Wednesday, July 23, 2014

Bytes war, seconds war

"In a not-too-distant future when the aging gene has been switched off, people must pay to stay alive. To avoid overpopulation, time has become the currency and the way people pay for luxuries and necessities. The rich can live forever, while the rest try to negotiate for their immortality". Cybersecurity is like the film starring Justin Timberlake 'In Time': who does have time wins; who does not, runs to not die. And whoever hits the first, wins time: the bad guys to continue extorting; researchers to going on ahead.

It's just a matter of time that both major threats and the most strategic defenses end up being overcomed. The safest level user authentication goes today through two-factor (2FA). But it is not invulnerable. A group of attackers suspected of residing in Russia have are raiding Swiss banks combining malware, DNS changes and stealing SMS from client. Today some complexity is needed, based on social engineering and scams, to get access to other 2FA. But sooner or later this technique will be a 'black hat' industry standard.
In this war against time --or maybe time-allied--, you've got no time to mourn the loss. The casualties are counted by millions every year. To be exact, 500 million a year. Or what is the same: one single device becomes victim of a botnet every 18 seconds. Assistand Director of FBI Cyber Division, Joseph Damarest, has just told it in a speech to the Senate Judiciary Committee. His presentation also reviews the FBI strategy for cybercrime, its efforts to combat botnets, Operation Clean Slate, and some recent developments result of these efforts.

How much time can you buy to deal with a DDoS attack? Well, as much as your defenses are able to identify, treat and ward off malicious traffic... on time. And defenses do not stop working: the latest quarterly report from Prolexic shows an (unflattering) evolution of DDoS attacks: they have increased by 22% compared to last year's data. Another striking fact is that duration of the attacks has been reduced, from 38 hours to 17 hours average. In brief: more attacks, shorter and more intense.

If you do not pay, you die. At least is the premise that undesirable guys programming ransomware or similar malware work on. The latest scare comes from Argentina, where a few criminals have achieved to lock web browsing, instead of hijacking the device completely. Then, software threatens to communicate the (alleged undecent) browsing habits of the victim to family and friends. Of course, the first recommendation is to NOT pay. And to be quicker than countdown for the threat to carry out.

On the other hand, developers seek vulnerability fixes again and again detected vulnerabilities. The latest update of the popular browser Mozilla Firefox incorporates 11 fixes, 3 of them considered critical. And, as we know, sometimes the enemy seems to be "home game". The researcher Jonathan Zdziarski has published a document setting out the finding of a spy software for jailbroken iOS devices, developed by the U.S. government.

Sure part of the threat strategy being unable of distinguish enemies, to get confused, to trust who we should not. We only promise you that we try every day to invest and not to waste your precious reading time. We expect you, every day in this blog and at our social networks (on the right you have the links).


Post a Comment