- Details
-
Published: Monday, 15 April 2019 16:25
-
Written by Lorenzo Bedin
DDoS attacks and Botnets
Attacks on mobile software almost doubled in 2018
Kaspersky Labs has released an interesting report entitled "Mobile malware evolution 2018", available at this address, which takes stock of the spread of malware on mobile devices in the past year, offering a useful tool to try to understand the future trend and react now.
Among the results highlighted by the report, which was conducted on the basis of data collected by devices with installed Kaspersky applications, the most important regards the number of attacks recorded: from 66.4 million in 2017 to 116.5 in 2018; on the other hand, the number of compromised installation packages has decreased (5,321,142 in 2018, almost 500 thousand less than the previous year).
Compromised apps include droppers (drop-down trojans that bypass checks and "drop the actual malicious package), adware (invasive advertising), risktool (apps that can cause physical damage) and spyware, including home banking systems, given their increasingly widespread use.
StealthWorker uses Windows and Linux to puncture sites
Fortiner researchers have identified a botnet that uses StealthWorker, a malware discovered a few weeks earlier by Malwarebytes.
Compared to the first version that focused only on Windows, this version of the malware has as its goal Linux, thus becoming a multi-platform threat; not only: by analyzing the open directories available on the C2 servers (Command & Control) indicated in the Malwarebytes report, evidence has been found that even the Mips and ARM architectures - therefore IoT devices - are involved. In both cases an automatic execution is scheduled to survive the restarts that releases the malware payload. Each infected machine is used to attach CMS installations like Joomla, Magento, Drupal and WordPress with brute force login attempts, and if the attack succeeds, not only are the credentials sent to the C2 server, but the compromised host becomes a zombie, creating a real botnet.
Read more ...
- Details
-
Published: Friday, 20 July 2018 12:14
-
Written by Riccardo Gallazzi
DDoS attacks and Botnets
The FortiNet Threat Landscape Report Q1 2018 report is now available
FortiNet has published the Threat Landscape Q1 2018 report, which analyzes data collected between January and March 2018.
The report shows that most (55%) of infections due to a botnet lasted less than a day, 18% less than two days and only less than 5% more than a week, a sign that botnets are constantly evolving.
The infection due to the Mirai botnet is the one that lasts longer: on average 5 and a half days; but Ghost is the prevailing botnet.
Although 268 different botnets have been identified, their number and activity is declining in the analyzed period; the activity of crypto-jacking, that is generation of cryptocurrencies, is the main one.
Read more ...
- Details
-
Published: Wednesday, 11 April 2018 14:43
-
Written by Riccardo Gallazzi
DDoS attacks and Botnets
Mirai variant turns IoT devices into proxy servers
Fortinet has identified a variant botnet of Mirai, the famous botnet responsible for attacks to DynDNS and KrebsOnSecurity, in addition to DDoS attacks turns infected IoT devices into proxy servers.
The botnet, called Mirai OMG, installs a malware on the victim systems that generates two random ports, adds the appropriate firewall rules, then installs 3proxy, a minimal proxy server.
Fortinet has not detected botnet attacks, analyzed in a quiescent state, and the authors are supposed to sell access to IoT proxy servers.
Read more ...
- Details
-
Published: Wednesday, 11 April 2018 14:41
-
Written by Riccardo Gallazzi
The first week of the new year was characterized by the appearance of two major flaws in processors, the so-called Meltdown and Spectre announced by Google ProjectZero in this post, which afflict most of computers and devices in use today. The impact has been outstanding in terms of media coverage, and the topic has been the subject of discussion not just among IT professionals.
Meltdown and Spectre briefly
Meltdown and Spectre are two distinct vulnerabilities that affect computer processors: not just servers, laptops and desktops but also micro-computers, specialized computers and IoT devices. They were discovered by four different research teams who reported them to CPU manufacturers, several months prior the publication of the news; but these vulnerabilities are not new, in fact they have existed for decades. No computer with a processor produced in the last 20 years is to be considered immune and safe; a dedicated tool for Linux and BSD is available and provides information on the system status, and a similar tool for Windows exists too.
We are not aware of known attacks: antivirus can detect the code responsible for an attack, but not the vulnerability itself.
Read more ...
- Details
-
Published: Wednesday, 11 April 2018 14:36
-
Written by Veronica Morlacchi
Data portability in the new European Regulation 2016/679
A new civic duty for personal data controllers and a new right for data subjects: let’s see the content, the legal basis and the actual realization.
Why should one be interested in data portability and understand what it means?
The date of the 25 May 2018 comes closer. That day the GDPR will come into effect in all EU Countries. There are several news introduced by the new regulation that must be understood, regardless of being the physical person personal data refers to (as new rights are gained), or being the controller of data being received and processed (as new duties are gained). One of the main new features it the so-called “right to data portability” which is outlined by Article 20 and “Whereas” 68 and 73 of the GDPR, and illustrated by the Guidelines WP 242 adopted on 13 December 2016 (and last revised on 5 April 2017), the so-called document WP 242, written by the European Working Party “WP 29”.
The text of the GDPR can be accessed here, while the WP 242 document can be accessed here.
Read more ...
- Details
-
Published: Monday, 29 January 2018 12:21
-
Written by Riccardo Gallazzi
In the next issue you will find an article dedicated to the recent Meltdown and Spectre vulnerabilities, which are not covered in this bulletin.
DDoS attacks and Botnets
Necurs botnet now distributes ransomware
Necurs is alive and kickin’ and is distributing malware with, at least, three different campaigns as MyOnlineSecurity reports.
The first campaign is about the Scarab ransomware and is spread through emails. A bogus email has copier@victim-domain as sender, “Scanned from HP” (or other brand) as object, the email body is blank but there’s an attachment which, obviously is the ransomware itself. Such email pretends to deliver documents scanned with a network printer.
The second campaign too is conveyed via email and is about another ransomware, Globeimposter. The sender is invoicing@random-company, a random alphanumeric string as object (ie, FL-610025 11.30.2017), and as the previous one it has no body content but an attachment.
The third campaign is similar and pretends to deliver an invoice from Amazon as an attachment. It’s not a ransomware, but a banking trojan indeed.
ProxyM botnet attacks websites
Dr.Web identified a botnet, called ProxyM, which is based on the Linux.ProxyM.1 malware and previously used for email spam campaigns (up to 400 messages per device per day).
The malware being distributed attacks Linux devices and creates a SOCKS proxy server; the attack mode has changed recently, and today ProxyM hacks websites. Infected hosts perform SQL Injection, XSS (Cross-Sie Scriptingt) and LFI (Local File Inclusion) attacks on websites like forums, game servers and generic sites, without a precise scheme. Dr.Web observed 10 to 40 thousands attacks per day.
Read more ...
- Details
-
Published: Monday, 23 October 2017 12:21
-
Written by Riccardo Gallazzi
DDoS attacks and botnets
IoT_reaper: a new growing botnet
Netlab researchers identified a new botnet, which was named IoT_reaper.
The botnet is in its first phases and is rapidly growing: it hasn’t launched a single attack up to now but, as the name suggests, hoards vulnerable IoT devices adding them to it network. It is similar to Mirai, although there are some differences: this one only targets vulnerable devices and doesn’t try to hack a password (with a substantial saving in computational resources), it integrates parts of LUA code that allow more sophisticated attacks and its scans are not invasive, so they are hard to identify.
The botnet added more than 20 thousands devices in less than 2 weeks; devices exploited are D-Link, Netgear and Linksys among the others: the full list is in the article linked before. Luckily there are some patches available.
A botnet is scanning the Web for private SSH keys
In a post on its blog, Wordfence warns about a Web scanning activity that looks for private SSH keys left without precautions on web server.
It’s not clear which botnet is responsible for this scan, however Wordfence warns everyone running a site/server and connects with a key-based authentication system.
Read more ...
- Details
-
Published: Monday, 23 October 2017 11:41
-
Written by Riccardo Gallazzi
OWASP Zed Attack Proxy (ZAP) is an integrated tool dedicated to penetration testing that allows to identify vulnerabilities in Web apps and Websites. It’s an easy and flexible solution that can be used regardless of the proficiency level: it’s suitable for anyone, from a developer at the beginning with pentesting to professionals in the field.
ZAP is composed by two macro-section. The first one is an automated vulnerability scanner that can identify problems and provides a report for developers, sysadmins and security pros with all the details of discovered vulnerabilities in order to fix them.
The second one allows ZAP to work as a proxy and inspect the traffic and all HTTP/S requests and events -- there’s also the interesting capability of modifying them to analyze behaviour that differentiate from the norm or analyze their triggers which can be harmful to the system.
Read more ...
- Details
-
Published: Monday, 23 October 2017 11:41
-
Written by Veronica Morlacchi
What are the most relevant juridical implications derive from the use of IoT devices, in particular in terms of personal data? What are the profiles that must be kept into account when developing IoT solutions?
This magazine has described the Internet of Things in the “Word of the Day” column and in last issues we had an article dedicated to the protection of IoT devices.
The interest on the topic is easily justified: a recent study by Aruba Networks, “The Internet of Things: Today and Tomorrow”, highlighted that the economics advantages of a business due to the adoption of IoT devices appear to exceed the expectations, so we can forecast a boom of the trend in the near future, in particular in sectors like industrial, health, retail, “wearable computing” (ie wearable devices like glasses, dresses, watches, etc.. connected to the Network), Public Administration, domotics and where companies create a “smart workplace”.
Therefore, as a consequence of the ample variety of sectors and the general interest on the topic, a lot of complications and implications might arise in terms from the use of IoT devices, in so as far legal aspects are concerned.
Read more ...
- Details
-
Published: Wednesday, 26 July 2017 15:07
-
Written by Veronica Morlacchi
How a company should behave if suffering a Data Breach, according to the new General Data Protection Regulation (GDPR)? How should it do it and in which time? What are the liabilities and what sanction does it incur in if it does not behave accordingly?
We had a “Word of the Day” about Data Breaches recently, and our curiosity about the topic arose quickly on what a company should do, also from a juridical perspective, in case it is victim of an IT violation and what are its liabilities according to European Regulation 2016/679 which will become effective in a few months and it’s worth preparing for it.
Read more ...