July 18, 2014
FBI Says Botnets Infecting 18 Computers Per Second; 500M Worldwide Each Year; Malware Using Denial And Deception Techniques To Evade Discovery
PDF Of FBI Cyber Division Director’s Testimony To Senate On Cyber Crime Threat can be accessed at the link below
Swati Khandelwal had an online article in yesterday’s (July 17, 2014) TheHackerNews.com, writing that “cyber criminals have brushed up their hacking skills; and, are using Botnets as a cyber weapon to carry out multiple crimes like Distributed Denial Of Service (DDoS) attacks, mass spamming, page rank and advertising revenue manipulation, mining Bitcoins, cyber espionage and surveillance,” and other malicious activities. “Botnets,” as Mr. Khandelwal explains, are used by cyber thieves to “compromise networks of ordinary home and office computers with rouge software, or “malware,” that are controlled by an individual or group.” Their use, he notes, “has increased dramatically over the past few years; and, are considered the biggest threat to the Internet,” as we look ahead.
18 Botnets Per Second; 500M Infections Worldwide Each Year
Joseph Demarest, Director of the FBI’s Cyber Division, testified on July 15, 2014, to the Senate Judiciary Committee, Subcommittee On Crime and Terrorism that “the Botnet has become one of the biggest enemies of the Internet today; and therefore, its [negative] impact is significant. Agent Demarest testified that “every second, 18 computers/mobile devices are compromised by Botnet armies, — which amounts to more than 500M infections worldwide each year. A copy of Mr. Demarest’s testimony, “Taking Down Botnets: Public and Private Efforts To Disrupt and Dismantle Cyber Criminal Networks,” is attached as a PDF.
“Botnets,” Mr. Khandelwal writes, “allows its operator to steal personal and financial information, get into system’ owners bank accounts, steal millions of credit cards, shut down websites, monitor your every keystroke, and even activate systems’ cameras secretly,” without the owner/user aware that their computer/device has been seriously compromised.
Botnet Fetched Millions Of Dollars
Agent Demarest testified that “the use of botnets is on the rise. Industry experts estimate that botnet attacks have resulted in the overall loss of millions of dollars from financial institutions; and, other major U.S. businesses. As you well know, we face cyber threats from state-sponsored hackers, hackers for hire, organized cyber crime syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas – things of incredible value to all of us.”
Two Faces Of The Same Government: The FBI, And The NSA
The FBI of course wants to shut down these Internet digital black market and malicious botnet boutiques; while the NSA and the rest of the Intelligence Community no doubt want to exploit and understand the cyber botnet ecosystem; as well as establish a repository of knowledge on the structure and makeup of the botnets themselves. The two missions/philosophies don’t always see eye-to-eye on how to proceed. It is an age-old tension and balancing act that goes on constantly.
The Threat Is Growing In Complexity, Sophistication , Scope, And Speed
Sarah Peters, writing on the website DarkReading.com, (July 17, 2014), writes that “malware originally developed for government espionage, in now in use by [cyber] criminals — who, are bolting it onto to their rootkits and ransomware.” She notes that the malware, Gyges, was first discovered in March of this year by the cyber security firm Sentinel Labs. Sentinel Labs concluded, “Gyges is an early example of how advanced techniques and code — developed by governments for espionage — are effectively being repurposed, modularized, and coupled with other malware to commit cyber crime.” Sentinel Labs concludes that “Gyges’ evasion techniques are “significantly more sophisticated,” than the payloads attached. It includes anti-detection, anti-tampering, anti-debugging, and anti-reverse engineering capabilities.”
Because of these attributes, Sentinel’s researchers “suspected that although Gyges was attached as ransomware (including CryptoLocker) and bot code, it had originally been created as a “carrier” for a much more sophisticated attack — something like what a government agency would use to collect intelligence data.” “Further analysis bears that out,” writes Ms. Peters, as “certain components of the code matched that of unknown malware, which had been used before in targeted attacks for an espionage campaign originating in Russia.”
“This code is really hard to replicate,” said Udi Shamir, Sentinels Director of Research, “so it would be hard to believe that it was created by a different group.” He added that “Gyges went to great lengths to hide itself: waiting for user inactivity before operating. It also uses a hooking bypass technique that exploits a log bug in Windows 7 and 8. Security tools could hook into Windows-On-Windows to see what 32-bit applications are being trying to run on 64-bit system. What Gyges can do, is start as a 32-bit application, then call the 64-bit system directly, instead of working through Windows-on-Windows, thereby bypassing a hook.”
“Malware hackers know that at some point they’re going to be detected,” said Sentinel Labs CEO Tomer Weingarten. “So, [the Gyges writers] also started focusing on what happens after they’re detected. They’re putting in mechanisms to make it very hard for vendors to analyze them.”
Ms. Peters writes that “this kind of malware was used by government agencies to gather information: eavesdropping, keylogging, capturing screens, and stealing identities as well as intellectual property. Now [cyber thieves] it is being used by cyber criminals for committing online banking fraud, encrypting hard drives [and holding them ransom] to collect ransoms, installing rootkits, and Trojans, creating Botnets, and targeting critical infrastructures.”
“This is definitely a trend we’re seeing,” Mr. Weingarten said. “The evasion code is becoming what malware is all about.”
Maybe Germany and Russia have it right. Maybe a return to the old-fashioned typewriter is warranted — for some or most of our most sensitive, confidential conversations and information. V/R, RCP
No comments:
Post a Comment