Here are a few articles I found interesting this week:
“Hackers broke into several television stations' Emergency Alert Systems this week and broadcast that zombies were "rising from their graves" and "attacking the living." While a comical hoax, security consultancy firm IOActive warns that this type of behavior is dangerous and not that hard for hackers to do, according to Computerworld. This week it's zombies, but next time it could be something that might make people really panic, such as an anthrax or terrorist attack. IOActive says that devices used by TV and radio stations to air emergency alerts have critical vulnerabilities that make them susceptible to cyberattacks. If these devices are breached, hackers could feasibly broadcast anything they like to millions of viewers and listeners.”
There have been relatively recent stories of lessons learned with credit card processing equipment connected directly to the internet, the lesson needs to be spread to other industries, verticals, and especially critical infrastructure. Industrial systems, power grids, and emergency alert systems have much more potential to cause harm. These systems control parts of the real world, and can result in loss of life.
A hack that steals money is a problem, a hack by a prankster that calls out an obvious hoax like a zombie attack is humorous and enlightening, but a hack performed by a rival nation state or terror organization would be far less humorous and would surely be too late to be enlightening.
“Some 13 percent of home networks in North America were infected with malware in 2012 and about half of that number were hit with high-level threats, according to a new report from Alcatel-Lucent's Kindsight Security Labs. High-level threats assessed by Kindsight included bots, rootkits, and banking Trojans, the security lab said. Kindsight, which this week issued its Malware Report for the fourth quarter of 2012, said home network infections actually decreased in the final three months of last year to 11 percent of all such systems the lab studied.”
That number is pretty high considering the amount of connected North American homes is pretty high. It may also be a large reason for the US being consistently among the top 5 or top 10 spam producers. Many malware infections are simply promulgated in order to generate cash for the malware creator. Sending spam is a relatively easy way to do so, especially since legitimate methods for sending spam have been decreasing steadily.
The statistics are also concerning for a number of other reasons: financial loss, identity theft, corporate intellectual property loss (due to laptops and mobile devices on a compromised home network), and even government intelligence are all showing signs of following the target home where best practices and policies may be more lackadaisical.
“Zero-day vulnerabilities in the most recent versions of Adobe Reader and Acrobat are being actively exploited by attackers, who are emailing malicious PDFs to targets to remotely compromise their PCs. That warning comes from researchers at security firm FireEye, which said it's provided copies of the exploit code to Adobe. "A PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1," according to a security warning posted Tuesday by FireEye.”
This was a banner week for exploitation- Adobe Acrobat, Reader, and Flash, Oracle’s Java, and Microsoft’s IE. When they are actively being exploited it raises the bar, and I know it has been keeping me on my toes. My fear is that many users barely keep up with OS updates, let alone application platforms and frameworks, and the many individual applications that may be installed.
Security is rapidly moving from slower changing known threats, such viruses and worms that can be detected by signature-based anti-malware methods to application layer vulnerabilities that crop up fast and furious and move on to the next issue as soon as the threat is detected and countered.