The Alphabet of Cyber Crime from APT to Zeus
If you need to know what Cyber Crime is but you are bored and fed up with the too many information security terms, loosing yourself among the acronyms, you have stumbled upon the correct place. I have just compiled a very special alphabet which collects the terms related to Cybercrime. Forgive me for some “poetic license” and enjoy this half-serious list.
A like APT
Yes, the Advanced Persistent Threats have been the undisputed protagonists of 2011. An APT is essentially an attack carried on with different vectors, different stages and on a distributed time windows (yes, it Persistent). APT are behind the most remarkable events of 2011 such as the RSA Breach, Stuxnet, and so on…
B like Botnet
Botnet are networks of compromised machines that are used by cybercriminals to perpetrate their malicious action. Tipically a compromised machine becomes part of a botnet where the master distributes the commands from a C&C Server. Command may include the theft of information or the attack to other machines.
C like Crime-As-A-Service
The last frontier of Cybercrime: why developing costly malware if you can find a wide offer of customizable malware on the black market offering help desk and support services?
D like DLP
Data Leackage (or Lost) prevention is a suite of technologies that may help organization to counter the theft of information by preventing misuse or leak of data while they are in use at the endpoint (DIU), in transit on the network (DIM), or simply it is an aggregated Dark Matter on the corporate servers (DAR) that needs to be indexed and cataloged (and possibly classified and assessed).
E like Evasion
APT are wise enough to evade traditional detection techniques by hiding themselves behind legitimate traffic (by mean of steganography, for example), or also sleeping for longtime and distributing their action on a wide timescale. This is the reason why a new security model (intelligence-driven or situational aware) is needed.
F like Firewall (better if application)
Make no illusions since traditional stateful inspection technologies are nearly useless against the last frontier of Cybercrime. Here is the reason why vendors have developed application firewall which may recognize specific application patterns by mean of a library of fingerprints constantly updated from the cloud. Push application firewall at the limit and you have anti botnet devices which are specialized on recognizing botnet traffic.
G Like Geo Location
When reputation learns the geography. It Is one of the technologies used to counter the APT and which are part of the so called NG-IPS (see the corresponding letter). It may blacklist traffic from specific countries (provided the address range are known to originate by the specific country) or from list of “bad guys” well known IP Addresses.
H like Horse (Trojan)
The preferred weapon of Cybercrookers. This term identifies the classical malicious software installed on the target machine and capable of stealing information (read bank accounts).
I like Information
Yes definitively is just the ultimate target of CyberCrime. The cyber-criminal may be “casual” or “organized”, but the history is always the same: the user is the gate, the malware is the mean, the information is the final treasure in any shape: bank accounts, project plans, financial plans, and whatever may be stolen with a stream of 1s and 0s.
J like Java Vulnerabilities
he preferred target for 0-day together with Adobe Reader/Flash.
K like Kelihos
One of the most (in)famous botnet. Kelihos was taken offline last September when Microsoft, using a federal court order, led efforts to shut down domains used by the command-and-control (C&C), severing links between the compromised computers and their order-giving master. Microsoft identified the alleged botmaster as a Russian programmer, Andrey Sabelnikov.
L like Login ID
The preferred information for Cyber Crookers. Once they own them, as they may hide behind legitimate users, there’s (nearly) nothing that may stop them.
M like Mobile
The Statistics speak for themselves: mobile devices are becoming privileged targets for Cyber Criminals. Users believe their mobile devices do not deserve the same level of attention than traditional devices and also some technologies (read Android) suffer of a weak security model in their app market. The consequence? SMS to premium numbers, information theft, GPS tracking… The results? In 2011, Juniper identified a 155 percent increase in mobile malware across all platforms, as compared to the previous year (3,325 for the only Android platform). A similar trend has been confirmed by McAfee in Q4 2011.
N like Next Generation IPS
Next Generation IPS is one of the weapons with whom security vendors aim to counter the Cybercrime. They offer a context-based security model which is focused on the user and her behavior (that is how she interacts with the environment) enriched with cloud based services (read Threat Intelligence).
O like Online Banking
One of the preferred targets of Cyber Criminals. Malware capable to steal the M-tan, phishing, are only few of the methods successfully used to enter into bank accounts and perpetrate frauds against innocent and unaware users.
P like Phishing
Everything (often) starts from here: users are lurked by false emails with malicious innocent files attached, hiding 0-days vulnerabilities (that’s what happened for the RSA Breach), or are redirected to compromised or malicious web sites where, depending on the cyber crime perpetrated, they enter their credentials or download a RAT (see above).
Q like Quarantine
The virtual boundary where malicious programs should be supposed to go. Usually the quarantine is empty exactly in the same manner in which the host is full of infections.
R like RAT
Remote Administration Tool. That’s what a user inadvertently installs when clicks on a unsecure attachment carried on by a phishing e-mail, or installs a file from an untrusted web site where she has been brought by clicking a link on a phishing e-mail.
S like Social Media
The better way to breach the rule #1 of the human firewall, the diffidence. Behind a social media is easy to hide your own identity, to build a false reputation and use it for criminal purposes. Do you remember Robin Sage, Anna Chapman or Primoris Era?
T like Threat Intelligence
Another weapon with whom security vendors aim to counter Cyber crime. Knowledge is power, knowledge sharing is much more powerful. Imagine a planetary network of security enforcement points (network based or endpoint based) sharing real time information on the detected threats, and putting it a disposal of each security enforcement point. This is what vendors are doing (no illusion each vendor has its own Global threat network) and it is one of the paradigms of Next Generation IPS (see the corresponding voice);
U like User
The User is the first bastion who faces attacks. The user is a human firewall with a single security policy enforced: diffidence. Even the most sophisticated technology may be useless if the user is not educated and the natural diffidence is breached.
V like Vulnerabilities (better if 0-day)
0-day vulnerabilities are vulnerabilities not yet known when exploited, and are used to bypass endpoint security solutions and install the Remote Administration tools.
W like Web Vulnerabilities
Web vulnerabilities are vulnerabilities used to inject malicious code on innocent web pages, that may be used to steal data from the back-end Database, redirect unaware users to malicious pages where they fall victims of scams or download malware (do you remember Liza Moon), or also in worst cases to execute client-side code (see letter X).
X like XSS
If Zeus is the king of Trojans, XSS (Cross-Site Scripting) is the queen of Web vulnerabilities capable to bypass client-side security mechanisms and gain elevate privileges on the victim, for instance to execute arbitrary code.
Y like Your Security
You are the first firewall and the first level of security for you and your organization, with only one rule configured: the diffidence. Never open an exception to this rule.
Z like Zeus
The king of gods in the Ancient Greece, and the king of trojans in the modern era. Polymorphic, multi-flavored, capable of generating a myriad of variants, also capable to cross the bridge from traditional endpoint to mobile device, it is the first example of a botnet malware capable to steal the M-Tan for online banking transactions.
- 755,906 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 1-15 April 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- 2013 Cyber Attacks Statistics
- August 2013 Cyber Attacks Statistics
- A (Graphical) World of Botnets and Cyber Attacks
- 1-15 March 2014 Cyber Attacks Timeline
- 16-31 March 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Statistics (Summary)
- In case you missed, here's the 1-15 April 2014 Cyber Attacks Timeline! hackmageddon.com/2014/04/24/1-1… #infosec - 1 hour ago
- 1-15 April 2014 Cyber Attacks Timeline wp.me/p14J6X-2y7 - 9 hours ago
- Analyzing a banking Trojan info.lastline.com/blog/analyzing… - 6 days ago
- Pipeline for a scalable malware analysis process: an interesting take from our very own @marco_cova. Worths reading! info.lastline.com/blog/a-pipelin… - 1 week ago
- 16-31 March 2014 Cyber Attacks Timeline wp.me/p14J6X-2y0 - 1 week ago
- RT @lastlineinc: Lastline co-founder Engin Kirda presents "Evasive Malware Attacks" at NY Information Security Meetup http://t.co/pcoZnspu1l - 2 weeks ago
- WatchGuard Uses Lastline's Cloud Based Sandbox to Combat APTs info.lastline.com/blog/watchguar… - 2 weeks ago
- @kf916 For the moment only the timelines. I am very busy. Hope to republish the charts quite soon - 2 weeks ago
- @lastlineinc is present at #ROOMn2014, visit our booth and discover how you can protect your organization from mobile advanced threats - 3 weeks ago
- @raistolo @dguido have you tried @HackSurfer? - 3 weeks ago