INTERNET SECURITY THREAT REPORT 2014 IS 376 OCTOBER 28, 2014 COMPUTER SECURITY COMPUTERS AND NETWORKS WERE ORIGINALLY DEVELOPED TO FACILITATE ACCESS, NOT TO RESTRICT IT. SOFTWARE/HARDWARE SYSTEMS KNOWN AS FIREWALLS ARE OFTEN USED TO PROVIDE “CHOKE POINTS” FOR COMPUTER SYSTEMS. • THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD. • THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM. • THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 2 DENIAL OF SERVICE ATTACKS “DENIAL OF SERVICE” ATTACKS CONSIST OF THE CONSUMPTION OF A LIMITED RESOURCE, USUALLY NETWORK CONNECTIVITY, IN AN EFFORT TO DENY LEGITIMATE ACCESS TO THAT RESOURCE. IN THIS TYPE OF ATTACK, THE ATTACKER BEGINS THE PROCESS OF ESTABLISHING A CONNECTION TO THE VICTIM MACHINE, BUT DOES IT IN SUCH A WAY AS TO PREVENT THE ULTIMATE COMPLETION OF THE CONNECTION. IN THE MEANTIME, THE VICTIM MACHINE HAS RESERVED ONE OF A LIMITED NUMBER OF DATA STRUCTURES REQUIRED TO COMPLETE THE IMPENDING CONNECTION. THE RESULT IS THAT LEGITIMATE CONNECTIONS ARE DENIED WHILE THE VICTIM MACHINE IS WAITING TO COMPLETE BOGUS "HALF-OPEN" CONNECTIONS. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 3 VIRUSES A VIRUS IS A COMPUTER PROGRAM FILE CAPABLE OF ATTACHING TO DISKS OR OTHER FILES AND REPLICATING ITSELF REPEATEDLY, TYPICALLY WITHOUT USER KNOWLEDGE OR PERMISSION. SOME VIRUSES ATTACH TO FILES SO WHEN THE INFECTED FILE EXECUTES, THE VIRUS ALSO EXECUTES. OTHER VIRUSES SIT IN A COMPUTER'S MEMORY AND INFECT FILES AS THE COMPUTER OPENS, MODIFIES OR CREATES THE FILES. SOME VIRUSES DISPLAY SYMPTOMS, AND SOME VIRUSES DAMAGE FILES AND COMPUTER SYSTEMS. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 4 WORMS WORMS ARE PARASITIC COMPUTER PROGRAMS THAT REPLICATE, BUT UNLIKE VIRUSES, DO NOT REQUIRE ACTION ON THE PART OF HUMAN USERS IN ORDER TO SPREAD. WORMS CAN CREATE COPIES ON THE SAME COMPUTER, OR CAN SEND THE COPIES TO OTHER COMPUTERS VIA A NETWORK. WORMS OFTEN SPREAD VIA E-MAIL OR CHAT APPLICATIONS, TAKING ADVANTAGE OF FILE OR INFORMATION TRANSPORT FEATURES TO SPREAD UNAIDED BY HUMAN ACTION. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 5 TROJAN HORSES A TROJAN HORSE IS A MALICIOUS PROGRAM THAT PRETENDS TO BE A BENIGN APPLICATION. A TROJAN HORSE PROGRAM PURPOSEFULLY DOES SOMETHING THE USER DOES NOT EXPECT. TROJAN HORSES ARE NOT VIRUSES SINCE THEY DO NOT REPLICATE, BUT THEY CAN BE JUST AS DESTRUCTIVE. ONE TYPE OF TROJAN HORSE, KNOWN AS A LOGIC BOMB, IS SET TO EXECUTE WHENEVER A SPECIFIC EVENT OCCURS (E.G., A CHANGE IN A FILE, A PARTICULAR SERIES OF KEYSTROKES, A SPECIFIC TIME OR DATE). IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 6 WATERING HOLE ATTACKS WITH INCREASED VIGILANCE AGAINST MALWARE ATTACKS, SOME ATTACKERS HAVE RESORTED TO INDIRECT WATERING HOLE ATTACKS. • THE ATTACKERS INJECT AN “EXPLOIT” CONTAINING MALWARE ONTO A TRUSTED SITE THAT THEIR INTENDED TARGET OFTEN VISITS. • WHEN THE TARGET VISITS THE SITE, THE EXPLOIT DROPS ITS MALWARE ONTO THE VICTIM’S SYSTEM. • THE ATTACKERS CAN THEN LAUNCH THEIR MALICIOUS ATTACK VIA THEIR LAUNCHED MALWARE. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 7 ZERO DAY VULNERABILITIES WHEN ATTACKERS DISCOVER A VULNERABILITY IN A SOFTWARE SYSTEM BEFORE THE SYSTEM DEVELOPERS DO (OR AT LEAST BEFORE THEY FIX IT), THE ATTACKERS TRY TO DEVELOP “EXPLOITS” (I.E., STRATEGIES FOR TAKING ADVANTAGE OF THAT VULNERABILITY) ON “DAY ZERO” OF AWARENESS OF THE VULNERABILITY. AFTER SOME SOFTWARE DEVELOPERS TOOK OVER FOUR YEARS TO ADDRESS KNOWN VULNERABILITIES, HEWLETTPACKARD’S ZERO DAY INITIATIVE WAS SET UP TO REWARD RESEARCHERS WHO REPORTED VULNERABILITIES TO ZDI, WHICH WOULD TRY TO WORK WITH THE VENDOR TO DEVELOP A PATCH FOR THE PROBLEM. IN ANY CASE, THE DEVELOPER WOULD HAVE NO MORE THAN 180 DAYS TO FIX THE VULNERABILITY BEFORE ZDI WOULD RELEASE THE INFORMATION TO THE PRESS. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 8 RANSOMWARE IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 9 UNSOLICITED COMMERCIAL E-MAIL (SPAM) E-MAIL IS SENT TO A VAST NUMBER OF USERS, WITH THE HOPES THAT SOME SMALL PERCENTAGE OF THEM WILL RESPOND TO AN “IRRESISTIBLE” OFFER AND PURCHASE WHAT TURNS OUT TO BE A BOGUS PRODUCT AT A “BARGAIN” PRICE. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 10 SPAM STATISTICS (2013) IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 11 ZOMBIE ARMIES (BOTNETS) ZOMBIE COMPUTERS, VIRUSINFECTED COMPUTERS THAT PERFORM MALICIOUS TASKS UNDER REMOTE DIRECTION, ARE THE MAJOR DELIVERY METHOD OF SPAM. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 12 SPAM RED FLAGS AMONG THE TELLTALE SIGNS THAT AN E-MAIL MESSAGE COULD BE SPAM: • FREQUENT USE OF CHARACTERS THAT ARE NEITHER NUMBERS NOR LETTERS. • TRANSMISSION TIME IN THE WEE HOURS OF THE NIGHT. • USE OF HUSTLE PHRASES, LIKE “DOUBLE YOUR INCOME” OR “LOSE WEIGHT FAST”. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 13 PHISHING EXPEDITION PHISHING IS A HIGH-TECH SCAM THAT USES SPAM OR POP-UP MESSAGES TO DECEIVE WEB USERS INTO DISCLOSING CREDIT CARD NUMBERS, BANK ACCOUNT INFORMATION, SOCIAL SECURITY NUMBER, PASSWORDS, OR OTHER SENSITIVE INFORMATION. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 14 SPEAR PHISHING INSTEAD OF SENDING THOUSANDS OF RANDOM E-MAILS, HOPING A FEW VICTIMS WILL BITE, SPEAR PHISHERS TARGET SELECT GROUPS OF PEOPLE WITH SOMETHING IN COMMON (E.G., WORK AT THE SAME COMPANY, ATTEND THE SAME COLLEGE). FIRST, CRIMINALS NEED SOME INSIDE INFORMATION ON THEIR TARGETS TO CONVINCE THEM THE E-MAILS ARE LEGITIMATE. THEY OFTEN OBTAIN IT BY HACKING INTO AN ORGANIZATION’S COMPUTER NETWORK OR BY COMBING THROUGH OTHER WEBSITES, BLOGS, AND SOCIAL NETWORKING SITES. NEXT, THEY SEND E-MAILS THAT LOOK LIKE THE REAL THING TO TARGETED VICTIMS, OFFERING ALL SORTS OF URGENT AND LEGITIMATE-SOUNDING EXPLANATIONS AS TO WHY THEY NEED YOUR PERSONAL DATA. FINALLY, THE VICTIMS ARE ASKED TO CLICK ON A LINK INSIDE THE E-MAIL THAT TAKES THEM TO A PHONY BUT REALISTIC-LOOKING WEBSITE, WHERE THEY ARE ASKED TO PROVIDE PASSWORDS, ACCOUNT NUMBERS, USER IDS, PINS, ETC. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 15 SPEAR PHISHING WORD CLOUD CERTAIN WORDS ARE USED FREQUENTLY IN SPEAR PHISHING EFFORTS, USUALLY ASSOCIATED WITH URGENCY OR OTHER ATTENTION-GRABBING CONNOTATIONS. IS 376 OCTOBER 28, 2014 INTERNET SECURITY PAGE 16 MOBILE ADWARE (MADWARE) DEVELOPERS MONETIZE MOBILE APPS BY DISPLAYING ADVERTISEMENTS ON THEM. THEY USE AD LIBRARIES THAT HAVE THE ABILITY TO COLLECT INFORMATION ABOUT THE APP’S USER IN ORDER TO SERVE TARGETED ADVERTISEMENTS. THIS CAN BE ABUSED AND, DEPENDING ON WHICH AD LIBRARY FEATURES THE DEVELOPER CHOOSES TO USE, PERSONAL DATA CAN BE LEAKED THROUGH AN AD LIBRARY. IS 376 OCTOBER 28, 2014 ADDITIONALLY, AN AD LIBRARY CAN EXHIBIT ANNOYING BEHAVIORS SUCH AS DISPLAYING ADS IN THE NOTIFICATION BAR, CREATING AD ICONS, OR CHANGING WEB BROWSER BOOKMARKS. INTERNET SECURITY PAGE 17