Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hacker technique sophistication continues to increase

Network Box : 21 October, 2008  (Technical Article)
Social engineering techniques continue to be the main attraction for luring victims to sites containing ever-increasingly sophisticated methods of infecting computers
Cyber criminals have gone back to using the kind of basic social engineering techniques that brought us emails on Viagra, Cialis and the hidden millions of deposed African presidents. That is the finding of analysis of more than 20 billion Internet threats by managed security service, Network Box.

Despite a significant increase in 'spear phishing attacks' - attacks designed to target a single person, or company - the majority of emails sent by cyber criminals still deploy tactics designed to persuade the recipient that they should visit a website, or download a file. But, according to Internet Security Analyst for Network Box, Simon Heron, the game plan of the criminal is getting ever-more sophisticated: "The objective for the new attack method is either to lure individuals to a site where they can be persuaded to part with private information such as usernames and passwords; or, to install Trojans onto a private computer in order to recruit it to a botnet."

New content sites are a prime target for cyber-criminals, with emails only one way of honing in on their prey. "Social networks and file sharing sites are another target for malware to be embedded," says Heron. "We are becoming increasingly blasé about downloading content from unknown sources. Our use of social media means we are easily targeted. For example, it is already easy for a hacker to encourage people using Twitter to click on an infected website. We know that Flickr had a vulnerability that lets hackers insert malicious code to downloadable images; and YouTube has been reported as having vulnerabilities including SQL injection."

The techniques used by hackers these days are considerably smarter than the badly spelled, error-ridden emails of the past. New techniques have been used this year such as backscatter, the emails you get when you send an email to a non-existent address. "Spammers and hackers now regularly send out emails deliberately to false addresses, but then spoof the return address, so other people get the non-delivery reports," says Heron. "These emails will either contain links to an infected site, or may be designed purely to deliver the spam message." Spammers will tend to use other people's addresses so that they don't get the Backscatter and because anti-spam systems look for email without sender addresses.

There has also been a big increase in the number of infected websites, according to Heron: "We're seeing a huge number of emails that are designed to drive users to infected sites by persuading them to install an application such as flash updates or, ironically, new anti-virus software. Many people are used to Windows updates, for example, so will think it is genuine. It is impossible to put a number to them, as these are sites that change by the minute - but there are anywhere between 100,000 and 200,000 infected sites a month." It's a re-run of an old idea, but now much more sophisticated. Heron says: "The end game is usually to install spyware or a Trojan or indeed a program that does both!"

The scams are unrecognisable from the amateur attempts to persuade users to download malware of a few years ago. "Hackers use incredibly realistic imitations of anti-virus software or application update software, mimicking the kind of pop-ups you'd expect to see on your PC, in the right colours, style and sequence," says Heron. In some cases, they will point you to genuine sites to fool security software, but have infected that site to their own ends. Blogs are a prime target for this as they are usually not monitored rigorously
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo