hp-security-research-cyber-risk-report-pdf-2-w-1408

HP Security Research | Cyber Risk Report 2015FuzzingThis is an automated vulnerability research technique that involves using a fuzzer (a fuzzingtool) to inject malformed data to an application in order to attempt to cause it to crash. Thistechnique is used to uncover possible areas of weakness or vulnerability within the applicationfor further research and testing.Gameover ZeusA notorious botnet consisting of peer-to-peer variants of the Zeus malware family (also knownas Win32.Zbot). By using peer-to-peer, this botnet used a decentralized command-and-controlinfrastructure, thus avoiding the single point of failure of more centralized command andcontrol structures and making the botnet more resilient to takedown. The Zeus malware familyis associated with the sophisticated theft of online banking credentials; however, the botnetmay have been used to carry out other malicious activities such as propagating additionalmalware, sending spam, and carrying out distributed denial of service (DDOS) attacks. In mid-2014, U.S. authorities brought down a large botnet of Gameover Zeus variants and causedsignificant disruption to the botnet’s malicious activities.GepawMalware written for the Android platform that targets online banking users. One of the firstAndroid malware samples to be purposefully installed by a Windows component if an Androiddevice was connected to the desktop.Heap sprayHeap spraying is a technique used by attackers to assist in use-after-free exploitation bydecreasing entropy in the address space. It is not itself an exploit method; instead, it aidsattackers by making freed memory space more orderly and predictable. Heap spraying consistsof forcing repeated allocations in an attempt to reclaim the freed buffer and to introduce someusable order to the freed space.HeartbleedA flaw, discovered in 2014, that allowed for unauthenticated remote attackers to disclose thememory of applications that use a vulnerable version of OpenSSL. Successful attacks couldresult in the disclosure of SSL private keys, usernames/passwords, and session tokens.Information disclosure vulnerabilityA vulnerability that results in the unauthorized disclosure of information from a system. Theeffect of this type of vulnerability varies according to the nature of the information that may bedisclosed. Such information could be used in order to conduct reconnaissance before a targetedattack, or could be the end game of the attack. The Heartbleed vulnerability was an informationdisclosure vulnerability that allowed for unauthenticated remote attackers to disclose thememory of applications that use a vulnerable version of OpenSSL.JucheA North Korean political ideology that proposes that the future independence of the NorthKorean state is determined by the agency of its people. This principle (simplified here) is used todrive and promote policy in North Korea.KeyloggingThe act of capturing keyboard events, such as keystrokes, in a log file that can later beexfiltrated by an attacker. This type of function may be used to capture sensitive informationsuch as login details for various systems.Legacy codeCode within a software program inherited from a previous version of the program.MiddlewareThe software that sits between layers of other software to make the layers below and on theside work with each other. It is software invisible to the user that takes two or more differentapplications and makes them work seamlessly together.MoneyPakAn online payment system, often used by the perpetrators of ransomware and rogue antivirussoftware, to gather ransom and extortion payments from victims.72