Tag Archive | targeted infiltiration

From Domain Name Servers to Dead Name Servers

A few months back we had blogged about how the FBI had extended the deadline for turning off the rogue DNS servers it had taken control of. Lo and behold! that dead line has finally arrived.

Given the amount of grace period that was provided before putting these servers down, one would assume that the infected PCs would have been cleaned up by now. However, according to the DNS Changer Working Group, a worrying number of PCs still have their DNS entries pointing to the malicious servers.

Our customers need not worry though, for K7 products already have the functionality to diagnose these rogue DNS IP addresses, and replace them with known good ones.

Lokesh Kumar
K7TCL

Phone text – free calls offer?

Phone Text phishing scams are nothing new in the recent years, but they are just not so common, like e-mail scams are. You know those Millions winning offers, bank details request to transfer gadzillions of dolars from some princess in some country, and many others. Funny ones or sometimes even very convincing one.  Recently we have received screenshots from our colleges in Ireland for a phishing scam targeting O2 provider customers via text message.

Message is simple:

O2 phone scam

If you are not many of us – click at what ever shows up on the screen, than you will notice what’s wrong with the message: The link is not to O2 page, which is o2.co.uk or o2.ie but it’s to o2upgrades.org

ORG domain is purposely for organization with non-profit character. So deferentially not O2.

If you click at the link you are redirected to:

O2 Scam messageAnd here is exactly what we expected – phishing page where you enter your Mobile number and password. Therefore exposing your account details.

We have entered fictive details in to the form, and what happens next is that we are redirected after to legitimate O2 website login page:

O2 web

And this is what most user are not aware of. For that split of second you have entered your login details on the page 2 and pressed submit, your records were written to someones database, and than you are passed to the legitimate O2 website. You think, hm… maybe I did enter it wrong. If yo did it right, you have just gave your details to some cyber criminal who can pass your details further, sell it on the black market or even use it himself. You are now on the legitimate O2 website login page, but no sign about the special offer. Why? Because it never existed. That was the whole phishing scam – phishing because  what it means – to lure you somewhere where you would enter your login details so they get recorded for someone, somewhere for some purpose.

Be aware: if something looks as a very good offer, and it’s sent straight to you, stop, and think. In most cases it’s a scam. And if you are not sure, why not to ring the sender to make sure that the message is legitimate?

And in case you fell for the scam, just change your login details immediately.

-sg-

Prepared by K7 Computing UK and K7 Computing Ireland.

The Art of Cyber War

Nation-specific Attacks

Virtual Soldier

Stuxnet, a worm with a particularly venomous, damaging payload, was almost certainly targeting the Iranian nuclear establishment. Given the means and the end, if one were to consider the motive, one would have no alternative but to attribute the creation of Stuxnet to powerful nations inimical to Iran’s nuclear program, a couple of which are in West Asia.

The use of malware as an instrument of state policy may have already been in effect for a couple decades[Rainer Fahs, keynote address, EICAR2011]. In modern times nation-to-nation attacks, alleged or otherwise, have been given considerable publicity with much finger wagging and pointing. Many of these instances of cyber warfare appear to originate in Asia, which is hardly surprising given the frosty relationships that exist between several neighborhood countries in Asia, e.g. North Korea-South Korea, India-Pakistan, etc. Indeed, avoiding the mention of China’s alleged contribution to cyber warfare would be like ignoring the elephant in the room, and the apparent involvement of Israeli personnel most certainly deserves an explicit mention.

There have been several documented cases of nation-specific cyber attacks, some of which are potentially ongoing. These cases may be summarized as follows:

The strategic advantage offered to powerful and resourceful nations via targeted cyber attacking is highly significant. As described in Table 2, the scope of these attacks could be anything from the stealing of state secrets to the targeted damage of both government hardware and software. Critical modern infrastructure is controlled by computer systems which presents an irresistible target for cyber attacks.

The stakes and incentives involved in cyber warfare are high, and cyber attacks are unlikely to diminish in the years to come. On the contrary, cyber warfare is likely to increase manifold with an eastward shift in the balance of power in the global hegemony suggesting an increasing involvement of Asian states.

There can be little doubt that the military and intelligence establishments of various nations have wings dedicated to cyber warfare. Sun Tzu would have been proud. Given the enormous resources involved and the high-profile, targeted nature of cyber attacks, it is difficult to predict the security responses of commercial Anti-Virus companies and the general public at large. It is likely that standard civilian bodies would be largely bystanders in these events. Indeed, for every attack that is reported and documented in the public domain, there may well be several others which are kept very firmly under wraps.

However, perhaps there are some mitigating circumstances:

As a diplomatic preventative measure, it is possible that there could be an international convention, perhaps UN-brokered, on cyber warfare. The US government has already been contemplating diplomatic talks with certain countries. The main issue herein could well be the difficulty in proving state versus non-state actors, a challenge even in conventional warfare where proxy militant groups have been used with impunity to perpetrate attacks across international boundaries.
Standard technical measures to secure systems, including instituting prescribed system configurations and policies, may be sufficient to prevent “80 percent of commonly known cyber attacks”.

Notwithstanding, it will be interesting to track how events transpire in the future. The average citizen of the world may well have to wait for the future offerings from Hollywood or Bollywood, with their vivid imaginations, to gauge the extent of the issues dealt with by sedentary agents code named ‘0000 0000 0111’, ‘JS0N B0URN3’, etc.

Corporate Insecurities

The attacks on large, well-known corporate entities over the recent past have been much publicized. The alleged origin of some of these high-profile, ongoing, attacks lie in Asia. It is worth summarizing some of these attacks, described as “Advanced Persistent Threats”, as follows:

The origin of some of the attacks mentioned in Table 3 is up for heated debate as the parties concerned accuse each other of skulduggery and conspiratorial activity. In many cases, hard evidence pointing the finger at a specific culprit is rather difficult to gather which provides a level of immunity from risk for the perpetrators.

Targeted attacks on large corporate entities could, no doubt, yield valuable information which can eventually be used for significant financial gain, whether through a transfer of intellectual property, sabotage of competitor infrastructure, or a straightforward theft of classified financial data. The perceived or real benefits from such attacks for the perpetrators provide a clear incentive to invest resources.

Under these circumstances of high reward versus relatively low risk, and given the recent record of security breaches, the trend of targeted cyber attacks against corporations looks set to continue, and probably at an increasing rate.

Malware in Societal Conflicts

Terrorism may be defined as the systematic use of coercive tactics to instil fear in a targeted group as a means to the end of a perceived political gain.

Conflicts between different groups, whether within the bounds of the same sovereign territory or across international frontiers, have existed since the dawn of mankind. Some of the high-profile modern day conflicts involve actors, “state” or “non-state”, based in Asia who resort to forms of terrorism, whose definition and application to any given scenario is highly subjective, in an attempt to seek political mileage or redress against perceived grievances.

Given the advance of technology and the ubiquity of computer systems, many in critical infrastructure, acts of terror have included or are likely to include, at an increasing rate, attacks via binary media, i.e. code, software, etc. These attacks may be described as “Cyber Terrorism”.

Groups involved in international terrorist activities, many based in Pakistan and Afghanistan, include individuals familiar with modern computer systems and communication channels. Groups such as “al-Qaeda” allegedly have a dedicated R&D wing with ‘digital specialists’ successfully exploiting smartphone platforms for the theft of sensitive data. Given the impact it would likely have in spreading anxiety, there is a possibility, nay probability, that attempts will be made to cause the targeted destruction of systems in the future, via the mass deployment of malware, in addition to data theft.

Sometimes civilian bodies have been targeted by groups which are unlikely to be described as “militant”. Rather, it is possible that the civilian bodies themselves may conform to the definition of “militant”, yet another subjective and emotive term. For example, there have been numerous, but intermittent, malware attacks on pro-Tibet groups in recent years, the ones in 2008 just before the Beijing Olympics being widely reported by the media and in various IT security blogs. Many of these attacks involve the use of documents such as PPT and PDF containing crafted exploit code (some attacks have involved browser exploits), mailed to known individuals or posted to various fora. Attacks such as these have been alleged to originate in China , but some or all of them could have involved a social engineering angle, financially motivated, to exploit the media attention attributed to societal conflicts in areas such as Palestine or Tibet . Once again, it is difficult to garner specific evidence to arraign any one party. It remains to be seen how malware might be used in the future against such groups as the number of documented incidents appears to be waning.

The security industry has played, and will continue to play, a role in mitigating and re-mediating many of these attacks since the victims tend to be ordinary civilians, even if specifically targeted on occasion, and visibility of such attacks is relatively high.

To be continued…

Samir Mody
Senior Manager, K7TCL

Re-published by: K7 Computing UK and K7 Computign IRL

Images courtesy of:
cyberlawsinindia.blogspot.com
mumbai.olx.in
http://www.warchat.org