Malware threats on the rise

Security vendors see commercialization of vulnerabilities and something else new: ransom malware

Vulnerability auctions, do-it-yourself malware kits and ransomware are some of the security trends that have emerged so far this year, according to two new security reports.

“Web Security Trends Report,” a quarterly report by Finjan Software’s Malicious Code Research Center, focuses on the commercialization of malicious code. Sophos’ “Security Threat Management Report” examines the top malware threats in addition to new ones such as ransomware. Computers infected with ransomware block users from accessing their files and display menacing messages demanding money.

A startling trend discovered by Finjan’s security team involves hackers participating in vulnerability auctions in which they sell newly discovered security vulnerabilities to criminals rather than disclose them to vendors who could develop patches to fix the flaws.

Web sites such as Full Disclosure — well-known in the security community — offer auctions in which the highest bidder buys previously unknown vulnerabilities. The report shows examples of a hacker offering to sell information about flaws in Microsoft’s Internet Explorer Version 7.

There is also a market for products that package vulnerabilities into easy-to-use toolkits, said Yuval Ben-Itzhak, chief technology officer at Finjan. The industry has entered an era in which vulnerabilities are becoming commercialized, he said.

“Vulnerabilities are not just being used by technical people,” he said. Malware toolkits enable nontechnical people to exploit vulnerabilities.

A Russian Web site offers one such product, Web Attacker Toolkit. It lets individuals embed malicious code into their Web sites. Anyone who buys the kit can create a malicious Web site that installs spyware on victims’ machines when they visit the site. The product, which costs $100 to $300, is available with support and update services like any legitimate software product.

In addition, Finjan’s research shows that some spam now contains malicious content or links to malicious Web sites and can be used to carry out blended attacks. To combat those new trends, people should consider using behavior analysis software to determine whether software code is legitimate before allowing it into a network, Ben-Itzhak said.

Meanwhile, members of Sophos’ security team are seeing malware writers shift from mass attacks on general Internet users to focused attacks on small, specialized groups of Internet users, said Ron O’Brien, senior security analyst at Sophos. One of their weapons is ransomware.

One example is Zippos, which emerged in March. It encrypted user files and demanded that users pay $300 to stop the attack. Ransom-A prevented its victims from accessing their computer data until they paid a ransom of $10.99 via Western Union. It threatened to delete files every 30 minutes, the Sophos report states.

Several Sophos customers have been infected with ransomware, O’Brien said. However, the firm’s experts analyzed ransomware code and discovered the password to unencrypt locked files. Sophos then posted the password on the company’s Web site to help other victims.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group