Thursday, October 30, 2014

We are what we are, because of what we have been

"In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network. We took immediate measures to evaluate and mitigate the activity... Unfortunately, some of that resulted in the disruption of regular services to users." This was said by one White House official, but those could be words from most server administrators at most organizations targeted by cybercriminals.

Yes, the White House has been victim of an attack. In fact, it has been victim of a lot of them, but it seems that this one managed to get a bit deeper than usual. The intrusion was discovered two weeks ago, but it was not communicated until today, when appropriate steps have been taken. Among possible responsibles for the attacks, Russian government has been pointed out, but without hard evidence, we will not be the ones throwing the first stone.

Digital presence has became more than an option, almost a necessity for any business. This leads to consider it as a vector of attack. Drupal, one of the world’s most used content management systems is not at its best. Along with the usual problems from the CMS modular architecture, the developers’ difficulties to update and patch it without losing compatibility with the entire extension and plugin ecosystem make you wonder if they may be losing the battle.

Botnets have been present on CIGTR’s articles every day since a few days ago. They have become the goose that lays cybercrime’s golden eggs. Paradoxically at the top of botnet attacks detected by ESET's lab, you might realize that most dangerous of them disappeared some time ago or their current activity is quite low. This throws an interesting, but frightening read: we may not be longer fighting large global botnets, but small modular botnets working at different levels .

While botnets are the golden goose of cybercrime, phishing is its Trojan horse. When you combine them, you obtain such an effective tool like a recent campaign allegedly launched by Pizza Hut to offer a coupon for free pizza to celebrate its 55th anniversary. Of course, it was a trick to encourage users to download a .zip file containing an executable that infected the user’s device and added it to Asprox botnet, also known as Kuluoz.

Does CVE-2014-4877 mean anything to you? Perhaps if we add the words “vulnerability”, “FTP” and “Wget” to the phrase, things change. Wget, the popular service for Linux / Unix users (also available for Windows and OS X ones) that allows you to download content from the Internet using different protocols, is vulnerable via FTP, allowing the attacker to gain privileges on the victim’s device and perform almost any action that user could perform.

Fortunately, all these kind of news are becoming popular topics on the mainstream media. To write articles like this one a few years ago would have been virtually impossible since society felt no need to know anything about security. Basic concepts needed to understand it were only discussed by small niche specialists. Current situation is quite different. The end-user demands secure systems to trust the digital world, even when is its necessary to slightly sacrifice usability. We live in a new era: knowledge is accessible and open. And this requires tools that protect both the user and the information the user shares.


Post a Comment