3Q 2015 Security Roundup: Current Threats Forecast Impending Attack Scenarios

When experts call on people to brace for disaster, it’s always based on signs that point to impending events. This quarter, we saw numerous signposts pointing to hazards to sensitive data that could lead to damages to individuals’ personal lives and organizations’ operations. The high-profile breaches, vulnerability exploits, and other attacks we saw this past quarter all serve as barometers of security disasters waiting to happen.

Hacking Team breach: A gold mine of vulnerabilities

Attacks following the Hacking Team dump are on top of the list of this quarter’s security concerns. The incident led to the discovery of a slew of zero-day vulnerabilities in Flash, Internet Explorer, and Windows; a spying tool for Android and iOS devices; and an Android app that can bypass Google Play security. One of these discovered flaws was also added to the Angler Exploit Kit and used in attacks in Korea and Japan; another, in attacks against Taiwan and Hong Kong websites.

Figure 1. Hacking Team attack timeline

Ashley Madison Breach: Attack by Extortion

Another data breach dump this quarter, one that fueled further attacks and extortion, is that of the illicit dating site, Ashley Madison. Reports of blackmail and extortion from the leaked names on the site emerged soon after its breach. Exposure proved fatal as reports of suicide surfaced. Incidentally, we also learned that even honeypot emails used by Trend Micro were used to create profiles on the site, adding the risk of having an account created on one’s behalf among the list of concerns.

Stagefright, Xcode, and More Weak Points in Android and iOS

Majority of Android devices were put on a standstill with the emergence of Stagefright, which enables attackers to install malware through MMS, a malicious app, or a specially-crafted URL. Multiple vulnerabilities in the mediaserver component were also uncovered. Notably, Google also announced last quarter that they will release regular software updates.

On the other hand, iOS devices also suffered from the risk of attacks by way of tampered versions of iOS developer tools Xcode and Unity. Apps that were created using the Trojanized version of Apple’s toolkit Xcode found their way inside the App Store, putting iOS device users at risk of fraud and phishing. Apps created via the Trojanized Xcode remain a problem for iOS users today. Apart from Xcode, a vulnerability was also found in Apple’s Airdrop feature and another in the way that iOS devices handle configuration sent through MDM clients (quicksand).

This Quarter on PoS Targets: SMBs

Businesses also continue to be plagued by known but rapidly developing threats. Small businesses, specifically, were the prime market of cybercriminals who use the “shotgun approach” on PoS malware. For instance, cybercriminals used the Angler Exploit Kit to find PoS systems; GamaPOS users latched on the Andromeda botnet to target retail organizations; while other cybercriminals spread spammed messages to deliver the KASIDET malware with PoS RAM scraping capabilities.

We also note of the move to switch to EMV (Europay, MasterCard, and Visa) technology in the US, which is supposed to better secure businesses from counterfeiting, but may still be compromised by RAM-scraping malware.

Find out more about these threats and their possible future implications in “3Q Security Roundup: Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks.” There, we also touch on espionage campaigns targeting political personalities and the state of Internet-ready devices.