INTERNET SECURITY THREAT REPORT  2014
IS 376
OCTOBER 28, 2014
COMPUTER SECURITY
COMPUTERS AND NETWORKS WERE ORIGINALLY DEVELOPED TO FACILITATE ACCESS,
NOT TO RESTRICT IT.
SOFTWARE/HARDWARE SYSTEMS KNOWN AS FIREWALLS ARE OFTEN USED TO
PROVIDE “CHOKE POINTS” FOR COMPUTER SYSTEMS.
• THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD.
• THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM.
• THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 2
DENIAL OF SERVICE ATTACKS
“DENIAL OF SERVICE” ATTACKS CONSIST OF THE CONSUMPTION OF A
LIMITED RESOURCE, USUALLY NETWORK CONNECTIVITY, IN AN EFFORT
TO DENY LEGITIMATE ACCESS TO THAT RESOURCE.
IN THIS TYPE OF ATTACK, THE ATTACKER BEGINS THE PROCESS OF
ESTABLISHING A CONNECTION TO THE VICTIM MACHINE, BUT DOES IT IN
SUCH A WAY AS TO PREVENT THE ULTIMATE COMPLETION OF THE
CONNECTION.
IN THE MEANTIME, THE VICTIM MACHINE HAS RESERVED
ONE OF A LIMITED NUMBER OF DATA STRUCTURES
REQUIRED TO COMPLETE THE IMPENDING CONNECTION.
THE RESULT IS THAT LEGITIMATE CONNECTIONS ARE
DENIED WHILE THE VICTIM MACHINE IS WAITING TO
COMPLETE BOGUS "HALF-OPEN" CONNECTIONS.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 3
VIRUSES
A VIRUS IS A COMPUTER PROGRAM FILE CAPABLE OF ATTACHING TO
DISKS OR OTHER FILES AND REPLICATING ITSELF REPEATEDLY,
TYPICALLY WITHOUT USER KNOWLEDGE OR PERMISSION.
SOME VIRUSES
ATTACH TO
FILES SO WHEN
THE INFECTED
FILE EXECUTES,
THE VIRUS ALSO
EXECUTES.
OTHER VIRUSES SIT
IN A COMPUTER'S
MEMORY AND INFECT
FILES AS THE
COMPUTER OPENS,
MODIFIES OR
CREATES THE FILES.
SOME VIRUSES DISPLAY SYMPTOMS, AND SOME VIRUSES DAMAGE
FILES AND COMPUTER SYSTEMS.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 4
WORMS
WORMS ARE PARASITIC COMPUTER PROGRAMS THAT
REPLICATE, BUT UNLIKE VIRUSES, DO NOT REQUIRE ACTION
ON THE PART OF HUMAN USERS IN ORDER TO SPREAD.
WORMS CAN CREATE COPIES ON THE SAME
COMPUTER, OR CAN SEND THE COPIES TO OTHER
COMPUTERS VIA A NETWORK.
WORMS OFTEN SPREAD VIA E-MAIL OR CHAT
APPLICATIONS, TAKING ADVANTAGE OF FILE
OR INFORMATION TRANSPORT FEATURES TO
SPREAD UNAIDED BY HUMAN ACTION.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 5
TROJAN HORSES
A TROJAN HORSE IS A MALICIOUS PROGRAM THAT
PRETENDS TO BE A BENIGN APPLICATION.
A TROJAN HORSE PROGRAM
PURPOSEFULLY DOES SOMETHING
THE USER DOES NOT EXPECT.
TROJAN HORSES ARE NOT
VIRUSES SINCE THEY DO NOT
REPLICATE, BUT THEY CAN BE
JUST AS DESTRUCTIVE.
ONE TYPE OF TROJAN HORSE,
KNOWN AS A LOGIC BOMB, IS
SET TO EXECUTE WHENEVER
A SPECIFIC EVENT OCCURS
(E.G., A CHANGE IN A FILE, A
PARTICULAR SERIES OF
KEYSTROKES, A SPECIFIC
TIME OR DATE).
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 6
WATERING HOLE ATTACKS
WITH INCREASED VIGILANCE AGAINST MALWARE ATTACKS, SOME
ATTACKERS HAVE RESORTED TO INDIRECT WATERING HOLE ATTACKS.
• THE ATTACKERS INJECT AN “EXPLOIT”
CONTAINING MALWARE ONTO A
TRUSTED SITE THAT THEIR INTENDED
TARGET OFTEN VISITS.
• WHEN THE TARGET VISITS THE SITE,
THE EXPLOIT DROPS ITS MALWARE
ONTO THE VICTIM’S SYSTEM.
• THE ATTACKERS CAN THEN LAUNCH
THEIR MALICIOUS ATTACK VIA THEIR
LAUNCHED MALWARE.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 7
ZERO DAY VULNERABILITIES
WHEN ATTACKERS DISCOVER A VULNERABILITY IN A SOFTWARE
SYSTEM BEFORE THE SYSTEM DEVELOPERS DO (OR AT LEAST BEFORE
THEY FIX IT), THE ATTACKERS TRY TO DEVELOP “EXPLOITS” (I.E.,
STRATEGIES FOR TAKING ADVANTAGE OF THAT VULNERABILITY) ON
“DAY ZERO” OF AWARENESS OF THE VULNERABILITY.
AFTER SOME SOFTWARE DEVELOPERS TOOK OVER FOUR
YEARS TO ADDRESS KNOWN VULNERABILITIES, HEWLETTPACKARD’S ZERO DAY INITIATIVE WAS SET UP TO REWARD
RESEARCHERS WHO REPORTED VULNERABILITIES TO ZDI,
WHICH WOULD TRY TO WORK WITH THE VENDOR TO
DEVELOP A PATCH FOR THE PROBLEM.
IN ANY CASE, THE DEVELOPER WOULD HAVE
NO MORE THAN 180 DAYS TO FIX THE
VULNERABILITY BEFORE ZDI WOULD
RELEASE THE INFORMATION TO THE PRESS.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 8
RANSOMWARE
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 9
UNSOLICITED COMMERCIAL E-MAIL (SPAM)
E-MAIL IS SENT TO A VAST NUMBER OF USERS, WITH THE HOPES THAT SOME SMALL
PERCENTAGE OF THEM WILL RESPOND TO AN “IRRESISTIBLE” OFFER AND PURCHASE
WHAT TURNS OUT TO BE A BOGUS PRODUCT AT A “BARGAIN” PRICE.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 10
SPAM STATISTICS (2013)
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 11
ZOMBIE ARMIES (BOTNETS)
ZOMBIE COMPUTERS, VIRUSINFECTED COMPUTERS THAT
PERFORM MALICIOUS TASKS UNDER
REMOTE DIRECTION, ARE THE
MAJOR DELIVERY METHOD OF SPAM.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 12
SPAM RED FLAGS
AMONG THE TELLTALE
SIGNS THAT AN E-MAIL
MESSAGE COULD BE
SPAM:
• FREQUENT USE OF
CHARACTERS THAT ARE
NEITHER NUMBERS NOR
LETTERS.
• TRANSMISSION TIME IN
THE WEE HOURS OF THE
NIGHT.
• USE OF HUSTLE PHRASES,
LIKE “DOUBLE YOUR
INCOME” OR “LOSE WEIGHT
FAST”.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 13
PHISHING EXPEDITION
PHISHING IS A HIGH-TECH SCAM
THAT USES SPAM OR POP-UP
MESSAGES TO DECEIVE WEB USERS
INTO DISCLOSING CREDIT CARD
NUMBERS, BANK ACCOUNT
INFORMATION, SOCIAL SECURITY
NUMBER, PASSWORDS, OR OTHER
SENSITIVE INFORMATION.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 14
SPEAR PHISHING
INSTEAD OF SENDING THOUSANDS OF RANDOM E-MAILS, HOPING A FEW VICTIMS WILL
BITE, SPEAR PHISHERS TARGET SELECT GROUPS OF PEOPLE WITH SOMETHING IN
COMMON (E.G., WORK AT THE SAME COMPANY, ATTEND THE SAME COLLEGE).
FIRST, CRIMINALS NEED SOME INSIDE INFORMATION ON THEIR TARGETS TO
CONVINCE THEM THE E-MAILS ARE LEGITIMATE. THEY OFTEN OBTAIN IT BY
HACKING INTO AN ORGANIZATION’S COMPUTER NETWORK OR BY COMBING
THROUGH OTHER WEBSITES, BLOGS, AND SOCIAL NETWORKING SITES.
NEXT, THEY SEND E-MAILS THAT LOOK LIKE THE REAL THING TO TARGETED
VICTIMS, OFFERING ALL SORTS OF URGENT AND LEGITIMATE-SOUNDING
EXPLANATIONS AS TO WHY THEY NEED YOUR PERSONAL DATA.
FINALLY, THE VICTIMS ARE ASKED TO CLICK ON A LINK INSIDE THE E-MAIL THAT TAKES THEM TO
A PHONY BUT REALISTIC-LOOKING WEBSITE, WHERE THEY ARE ASKED TO PROVIDE
PASSWORDS, ACCOUNT NUMBERS, USER IDS, PINS, ETC.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 15
SPEAR PHISHING WORD CLOUD
CERTAIN WORDS ARE USED FREQUENTLY IN SPEAR PHISHING EFFORTS, USUALLY
ASSOCIATED WITH URGENCY OR OTHER ATTENTION-GRABBING CONNOTATIONS.
IS 376
OCTOBER 28, 2014
INTERNET SECURITY
PAGE 16
MOBILE ADWARE (MADWARE)
DEVELOPERS MONETIZE MOBILE APPS BY DISPLAYING ADVERTISEMENTS ON THEM.
THEY USE AD LIBRARIES THAT HAVE THE ABILITY TO COLLECT INFORMATION ABOUT
THE APP’S USER IN ORDER TO SERVE TARGETED ADVERTISEMENTS.
THIS CAN BE
ABUSED AND,
DEPENDING
ON WHICH AD
LIBRARY
FEATURES THE
DEVELOPER
CHOOSES TO
USE,
PERSONAL
DATA CAN BE
LEAKED
THROUGH AN
AD LIBRARY.
IS 376
OCTOBER 28, 2014
ADDITIONALLY,
AN AD LIBRARY
CAN EXHIBIT
ANNOYING
BEHAVIORS
SUCH AS
DISPLAYING
ADS IN THE
NOTIFICATION
BAR, CREATING
AD ICONS, OR
CHANGING WEB
BROWSER
BOOKMARKS.
INTERNET SECURITY
PAGE 17