News Stay informed about the latest enterprise technology news and product updates.

Multifunctional malware, staged drive-by attacks to rise in 2012

Malware toolkits are being programmed with attacks that make the most business sense, say security experts. Automated toolkit users will have new capabilities to target specific groups and organizations.

Automated toolkits with business models that include rental agreements and constant updates will gain considerable improvements in 2012, with many attack kits being primed with new features that enable even the least tech-savvy cybercriminals to hone malware in 2012 for highly targeted attacks.

It all starts with a blob of heavily obfuscated Javascript and ends within a few minutes with the victim’s PC pwned and the victim’s passwords in the hands of some Asian or eastern European goon squad.

Andrew Brandt,  director of Threat Research at Solera    

Financial malware designed to target and infiltrate bank accounts could be recoded for targeted non-financial attacks, according to Boston-based security vendor Trusteer. The Zeus and SpyEye codebases, which are now publicly available, can be manipulated to pull off more sophisticated targeted attacks against enterprises. “Over the next twelve months perimeters will face an onslaught from various sources, viruses going financial, APT-style technologies in Zeus code derivatives manipulated by new coders and in other commercially available malware kits,” Trusteer CTO Amit Klein noted in the company’s list of predictions.  

A scourge of compromised legitimate websites will continue to fuel an increase in staged attacks in 2012, according to South Jordan, Utah-based network security vendor, Solera Networks Inc. High-profile attacks carried out by hactivist groups demonstrated that even the largest enterprisesstruggle to control website vulnerabilities that can give cybercriminals a way into sensitive systems. Andrew Brandt, Solera’s director of Threat Research, urges Mozilla Firefox users to keep their plug-ins updated and install NoScript to stop the onslaught of drive-by attacks using malicious JavaScript.

“As far as I can tell, it’s the only surefire method of preventing an accidental infection of a Windows PC by exploit-kitted webpages,” Brandt wrote in the Solera blog. “It all starts with a blob of heavily obfuscated Javascript and ends within a few minutes with the victim’s PC pwned and the victim’s passwords in the hands of some Asian or eastern European goon squad.”

Solera’s Brandt also points to vulnerable blog plug-ins as a major contributor to the problem. Malware writers upload their code to the vulnerable webpages, enabling them to serve up keyloggers to blog visitors. “Most of the code we’ve seen uploaded to legit sites redirects the browser into the maw of one or another exploit kits,” Brandt wrote.

Hardware security weaknesses
Meanwhile, security giant McAfee, which was acquired in 2010 by chipmaker Intel, is predicting a spike in attacks that leverage embedded hardware or use a computer’s master boot record and BIOS layers, to bypass traditional security technologies. “We expect to see more effort put into hardware and firmware exploits and their related real-world attacks throughout 2012 and beyond,” according to McAfee.

Embedded systems that run GPS routers, ATM machines, medical devices and other systems can be rooted and are at risk to falling under the control of sophisticated cybercriminals, according to McAfee’s “2012 Threats Predictions” (.pdf) report.

“Controlling hardware is the promised land of sophisticated attackers,” according to the report. “If attackers can insert code that alters the boot order or loading order of the operating system, they will gain greater control and can maintain long-term access to the system and its data.”

McAfee’s prediction is somewhat buoyed by Columbia University researchers who demonstrated how HP printer vulnerabilities could be used by cybercriminals to gain access to corporate networks.

Michael Sutton, vice president of security research at SaaS-based email and Web gateway security vendor Zscaler Inc. said the focus on hardware-based threats may force hardware vendors to increase their focus on security and take vulnerability disclosure more seriously. Sutton’s presentation at Black Hat 2011 focused on weaknesses in embedded Web servers.

“Security in the hardware space is at least ten years behind security in the software industry,” Sutton wrote in Zscaler’s ThreatLabZ blog. “Hardware vendors will get a wake-up call as researchers shift their efforts to hardware and party like it’s 1999.”

Dig Deeper on Malware, virus, Trojan and spyware protection and removal