Friday, January 9, 2015

The only way to live the present is learning from the past

Silent walking, watchful eye, infinite curiosity... Dogs are known as​ man's best friend, but the truth is that cats begin to conquer the hearts of more and more Spanish families. For over 10 years, these animals are more common in American and British households than its counterpart (dogs), and it looks like they will also become something usual in Spanish-speaking countries. As a matter of fact, cats are one of the most curious species in the animal world, what will surely lead them to burn their own legs with kitchen fires, or jump from a first floor window. But if the result is not how they expected, they won0t do it AGAIN.

You may be wondering what have cats to do with computer security, but the answer is very simple: why do humans make mistakes once and over again? Should not we learn from the past to enjoy the present moment with confidence? Under this paradigm, today we collect many recent studies on the evolution of malware and vulnerabilities in 2014.

Windows Exploitation in 2014: This is the name of a report on the evolution of risks around Microsoft’s OS released by ESET just a few hours ago. IE gathers about 80% of all Windows vulnerabilities. The most common attacks it suffers are based on drive-by download techniques. Far than such figure is Office and its privilege escalation attacks via embedding codes on files or Windows drivers like win32k.sys.

Annual Security Report 2014 by Ontinet: this report is divided by months. It reviews attacks and vulnerabilities discovered last year one by one, ranging from that banking Trojan disguised as an alleged WhatsApp update to the Malaysia Airlines flight loss, the security hole on OpenSSL (Heartbleed), the Celebgate or the Spanish mail service phishing which infected several thousand users with a very lucrative ransomware.

Information leaks have been increasingly rising for the last 10 years. Did you know that 70% of such cases have been reported in the last five years? What about web, financial and health companies being the most affected ones? So it is a whole decade to learn from mistakes so we can face the next 10 years with appropriate security measures.

Meanwhile Cisco made a research on the latest version of one of the most known ransomware: Cryptowall 2.0. It comes loaded with new features. This malware detects whether it is being running on regular devices or virtual ecosystems (common in laboratories at antivirus firms and law enforcement) so it can disable itself in the second case. It also uses the TOR network to be managed remotely and for its control channel service.

The security industry is becoming more sophisticated, forcing security experts to be alert 24/7. Today malware begins to take advantage of embedded advertising platforms. Well-known Internet company AOL recently discovered that its advertising platform was being used as a malvertising channel on mainstream media such as The Huffington PostMalvertising is a type of malware obfuscated on internet advertisements, so this discovery forced AOL to increase security measures and block it.

However this is not the only problem affecting users. Privacy abuses are common related this kind of tools. They take advantage from confused and incomplete legislation, dealing with visitor data and performing scans user actions and habits. To protect yourself against this and learn from past mistakes you should take into account some of the guidelines mentioned on the Internet users traceability tutorial.


Post a Comment