Understanding what will be the most important trends for the year just inaugurated in terms of cyber security, it is certainly not simple. Consulting i report in fact, the most well-known computer security companies are in danger of getting lost among the multitude of threats indicated as "emerging" for the 2018. In short, there is no sector of the dimension cyber in which no threat is reported that could jeopardize the security of the systems and information of companies, institutions and simple users. Some of them, however, have caught my attention because, without having the presumption to make predictions for the rest of the year, I think they will talk about themselves in the coming months. For example, the botnet baptized Satori ("the awakening", according to Zen Buddhism), a new and even more dangerous variant of a cyber threat already "exploded" in 2016 (Mirai), which has suddenly "awakened" and spread websites why it has been observed before.
In particular, in the framework of the aforementioned gloomy picture, I refer to four types of cyber threats: i ransomware used for "destructive" purposes, le botnet oriented toInternet of Things (IoT), like the aforementioned Satori, the attacks on supply chain leaders and those related to the spread of the so-called crypto currency. Each of these presents, in my humble opinion, some aspects that make it unique and predictable in the 2018 course. Certainly they will not be the only ones to reap "victims", but I am of the opinion that they deserve special attention.
I ransomware they have been used for several years by groups of cyber criminals, in order to extort money from unfortunate users, companies or institutions. The mechanism of attack is simple and well known for some time, but in recent months changes have been observed both in the tactics used and in the objectives, which presage, unfortunately, new trends for the 2018. In general, criminal groups use multiple techniques aimed at implanting i devices malware, specially designed to make them unusable. The only way to regain possession of the computer and of the information contained therein, consists in the payment of a ransom, generally in crypto currencies, following specific instructions. What has been found in the 2017 about this threat, are two main novelties: the increasing sophistication of the malware employees and, in some cases, the purpose not strictly linked to money. Specifically, the current ones ransomware they are able to exploit the most serious vulnerabilities of operating systems, applications and communication protocols, so that they can be distributed autonomously in both home and business networks. In summary, only one PC infected with such malware, is able to jeopardize the security of the entire network in which it is located. Furthermore, the variants of these malicious people are generated so quickly, that security products often have difficulty identifying them. But the most important news, already traced in a previously published article (v. article), is another: apparently some attacks ransomware they were not designed to obtain money from the "victims" but rather to cause serious negative repercussions for the activities they perform and, in most cases, it seems that the objective has been fully achieved. Probably, this is also due to the unscrupulousness of the authors of the aforementioned attacks, a direct consequence of the well-known juridical lacunae that characterize the world cyber, with all due respect to the White House, which recently accused North Korea of being the architect of the heavy damages caused by the ransomware WannaCryptor (v. article). So will it be a trend for the 2018 too? Everything makes us think in this sense, as in most cases the attacks ransomware "classic" have lost their effectiveness: all security companies, in fact, if you fall victim to such attacks, advise not to pay the ransom and wait until the method of decrypting and "unlocking" systems is made known (usually happens within a few weeks or a few months). Therefore, an ever-decreasing number of users fall into the trap and criminals cash in less and less. Ultimately, both in the case that the goal is to make money, without major claims whether it intends to cause damage, i ransomware they will still do the case for the bad guys, even this year.
In the same way, not even the phenomenon of the botnet represents an absolute novelty (v.articolo). Virtual networks consisting of computer in which the same was implanted malwarein order to gain control without users' knowledge, they made an appearance in the dimension cyber long ago. However, even in this case we are witnessing an evolution of the phenomenon not yet fully consolidated. Specifically, with the "explosion" of Mirai (v.articolo) the fragility of the security of the so-called IoT has appeared clear, that is the whole of all those devices, more or less sophisticated, connected to the Internet. In the case of the botnet created with Mirai, in particular, have been "illegally enlisted" tens of thousands of devices, in order to achieve targeted attacks on some nodes of the system Domain Name System (DNS). In a nutshell, these devices have been reprogrammed in order to interact, all at the same time, with the aforementioned DNS nodes, in such a way as to overload the server and make dozens of sites "unreachable" websites. As expected, Mirai later gave rise to different variants of this type of attack, including "Satori" (also known as Okiru), which can be considered a valid indicator of the current trend. It seems that this variant of Mirai, discovered a few weeks ago, mainly exploits certain security vulnerabilities of specific models router, including a particularly serious and unknown before today. Once implanted the malware thanks to these security flaws, i router respond to the commands given by server Command and Control used by the attacker (whose general information is not yet known) to direct the operation. Not only that, although not all the details of the functioning of Satori have yet been discovered, it seems clear that every "infected" device scans the Internet, looking for its "similar" to be included in the botnet. Fortunately, this clandestine network was discovered before it became operational, while it was still expanding, so now we are running for cover by updating the models of router involved. Otherwise it would have been a serious problem, as it seems that even Satori, as in the case of Mirai, was designed to launch attacks like Distributed Denial of Service (DDoS), aimed at disrupting the normal functioning of some service on line or site web site. Considering that the botnet, before being discovered, it was exponentially expanding, it is estimated that very few security systems could have faced an attack launched by Satori. Thus, the interesting aspects of this threat are at least two: the aforementioned speedy expansion of the clandestine network and the relative simplicity with which the entire operation was initiated and conducted. This last aspect is perhaps the most disconcerting. In fact, from the first investigations it would have emerged that the botnet it may have been conceived by an individual or by a not particularly technically expert criminal group, as it has been established that he would have learned much information by attending some forum used by hacker. It is not yet clear, however, how and by whom the most serious security vulnerability of the router involved. Discovered the flaw and found the remedy, it is to be sworn, in any case, that in these days someone is looking for other weak points of the IoT. Therefore, even from this point of view, everything suggests that a difficult year awaits us.
As if this were not enough, some computer security companies warn us about such attacks supply chain leaders, particularly insidious because difficult to detect and destined to become more and more common. In short, for the maintenance in function of any computer system, or generic system that owns IT subsystems, it almost always resorts to the services provided by third parties (the so-called supply chain leaders), which are potentially subject to threats to the cyber security. The security of the supply chain leaderstherefore, it is an aspect that involves virtually every electronic device we use every day. A simple example: one smartphone supplied by a certain manufacturer, built with components, starting from the microprocessor, supplied by other companies. It also uses an operating system, sometimes provided by another company, which oversees the operation and security of both the telephone and the App developed by other companies / entities yet. Well, every component hardware e of the device could be compromised at any time in its life cycle (assembly, shipping, maintenance, download of an update, etc.), by an attack on supply chain leaders. This type of threat, not new but often underestimated, due to the costs and the organization that are necessary to carry it out, for the moment remains the exclusive prerogative of the services of intelligence and until recently it was very infrequent. During the 2017, however, at least three episodes of attack were recorded supply chain leaders, including the emblematic al CCleaner software, associated withantivirus of the company Avast. Months ago, the source code of this product was modified without the manufacturer's knowledge, after which it was made available on the official distribution channel for almost a month and was downloaded by thousands of users. Specifically, the version of the CCleaner compromised, contained code malware aimed at stealing personal information and credentials from unsuspecting users. On the other hand, the same technique has also been used to spread NotPetya in a particular geographical area (Ukraine - v. article): the ransomwarein that case, it was concealed in the update of a particularly widespread among the companies of this region and released specifically to block their activities, causing damage especially economic. Not only that, this type of attacks can also be a real danger for the Armed Forces. In fact, if for a moment we stop to consider how many systems, from the most sophisticated to the informational-management ones used for daily activities, depend on services provided by third-party companies (for repairs, maintenance, upgrades, installations, etc. .), you can easily realize how much they are exposed by the threat just mentioned. Not surprisingly, the issue is taken more and more seriously by the Armed Forces of many countries, such as the USA, which now consider the control and security of supply chain, also from a point of view cyber, an essential element.
Finally, for some months now we are witnessing the widespread diffusion of the so-called crypto currency or crypto currencies or even virtual currencies. The direct consequences of this phenomenon are the sharp increase in the theft of such currencies (v.articolo) and the explosion of the "gold rush of the twenty-first century", for which more and more individuals are gearing up to "extract" the crypto coins themselves.
Simplifying the extreme and leaving out the aspects of the functioning of the blockchain, virtual coins, in fact, consist of fillet ciphers, obtained thanks to very demanding calculations also for i computer. Get these fillettherefore, it is not at all simple, so much to require hardware specifically designed for this requirement, equipped with extreme calculation capacity but also very expensive, also from an energy point of view. Therefore, an alternative way is being spread to "extract" the crypto coins, not even to say, illicit: exploit in a fraudulent way the ability to calculate the computer of Internet users. The new trend, observed by some companies of cyber security, it is precisely that of the so-called crypto miner illegal, that is malware that infect users' PCs, in order to reprogram them to "extract" the crypto coins by cooperating with each other on the net. It was also noted that the threat also runs on sites websites unlawfully modified. In this case, i miner they hit without being installed malware, simply through the browser. The consequences for users who run into such illegal methods are easily understood: in addition to a more saline energy bill than normal (it has been calculated that a PC, while crypto mining, consumes up to five times more than normal) i computer, if not particularly performing, they become practically useless until, in many cases, they become irreparably damaged. It is to be sworn that the cybernetic gold rush will not give anyone discounts, so even this threat is destined to trouble cyber-space in the near future.
Happy New Year!
Main sources:
https://www.globalsecuritymag.com/McAfee-Labs-Previews-Five,20171204,75496.html
https://blog.fortinet.com/2017/12/12/rise-of-one-more-mirai-worm-variant
https://securelist.com/ksb-threat-predictions-for-2018/83169/
https://www.kaspersky.com/blog/mining-easy-explanation/17768/
https://www.kaspersky.it/blog/web-miners-protection/14859/
http://formiche.net/2017/12/19/corea-del-nord-dietro-il-malware-wannacry/
https://www.enisa.europa.eu/publications/info-notes/supply-chain-attacks
https://www.afcea.org/committees/cyber/documents/Supplychain_000.pdf
