Wednesday, December 17, 2014

Cyber weapon creators and the Hephaestus' forge

It is said about Hephaestus, son of Era and Zeus in Greek mythology, that he was born deformed and was thrown into the sea where two mermaids saved him and hid him in a cave. In such cave he will eventually learn the secrets of the forge. This is why he is called god of fire and the forge. He create weapons and utensils considered relics of the gods, such as the chariot of Helios, the helmet of invisibility of Hares or the arrows of Eros.

Hephaestus is also the god of blacksmiths, craftsmen, sculptors, and he could also be the god of malware developers. With its anvil he worked with metal as cybercriminals work with bits, shaping powerful cyber weapons.

SoakSoak is one of the latest examples. It is named after the Russian page which spread it. It hits Wordpress sites making use of a premium plugin dubbed RevSlider. It allows attackers to upload several files to the server which will redirect traffic to SoakSoak website. It is estimated that it could be more than 150,000 sites infected already, so you should check if your website is vulnerable by Sucuri online tool, and install an online firewall.

Like the Golden Throne that Hephaestus gave his mother to hold her prisoner, TorrentLocker kidnaps your files, demanding a payment for their release. It is spread by phishing campaigns (alleged unpaid bill notices, mail surcharges...) and could have paid in 600,000 bitcoins to cybercriminals’ coffers.

Spyware like CloudAtlas competes in terms of sophistication against Hares’ tactics. It affects Jailbroken iOS devices and uses social networks and shortened links for deception. It targets politicians, military and senior executives. Among its capabilities, you will find telephone calls recording or collection of information of the victim.

If that were not enough, some advertising platforms for Android apps hide malicious subdomains. In this sense, they lead visitors to a downloadable product apparently served by Google Play. In fact, what the user downloads is not the app, but different malwares that will subscribe him to premium SMS services, sending invitations to the address book.

Hephaestus eventually married Aphrodite. But she cheated on him with Hares, what filled up heart of the god of the forge with anger. He locked both in his chambers to delight the rest of Olympus, defending what he understood that was right while gathering other gods’ respect. In its way, Microsoft has maintained its particular crusade with the American government to protect its customers’ privacy for some years. It moved its servers to Ireland and led a campaign supporting the protection of privacy what is a relief to those who are on the other side of the chain.

Meanwhile Norberto Gallego has analyzed the state of cyber security in 2014 on his blog. We all know the story. For better or worse we all have lived it. Ranging from the JPMorgan or Target’s cases, the Heartbleed vulnerability, the theft of celebrities nude pictures from iCloud, several cyber-wars between countries... All these events have meant multibillion-dollar losses, what encourages the market to increase resources for data protection and systems security.


Post a Comment