"The attack victims... were not ordinary home users nor
employees of Fortune 500 companies or government institutions.
The cybercriminals instead went after SMBs [small and midsized
businesses], which led us to realize how vulnerable they are"
to these threats, the report says. "SMBs may not be involved
in multimilliondollar deals but they do conduct transactions
worth tens to hundreds of thousands of dollars. Even worse,
their employees may not even be aware of general IT security
best practices."
One of the nice side effects of continuing to run Windows 98 on
administrative computers at our SMB (computers that, for example,
interface with our 14-year-old AccPac accounting software database) is
that no matter how convoluted these attempts are to entice users to
click on email attachments, none of this super-sophisticated malware
will run on our win-98 systems.
Micro$haft performed economic terrorism upon the United States and the
world by releasing Windoze XP in the winter of 2001. XP was the perfect
trojan-hosting platform for many years, and Windoze 7 (and 8, and soon
to be 10) will continue the tradition.
XP on home and soho and SMB computers allowed those that created trojan
and botnet software to cross the line to become established commercial
ventures that would hence forth always be with us. Or at least with
those that jumped (like fools) onto the NT bandwagon, continuously fed
the IV drip of "New = better" and "New = secure".
What a pleasure it is to not have to run any form of anti-malware
software on the majority of our computers. What a pleasure it is to not
have to make continuous "investments" in purchasing new hardware and OS
licenses. For the rest of you - you can continue to be dupped by the
entrenched interests of the anti-malware community, the Wintel monopoly,
and the press and journalistic establishments that exist to serve them.
And you will suffer continuous computing hardship as a result.
=================================================================
Small-to-Midsized Businesses Targeted In More Invasive Cyberattacks
How notorious remote access tools Predator Pain and Limitless have
evolved into bargain-basement tools accessible to masses of
cybercriminals.
11/11/2014
For just $40, a criminal can now buy a keylogger that not only captures
keystrokes and credentials, but also geo-locates, intercepts emails and
instant messages, and even reconfigures the compromised email account to
send the criminal the victim's emails directly -- all while
automatically encrypting the back-channel communications.
"Before, you were buying a knife with a corkscrew, and now you're buying
a full Swiss Army knife," says Tom Kellermann, chief cyber security
officer at Trend Micro, which today published a report on how two
pervasive keylogger programs have evolved into inexpensive cyberspying
tools being used to hit small and midsized businesses (SMBs) worldwide.
The so-called Predator Pain and Limitless malware kits are now more
accessible to the masses and theoretically to lower-level criminals,
Kellermann says. The new modules also offer attackers more "omniscience"
into their victim's machines -- and lives.
"Back in the day, you had to build it [the malware] or be a trusted
member to buy it for a high price," he says. "Now, for as much as it
takes to fill up a tank of gas, you can read minds."
Another interesting twist, according to Trend's research, is that the
bad guys behind the Predator Pain and Limitless malware still retain
administrative rights to the malware when they sell a copy; they get
access to the victims that the buyers infect, as well. "What they're
doing is commercializing crime kits… that's fully automated and
functional for the masses," Kellermann says. "This begins a crimewave."
Predator Pain and Limitless were the centerpiece of NightHunter, a
credentials-stealing campaign detailed by Cyphort researchers.
https://www.cyphort.com/blog/nighthunter-massive-campaign-steal-credentials-rev
ealed/
"NightHunter is one the more unique campaigns we have researched at
Cyphort due to the footprint and complex data collection models it
exhibits, furthermore the use of low-signal evasion it is leveraging
such as webmail for data exfiltration points to much larger end-goal,"
Cyphort's McEnroe Navara wrote in a July blog post. "This points to the
shifting 'Tradecraft' being adopted by actors leveraging BigData models
to mine more interesting and strategically suitable data, whether it
being for direct and targeted attacks or providing highly actionable
content to other actors for economic benefits."
The typical attack with these tools begins with a business-themed
phishing email sent to publicly listed email addresses and rigged with
Predator Pain or Limitless. When a victim falls for the message and
downloads an attachment with the email, the attacker -- via email, file
transfer protocol, or Web PHP panel -- gets all of the victim's system
information, keystrokes, cached credentials, and desktop screenshots.
The attackers employ a type of 419/Nigerian scam via high-volume
phishing email runs, including phony corporate emails that dupe victims
into depositing payments, for example.
"The attack victims... were not ordinary home users nor employees of
Fortune 500 companies or government institutions. The cybercriminals
instead went after SMBs [small and midsized businesses], which led us to
realize how vulnerable they are" to these threats, the report says.
"SMBs may not be involved in multimilliondollar deals but they do
conduct transactions worth tens to hundreds of thousands of dollars.
Even worse, their employees may not even be aware of general IT security
best practices."
According to Trend's findings, the attacks go well beyond the usual
keylogging exfiltration.
Cybercriminals are able to invade their victims' privacy
wholesale; they can determine where victims live, where they work, what
they do for a living, what their marital statuses are, and so much more.
419 scams are easy-to-deploy, high-volume attacks that can be
carried out without the use of Predator Pain or Limitless keyloggers.
The 419 scammers in this instance, however, must have realized that
infiltrating SMBs and conducting protracted, low-volume corporate
espionage to commit fraud yields a much higher return on investment
(ROI) in the long run.
The breached SMBs can often provide a stepping-stone to a larger and
more lucrative business partner, for instance, which makes the Predator
Pain and Limitless attacks against smaller, easier targets even more
valuable.
"If you can get inside the SMB marketplace and go after their larger
partners, it's just that easy," Kellermann says.
The full report from Trend, "From Cybercrime to Cyberspying: Using
Limitless Keylogger and Predator Pain," is available here:
http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats
/cybercrime-to-cyberspying-limitless-keylogger-and-predator-pain/
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|