How scary to live: from viruses in QR codes to hacking industrial giants
Recently, we have the impression that the “bad guys” have started a new habit of attacking several corporations each quarter. Quite recently , the quarterly reports dealt primarily with new malicious programs, which in the worst case threatened with a global epidemic, the creation of large botnets, theft of money from user accounts and other consequences of traditional cybercrime. In the third quarter, the scale and nature of disasters was different.
The attack on the computer systems of the manufacturer of military equipment Mitsubishi Heavy Industries. Computers at several enterprises that produce missiles, submarines and military vessels are infected. What kind of information falls into the hands of hackers is unknown, but even the most timid assumptions cause light trepidation.
')
Hacking the servers of the DigiNotar certification center, issuing root SSL certificates. Issued 531 fake certificates, among them - related to the sites of the CIA, Mossad and Mi6. In addition, cybercriminals are interested in government agencies from different countries, major Internet services (Google, Yahoo, Tor, Mozilla) and the websites of some companies. The government of the Netherlands refuses DigiNotar services, the state organizations have to reconfigure the system to work with new certificates, which leads to downtime. Trust to DigiNotar is undermined, the company declares voluntary bankruptcy. However, the consequences of the attack are much more significant: it showed that with the help of fake certificates, it is possible to suspend the operation of systems directly connected with the country's economy and government bodies. And you can also hack such systems - and if you want to achieve the same results or worse.
Not in the third quarter, and without cyber-robingudov, the notorious group Anonymous . In the list of hacktivist victims: Italian cyber police; a number of US police units; San Francisco Transportation System (BART); Vanguard Defense (engaged in the development of military equipment) and Booz Allen Hamilton (works, including the US government); as well as FBI contracting companies ManTech International and IRC Federal. Data stolen from hacked servers is laid out in open access to pastebin.com or torrent trackers. From the statements of representatives of Anonymous, it follows that they are driven by a keen sense of justice. Bypassing the controversial ethical component of their activities. One thing is indisputable: after the disinterested robingids on the path that they have torn off, sooner or later mercenary blackmailers and non-schismatic competitors will come. And those who do not belong to the category of traditional cybercriminals may come, but they have an overwhelming interest in other people's secrets.
As for self-serving cybercrime, he now steals even processor time: TDSS owners use the powerful computing resources of the botnet (read user computers) to generate money “out of thin air” - currencies in the Bitcoin system.
However, hackers traditionally continue to steal personal data of users, but at the same time they do not bother: in their hands - data ¾ (!) Of the population of South Korea.
Of course, it was not without the complexity of the technology of the attackers and the next round of development of rootkits. We saw the combat use of the AWARD BIOS infection concept presented by a hacker from the Middle Kingdom in 2007. The treatment and detection of such a malware is not at all simple, because its launch takes place almost immediately after pressing the “Power” button, and much earlier than the launch of protective equipment. The monetization of this creation is the download of clicker trojans, which, in general, is not surprising for a typical “made in china”.
The ultra-high rates of mobile malware development are also impressive. Cybercriminals have concentrated their efforts on a green robot: Android malware already accounts for 40% of all malicious programs for mobile devices (which, by the way, is indisputable proof of the Android OS’s victory on the mobile OS market). The appearance of the mobile Zitmo Trojan (zeus-in-the-mobile) for Android, which, paired with his colleague, the usual ZeuS, allows intruders to bypass the two-factor authentication system used in many Internet banking systems.
Cybercrime uses everything it can reach. The intruders managed to screw even harmless QR codes for their own purposes - for the time being they hide links to malware for mobile devices. However, the first step is the hardest. As the author of the report writes, “where the greatest danger is the substitution of QR codes in various advertisements and on informational posters, both on the Internet and in the real world”.
In general, how terrible it is to live :) The number of malicious programs destroyed and rescued users suggests reasonable pessimism: in some countries of the world, more than half of computers are subject to regular attacks. These data can be found by reviewing the ratings, charts and maps published at the end of our report.
The attack on the computer systems of the manufacturer of military equipment Mitsubishi Heavy Industries. Computers at several enterprises that produce missiles, submarines and military vessels are infected. What kind of information falls into the hands of hackers is unknown, but even the most timid assumptions cause light trepidation.
')
Hacking the servers of the DigiNotar certification center, issuing root SSL certificates. Issued 531 fake certificates, among them - related to the sites of the CIA, Mossad and Mi6. In addition, cybercriminals are interested in government agencies from different countries, major Internet services (Google, Yahoo, Tor, Mozilla) and the websites of some companies. The government of the Netherlands refuses DigiNotar services, the state organizations have to reconfigure the system to work with new certificates, which leads to downtime. Trust to DigiNotar is undermined, the company declares voluntary bankruptcy. However, the consequences of the attack are much more significant: it showed that with the help of fake certificates, it is possible to suspend the operation of systems directly connected with the country's economy and government bodies. And you can also hack such systems - and if you want to achieve the same results or worse.
Not in the third quarter, and without cyber-robingudov, the notorious group Anonymous . In the list of hacktivist victims: Italian cyber police; a number of US police units; San Francisco Transportation System (BART); Vanguard Defense (engaged in the development of military equipment) and Booz Allen Hamilton (works, including the US government); as well as FBI contracting companies ManTech International and IRC Federal. Data stolen from hacked servers is laid out in open access to pastebin.com or torrent trackers. From the statements of representatives of Anonymous, it follows that they are driven by a keen sense of justice. Bypassing the controversial ethical component of their activities. One thing is indisputable: after the disinterested robingids on the path that they have torn off, sooner or later mercenary blackmailers and non-schismatic competitors will come. And those who do not belong to the category of traditional cybercriminals may come, but they have an overwhelming interest in other people's secrets.
As for self-serving cybercrime, he now steals even processor time: TDSS owners use the powerful computing resources of the botnet (read user computers) to generate money “out of thin air” - currencies in the Bitcoin system.
However, hackers traditionally continue to steal personal data of users, but at the same time they do not bother: in their hands - data ¾ (!) Of the population of South Korea.
Of course, it was not without the complexity of the technology of the attackers and the next round of development of rootkits. We saw the combat use of the AWARD BIOS infection concept presented by a hacker from the Middle Kingdom in 2007. The treatment and detection of such a malware is not at all simple, because its launch takes place almost immediately after pressing the “Power” button, and much earlier than the launch of protective equipment. The monetization of this creation is the download of clicker trojans, which, in general, is not surprising for a typical “made in china”.
The ultra-high rates of mobile malware development are also impressive. Cybercriminals have concentrated their efforts on a green robot: Android malware already accounts for 40% of all malicious programs for mobile devices (which, by the way, is indisputable proof of the Android OS’s victory on the mobile OS market). The appearance of the mobile Zitmo Trojan (zeus-in-the-mobile) for Android, which, paired with his colleague, the usual ZeuS, allows intruders to bypass the two-factor authentication system used in many Internet banking systems.
Cybercrime uses everything it can reach. The intruders managed to screw even harmless QR codes for their own purposes - for the time being they hide links to malware for mobile devices. However, the first step is the hardest. As the author of the report writes, “where the greatest danger is the substitution of QR codes in various advertisements and on informational posters, both on the Internet and in the real world”.
In general, how terrible it is to live :) The number of malicious programs destroyed and rescued users suggests reasonable pessimism: in some countries of the world, more than half of computers are subject to regular attacks. These data can be found by reviewing the ratings, charts and maps published at the end of our report.
Source: https://habr.com/ru/post/132893/
All Articles