Governments are not the only ones who should be concerned about having their data stolen. Though the majority of companies have been installed preventative tools, even as basic as antivirus programs, they are all far from a catch-all solution.
Trusteer, an IBM company, published its predictions on the “most dangerous malware trends” that companies and end-users should be aware of in 2014. Apart from saboteurs using “old school” techniques to bypass upgraded detection technologies, the list of threats to become ubiquitous includes forwarding malware through mobile SMS.
On the other hand, the security software developer Sophos expects smarter, shadier, stealthier malware to be developed this year. A player in the antivirus industry, Sophos forecasts botnets growing in size and stealth, hackers profiting from users’ android smartphones, and spam emails to be reinvented.
CISCO’s research shores that up, showing ninety-nine percent of all mobile malware in 2013 targeted Android devices. Android users also have the highest encounter rate (71 percent) with all forms of web-delivered malware. “Watering hole” attacks are also targeting specific industry-related websites to deliver malware, and most organizations, large and small, have already been compromised, but don’t even know it. A full 100 percent of business networks analyzed by Cisco have traffic going to websites that host malware.
Just because that free trial antivirus’ quick search could not find any threats doesn’t mean that users and businesses are safe. Meet the “new” elite of exploiting and exploitable software that pose a risk to people everywhere.
Who would suspect a tame spreadsheet application? Microsoft’s darling business intelligence tool is considered the most dangerous software on the planet by Forbes. Not exactly bringing any hidden malware to attack computers, it allegedly still had a key role in the huge loss JP Morgan has filed in London.
The reason it is dangerous is due to the fact that hundreds of thousands of financiers and bankers check what they are doing by cutting and pasting data among cells in Excel. One equation wrongly copy-pasted was enough to throw trillions of dollars around markets on the basis of jeopardized information.
Avoiding such data management flaws demands a clear understanding of the consequences if something is calculated, says Excel Trainer Oz du Soleil. He advises to always have more than one professional in charge of reviewing and approving files, as well as convenient data validation and sheet protection.
Sniffing the network traffic, taking screenshots, recording audio conversations, and intercepting keyboard commands: all this data is available to operators through the link to Flame’s command-and-control servers. More complex than Duqu, and 20 times larger (and more dangerous) than Stuxnet, this backdoor trojan has worm-like features that allow it to replicate both in a local network and on removable media, according to Kaspersky analyst Aleks on his blog. When Bluetooth is available and the corresponding option is turned on in the configuration block, it collects information about discoverable devices near the infected machine.
Depending on the configuration, it can also turn the infected machine into a beacon, and make it findable. Flame can even be used to deploy specific attacks, usually on industrial control systems and other processes of the physical world (airports, ships, and even space stations). Fortunately, BitDefender Labs has a 32 and 64-bit removal tool you can download for free.
While Google crawls the Internet for websites, Shodan crawls looking for devices, many of which are programmed to answer. It has found cars, fetal heart monitors, office building heating-control systems, water treatment facilities, power plant controls, traffic lights and glucose meters.
Originally meant as a tool to canvas the world for competitors’ products, instead it’s become a crucial tool for security researchers, academics, law enforcement and hackers looking for devices that shouldn’t be on the Internet, or yet devices that are vulnerable to being hacked.
Shodan’s been used to find webcams with security so low that you only needed to type an IP address into your browser to peer into “people’s homes, security offices, hospital operating rooms, child care centers, and drug dealer operations”, reported Forbes. Better think twice before letting your idle webcam on again.
2. Wi-Fi Pineapple Firmware
Yes, you can share Internet from your desktop or laptop without being known — and for only $90. Wi-Fi Pineapple is actually a gadget that disguises itself to look just like your favorite Wi-Fi hotspot, fooling phones, tablets or notebooks into connecting and enabling it to capture all of your sensitive data. Its portentous and dreadful hacking potential has been increasingly up to discussion in high-profile network security conferences.
Despite any strife, the team behind Pineapple claims it produces affordable, easy to use pentesting hardware — and for that no one can say a negative word. The hardware is smaller than a book, making it easy to be kept hidden in public places, so forget about ever logging in to chequing account at airports and cafes again.
Incredibly small, highly efficient, and hard to detect, Mask was designed to extract intellectual property and disrupt systems. That’s why it is the most dangerous and difficult to prevent malware around. An Advanced Persistent Threat (APT), Mask’s breaches can last for years, putting the software on top of the most advanced global cyber-espionage operations to date, according to researchers at the Internet security firm Kaspersky Lab.
“Elite” was the word used to describe its capabilities and highly sophisticated multi-platform, which steals files, keystrokes and encryption keys, and can operate for a long time undetected. One key aspect of the program, also known as Careto, may be the ability to target files with unknown extensions. These, Kaspersky suggests, “could be related to custom military/government-level encryption tools”.
There is no silver bullet to completely protect against malware with this level of sophistication, claims docTrackr. But they spell out that should companies get the right technology and keep it updated through IT security policies, sensitive information will be well protected.
- Ad Free Browsing
- Over 10,000 Videos!
- All in 1 Access
- Join For Free!