Sophisticated spyware attack on WhatsApp hacks mobile phones of users

Despite encrypting every conversation and following best security practices, the Facebook-owned WhatsApp has become vulnerable to a cyber attack.

The messaging service revealed that it found a vulnerability that could allow attackers to infect the WhatsApp users with spyware, just by making them a call.

The vulnerability, dubbed CVE-2019-3568, allowed attackers to infect the device even if the users didn’t answer the call. What the attackers did is exploited a buffer overflow weakness in the app that enabled them to hack the WhatsApp and then the device on which it is running.

Security team at WhatsApp called it an advanced cyber actor which is a rare but very dangerous type of cyberattack. The spyware is different from other malware attacks which are carried out via phishing approaches. Attackers can use spyware to exploit the devices even if the users don’t receive the call.

If a device is attacked, the cybercriminals could gain access to the personal data which is stored on the handset. They could modify things or lock the mobile to demand ransom from the users.

The following versions of WhatsApp were vulnerable to the spyware attack:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15

WhatsApp has responded to the attack and said that it became aware of the vulnerability earlier this month. Within 10 days, the social network released a server-side fix to mitigate the attack. However, dozens of WhatsApp users were already compromised before the fix was issued.

Also read: Cybersecurity threats can cost large organizations US$10.3 million and a mid-sized organization $11K annually, on an average

Further, WhatsApp has also released an update to the mobile app on Monday which will help in avoiding such cyber attacks in the future.

In a statement after releasing the patch, WhatsApp has asked all its users to update the app to the latest version and also keep their operating system updated.

Articles Newss Web Security

Ransomware encounters declined by 60% in 2018: Microsoft report

Machine learning is declining the risks of phishing attacks, but the number of such attacks are still on the rise, finds the 24th edition of the Microsoft Security Intelligence Report (SIR).

Microsoft analyzes over 6.5 trillion security signals every day to get a wide and unique perspective into latest trends in the cybersecurity arena. The company has been releasing the security intelligence report for more than a decade now to share its expert insights with the enterprises.

The SIR this year is reflected on security events in 2018, including overview of security landscape, lessons learnt from it, and best practices that need to be followed. Some of the cybersecurity trends in 2018 included rise in cryptocurrency mining and supply chain compromises, decline in ransomware, and more.

Attackers are increasingly mining cryptocurrency in the background of user systems, without their permission and awareness. This activity significantly consumes bandwidth and causes security risks to users.

Having said that, let’s have a deep dive into the key findings of the Microsoft’s latest security report.

Key takeaways from Microsoft Security Intelligence Report:

1. Ransomware encounters declined significantly in 2018

Ransomware attacks like WannaCrypt and Petya were the biggest security events in 2017. Such attacks locks or encrypt computers and then demands money from users to restore access. It was anticipated that these ransomware attacks will increase in future.

However, the latest report says that ransomware encounter rates have declined by around 60% between March 2017 and December 2018.

The main reason behind this decline is improved detection and education among enterprises. This made it tough for cybercriminals to get what they were intending.

ransomware encounter rate in 2018

Highest ransomware encounter rate:

The highest average ransomware encounter rate per month were found in Ethiopia (0.77%), followed by Mongolia (0.46%), Cameroon (0.41%), Myanmar (0.33%), and Venezuela (0.31%).

Lowest ransomware encounter rate:

On the other hand, the lowest ransomware encounter rates per month were found in Ireland (0.01%), Japan (0.01%), the United States (0.02%), United Kingdom (0.02%), and Sweden (0.02%).

2. Cryptocurrency mining is becoming prevalent

Since the cybercriminals found it difficult to conduct ransomware attacks, they shifted their efforts to cryptocurrency mining. As a result, the cryptocurrency mining is increasing.

While the average ransomware encounter rate in 2018 was just 0.05%, the same for cryptocurrency coin mining encounter was 0.12%.

Cryptocurrencies like Bitcoin and Ethereum work as digital money and can be used anonymously. However, the cryptocurrencies require users to perform some calculations that are resource intensive. While new cryptocurrency coins are released very frequently these days, the calculations are becoming more difficult.

Mining of top cryptocurrencies like Bitcoin is almost impossible, if the immense computing resources are not accessible. As a result, the cybercriminals have turned to a malware that helps them gain access to the computers of victims and then mine cryptocurrency coins. By this way, they can leverage the processing power of hundreds of thousands of computers, rather than one or two.

Highest cryptocurrency mining encounter rate:

Ethiopia (5.58%), Tanzania (1.83%), Pakistan (1.47%), Kazakhstan (1.24%), and Zambia (1.13%) are the five locations with the highest cryptocurrency coin mining encounter rates in 2018.

Lowest cryptocurrency mining encounter rate:

The lowest average monthly coin mining encounter rate was approx. 0.02% in 2018. Ireland, Japan, the US, and China were the locations with lowest rate during the period.

3. Browser-based cryptocurrency mining comes to the scene

Typically, the cryptocurrency miners are installed on the computers of victims in the form of malware. But a new kind of threat has come to scene, where the malware is based entirely within web browsers, which doesn’t need to be installed on the computers.

What cybercriminals are doing is offering a number of services that promise website owner to monetize traffic to their websites without need of advertising. The site owners are asked to add JavaScript code to their webpages. This code starts mining cryptocurrency in the background. When a website is compromised, the attackers can take advantage of the users who visit that website.

These are browser-based cryptocurrency miners that don’t need to compromise the computers. Such miners can impact the computer performance and waste electricity while the users browse the compromised websites.

According to the report, Brocoiner was the most prevalent browser-based cryptocurrency in 2018.

Brocoiner encounter rate

4. Software supply chains are at risk

Attackers try to compromise the development or update process of a legitimate software to gain access to the software and systems of people who use the compromised software.

By injecting the malicious code into the software, attackers can easily gain the same trust and permissions as the software. This has become a primary concern for IT leaders as these attacks are increasing and can make the enterprise IT departments vulnerable.

software supply chain at risk

For example, the first major software supply chain in 2018 was found in March. Microsoft’s Windows Defender ATP blocked a massive campaign that was delivering Dofoil trojan, also called Smoke Loader.

The attackers had replaced the update package of an application with malicious code. This trojan had carried a coin mining payload and exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods.

Windows Defender Antivirus had blocked over 400k infection attempts, in the first 12 hours of the campaign.

Suggested reading: Carelessness of employees leading to enterprise security concerns: Microsoft report

5. Email phishing is still a preferred attack method

Office 365 is the most popular enterprise productivity available out there. Microsoft said that it analyzes over 470 billion email messages per month to scan phishing and malware. In 2018, the phishing messages in inbound emails increased by 250%.

It shows that email phishing is still one of the most preferred attack methods for cybercriminals. Microsoft is rapidly strengthening the email security with anti-phishing protection, detection, and investigation. But, since the emails involve human decisions and judgement, it is a problem to completely get rid of the phishing.

email phishing in 2018

Suggested reading: Office 365 is now the most effective solution at mitigating phish emails

Email phishing lures can come in these forms:

  • Domain spoofing— the email message domain is an exact match with the original domain name.
  • Domain impersonation— the email message domain is a look alike of the original domain name.
  • User impersonation— the email message appears to come from someone you trust.
  • Credential phishing links—the email message contains a link to a page that resembles a login page for a legitimate site, so users will enter their login credentials.
  • Phishing attachments—the email message contains a malicious file attachment that the sender entices the victim to open.
  • Links to fake cloud storage locations— the email message appears to come from a legitimate source and entices the user to give permission and/or enter personal information such as credentials in exchange for accessing a fake cloud storage location.

For full Microsoft Security Intelligence Report (SIR), click here. Microsoft has also created an interactive website to allow users dig into the data specific to the regions.

Cloud Cloud News Web Security

Acronis integrates its anti-malware solution PE Analyzer into Google’s VirusTotal

Backup software and data protection solutions provider— Acronis, is teaming up with VirusTotal, a Google subsidiary that provides service for detection of viruses, worms, trojans, and other malicious content in files and URLs.

As a part of the partnership, Acronis will integrate its machine learning-based malware detection engine called Acronis PE Analyzer into VirusTotal platform.

Execution of malware is rapidly increasing year over year and causing threat to Windows operating systems. As per the leading cybersecurity firm Comodo, over 400 million unique malwares were detected in the top-level domains (TLDs) in the second quarter of 2018 alone. AV-TEST registered nearly 400,000 new malware samples a day, which included trojans, backdoors, ransomware, and cryptojackers.

Acronis PE Analyzer aims to address these threats. It is an effective anti-malware solution that uses machine learning models for detecting any Window PE malware.

The company mentioned that its machine learning model is based on a Gradient Boosting Decision Tree that is integrated with a number of neural network models. This creates a file portrait of the threats on the basis of several static characteristics.

This machine learning model can operate independently without an internet connection, while providing high detection rate.

“Given how quickly data threats are evolving, the nature of data protection is fundamentally changing. Solutions must prevent the malicious attacks that target backups to be effective, which is why Acronis has invested in developing our proactive defensive technologies,” said Oleg Melnikov, Acronis Technology Officer.

“Our mission is to protect all data, however, and incorporating our ML-based engine into VirusTotal is the best way to ensure the entire security industry can benefit from Acronis PE Analyzer’s detection capabilities.”

Also read: Acronis doubles investment in Arizona for AI and blockchain projects

Acronis has built the PE Analyzer as a part of its new cyber protection suite which will be released in 2019. Before launching Acronis PE Analyzer, the company will make several improvements to the solution. These improvements will made on the basis of insights gained by its VirusTotal use.

Last month, Acronis had launched the version 7.8 of its Data Cloud Platform with around 80 new features and advancements.

Articles Business

Think like a hacker to protect your organization from security breaches – Key takeaways from Nuix Black Market Report 2018

Second annual report in the row, Nuix Black Report 2018 is a unique work on cybersecurity landscape. It gets into the hackers’ minds and the insights it draws can help enterprises anticipate, detect and be forearmed against cybersecurity threats.

It concentrates on what happens before the breach – the difference maker being professional hackers’ opinions and observations, regardless of the color hat they typically wear.

A report framed from the attacker’s perspective, it has hackers or professional penetration testers as respondents, who filled in the surveys anonymously online or in person during the week of Black Hat, besides Vegas, and DEFCON, the hacker summer camp.

Chris Pogue, Head of Services, Security and Partner Integration, Nuix, wrote in his post, “The Black Report gives you security “awareness in depth” by cutting through all of the noise and misperceptions about cybersecurity that come from only looking at breaches and incidents in the proverbial rear-view mirror”.

The report provides information on:

  • What attackers target within breached organizations?
  • How long it takes them to breach a network?
  • Which industries are easiest to hack?
  • Which defense mechanisms are challenging to attackers?

It provides the much- needed insights on hackers of current attacks, their opinion of organizational security posture, and the data types at risk.

Some key questions answered for deeper understanding of the nexus between attacker methodology and defensive posture. Let’s dive deep:

What is penetration testing? How pentesters are different from hackers?

Black market report defines a hacker as someone who accesses computer systems or applications without permission, and executes nefarious activities for destruction or personal gain, whereas penetration testers are those professional hackers who operate within a boundary of a legal statement of work that grants them permission to attack their target.

This piece of paper is referred to as a “get out of jail free card” and is the primary difference between a skilled penetration tester and a malicious hacker. In the absence of this document, pentesters are supposed to be engaged in criminal activity.

However, tools and techniques used by both of them are almost same. But, becoming an effective pentester requires a deep understanding of many technical disciplines including web applications, networking protocols, programming languages, and server operating systems.

How long it takes hackers to breach an organization’s perimeter?

When surveyed, majority of respondents said they can breach most of their target organizations, locate critical value data, and exfiltrate that data within 15 hours. They said that food and beverage, hospitality, retail, hospitals and healthcare providers, law firms, sports and entertainment companies are the easiest to attack.

Nuix Black report 2018
Source – Nuix

28% said that network-based attacks were their favorite to execute, closely followed by social engineering (27%) and phishing attacks (22%). Nearly a quarter of hackers surveyed (22%) were complacent, using same techniques for a year or more.

What are the common security issues that continually reappear?

Nuix investigators noticed that the following themes and practices will be the most concerning future threats.

Nuix Black report 2018-future threats

Single-factor authentication; unpatched servers and applications; weak or default passwords; antiquated or end-of-life operating systems; overprivileged users; non-work-related activities on critical systems; no network segmentation; and lack of information about crucial aspects are among the reasons that make organizations vulnerable to such attacks.

Who are the hackers targeting you?

The Black Report also shatters another common perception of cybersecurity, that of a teenage hacker living in the basement. The majority of hackers (57%) worked for medium-sized, large, or enterprise businesses. Three-quarters of respondents were college graduates and nearly one-third (32%) had postgraduate degrees.

According to the 2018 Black Report, 34% of the respondents had been hacking for more than 10 years and 78% did not believe that technical certifications were a good indicator of technical ability.

Almost all the hackers surveyed were motivated by curiosity—86% said they liked the challenge and hacked to learn.

What do organizations need to do differently to protect themselves from hackers?

Breaches are often the result of lack of cybersecurity readiness, early detection, or timely response. So, a holistic approach to cybersecurity is required, that means addressing the before, during and after stages of a potential compromise to prevent it from becoming a full-fledged breach.

Here are some quick picks form Nuix report 2018, to help you address the challenges of cyber – attacks:

1. Build a cyber security incident plan with a hacker

Harlan Carvey, Director of Intelligence Integration, Nuix explains, “Whenever organizations sit down to develop their CSIRP (Computer Security Incident Response Plan), one person isn’t at the table: the hacker. As such, the organization evaluates what data to protect and how to go about protecting it from the position of an insider or a business executive. Might it change things if you understood how someone would attack the organization or compromise its infrastructure?

While developing and implementing a CSIRP, it can be insightful to get an attacker’s view of what constitutes success when breaching an organization. To beat the hackers, you have to think like them.

2. Understand the behavior of hackers and why people commit crimes

Criminological theories explain the behavior of hackers and why they commit crime. You can use these theories to determine the bio-psychosocial aspects of these offenses and develop a clearer understanding of the elements motivating these types of offenses.

Some of them mentioned in the report are:

  • Rational choice theory which states that people are rational actors who make individual decisions after carrying out a cost–benefit analysis.
  • Routine activities theory highlights the importance of the opportunity to commit a crime.
  • Hirschi’s social control theory states that the strength of a person’s bonds with conventional society—much more than the potential punishment if they are caught—dictate whether they are likely to violate laws.
  • Strain theory is useful for explaining illegal hacking motivated by money, ego, status, or malice.

3. Create effective security defenses corresponding to the environment

Organizations of all sizes—private and public, can take hackers’ advice and create meaningful, effective defenses that correspond well with their environment.

Security programs that prevent cyberattacks:

Source – Nuix

Report also suggests security countermeasures that pose a challenge to hackers:

Nuix Black report 2018-countermeasures
Source – Nuix

When asked, over one-third of respondents (34%) said, host system hardening yielded the best results. It was followed by intrusion detection and prevention systems, and endpoint security. The lowest percentages were firewalls and Microsoft’s User Account Control security framework.

53% hackers also suggested that goal-oriented penetration testing was very impactful or absolutely critical (26%) to an organization’s security posture.


The key takeaway from the 2018 Nuix Black Report is that no industry is safe and secure. So, if you want to protect your organization or your personal devices from joining the next botnet, learn and implement the important lessons from the report to fortify your defense strategy.



ZNetLive rolls out Acronis Backup Cloud to provide businesses with constant data availability in changing threat landscape

ZNetLive, India’s leading web hosting and cloud services provider, today announced an expansion of its product portfolio to include Acronis Backup Cloud. The new service delivers reliable hybrid cloud backup to businesses of all sizes, enabling them to completely and efficiently protect critical data in any environment.

With ransomware attacks growing in frequency and complexity, business data is continuously at risk. Security experts and the FBI agree that with more cybercriminals trying to earn easy money, ransomware attacks will continue to be more frequent, especially among corporate and small business environments.

Backups are widely considered the ultimate defense.

“For any business, data is imminent for its survival. Data security is utmost as no successful business can afford a minute of downtime. With organizations tasked to protect increasingly heterogeneous and complex environments spanning across physical, virtual and cloud systems, choosing the right data protection mechanism becomes a herculean task.

Thus, we have rolled out the Acronis Backup Cloud solution – the most effective cloud backup that ensures business continuity by addressing all backup and recovery challenges of the enterprises across different infrastructures,” said Munesh Jadoun, Founder & CEO, ZNetLive.

Acronis Backup Cloud provides the most secure solution to fight the growing threat of ransomware. In addition to storing data in the cloud and out of the reach of hackers, the service includes Acronis Active Protection, a built-in anti-ransomware solution that:

  • Leverages advanced machine learning and artificial intelligence-based technology to monitor systems in real time to actively detect an attack.
  • Stops suspicious computer activities immediately to prevent unauthorized encryption, modification or alteration of files, applications, and systems.
  • Notifies users of potential threats and automatically restores any files affected in an attack.

The real-time protection from Acronis Active Protection helps businesses avoid costly downtime, which otherwise would be required to recover from a ransomware attack.

ZNetLive knows that modern IT pros need effective solutions that effectively address modern IT challenges,” said Lian Wee Loo, Acronis Senior Director of Cloud Business in APAC and Japan. “In the face of growing threats like ransomware, we’re proud to partner with a company that is equally committed to protecting their customers’ data. We look forward to a great relationship with ZNetLive.

For more information, visit

For this rollout, ZNetLive has partnered with KMI Business Technologies, the primary distributor for Acronis on-premise and cloud backup solutions in India.

Articles Cloud News New Products

“IT managers can’t tell you how 45% of their bandwidth is consumed”: Dirty Secrets of Network Firewalls report

One-in-four IT managers could not identify around 70% of network traffic, revealed a new report “The Dirty Secrets of Network Firewalls”. On average, 45% of the network traffic was going unidentified.

The report is result of a survey of 2700 IT decision makers across ten countries, by leading network and endpoint security provider- Sophos.

The most crucial finding of the survey was that most firewalls were failing to do their job adequately. The organizations had lack of visibility into the network traffic. Since, it was not visible, it could not be controlled.

Dirty Secrets of Network Firewalls

  • 84% of IT pros concerned about security due to lack of visibility into network traffic

84% of the respondents agreed that lack of application visibility was a serious security concern for their business and could impact effective network management. It could result in ransomware, malware, data breaches and other advanced threats.

The increased use of encryption, browser emulation, advanced evasion techniques were the factors that impacted the ability of network firewalls to provide adequate visibility into application traffic.

  • Organizations spent an average of seven working days per month in remediating infected machines

According to the report, the small-sized enterprises spent an average of five working days to remediate 13 machines per month. On the other hand, the large enterprises spent an average of ten working days to remediate 20 machines per month.

Overall, on average, the organizations spent around seven working days to remediate 16 infected machines per month.

The organizations were looking for an integrated network and endpoint security solution that could halt the threats. 99% of IT managers wanted a firewall technology that can automatically isolate infected computers.

79% of the IT managers wanted better protection from their current firewall, while 97% expected firewall protection from the same vendor which allowed direct sharing of security status information.

  • Other risks to businesses due to lack of visibility into network traffic

Other than the security risks, the lack of visibility concerned organizations on other aspects as well.

52% of IT managers said that lack of network visibility negatively impacted the business productivity. They could not prioritize the bandwidth for critical applications.

“For industries that rely on custom software to meet specific business needs, an inability to prioritize these mission critical applications over less important traffic could be costly,” revealed Sophos report.

50% of the respondents who invested in custom applications were unable to identify the traffic. It significantly impacted the return on investment.

  • Key findings of “The Dirty Secrets of Network Firewalls” survey:
  1. An average of 45% of network traffic was going unidentified, and hence couldn’t be controlled.
  2. 84% organizations concerned about security.
  3. 53% organizations concerned about productivity.
  4. 79% IT pros wanted better protection from current firewall.
  5. Organizations dealt with 10-20 infections per month.

Also read: Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report

The survey was conducted in October and November 2017, where IT decision makers in ten countries including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, India, and South Africa, were interviewed.


Acquisition of SiteLock by ABRY Partners strategically positions it for growth and product innovation

Global leader in cloud-based website security solutions – SiteLock, has announced that it has been acquired by the leading private equity firm – ABRY Partners.

SiteLock’s CEO and President – Neill Feather, considers this acquisition an opportunity to accelerate the company’s growth and increase its cybersecurity product portfolio.

SiteLock provides cloud-based website security solutions and protects more than 12 million websites around the globe. Its primary mission is to protect organizations from the ever-increasing cyberthreats and attacks.

St. Jean, Partner at ABRY Partners, considers Acquisition of SiteLock by ABRY Partners  as a strategic step towards supporting their innovation across new products, both organically and inorganically.

He said, “As threats become more complex and frequent, organizations need a comprehensive and reliable solution to protect their online presence. We believe SiteLock is well positioned to continue to be the go-to partner for website security needs.

Cyberattacks are becoming more and more hazardous these days with the high-risk probability of data breach, loss and theft.

During the fourth quarter of 2017 the average website experienced more than 44 attacks per day, and there was a 90 percent rise in the number of businesses targeted by ransomware for a total $5 billion financial impact. We are excited to work with the team at ABRY to continue to develop new products and solutions to support and protect our customers.” – said Feather. More such findings were revealed in the SiteLock Website Security Insider Q4 2017 report.

Tomas Gorny – CEO of UnitedWeb Inc. (former parent company) also commented on the acquisition and said, “We’re proud to have supported SiteLock for more than 10 years as it has grown to become the leading provider of website security solutions.

SiteLock was also named as the fastest growing software company in Arizona by Deloitte.

On the other hand, ABRY Partners, with an expertise of almost 30 years in media, communications, business services and information sector, stands as one of the most experienced private equity firms investing in North America and Europe regions.

Acquisition of SiteLock by ABRY Partners will help SiteLock extend its services in the small and medium sized business (SMB) market.

The financial terms of the deal have not been revealed yet, though the deal was closed on 5th April 2018, as per the market reports.

News Web Security

India faced over 53,000 cyberattacks in 2017: CERT report 

More than 53,000 cyber security incidents took place in India last year, as per a report by Indian Computer Emergency Response Team (CERT-In).

The report was submitted to Indian Parliament by IT Minister Ravi Shankar Prasad, where he mentioned that these cybersecurity incidents included website intrusions and defacements, virus and malicious code, phishing, scanning and probing, ransomware, as well as denial of service attacks.

“As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 44679, 49455, 50362 and 53081 cyber security incidents were observed during the year 2014, 2015, 2016 and 2017, respectively,” wrote Ravi Shankar Prasad in a reply to Rajya Sabha (Indian Parliament).

The current data shows that the cyberattacks are rapidly increasing every year. While the rise in cyberattacks was low in 2016, it tripled in 2017 when compared to 2016.

“With the proliferation and vast expansion of Information Technology and related services, there is a rise in instances of cybercrimes including financial frauds, using bank cards and e-wallets in the country like elsewhere in the world,” he added.

As per the data by NCRB (National Crime Record Bureau), over 9622, 11592, and 12317 cases related to cybercrime were registered in 2014, 2015, and 2016, respectively.

Indian government has taken several legal, technical and administrative steps to control cybercrime. In 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) was established for the protection of critical infrastructure in the country.

Digital India’ campaign is among leading initiatives by the Indian Government to develop the country. It is empowering Indian citizens by enhancing connectivity, improving electronic delivery of government services, etc. However, the more India is moving toward digitalization, the more is the increase in cybercrime.

Also read: Bitcoin price drops below $9000, following cryptocurrency ban in India

Apart from NCIIPC, the government has set up cybercrime cells in all states and union territories.


McAfee Labs’ Threat Report for Q3 2017 identifies 57.6 million new malware samples – an increase of 10% from Q2

McAfee, one of the leading cybersecurity companies, released its Threat Report for December 2017. The report identifies the growth and trends of latest malware, ransomware and malicious cyber threats in Q3 2017.

According to the report statistics, new malware sample count in Q3 touched 57.6 million, which is an increase of 10% from Q2. With this, the total count in the McAfee Labs sample database has now reached more than 780 million. The potential reason behind this increase is the availability of exploit kits and dark web sources.

The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” said Raj Samani, McAfee’s Chief Scientist.

Amongst industries, health and public sectors were the worst affected, accounting to more than 40% of the total incidents.

Source: McAfee Labs Threat Report, December 2017

Account hijacking followed by leaks, malware, DDoS were the top attack vectors.

Source: McAfee Labs Threat Report, December 2017

The total mobile malware was found to be increasing, reaching 2.1 million samples, with 60% increase in new mobile malware, probably due to Android screen-locking ransomware.

Source: McAfee Labs Threat Report, December 2017

The attackers are taking advantage of the known vulnerabilities, like CVE-2017-0199 vulnerability in Microsoft Office.

The report identified new variations of Trickbot banking Trojan which featured code that embedded the EternalBlue exploit. It was the exploit responsible behind massive WannaCry and NotPetya ransomware attacks in Q2.

Attackers, despite Microsoft’s security patches updates, were able to combine the known vulnerability with other features like cryptocurrency theft, making these Trickbot versions one of the most active banking trojans during Q3.

The year 2017 will be remembered as the time when such vulnerabilities were exploited to orchestrate large-scale cyber events, including the WannaCry and NotPetya ransomware outbreaks, and high-profile breaches such as at Equifax,” – said Steve Grobman, Chief Technology Officer at McAfee.

Fileless threats were also identified to be a growing concern in Q3, including high growth in PowerShell malware (up to 119%). Emotet banking trojan was one of the most prominent in Fileless threats.

In the ransomware space, Lukitus ransomware – a new version of Locky Ransomware, was distributed via more than 23 million spam emails within the first 24 hours of the attack.

The research team at McAfee also found that DragonFly 2.0 malware which was discovered in early 2017, has affected organizations that were not made public including pharmaceutical, accounting and financial services.

The actors involved in the DragonFly 2.0 attacks have a reputation for initiating attacks for the purpose of conducting reconnaissance on the inner workings of targeted sectors—with energy and pharmaceutical confirmed as top priorities,” said Christiaan Beek, McAfee Lead Scientist and Principal Engineer.

Find the complete report, here.



Every Wi-Fi enabled device vulnerable to a new security attack called KRACK

Security researchers have discovered weaknesses in the WPA2 (Wi-Fi Protected Access II), the security protocol for most modern Wi-Fi networks. An attacker within the range of victim can interrupt credit card numbers, passwords, photos, and other sensible information using the bug called KRACK (Key Reinstallation Attacks).

What this means is that the security built into Wi-Fi is likely ineffective, and we should not assume it provides any security. If the security problem which researchers have discovered is true, then it will be very difficult to fix it. Because the WPA2 is built into almost every internet connected device.

During the initial research, it was found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of attacks. The attacks against Linux and Android 6.0 or higher devices could be devastating because these devices can be tricked into (re)installing an all-zero encryption key. Currently 41% of Android devices are vulnerable to this attack.

It is also possible that attackers can inject and manipulate data depending on the network configuration, such as ransomware or other malware data into websites.

US Homeland Security’s cyber-emergency unit US-CERT confirmed the news of vulnerability on Monday and described the research this way- “US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”

Most of the protected Wi-Fi networks including personal and enterprise WPA2 networks are affected by the KRACK and are at risk of attack. All the clients and access points that were examined by researchers were vulnerable to some variant of the attack. The vulnerabilities are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.

“The weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network. If your device supports Wi-Fi, it is most likely affected,” said Mathy Vanhoef, a computer security academic, who found the flaw.

Changing the passwords is not going to work even if you set a strong one. So, update all your devices and operating systems to the latest versions. As of now, users can protect themselves by sticking with sites that have HTTPS security, and keeping the Wi-Fi off. Since the security issue is related to Wi-Fi, the attacker has to be within a range, and the odds of widespread attacks are apparently low.

Also read: Many organizations unprepared for DNS attacks, reveals new global survey

The warning came at Black Hat security conference, and is scheduled to be formally presented on November 1 at ACM Conference on Computer and Communications Security (CCS) in Dallas.

Page 1 of 2
1 2