Asian companies are in biggest danger of cyber attacks

Attackers are advancing zero day exploits into ‘zero-day-plus-one’ attacks at record speed, warns a new report from Nexusguard. Attacks are outpacing even those IT teams working at their most efficient pace, and teams could not possibly be expected to keep up with the rate of attack.

Add to this the falling cost of botnet-for-hire schemes that threaten to attack unsuspecting businesses for as little as twenty-dollars per attack and teams are overwhelmed in their efforts to stay ahead of swiftly evolving threats.

“The Asia Pacific region not only produces the most amount of DDoS scans to the Internet, but is also the biggest target of DDoS attacks than anywhere else in the world,” says Terrence Gareau, Chief Scientist at Nexusguard. “With the highest rate of software piracy globally, it should come as no surprise that the large botnets are able to operate freely in this region simply because there are so many vulnerable systems.”

Industry and analyst research reviewed in the latest Cybersecurity Asia Pacific report sponsored by Nexusguard point further to the serious cybersecurity threat that companies in the region are facing.

The report notes that organizations in the Asia-Pacific region were forecast to spend $230 billion to deal with cybersecurity breaches in 2014 — the highest amount for any region in the world, according to International Data Corporation (IDC) and the National University of Singapore survey, as reported in Marsh’s “Cybercrime in Asia” 2014 report.

The Asia Pacific Cyber Security Market contributes 17.21 percent of the global market and will grow to 21.16 percent by 2019, according to MicroMarketMonitor.

The private sector – highly developed, economically lucrative, and a prime target for the theft of intellectual property, blackmail, phishing, and identity theft – is investing in cybersecurity in nations such as China, Japan, Korea, Australia, New Zealand, Hong Kong, and Singapore”, according to ABI Research.

Research and Markets states that demand for cloud-based security solutions is one  key trend emerging in the cybersecurity market. End-users prefer cloud-based  security solutions because they are cost-effective and can be easily managed. Therefore, both large enterprises and SMEs in the Asia-Pacific region are increasingly adopting cloud-based cyber security solutions.

According to the Asia Cloud Computing Association, China leads Asia-Pacific nations with a total addressable cloud computing market totaling $141.9 billion. Japan is the number two nation in the region at $101.4 billion. Indonesia is number three at $76.8 billion.

More importantly, Gartner predicts that by 2018, more than half of organisations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures. The expected increase in spending to deal with cybersecurity threats and the lack of preparedness of Asian companies thus represents an opportunity for global firms and regional or local service providers to invest in the right partnerships and technologies to beef up their security offerings.

“Cyber threats including DDoS attacks are a serious meance facing CIOs and their teams, and extending across the organization, especially with the growing integration of personal mobile devices into the corporate network, and increasing mobility of the workforce spread across multiple locations, with all of these disparate areas linked through the cloud,” said Jolene Lee, CEO, Nexusguard.

“Combined with the rate and speed of cyber-attacks and the increasing intelligence behind them, companies outsourcing their cybersecurity needs would be well advised to consider not just innovative technology and global reach, but also the depth of experience and expertise in predicting and mitigating threats.”

2015 Most Dangerous Celebrity

Who doesn’t love to search for celebrities online? From red carpet photos, to clips of the latest fashion faux pas, Hollywood gossip on the Web has a lot of us hooked. But sometimes, our interest in the stars can lead us into the digital danger zone.

Intel Security has dubbed electronic dance music DJ Armin van Buuren as the Most Dangerous Cyber Celebrity of 2015.

The company found that when Web users search for his name combined with the terms "free MP4," "HD downloads," or "torrent" they have almost a one in five chance of landing on a malicious site when they click on the search results.

A number of other musicians also generate dangerous search results, according to Intel Security's Most Dangerous Celebrities study.

"With today's busy culture and a desire for real time information, consumers often click on sites that will quickly provide them with news and entertainment, without considering safety and security implications," said Stacey Conner, online safety expert at Intel Security. "Cybercriminals leverage this need for immediacy by encouraging people to visit unsafe sites that can steal private data."

Indeed, it's worth reminding employees to access content directly from official websites of content providers, to only download videos from legitimate sites, and to use caution when searching for "HD downloads," which is by far the highest virus-prone search term

Cybercriminals will continue to innovate, looking for new ways to take advantage of our interest in pop culture to steal personal information.  Luckily, there are a few things you can do to keep yourself safe:

• Only download from verified sites. Don’t download anything from a website you don’t trust. If it looks suspicious, your hunch about its legitimacy is probably right. Access content directly from reputable sources, such as Apple Music and Google Play Music.
• Be strict when sharing your personal information. If you receive a message from an unknown website asking for your log-in, or requesting other personal information, about face. Cybercriminals often pose as legitimate companies to scoop up your sensitive information via email, text, or other methods of communication. Be wary of these phishing tactics to avoid becoming a victim of identity theft.
• Let an online safety advisor be your guide. When it’s hard to tell if a site is legitimate, a web advisor can help. 
• Use comprehensive security. Whether you follow celebrity gossip or not, it’s always a good idea to protect your devices from potential infection.

Cyber Security Agency of Singapore forges partnerships to boost security capabilities

The Cyber Security Agency of Singapore (CSA) has forged new partnerships to boost cyber security capabilities as part of its ongoing efforts to strengthen Singapore’s cyber security posture and stay ahead of a rapidly evolving cyber security landscape.

The CSA signed a Memoranda of Understanding (MOU) with Singtel, Check Point Software Technologies and FireEye to signal the parties’ commitment to work together on key areas of interest.

CSA will be working with Singtel to build up local capabilities and deliver advanced cyber security services. The partnership will also see CSA and Singtel collaborate on developing manpower through training and certification to meet increasing demand and on research and development to develop new cyber security solutions.

Additionally, Singtel has launched an Advanced Security Operations Centre (ASOC) in Singapore through its strategic partnership with FireEye. The ASOC monitors advanced cyber threats globally and helps customers overcome sophisticated malicious software attacks.

“A resilient cyber security ecosystem will help reinforce Singapore’s position as a key business hub for innovation while building the foundation of a safe and smart nation,” said Bill Chang, Chief Executive Officer, Singtel Group Enterprise.

CSA’s collaboration with cyber security vendor, Check Point, taps on Check Point’s expertise in developing industry leading security solutions. Under the MOU, the parties will focus on bringing advanced solutions to Singapore while growing local capabilities to provide these solutions. The parties will also collaborate on workforce development initiatives and in-depth technical training.

CSA will work with cyber security company, FireEye, to strengthen information sharing on cyber trends and cybercrimes, threats and indicators of compromise as well as jointly devise measures to enhance incident response.

CSA also signed a Memorandum of Intent (MOI) with CREST International and the Association of Information Security Professionals (AISP) to introduce CREST certification for penetration testers in Singapore. The certifications will serve as a competency baseline for practicing professionals and service providers. Under this MOI, the partners will join hands to set up a CREST Singapore Chapter next year.

CSA and the Infocomm Development Authority of Singapore (IDA) have established the Cyber Security Associates and Technologists Programme (CSAT) to train and up-skill ICT professionals to acquire practical skills for specialised job roles for Cyber Security Operations.

The programme is aimed at helping fresh and mid-career ICT individuals attain the necessary practical skills to better equip them for cyber security roles and positions. CSA and IDA will collaborate with industry partners for the training and up-skilling of ICT professionals.

“We are excited to be taking these strides forward with our partners to enhance Singapore’s cyber security capabilities as well as raise the quality of the industry and workforce,” said David Koh, Chief Executive, CSA. “These partnerships pave the way for us to work closely together on innovative solutions to strengthen our cyber security core. We look forward to establishing more of such consequential partnerships to achieve the vision of a secure smart nation for Singapore.”

YiSpecter threat shows iOS is now firmly on attackers’ agenda

YiSpecter Trojan abuses Apple’s iOS enterprise provisioning and private APIs to earn ad revenue. Avoid it by not installing apps from untrusted sources.

Until recently, iOS device users have had a relatively quiet ride on their mobile computing journey, particularly compared to their Android-owning counterparts. Apart from the odd threat popping up here and there, there’s not much to speak of in terms of major malware issues for iOS. But this status quo is starting to change.

This year, Symantec has seen an uptick in threats hitting the iOS platform. YiSpecter (IOS.Specter) is the latest piece of malware that continues the trend of increasing attacks against iOS devices. The malware is designed to target Chinese speakers and has affected East Asia, particularly China and Taiwan. We understand that the threat is being distributed through alternative app stores, hijacked internet service provider (ISP) traffic redirecting users to download YiSpecter, forum posts, and social media.

YiSpecter is a Trojan horse for both jailbroken and non-jailbroken iOS devices which is designed to perform a range of functions, but essentially provides the basis for a back door onto the compromised device and installs adware. The Trojan can allow an attacker to perform a range of functions such as uninstalling existing apps, downloading and installing new fraudulent apps, displaying advertising in other apps that are installed on the device, and much more.

Abusing enterprise certificates to target non-jailbroken devices
YiSpecter is an iOS threat that takes advantage of the enterprise app provisioning framework. In legitimate uses of the framework, businesses can avail of enterprise certificates to provide private apps to their own workforce without making them publicly available on the official App Store. Apps built and signed with the certificates do not need to be vetted by Apple before being distributed outside of the App Store. This gives the certificate owner more scope to develop apps with features that would otherwise be rejected by Apple.

The malware creator used iOS enterprise certificates to package and sign their threat. They could have gained access to the certs in a few ways:

• Registering with Apple as an enterprise, paying the necessary fees, and going through the vetting procedure
• Stealing the cert from an existing registered developer
• Partnering with a registered developer

Once YiSpecter’s creators have the enterprise certificate, they are in a position to create and distribute their apps to potentially any iOS device without further oversight from Apple. It should be noted that if Apple learns of the misuse of an enterprise certificate, the company could instantly revoke the cert and render the signed apps useless.

A common feature of enterprise-signed apps is that they can generally only be installed after the user accepts the request to trust the app or developer. From past experience, Symantec knows that asking the user whether they trust an app or developer is rarely an effective security measure but this is still a line of defense that needs to be crossed before the malware can be installed.

Invoking private APIs
YiSpecter can carry out a lot of advanced functionality because it uses Apple’s own private APIs to perform activities that standard iOS apps can’t. These APIs are designed to allow Apple’s apps to carry out a range of system-level actions. iOS developers are not supposed to use these APIs in their apps.

Any third-party apps that use these private APIs are rejected from inclusion on the Apple App Store. YiSpecter ignores the official App Store, instead relying on unofficial distribution channels to spread the malware. As a result, the threat can take advantage of the private APIs for its own purposes.

Potential copycats
The idea of invoking the private APIs in iOS is not a new idea, but it was not something that we had seen before in iOS malware. Similarly, the abuse of enterprise provisioning is a well-known problem dating back a number of years.

What YiSpecter has demonstrated is that when these two techniques are combined, the potential for misuse is high. Now that the combination of these techniques have been proven, we may yet see copycat threats in future.

Mitigation
iOS device owners are advised not to download and install apps from untrusted sources. Instead, they should only download apps from the official App Store or from their company’s own approved app library.

We would also recommend that iOS users should avoid jailbreaking their devices. This practice violates the terms of the iOS license agreement and puts the device at an increased risk of attack.

Users should ensure that the device’s operating system and software are up to date with latest patches.

Symantec has listed top tips on how to better secure your iOS device from attacks.

What you need to know about Stagefright 2.0

Additional issues have been found surrounding audio files and libstagefright, but Google's already
got a fix underway.

The past couple of months have been filled with a lot of uncertainty surrounding a series of issues popularly named Stagefright, a name earned because most of the issues found have to do with libstagefright in Android. The security firm Zimperium has published what they are calling Stagefright 2.0, with two new issues surrounding mp3 and mp4 files that could be manipulated to execute malicious code on your phone.

Here's what we know so far, and how to keep yourself safe.

What is Stagefright 2.0?
According to Zimperium, a pair of recently discovered vulnerabilities make it possible for an attacker to present an Android phone or tablet with a file that looks like an MP3 or MP4, so when the metadata for that file is previewed by the OS that file could execute malicious code. In the event of a Man in the Middle attack or a website built specifically for delivering these malformed files, this code could be executed without the user ever knowing.

Zimperium claims to have confirmed remote execution, and brought this to Google's attention on August 15. In response, Google assigned CVE-2015-3876 and CVE-2015-6602 to the pair of reported issues and started working on a fix.
Is my phone or tablet affected?

In one way or another, yes. CVE-2015-6602 refers to a vulnerability in libutils, and as Zimperium points out in their post announcing the discovery of this vulnerability it impacts every Android phone and tablet going back as far as Android 1.0. CVE-2015-3876 affects every Android 5.0 and higher phone or tablet, and could theoretically be delivered via website or man in the middle attack.

HOWEVER.

There are currently no public examples of this vulnerability ever having been used to exploit anything outside of lab conditions, and Zimperium is not planning to share the proof-of-concept exploit they used to demonstrate this issue to Google. While it's possible someone else could figure this exploit out before Google issues a patch, with the details behind this exploit still being kept private it's unlikely.

What is Google doing about this?
According to a statement from Google, the October Security Update addresses both of these vulnerabilities. These patches will be made in AOSP and will roll out to Nexus users starting October 5th. Eagle eyed readers might have noticed the Nexus 5X and Nexus 6P we looked at recently already had the October 5th update installed, so if you pre-ordered one of those phones your hardware will arrive patched against these vulnerabilities. Additional information on the patch will be in the Android Security Google Group on October 5th.

As for non-Nexus phones, Google provided the October Security Update to partners on September 10th, and has been working with OEMs and carriers to deliver the update as soon as possible. If you take a look at the list of devices patched in the last Stagefright exploit, you've got a reasonable picture of what hardware is being considered a priority in this process.
How do I stay safe until the patch arrives for my phone or tablet?

In the event that someone really is running around with a Stagefright 2.0 exploit and trying to infect Android users, which again is highly unlikely due to the lack of public details, the key to staying safe has everything to do with paying attention to where you're browsing and what you are connected to.

Avoid public networks when you can, rely on two-factor authentication whenever possible, and stay as far away from shady websites as you possibly can. Mostly, common sense web stuff for keeping yourself safe.

Is this the end of the world?
Not even a little bit. While all of the Stagefright vulnerabilities are indeed serious and need to be treated as such, communication between Zimperium and Google to ensure these issues are addressed as quickly as possible has been fantastic. Zimperium has rightly called attention to problems with Android, and Google has stepped in to fix. In a perfect world these vulnerabilities wouldn't exist, but they do and are being addressed quickly. Can't ask for much more than that, given the situation we're in.

Credits: www.androidcentral.com/what-you-need-know-about-stagefright-20

Stagefright 2.0: A billion Android devices could be compromised

Most Android users are, once again, in danger of having their devices compromised by simply previewing specially crafted MP3 or MP4 files.

Zimperium researchers, who were the ones who discovered easily exploitable remote code execution flaws in the Stagefright media library earlier this year, are also behind this latest discovery, which the dubbed Stagefright 2.0.

"The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright)," they explained in a blog post.

"Google assigned CVE-2015-6602 to vulnerability in libutils. We plan to share CVE information for the second vulnerability as soon as it is available."

It is estimated that currently around one billion of Android devices is affected by the flaw in libutils, but the libstagefright bug is present on around 20 percent of them.

The Stagefright media library is used by Android to process a number of popular media formats.

The vulnerabilities can't be triggered via MMS (as before), but can be via browser or a third-party app that uses the vulnerable library.

Google has, naturally, been notified of the problem, and they are already working on a patch. In the meantime, Zimperium researchers won't be releasing PoC code to the public for the foreseeable future, but they will share it with Zimperium Handset Alliance partners.

All this aside, the researchers are sure that this is not the end of vulnerabilities affecting this particular library. "As more and more researchers have explored various vulnerabilities that exist within the Stagefright library and associated libraries, we expect to see more vulnerabilities in the same area," they noted.

Zimperium customers are protected against attacks exploiting these newly revealed flaws, but the company has promised to update their Stagefright Detector app to detect this vulnerability as soon as Google comes up with a patch (it's scheduled for release next week).

Let's hope that some mobile device manufacturers keep their promises when it comes to shipping patches more quickly and on a regular basis

Singapore is top country worldwide for attacks by banking Trojans

Singapore ranks as the top country globally for Kaspersky Lab users being attacked by banking
Trojans in the second quarter of 2015, according to a study done recently by Kaspersky Lab.

496 Kaspersky Lab users in the city-state had sustained such attacks. In the second quarter of 2015, Kaspersky Lab solutions had deflected attempts to launch malware capable of stealing money via online banking on the computers of 755,642 users. This is a decrease in 18.7% compared to 735,428 in the previous quarter.

Switzerland, Brazil and Australia were next in line in the list of top countries respectively. Hong Kong emerged as the fifth country in the list and also as the only other country in the Asia Pacific region. The bottom ten of the list constituted New Zealand, South Africa, Lebanon and the United Arab Emirates respectively.          

“An A.T. Kearney and EFMA global retail banking study concluded that Singapore is the second country worldwide with the highest inclination for digital banking,” says Jimmy Fong, Channel Sales Director, Southeast Asia, Kaspersky Lab.

“The nation was also placed among the top three for banking capabilities, which included innovative technological developments, a robust financial environment and digital infrastructure. Local banks also fare impeccably well in terms of online banking systems, providing cutting edge features to complement ordinary online banking services. This paves the way towards equipping banks in Singapore for the next level of digital banking.”    

With the large number of technologically savvy consumers, high smartphone penetration rates and strong digital service adoption levels, Singapore is one of the Southeast Asian countries with the highest digital banking penetration rate, pegged at 94%.

Online banking in Singapore was also the second most utilised service platform after ATMs, more than conventional branch visits and telephone banking, as a study conducted by Bain & Company found.      

Kaspersky Lab security solutions had registered a total of 5,903,377 notifications of malicious activity by programmes designed to steal money via online access to bank accounts in Q2 2015.

The percentage of Kaspersky Lab product users who encountered this threat during the reporting period in the country were calculated among all product users in the country. This is to evaluate and compare the degree of risk of being infected by banking Trojans which user computers are exposed to worldwide. Only countries with more than 10,000 Kaspersky Lab product users were included in this study.      

“Cybercriminals are always looking for ways to access vital information that can be monetised, especially when it comes to online banking. Securing critical data that can cause financial loss is essential for both individuals and businesses," said Vitaly Kamluk, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab. “As the ease of banking becomes more convenient, it is vital that individuals follow best security practices when on the Internet, recognising that they represent a portal or doorway for numerous malicious agents to get into bigger networks and systems, to wreak havoc and cause significant damage for the business they are part of."

Scammers use Google AdWords, fake Windows BSOD to steal money from users

Faced with the infamous Windows Blue Screen of Death (BSOD), many unexperienced computer users' first reaction is panic. If that screen contains a toll free number ostensibly manned by Microsoft technicians who are there to help users overcome this problem, many are probably tempted to pick up the phone.

It is this reaction that cyber crooks are counting on. But how to make this fake screen appear on the user's computer?

According to Malwarebytes' researcher Jerome Segura, the latest scheme of this kind was detected only days ago. The crooks have been using Google's AdWords to make links to malicious pages appear at the top of the Google Search page when user searched for "youtube".

Even though the ads seemed legit at first glance, they would lead users to the fake BSOD screen (click on the screenshot to enlarge it):

Users who fell for the scheme and called the toll-free "helpline" to resolve the issue were, unbeknownst to them, talking to the scammers, who tried to get them to pay between $199 to $599 for "support packages". And, if they were particularly gullible, they were asked to share personal and bank account information.

"The BSOD is a popular theme as of late and an effective way to display bogus but legitimate error codes that would trouble many internet users," says Segura, and points out that "the best defense against tech support scams (in all their forms) is awareness."