STE WILLIAMS

Thanks to Rowland Yu of SophosLabs for providing the research for this article.

A recent SophosLabs statistical analysis comparing the ratio of malware to potentially unwanted applications (PUA) across Windows, Mac and Android illustrates a trend we’ve been seeing for some time: attackers are rapidly focusing their malware creation and exploit techniques on Android devices.

The analysis also shows the bad guys increasingly using PUAs to slip past security sensors and penetrate Android and Mac devices.

When we pull back the lens on the bigger picture, Windows continues to be the most-targeted of all operating systems, SophosLabs researcher Rowland Yu said. But the growing ferocity against Android is clear.

Follow the money

In an email exchange, Yu reiterated a point we’ve made in the past: the more open the system, the more susceptible it is to malware:

On the other hand, if the system has its own app store such as Mac and Android – or undergoes a system or human review – then malware writers will use PUA instead of malware.

The current thinking in the lab is that malware writers see PUA as a way to more easily bypass security systems and achieve the same end goal they have with other malware – making money. 

By the numbers

A look at the raw volume of samples analyzed by SophosLabs in 2016 painted the following picture:

• Of everything targeting Windows, 6% were PUAs while 95% was straight-up malware.
• Of everything targeting Android, 75% is pure malware and 25% were PUAs.
• Of everything targeting Macs, 6% was pure malware and 94% were PUAs.

While malware is designed to do harm, PUAs fall more into the nuisance category: annoying apps that run ads and pop-ups until you finally uninstall them.

Android malware examined

In the SophosLabs 2017 malware forecast released in February, the researchers explored the specific malware designed for Android devices.

SophosLabs analysis systems processed more than 8.5m suspicious Android applications in 2016. More than half of them were either malware or potentially unwanted applications (PUA), including poorly behaved adware.

When the lab reviewed the top 10 malware families targeting Android, Andr/PornClk is the biggest, accounting for more than 20% of the cases reviewed in 2016. Andr/CNSMS, an SMS sender with Chinese origins, was the second largest (13% of cases), followed by Andr/ DroidRT, an Android rootkit (10%), and Andr/SmsSend (8%). The top 10 are broken down in this pie chart:

Defensive measures

Though Android security risks remain pervasive, there’s plenty users can do to minimize their exposure, especially when it comes to the apps they choose.

• Stick to Google Play. It isn’t perfect, but Google does put plenty of effort into preventing malware arriving in the first place, or purging it from the Play Store if it shows up. In contrast, many alternative markets are little more than a free-for-all where app creators can upload anything they want, and frequently do.
• Consider using an Android anti-virus. By blocking the install of malicious and unwanted apps, even if they come from Google Play, you can spare yourself lots of trouble.
• Avoid apps with a low reputation. If no one knows anything about a new app yet, don’t install it on a work phone, because your IT department won’t thank you if something goes wrong.
• Patch early, patch often. When buying a new phone model, check the vendor’s attitude to updates and the speed that patches arrive. Why not put “faster, more effective patching” on your list of desirable features, alongside or ahead of hardware advances such as “cooler camera” and “funkier screen”?

If you use a Mac, our recommendations typically include using a real-time anti-virus, even (or perhaps especially) if you have managed unharmed for years without one, and promptly downloading security updates as Apple releases them.

Similar advice applies to malware and PUAs targeting Windows. Apply patches immediately and be careful of attachments and links delivered via Outlook.

Follow @NakedSecurity
Follow @BillBrenner70

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/1qfXlyX9YxM/

Your daily round-up of some of the other stories in the news

Berners-Lee warns of ‘disgusting’ move to erode privacy

Sir Tim Berners-Lee (pictured), the inventor of the world wide web, hit out at the moves by the US administration that will allow ISPs to sell their customers’ data without their consent as he was awarded the Turing Award on Tuesday.

Sir Tim told the Guardian that the move is “disgusting” and “appalling”. He added, to the BBC, that he was worried about plans to erode net neutrality, saying: “If the FCC does move to reduce net neutrality, I will fight as hard as I can.”

Accepting the Turing Award, which is also known as “the Nobel Prize of computing”, Sir Tim also expressed concern about calls by politicians such as the UK’s Amber Rudd to create backdoors into encrypted messaging services. He said: “I know that if you’re trying to catch terrorists it’s really tempting to demand to be able to break all that encryption, but if you break that encryption, then guess what, so could other people and guess what: they may end up getting better at it than you are.”

Sir Tim’s comments came as President Donald Trump signed into law the measure that repealed the Obama administration’s rules that would have protected ISP customers by requiring ISPs to get their customers’ consent before sharing their personal data.

Complaints of drones ‘snooping’ up sharply

Just days after the UK’s aviation authorities revealed that two aircraft using London’s Heathrow airport had had uncomfortably close shaves with drones, police said that complaints about drones had risen sharply over the past two years, with some 10 incidents a day being reported last year – up from just 283 incidents for the whole of 2014.

The figures, revealed via a freedom of information request by the Press Association, show that people feared that their homes were being scoped for burglaries by the drones they were reporting. Reports also included allegations of neighbours snooping. Steve Barry of the National Police Chiefs’ Council told the Press Association that the rise in reports showed a rising “awareness of what drones are and what they can do”.

David H Dunn of Birmingham University added: “Previously, you had a hedge, you had a wall and you could do whatever you wanted in your garden without people disturbing you. That has changed because of drones.”

Space researchers seek bed fans

Are you male, fit, between the ages of 20 and 45, a non-smoker who has no allergies? Do you fancy the idea of being paid to stay in bed for two months and earn €16,000 for your trouble while at the same time helping advance scientific knowledge about the effects of long-duration spaceflight?

If so, you’re in luck: France’s Institut de Médecine et de Physiologie Spatiales in Toulouse is looking for 24 men to stay in bed so that scientists can study the effects of microgravity. The participants will spend 88 days on the program, of which 60 will be spent entirely in bed.

Dr Arnaud Beck of the Institut warned, however, that it’s not quite as cushy as it might seem, with the participants having to spend all their time in bed, with all washing, eating and bodily functions being carried out in bed. “The rule is to keep at least one shoulder in contact with the bed or its frame,” he added.

The experiment is to consider the detrimental effect of long periods of weightlessness on the body ahead of proposed long periods of manned spaceflight. If none of that puts you off, you can apply here.

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

 

 

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/m6dy6PKizew/

The hacking group blamed for the infamous $81m cyber-heist against the Central Bank of Bangladesh last year has been targeting a far wider range of organisations than previously thought.

The so-called Lazarus cyber-espionage and sabotage crew has also been busy attacking casinos, software developers for investment companies and crypto-currency businesses as well as bank around the world, according to researchers from Kaspersky Lab.

During the forensic analysis of artefacts left by the group in South-East Asian and European banks, Kaspersky Lab has reached a deep understanding of what malicious tools the group uses and how it operates. Knowledge of the hackers’ tradecraft has helped to interrupt at least two other operations aimed at stealing a large amount of money from financial institutions.

Modus operandi

The hackers typically start by running watering hole attacks in order to plant malicious code on the victim’s (bank employee) computer. Once a toehold has been established, the hackers attempt to infect other hosts in a targeted institution.

The next stage involves internal reconnaissance, mapping the targeted network. Particular targets include the backup server, where authentication information is stored, mail servers or domain controllers as well as servers storing or processing records of financial transactions.

Finally, the hackers deploy “special malware” capable of bypassing the internal security features of financial software and issuing rogue transactions on behalf of the bank.

During the analysis of the incident in South-East Asia, Kaspersky Lab experts discovered that hackers scanned the targeted bank network seven months prior to the day when the bank’s security team requested incident response.

According to Kaspersky Lab records, malware samples relating to Lazarus group activity appeared in financial institutions, casinos software developers for investment companies and crypto-currency businesses in Korea, Bangladesh, India, Vietnam, Indonesia, Costa Rica, Malaysia, Poland, Iraq, Ethiopia, Kenya, Nigeria, Uruguay, Gabon, Thailand and several other countries since December 2015. Fresh samples were detected only last month, indicating that the hackers have no intention of stopping even though they have been less busy of late.

Lazarus’$ global spread [source: KL blog post screenshot]

The Lazarus group, which has been active since 2009, is also suspected in the infamous Sony Pictures hack. North Korea is prime suspect in the ongoing malfeasance. The Kaspersky team uncovered one isolated example where the hackers connected to a command and control server from a very rare IP address range in North Korea.

This was either an OpSec slip-up by the hackers or someone else’s carefully planned false flag operation (i.e. an elaborate attempt to frame the NORKs), according to Kaspersky Lab.

OpSec fail [source: KL blog post screenshot]

Kaspersky Lab released details of its research during a session during its Security Analyst Summit in St. Maarten, West Indies on Monday. The Russian security software firm has released Indicators of Compromise (IOC) and other data to help organisations search for traces of these attack groups in their corporate networks. ®

An animated video on how Kaspersky Lab researchers investigated the Lazarus attacks can be found below.

Youtube Video

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/04/lazarus_hacker_hunt_trail/

Sir Tim Berners-Lee has criticised plans to weaken encryption or extend surveillance in the wake of recent terrorist attacks.

Days after the attack on Westminster that claimed the lives of three pedestrians and a police officer, Home Secretary Amber Rudd said there should be no safe space for terrorists to communicate online. The comments came after it emerged that attacker Khalid Masood had checked WhatsApp – which offers end-to-end encryption – two minutes before ploughing an SUV through pedestrians on Westminster Bridge then leaping out and fatally stabbing an unarmed policeman standing guard at the gates of the Houses of Parliament.

Weakening encryption would be a mistake, according to Sir Tim. “If you’re trying to catch terrorists, it’s really tempting to demand to be able to break all that encryption but if you break that encryption then guess what – so could other people, and guess what – they may end up getting better at it than you are.”

Sir Tim made the comments to the BBC in a wide-ranging interview¹ following his Turing Award win, a prestigious gong sometimes described as the Nobel Prize of computing. His criticism against weakening encryption parallel those of other security experts.

The Home Secretary has reportedly invited tech bosses from Google, Microsoft, Twitter and Facebook to a summit to discuss encryption and its national security implications.

David Emm, principal security researcher at Kaspersky Lab, noted that tech firms are “unlikely to be happy about switching to a ‘snoopable’ form of encryption – as illustrated by the stand-off between Apple and the FBI last year”.

The terrorist attack in Westminster has renewed the debate about the use of end-to-end encryption by messaging services such as WhatsApp. Rudd has appealed to tech companies to provide a way for government to inspect the communications of those suspected of criminal activity, for example terrorists. Other politicians have even called for a blanket ban on end-to-end-encryption.

Both of these approaches are flawed, according to Emm.

“The requirement for application vendors who use encryption to provide a way for government or law enforcement agencies to ‘see through’ encryption, poses some real dangers,” Emm said. “Creating a ‘backdoor’ to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside. Your intention is for it to be used only by those you have told about it. But if someone else discovers it, you’d be in trouble.

“Similarly, if a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic – thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application.” ®

Footnote

¹Sir Tim is also against weakening net neutrality, opposes laws that would allow US ISP to broker sales in users’ data (such as surfing history) and in favour of combatting fake news.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/04/web_inventor_opposes_crypto_backdoors/

UK companies are being targeted by a China-based global hacking group dubbed APT10.

The Operation Cloud Hopper campaign focuses on managed service providers (MSPs) which, when successful, gives the APT10 hackers access to their intellectual property, sensitive data, and global clients. A number of Japanese organisations have also been targeted by the same crew, according to a joint report by PwC and BAE Systems.

APT10 has significantly increased its scale and capability since early 2016, including the addition of new custom tools. The switch from using the Poison Ivy and PlugX malware to bespoke malware as well as open-source tools shows increased sophistication. The group still uses phishing and other social engineering techniques to push its wares.

The group focuses on espionage activity, targeting intellectual property and other sensitive data, PwC reports.

“APT10 is known to have exfiltrated a high volume of data from multiple victims, exploiting compromised MSP networks, and those of their customers, to stealthily move this data around the world,” the researchers warn.

PwC UK and BAE Systems rate it “highly likely” that APT10 is a China-based threat actor. The group has been active since 2009, and has already been profiled by other security researchers at FireEye and CrowdStrike among others.

Targeting service providers in order to get at their clients represents a shift in tactics by cyber-spies that might be compelled to go after university research departments in an attempt to get at defence contractors or hacking the systems of lawyers and accountants of other intel targets.

Donato Capitella, senior security consultant at MWR InfoSecurity, commented: “In the past decade we have observed major, critical organisations raise their cyber defence profile, by allocating larger budgets into their prevention, detection and response capabilities. This naturally led to crime displacement or relocation, meaning that attackers have shifted their attention to the smaller third parties that supply services to these organisations.”

Matt Walmsley, EMEA director at cybersecurity company Vectra Networks, added: “These criminals continue to play a long game, prepared to wait months – even years – to harvest valuable data without being noticed. Malicious code or indeed a live connection to a bad actor can sit, unnoticed like a leech, harvesting useful data slowly and consistently.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/04/chinese_hackers_target_msps/

Short-staffed, more than half of organizations admit they ignore alerts that should be investigated because they lack resources to handle the overflow.

Strained by the cybersecurity skills shortage, 54 percent of respondents to a new survey say they are forced to ignore security alerts worthy of further investigation, because they don’t have the staff and expertise to handle them

The Enterprise Strategy Group (ESG) surveyed 150 IT and cybersecurity pros with knowledge of, or responsibility for, enterprise security. In the study, released today, they discovered security operations has become a “bottleneck” as challenges in people, processes, and technology limit organizations’ ability to handle threats.

More than one-third (35%) of respondents found it tough to keep up with the volume of alerts, and nearly 30% struggled because security operations tools weren’t well-integrated. One-quarter say processes are too informal and rely on the skills of a handful of employees.

“They’re vulnerable in more places,” explains Siemplify CEO Amos Stern, noting how the rise of tech like mobile, cloud, and IoT will complicate the problem. “While their digital footprint is growing, the surface of attack is growing, and more tools are needed to detect threats.”

Each of these tools focuses on a different aspect of security. Businesses that previously needed only a few security systems can now have up to 50 or 70, all of which work independently and address different functions: endpoint security, mobile, cloud, web app security.  The tools each provide a piece of the puzzle, but it’s still up to the security expert to decide how events are related and initiate a response.

“Being alerted to more potential threats doesn’t necessarily mean better security,” says Stern. “Half of respondents said they have to ignore alerts that need to be investigated.” 

Respondents were primarily concerned with the steps that come after the alert: prioritizing the threats and determining how to approach each one. 

ESG’s research found gathering data related to an alert is the most time-consuming task for 35% of respondents. Malware analysis and analyzing log repositories fell second; each were top among 31% of respondents.

The threat overload isn’t a problem that can be solved by throwing more people at it, says Stern, because there are not enough people available to be thrown. Security teams are often understaffed or lack expertise to face today’s threats. Previous ESG research found only 17% of businesses say the size of their security operations team is always sufficient.

Processes are also chaotic because most security operations teams “invent their own wheel,” says Stern. “There’s no centralized platform for running security operations,” as there is in other departments like sales, marketing, and human resources.

Stern explains how businesses are turning to orchestration to tie together different systems and better coordinate incident response. Orchestration structures threat detection and response to help manage the process so security teams don’t have the rely on myriad tools.

When asked about their security priorities for 2017, 39% of respondents in ESG’s survey said they plan to invest in processes and technologies to automate security operations related to incident response. More than one-third (35%) plan to invest in threat detection technologies.

“The idea is to find the balance between automating wherever possible and empowering the human analyst where needed,” he says. “No security manager would say they want to fully automate their incident response.”

Related Content

• Reactive to Proactive: 7 Principles Of Intelligence-Driven Defense
• To Attract and Retain Better Employees, Respect Their Data
• More than Half of Security Pros Rarely Change their Social Network Passwords

Kelly is an associate editor for InformationWeek. She most recently reported on financial tech for Insurance Technology, before which she was a staff writer for InformationWeek and InformationWeek Education. When she’s not catching up on the latest in tech, Kelly enjoys … View Full Bio

Article source: http://www.darkreading.com/operations/half-of-security-pros-ignore-some-important-alerts/d/d-id/1328545?_mc=RSS_DR_EDT

Insurance firm AIG will now cover expenses related to extortion, cyber bullying, and other digital threats.

Insurance companies have started to respond to the alarming rise in cyber incidents by providing cyber coverage to clients, Reuters reports. American International Group Inc (AIG) is the latest to do so with its Family CyberEdge plan, which will cover customers’ expenses related to online extortion, bullying, etc.

Recent trends have shown that high-profile individuals are becoming targets of hackers who steal and leak victims’ sensitive personal details and photographs online. The US government is ready to recall certain privacy rules and insurance companies are scrambling to cash in on it.

Premiums for such coverage vary but would typically be less than $100 for $25,000 to $50,000 of coverage. According to Jerry Hourihan of AIG Private Client Group, policies cost around 10-15% of a homeowner’s premium.

Coverage provided typically includes malware removal, online fraud reimbursement, data restoration, family electronic device assessment, and cyberthreat monitoring.

Read Reuters for details.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/risk/aig-rolls-out-policy-for-cyberthreat-coverage/d/d-id/1328547?_mc=RSS_DR_EDT

The IAAF is taking all measures to secure its network after an attack allegedly conducted by hacker group Fancy Bear.

The International Association of Athletics Federations (IAAF) revealed that the Fancy Bear hacking group has allegedly penetrated IAAF servers and compromised athletes’ Therapeutic Use Exemption (TUE) applications, NBC News reports.

TUEs are exemptions allowing athletes to take otherwise banned substances if they have specific medical needs. The compromised information was collected from a file server and found in a newly created file. There is no confirmation that the records have been stolen from the network. 

An IAAF press release says this incident was discovered on February 21 by Context Information Security during a routine investigation across the IAAF systems. Athletes who were likely affected have been contacted by the sports body.

“They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organizations to create as safe an environment as we can,” assured IAAF president Sebastian Coe.

Read more on NBC News.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/hackers-hit-iaaf-compromise-athlete-records-/d/d-id/1328548?_mc=RSS_DR_EDT

Sophisticated heist compromised major bank’s entire DNS infrastructure.

KASPERSKY SECURITY SUMMIT 2017 – St. Maarten – Cybercriminals for five hours one day last fall took over the online operations of a major bank and intercepted all of its online banking, mobile, point-of-sale, ATM, and investment transactions in an intricate attack that employed valid SSL digital certificates and Google Cloud to support the phony bank infrastructure.

The attackers compromised 36 of the bank’s domains, including its internal email and FTP servers, and captured electronic transactions during a five-hour period on Oct. 22, 2016. Researchers estimate that hundreds of thousands or possibly millions of the bank’s customers across 300 cities worldwide, including in the US, may have been victimized during the hijack window when customers accessing the bank’s online services were hit with malware posing as a Trusteer banking security plug-in application. The malware harvested login credentials, email contact lists, and email and FTP credentials, and disabled anti-malware software on the victim’s machine to avoid detection.

Dmitry Bestuzhev, director of Kaspersky Lab’s research and analysis team in Latin America, says the attackers were able to pull off the heist by compromising the bank’s Domain Name Service (DNS) provider Registro.br and gained administrative control of the bank’s DNS account. The attackers also obtained valid digital certificates for their poser bank’s servers via Let’s Encrypt, a legitimate HTTPS certificate provider, to dupe customers who, when they logged into their online accounts, were redirected to the phony systems. Meanwhile, the bank, which has $25 billion in assets, 5 million customers worldwide, and 500 branches in Brazil, Argentina, the US, and the Cayman Islands, was locked out of its own network and systems during the attack.

“As far as we know, this type of attack has never happened before on such a big scale,” Bestuzhev says. Kaspersky Lab did not disclose the name of the victim bank.

The operation actually began at least five months prior to the actual hijack on Saturday, Oct. 22. Bestuzhev says it’s unclear just how the attackers were able to compromise the DNS provider, but notes that Registro.br in January of this year patched a cross-site request forgery flaw on its website. “Maybe they [the attackers] exploited the vulnerability on that website and got control. Or … We found several phishing emails targeting employees of that registrar, so they could have spear-phished them,” he says. “We don’t know how exactly they originally compromised” the DNS provider, he says.

The bank didn’t deploy the two-factor authentication option offered by Registro.br, which left the financial institution vulnerable to an authentication-type attack as well as authentication-type flaws such as CSRF, Fabio Assolini, a Kaspersky Lab researcher said here today during a presentation about the bank hijack discovered by Kaspersky.

More Banks at Risk

The attackers also dropped on banking customer machines malware that targets a specific list of other banks in Brazil, the UK, Japan, Portugal, Italy, China, Argentina, the Cayman Islands, and the US, apparently in hopes of nabbing their accounts there as well. There were eight components of the malware, including the one that disabled or removed anti-malware software, all written in JAR and able to run on Windows and Mac systems. “Once executed, the malware detection rate was very low,” he says. “Even if they failed at removing anti-virus, they were able to partially disable it.”

A phishing campaign targeting specific bank clients also was set in motion in order to steal payment card information, and during the five-hour heist, the bank was unable to access its email system and alert its customers. “The hijackers had complete control of the bank,” Bestuzhev says.

The attackers routed stolen credentials and other information to a server in Canada, likely a “disposable” hosting setup, he says.

Bestuzhev says there’s no way to defend against this type of targeted attack against infrastructure. “It’s the fragility of the Internet,” he says. Most banks in Latin America rely on a third-party DNS provider for their infrastructure, and at least half of the top 20 largest banks in the world use DNS providers for some or all of their DNS infrastructure, he notes.

The bank ultimately regained control of its DNS infrastructure, but the victim machines could remain infected with the malware. “The malware is persistent,” Bestuzhev says. “It stays on the computers and can keep causing damage to the victim.”

Kaspersky Lab doesn’t identify hacker groups, but believes the attackers were a sophisticated Brazilian cybercrime group.

“They spent five months just waiting. This is not someone who is a newbie,” Bestuzhev says.

Kaspersky Lab identified the malware used in the attack as Trojan-Downloader.Java.Agent; Trojan.BAT.Starter; not-a-virus:RiskTool.Win32.Deleter; and Trojan-Spy.Win32.Agent.

Related content:

• Mandiant: Financial Cybercriminals Looking More Like Nation-States
• The Interconnected Nature of International Cybercrime

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: http://www.darkreading.com/attacks-breaches/cybercriminals-seized-control-of-brazilian-bank-for-5-hours/d/d-id/1328549?_mc=RSS_DR_EDT

What’s This?

Some hackers are fairly predictable in their successful use of really dumb attacks.

The common conception of cyber attacks are kind of like bad weather, ranging from irritating to catastrophic, but always unpredictable. Hackers are simply too sophisticated to draw any reliable judgments about, and we shouldn’t try.

As it turns out, some hackers are fairly predictable in their successful use of really dumb attacks. Here are the top five.

1.  Browser Locker
Browser locker, better known as the fake blue screen of death, spraying gibberish errors at the user and imploring them to call an Indian boiler room to be scammed at an average cost of $500. Some feature tweaks by the major browsers have pushed tech support scammers into more creative iterations, including registry hacks to replace the Windows shell itself with a locker. But the browser locker still exists in bulk and still draws victims.  Some lockers show some ingenuity, like manipulating the browser’s history function, but most are some variation of:

For x in range (a lot) {
  Alert(“You have a virus, please call Scam Number”)
}

2. DDOS Extortion
With DDoS bots for sale, sometimes on the clearnet, denial of service itself is not the most sophisticated of attacks. DDoS extortion is one notch lazier: an attacker will simply send an email to a corporate security staff threatening massive attacks if a bitcoin ransom isn’t paid immediately. Given that the ransom in question has tended to be relatively low, companies in industries requiring continuous uptime have sometimes shrugged their shoulders and paid. If this happens to you, talk to your service provider to work out mitigations. Don’t talk to the attacker.

3. SQL Injection
SQL Injection takes a modicum of technical skills to pull off, from finding the vulnerable site, to executing and safely exfiltrating dumped files or data. So why is this a dumb attack? Because it was first publically discussed in 1998. It was in the OWASP top 10 in 2007 and 2010. It was #1 on the OWASP top 10 in 2013. This is a known, predictable attack with extensive mitigations, so continuing to see it used so frequently is profoundly dumb.

4. Business Email Compromise
Sometimes, bosses are jerks. Sometimes when a boss is a jerk, their subordinates are too frightened to question an order from the boss, regardless of how out of character it might be. Attackers have weaponized this cliché of the business world by posing as the aforementioned jerk boss and demanding that large amounts of money be wired to overseas accounts as soon as possible. This scam, which is not much more complicated than shouting “Give me money!” is called Business Email Compromise and has cost US victims $960,708,616 since 2013.

5. Macro Malware
In the old days, MS Office had macros enabled by default. This made for a great malware delivery vector with malicious attachments that would run all sorts of arbitrary code when opened. Eventually, Microsoft had enough and switched Office macro support to off by default. Criminals have gotten around this restriction by simply asking the user to enable macros and thereby the malicious code. Here’s the technique cropping up in 2014 and here it is again last month.

In summary, a great many cyber threats are not sophisticated nation-state level, well thought out attacks. The bulk, in fact, tend to be the least effort required for success, which sometimes turns out to be not very much effort at all.

Article source: http://www.darkreading.com/partner-perspectives/malwarebytes/top-5-dumbest-cyber-threats-that-still-pay-off/a/d-id/1328550?_mc=RSS_DR_EDT