STE WILLIAMS

On Valentine’s Day, Mac users got a special “treat” in the form of new malware. That same week, there were signs of yet another piece of malware looming. These threats were overshadowed a bit by the discovery last week of the second ransomware app to ever appear on the Mac, but they’re still worthy of consideration.

The first malware, named XAgent, was analyzed by Palo Alto Networks. XAgent, it turns out, is related to the Komplex malware discovered by Palo Alto last year, as can be seen by comparing some of the strings to those found in Komplex.

At that time, Palo Alto tied Komplex to the Sofacy Group – aka Fancy Bear and APT28, among others – which is a Russian hacking organization that has since been linked to attacks including the hack of the Democratic National Convention.

XAgent is a backdoor that provides a number of powerful remote access features, including keylogging, screenshots, remote shell access, and file exfiltration. Of particular interest is a command that provides the hacker with information about iOS backups stored on the infected Mac. iPhones (and other iOS devices) are notoriously difficult to hack, but by targeting backups instead, this malware could access potentially sensitive iPhone data.

Interestingly, Patrick Wardle, director of research at Synack, had another interesting revelation about this malware. He shows quite convincingly in a blog post that the Sofacy Group used code copied from the Hacking Team. (Hacking Team is the creator of the Remote Control System backdoor, which it sells to governments and law enforcement, among other organizations.)

Hacking Team was itself the victim of a hack in 2015, and all their source code was made public. Wardle was able to demonstrate key similarities, such as identical bugs, in the decompiled XAgent code and the leaked Hacking Team code. It appears that Sofacy used Hacking Team code in their malware, most likely obtained from the Hacking Team breach.

According to a whitepaper released by Bitdefender, the malware installs itself into the following folder, where it is given one of a set of hard-coded names:

~/Library/Assistants/.local/

At the time of its discovery, the XAgent command control servers were down, meaning that this variant of the malware is no longer a threat.

On the heels of the XAgent discovery came an intriguing glance at another piece of Mac malware, a sample of which has not yet been found. Three days after Palo Alto released its analysis of XAgent, Apple released an update to XProtect – the built-in anti-malware software in macOS – that added detection of XAgent.

However, that update also included a signature for something Apple called OSX.Proton.A, which ignited a storm of questions in the security community, which had never heard of any such malware for the Mac.

A little digging by Arnaud Abbati, a researcher at Ninja, Inc., turned up a page from the Sixgill website with a terse description of a remote access tool (RAT) called Proton. The page has been taken down, but can still be found in Google’s cache here.

Apparently, the malware is being sold on a Russian cybercrime forum, among other places. Sixgill also provided a link to a YouTube video from December, apparently made to promote the malware by demonstrating its capabilities. Another YouTube video, posted on February 8, showed additional capabilities.

Unfortunately, thus far, no samples of the malware have been found. It does not appear to be in the VirusTotal database, and neither of the two sites that appear to be associated with Proton (ptn[dot]is or protonsolutions[dot]net) are responding. Even Sixgill’s analysis seemed to be done entirely from online sources, and had no information to suggest that they had seen a copy of the malware. For now, this is a completely unknown threat with rather frightening apparent capabilities.

Two new malware threats in a week, added to the others previously seen this year (Quimitchin/Fruitfly, MacDownloader, a new class of Microsoft Office macro malware and the Findzip ransomware), brings the Mac malware count for 2017 up to 6, and February isn’t even over yet.

If things continue at this rate, 2017 could see a spike in Mac malware that could rival or exceed the previous high point in 2012, when the infamous Flashback, and a number of other pieces of malware taking advantage of Java vulnerabilities, terrorized the Mac community.

Click to discover more breaking news at Malwarebytes Labs

Thomas Reed is a self-trained developer and Apple security expert, and is director of Mac offerings at Malwarebytes. View Full Bio

Article source: http://www.darkreading.com/partner-perspectives/malwarebytes/mac-malware-reaches-new-highs/a/d-id/1328274?_mc=RSS_DR_EDT

If you feel like you’re overworked and that your security department is short-staffed, you’re probably not imagining it. Two reports were released recently, with less-than-encouraging statistics about the growing security skills shortage. Is there anything we can do to stem the tide?

ISACA’s Current Trends in Workforce Development sheds light on the problems companies are having staffing open positions. More than a quarter of enterprises find they are unable to hire the people they need, and those that are able to fill positions report that it takes more than six months to find the right applicant for the job. Almost half of those surveyed said they got fewer than ten applicants for each job listing and 64% of respondents said that not even half of those who applied were qualified for the position.

This means that there is a huge unmet need, which is causing a serious problem for businesses. In a recent study by Dimensional Research and Tripwire, only ten percent of organizations have the skills to address the full range of the most prevalent threats. Even when singling out ransomware – the threat that most organizations reported to be their biggest concern –  only 44% of respondents said they had the skills in house needed to handle the problem.

The obvious answer to the skills shortfall is to increase both the quantity and quality of applicants. But with few schools offering computer science at the K-12 level, many students are unaware of information security as a career option. Those who start computer science studies at the college level often feel discouraged, as the learning curve is steep, especially compared to peers who have had earlier learning opportunities.

Still, there are a lot of options out there where we as security professionals can help bridge the gap.

Pay It Forward: Volunteer!
While encouraging overworked people to volunteer may seem counterproductive, getting kids interested in computers and security can be a fantastic antidote to burnout. There are a lot of national groups such as TEALS, Girls Who Code, Women’s Society of Cyberjutsu, and CoderDojo as well as local STEM events, hackathons and bootcamps that are in need of expert support.

Show Them the Money: Scholarships
The cost of formal education is growing at a rapid pace, which keeps interested people from getting the skills they need to join this industry. The good news is that there are a lot of scholarships that have been set up to encourage people to pursue an education in security. Several sites, such as (ISC)², CyberWatchWest and WiCYS maintain lists of resources for students seeking scholarships and internships. Security companies’ and schools’ websites also may also offer information on additional financial resources. The second annual “ESET Women in Cybersecurity Scholarship,” will be taking applications through March 15^th.

Uncover Untapped Resources: Diversity
A lot has been said about the lack of diversity in the security industry. While this is problematic, it’s also represents a huge opportunity, as it points to an untapped resource for attracting new talent. National groups like Code2040 and Black Girls Code are helping to cultivate the next generation of developers.

The ISACA report highlights another source of potential new hires that the industry may be overlooking: people who have neither formal education nor professional certifications in security. If someone has other important skills for the job at hand and technical aptitude or interest in security, but lacks more traditional qualifications, they may be automatically weeded out.

Some of the brightest people that I’ve known in the security industry came to it as a departure from a very different career path. People seem to have forgotten that not all security positions require a graduate degree in computer science, and that the necessary experience can be gained on the job. By making significant changes now, we can avoid the projected shortfall of 1.8 million professionals in 2022.

Related Content:

• Road Map To A $200,000 Cybersecurity Job
• You Can’t Hire Your Way Out Of A Skills Shortage … Yet
• Closing The Cybersecurity Skills Gap With STEM

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all … View Full Bio

Article source: http://www.darkreading.com/how-security-pros-can-bridge-the-skills-shortage/a/d-id/1328276?_mc=RSS_DR_EDT

Only 64% of cyber attacks can be stopped, detected or prevented with the current resources, on average, according to a Bitdefender survey  of 250 IT decision makers at companies in the US with more than 1,000 PCs.

Bitdefender’s survey shows that 64% of IT decision makers think their IT security budget is sufficient, 2% say the budget is enough, but they are understaffed, and 7% percent say funding is sufficient but can’t accommodate future expansion. Only 3% of IT decision makers surveyed said the security budget in their company is insufficient.

Less than 20% of IT decision makers say they could stop more than 90% of cyberattacks, while another 20% say they could detect and prevent less than a quarter.

Bitdefender’s survey shows 34% of respondent companies were breached in the past 12 months, with 74% reporting they don’t know how their company was breached. As a result, some 73% of IT decision makers fear a breach would force their companies to pay financial compensation, while 66% fear losing their jobs.

Cloud Spending Up

Cloud security spending at 48% of respondent companies increased in the past year while spending for other security activities remained the same, Bitdefender’s survey shows. While almost two-thirds of IT decision makers say their security budget is sufficient, the rest would need an increase of 34% percent, on average, to deliver efficient IT security policies. This is mainly because migrating information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries to CIO offices about the safety of their data.

For example, cybercriminals can spend large amounts of time inside organizations without being detected. Advanced persistent threats, or APTs, for instance, are often defined as threats designed to evade detection. In the virtualization paradigm, since nothing being executed in raw memory is encrypted – just scrambled – APTs that try to execute malicious code on a virtual machine can be intercepted by Bitdefender’s Hypervisor Introspection technology long before they actually compromise the operating system. In fact, as soon as the malicious code –  even delivered via a zero-day exploit –  tries to execute in the VM’s memory, the introspection engine will immediately “see” the malicious action and the code that was trying to execute.

This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs, 26%; IT managers/directors, 56%;  IT system administrators, 10%; IT support specialists, 5%) and othersfrom enterprises with 1,000+ PCs based in the United States.

Razvan, a security specialist at Bitdefender, is passionate about supporting SMEs in building communities and exchanging knowledge on entrepreneurship. A former business journalist, he enjoys taking innovative approaches to hot topics and believes that the massive amount of … View Full Bio

Article source: http://www.darkreading.com/partner-perspectives/bitdefender/report-only-2-in-3-cyber-attacks-can-be-stopped-with-current-defenses/a/d-id/1328283?_mc=RSS_DR_EDT

It’s almost here! TODAY, Tuesday, Feb. 28, beginning at 11:00 a.m. Eastern Time, we’ll host our next Dark Reading Virtual Event and devote the day to tackling Cybersecurity: Costs, Risks, and Benefits. 

Afraid you might have forgotten a few expensive items when estimating the costs of a data breach? Need more satisfying answers to the “are we secure” question? About to invest in cyber insurance and want to find the potential holes in your policy before it’s time to file that first claim? Need to make a business case for increasing your budget, but need better ways to measure performance first? 

Then this is the event for you. Experts from the Verizon Global Investigative Response Team, Deloitte Cyber Risk Services, Forrester, Optiv, Advisen, CenturyLink, RiskLens, and more will guide you to answers for your most pressing security management questions.

 IN CASE YOU MISSED IT

Check out these webinars you might have missed over the last week:

• “The Cyber Threat From Russia And China: Myths and Realities,” with Tom Kellerman, global fellow of the Wilson Center and Adam Meyers, VP of intelligence for Crowdstrike.
• “Preparing for the Ransomware Onslaught: Part 2 — Ransomware Detection and Triage,” with  John P. Pironti, president of IP Architects LLC and Matthias Wollnik, senior product manager of Code 42.
• “Phishy Business: How to Social Engineer Your Users Into More Secure Behavior,” with Michele Fincher, COO and chief influencing agent of Social-Engineer LLC, Chris Hadnagy, CEO, founder and chief human hacker of Social-Engineer LLC, and Erich Kron, security awareness advocate of KnowBe4.

COMING SOON

Wednesday, March 15, Building a Cybersecurity Architecture to Combat Today’s Risks: “Layered defense” has traditionally been the modus operandi of IT security, but this approach can’t be counted on to stand up to today’s threats and attacks. In addition, attack surfaces are growing every day as companies adopt technologies like cloud and the Internet of Things. So how can you combat today’s risks? Christie Terrill, partner at BishopFox, will provide some answers.

Thursday, March 16, Becoming a Threat Hunter in Your Enterprise: You’re tired of waiting. Tired of waiting for your technology to alert you that there’s already a problem. You want to be more proactive, sink your hands into those threat intelligence feeds, dig into those behavioral analytics reports, follow one clue after another after another, until it leads you to a would-be attacker, before they finish carrying out their grand plan. What you want is to be a threat hunter. Learn how, and what a formal threat hunting program looks like, from John Sawyer, senior security analyst of InGuardians and Chris Pace, technology advocate, EMEA of Recorded Future.

DOWN THE ROAD

Interop ITX is coming to the MGM Grand in Las Vegas May 15-19. The conference program is overflowing with security sessions this year. Plus, the Dark Reading team will be back with the Cybersecurity Summit – a two-day crash course that will bring security teams, from newbies to time-crunched pros, up to speed. 

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/risk/today-on-dark-reading-your-costs-risks-and-metrics-questions-answered/a/d-id/1328271?_mc=RSS_DR_EDT

The anticipated shift of retail cybercrime to ecommerce in the wake of the EMV point-of-sale adoption has officially begun, with the online fraud attack rate increasing by 8.9% in 2016, a new study shows. 

Attacks against apparel companies rose 69.9% in 2016 and attacks against food delivery companies jumped 49.8%, compared with the year before, according to the research released today by Forter in conjunction with the Merchant Research Council.

Domestic orders have also shown a notable rise in fraud attack rate, becoming 79% riskier than they were in 2015. This has had a direct impact on the bottom line risk, resulting in a shift from $2.70 at risk per $100 of sales in Q4 2015, to $4.98 in Q4 2016.

The study collected data on the attack rate, aggregated by yearly quarters. The researchers define the attack rate as the average dollars at risk out of every $100 of sales.

“Now that the fraudsters have been pushed online, it’s much tougher to steal high-priced goods like jewelry or Rolex watches,” says Michael Reitblat, CEO at Forter, a fraud detection firm. “In the past they would have gone for luxury items, but now it’s easier to attack smaller, cheaper items like apparel.”

Reitblat adds that the same principle holds true with the increased cybercrime in the food delivery sector, especially now that the fraudsters have access to service-based tools that make it easier for them to use one stolen credit card to set up fraudulent websites that can steal hundreds of orders.

“What they do is use a stolen credit card to set up a fake account on a website or Facebook account,” Reitblat explains. “Then they will use that stolen credit card for other, high-volume fraudulent transactions. So they’ll set themselves as a third party to GrubHub, for example, take your money and still won’t pay GrubHub.”

While it’s true that fraudulent activity has moved online, the shift is still in its early stages, notes Randy Vanderhoof, director of the U.S. Payments Forum.

“I think it will be really interesting to see what the numbers are in another two years once transition to EMV chips has been fully implemented,” Vanderhoof says. “I think that the retailers that do business both in physical stores and online need to be careful. They need an integrated fraud security strategy and can’t let their guard down in their physical stores.”

Forter’s Reitblat says retailers must continue to invest in security technology such as behavioral analytics to track fraud before it happens. He also thinks retailers will deploy two-factor authentication and use biometrics as the technology becomes more mature. 

“We’re also working with a lot of retailers to share fraud data with us so if we see a new attack method, we can warn the retailers,” Reitblat says. 

Related Content:

• Point-of-Sale Malware Declined 93% Since 2014
• Researchers Show How To Steal Payment Card Data From PIN Pads
• Hotel POS and Magstripe Cards Vulnerable to Attacks, Brute-Forcing
• 1 In 3 Consumers Worldwide Hit By Payment Card Fraud

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: http://www.darkreading.com/attacks-breaches/apparel-food-delivery-hardest-hit-by-online-fraud-attacks/d/d-id/1328278?_mc=RSS_DR_EDT