Pierluigi Paganini
April 27, 2015
Infections from malicious software — harmful code that’s also known as malware and that includes things like computer viruses and worms — are keeping repair specialists like in Kaspersky, Sophos, and Symantec etc. thanks in part to an exponential rise in the types of malware hitting PCs.
As Malware rise, U.S. Remains Biggest Source of Attacks. Contrary to popular perception, a majority of the cyber-attacks on U.S. companies continue to originate from inside the country rather than outside it.companies continue to originate from inside the country rather than outside it.
Recently news says that, Emails to and from President Barack Obama were read by Russian hackers last year in a breach of the White House‘s unclassified computer system isn’t it give you feel that you are not alone ! Even U.S. ! Even U.S. president is trapped.
Russian hackers who penetrated sensitive parts of the White House computer system last year read President Barack Obama’s unclassified e-mails.
“There is no evidence that the president’s e-mail account itself was hacked but still, the fact that some of Mr. Obama’s communications were among those retrieved by hackers has been one of the most closely held findings of the inquiry,”.
Although no classified networks had been compromised, officials conceded that the unclassified system still contains highly sensitive information such as e-mail exchanges with diplomats, exchanges about personnel moves and legislation, presidential schedules and discussion about policy.
Officials did not disclose the number of Obama’s e-mails that were read by the hackers or the sensitivity of their content but this news gives shocking wave for all users “Are we safe?”
For all the attention placed on state-sponsored actors and cyber criminal gangs in Russia, China and East Europe, nearly a third of the IP addresses associated with malicious activity and 48 percent of malicious URLs are U.S.-based a report from security vendor Webroot shows. The Webroot report is based on an analysis of information gathered by the company’s BrightCloud threat intelligence service. It showed that malware and the infrastructure for hosting and distributing it, is growing dramatically fast.
On average, there are a staggering 12 million malicious IP addresses operating on the Internet on any given day with approximate 85,000 new addresses being launched daily. While the IP addresses come from all over the world, over 30 percent of them are from the US followed by China with 23 percent and Russia with 10 percent.
When Webroot looked at where malicious URLs are located, Russia and China were barely on the list while the US topped with France in a distant second place.
“The United States is the number one source of attacks, number one in terms of attack victims and number one in terms of attackers. One reason why so many malicious URLs are located in the US could simply be that malicious attackers know that URLs in high-risk countries are automatically blocked by ego-filtering services.”
“An example of such a service is an enterprise network that is configured to reject all connection attempts involving URLs from a high-risk country,” “This underscores the importance of having URL reputation data independent of classification, as filtering purely by IPs may not be enough to keep networks and users secure,”
Remember the days when security awareness programs only had to warn employees about website spoofing? Unfortunately, malware-attack methods have advanced to the point where even trusted, well-known websites can silently infect users via drive-by download attacks. The surge in spear-phishing as the top method used by malware attackers to gain unauthorized access to sensitive data has led to widespread implementation of end-user awareness programs.
To minimize malware risks it is essential that every employee within an organization understand that they are both an asset and a potential security liability. After instituting these programs, odds are high that most employees will know not to open the email attachment from the Nigerian lawyer who claims they are the beneficiary of a large fortune or click on an email link purporting to be from their bank, asking them to confirm their access credentials.
At this time of year, many of us like to surprise our family, friends, and colleagues with gifts that aren’t what they appear to be. A ring wrapped in the box your microwave came in. A sweater in a package weighted down with a few bricks. Or maybe a new suitcase that actually contains tickets for a trip. You get the picture – using deception for a pleasant surprise.
It strikes me that attackers like to ‘surprise’ their targets in much the same way – disguising threats as something they aren’t, but leading to a not so pleasant surprise. They may send emails that appear to be from a trusted source, but instead include a link to a website or a file attachment infected with malware. There are targeted attacks that combine sophisticated social engineering with elusive methods to gain a persistent foothold within the network and exfiltrate critical data. There are entirely new zero-day attacks, unlike anything we’ve seen before and which traditional defenses can’t recognize. And techniques continue to change.
Email SecurityOne of the latest methods is ‘snowshoe’ malware, so named because much like a snowshoe that has a large but a faint footprint that is harder to see, the attacker spreads a lot of small messages across a large area to avoid detection by traditional defenses. Snowshoe spammers rapidly change body text, links, the IP addresses used to send from, and never repeat the same combination. The possibilities are seemingly endless.
These various types of attacks are successful because they are well-disguised, blend different techniques, and constantly evolve. That’s what we as defenders need to do with our defenses – use a security architecture that supports a combination of defenses in ways attackers don’t expect and that continuously evolves protections to keep up with dynamic attacks. As security professionals, we’re all familiar with the concept of defense-in-depth and multi-layered protection. Traditionally, these approaches have been focused on the network, but they can and should be applied to email gateways as well.
If our system is getting infected, it’s important to design defense in depth framework to tackle latest or old malware/spam and of course by spreading awareness of such malware scenarios and attacks will be a more gentle work in today’s Internet of Things word.
“Be Smart Be Aware As you are not alone in the malicious world “
About the author Archana Chimankar
Archana Chimankar is an Information Security consultant. She has completed MBA in IT Business Management and specializes in Information Security from Symbiosis International University (SIU). Currently working with Tech Mahindra Ltd as a security consultant. She specializes in implementing and auditing various compliance such as ISO 27001 ISMS, IT General controls, BCMS, PCI DSS, SAS70 etc. and delivering security awareness trainings to different clients.
Edited by Pierluigi Paganini
(Security Affairs – computer malware, cybercrime)
