{"id":5198,"date":"2014-12-12T05:06:33","date_gmt":"2014-12-12T10:06:33","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5198"},"modified":"2019-11-22T10:15:46","modified_gmt":"2019-11-22T10:15:46","slug":"security_trends_2014","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/security_trends_2014\/5198\/","title":{"rendered":"From Ransomware to Anonymous Browsing: Ten 2014 Tech Trends"},"content":{"rendered":"<p>If December means predicting the new year in the security world, then it also means recapping the year that\u2019s about to end. And that\u2019s just what Kaspersky Lab\u2019s Global Research and Analysis Team has done with this list of ten emergent trends in the Internet security industry in 2014.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/eh3IdYR3hg0?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p><strong>A Bevy of Advanced Persistent Threats<\/strong><\/p>\n<p>APT groups certainly didn\u2019t slow down in 2014. Kaspersky Lab researchers tracked published their own research on at least six distinct attack groups. There was the Spanish language \u201cCareto\u201d campaign back in February, which had been active for some seven years prior. Careto (AKA the Mask) relied on an easily modifiable, cross-platform malware kit designed to steal sensitive information from government agencies, embassies, energy companies, research institutions, private equity firms and activists in 31 countries around the world.<\/p>\n<p>There was also the versatile Epic Turla campaign that emerged a month or so later in March targeting its victims with a series of zero day exploits Adobe Acrobat, Windows XP and Microsoft server 2003 as well as a number of watering hole attacks targeting vulnerabilities in Java, Adobe Flash and Internet Explorer.<\/p>\n<p>In June another group made off with a half million Euros in a single week after targeting the clients of a large European bank as part of a campaign dubbed \u201cLuuuk.\u201d Kaspersky Lab wasn\u2019t able to obtain any malware samples in this attack, but they believe it stole usernames, passwords and one-time passcodes, which were used to check victim account balances and perform transactions automatically. Later in June a new version of the \u201cMiniDuke\u201d campaign, called \u201cCosmicDuke,\u201d emreged, targeting governments, diplomatic agencies, energy firms, military groups and telecom operators. Oddly, the campaign also targeted criminal groups involved in trafficking illegal substances such as steroids and growth hormones.<\/p>\n<p>Kaspersky Lab reported on the Crouching Yeti attack group in late July as it sought intellectual property and other sensitive information from targets in Syria, Turkey, Saudi Arabia, Lebanon, Palestine, the United Arab Emirates, Israel, Morocco, France and the United States from IP blocks in Syria, Russia, Lebanon, the United States and Brazil.<br>\nAnother key campaign was DarkHotel, reported in November, in which attackers infected the networks of hotels in the Asia-Pacific region in order to install malware on the machines of corporate execs as they travelled around the world.<\/p>\n<p><strong>Big Vulnerabilities and the Internet of Things<\/strong><\/p>\n<p>Kaspersky Lab researchers saw an unsettling convergence of bugs effecting nearly everyone online and the hyper-adoption of so-called \u201cInternet of Things\u201d devices that are closer to our lives than the traditional computer. Widespread bugs like Heartbleed and Shellshock (AKA Bash) existed in an unknown number of systems for long periods of time. Their full impact is now and will likely remain unknown. While adoption rates of seemingly futuristic devices like connected home appliances and IP-enabled thermostats are still relatively low, modern homes are in fact loaded with connected devices like Smart TVs, routers, mobile devices, traditional computers and gaming systems. These devices contain vulnerabilities just like any operating system, software or application, and these vulnerabilities, like Heartbleed and Bash, could remain on a device for years without the user even being aware. Problematically, these devices are often more difficult to update than the traditional computers and software platforms. As Kaspersky\u2019s David Jacoby realized earlier this year, the modern home is shockingly vulnerable to hacking.<br>\n<\/p><blockquote class=\"twitter-pullquote\"><p>#KLReport: the modern home is shockingly vulnerable to hacking<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F8SAY&amp;text=%23KLReport%3A+the+modern+home+is+shockingly+vulnerable+to+hacking\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Mobile Malware Still on the Rise<\/strong><\/p>\n<p>From 2004 through 2013, Kaspersky Lab analyzed some 200,000 mobile malware samples. This year alone, Kaspersky Lab as analyzed 295,539 samples. Most mobile threats are designed to pilfer banking credentials and ultimately to steal money. However, in 2014, Kaspersky researchers note that mobile ransomware and fake antivirus malware emerged as well. Furthermore, Apple iOS mobile operating system was targeted by the WireLurker malware, which is \u2014 by all accounts \u2014 the first piece of malware capable or targeting iOS devices that aren\u2019t jailbroken.<br>\nSpeaking of Ransomware\u2026<\/p>\n<p>Whether they were blocking access to user devices or encrypting all of the files on an infected machine, ransomware had a big year. There was CryptoLocker, CoinVault, ZeroLocker and any number of other pieces of malware that attempted to make users pay money, typically bitcoin, in order to make their computers work again. Some experts believe ransomware has a bright future, but there are certainly ways to combat it:<\/p>\n<p>\u201cRansomware operations rely on their victims paying up,\u201d the Kaspersky research team explains. \u201cDon\u2019t do it! Instead, make regular backups of your data. That way, if you ever fall victim to a ransomware program (or a hardware problem that stops you accessing your files) you will not lose any of your data.\u201d<\/p>\n<p><strong>ATM Skimming<\/strong><\/p>\n<p>Mechanisms and malware designed to either steal money or sensitive consumer financial information from ATMs are not new by any means, but skimmers had a big year in 2014. One particularly sophisticated example was the \u201cTyupkin\u201d malware. Criminals in Asia, Europe and Latin America first gained physical access to ATMs before loading Tyupkin onto them via CD. After this the infected machines reboot and are under the control of the attackers. From there the criminals behind the scheme sent mules along to enter unique codes into the ATMs and dispense cash, but only at certain times in order to prevent that scam from being recognized as such.<\/p>\n<p>\u201cThe upswing in ATM attacks in recent years is a natural evolution from the more well-established method of using physical skimmers to capture data from cards used in ATMs that have been tampered with. Unfortunately, many ATMs run operating systems with known security weaknesses. This makes physical security even more important; and we would urge all banks to review the physical security of their ATMs.\u201d<\/p>\n<p><strong>Every Bug a Zero Day for XP<\/strong><\/p>\n<p>Microsoft no longer provides support for Windows XP. That means that on Microsoft\u2019s monthly patch Tuesday bulletins, where the company releases fixes for security vulnerabilities, there are no longer any fixes for Windows XP bugs. In other words, every single Windows XP vulnerability from April 8, 2014 until the end of the world is a zero day. This wouldn\u2019t be such a big deal, but Windows XP still command nearly 14 percent of the desktop operating system marketshare. Beyond the consumer, devices like ATMs, critical infrastructure systems, medical devices and even the computers at many banks and doctors\u2019 offices are still running XP and handling highly sensitive data and operations at the same time. So while XP may have lost support in 2014, it\u2019s likely to remain a popular target moving forward.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>#KLReport: , every single Windows XP vulnerability from April 8, 2014 until the end of the world is a #0day\u00a0<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F8SAY&amp;text=%23KLReport%3A+%2C+every+single+Windows+XP+vulnerability+from+April+8%2C+2014+until+the+end+of+the+world+is+a+%230day%C2%A0\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>The Tor Netowrk<\/strong><\/p>\n<p>The anonymous browsing service Tor really hit the mainstream in 2014. Researchers here note that Tor usage spiked this year, in large part due too privacy concerns in the wake NSA whistleblower Edward Snowden\u2019s government surveillance revelations. Unfortunately, the Tor network is also a hotbed for criminal activity. Servers can operate on Tor too and are known as \u201chidden services.\u201d These hidden services offer marketplaces for all sort of illegal goods and services. In fact, if you can dream it, you can probably buy it browsing on Tor in an underground marketplace.<\/p>\n<div class=\"pullquote\">Unfortunately, software isn\u2019t neatly divided between good and bad programs. There\u2019s always the risk that software developed for legitimate purposes might be misused by cybercriminals.<\/div>\n<p><strong>Morally Ambiguous Software<\/strong><br>\n\u201cUnfortunately, software isn\u2019t neatly divided between good and bad programs,\u201d Kaspersky\u2019s researchers wrote. \u201cThere\u2019s always the risk that software developed for legitimate purposes might be misused by cybercriminals. At the Kaspersky Security Analyst Summit 2014 in February we outlined how improper implementation of anti-theft technologies residing in the firmware of commonly used laptops and some desktop computers could become a powerful weapon in the hands of cybercriminals.\u201d<\/p>\n<p>Indeed, I wrote about the mysterious Computerace backdoor at the Black Hat security conference this year, and it serves to demonstrate an interesting phenomenon: well-meaning software whose legit purposes can be exploited by people with ill-intentions.<\/p>\n<p>However, there is another side of this coin: \u201clegal\u201d software that performs ethically questionable behavior. One such example was the \u201cRemote Control System\u201d (RCS) developed by an Italian company called Hacking Team. RCS and platforms like it are technically legal, but despotic regimes use these tools to spy on dissidents and civil right\u2019s groups both within their borders and beyond.<br>\nKaspersky Lab\u2019s researchers stand by their policy to detect and remediate any malware attack, regardless of its origin or purpose.<br>\nPrivacy vs. Security<\/p>\n<p>We continue to struggle with the desire for privacy but the failure to maintain it in part because we don\u2019t want to be encumbered by the inconvenience of security. The iCloud celebrity photo-leak from earlier this year is a great example: no photo would have been leaked had iCloud accounts been protected with strong, unique passwords. Furthermore, had Apple offered universal two-factor authentication, and had the victims of this breach deployed that protection, then there would have been no celebrity photo leak. However, deploying a strong password or enabling two-factor authentication puts the security burden on an unreliable party: the consumer.<\/p>\n<p>Botching security and then blaming the consumer is lame and the tech companies that offer online services need to build security in. That\u2019s why Apple and Google\u2019s announcements about default mobile device encryption and Twitter\u2019s new \u201cDigits\u201d authentication service, which sends one time passwords to users via text message, were promising steps in the right direction for security in 2014.<\/p>\n<p><strong>Law Enforcement Learning to Catch Cybercriminals<\/strong><\/p>\n<p>Last but certainly not least, 2014 offered promise for law enforcement agencies who, despite the bad surveillance-related press, are tasked with a thankless and incredibly difficult job. Kaspersky\u2019s GReAT researchers recounted the successes that international police forces saw this year:<\/p>\n<p>A coalitions of police forces from all around the world came together to takedown the \u201cGameOver Zeus\u201d botnet, which, to that point, was one of the largest crimewave kits on the market. Criminals used GameOver not only for its intended purpose as a credential stealing banking trojan, but also as a distribution platform for the infamous crypto locker malware.<\/p>\n<p>Kaspersky Lab also listed its contribution to a broader law enforcement-backed takedown of the \u201cShylock\u201d trojan, which deployed man-in-the-browser attacks to steal banking login credentials from online banking customers.<\/p>\n<p>More recently, \u201cOperation Onymous\u201d resulted in the take-down of dark markets running within the Tor network.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If December means predicting the new year in the security world, then it also means recapping the year that&#8217;s about to end. And that&#8217;s just what Kaspersky Lab&#8217;s Global Research<\/p>\n","protected":false},"author":42,"featured_media":5199,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[423,636,36,218,553,43,441,97,539],"class_list":{"0":"post-5198","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-apt","9":"tag-internet-of-things","10":"tag-malware-2","11":"tag-mobile-security","12":"tag-news-2","13":"tag-privacy","14":"tag-ransomware","15":"tag-security-2","16":"tag-tor"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/security_trends_2014\/5198\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/security_trends_2014\/4448\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/security_trends_2014\/4384\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/security_trends_2014\/4916\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/security_trends_2014\/6393\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/security_trends_2014\/6987\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/security_trends_2014\/5770\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/security_trends_2014\/6393\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/security_trends_2014\/6987\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/security_trends_2014\/6987\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/apt\/","name":"apt"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5198"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5198\/revisions"}],"predecessor-version":[{"id":17988,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5198\/revisions\/17988"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5199"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}