• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Malware
  • Malware… It’s all about you…

Malware… It’s all about you…

Pierluigi Paganini July 23, 2012

Article published on The Malta Indipendent

by Ron Kelson, Pierluigi Paganini, Benjamin Gittins, David Pace

The military strategist Carl von Clausewitz stated:

“All war presupposes human weakness and seeks to exploit it.”

Malicious software (malware) is software that is explicitly designed to exploit vulnerabilities in computing devices and human users to the malicious advantage of the malware author or malware user. Malware comes in many forms, including computer viruses, worms, trojan, spyware, ransom-ware, ad-ware, root kits, and so on.

In 2008, the number of devices connected to the Internet exceeded the number of people on earth: Smartphones, tablets, industrial control systems, smart grids, medical devices, environmental sensors (vibration, temperature, light, video, audio) and so on. According to CISCO, by 2020 that number will grow to 50 billion devices. In the EU vision of an “ambient intelligence” world, devices will work in concert to support people carrying out their everyday life activities, tasks, and rituals, in an easy natural way, using information and intelligence that is hidden within the network connecting these devices. As these devices shrink, and become more connected and integrated into our environment, the technology disappears into our surroundings until only the user interface remains perceivable by users. If this trend continues, billions of these invisible devices will be vulnerable to attacks and will be trivially subverted covertly against us.

One can try arguing that we have lived with computer vulnerabilities without a major crisis in the past, so why start worrying now? The problem is that the value in attacking these devices is growing exponentially, while our dependence on them increases. As more personal and business transactions are performed online, there is a clearer “return on investment” for attacking these systems.

According to Symantec, in 2011, web based attacks increased by 36 per cent with over 4,500 new attacks each day. Four hundred and three million new variants of malware were discovered in 2011, a 41 per cent increase over 2010. Between Q1 2010 to Q1 2011, the number of malicious Android Application package files jumped from 139 to 3,063. Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81 per cent increase over 2010. In the last couple of years, the rate of known malicious software deployments exceeded the previous 20 years combined. And of course, our dependency on these networks and computing devices continues to grow, making the attacks even more profitable… and there are always attacks and malware that still remain undiscovered.

Protecting against the increase in malware attacks has an associated operational cost. According to the 2011 Cost Report compiled by the United States Information Security Oversight Office (ISOO), the cost to protect US government secrets reached more than $11 billion in fiscal year (FY) 2011, up 12 per cent from FY 2010 and more than double the cost in FY 2001.

Malware is deployed in malicious operations ranging from financially motivated cybercrime, politically motivated hacktivism, politically motivated cyberwar by both state and non-state actors, and invasive monitoring by various governments on civilians.

In this article, we will focus on cybercrime and monitoring.

Today, criminal organisations are very active in the development and diffusion of malware that can be used to execute complex fraud with minimal risks to the perpetrators. Criminal gangs, traditionally active in areas such as human or drug trafficking, have discovered that cybercrime is a lucrative business with much lower risks of being legally pursued or put in prison. Unethical programmers are profitably servicing that growing market. Because today’s ICT ecosystem was not built for security, it is easy for attackers to take over third party computers, and extremely difficult to track attacks back to their source. Attacks can be mounted from any country and hop through an arbitrary number of compromised computers in different countries before the attack reaches its target a few milliseconds later. This complicates attribution and international prosecution.

Malware can be used in many types of fraud. One common approach is to steal the personal and banking information of civilians, either directly from their computing devices, or through businesses that are entrusted with that information. The attack vectors for malware are numerous, ranging from exploiting vulnerabilities in social network sites, exploiting vulnerabilities in mail clients and operating systems through spam email, infecting third-party websites so they distribute malware that can hijack your web browser or infect your computer simply by you visiting those compromised web-pages using an insecure web browser.

Once your personal computer or mobile phone has been compromised, “secure” technologies for banking and online transactions can also be targeted and attacked. As some readers may be aware, the European Commission has proposed new rules to enable cross-border and secure electronic transactions in Europe using National e-ID schemes. It seeks to create an internal market for e-Signatures and related online trust services across borders, by ensuring these services will work across borders and have the same legal status as traditional paper-based processes. The role of the EU STORK platform is to “securely” identify a user who is in a session with a service provider and to send his data to this service. However, even with smart card based e-ID schemes, if the computer you are using is compromised, the security of e-ID transactions can also be trivially compromised. Any data you type on a compromised computer can be captured using “key loggers” and “screen capture” tools and forwarded to the attacker. Malware can misrepresent transactions on your screen, so you don’t know what transaction you are actually signing. In short, if your computer is compromised, you can’t achieve security in practice. According to Fabian Martins, a banking security expert at Scopus Technology in Brazil, even multi-factor authentication with two or three types of authentication is NOT enough to protect against malware that targets your online banking transactions.

And this leads us to discussing invasive monitoring by governments. Wikileaks claims that mass interception of entire populations is not only a reality, it is a secret new industry spanning 25 countries. Wikileaks has published 287 files that describe commercial malware products from 160 companies (http://wikileaks.org/the-spyfiles.html). These files include confidential brochures and slide presentations these companies use to market intrusive surveillance tools to governments and law enforcement agencies. This industry is, in practice, unregulated. Intelligence agencies, military forces and police authorities are able to silently, and en masse, secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers. Users’ physical location can be tracked if they are carrying a mobile phone, even if it is only on standby (think RFID).

To get a glimpse of the potential market size, the U.S government is required by law to reveal the total amount of money spent spying on other nations, terrorists and other groups. In 2010, the United States spent $80 billion on spying activities. According to the Office of the Director of National Intelligence, $53.1 billion of that was spent on non-military intelligence programmes. Approximately 100,000 people work on national intelligence. These figures do not include DARPA’s “Plan X” which seeks to identity and track the vulnerabilities in tens of billions of computers connected to the Internet, so they can be exploited.

It is increasingly common for governments to use monitoring tools, viruses and trojans to infect computers and attack civilians, dissidents, opponents and political oppositions. The purpose is to track the victim’s operation on the web, gather information about their activities and the identity of collaborators. In some cases, this can lead to those targeted being neutralised and even ruthlessly suppressed.

According to F-Secure “News from the Lab” blog, during the Syrian repression the government discovered that dissidents were using programmes like SkypeTM to communicate. After the arrest of a few dissidents, the government used their Skype accounts to spread a malware programme called “Xtreme RAT” hidden in a file called “MACAddressChanger.exe” to others activists who downloaded and executed the malware. The dissidents trusted the MACAddressChanger programme because other files with that name had been successfully used in the past to elude the monitoring system of the government. The Xtreme Rat malware falls into the “Remote Access Tool” category. The full version can easily be bought online for €100. The IP address of the command and control server used in those attacks belonged to the Syrian Arab Republic — STE (Syrian Telecommunications Establishment).

In the Trend Micro “Malware Blog”, experts at Trend Micro found that the Syrian government was also using the DarkComet malware to infect computers of the opposition movement. The malware steals documents from victims. It seems that it was also spread through Skype chat. Once executed, the malware tries to contact the command and control (C&C) server to transfer the stolen information and receive further instructions. It has been observed, in this example, that the C&C server is located in Syria and the range of IP addresses are under the control of the Government of Syria.

What the above partially illustrates is the very real conflict of interest in organisations and governments responsible for securing our digital world. The ICT Gozo Malta project promotes technology solutions designed to improve the security, robustness and resilience of many different types of ICT to at least reduce the range of actors who can exploit the known vulnerabilities in today’s systems at our expense. The direct costs incurred by security breaches, not to mention proposed EU Data Protection fines of up to €1 million, must be paid for by somebody. Typically, that person is you, as the losses are discreetly bundled into the cost of products and services you pay for.

Increasingly, malware of all types and purposes is all about you. Attacks will exploit human vulnerabilities and vulnerabilities in computing devices to compromise either your ICT system, or the ICT system of businesses you trust your personal data to. Today, more than ever, the application of best information security practice is critical to ensure you protect the legitimate interests of your personal, family and business relationships. Tell your politicians and major suppliers that you expect them to be diligently pursuing safety and security for our digital world. Be aware and take steps to be safer online! The ICT Gozo Malta website has more information on cyber security for all ages.

 

Pierluigi Paganini, Security Specialist CISO Bit4ID Srl, is a CEH Certified Ethical Hacker, EC Council and Founder of Security Affairs (http://securityaffairs.co/wordpress)

Ron Kelson is Vice Chair of the ICT Gozo Malta Project and CEO of Synaptic Laboratories Limited.

David Pace is project manager of the ICT Gozo Malta Project and an IT consultant

 

ICT Gozo Malta is a joint collaboration between the Gozo Business Chamber and Synaptic Labs, part funded in 2011 by the Ministry for Gozo, Eco Gozo Project, and a prizewinner in the 2012 Malta Government National Enterprise Innovation Awards. www.ictgozomalta.eu links to free cyber awareness resources for all age groups. To promote Maltese ICT, we encourage all ICT professionals to register on the ICT GM Skills Register to keep aware of developments, both in cyber security and other ICT R&D initiatives in Malta and Gozo. For further details contact David Pace on dave.pace@ictgozomalta.eu .


facebook linkedin twitter

banking Cybercrime cyberwar Hacktivism malware mobile monitoring Plan X political oppositions Social Network spyfiles vulnerabilities

you might also like

Pierluigi Paganini July 06, 2025
Hunters International ransomware gang shuts down and offers free decryption keys to all victims
Read more
Pierluigi Paganini July 06, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    New Batavia spyware targets Russian industrial enterprises

    Uncategorized / July 07, 2025

    Taiwan flags security risks in popular Chinese apps after official probe

    Security / July 07, 2025

    U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 07, 2025

    Hunters International ransomware gang shuts down and offers free decryption keys to all victims

    Cyber Crime / July 06, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

    Security / July 06, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT