Showing posts with label Malware. Show all posts
Showing posts with label Malware. Show all posts

Wednesday, 4 June 2014

Avoid an infosec catastrophe – three certifications that help


By 

Cyber-crime divisions of law enforcement agencies around the world took a great step towards defeating hackers responsible for malware such as Gameover Zeus and Cryptolocker, a ransomware that encrypts its victim’s information and demands money in exchange for the decryption key.

The authorities had recently seized control of two computer networks, specifically used for distributing malware to steal sensitive personal information, including banking credentials and passwords.

However, this is only a short-term victory and the UK’s National Crime Agency (NCA) warned people to take action now, in order to protect themselves against possible future attacks. 

Image courtesy of chanpipat/FreeDigitalPhotos.net

Help your organisation stay protected against cyber-criminals; here are three IT security certifications that will help you:

(ISC)2 – CISSP

Due to the increasing complexity of cyber-attacks, the CISSP certification has become one of the most sought after IT security certifications.
As an advanced level certification, the CISSP was designed for experienced infosec professionals. As a CISSP-certified pro, you’ll be an expert in developing and managing security standards, policies, and procedures within your organisation.
To get this certification, you’ll need minimum 5-years of experience in at least two of the following vital topics:
  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

EC-Council – CEH

The Certified Ethical Hacker (CEH) certification is a relatively new credential in the industry, but its importance and influence have increased significantly since its inception. CEH introduces you to the so-called dark side of IT, i.e. the tools and techniques hackers use to attack systems.

With the CEH under your belt, you’ll know how hackers think to find and exploit vulnerabilities. Therefore you’ll also know how to take a more proactive approach and protect against threats by seeing beyond current security tools and policies.

On this course you’ll learn about a wide range of security topics, including but not limited to:
  • Scanning Networks
  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms
  • Social Engineering
  • Hacking Webservers
  • Hacking Web Applications
  • SQL Injection

ISACA – CISM

CISM, developed by ISACA, is a top IT security credential focusing on managing, developing and supervising information security systems and developing security best practices.
This certification addresses the needs of security professionals with enterprise level security management responsibilities. As a CISM certified pro, you’ll have advanced skills in:
  • Security Risk Management
  • Program Development and Management
  • Responding to Incidents
  • Governance, and Incident Management
If you haven't yet taken the necessary countermeasures to protect against cyber-criminals, do it now to make sure your money and data stay safe and intact.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 16 December 2013

Cyber-criminals seek ransomware creation kit


By 


Following the grand-scale damages (12,000 victims per week) caused by Cryptolocker, cyber-criminals are now seeking to mass-produce and customise new forms of ransomware. As we’ve discussed in a previous article, Crytoplocker is an increasingly common Trojan horse malware, which encrypts its victim’s files and then demands a bitcoin payment for the decryption.

According to James Lyne, global head of security research at Sophos, there’s evidence that many cyber-thieves are willing to cash in to get a share from the success of ransomware programs such as Cryptolocker.

Documents have been circulating online looking for developers to write a kit that anybody could use to design their own ransomware. These kits have led to a huge rise in the number of other malicious programs, and by removing the need for any technical skill whatsoever; they are enabling more and more users to commit cyber-crimes for the first time. What’s more, some criminally minded developers even offer technical support for those that get stuck with creating their malicious software.

Because of its high success rates in making victims pay, Cryptolocker is expected to attract even more "investors" and followers, who will try to profit from launching modified versions of the program. "There could be a lot more mainstream cybercriminals looking to go "noisy"," said James Lyne. He also added that "Cryptolocker is very much a deviation from the norm," and “it is a sign of things to come.”

To learn more about the methods and dangers of Cryptolocker, read our previous blog entry and watch the following video: 


About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Tuesday, 10 December 2013

Neverquest – a virus designed to empty your bank accounts


By 
Kaspersky Lab has recently published an article about a new “banking Trojan”, called Neverquest, which is a new Trojan horse virus, capable of recognising hundreds of financial sites, including hundreds of English, German, Italian and Indian banking platforms. This Trojan is particularly dangerous, as it spreads itself via social media, email and file transfer protocols.

How it can drain your accounts

When the infected users try to login to their banking sites the virus reacts by activating itself and stealing user credentials. Neverquest then sends the stolen credentials to its command and control server. After getting the credentials, attackers can use them to remotely log into compromised accounts via virtual network computing (VNC). With this technique, attackers are basically using the victim’s own computer to (potentially) empty their bank accounts, which makes it very hard to distinguish between legitimate transactions and thefts.

When your account is breached...

Once the attacker has complete control over the victim’s account, he can empty it into a different account under his control. However, to make the money more difficult to be traced, attackers often make several transfers to other victims’ accounts, before obtaining the money themselves.

It's not a new thing

Banking Trojans have been around for some time. According to Sergey Golovanov, principal security researcher at Kaspersky Lab, Neverquest is trying fill in some holes in the market:

“After wrapping up several criminal cases associated with the creation and proliferation of malware used to steal bank website data, a few ‘holes’ appeared on the black market. New malicious users are trying to fill these with new technologies and ideas. Neverquest is just one of the threats aiming to take over the leading positions previously held by programs like ZeuS and Carberp.”

To read more about Neverquest, visit the official blog of Kaspersky

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 20 November 2013

CryptoLocker attacks on the rise – SMEs in danger


By 


Imagine the following scenario: you are surfing on the web, checking your emails, opening the attachments and then suddenly your monitor displays a splash screen with a countdown timer and the message “Private key will be destroyed on [date]“, unless you pay. Your PC has just been infected by a relatively new, increasingly common Trojan horse malware, called CryptoLocker. All your photos, videos, documents and other important files have been encrypted and your only option appears to be to satisfy the demands of this ransomware and its creators by paying, hoping that your files will be decrypted and the nightmare ends.


The UK’s National Crime Agency has issued an urgent alert to PC users about CryptoLocker and the threats it poses. As described in the statement, tens of millions of UK customers are receiving emails that appear to be from banks and other financial institutions. However, the primary targets appear to be small and medium businesses.

According to recent reports and the NCA’s warning, the amount of “ransom” demanded by CryptoLocker is 2 Bitcoins (£550 as at 18/11/13).

What can you do against it?

Similarly to many other cases, preventive measures are more useful than trying to find a cure, especially when it’s too late. So what can we do? According to Graham Cluley’s extensive article on the matter, the answer is three-fold.
  • Keep your PC up-to-date with anti-virus and security patches and don’t open unsolicited email attachments.
  • Set a software restriction policy on your PC to prevent executables from running from certain location on your hard drive.
  • Make regular backups of your important data and keep them separate from your computer.
To learn more about CryptoLocker, read the full article on grahamcluley.com

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Tuesday, 30 October 2012

A new Cold War - worlds most complex virus

Stuxnet was what many call a wake-up call to countries around the globe (read about Stuxnet here). Iran has already responded to this attack by amassing the second largest online army in the world. The internet has taken over and is quickly becoming the next platform for war. The only problem is, you don’t know who is waging it.

Stuxnet was a weapon, and the first to be made entirely from code. Since then, several viruses have been identified. One in particular, which has been dubbed Wiper was believed to be deleting data in the Middle East and from computers belonging to the Iranian oil industry.

Future Cyber Security
By DGH source: Technology Moral Dilemma blog
July 1, 211
Wiper was so complex and sophisticated that even Kaspersky, the Russian security could not find the virus or any information on the creator/s. The malware wiped hard drives clean, including its own coding.

But who could finance this kind of technology? It was clearly not a teenage boy in his room doing a prank. This virus had a goal and a target.

The 15 year old security firm did not give up. They eventually found an MD5 hash and file name on computers in Iran. When they put everything together they found something big, of a complexity never seen before… Flame.

Kaspersky Lab researcher Alexander Gostev stated that “Flame is a huge package of modules almost 20mb in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyse”

He added “Overall, we can say Flame is one of the most complex threats ever discovered. In addition, the geography of the targets and the complexity of the threat leave no doubt it being a nation state that sponsored the research behind it.”

Competitor security firm Symantec agreed with Kaspersky, stating that “This code was not likely to have been written by a single individual but by an organised, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian oil ministry.”

Morgan wright – Cyberterrorism Analyst stated that the virus had 20 times more coding in it than Stuxnet, the virus that knocked down Iran’s nuclear centrifuges. He added that Flame was not only designed for recognisance, but also to steal documents, audio data, screenshots and to wipe clean hard drives with important information.

For the victims of Flame, it was like having a spy with direct control of their computer.

Learn how to take Flame and Stuxnet apart and use forensic techniques to uncover the culprits. The EC-Council C|HFI v8 certification course will teach you the entire digital forensics process. You'll learn how to secure the scene, collect evidence, and send it to the lab for testing. You will learn the following:
  • How to investigate cyber crime, and the laws involved
  • Different types of digital evidence, and the examination process
  • The first responder toolkit - how to secure, preserve and evaluate the electronic crime scene
  • How to recover deleted files and partitions in Windows, Mac OS X, and Linux
  • How to use steganography, and the AccessData forensic toolkit
  • Password cracking and how to investigate password-protected file breaches
  • Log capturing and management
  • How to investigate logs, network traffic, wireless attacks, and web attacks
  • How to track emails and investigate e-mail crimes
Train to be the police of the future - get certified.

Here is an interesting video on the deconstruction of the Flame virus:


Friday, 17 August 2012

Cyber Attack on Worlds Largest Oil Company


The world’s largest oil company, Saudi Aramco, has reportedly been struck by a cyber attack. The company stated that almost all of their workstations have been hit by malware, adding that it is similar to the attack on the Iranian systems on April.


Since the report, the company have disconnected their network from the internet and expect their systems to be up and running by the end of the week. As of yet, no one has taken responsibility for the attack but oil-production industrial equipment seem to be unaffected and production of oil has not been altered.

Representatives of the company stated that “The company employs a series of precautionary procedures and multiple redundant systems within its advanced and complex system that are used to protect its operational and database systems”

Since the Y2K scare back in 1999, most of the world’s oil companies started embracing Windows-based systems with the addition of the massive expansion of the Internet there has been a huge increase in the chances of cyber attacks occurring in the energy industry.