Ads 468x60px

freak2code is the blog about latest geek news,software reviews ,trends in technology and more informative stuff......

Thursday, 30 August 2012

Samsung debuts the Galaxy Note's even bigger little brother


Samsung debuts the Galaxy Note's even bigger little brother


If you loved the original Galaxy Note, you're going to love this even more -- Samsung's new Galaxy Note II, which was announced at IFA in Germany today. It is packing even more processing power than the mightySamsung Galaxy S III and it brings some beans along with it...
The Samsung Galaxy Note II will ship with Android 4.1 Jelly Bean and Samsung's TouchWiz UX out of the box. A 5.5-inch 720p Super AMOLED display sporting a 1280x720 resolution dominates the front of the new smartphone. It is packing a 1.6 GHz quad-core processor and 2GB of RAM. It comes with a 1.9 megapixel front-facing camera while on the back there is an 8 megapixel camera with LED flash. Bluetooth 4.0, USB 2.0, Wi-Fi 802.11 a/b/g/n, Wi-Fi Direct, MHL and NFC take care of connectivity with A-GPS and Glonass support added as well. The usual array of sensors including an accelerometer and digital compass are included along with a 3,100mAh battery that powers the device. It comes in 16/32/64GB versions while a microSD card slot will accommodate up to 64GB of additional storage.
One of the most noteworthy features of the new Galaxy Note II is that 4G LTE support is no longer tied to a dual-core processor like the U.S. Galaxy S III. Instead, it follows the model of the Korean Galaxy S III that comes with LTE and an Exynos quad-core CPU; this will undoubtedly be good news for Galaxy Note fans in LTE markets. 4G LTE comes with 42 Mbps downlink and 5.76 Mbps uplink while the HSPA+ version will have to make due with speeds that are only half of that.
The S-Pen makes an appearance again along with the optimized features like S Planner and S Pen Keeper (which is really just a pompous way to name its stylus holder). Galaxy S III features make an appearance as well with the likes of the Smart Stay, S Beam and Direct Call, but thankfully Samsung has ditched S Voice and instead relies on Google Now to take care of voice commands.
To befriend the enterprise sector, Samsung lists the following solutions as available "upon request": Microsoft Exchange ActiveSync, CCX, MDM (Afaria, Good, MobileIron, SOTI, Sybase), hardware on device encryption, VPN (Cisco, F5, Juniper) and VMware MVP.

The Galaxy Note II comes with a bigger display than its older brother that will unlikely be of any concern since at 151.1x80.5x9.4mm and 180 grams it's similar in dimensions and weight to the older model. But that's as far as the comparisons go, because the new processor is faster, it packs double the RAM, and it comes with Android 4.1 Jelly Bean that is already fast on the Galaxy Nexus. Even if I don't seem like a fan, I am duly impressed by the Samsung Galaxy Note II.

Why we love Steve Jobs


Why we love Steve Jobs

In about six weeks, the InterWebs will flood with posts commemorating a tech visionary's passing. Steve Jobs died on Oct. 5, 2011. A year ago last week, he stepped down as Apple's CEO. Jobs is a colorful, iconic, flawed figure, who stands before us something more than mere mortal. That's because his public life has a literary quality that cuts to the core of our humanity.
I got to thinking more about this today following a discussion with colleague Tim Conneally and questions answered for a CNN reporter about Microsoft (apologies to him, I removed those sentences and use them here). I asked Tim today: "Why is Steve Jobs so endearing? Redemption. What's that term in fiction about the hero's journey? Steve Jobs followed the path in real life". There's something Shakespearean, too -- the fatal flaw that humbles greatness. Mixed together, his story should be a great fictional work. But it's better and haunting being real life.
Salvation Story
Redemption is one of the most common fictional themes, and it is pervasive in American cinema. There are so many examples, I hardly can cite them. To name a few: CasablancaGladiatorHoosiersIn the Line of FireIt's a Wonderful LifeStar Wars I-VITender MerciesThe Dark Night RisesThe Natural and The Verdict. A hero falls from grace and gets a second chance to right past mistakes. This is Jobs' journey, from the founding of Apple to his ouster soon after the tech-transforming Macintosh launches to his exile at NeXT to his return to Apple and the company's rise from rubble to riches.
Apple neared bankruptcy when Jobs returned in late 1996, with the purchase of NeXT. By summer 1997, he stood before the Mac faithful as interim CEO and began the tough task of rebuilding Apple. For example: killing off products and ending the clone program that allowed third parties to build computers running the company's flagship operating system. Then Apple's reinvention started -- in 1998 with iMac's release, which set off a wave of translucent-designed products. In 2000, Jobs introduced the ill-fated G4 Cube, which flopped, leading Apple to overstock inventory, to announce a profit warning and to watch the share price collapse overnight.
But in the midst of adversity, Jobs persevered. The path to redemption isn't easy in fiction, and no less so in real life. In one year, 2001, Apple launched iTunes, Mac OS X and iPod, while also opening its first retail stores. From there followed a nearly continuous line of successful products, culminating in iPad 18 months before Jobs' death.
At critical junctures Jobs and Apple took great risks:
  • Launching architecturally-changed Mac OS X months before Windows XP.
  • Opening retail stores during a recession and while rival Gateway shuttered hundreds.
  • Releasing a MP3 player into a category where Apple had no expertise or design experience.
  • Debuting an online music store when CDs ruled the world and record companies resisted the concept.
  • Killing off iPod mini at the height of its popularity and replacing it with the diminutive iPod nano.
  • Developing and releasing a smartphone, on a single carrier, into a category with entrenched leaders like Nokia.
  • Defying pundits (I was one of them) and with iPad moving into the tablet category, where Microsoft, Sony and others had failed.
There are no rewards without risks, and no redemption either. We love our fallen heroes, who succeed at second chances. As such, Jobs' story endears.
Hero's Journey
But Jobs' story is more than the path of the fallen to redemption. His is another literary concept -- the classical hero's journey, or monomyth, as described by Joseph Campbell. The hero follows a fairly well-defined path that in the broadest description has three parts: separation, initiation and return. In modern literature, Harry Potter is perhaps the most well-known example of the hero's journey. He begins life in a magical family, but his parents are killed, leading him to live with aunt and uncle. At 11, Potter learns he is a wizard and follows a path of training, hardship and mistakes that leads him to fulfill his destiny battling and defeating Lord Voldemort. But Potter doesn't act alone, assisted by Hermione Granger, Neville Longbottom and Ron Weasley, for example.
Star Wars is another hero's journey, and yet redemption story, too. Luke Skywalker's parents are killed (or so he's told), leading him to live with aunt and uncle. He is called (and first refuses) to go with Obi-Wan Kenobi to study the ways of the Force. Like Potter, Skywalker walks a path of training, hardship and mistakes (he fights Darth Vader too soon), developing mystical/magical abilities along the way. But Skywalker doesn't act alone, assisted by Princess Lea, Han Solo and the Rebellion, for example.
The redemption story is another's -- the elder Skywalker's fall from being the prophesied "chosen one" to Darth Vader to later repentance and restoration after killing the evil emperor.
There's a real-life Hero's Journey quality to Jobs' life -- raised by adoptive parents, mentored by Steve Wozniak and set out on the journey founding Apple. But after being cast out, Jobs built NeXT and created Pixar (from the graphics company acquired from Lucasfilm). During the journey, and hardship, Jobs developed skills running two companies -- and seemingly magical good sense -- that he brought back to Apple. There Jobs vanquished not one but many adversaries, with Microsoft being the one mattering most to many long-time Mac users. But Jobs didn't act alone, assisted by Tim Cook, Scott Forstall and Jony Ive, for example.
Jobs' tale is more tragic, for obvious reasons, which in some ways makes his journey and legacy all the more endearing (and sad, too).
My point: There's something innately appealing -- and universal -- about the monomyth and redemption stories. Jobs' life imbues qualities of both. Then there is inarguable success. Who cannot stand in awe, denying it? Apple is the world's largest company, as measured by market capitalization -- a rubble to riches story in just 14 years, counting from when Jobs returned (at first) as interim CEO until he stepped down as chief executive because of ill-health.

Crisis malware threatens the virtualized environments


Crisis malware threatens the virtualized environments

This is an hot summer under the malware perspective, we have spoken of new malware for cyber espionage and of new fraud schemas based on malicious software diffusion.
Many experts use to avoid malware diffusion making risky navigation and operations in a Virtual environment, a paradigm that is having a great diffusion in the last year also in every computer center due the great savings in terms of resources.
Today the many laboratory are totally based on virtualized machines, that is the miracle of last months that makes everybody happy … but what about their security? Are these environments really safe?
In this days is circulating on the web the news that a Windows version of the Crisis malware is able to infect VMware virtual machines.
The malware detect a VMware virtual machine image on the compromised hosts and it is able to mount it copying itself onto the image by using a VMware Player tool.
What is important is to clarify that the malware doesn’t exploit any vulnerability in the virtualization engine but uses the mechanism of storage as local files that could be manipulated by malicious applications.
Why we have no news in the past of infected virtual machines?
In many cases the malware designers implement a feature that make them inactive when the host is a virtual machine to avoid to be discovered and analyzed.
Takashi Katsuki of Symantec firm has explained on his blog post:
“Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.
It also has the functionality to spread to Windows Mobile devices by dropping modules onto Windows Mobile devices connected to compromised Windows computers”
Crisis malware is an agent used to spy on victims intercepting every his communication, it is able to open a backdoor on the infected host once the user execute a Java archive (JAR) file made to look like an Adobe Flash Installer.
The malware has been developed for several OSs, last month a Mac version has been isolated.
The malware has a long history, one of the oldest version has been detected during the Arab Spring when it was spread to spy on journalists, the last usage discovery is the demonstration that it has been also adopted by groups of criminals with the intent to steal banking credentials.
Lysa Myers from Intego’s Mac Security Blog clarified that the malware could infect a virtual machine only once executed on infected host, outside of a virtual machine,  it’s not possible to infect any image of a virtual environment without compromising first the pc.
This characteristic makes the trojan harder to detect especially in absence of security protection on virtualized environment.
Resuming we have a malware that is able to infect four different environments such as Mac, Windows, virtual machines, and Windows Mobile and that represents an innovation for the way it spreads and for the targets it attacks … we must not underestimate it!
Pierluigi Paganini
This is an hot summer under the malware perspective, we have spoken of new malware for cyber espionage and of new fraud schemas based on malicious software diffusion.
Many experts use to avoid malware diffusion making risky navigation and operations in a Virtual environment, a paradigm that is having a great diffusion in the last year also in every computer center due the great savings in terms of resources.
Today the many laboratory are totally based on virtualized machines, that is the miracle of last months that makes everybody happy … but what about their security? Are these environments really safe?
In this days is circulating on the web the news that a Windows version of the Crisis malware is able to infect VMware virtual machines.
The malware detect a VMware virtual machine image on the compromised hosts and it is able to mount it copying itself onto the image by using a VMware Player tool.
What is important is to clarify that the malware doesn’t exploit any vulnerability in the virtualization engine but uses the mechanism of storage as local files that could be manipulated by malicious applications.
Why we have no news in the past of infected virtual machines?
In many cases the malware designers implement a feature that make them inactive when the host is a virtual machine to avoid to be discovered and analyzed.
Takashi Katsuki of Symantec firm has explained on his blog post:
“Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.
It also has the functionality to spread to Windows Mobile devices by dropping modules onto Windows Mobile devices connected to compromised Windows computers”
Crisis malware is an agent used to spy on victims intercepting every his communication, it is able to open a backdoor on the infected host once the user execute a Java archive (JAR) file made to look like an Adobe Flash Installer.
The malware has been developed for several OSs, last month a Mac version has been isolated.
The malware has a long history, one of the oldest version has been detected during the Arab Spring when it was spread to spy on journalists, the last usage discovery is the demonstration that it has been also adopted by groups of criminals with the intent to steal banking credentials.
Lysa Myers from Intego’s Mac Security Blog clarified that the malware could infect a virtual machine only once executed on infected host, outside of a virtual machine,  it’s not possible to infect any image of a virtual environment without compromising first the pc.
This characteristic makes the trojan harder to detect especially in absence of security protection on virtualized environment.
Resuming we have a malware that is able to infect four different environments such as Mac, Windows, virtual machines, and Windows Mobile and that represents an innovation for the way it spreads and for the targets it attacks … we must not underestimate it!

Malware, a cyber threat increasingly difficult to contain


Malware, a cyber threat increasingly difficult to contain

Article published on Hakin9 IT Security Magazine – August 2012
When we speak about malware we introduce one of the worst cyber threat that daily evolve with the capacity to hit every sector without distinction. The world “malware” is really generic, we refer in fact a heterogeneous family of malicious software designed with the purpose to disrupt computer operation, gather sensitive information, or gain unauthorized access to victims systems with very different scopes.
Sample of malware type are computer viruses, worms, trojan, spywareramsonware, adware and rootkits, each of them characterized by an unprecedented growth linked to rapidly changing of the technological context supported by the increased use of internet and the explosion of mobile services.
The large extension of network like internet and the impressive diffusion of social networks have advantaged the spread of malicious software, it is to be considered a natural process, to give an idea of what we have observed in the recent years consider that in the last couple of years the release rate of malicious code and of other unwanted programs was greater of the one related to previous 20 years, it’s amazing!
The malware analysis is became an essential component of the security sector, security firms have introduced specific sentinel over the main networks to gather information on every suspect activities that could threaten systems security.
The work is really hard because the malware today have reached a level of sophistication really high, in many cases for their development are engaged teams of experts that work for elude of the principal alerting system, and unfortunately it is happened that some virus or trojan have been discovered years later their diffusion with serious consequences.
How does work the global detection network for malware analysis?
The principal security firms have deployed on the networks thousands of probes used to analyze the traffic and not only, billions email messages and Web requests are processed daily in dedicated data centers, the gathered information are put in relation with data acquired through an antifraud community of enterprises, law enforcement advisor and consumers feedback, only in this way it is possible to detect incoming cyber threat just in time. When user download it’s last antivirus update or anti-rootkit tool he must be aware of the great works that experts do every day without interruption, because malware don’t’ know holidays.
A very interesting part of the precious works done could be appreciated reading the periodical reports that company provides, a precious sources that inform on the incoming threat and related risks. All the data proposed by different analysis of the phenomenon demonstrate a sensible increase of malware diffusion despite the awareness of the cyber threat and the counter measures implemented by private and government entities.
According the data provided by Kindsight Security, the a majority-owned subsidiary of Alcatel-Lucent, around 14 percent of home networks were infected with malware in the period between  April and June 2012.
Figure 1 – Kindsight Security Report – Percentage of home network infected Q2 2012
One of the main vector to spread the malicious agents is still the email, unsuspecting users are daily hijacked on infected website that compromise their machines with various type of malware.
According the proposed statistics 9 percent of residential households were infected by high-threat malware, such as a botnet, rootkit, or a banking Trojan, meanwhile approximately 6 percent were infected with moderate-threat malware such as spyware, browser hijackers, and adware.
Of course in many cases user’s machine is compromised by several malware.
The report dedicates a specific session to the botnets and in particular to ZeroAccess botnet which grew to over 1.2 million nodes over the second quarter, a figure that could give an idea on the rapidity of the infection diffusion of these agents.
Another primary source of information on the evolution of malware, and more in general of any cyber threat diffusion, related the fights against malware diffusion are the reports and bulletins provided by security firm Symantec. In the last issue of Symantec “Internet Security Threat Report” has been reported an increase respect last year result of a surge in polymorphic malware attacks, particularly from those found in Web attack kits and socially engineered attacks using email-borne malware.
The report giver great emphasis to the increasing of the number of zero day vulnerabilities exploited with a rate of 8 new vulnerabilities per day. Zero-day vulnerabilities represent a serious problem for system security, they are unknown and represents privileged way to avoid security defense of any type of architecture.
Particularly efficient are malicious agent that exploit zero-day vulnerabilities because they could operate being detected also for a long period.  According the Symantec data it has been registered an increase of unique variants of malware 140% respect 2010, passing from 286 million of variants to 403 million that confirm the worrying trend.

Malware impact on private and government sectors

We can surely note that malware impact any sector of today society, there is no differences between private business and government affairs, both are very vulnerable to cyber attacks conducted using malicious agents. What is changed in the last couple of years is the awareness that this cyber threat could be used also in military sector. In the last years we have read a lot on the concept of cyber weapon, powerful malware that are used in covert military operation, to compromise enemy’s system.
The possibility to exploit enemy system using a malicious source code is considerable an old idea on which many states have made great investments, but only recently with the massive introduction of technology in everything surround us and the large diffusion of networked systems have made practicable the offensive.
The Stuxnet case has demonstrated how much powerful could be a cyber weapon and how high is the interest of the governments in the design and development of a malware that is able to interfere with the processes of a critical infrastructure such as a nuclear plant or a telecommunication system.
In a government and military sectors the use of malware is increased in a sensible way, after Stuxnet security company have detected other dangerous instances of malware, Duqu, Flame and Mahdi, malicious agent technologically advanced that have been developed with state sponsored project and that mainly have offensive and cyber espionage purposes.
Why a government is interested in the development of a malware for offensive purposes?
  • First, the disclosure of such agents is silenced for the nature of the vulnerabilities that are exploited. The study of new zero-day vulnerability provides a real advantage to those who attack and the related risks of failure of operations is minimal. We consider that attacks perpetrated in this way, because of the anonymous nature of the offense, allow you to circumvent the approval by the world community to a military offensive.
  • The costs involved in developing solutions such as that at issue are relatively low compared to other conventional weapons.
  • The choice of cyber weapon allows those who use the solution to remain anonymous until military strategies deem it appropriate. The main strategies that use of such malware are mainly aimed at:
    • Probing the technological capabilities of the enemy. The ability of an agent to infect enemy structures is symptomatic of inadequate cyber defense strategy that may suggest additional military options.
    • Undermine those that are considered critical structures whose operation depends on the opponent’s vital functions of the governmental structure of a country.
    • No doubt regarding the efficacy of these weapons. Events have proved that they are offensive weapons designed with the intent to infect opposing structures. The cyber weapons can be designed to hit specific targets while minimizing the noise related the usage of the weapon that can result in causing the discovery. The vector of infection can be of various kinds, such as a common USB support, being able to hit a very large number of targets in a small time interval.
    • Another significant factor is the ability to predict and to observe the development of a cyber weapon by agencies intelligence. In a classical context the development of a conventional weapon can be easily identified through intelligence operations on the ground and via satellite observations can be easily identified a garrison used to develop military systems. The development of a cyber weapon is rather difficult to locate and thus hinder , even a private home may be suitable for the purpose.
As we have seen the use of malware is becoming very frequent in cyber attacks and cyber espionage campaign but the most evident impact of malware diffusion is without doubt registered in private sectors.
Large organizations register every year billions of dollars of loss related cyber attacks operated using malware, data leaks represents for the businesses one of the primary concerns. Malware could infect computer and entire networks causing serious damage to the productive level of the company. A malware infection could cause the loss of intellectual property or company secrets that could compromise the existence of the business, a malware could also infect production control systems with serious repercussion.
Small business is in my opinion the sector most exposed, small companies due the global crisis have made cost cutting also on security perspective opening the door in many cases to malware and other cyber threat. Lack of resources, reduced budgets and low awareness on cyber threat represents the key factors of a worrying scenario.

Malware diffusion

Security experts have identified various schemes for malware diffusion, of course the mail channel is represented by internet, let’s think to millions of unaware users that daily are infecting simply visiting a compromised web site. The categories of web sites mainly impacted by this type of attack are Blogs & Web communications, Hosting/Personal hosted sites, Business/Economy, Shopping and Education & Reference.
One of the of the most subtle and effective mode of infection is the “Drive-by attacks”, internet users are infected just visiting a compromised website, victims are hijacked on infected websites with very common attack techniques such as ‘clickjacking’ or ‘likejacking’ that deceives the users inducing them to watch a video or simply expressing its pleasure regarding a specific topic using “I like” function.
But the way of malware diffusion are infinite, let’s think to the diffusion on internet of exploit toolkits which allow creation new malware without specific  technical capabilities, this peculiarity has facilitated the rapid adoption and diffusion of the attack kits in the criminal world that have intercepted the growing demand in a millionaire business, a phenomenon that continues in its inexorable rise.
The principal channel to spread malware is, according the different security firms, the email. During the last year the number of malicious email is increased targeting mainly large company but also governments and no profit organizations. The infection schema very simple, malicious emails contain infected file as attachment that exploit a vulnerability in the target system, in many targeted attacks to circumvent the user the content of the mail appears legitimate and try to catch the attention of the victim.
In alternative way the email could contains a reference to a compromised web site that host malware able to infect user’s machine.
Using a similar schema for example in Syria and in Tibet governments have spread agents to political persecute opponents tracing their activities and take the remote control of their machine to steal documents and precious information.
But malware could also be diffused through the social networks platforms, they represents digital squares where millions of users exchange videos, images and links, an ideal scenario for the diffusion of malicious code. During the last year with the impressive growth of social network we have also observed the increase of the number of malware propagated using the popular social platforms. Millions of user always connected and with low awareness on the cyber threats are ideal victims for cybercrime that once again uses malware to exploit user’s vulnerabilities. In the social networking the fundamental factor is use of social engineering techniques to circumvent users that most often are redirected on compromised web sites through the sharing of “malicious hyperlink”.

Due the importance of social networks, mine of information, they represent a privileged target for cyber criminals that intend implements new fraud schema and governments that try to spread malware with cyber espionage purpose. Recently the experts of Trusteer firm have discovered a new variant Zeus malware responsible for a series of attacks against principal internet service providers. The variant carried out attacks using the P2P network architecture targeting users of Facebook, Hotmail and Yahoo and Google Mail. Zeus Trojan is born as an agent able to steal banking information by logging keystrokes and form grabbing, it is spread mainly through phishing and drive-by downloads schemes.
The malware variant that hit Facebook uses a web injection mechanism to propose to the victims a special price reduced of 20% for purchases made with Visa or MasterCard debit card using their Facebook account. The scam promises in fact that after registering debit card information, the victim will earn cash back when they purchase Facebook points. Of course to the user is proposed a form for the registration of debit card info that is equivalent to a legitimate one also in term of proposed layout

Who is responsible for malware diffusion?

Use of malware is really frequent for different purposes, cybercrime, cyber warfare, hacktivism,  governments monitoring and surveillance.
The criminal organizations are very active in the development and diffusion of malware, is known that this kind of crime is very profitable and often go unpunished due lack in current regulation in many country of the world. Criminal gangs have discovered how much lucrative is the cybercrime and how reduced are the possibility to be legally pursued. Computer crime by its nature has placed in the cyberspace with direct effects on the real world, but due this characteristic, its persecution is virtually impossible for the absence of globally shared regulations against this type of illicit.
Main use of malware made by cyber criminals are Malware could be used in different fraud patterns, mainly their use is to steal user sensible information like banking credentials. The diffusion could happen through several channels like social networking, mail spamming, visiting infecting host or hijacking web navigation. The common factor is the identity theft of the user for fraudulent activity. During the last weeks we have assisted to the rapid diffusion of new generations of Ransomware demonstrating that the use of malware could be adapted for different model of cybercrimes.
Ransomware is a type of malware which restricts access to the computer resources of the victim demanding the payment of a ransom for the removal of the restrictions. To prevent the access to the resources the malware encrypt files of infected machine.
Cybercrime is not only the sector that adopts malware for its purposes, one of the most interesting usage is related to cyber warfare.  Borrowing definition of “cyber weapon” provided by security experts Thomas Rid and Peter McBurney :
“a computer code that is used, or designed to be used, with the aim of threatening or causing physical, functional, or mental harm to structures, systems, or living beings“
we can immediately think to the effect of a computer malware targeted against a strategic objective such as a critical infrastructure.
Over the years many cyber weapons have been identified as described the most famous of which is the virus Stuxnet, for its development is common opinion that has been involved, by US and Israel Governments, a pool of high specialists. The reality is more complex, the future for malware in cyber warfare scenario is made of dedicated platform used to create multiform and modular agent that could target specific objectives simply including new components. We are facing with open projects that evolve with the need and in function with specific targets present new offensive features.
Kaspersky’s director of global research & analysis, Costin Raiu, discovered with his team the existence of a common platform to build the malwares Duqu and Stuxnet, that they named “Tilded platform” because many of the files in agents have names beginning with the tilde symbol “~” and the letter “d.””. What is really interesting is that the researcher is convinced that the same framework has been also used to create at least three other pieces of malware confirming the existence of a “factory” platform that Costin Raiu defined using the following statement:
“It’s like a Lego set. You can assemble the components into anything: a robot or a house or a tank,”
But malware could be also the next option of group of hacktivist such as Anonymous. During the last couple of years we have witnessed the escalation of operations conducted by the Anonymous group, the hacker group that is expressing a social dissent through cyber attacks.
Is common conviction that the group use only DDoS attacks for its operations, but the collective is changing and some security experts believe that they are also exploring other options such as malware deployment.  The purposes of malware usage maybe be different, malicious software could be used to attack strategic objectives with targeted campaign and also to conduct cyber espionage operations. Also DDoS attacks could be automated infecting machines of the victims or simply hosting a malware on a website that redirect the attacks against the chosen targets.
Another regrettable usage of malware is monitoring and controlling, typically implemented by governments and intelligence agencies. In most cases virus and trojan have been used to infect computer used to attack dissident, opponents and political oppositions. The purpose is to track their operation on the web, gather sensible information and localize them. In many cases the use of malware has made possible the capture of the victims and their ruthless suppression.
During the Syrian repression the government has discovered that dissidents were using program such as Skype to communicate, so it has used the same channel to spread the backdoor “Xtreme RAT”, a malware that belong to the Remote Access Tool category really simple to retrieve on line at a low price (Full version Price: €100 EUR).

Cyber espionage malware, a global nightmare

Malware once were used primarily to destroy the victim’s PC, but the scenario has completely changed today.
We have seen that cyber criminals, governments, and groups of hacktivists, with different purposes, tend to lean toward the spread of malicious agents that have the capacity to infiltrate the targets be silently stealing from them the most information. Profit, Power, Protest the main motivations behind the attacks, that are radically changing user’s approach to the web and the their perception of security.
We usually blame China but recent events have shown that it is common practice to use malware with these purposes, but China is not the only nations involved in similar attacks, let’s consider for example United States and researches to develop cyber weapon that are able to infiltrate sensitive networks to steal information. The project Olympic Games is the evidence of the effort spent in this new form of offense, and other valid examples of malware used with cyber espionage purpose are Duqu and Flame both developed to gather sensible information from Iranian Government.
A recent study on cyber-espionage has demonstrated that more than 200 families of malware have been designed and used to spy on government and corporate representatives.
We have assisted to the diffusion of new agents that works in botnet architectures, in similar way to the ones used by cybercrime for massive attacks, but that are specifically developed for selected targets that resulting to have a minor dimension.
The study reveals that more than 1,100 domain were used in the attacks, in particular the experts have traced the botnet used analyzing the traffic produced, the Sinkholing, a consolidated technique used by many security firms,
Sinkholing is a technique that researchers use to redirect the identification of the malicious C&C server to their own analysis server. With this methods researcher design a map of the botnet and of the control center identifying the type and numbers of final attacks.
Attacks have the primary intent to steal classified information from government agencies or trade secrets from corporations and the situation could be extremely dangerous for the economy of a company and of the overall country.
With similar attacks governments and business try to reduce the technological gap with their competitors, it’s clear how much diffused is the phenomenon.
The cybercrime is not watching, it has increased focus in targeting individuals and organizations of all sizes to steal financial information, in particular under pressure has made the small businesses too vulnerable to cyber attacks.
The Trend Micro has reported a sensible increase of focused attacks respect previous quarter (27%), around  142 million threats which were blocked from infecting small businesses but also large companies have been hit by the crime as happened for the IXSHE campaign.
Cyber espionage represents a serious cyber threat, and government agencies are defining best practices to reduce the risk of exposure to the attacks.
NIST has recently released the public comment release of Draft Special Publication 800-83 (SP) Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops.
Malware is considered the most common external threat to most hosts, causing widespread damage and disruption and necessitating extensive recovery efforts within most organizations.
This publication provides recommendations for improving an organization’s malware incident prevention measures. It also gives extensive recommendations for enhancing an organization’s existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones.

Which future for malware?
The data collected on the malware diffusion let us think that new sophisticated agents will be developed in the short term, most of them able to exploit also 0-days vulnerabilities.
We must expect that governments and intelligence agencies will make large use of malicious computer program to infiltrate enemy network and steal sensible information, we are in the cyber era and this is the new way to fight. The conflict are moving from the ordinary world in the cyber space, new powerful cyber weapon could be designed to attacks critical infrastructure and left in the wild to spread it self-making serious damages.
One of the most critical aspect in fact is the ability of malware developer to follow the evolution of their creation, there is the concrete risk that virus and rootkit are reverse engineered to create new aggressive agent that could be freely sold to best bidder.
Another trend that create great concern is related to the botnet diffusion and evolution, the traditional techniques used to detect and decapitate the malicious structure are becoming obsolete due the introduction of new sophisticated structure. Let’s think to P2P botnet or to botnet that doesn’t need the traditional presence of Command and Control server, characteristic that make hard their detection.
Factors like the massive diffusion of mobile devices and the integration of new services, such as banking and communication, in social networking platform are creating the right condition for the diffusion of malicious cyber threats. Consider also the increasing attention of ordinary crime in cyber fraud, a business relatively secure that will attract capitals in cybercrime areas, new groups of hackers and specialist could sell their services to the crime with unpredictable consequences.
To give an idea on how much attractive is the mobile technology for malware developer let’s give a look to the Mobile Threat Report released by security firms F-Secure that warns of a dramatic increase in malware targeting mobile devices, especially Androind OS based. The following table reports interesting statistics on mobile threats discovered between 2004 and 2011, showing an impressive growth grouped by malware type.
Figure 2 – F-Secure – Mobile Threat Report
According the report “In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new families and variants discovered in Q1 2012 alone,” the report states.”

Conclusions

All this data show a situation can only worsen in the next future, to mitigate the risks related to malware diffusion it’s necessary to increase the level of awareness especially for those sectors more exposed such as mobile and social networking.

DDoS attacks, so simple so dangerous


DDoS attacks, so simple so dangerous

Article Published on DDoS Attacks PT Extra 05_2012
The article proposes an analysis of DDoS attacks, explaining how the offensive technique is used in several contexts to hit strategic targets for different purposes. The discussion is supported with the statistics provided by the principal security firms that provide solutions to protect infrastructures from this kind of attacks. The article also include a specific part on the new factors that could support DDoS attacks such as the introduction of IPv6 protocol and the diffusion of mobile platforms.

Introduction

Let’s introduce one of the most diffused type of cyber attacks that represents a great concern for governments and institutions, the DDoS (Distributed Denial of Service). The attack is conducted with the intent to make a network resources unavailable and usually involve a large number of machines that target the same objective interrupting or suspending the services it provides. The principle on which the attack method is based is the saturation of the resources available to the targets that are flooded by legitimated traffic that are not able to process. The consuming of the resources of final target may usually causes the slowdown in services provided or even complete blockage of the same. It must be clear that Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, an ethic manifesto for internet use. The IAB is the committee charged with oversight of the technical and engineering development of the Internet by the Internet Society (ISOC). DDoS attacks is commonly considered a cyber crime by governments all around the world, they constitute violations of the laws of individual countries, but despite this global acceptance is still very difficult to be pursued due the different legislation and territorial jurisdictions.

The raise of DDoS attacks

Despite it is relative ease organize a DDoS attack, it still represents one of the most feared offensive forms for its ability to interfere with the services provided, DDoS attacks are so widely used by hackers and hacktivists, but also represent a viable military options in the event of a cyber attack against critical enemy structures. According “Worldwide Infrastructure Security Report” published by Arbor Networks, a leading provider of network security and management solutions, Ideologically-Motivated ‘Hacktivism’ and Vandalism Are the Most Readily-Identified DDoS. Arbor Networks has provided evidence that in 2011 behind the majority of DDoS attacks there were group of hacktivists that have involved critical masses in the manifestation of their dissent, 35% reported political or ideological attack motivation meanwhile 31% reported nihilism or vandalism as attack motivation. Today is possible to retrieve tool for DDoS attacks freely such as the famous “low orbit ion cannon” (LOIC), and it’s equally simple rent a botnet with a few tens of dollars, this factor have transformed the DDoS attacks in one of the most dangerous cyber threat. We are facing with crime industry that is arranging specific services to rent ad hoc network used to amplify attacks, a phenomenon in constant growth. We have also consider that the attacks are becoming daily more sophisticated addressing various level of network stack and often in multilayered offensive.
A great contribution to the raise of number of DDoS attacks is given also by the diffusion of malware agents, it is the case of a newer version of the Russkill bot also also known as Dirt Jumper, responsible for a many attacks. Iit seems that the author of the malware has released another DDoS toolkit that has similar structure and functionalities, named Pandora, that will give a sensible contribute in term of cyber attacks. The increase of the attacks is also motivated by a couple of other factor, the diffusion of mobile devices and also the introduction of IPv6 protocol. One of the IT sector that is interested by the major growth is without doubt the mobile, an increasing number of platforms and related application has been developed in the last mouth consolidating the trend. Of course with growth has been observed a sensible increasing of cyber attacks on the mobile sector, today still vulnerable on the security perspective. To an impressive growth in the demand is not corresponded the awareness of the threat, the user ignores most of the time the potential of its smartphone and threats which it is exposed. Mobile botnet is a botnet that targets mobile devices such as smartphones, attempting to gain complete control of them. Mobile botnets take advantage of unpatched exploits to provide hackers with root permissions over the compromised mobile device, enabling hackers to send e-mail or text messages, make phone calls, spy on users, access contacts and photos, and more. The main problem is that botnets go undetected and this make really difficult to tackle. The malware spread themself sending the agents to other devices via e-mail messages or text messages. But cyber threat related to mobile devices is not also related to a malware infection, due the difficult to track the origin of attacks in many cases these platform are used to launch attacks in deliberate way, it’s the case for example of a user that decide to participate to a DDoS attacks downloading a specific toolto flood with traffic the final target. As anticipated another meaningful phenomenon is the introduction of IPv6 protocol, the switchover from the protocol IPv4, to IPv6 will create vast numbers of new internet addresses that could be used to orange a DDoS attacks. Despite this kind of incidents are relatively rare, the introduction of the new protocol represents an attractive opportunity for cyber criminals that intend to move a DDoS attack, let’s consider that the first attacks based on IPv6 addresses have been already discovered.

DDoS Statistics

A DDoS attack represents a nightmare for all those all companies that provide web services that could be blocked by similar offensive, let’s imagine the effect of a DDoS against a financial institution or against an e-commerce site of a great on-line store … no doubt the event is synonymous of loss of money. The cyber threat has no boundaries and has hit all the sector of industry such as financial services, e-Commerce, SaaS, payment processing, travel/hospitality and gaming. We learned that a DDoS attack could use different platforms and interesting several infrastructure layers, the detected events have mostly impacted Layer 3 and Layer 4. The Prolexis reports describes the phenomenon as a return to the past, when these layers were the most impacted and the attacks interested principally bandwidth capacity and routing infrastructure. But many company have been hit by multi-vector DDoS attacks, a trend that is increased in the last months and that is the evidence of a significant escalation made by attackers, according Arbor firms around 27% of its customers have experienced the combination of offensive. Infrastructure attacks accounted for 81% of total attacks during the quarter with application layer attacks making up the remaining 19%, data in opposition with what has been observed in the three previous quarters.
The type of DDoS most used is SYN Flood but it has been also observed a new raise of UDP Floods mode. Interesting parameters for the qualification of a DDoS attack are the duration and Average attack speed. In Q2 2012 the average attack duration, compared with of the previous quarter data, is passed from 28,5 hours to 17 hours and also the average attack speed is decreased recording a speed of 4.4 Gbps and average packet-per-second (pps) volume totaled 2.7 million. Analyzing in detail the number of attacks related to the quarter it’s is anyway notice a reduction of the total number respect previous quarter, it’s also possible observe that 47% of attacks has been registered on June, curiously concomitant opening of Euro 2012 soccer tournament, demonstrating that also sporting events have an impact on the internet security. Statistics on the most significant operational threat encountered in the last year shows the prevalence of DDoS attacks against end customers (71%), over 62 percent related to misconfigurations and/or equipment failures as contributing to outages during and meaningful is also the contribute provided by botnets.
Which are the most active nations under the offensive perspective? This quarter China confirmed its leadership in the chart of attack source country rankings with Thailand and the United States.
In the next months it is expected that the number of DDoS attacks will still increase also thanks the development of new tools and the diffusion of new botnets. Detection of a DDoS attack Detect a DDoS attack just in time is essential to limit the damage and fight the cyber threat, in literature there are several techniques to identify this phenomena and on the market are available a wide set of network devices that perform the function. Many appliances implements “reputation watch” sentinel that analyze the traffic searching for anomalies in real-time known, trying also to qualify the cyber threat and its origin, as we have introduced the malicious traffic could be generated by automated botnet, trying to ban bad IP addresses ‘on-the-fly’. Many systems are able to dynamic provide an automatic changing in the network context to block incoming malicious traffic and also are able to apply discriminant on it based on the country of origin. Which are the principal device used to mitigate DDoS Attacks? On the market there are several appliance used to limit the damages caused by similar attacks, following a short list of systems using for DDoS detection:
  • NetFlow analyzers – The NetFlow protocol is a network protocol developed by Cisco Systems to collecting IP traffic information and it is recognized as a standard for traffic analysis. Network devices (e.g. Routers) that support NetFlow are able to collect IP traffic providing detailed statistics. The component that perform traffic analysis in the NetFlow architecture is named “collector” and usually is implemented by a server. Cisco standard NetFlow version 5 defines a flow as an unidirectional sequence of packets that all share of the following 7 values (Ingress interface (SNMP ifIndex), Source IP address, Destination IP address, IP protocol, Source port for UDP or TCP, Destination port for UDP or TCP, IP Type of Service).Anayzing in automated way the flow is possible to detect in real time a DDoS event localizing the sources of attacks.
  • SNMP-based tools – SNMP-based tools are used by network administrators to collect traffic from network devices like a switch or a router supporting SNMP protocol. As usual these tools consist of two components. One, namely the collector, is to collect SNMP data, and the other, the “grapher”, is to generate HTML formatted output containing traffic loading image which provides a live and visual representation of the network status and traffic trends. These traditional SNMP-based traffic monitoring tools are really effective to detect traffic anomalies, such as an unexpected increase, that may indicate an ongoing attack. From a security perspective collected data sometimes might be either too coarse to detect anomaly and need further analysis.
  • Deep packet inspection – DPI devices perform deep packet filtering examining both the data part header of packets composing the traffic once the pass an inspection point. The DPIs may be used for different purposes for example to search for protocol non-compliance, viruses, spam, intrusions and attack detection. A DPI configured in the proper mode would detect the DDoS packets and filter them out.
In the following graph is reported their engage according the report provided by Arbor Networks, with classic Commercial Network Analyzers it is possible to note that are increasing the number of open source system used to mitigate the attacks.
Once Detected the attack it is necessary to apply the proper action to mitigate its operation, and despite their functional and operational limitations, according the principal security firms, ACLs continue to be the most widely used tool to mitigate DDoS attacks. Other possible methods to mitigate a DDoS attack are Intelligent DDoS mitigation systems (IDMS), Destination-based remote triggered blackhole (D/RTBH) a filtering technique that provides the ability to drop undesirable traffic before it enters a protected network and Source-based remote triggered blackhole (S/RTBH) technique allows an ISP to stop malicious traffic on the basis of the source address it comes from and FlowSpec. Following the graph related to data published in the last reports of the Arbor Networks Firm:

Majority of organization have implemented best current practices (BCPs) in critical network infrastructure security, and according the various reports provided by different security firms the level of awareness and the efficiency of the response to the incident is increased obtaining meaning progress over last years. These principal BCPs implemented are:
  • Authentication for BGP, IGPs
  • Separate out-of-band (OOB) management network
  • iACLs at network edges
  • BCP38/BCP84 anti-spoofing at network edges

A Look to the future … concerns related IPv6

One of the factor that will impact the evolution of DDoS attacks is the introduction of IPv6 protocol. The expert are convinced that DDoS attack could be strengthened around 90% in IPv6 when compared to the IPv4. According SANS Institute the path taken by the attack packets can be either one way (TCP, UDP and other attacks) or two ways (ICMP traffic). Technically IPv6 introduces six optional headers such as Routing header that could be used to force a packet transit on through routers, making possible that the attack packets could transit between the routers endlessly suturing the network with forged packets and can lead to a powerful DDoS attack. IPv6 has also another powerful feature that could be exploited, the mobile IP that has been introduced in the last version of the protocol to allow a user to change his geographical location moving to different networks maintaining a single IP address. This is achieved by the extension headers provided in IPv6. The original IPv6 address is stored in the extension header whereas an additional temporary address is maintained in the IP header. The temporary address keeps changing when the user is mobile but the original IP address remains unchanged. An attacker can easily change this temporary IP address and carry out spoof attacks.

Conclusions

This type of attacks is still preferred by group of hacktivist that are intensifying the offense against private companies and governments, but also cybercrime is adopting it in complex operation where the need is to block a web service meanwhile a fraud schema is implemented. The attacks is also largely adopted incyber warfare to hit the critical infrastructures of a country, let’s remind that also financial institution of a nation are considerable vital entities for a country. Despite the last quarter has registered a reduction of the total number of attacks the cyber threat is still very worrying, the DDoS doubled in Q2 2012 respect the same quarter one year ago. The diffusion of botnets and also the introduction of IPv6 represents a further factors that could amplify the magnitude of the cyber threats and frequency of this type of attacks. DDoS attack is evolving, are both private and government sectors ready to protect their structures? Underestimate the threat could be very dangerous!

Simple Ways To Get Real Traffic to Your Business


Simple Ways To Get Real Traffic to Your Business

As the Internet matures, getting Traffic to your Small Business site becomes increasingly difficult.
The biggest names have highly sophisticated sites and Internet Marketing budgets that can exceed the entire revenue of most small companies.

Home is for the Heart

home-heart
The Internet is no longer the unique marketing tool it was many moons ago. Having a website isn't an advantage anymore–it's simply expected.
I personally don't believe in depending on Search to bring me Traffic, but I had better provide everything expected, and more, to those visitors who do arrive through Search.
Especially if my business is local.
I'm currently looking for an exceptional roofer for a special project, and the local roofer without an info-packed website is highly unlikely to get my first phone call.
Sadly, most roofers in my area don't even have websites.
I sent my business to the local company who's website introduced me to their staff, explained their services, and listed their material suppliers–as well as providing a detailed FAQ.
Before picking up the phone, virtually all of my questions had already been answered.
Several other sites I visited had almost nothing to tell me.
Local companies smart enough to have websites packed with useful information will always have a place high on Page One when the Search is obviously Local, i.e. includes City or Zip in the Search criteria.

Piggy Back on Bigger Sites

big-guys
One site I like is Yelp.com. It's packed with User Reviews, and is beginning to appear in Results when I'm looking for reviews regarding various services around town. Looking for Reviews and Complaints is my standard practice when considering a company or product–especially one I have never heard of before.
While it's always good idea to get your satisfied customers to give you a written testimonial, it would be even better to get those testimonials posted on "outside" websites.
For one thing, Testimonials appear more impartial when they come from an outside source. But an outside website can have the added advantage of giving you a link from a third party back to your own site, giving you a little more credibility with Google.
This idea transformed Amazon.com. I always check the Amazon reviews before buying anything, whether my purchase ends up with Amazon or not.
It's pretty easy to sell your Product through Amazon, and should be seriously considered for the Testimonial value alone, not to mention one more method of getting your offering higher on the Search Results.
A product I created long ago showed up much higher in the Search Results when it appeared on websites with much greater Page Rank than my own. Piggy Backing off someone bigger is smart ;-) And the bigger, the better!

Free is for the Famous

free-famous
The idea of getting "free" business from Search Engines has never really been easy for the little guy, regardless of what the Gurus may tell you. Everything takes time and effort.
On the other hand, getting free publicity is easy for someone who has already caught the public's eye.
But how do you catch the public's attention in the first place?
The Media wants a Story, so it's your job to give them one. When Media tells your story, people Search for you. If you're really lucky, Media publicizes your URL.

Celebrity Search Engine

red-carpet
There are two types of companies and/or products that dominate Search.
  • The Specialist – Unique Product that Solves a Specialized Problem
  • The Famous – Companies with Brand Recognition
Newbies who want to break into Entertainment will often resort to outrageous, shocking, or even heinously vile behavior to attract media attention. If you need more information, just ask your children about their current favorite Acts.
Most businesses, on the other hand, must introduce something a little more constructive, but equally attention grabbing. The "Next Big Thing" in technology is a perfect example of something nobody knew they needed until they saw it. Overnight that product becomes a "Must Have."

Well, Isn't That Special

steve-jobs
Unless people have already been exposed to a specific Product enough times to be convinced they need it, Search will center around finding a specific Solution.
You want their Solution to be your Product.
But the more unique the Problem to be solved, the smaller the pool of people searching for you or your unique Solution.
It's hard to get people Searching for a Solution to a Problem people don't know they have.
And of course, building a better Mouse Trap is only successful if mice are a problem to a lot of people. But the bigger the problem, the more competitors, so your Mouse Trap must be "better enough" to attract Media attention.
Whether you need to promote a Solution to an "Unrecognized Problem" or show off your Bigger Idea, Media Attention is the key to leap-frogging over a much bigger competitor, and getting Traffic to your website.

Famous Is As Famous Does

famous-does
The more that people already know about you, the more they want to know. Publicity seems to feed upon itself, and becomes self-perpetuating.
As much as you may like the idea of sitting at your computer and creating Demand thru great original Content, the fact is that you will still need to get out there into the "real world" and make some noise.
Working through Search alone may work for a tiny Niche, but taking your business to the next level requires taking your Marketing to the next level as well.

Traditional Marketing

traditional-marketing
You don't necessarily have to spend a lot of money on Advertising in order to get your name out there. The old fashioned Press Release can be worthwhile and inexpensive, although it does take time to gather all the appropriate News Outlets.
Be creative and either stage or participate in Newsworthy Events. Send a Press
Release ONLY when your activity is all but guaranteed to generate Media interest, otherwise a Dud Event will cause them to ignore you when you are involved in something that IS really big.
Then use your Press Clippings and Interview Recordings to give you a foundation of credibility. When the Media gets to know you as a solid source of a good story, it will be easier to get their attention each time you venture out.

Traditional Blogging

traditional-blogging
Always direct the Media to your website, and always write about your current Media Event in your Blog.
Well written Content should be between 600-1000 words. If you post more often than once a week, the post can be shorter. If you post once a month, they should be much more substantial and valuable.
Regardless of how often, it's important to have a regularly scheduled date for posting.
Like clockwork, your postings need to be dependable in that regard if you want to generate a regular following.
Regular posting is even more important if your plan includes having Media personnel checking your site for your latest developments.

Social Media

socialize
When you're Famous–or merely very Interesting–Media keeps watch over your Twitter postings. Twitter has almost become the preferred method for major Stars to make Announcements to the Media, replacing the old fashioned Press Release.
When the Paparazzi stalk your every move, a Press Release is kind of redundant, anyway.
You may not be that Famous–Yet. Even so, be sure to use Twitter as a gateway back to your website. As your Following grows, you will have an easier time getting coveted Media attention.
You may not be "The Most Interesting Man in the World," but Twitter will be of little use to you if you're just another bump on the log.

Simple Isn't Always Easy

macbook-air-simple
These are only a few simple ideas that can be relatively inexpensive. But they do require an investment in Time, Effort, and Creativity.
And Simple can require a lot of gumption. It's not easy to get out there before the Public and become a Media Personality.
But a number of successful CEO's have found that to be just the ticket to grow their business.
Tom Hopkins is a premier Sales Trainer who has been around for years. Tom jokes about the person who wants to reach the "Pinnacle of Success, but wants to stay home all the time."

Recent Posts