wp-content/uploads/2011/07/wp-reality-of-stealth-crimeware.pdf” width=”500″ height=”400″ /]

Introduction

Stealth is the art of travelling undetected, of being invisible. Stealth technology allows military aircraft,
Ninjas, and malware to sneak up on the enemy to launch an attack, gain intelligence, or take over
systems and data.

Although stealth techniques are used in sophisticated attacks like Conficker and Operation Aurora, the
Stuxnet attack offers a new blueprint—and benchmark—for how committed criminals can use stealth
techniques to steal data or target computing systems. Stuxnet innovations included a combination of
five zero-day vulnerabilities, three rootkits, and two stolen digital certificates. Powerful toolkits, like what is available in the Zeus Crimeware Toolkit, make stealth malware development a “point- and-click” endeavor, no longer restricted to the most knowledgeable programmers. While there are no definitive industry figures, McAfee Labs estimates that about 15 percent of malware uses sophisticated stealth technique to hide and spread malicious threats that can cause significant damage.1 These attacks form the cornerstone—the “persistent” part—of advanced persistent threats (APTs).

2011 Guardian Analytics – Commercial Banking Fraud (SMB)

2011 Guardian Analytics – Commercial Banking Fraud (SMB)

No Comments

Online Bank Fraud Continues To Plague Small Businesses, Study Says

Responses to the February 2011 survey from more than 533 SMBs indicate that money continues to be siphoned unnoticed from business accounts at an alarming rate and SMBs are leaving their institutions at alarming pace because of it. This means financial institutions are facing a lose-lose proposition: losing money and losing customers.

Business banking fraud — particularly in small and midsize companies — is still causing major problems for both the businesses and the banks that serve them, according to a study published today.

The “2011 Business Banking Trust Study,” a follow-up to a similar study conducted last year, was written by Ponemon Institute and sponsored by Guardian Analytics. This year’s numbers suggest that the banking fraud situation has not improved since 2010.

“The industry has not moved the needle in addressing the corporate account takeover and fraud plaguing SMBs and their financial institutions,” the report states. “The data shows that fraud is still pervasive, money is leaving accounts unnoticed at an alarming rate, and businesses will leave their banks because of it.”

Fifty-six percent of businesses experienced fraud in the past 12 months, according to the study. Of those that experienced fraud, 61 percent were victimized more than once. Seventy-five percent of the victims experienced online account takeover and/or online fraud. These figures are nearly the same as last year’s, the researchers say.

In 78 percent of fraud cases, banks failed to catch fraud before funds were transferred out, according to the study. Banks were able to keep money from leaving the bank in 22 percent of the cases and fully recover fraudulently transferred funds for 10 percent of businesses.

Banks were unable to recover funds in 68 percent of cases, leading to losses for both business and banks, Ponemon says. Banks took the losses in 37 percent of cases by reimbursing businesses for unrecovered funds; businesses took losses in 60 percent of cases.

Forty-two percent of respondents in the study said they do not believe the bank would cover any losses if their companies’ assets were stolen and not recovered. Despite this attitude, 70 percent of businesses still think their institution should be ultimately responsible for securing online accounts.

Forty-three percent of businesses said they have moved their banking activities elsewhere after a fraud incident. Ten percent of businesses that have experienced fraud have terminated their banking relationships following fraud attacks. Thirty-three percent said they did not fully terminate their relationship, but moved their primary cash management services to another institution.

2011 Business Banking Trust Study (PDF)

2010 Verizon Data Breach Report

2010 Verizon Data Breach Report

No Comments

The 2010 Verizon and U.S. Secret Service breach report is full of enlightening facts, figures and statistics. I highly recommend you read it cover to cover. It breaks down the breaches by demographic, threat agents, threat actions, attack difficulty and targeting, vertical, and time span. It also compares how PCI compliance affected the number and severity of breaches. This is the first year that Verizon has teamed up with the Secret Service to expand reporting on breach incidents. This reporting is highly regarded as a source for intrusions into the customers of Verizon’s widely adopted communications services. DBIR series now spans six years, 900+ breaches, and over 900 million compromised records.

https://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

Highlights:

  • Who is behind Data Breaches?
  • 70% resulted from external agents (-9%)
    48% were caused by insiders (+26%)
    11% implicated business partners (-23%)
    27% involved multiple parties (-12%)

  • How Do Breaches Occur?
  • 48% involved privilege misuse (+26%)
    40% resulted from hacking (-24%)
    38% utilized malware (<>)
    28% employed social tactics (+16%)
    15% comprised physical attacks (+6%)

  • What commonalities exist?
    98% of all data breached came from servers (-1%)
    85% of attacks were not considered highly difficult (+2%)
    61% were discovered by a third party (-8%)
    86% of victims had evidence of the breach in their log files
    96% of breaches were avoidable through simple or intermediate controls (+9%)
    79% of victims subject to PCI DSS had not achieved compliance

Older Reports:

2009: https://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

2008: https://www.verizonbusiness.com/resources/security/databreachreport.pdf