Key points: decline in attacks, challenges in securing the retail industry, and an apparent increase in nation state-sponsored cyberattacks
During Q4 ’16, NTT Security researchers observed a noticeable shift in the types of attacks from previous quarters – particularly exhibited by a much narrower scope of attack vectors. Several vulnerabilities such as Oracle Server Backup in the retail industry and Linux password files in the finance industry were specifically targeted – likely indicative of criminals identifying specific flaws and crafting attacks to fit, a sign of more sophisticated and directed efforts.
This shift was also evident in an overall 35 percent decrease in total security-related events across client networks from Q3 ’16 to Q4 ’16, including continued declines of 25 percent in... read more >
Ransomware in the health care industry, the ‘direct cash-back’ revenue model, targeting the Internet of Things (IoT), securing SWIFT networks, and a notable decrease in reconnaissance activity.
During Q3 ’16, NTT Security researchers observed attacks which exhibited the same characteristics as those a year ago in Q3 ’15 – a notable decrease in reconnaissance and an increase in application attacks, with attackers likely maintaining a persistent presence in the target environment.
NTT Security observed a 38 percent drop in security-related events from Q2 ’16 to Q3 ’16. While that seems like an amazing statistic, it included a dramatic 91 percent decrease in reconnaissance and a 64 percent decrease in suspicious activity, which may indicate more of a change in focus than a dramatic fall off in attack volume.
... read more >
Black Energy (BE) malware is back in the news as of early January 2016. This time it is being blamed for contributing to a power outage on December 23, 2015 in Ukraine, which left nearly half the populace in the Ivano-Frankivsk region without power for several hours.
Discovered in 2007, BE was originally designed as a distributed-denial-of-service (DDoS) toolkit but has since evolved to its current state, supporting a multitude of plug-ins. The newest features of the BE malware include:
- KillDisk, a destructive data-wiping utility capable of destroying an estimated 4000 file types, including registry files. This function could render the host unbootable, and depending on the infected host, could have dire consequences. Based on the malware’s typical target set of Industrial Control Systems (ICS), an infected host could prove to be disastrous, not to mention expensive.
- Researchers also identified a previously unknown Secure Shell (SSH) backdoor...
On December 28, Adobe published a new version of Flash Player to secure 19 flaws in its code, updating a version of Flash which Adobe released earlier this month. Today’s release patches these 19 flaws, including multiple zero day vulnerabilities. Of these, CVE-2015-8561 is being actively exploited in the wild.
Adobe states this vulnerability “is being used in limited, targeted attacks” and described it as “an integer overflow vulnerability that could lead to code execution.” The only observed exploitation to date has been via a phishing campaign.
On December 17, Juniper Networks published an out-of-cycle security announcement regarding a severe vulnerability their own security researchers had discovered in ScreenOS. These vulnerabilities affect any products and platforms running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, covered under CVE-2015-7755.
Security researchers discovered the vulnerability during an internal code review and identified two specific issues. The first could allow unauthorized remote administrative access to an affected NetScreen firewall via Telnet or SSH, possibly leading to compromise of the affected system. The second issue, per the Juniper Networks... read more >