Tag Archives: Computer crime

The Stuxnet – Visualized

A video blogger named Hungry Beast is behind this fascinating visualisation of the dangerous computer virusStuxnet – know to be the first cyber weapon ever to be constructed by mankind. You’ll hopefully understand why I’m focusing on what’s going on online at the moment…

Pandora’s box has been opened; on the new battlefield the aggressors are anonymous, the shots are fired without starting wars and the foot soldiers can pull their triggers without leaving their desks.

In June last year, a computer virus called Stuxnet was discovered lurking in the data banks of power plants, traffic control systems and factories around the world. Hungry Beast introduce the video:

Pandora’s box has been opened; on the new battlefield the aggressors are anonymous, the shots are fired without starting wars and the foot soldiers can pull their triggers without leaving their desks.

Last week the United States government announced they would retaliate to a cyber-attack with conventional force. The threat is real, and the age in which a computer bug could cost lives has begun.

Comments Off on The Stuxnet – Visualized

Filed under International Econnomic Politics, Technology

Top 10 Cyber Threats of 2011 – Updated

PandaLabs, the antimalware laboratory of Panda Security, the cloud security company, has forecasted several radical innovations in cyber-crime for 2011. Hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats.

“There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits.”

PandaLabs

Here is a summary of what PandaLabs now predicts as the ten major security trends of 2011:

1. Malware creation:
In 2010, PandaLabs witnessed significant growth in the amount of malware and discovered at least 20 million new strains, more than in 2009. At present, Panda’s Collective Intelligence database stores a total of more than 60 million classified threats. The actual rate of growth year-on-year however, appears to have peaked. Several years ago it was over 100 percent and in 2010 it was 50 percent.

2. Cyber war:
Stuxnet and the WikiLeaks cables suggesting the involvement of the Chinese government in the cyber-attacks on Google and other targets have marked a turning point in the history of these conflicts. Stuxnet was an attempt to interfere with processes in nuclear plants, specifically, with uranium centrifuge. Attacks such as these, albeit more or less sophisticated, are still ongoing, and will undoubtedly increase in 2011, even though many of them will go unnoticed by the general public.

3. Cyber-protests:
Cyber-protests , or hacktivism, are all the rage and will continue to grow in frequency. This new movement was initiated by the Anonymous group and Operation Payback, targeting organizations trying to close the net on Internet piracy, and later in support of Julian Assange, editor-in-chief of WikiLeaks. Even users with limited technical know-how can join in the distributed denial of service attacks (DDoS) or spam campaigns. Despite hasty attempts in many countries to pass legislation to counter this type of activity effectively by criminalizing it, PandaLabs believes that in 2011 there will be more cyber-protests, organized by this group or others that will begin to emerge.

4. Social engineering:
Cyber-criminals have found social media sites to be their perfect working environment, as users are even more trusting with these than with other types of tools, such as email. Throughout 2010, PandaLabs witnessed various attacks that used the two most popular social networks – Facebook and Twitter – as launching pads. In 2011, not only will hackers continue to use these networks, but it is predicted that they will also be used more for distributed attacks.

BlackHat SEO attacks (indexing and positioning of fake websites in search engines) will also be widely employed throughout 2011, as always, taking advantage of hot topics to reach as many users as possible. In addition, a significant amount of malware will be disguised as plug-ins, media players and other similar applications.

5.Windows 7 influencing malware development:

It will take at least two years before there is a proliferation of threats designed specifically for Windows 7. In 2010, PandaLabs began seeing a shift in this direction, and predicts that in 2011, new cases of malware targeting users of this new operating system will continue to emerge.

6.Mobile phones:

In 2011 there will be new attacks on mobile phones, but it will not be on a massive scale. Most of the existing threats target devices with Symbian, an operating system which is now on the wane. Of the emerging systems, PandaLabs predicts that the threats for Android will increase considerably throughout the year, becoming the number one mobile target for cyber-crooks.
7. Tablets:

The dominance of the iPad will start to be challenged by new competitors entering the market. Therefore PandaLabs does not believe that tablet PCs will become a major consideration for the cyber-criminals in 2011.

8. Mac:

Malware for Mac exists, and will continue to exist. And as the market share of Mac users continues to grow, the number of threats will grow. The greatest concern is the number of security holes in the Apple operating system. Developers will need to patch these holes as soon as possible, as hackers are well aware of the possibilities that these vulnerabilities offer for propagating malware.

9. HTML5:

HTML5 is the perfect target for many types of criminals and could eventually replace Flash. It can be run by browsers without any plug-ins, making it even more attractive to find a security hole that can be exploited to attack users regardless of which browser they use. PandaLabs expects to see the first attacks on HTML5 in the coming months.

10. Highly dynamic and encrypted threats:
PandaLabs expects dynamic and encrypted threats to increase in 2011. PandaLabs is receiving more and more encrypted, stealth threats designed to connect to a server and update themselves before security companies can detect them. There are also more threats that target specific users, particularly companies, as information stolen from businesses will fetch a higher price on the black market.

Related by the Econotwist’s:

5 Comments

Filed under International Econnomic Politics, Laws and Regulations, Technology

Hackers Attack Norwegian Government – Again

This week the Norwegian government have been under a severe hacker attack. The National Security authorities have raised the threat level to 3 – the highest since the Stuxnet attack against Norwegian oil installations and other crucial systems in June this year.

“The police are aware of vulnerabilities in PDF readers that’s  been exploited for hacking.”

Espen Strai

Norwegian Security Authorities

The Norwegian governments building in Oslo have this week been hit by the most serious hacker attack so far this year, Norwegian newspaper Aftenposten reports. This attack has been possible because the ministers and their staff still hasn’t updated their PDF software.

According to the norwegian newspaper Aftenposten, National Security Authorities discovered a flow of infected PDF files coming in through the governments email system, passing the firewall without any trouble.

The serious attack was kept a secret until the newspaper got hold of an internal note to the security personnel at the government building, warning against the hole in their security systems.

The National Security authorities (NSM) are still working on the case, trying to patch the holes and see if they can trace the perpetrators.

The attacks this week have led the NSM to raise the national threat level to level 3 – the highest since the Norwegian oil companies, utilities and other vital social structures were attacked by the dangerous Stuxnet worm earlier this summer.

NSM and the Norwegian government has kept this last attack a secret from the public. The reason is that they’re still working to resolve the problem,  and investigate who is behind, whether they are hackers, computer criminals or foreign intelligence, aftenposten.no writes.

Hackers and computer criminals have discovered that the ministers and their staff have done a classic amateur mistake – they have failed to update the computer program Adobe Reader, which is used to read PDF files.

That makes the government buildings an easy and tempting target.

Using a computer virus, a so-called “Trojan,” which uses known vulnerabilities in Adobe, the hackers tried to install software that would give them full access to the computers.

Every day more than 5 million emails passes through the governments firewalls that’s supposed to protect highly sensitive data, government notes and classified information, which can cause both individuals and Norwegian security concerns very much damage.

The Office of the Auditor General of Norway has previously criticized prime minister Jens Stoltenberg and his government for the very poor data security and, among other things, using old software.

Ministry of Government Administration and Church Secretary Rigmor Aasrud says that the government has implemented several measures.

“We can not comment on the different security ratings by NSM. However, we’re continuously assessing the measures that are necessary. We expect people to be vigilant and careful with what you do,” says communications manager Frode Jacobsen Minister of Government Administration and Reform.

“The police are aware of vulnerabilities in PDF readers have been exploited for hacking. We follow the situation around this carefully,” says communications director Espen Strai at the National Police Computing and Material Service.

Norwegian police have now taken steps to update the governments applications so that most attacks are stopped, aftenposten.no is told.

Related by The Swapper:

4 Comments

Filed under International Econnomic Politics, National Economic Politics, Technology