'Two weeks' to block cyber-attack

[Ignitionnet]

Quote:

Originally Posted by heero_yuy

Even then you can be vulnerable to malicious scripts if you use IE.

To be honest more often it's Java vulnerabilities and other plug-ins that are the problem rather than IE or any other browser per se.

A malware escaping the JRE sandbox is bad whichever browser the JRE is running through.

[alanbjames]

Well i have just scanned my PC using the symantec tool and all it found were two problems which are false positives.

Incredimail & Update.exe which is to do with Nero.

[alferret]

Scaremongering, panic stations Mr Mainwaring!

[Stuart]

Quote:

Originally Posted by Ignitionnet

To be honest more often it's Java vulnerabilities and other plug-ins that are the problem rather than IE or any other browser per se.

A malware escaping the JRE sandbox is bad whichever browser the JRE is running through.

That's one thing people forget.

It's easy to blame Windows (or any OS) or any particular browser because these have produced lots of attack vectors in the past. But, Microsoft, Apple, the various Linux maintainers, and the browser manufacturers have all spent a lot of time and money over the last few years hardening the security on their code. They've experienced the problems and have worked to solve them.

As such, it's often easier for the bad guys to attack other software (something made easier by the fact that software that really doesn't need it is demanding network access now). The companies behind this software haven't had the problems to do with, so probably aren't prepared for them. At the moment, browser plugins and Java are being attacked and I think both Adobe and Oracle are working hard to improve the security in their products as a result. Neither are quite there yet, but it took the OS manufacturers a few years to get their act together.

I don't know what the next attack vector will be but I suspect it'll be other devices (such as smart TVs) that are suddenly wanting internet access as the companies behind these may not have a lot of experience of developing secure software. Or they may not be willing to spend the cash required to update old devices. Think about that. Microsoft have not long stopped patching a 13 year old OS. How many devices do you know of that receive updates beyond a year or two after release, if they receive any at all (I have an old Philips Freeview box that I bought when Freeview launched and it has never received a software update).

[Ignitionnet]

Quote:

Originally Posted by Stuart

I don't know what the next attack vector will be but I suspect it'll be other devices (such as smart TVs) that are suddenly wanting internet access as the companies behind these may not have a lot of experience of developing secure software.

Android smartphones. What, you thought that you were the only person who wanted to root your phone?

Smart TVs are pretty disinteresting as they don't hold any private data and aren't really used to do anything that involves it.

[qasdfdsaq]

Botnets are just as useful for outputting data (spam, DDoS, etc.) on behalf of the controllers as they are for gathering data from infected machines.

[Qtx]

Quote:

Originally Posted by Ignitionnet

To be honest more often it's Java vulnerabilities and other plug-ins that are the problem rather than IE or any other browser per se.

If we ignore activeX....Java, Flash, PDF and office documents are the most common plugins that lead to a compromise through the browser or OS.

---------- Post added at 13:59 ---------- Previous post was at 13:53 ----------

Quote:

Originally Posted by Stuart

I don't know what the next attack vector will be but I suspect it'll be other devices (such as smart TVs) that are suddenly wanting internet access as the companies behind these may not have a lot of experience of developing secure software.

There are already vulnerabilities found in smart tv's, which are running a kind of sandboxed linux mostly. Attacking these is not very useful for the average hacker at the moment but that may change if banking apps become common. Tv's with microphones and built in cameras are becoming more common and the security agencies will like to pwn those

Mobile phones have software issues but there is still a fundamental problem relating to SIMs and sending a dodgy message via most networks, which not many people are shouting about. The phone networks can fix the problem easy but that would stop GCHQ from making use of it. It's the only reason I can see that they wouldn't block this backdoor which has been known about for about 2 or 3 years now.

Internet connected fridges and toasters could indeed in theory send out spam.

---------- Post added at 14:01 ---------- Previous post was at 13:59 ----------

Quote:

Originally Posted by Ignitionnet

Smart TVs are pretty disinteresting as they don't hold any private data and aren't really used to do anything that involves it.

It's not stored data, it's data they send via http or other protocols which is of interest. If you use your tv to login to your email or twitter, there is a good chance you use that password elsewhere. If you can get the email password then you could potentially have access to all the accounts of that person.

[Ignitionnet]

Naturally but it is scraping the bottom of the barrel to go down that route just yet. Very few people use their TV to access anything interesting, about the most you might get are Netflix credentials.

For sure Smart TV security is awful but for now Android-based devices are way more lucrative and ubiquitous.

No doubt as soon as people start using the TVs for everything they'll get more attention. The best bet for those is probably to keep them in walled gardens to be honest.

[Qtx]

That is what it boils down to and has for years, what is most popular and will lead to the most infections. Infect that. That is why Internet Explorer and windows were the main targets for drive by downloads. Not that many internet connected tv's out there at the moment, no point spending time getting those infected.

Again you have to differentiate between a targeted attack and mass infections. If you are targeting an individual then everything is useful and it could be beneficial to sniff Netflix logins in case the same password is used elsewhere like email. If you are after bank logins it's a numbers game and you try and infect as many people as possible knowing a percentage of those installs will give the goodies, while the others can still be used for DDoS, sending spam, ransomware or other activities.

Plenty of Android malware on the play store disguised as Antivirus software and Android is a very lucrative platform with a large number of potential victims. Some custom roms (particularly Chinese/China based) available for download are pre-rootkitted so are well hidden from being spotted too. Gonna get worse before it gets better

[qasdfdsaq]

Quote:

Originally Posted by Qtx

That is what it boils down to and has for years, what is most popular and will lead to the most infections. Infect that. That is why Internet Explorer and windows were the main targets for drive by downloads. Not that many internet connected tv's out there at the moment, no point spending time getting those infected.

I do see a lot more malware and spammy adverts targeting Android these days. Some specifically designed for certain brands' browsers as well on popular sites. It's definitely taking off, and indeed, mostly because there are just so many devices and a lot of manufacturers are really bad at updating/patching older models.

[Ignitionnet]

Quote:

Originally Posted by Qtx

Plenty of Android malware on the play store disguised as Antivirus software and Android is a very lucrative platform with a large number of potential victims. Some custom roms (particularly Chinese/China based) available for download are pre-rootkitted so are well hidden from being spotted too. Gonna get worse before it gets better

Heh there's at least one Android Malware that actually co-operates with PC malware to steal money from online banking. It uses a broadcast receiver to intercept SMS.

The malware between them steal online banking credentials for bank(s) that use SMS to authenticate online transfers, then after a C&C request initiate a transfer to an account to receive the cash.

The SMS authentication gets intercepted by the Android malware and is used to complete the transaction without the user's knowledge.

See how many members disconnect from the Internet after reading this thread.

[Qtx]

That technique has been in use by a zeus banking variant for over three years now. There was a completely independent malware strain found at the beginning of this year that does the same and a big fuss was made about it. Was end of 2010/ or beginning of 2011 the method was first seen in malware.

Plenty of apps out there that anyone can download to intercept sms and forward them to another phone without the user knowing too. Probably find some of them on the play store too.

The more people use two factor authentication, the more common this will become in other malware. Time for 3 and 4 factor authorisation with passcode, fuzzy logic and quantum bits

Unfortunately, security has to be easy/simple to use for the lay/less experienced user.

I use to work for a major Financial Services company, and we encrypted all laptops (this was in 2003) - the number of times the Chairman or the CFO would lock themselves out (once or twice a week).

[qasdfdsaq]

Similarly some of our encryption hardware is, IMO, a bit overkill. Some encrypted memory sticks will, for example, destroy the decryption key after 10 incorrect password attempts, rendering it impossible to access your data if someone enters the wrong password a few times, even if you remember the correct one eventually.

Have to advise people not to store critical data on there, which sorta defeats the purpose of using encrypted sticks in the first place.

[thenry]

A fair few attacks made to anti-virus support community forums gaining access to usernames, passwords, email addresses. I had an email from ESET earlier.