For the final blog post in the series supporting the release of our Q3 Threat Roundup “Vulnerabilities Under Attack” I was asked to write “an analysis of security challenges faced by users.” Fortunately I have the source material of the Threat Roundup to stick to because really, that’s a subject deserving of a series in its own right.
The ultimate goal of the majority of digital attacks is in some way to affect the individual, whether that is through the theft of information from a large organisation, information pertaining to individuals, or to attack them directly compromising devices and services for smaller-scale but more widespread theft.
Following the enterprise-scale Heartbleed vulnerability in Q2, the last three months saw the emergence of another, similarly important vulnerability; Shellshock. The Shellshock vulnerability might seem at first blush like an enterprise concern but its consequences can, did and continue to affect large numbers of individual Internet users through compromised web servers. In the same way, organised criminal attacks on Point of Sale (PoS) systems showed no signs of relenting, with three significant new PoS malware emerging in Q3; TIBRUN (or BrutPOS), POSLOGR (a.k.a. Backoff) and MEMLOG (or the more familiar BlackPOS 2).
The affected retailers and financial institutions offering to make good on the fraudulent purchases mitigate the immediate effects of PoS attacks on consumers. However the long-term effects should not be underestimated each individual victim now has their data circulating in underground circles, adding to the mass of intelligence out there can is further traded and used for many other criminal endeavours; identity theft, fraud, targeted email borne attacks and more.
In the realm of more “traditional” consumer-facing threats we have seen a pronounced uptick in ransomware campaigns, with those campaigns becoming not only more widespread but also more technically competent. The number of crypto-based ransomware attacks (attacks that actually encrypt the victims data rather than making it temporarily inaccessible) was up from 19% to 32% in the last twelve months, complicating recovery and increasing the pressure on victims to pay up.
Phishing too has seen a huge increase in volume, possibly reflecting changing tactics of criminals as users migrate more towards mobile devices for everyday Internet access. In the first quarter of 2014 Trend Micro blocked 90,000 Phishing URLS, and in the second quarter it increased to 138,000 and in the most recent third quarter we blocked more than 720,000! Perhaps showing the weakness in the justification “I don’t need security software on my iPhone.” Many of today’s attacks do not require the delivery of any malicious code to the victim, they seek only to steal your valuable credentials, offering the attacker remote and on-going access to your data.
There are of course some rays of hope in this otherwise beak-seeming review. Law enforcement activity and cooperation between enforcement agencies continues to pay dividends with a constant stream of stories of successful investigations resulting in ever-increasing numbers of arrests. We may not be draining the swamp, but we’re removing both crocodiles and bottom-feeders. Banking malware infections, for instance, has still not recovered to their 2013 levels since the significant disruption of the SpyEye, ZeuS and GameOver ZeuS ecosystems.
Changing times see changing tactics and as attackers continue to study our browsing, socialising and spending habits it pays to be vigilant and it pays to be prepared. Now is the right time to secure your mobile devices and web browsers, keep your applications and Operating Systems up-to-date and invest in a Password Manager. Go on, it is Christmas after all.
Please add your thoughts in the comments below or follow me on Twitter; @rik_ferguson.