Cybercrime Hits The Unexpected - Trend Micro
TrendLabsSM 1Q 2014 Security RoundupCybercrime Hits the UnexpectedBitcoin- and PoS-System-Related Attacks Trouble Users
TREND MICRO TrendLabs 1Q 2014 Security RoundupContents1 Cybercrime and theCybercriminal Underground10 Mobile Threat Landscape15 Targeted Attack Campaignsand Cyber Attacks21 Digital Life and the Internet ofEverything25 Appendix
TREND MICRO TrendLabs 1Q 2014 Security RoundupIntroductionAt the end of 2013, we realized that digitalheists pushed stick-’em-up bank heiststo the curb.1 While this holds true amidlarge data breach incidents and rampantcybercrime, the first quarter of 2014 alsoshowed that today’s cybercriminals areaiming at previously nontargeted entitiesto carry out malicious deeds. Proofof these include the US 480-milliondigital heist Bitcoin exchange, MtGox,suffered from and recent attacks againstlarge retailers via point-of-sale (PoS)terminals.2, 3 These high-profile crimestargeted unexpected information sourceseven if attackers went after the samething—money, used the same techniquesdespite more strategic planning, and weremotivated by greed.after unusual targets like PoS terminals inretail chains.4In this era of electronic transactions,nothing screams “crime” like a massivedata breach, whether carried out byindividual attackers or sophisticatedcybercriminal gangs. Instead of goingonly after individuals, cybercriminals wentCybercriminal tactics this quarter taughtus that no matter how advanced a defensestrategy is, malicious actors will always goin for the kill to gain immediate profit, nomatter how unusual the target appears.This quarter’s biggest stories featuredwell-orchestrated schemes and largesums of money lost to enterprisingcybercriminals. Online banking malware,for instance, exhibited new behaviorsthough the core tactics cybercriminalsused to spread them stayed the same.Bitcoins and related attacks gainedprominence as a financial instrument anda threat. The mobile threat landscape didnot undergo drastic changes this quarterthough it has been dubbed “more mature”with the emergence of more Android bugs. The retailer data breaches we sawin recent months highlighted the need forcustomized defense strategies.NOTE: All mentions of “detections” within the text refer to instances when threats were found on users’computers and subsequently blocked by any Trend Micro security software. Unless otherwise stated, thefigures featured in this report came from data gathered by the Trend Micro Smart Protection Network cloud security infrastructure, which uses a combination of in-the-cloud technologies and client-basedtechniques to support on-premise products and hosted services.
TREND MICRO TrendLabs 1Q 2014 Security RoundupCYBERCRIME AND THE CYBERCRIMINAL UNDERGROUNDBitcoin Matured as a Currency and AttractedMore CybercriminalsThe nature of the Bitcoin technology andnetwork has drastically changed over time.As such, related threats have also evolved.In the past, attackers compromisedsystems and used them to mine for thevaluable digital currency; today, Bitcoinexchanges and wallets are targeted fortheft. This March, for instance, BitCrypt,an addition to the ransomware scene, stolevarious cryptocurrency wallets, includingBitcoin wallets.5We also saw several Bitcoin exchangesworldwide suffer after being robbed,including MtGox, Flexcoin, new SilkRoad, and Poloniex, among others.6, 7, 8, 9This does not mean Bitcoin mining is nolonger profitable though. If done right,Bitcoin mining—a process that managesBitcoin transactions and creates newones—can be a lucrative investment, asa Bitcoin’s average weekly price can stillreach as much as US 945 on the largestexchange.10Value of Bitcoins in Circulation10BUS 10B8.6B7.6BUS 5B0JANFEBMARSource: https://blockchain.infoWith roughly 12 million Bitcoins in existence at the start of this year, the total value of Bitcoins rose to ashigh as US 10 billion. However, due to the MtGox heist this February, its value has been fluctuating betweenUS 6 billion and US 8 billion this quarter, with the lowest value this March. Despite the drop in value andfluctuating exchange rates, however, Bitcoin users who purchased the cryptocurrency in the first quarter of2013 still gained more than a tenfold increase on their investment today.1 Cybercrime and the Cybercriminal Underground
TREND MICRO TrendLabs 1Q 2014 Security RoundupBitcoin-Mining and -Wallet-Stealing MalwareDETECTION NAMEROUTINEDATE FIRST SEENBKDR BTMINEMines Bitcoins bydownloading minersSeptember 2011KELIHOSLooks for and stealswallet.dat filesApril 2013SHIZMonitors Bitcoin-relatedprocesses for stealingpurposesNovember 2013COINMINE(DevilRobber)Copies all of thecontents of wallet.datand sends them to FileTransfer Protocol (FTP)serversDecember 2013FAREIT/TEPFER(Pony)Looks for and stealswallet.dat, .wallet, andelectrum.dat filesNOTE: FAREIT is aknown downloader ofCRIBIT/BitCrypt, whichsteals Bitcoin and othercryptocurrency wallets.March 2014KAGECOINMines for Bitcoins onAndroid devicesMarch 2014This quarter, we saw many Bitcoin-wallet-stealing malware, apart from miners.After a few years of functioning asa currency, Bitcoin also proved to bean efficient means to get into illicittransactions. In the latter part of 2013, the2 Cybercrime and the Cybercriminal Undergroundcreators of the notorious CryptoLockermalware shifted their monetization tacticsto Bitcoin as a mode of payment for filesor systems held for ransom.11
TREND MICRO TrendLabs 1Q 2014 Security RoundupDespite its developers’ intention ofintroducing the Bitcoin as an innovativeonline payment means, its use alsoproved efficient for money launderingand illegal product purchasing, includingcybercriminal tools like BlackOS fromunderground markets.12 Bitcoin use,after all, is a highly convenient systemfor anonymous purchasing since it cancirculate online without being tied to anybank account.Timeline of Known Bitcoin Attacks, 1Q 2014VircurexBitstampPoloniexNew SilkRoadJANFlexcoinFEBMARSources: Bitstamp, Vircurex, Poloniex, Flexcoin, and new Silk RoadThis quarter, several Bitcoin exchanges admitted to suffering attacks and breaches, resulting in the loss ofBitcoins in some instances or, worse, in the bankruptcy and shutdown of affected exchanges.3 Cybercrime and the Cybercriminal Underground
TREND MICRO TrendLabs 1Q 2014 Security RoundupOnline Banking Malware Showed New Behaviors butFamiliar Core TacticsOnline banking malware exhibited avariety of notable behaviors this quarter.In January, for instance, we foundZeuS/ZBOT samples that targeted64-bit systems. Their routines includepreventing the execution of various antimalware analysis tools and sporting a Torcomponent that hid communications withcommand-and-control (C&C) servers.13That same month, a BANLOAD variantused a different infection approach—checking for security plug-ins beforeexecuting malicious routines.14 ControlPanel (CPL) malware and a unique “timed”ZeuS/ZBOT downloader further provedthat no two online banking malware werethe same when it came to technique.15, 16Online Banking Malware VolumeComparison, 1Q 2013 and 1Q 2014Online Banking Malware Volume,January–March 2014120K25K01Q 20131Q ARThe number of online banking malware detections this quarter reached roughly 116,000, showing a slow butsteady increase from 113,000 detections in the first quarter of 2013.4 Cybercrime and the Cybercriminal Underground
TREND MICRO TrendLabs 1Q 2014 Security RoundupCountries Most Affected by Online Banking MalwareCOUNTRYSHAREUnited laysia3%Mexico3%Vietnam3%Australia3%Others32%The United States was most hit by onlinebanking-malware-related attacks as usual.India slowly rose to the top 3 due to a spikein the number of online bankers in thecountry, which could be attributed to a vastlyimproved banking industry.17 The mobilebanking transaction volume grew along withthe number of online money transfers—a topranking secondary means of making inwardremittances in India.18, 19Countries Most Affected by Online Banking Malware, January–March 2014United 3,2423,1143,7376K0JANFEBMARThe United States, Japan, and India maintained their rankings throughout the quarter when it came toonline banking malware detection.5 Cybercrime and the Cybercriminal Underground
TREND MICRO TrendLabs 1Q 2014 Security RoundupRansomware Continued to Go RegionalCryptoLocker’s emergence in October2013 was a prime example showing howcybercriminals refined their techniquesand enhanced existing tools insteadof creating new ones. Based on pastmonitoring of CryptoLocker, the malwarecontinued to pose a unique challenge forsecurity researchers this quarter. Armedwith sophisticated social engineeringtactics, encryption technology, and acountdown timer, victims were betterscared and thus pressured to pay up.Thisquarter,already-widespreadransomware went through even moreadvancementsaftercybercriminalsseemed to have figured out their global“appeal.” Scaring people into submissionproved effective no matter where thevictims resided. Case in point: In February,a CryptoLocker-like ransomware variantvictimized users in Hungary and Turkey.20We’ve seen this happen before with thePolice Trojan, which specifically targetedusers in Italy, Spain, France, and theUnited Kingdom.21 The current trendshows just how much history can repeatitself.More than targeting specific countries,ransomware also came with othermalicious behaviors, including Bitcointheft, with the entry of BitCrypt. Thisransomware-cum-cr yptocur rencystealer obtained funds from variouscryptocurrency wallets, including Bitcoinwallets.6 Cybercrime and the Cybercriminal UndergroundThe ransomware volume was particularlyhigh in the third quarter of 2013 due toa rise in CryptoLocker detections. Thisquarter, the United States topped the listof most affected countries, accountingfor almost 30% of the total, followedby Japan and India. Feedback from theTrend Micro Smart Protection Networkalso showed that 40% of the BitCrypt(detected as CRIBIT) victims were basedin the United States.Countries Most Affected byRansomwareUnited StatesJapanIndiaTurkeyAustraliaGermanyFranceUnited he countries that were most affected byransomware in 2013 did not drastically changethis year though a slight decrease in volumewas seen.
TREND MICRO TrendLabs 1Q 2014 Security RoundupThe Dark Side of Tor Was RevealedTor’s main purpose as a worldwidenetwork of servers is to foster onlineprivacy tool research and development(R&D). The cloak of anonymity Torprovides, however, also made it anattractive platform for cybercriminals’malicious schemes, as it is also easy toaccess and use. The Deep Web, whichhas often been associated with Tor in thepast, is being abused by cybercriminalsbecause of its ability to bypass searchengine crawlers, allowing them to remainanonymous.22We saw Tor particularly abused in Marchwhen CRIGENT used Windows PowerShell to spread through scriptsbefore downloading two well-knownonline anonymity tools, one of whichinvolved the Tor network.23 The previouslymentioned 64-bit ZeuS/ZBOT variantalso took advantage of Tor to hidecommunications with C&C servers.The fact that the Tor client is easy to setup allowed cybercriminals to carry outcomplex behaviors without deployingadditional configuration files. The hiddenservices that Tor provides could alsoattract cybercriminals to abuse it evenmore in the coming months.Zero-Day Exploits and Windows XP End of SupportHighlighted Risks Unpatched Bugs PosedVarious zero-day exploits were found thisquarter for a mix of browser, browserplug-in, and other software vulnerabilities.Microsoft Office 2010 proved tobe a viable target, as evidenced by thevendor’s security bulletin for March,which included a patch for a zero-dayvulnerability in Microsoft Word .24Earlier in February, another favoritetarget, Adobe Flash , was exploited tospread PlugX, a remote access tool known7 Cybercrime and the Cybercriminal Undergroundfor its stealth mechanisms.25 MicrosoftSecurity Advisory 2934088, also releasedthat month, alerted versions 9 and 10users to an Internet Explorer zero-dayexploit used in targeted attacks.26 This wasa particularly grave issue for Microsoft,as it affected most Windows versions,except Windows 8.1 and Windows XP,which carried Internet Explorer versions11 and 8, respectively.
TREND MICRO TrendLabs 1Q 2014 Security RoundupZero-day exploits like those used in theInternet Explorer 9 and 10 attacks weresignificant because they could evademitigation techniques such as addressspace layout randomization (ASLR)and Data Execution Prevention (DEP).The ability to evade these mitigationtechniques proved effective in recentattacks, which gave us reason to believethat cybercriminals will try to make theirexploits increasingly platform agnostic inthe future.Timeline of Zero-Day Exploits, 1Q 2014InternetExplorer 9/10AdobeFlashMicrosoftWord2013 16 RTREND MICRO DEEP SECURITY VIRTUAL PATCHING RULEPATCHEDWe were able to provide protection to Trend Micro Deep Security and OfficeScan with Intrusion DefenseFirewall (IDF) plug-in users for two of the three major zero-day exploits seen this quarter even beforevendors released patches.Although the zero-day exploits found thisquarter did not affect Windows XP, thatdoes not mean its users are spared.27 Infact, the end of support for Windows XPas of April 8, 2014 could make systemseven more prone to attacks.28 It does nothelp that versions of Internet Explorerhigher than 8 are not compatible withthe platform, which means Windows XPusers will get left behind with older andvulnerable versions of the browser. They8 Cybercrime and the Cybercriminal Undergroundcan, of course, use alternative browsersto escape threats that target InternetExplorer though simply switching maynot be 100% foolproof against attacksthat target other possibly vulnerablebrowsers. Security software will still beable to protect the outdated platformbut newly discovered vulnerabilities willno longer be fixed and be left wide openforever for attackers to exploit.29
TREND MICRO TrendLabs 1Q 2014 Security RoundupOS Market Shares, March 2014Windows 749%Windows XP28%Windows 86%Windows 8.15%Mac OS X 10.94%Others8%Source: Netmarketshare.comAs of March 2014, Windows XP remains a major player in the desktop OS market with an almost 30% share.NOTE: The numbers from Netmarketshare.com tend to vary so the figures above show the possible worstcase scenario for Windows XP.Expert InsightsCybercriminals continued to find new avenues to commit digital crime and evade countermeasures appliedagainst their creations. Online banking malware continued to thrive with the emergence and/or modificationof new malware families, each with different targets and varying anti-detection techniques. Online bankingmalware distribution methods were also continuously refined to infect systems only in certain countries/regions. They also came armed with tools to make sure the systems they’re infecting are preferred targets.Some could even detect systems’ IP addresses and keyboard layouts to ensure these are located in specifictarget countries/regions.Since law enforcement activities against online theft are slowly being ramped up, cybercriminals are startingto add more layers to ensure anonymity in order to protect their identities and avoid getting arrested.Using Tor as a C&C channel allowed them a little more anonymity and gave them some degree of additionalresilience against security software detection and takedown.Cybercriminals’ interest in Bitcoin, meanwhile, revolved around the fact that it shows the most promise andgreatest adoption, presenting itself as a prime target for mining or theft. Finally, CryptoLocker made wavesbecause of its ability to encrypt stored files, resulting in actual loss of not just documents but also the moneyvictims hand out to “file-nappers.”Martin RöslerSenior Director, Threat Research9 Cybercrime and the Cybercriminal Underground
TREND MICRO TrendLabs 1Q 2014 Security RoundupMOBILE THREAT LANDSCAPEApp Repackaging, Growing Underground Economy, andToolkit Availability Pushed Mobile Malware and HighRisk App Count to 2 MillionGrowing at an even faster pace than lastyear, the number of mobile malware andhigh-risk apps hit 2 million this quarter.One reason for the volume growth couldbe the growing demand for malicious toolsand services that can be used to create anddistribute mobile malware underground.30One such tool, DENDROID—a remoteadministration tool—made it convenientto Trojanize legitimate mobile apps forUS 300.31, 32The proliferation of repackaged apps—those that have been maliciously tamperedwith to get past Android devices’ securityfeatures and usually came armed withdata-stealing and premium service abusecapabilities—also contributed to the hugespike in mobile malware and high-riskapp volume growth. Great examples ofthis malicious app type were Trojanizedversions of the once-famous app, FlappyBird (detected as FAKEINST variants),which spread throughout third-party appstores this quarter.33 These could evenbe a reason why OPFAKE/FAKEINSTvariants—our detection for repackagedapps—stayed at the top of the mobilemalware list this quarter.Android Cumulative Threat VolumeMobile malware72%High-risk apps28%10 Mobile Threat Landscape2.1M1.8M1.5M1.5M3M0JANFEBMAR
TREND MICRO TrendLabs 1Q 2014 Security RoundupMonthly Mobile Malware and High-Risk App VolumeTOTAL647K210K150K164K273K300K0JANFEBMARThe newly detected mobile malware and high-risk apps found this quarter accounted for almost a third ofthe total number of Android threats.NOTE: High-risk or potentially unwanted apps are those that can compromise user experience becausethey display unwanted ads, create unnecessary shortcuts, or gather device information without userknowledge or consent. Examples include aggressive adware.Adware Toppled Premium Service Abusers in Termsof VolumePremium service abusers—the mostcommon Android threat type in 2013—no longer topped the Android threat listthis quarter.34 Adware surpassed premiumservice abusers in terms of volumepossibly due to a recent announcementmade by major carriers on droppingpremium-text-service-billing rates after11 Mobile Threat Landscapeacknowledging that these could end up incybercriminals’ hands.35Viewing premium service abusers asless “profitable” attack tools, therefore,cybercriminals set their sights onspreading adware instead to victimizemore users.
TREND MICRO TrendLabs 1Q 2014 Security RoundupTop Android Malware %OthersThe top malware families at the end of 2013 continued their reign this quarter.NOTE: Premium service abusers register victims to overpriced services while adware aggressively push adsand can even collect personal information without victim consent.Top Android Threat Type Distribution9%19%25%02%35%47%50% AdwarePremiumservice authorizedspenderAdware toppled premium service abusers in terms of mobile threat distribution. The other threat typesshowed slightly decreased numbers from last year.NOTE: The distribution numbers were based on the top 20 mobile malware and adware families thatcomprised 88% of the total number of mobile threats detected by the Trend Micro Mobile App ReputationTechnology from January to March this year. A mobile threat family may exhibit the behaviors of more thanone threat type.12 Mobile Threat Landscape
TREND MICRO TrendLabs 1Q 2014 Security RoundupMore Bugs Showed a More Mature MobileThreat LandscapeAnother sign that today’s mobile threatlandscape has matured was a spike in thenumber of vulnerabilities found in theAndroid platform. This sp
TREND MICRO TrendLabs 1Q 2014 Security Roundup Introduction At the end of 2013, we realized that digital heists pushed stick-’em-up bank heists to the curb.1 While this holds true amid large data breach incidents and rampant cybercrime, the first quarter of 2014 also showed that today’s cybercriminals are
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
hacking. Concept of Cybercrime. Concept of Cybercrime Underground Economy . Concept of Cybercrime. Concept of Cybercrime Phishing. Hacktivism Concept of Cybercrime. Cyberwar: Estonia Case Concept of Cybercrime "I felt the country was under attack by an invisible enemy. . . . It was
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
study.2 The collection of topics for consideration within a comprehensive study on cybercrime included the problem of cybercrime, legal responses to cybercrime, crime prevention and criminal justice capabilities and other responses to cybercrime, international organizations, and technical assistance.
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
