McAfree releases "Threats Report: Second Quarter 2013"

A recent blog post by McAfee, a computer software company and subsidiary of Intel Corporation, introduced readers to the McAfee Labs cyberthreat report for the second quarter of 2013.  McAfee Threats Report: Second Quarter 2013 was prepared by McAfee Lab's personnel Toralv Dirro, Paula Greve, Haifei Li, François Paget, Vadim Pogulievsky, Craig Schmugar, Jimmy Shah, Ryan Sherstobitoff, Dan Sommer, Bing Sun, Adam Wosotowsky, and Chong Xu. According to the Report's introduction

McAfee Labs researchers have analyzed the threats of the second quarter of 2013. Several trends are familiar: steady growth in mobile and overall malware. A cyberespionage attack against South Korea and a further increase in worldwide spam are further attention grabbers
....
Publicly reported data breaches have averaged a relatively flat line for the past three quarters. Outsiders steal data more often than insiders, but this is one threat area in which our data comes from victims, who may not feel like exposing all of their weaknesses. MySQL still leads enterprise databases in the number of reported vulnerabilities.

As detailed in McAfee's blog post, written by Robert Siliciano, the Report found four major areas in which the cybercriminal community is executing its attacks: (1) "Malicious apps on Android-based mobile devices," (2) "Infecting websites to distribute malware" (3) "Holding your devices hostage with ransomware" and (4) "Sending spam promoting fake pharmaceutical drug offers." Both the blog post and the Report provide for a very interesting take on the current state of cybercrime.

Read More

Forget the theoretical - what hacking back looks like in the real world

There have been many posts and links on Cybercrime Review discussing the legal implications of hacking back - see my collection of those posts, here: Hacking Back - are you authorized?  A discussion of whether it's an invitation to federal prison or a justified reaction/strategy?. What is lost in these discussions is a strong foothold in real world examples. Well, now we have a recent, real life "hack back" to look upon - the Republic of Georgia's counter-espionage hack of a supposed Russian perpetrator who was propagating malware for the purposes of espionage against Georgia. This is a must read.

Here's the story from IT world: Irked by cyberspying, Georgia outs Russia-based hacker -- with photos

And here is the Georgia CERT report: CYBER ESPIONAGE -- Against Georgian Government - (Georbot Botnet)

A quick summary for those who don't want to follow the links -- Georgia had been getting attacked and mined for information from a botnet, and this included infiltration of government entities. Fed up with this, the Georgian government decided to take action:  (taken from a ZDNET article about the same):

In order to lay the bait after the attacks increased in severity over the course of 2011, Georgia allowed a computer to be infected on purpose. Placing a ZIP archive named "Georgian-Nato Agreement," once opened, the investigator's own malware was installed. 

While the alleged hacker was being photographed, his computer was rapidly mined for sensitive documents. One Word document contained instructions on who and how to hack particular targets; as well as website registration data linked to an address within Russia.

As mentioned above, there are pictures of the Russian hacker in the report - part of the malware the hacker had been propagating (against Georgia) enabled webcams and took photographs. Georgia CERT experienced sweet revenge when this functionality was turned on the hacker himself.

Does this example change your opinion of "hacking back?"

Read More

Google Play app containing malware may have been downloaded 100,000 times

Symantec blogger Irfan Asrar has found malware in the Google Play market known as Android.Dropdialer that sends text messages to premium-rate numbers, resulting in expensive charges on the user's phone bill. The malware, hidden in downloads entitled "Super Mario Bros." and "GTA 3 Moscow City," was available for download for over two weeks and may have been downloaded nearly 100,000 times.

Google attempts to scan all apps in the market for malware, but as here, some apps fall through the cracks when the actual harmful code is downloaded by the app after the initial download from Google Play (full process explained here).

Here are a few tips to follow to help ensure you avoid malware:

1. Read online reviews. Most malware will not function as a normal app.
2. Never download apps outside of the market for your phone.
3. Check out the publisher to see what other apps they offer. Research the company to be sure it is the actual developer (some malware will have the same name but be listed under a different publisher).
4. Review permissions that the app requires. Games, for example, do not need access to make phone calls or see your contacts.
5. Get antivirus protection for your phone.

Trend Micro predicts an epidemic of Android malware by the end of 2012.

Read More