Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 1st, 2012 in Cybercrime by Simply Security | Be the first to comment | Tags: cybercrime

Due to its rising popularity, hackers are beginning to target the Mac platform more frequently.

Many of the myths surrounding the nature of cybersecurity are starting to get exposed. One of those prevalent falsehoods among consumers is that the Mac operating system is not affected by malware as much as Windows. IBM's recent 2012 Mid-Year Trend and Risk Report highlighted several cybersecurity trends that shatter this illusion.

Network World editor Michael Cooney reported on several of the survey's findings. In addition to a rise in web attacks such as SQL injection, the research uncovered a trend of hackers designing malicious software that works on multiple platforms.

"As the user base of the Mac operating system continues to grow worldwide, it is increasingly becoming a target of advanced persistent threats (APTs) and exploits, rivaling those usually seen targeting the Windows platform," Cooney wrote. "Some initial variants used Java exploit CVE-2011-3544 to spread. This exploit is the Java Applet Rhino Script Engine Vulnerability-the same one used by Flashback. This targeted malware's purpose is to steal user data."

Encryption: Good for the bad guys, too
While encryption is a standard data security utility, cybercriminals have started to adopt it as a way to make their attacks more difficult to detect. In addition to HTTPS connections, hackers use native encryption features in conjunction with tactics to conceal the true nature of malware, according to Cooney. Researchers predicted that obfuscation will become an increasingly common tactic as technology evolves.

Encryption has also been used by hackers to hold sensitive data hostage. One such incident was recently highlighted by SC magazine columnist Darren Pauli. The attackers used a variant of the ACCDFISA malware to target Australian company TDC Refrigeration and Electrical. ACCDFISA hijacks users' computers in order to demand payment to the Cyber Crime Department of Federal Internet Security Agency – an agency that doesn't exist.

Although security researchers first discovered the strain in February, several variants have been created since, and each version has become more sophisticated. The latest iteration locks users out of their computers, encrypts files and deletes backups. The origin of the TDC attack has not been confirmed, but experts speculated that it may be tied to an organized cybercrime syndicate.

"The hacking hotbed of Romania was linked to similar ransomware scams in many victim accounts," Pauli wrote. "The method of attack also linked the attacks to the Eastern European nation: The hackers had accessed the financial data by a series of brute force password guesses likely using the DUBrute tool against vulnerable active Remote Desktop Protocol (RDP) connections, a method which the Australian Federal Police have linked to an organized criminal gang operating in the region."

Data Security News from SimplySecurity.com by Trend Micro