The 2015 threat landscape was both disquieting and foreboding—upping the ante in a rash of data breaches-Anthem, Ashley, CIA, Madison, IRS,OPM, VTech and myriad others—turn the page. DDoS attacks, IoT threats, hacktivism, Juniper backdoors, mobile malware attacks, and ransomware— just to name a few.

With 2015 hanging in the rearview mirror—we thought we would feature some of our best security posts and labs from the past year (listed in no particular order).

Security Posts

Attack of the Home Router

The security of any network is only as strong as its weakest link. What if that weak link is so fundamental that most of us may not even consider it to be faulty? Increasingly bad actors have been targeting common routers, the backbone of the Internet, as the new playground for mischief online.

According to researchers at SEC Consult the “USB over IP or NetUSB function contains a buffer overflow vulnerability. This flaw is present in most modern Small Office Home Office (SOHO) routers including those from D-Link, Netgear, TP-Link, Trendnet, and ZyXEL.”

As part of the connection initiation, the researchers wrote in their blog, “the client sends his computer name. This is where it gets interesting: The client can specify the length of the computer name.”

Read More Security

When the Security Community Eats Its Own

The CEO of a Major Corp. asks the CISO if the new exploit discovered in the wild, Shizzam, could affect their production systems. He said he didn’t think so, but just to be sure he said they will analyze all the systems for the vulnerability.

So his staff is told to drop everything, learn all they can about this new exploit and analyze all systems for vulnerabilities. They go through logs, run scans with FOSS tools, and even buy a Shizzam plugin from their vendor for their AV scanner. They find nothing.

Read More Security

HORNET: A Better, Faster TOR

TOR, the Onion Router, is the choice of dissidents and journalists alike. It anonymizes Web traffic by obfuscating the source and the destination through a mesh of intermediaries.

Unfortunately, anonymity comes at a high computational price. TOR is slow.

Created in 2004 by the US Navy Research Lab, Tor was designed among other reasons to help people in oppressive countries gain access to the Internet.

Recently, it has been speculated that law enforcement have found ways to decrypt routing information regarding source and destinations of TOR requests. This includes controlling some of the nodes.

Read More Security

Sphinx: New Zeus Variant for Sale on the Black Market

The 0Day marketplace was a busy beaver this weekend. I’ve been waiting and watching Sphinx for the past 10 days to see if the 0Day admin would verify this new threat.

New Zeus Variant

On Sunday evening, Sphinx, a new variant of the Zeus banking trojan was admin-verified. Sphinx is coded in C++ and based on ZeuS source code and operates fully through the Tor network using a Tor hidden service. This variant is listed as being immune to sinkholing, blacklisting, and the ZeuS tracker.

The seller claims that you do not need bulletproof hosting (generally immune from takedown requests) when operating a Sphinx botnet, though he still recommends it.

Read More Security

A Buyers Guide to Stolen Data on the Deep Web

Before starting our quick tour in the criminal underground to collect information on the principal items and services offered for sale and rent, lets clarify some useful concepts.

What is the Underground Ecosystem?

The term underground ecosystem is usually used to refer a collection of forums, websites and chat rooms that are designed with the specific intent to advantage, streamline and industrialize criminal activities.

The underground ecosystem represents a portion of cyberspace that is considered vital for criminal communities, where criminals can acquire and sell tools, services and data for various kinds of illegal activities.

Read More Security

How to Reverse Engineer Android Applications

In computing, reverse engineering is the process of understanding how things work and reusing the information to do something. This is applicable even to Android apps. You might reverse engineer Android apps for many reasons:

  • Read another’s code
  • Find vulnerabilities in the code
  • Search for sensitive data hardcoded in the code
  • Malware Analysis
  • Modifying the functionality of an existing application

Read More Security

Understanding the Threat Intelligence Lifecycle

Everyone is interested in Threat Intelligence (TI). There is a race to the top of the mountain with regards to providing ‘Intelligence’ on the ‘latest threats’; but, what does that really mean for information consumers?

Firstly, let’s look at the term ‘Intelligence’. For most individuals the term Intelligence has several meanings ranging from covert operations to information gathering. However, very little time is actually spent on the Intelligence Lifecycle.

Understanding the lifecycle and some key framework concepts of Intelligence will help people understand where TI really enters into Intelligence; and how the basics can be leveraged to derive value added information into the organization.

Read More Security

DarkNet Attacks Revealed in Real-Time

From Byron Acohido, ThirdCertainty: “One of the most powerful technologies for spying on cyber criminals lurking in the Dark Net comes from a St. Louis-based startup, Norse Corp.”

“Founded in 2010 by its chief technology officer, Tommy Stiansen, Norse has assembled a global network, called IPViking, comprised of sensors that appear on the Internet as vulnerable computing devices.”

“These honeypots appear to be everything from routers and servers, to laptops and mobile devices, to Internet-connected web cams, office equipment and medical devices.”

Read More Security

RATs Targeting Android – Crime, Surveillance, or Something Else?

Recent reporting indicates that Iranian hackers have demonstrated interest in remote access Trojans (RATs) designed to exploit Android mobile devices. A threat researcher monitoring prominent Iranian hacker boards noted that many of the discussions focused on those RATs that targeted Android operating systems. The two RATs cited – AndroRAT and DroidJack – drew comparisons to njRAT due to its availability for download/purchase, ease of use, and strong community response, according to the researcher. Both Trojans can be integrated into legitimate-looking mobile applications in order to entice users into installing them onto their phones.

Read More Security

OPM Hack: For Whom the Bell Tolls…

Almost a month ago, I wrote a piece titled It’s Not the Hackers you’re thinking of in 2015. The focus of that blog was to illustrate a concern I had about how the Anthem breach was being illustrated by the usual fanfare of media types in the field of cyber and how the element of an advanced espionage motive may have been overlooked.

First, I would like to thank my readers, as that article was the best-received piece to date, and I look forward to hopefully meeting your future expectations.

The first week of June set off with a hack heard round the world, which started a revolution (thank you School House Rock), or in this case a wake up bell for the United States – yet again.

Read More Security


The Ottoman Hackers? Middle Eastern and Eastern European Exploit Exchange Program

Are Eastern European and Middle Eastern hacking groups looking to recreate a digital Ottoman Empire? Norse Intelligence Analysis Team has identified several indicators that reveal a trend involving groups located in the Middle East working closely with European hackers to share Tactics, Techniques, and Procedures (TTPs) for conducting politically and ideologically-motivated hacks.

Read More Security

Dyre Deep Dive

In 2014, the takedown of banking Trojans such as Gameover, Zeus, Shylock, and Ramnit created a void for cybercriminal groups. Since its first appearance in June 2014, the Dyre Trojan has effectively filled this void by targeting corporate and private banking accounts in a succession of phishing campaigns across the globe, including the Royal Bank of Scotland, Citigroup, JPMorgan Chase, and Bank of America. This makes Dyre, also known as Dyreza, Dyranges, or Battdil, one of the more potent banking trojans currently in operation.

Read More Security

The post The top 12 Darkmatters security posts of 2015 appeared first on Darkmatters.

… Read Original Article At Dark Matters