The first quarter of 2015 saw a 165 percent increase in new ransomware led by the new and difficult-to-detect CTB Locker ransomware family, new ransomware family called TeslaCrypt. If these weren’t enough, we had to contend with the emergence of new versions of CryptoWall, TorrentLocker and BandarChor.
CTB-Locker’s has been one of the most successful of ransomware because of its ability to evade security software, high-quality emails, and an “affiliate” program that offers a percentage of ransom payment to accomplices in return for “terrorizing” potential victims with CTB-Locker phishing messages.
Early part of the year saw an increase in Adobe Flash malware. This stems from various factors – the popularity of Adobe Flash as a technology; user delay in applying available Adobe Flash patches; new methods to exploit product vulnerabilities; an increase in the number of mobile devices that can play Adobe flash files and the difficulty in detecting some Flash exploits.
This is because of the popularity of Adobe Flash and the trend is more likely to continue as users are wont to delay the patch updates for Adobe Flash Player.
It was also in February this year that the cybersecurity community became aware of a secretive group calling itself the Equation Group in their effort to exploit HDD (Hard disk drive) and SSD (Solid-state drive) firmware (see Definition).
McAfee found that modules could reprogram the firmware in SSDs and HDDs. After the reprogramming is carried out, the SSD and HDD firmware can reload associated malware each time the infected systems boot. The malware is said to persist even if the drives are reformatted or the operating system is reinstalled. Security software is unable to detect the infection which is stored in a hidden area of the drive.
These attacks by the Equation Group are ranked as some of the most sophisticated threats of its kind. Though such attacks in the past were highly-targeted, organizations should be aware and prepared for the eventuality that they may become “’off-the-shelf’ incarnations of such threats in the future.”
Recommendation
Users and organizations are advised to be more diligent in applying security patches when it is available.
Definition
Firmware – programming that’s written to the read-only memory (ROM) of a computing device.
Source
Help Net Security
The Week That Was
- New password recovery scam targets Gmail, Yahoo and Outlook users. Scammers are using the targets email address and mobile number to compromise accounts. They use the password recovery feature offered by many email providers, which helps users who have forgotten their passwords gain access to their accounts.
- MacKeeper utility in Mac exploied. Cybercriminals used a security hole in the Mac security and cleanup utility. Though the hole was patched after it became known, but until users received the update, they were still at risk.
- Pita bread used in stealing encryption keys. A team of researchers from Israel have developed a novel way to steal encryption keys – using cheap radio sniffer and a piece of pita bread. When fully assembled, the device works by listening to radio signals emitted by the computer’s CPU when it’s crunching data.
- Samsung disables Windows Update to run its own software. Samsung computer users are open to attack because the software that it bundles into its systems disables Windows Update. The culprit is a piece of code called SWUpdate, which handles driver updates for its hardware. The SWUpdate run an executable called Disable_Windowsupdate.exe as part of its standard operations.