A denial-of-service attack was launched against the WikiLeaks site. WikiLeaks supporters retaliated. Credit: Sophos.com
In the second half of 2010, no single topic dominated cybersecurity news more than WikiLeaks. From the initial document leak to the subsequent denial-of-service attacks launched against PayPal, Amazon, MasterCard and Visa, even the least tech-savvy person seemed to have an opinion about WikiLeaks and its founder, Julian Assange.
In a report titled “Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites,” researchers at Harvard University found that several high-profile media and human rights websites fell victim to DDoS attacks in 2010.
Those attacked included blogging platform WordPress, Twitter, and websites for the Australian Parliament, the Motion Picture Association of America and the Recording Industry Association of America. The latter two were all struck by the online forum 4Chan for their connection with shutting down the file-sharing service The Pirate Bay. And PayPal and MasterCard were targeted for DDoS attacks in December because they cut off customers from sending money to WikiLeaks).
Security breaches like these have been labeled “hacktivism” — they are not carried out for financial gain, but because the hackers disagree with the objectives or practices of the targeted sites. Hacktivism attacks such as these are “the future of cyber protests,” PandaLabs researcher Sean-Paul Correll said.
Gadgets and Smartphones
Smartphones and tablet computers give their owners the freedom to stay connected wherever they go. It’s a feature that cybercriminals couldn’t be happier about.
“Mobile devices may offer unsuspected vectors for malicious code,” said Don Jackson, director of threat intelligence for the cybersecurity company SecureWorks.
A vector that poses perhaps the most serious threat is online banking transactions done via phone, especially on the iPhone and its iOS.
Patricia Titus, vice president and chief information security officer at Unisys, an information technology firm, summed up the situation.
“Where the money is, that’s where the criminals are going,” Titus told SecurityNewsDaily.
Unfortunately, the adage of safety in numbers doesn’t ring true in the case of cybersecurity.
The massive popularity of the iPhone and other devices running iOS like the iPad mean “the iPhone and the many services hosted on these devices certainly become a more valuable and sought-after target,” said Kurt Baumgartner, senior malware researcher at Kaspersky Lab.
Even Internet-connected gaming systems such as the Xbox aren’t invulnerable to corruption, Jackson told SecurityNewsDaily. Any device, especially those with USB-storage capabilities, can be employed by criminals to access information or infect systems with corrupted software.
It’s up there, floating above you. It’s adding a huge level of convenience to everyday computing, with remote servers handling processing and data storage duties traditionally conducted by personal computers.
But the forecast could turn gloomy.
A piece of malware was recently detected in the cloud-based file-sharing service Rapidshare (www.rapidshare.com). The malware, called Trojan-Dropper.Win32.Drooptroop.jpa worried Kaspersky Lab researcher Vicente Diaz because it didn’t appear in the body of the Rapidshare link, and therefore was able to evade traditional security filters.
As more and more companies move their programming duties to these vast remote servers, analysts believe cybercriminals will adapt to the new landscape and develop methods of compromising data in the cloud.
In December, a social engineering scam spread virally through Twitter, tricking users into believing they had a computer virus, and then persuading them to download antivirus software. Credit: Sophos.com
It’s not entirely new, but social engineering attacks – scams that use psychological manipulation to persuade people to divulge sensitive information or to purchase fake antivirus software — will continue to be a threat in 2011. Again, it’s a case of danger in numbers.
Those numbers hover somewhere around 500 million, which is the amount of people who use Facebook. Social engineering attacks thrive on Facebook and Twitter because of the enormous pool of potential victims, many of whom are maintaining a constant Facebook connection on their smartphones.
The Nigerian fraud scam is an example of a social engineering attack – the e-mails promised a large sum of money would be sent to people who wired the scammers a small “advance fee,” usually through Western Union.
“Variations on the Nigerian scam continue to exist and work, which seems ridiculous to talk about, but they are ongoing,” said Kaspersky Lab’s Baumgartner. “Social networking delivery and social networking related threats, like those abusing Twitter trends, Google’s hot topics and using Facebook and MySpace to deliver links and malware will continue.”
Looking forward to 2011, Baumgartner added that social engineering attacks have become “more convincing, more anonymous, more international and more professionally done.”
A contributing factor to the dangerous efficiency of social engineering attacks is the URL shortener, a program – there are several, including bit.ly and tinyurl.com – that condense long website addresses to better fit the character limits in Twitter and Facebook messages. URL shorteners are seen as dangerous in the cybersecurity world because attackers can use the shortened address to hide malware.
In late December, a computer science student named Ben Schmidt took the URL-shortener danger a step further, when, as a proof-of-concept experiment, he designed what he called the “Evil URL Shortener,” which not only condensed the Web address, but simultaneously launched a DDoS attack against the website of the user’s choice.
“A malicious shortener could essentially take you anywhere it pleased, and the user would be none the wiser,” Schmidt said.
First detected in June, the Stuxnet computer worm became a hot topic in 2010 – and will continue to be in 2011 – because it upped the ante of what malware can do on a global level.
Stuxnet, a piece of malware that targets computers running Siemens software used in industrial control systems, was found to be deployed to attack Iran’s Bushehr nuclear power plant.
The fact that this malware was sent, presumable by a nation-state as opposed to an individual criminal, heralded a dangerous new landscape of global cyberwarfare, one that researchers believe will continue into 2011.
Similarly, January’s “Aurora” attack launched by China against Google and 34 other high-profile companies, was of such a sophisticated nature that “it’s totally changing the threat model,” said Dmitri Alperovitch, vice president of threat research for McAfee.
As protesters flex their digital muscles, companies seek to increase their productivity by looking to the clouds, and Facebook continues its reign of social supremacy, 2011 could be a banner year for cybersecurity. Who will be holding the pennant is anyone’s guess