The year in review
2014 threw up a few surprises; in the case of Shellshock, a dormant bug appeared. Regin probably gets the title as the stealthiest malware yet detected. CryptoLocker became very popular in Australia for a few months. Google and the University of California released a study that found phishing is highly effective. Finally, a study looked into why people might ignore browser warnings.
Shellshock – a dormant bug erupts
A long time bug that was possibly introduced in 1989 surfaced in late September this year, and boy did it cause issues. Shellshock was a bug in the bash shell that could enable attackers to inject arbitrary code. In a world where many web servers run Linux, and where bash is highly utilised, Shellshock had the potential to big very big, and unpleasant.
Fortunately the security folk were onto the bug swiftly, and issued several patches. We should all be grateful to the programmers looked at code in excess of 20 years old and came up with patches to close off the hole.
Unfortunately, Shellshock kept on showing up in obscure places. The big one was in SMTP, where attackers worked out a way to craft an email that could then be used to launch attacks. Fortunately the issue could be circumvented by applying the bash patches.
Regin stealing information malware
Possibly one of the most mysterious forms of malware discovered in 2014 was the Regin malware. This particular form of malware had a high level of sophistication, and used targeted attacks. In one instance, Regin was found to have been installed on the Base Station Controller of a GSM cellular network.
The main task of Regin appeared to be the stealing of confidential information and emails. It has been known to disappear without leaving many traces.
CryptoLocker spread via fake speeding fines
CryptoLocker was a big hit in Australia in 2014; even the ABC 24 network succumbed to its popularity (albeit for 30 minutes). CryptoLocker is spread via phishing emails; the usual technique followed is to disguise the executable using a different file extension; usually a pdf extension. The user is tricked into downloading and opening the pdf file, which installs CryptoLocker on their PC. One of the ways CryptoLocker has been spread in Australia recently has been via fake speeding fine notices.
CryptoLocker will encrypt files with office extension, and it also goes hunting on any network drives for more files to encrypt. Once done, it displays a ransom message, telling the user they need to pay money to have their files released.
Phishing is very effective
Phishing in general is the attack method of choice for many forms of malware. It is also being used to steal consumer’s credit card details and other forms of personal information. It seems pretty low tech; however, a study by Google and the University of California threw up some interesting statistics.
The first statistic is that even the worst, most obvious phishing emails still managed to snare 2% of users. At the other end of the scale, well-crafted phishing emails hooked 45% of users.
This study shows that, whilst phishing may seem low tech, it is still surprisingly (or perhaps unsurprisingly) effective as a means to spread malware and/or steal user information.
Ignoring browser warnings
There was another study by Brigham Young University that sought to establish why people might ignore browser warnings. The study simulated a work type environment where participants were under time pressures to complete tasks.
At various points in time a browser warning (very similar to the Chrome warning) would crop up. Participants who clicked to continue were not penalised, but those who did not incurred a small penalty. Some users (those that clicked through) were eventually shown a screen that implied their PC had been hacked. Whilst the message was false, the experience caused the users to proceed cautiously in future tests.
The interesting part of this study was that many participants rated themselves quite high in knowledge of IT security.