Wednesday, January 14, 2015

More sheep, less wolves in 2015

2015 is the Year of the Sheep in the traditional Chinese horoscope. It is said it will be the year of equality, since the sheep represents humility, happiness, and desire of seeking agreement for the interests of the majority. These ones are precisely the qualities that you need to meet the challenges this year.

The terrible attack against the satirical newspaper Chalie Hebdo has been the perfect excuse for many political voices in Europe to demand an increase in digital security. Among them, the British Prime Minister David Cameron showed his determination to combat encrypted communications, which is something that citizens use for defending their right to privacy. In response, the European Union Agency for Network and Information Security (ENISA) issued a statement in order to safeguard public interest. In this regard, it urges secure communications to remain the same for personal and corporate security.

Meanwhile Google announced that support to Android versions below KitKat is ended, which means that all devices running lower versions will no longer receive updates. This is actually a big problem since it will affect 60% of Android devices (939 million smartphones and tablets). Does it mean that a new 0-day vulnerability will not be patched? Not exactly. Google has agreed to release patches developed by third parties that manufacturers and telecoms could add to their regular update channels. But the company will not longer develop for these versions. So their security will rely on the good faith (and speed) of the community.

Therefore we will need many security experts influenced by the Chinese sheep this year because wolves do not need so many resources to do evil. A simple USB charger can be used to spy on everything typed by anyone on keyboards via WIFI. Data is stored on a file easily retrievable by the attacker. All this for less than 7 euros.

You don’t need to be rich to access stolen information from third parties neither. According to a recent study by Symantec, 1000 email accounts do not cost more than 10 dollars. Credit cards range from 50 cents to $ 20, along with an “insurance” in case blockage. Even hiring DDoS services like those carried out by Lizard Squad are not much more than $ 1000.

Is our society sufficiently aware of the risk to which people are exposed? WIFIs at hotels are usual in this type of compilation. Some of them have open WIFIs, without any division by channels, and of course, with configuration web pages that use default password, which is a perfect breeding ground for charging your paid content to the neighbor, or finding out what type of connection is provided to the hotel by its network provider.

The combination of malicious projects begins to bear fruit in cyberspace. Just connecting to one of these open WIFIs or using any of those WIFI keyboards in public places you will be at risk of an attacker infecting you with a banking Trojan. Chanitor is a malware remotely controlled from servers on the TOR network. It infects its victims by installing a number of malware, including Vawtrak banking Trojan,which is capable of handling broswer sessions and redirect you to a fake website of your bank.

The Year of the Sheep appears to be a tough one for all those who are committed to making a living in a legitimate way, bringing all our expertise to society. But we are still in the early weeks, and as we said at the beginning of the article, times change.


Post a Comment