hp-security-research-cyber-risk-report-pdf-2-w-1408

Recommendations

Info

HP Security Research | Cyber Risk Report 2015C&C: See Command and ControlCabirThe first malware written for mobile devices, first detected in 2004. Cabir was a worm thattargeted the Nokia Series 60 Symbian platform and spread via the Bluetooth® OBEX protocol toother phones. It was proof-of-concept malware created by the virus writing group 29A.ClickjackingA technique used to make a user take an action of an attacker’s choice by clicking on partof a webpage. While the user may believe they are clicking on something innocuous, ineffect they are performing an action that is required by the attacker in order to achieve theirgoal—for example, by taking the action of clicking on a particular object on a page, a usermay inadvertently execute a script or comply with a request to grant a particular type of riskyactivity.Command and control (C&C)As with many terms used in computer security, this term has been borrowed from themilitary. Similar to the military use of the term it means a method of exercising authorityover resources, for example, a commanding officer commanding his troops. This term isoften used in the context of malware and botnets in particular, where a structure is set up tocommand and control many compromised computers from either a centralized, or is somecases, decentralized position. A centralized command and control structure might be a singleserver that compromised computers connect to in order to receive commands. A decentralizedcommand and control structure could be where compromised computers connect to a peer-topeernetwork, where commands are spread through the network from many possible nodes.Command and control may also be known as C2.Command injectionCommand injection occurs when an attacker is able to pass unsafe data to a system shell viaa vulnerable application so that the unsafe data is then executed on the targeted system. Theresult therefore of a successful command injection attack is the execution of arbitrary attackersuppliedcode on a targeted system. The risk of command injection attacks can be mitigated byappropriate input checking and validation.Cross-frame scriptingA form of cross-site scripting attack, in which an attacker exploits a vulnerability in a Webbrowser in order to load malicious third-party content that they control in the frame of awebpage on another site. This attack may allow an attacker to steal sensitive information,such as login details, that may be input into the frame because the targeted user believes therequest for login details came from the legitimate site.Cross-site scriptingAn attack that occurs when an attacker exploits a vulnerability in Web applications in order toinject malicious code into client-side code that is delivered from a compromised website to anunsuspecting user. This code that is delivered to the user is trusted, and hence executed, asit appears to come from a legitimate source. These types of attack occur due to insufficientchecking and validation of user-supplier input. Attackers may use this type of attack in order tobypass access controls or steal sensitive data.CryptoLockerA type of malware known as ransomware. Ransomware is malicious software that locks auser’s computer in some way and then demands a ransom in order for service to be restored. Inthe case of CryptoLocker, as the name suggests, users’ files are encrypted using an asymmetricencryption algorithm. A ransom is then demanded from affected users in order to decrypt andtherefore restore their files. CryptoLocker was first discovered in the wild by researchers in2013. It was reported to have been propagated via the Gameover Zeus botnet. The “success”of ransomware such as CryptoLocker has spawned many copycat programs. The best way toavoid being the victim of ransomware is to ensure that regular backups of your files are createdand maintained, and then stored in an unrelated system; thus, if files are encrypted, they can berestored from backup.70
HP Security Research | Cyber Risk Report 2015DEP (data execution prevention)A security measure used by modern operating systems that is intended to prevent the runningof malicious code on an affected system. It operates by marking areas of memory as eitherexecutable or non-executable and raises exceptions when code attempts to run from areas thatare deemed non-executable.DecebalDecebal is named after the Romanian Emperor “Decebalus,” the last king of Dacia, and is aVBScript-based POS malware created by Romanian cyber criminals. Similar to Dexter, it alsoscrapes memory for track 2 credit card information and sends it back to C&C servers. Decebalwas observed in the wild in early 2014, although various samples since captured appear to dateit back to mid-2013. It is written in Microsoft Visual Basic, which is an event-driven programminglanguage that follows the COM programming model. This makes it ideal for the malware totarget point of sale systems that run OPOS systems.DexterPOS malware that was first discovered in the wild in 2012. Dexter uses RAM-scrapingtechniques in order to capture credit card details from track 2 data captured on POS systems.Directory traversalA directory traversal occurs when an attacker is able to access areas of a system that are notintended to be publically accessible. This may occur due to inappropriate or insufficient checkingof user-supplied data that contains characters that may be interpreted to traverse paths to aparent directory of the targeted system.DoS (denial of service)A condition that occurs when the resources of a system are exhausted in some manner thatcauses the system to stop responding.ExfiltrationIn the context of computer security, exfiltration refers to the removal of valuable captured datafrom a compromised system. This is often performed as a separate step, by separate tools fromthose that may be used in order to first compromise the targeted system and then to captureand store data. In order for data to be exfiltrated, for example, it may need to be moved to acomputer that has access to the Internet.ExploitCode written expressly to take advantage of the security gap created by a particularvulnerability in order to deliver a malicious payload. They may be targeted at specificorganizations or used en masse in order to compromise as many hosts as possible. Deliverymechanisms utilize many different technologies and vehicles and often contain a socialengineering element—effectively an exploit against vulnerabilities in human nature in order tomake the victim take a particular action of the attacker’s choosing.External leakageAn external information leak occurs when system data or debugging information leaves theprogram to a remote machine via a socket or network connection.FakeinstMobile malware that targets the Android platform. The Fakeinst family of malwaremasquerades as helpful installers that are used to install other useful applications. However,once executed they attempt to send SMS messages to premium-rate services, leaving affectedusers with unexpectedly high phone bills.Foundational technologiesA technology that provides infrastructure for another technology. For example, a documentmanagement system could require a relational database as a foundational technology.Frame-sniffingThese attacks occur when an attacker uses a hidden HTML frame to load a target website insidean attacker-controlled webpage. By doing this, attackers can access sensitive information aboutthe content of framed pages.71
Page 1 and 2:
BrochureHP SecurityResearchCyber Ri
Page 3 and 4:
HP Security Research | Cyber Risk R
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20: HP Security Research | Cyber Risk R
Page 74: HP Security Research | Cyber Risk R
show all

hp-security-research-cyber-risk-report-pdf-2-w-1408

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?