Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Jo Hurcombe | 16 Dec 2014 15:06:05 GMT

link_spam_increase.jpg

Contributor: Satnam Narang 

Attackers behind malicious spam campaigns have shifted their tactics in recent months and are increasingly attempting to infect victims by luring them into clicking on links rather than sending them malicious attachments.

Since late November, Symantec Security Response has seen a spike in the number of malicious emails using this tactic. Over the last six months, there were relatively few spam emails containing malicious links. For example, in October, only seven percent of malicious spam emails contained links. That number jumped to 41 percent in November and has continued to climb in early December.

While many malicious emails come with an attachment, organizations can block and filter these types of messages. Symantec believes that the Cutwail botnet (...

Symantec Security Response | 15 Dec 2014 20:27:57 GMT

Ransomware is nothing new to Japan. Symantec’s research has found that Japan ranks among the regions that are the most affected by global ransomware attacks. However, no attacks specifically targeting Japanese users have ever been confirmed. That is, until now. In the recent weeks, Symantec has observed a ransomware variant in the wild that was designed to target users who speak Japanese.

Torlocker 1.png
Figure 1. Ransomware attacks in November 2014 by region

The ransomware threat in question is a localized variant of TorLocker. The malware encrypts files with certain file extensions on the compromised computer and demands that the user pays in order to decrypt the files. Symantec has confirmed multiple variants of this particular Japanese ransomware threat.

TorLocker has been used in ransomware attacks around the world. The...

Candid Wueest | 10 Dec 2014 11:49:22 GMT

underground-header-662x348.jpg

During the holiday season, shoppers scour the internet to find the best deals for the perfect gifts. Ordinary consumers aren’t the only ones looking for bargains at this time of year. A host of cybercriminals are looking to shop at other people’s expense and use underground marketplaces to buy and sell illegal goods and services. Stolen data, compromised online accounts, custom malware, attack services and infrastructure, fraudulent vouchers, and much more can be bought if you know where to go.

Prices for illegal goods and services can vary widely, depending on what’s offered, but bargains exist even for cybercriminals on the tightest budgets. Attackers can pick up stolen data and compromised accounts for less than a dollar. Larger services, such as attack infrastructure, can cost anything from a hundred dollars to a few thousand. However,...

PraveenSingh | 09 Dec 2014 20:08:40 GMT

ms-tuesday-patch-key-concept-colored-light.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 24 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
...

John-Paul Power | 05 Dec 2014 19:06:30 GMT

airgap-header-662x348.png

Contributor: Candid Wueest

Industries that deal with sensitive information rely heavily on air-gapped systems to protect their critical data. However, while these systems are more secure than most others, there are ways to compromise them, potentially allowing attackers to steal the affected organizations’ highly sensitive data. From radio signal-emitting graphics cards to computers communicating through their speakers, are air gaps, once considered the Fort Knox of security measures, beginning to show cracks?

An air gap is a security measure that protects critical data by keeping one or more computers isolated from other unsecured networks, such as the internet, for example. System administrators may choose to air gap military systems, computerized medical systems, and...

Symantec Security Response | 04 Dec 2014 19:50:56 GMT

Destover 1 edit.jpg

Backdoor.Destover, the destructive malware that was the subject of an FBI Flash Warning this week, shares several links to earlier attacks directed at targets in South Korea. Some samples of Destover report to a command-and-control (C&C) server that was also used by a version of Trojan.Volgmer crafted to attack South Korean targets. The shared C&C indicates that the same group may be behind both attacks.  

Volgmer is a targeted piece of malware, likely used by a single group, which has been used in limited attacks, possibly as a first stage reconnaissance tool. It can be used to gather system information and download further...

Candid Wueest | 03 Dec 2014 13:57:27 GMT

smarthouse-header-662x348.png
Contributor: Mario Ballano

With the holiday season around the corner, thoughts turn to a warm home brightened up by the twinkle of seasonal decorations. If you’re a geek like me, it’s always tempting to opt for the high-tech solution and control your festive lights with one of the growing number of home automation devices available. However, Symantec has found that some of these devices contain security flaws that could allow attackers to gain access to your home network. 

Two home automation hubs tested by Symantec had multiple security flaws that could potentially allow attackers to gain access to the hubs themselves and, by extension, to other devices connected to them. The issues aren't specific to these particular hubs; any connected device is potentially at risk. Many more smart home devices potentially have similar...

Peter Coogan | 25 Nov 2014 12:26:43 GMT

Small-scale mobile app software entrepreneurship has been described as the cottage industry of the 21st century. It allows talented software developers to apply their skills to create new and innovative mobile apps, with the hope of becoming the next big thing and, perhaps, even attaining the trappings of wealth associated with success. However, with over 1 million apps available for download on the Google Play Store, for every success story there are countless apps that fail to deliver.

While I was researching a new Android remote administration tool (RAT) known as DroidJack (detected by Symantec as Android.Sandorat), it soon became apparent that its authors had actually started off as Android app developers. In their own words, they were “budding entrepreneurs trying to develop and apply skills that we have gained.” With limited success of their legitimate app on the Google Play...

Symantec Security Response | 23 Nov 2014 16:58:23 GMT

Code_tunnel_concept.png

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.

It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state....

Symantec Security Response | 20 Nov 2014 17:14:00 GMT | 0 comments

As Americans gear up for another holiday shopping season, the threat posed by point-of-sale malware remains high. More than a year after the discovery of the first major attacks against POS networks, many US retailers are still vulnerable to this type of attack and are likely to remain so until the complete transition to more secure payment card technologies in 2015. 

While some retailers have enhanced security by implementing encryption on their POS terminals, others have not and retailers will continue to be a low-hanging fruit for some time. While the introduction of new technologies will help stem the flow of attacks, it will not eliminate fraud completely and attackers have a track record of adapting their methods. 

Point-of-sale malware is now one of the biggest sources of stolen payment cards for cybercriminals. Although it hit the headlines over the past year, the POS malware threat has been slowly germinating since 2005 and the retail industry...