• Indexed in

  • Latest News

    June 25, 2020
    Associate Professor dr. Pradeep Kumar SINGH from Jaypee University of Information Technology, India, become Deputy Editor-in-Chief of IJISC
    December 27, 2019
    Volume 8, Issue 2 of the International Journal of Information Security and Cybercrime was published
    June 28, 2019
    Volume 8, Issue 1 of the International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • Editorial: Considerations Regarding Cyber Threat Evolution

    Author(s): PETRICĂ, Gabriel
    Issue: Volume 3, Issue 1, Year 2014

    Download PDF | Views: 2,101

    In early 2014, the security analysis made by companies like Kaspersky or Bitdefender have identified the main directions chosen by cybercriminals. In addition to “classic” online attacks from infected websites, the main targets are users’ privacy, financial frauds (stealing money, including Bitcoin currency, using applications or spam for mobile devices) and cyber-espionage attacks, with very dangerous consequences at governmental level.

    Attacks from websites (online threats)

    A malware website can be created when a malicious user (website administrator) deliberately publish webpages that points to malware applications (browser add-ins, DLLs or executable files), but infected sites can be those with dynamic, user-generated content (e.g. forums) as well as legitimate resources that have been hacked.

    According to securelist.com, among the countries where users face the greatest risk of online infection in 2014 are Vietnam (51.4%), Mongolia (44.7%), Russia and the former Commonwealth of Independent States countries. The countries with the safest online environments are Singapore (10.5%), Japan (13.2%), Sweden (14.5%), South Africa (15.6%), Taiwan (16.1%), Denmark (16.4%), and Finland (16.8%).

    The privacy of users

    The privacy of users, leading to greater popularity of VPNs (Virtual Private Network) or Tor service (The Onion Router) – a free software for enabling online anonymity and resisting censorship. The number of users who have turned to Darknet trying to protect their personal information has increased in last years. A Darknet is a private network where connections are made only between trusted peers using non-standard protocols and ports, being distinct from other distributed peer-to-peer networks because sharing is anonymous (IP addresses are not publicly shared).

    However, in addition to trusted users, Tor continues to attract “evil forces” – anonymous networks that can hide malicious activities like illegal commerce or money laundering. For example, Kaspersky Lab experts detected on February 2014 the first Trojan for Android, which uses a domain from .onion as a command and control center.

    Users’ money

    The experts expect cyber-criminals continue to develop methods to steal money. A new way hackers try to steal money is using applications on mobile devices like smartphones or tablets. In March 2014, Kaspersky Lab detected Trojan-SMS.AndroidOS. Waller.a; this malware is able to steal money from QIWI electronic wallets associated with infected smartphones. The Trojan target only users in Russia, but is able to expand everywhere electronic wallets are administered via SMS.

    Cyber-criminals used also Trojans for mobile platforms that steals money by spamming. In a malicious spam usually exist an offer to download an app using a link that points to malware, or a link to a website that redirects users to an infected page. Similar to malicious spam in standard e-mail, cyber-criminals use social engineering to spread to thousand users, on a wider ranger. For example, the Trojan for mobile platforms Faketoken affected users in 55 countries (Germany, Sweden, France, Italy, UK and USA). In the first quarter 2014, the number of Trojans for mobile banking systems has almost doubled – from 1,321 to 2,503.

    In the last 2-3 years, Bitcoin has become very popular and the use of this crypto‑currency has increased, so it has become a more attractive target for cybercriminals. In 2013, according to the ‘Financial cyber threats in 2013’ study by Kaspersky Lab, the number of attacks targeting Bitcoin currency increased more than 2.5 times and accounted for 8.3 million incidents. The experts expected an increase of attacks targeting Bitcoin users’ wallets and exchange platforms. In the first three months of this year, there were several incidents that have confirmed this prediction. Among the most notable are the attack on MtGox , one of the biggest exchanges for Bitcoin, and the hacking of the personal blog and Reddit account of MtGox CEO Mark Karpeles, used then to post the MtGox2014Leak.zip which actually turned out to be malware capable of searching for and stealing Bitcoin wallet files from victims. In an attempt to supplement their illicit gains, cyber criminals infect computers and use their resources to generate more digital currency. Trojan.Win32.Agent.aduro, the twelfth most commonly detected malware tool on the Internet in Q1, is an example of a Trojan used in this type of action.

    Cyber-espionage operations

    In the first quarter 2014 there was a major incident of cyber espionage – Kaspersky Lab published in February a report about one of the most advanced threats called The Mask. The main target was confidential information belonging to government agencies, embassies, energy companies, research institutes, private investment companies, and activists’ organizations from 31 countries. The Mask includes a sophisticated backdoor Trojan capable of intercepting all communication channels and of harvesting all kinds of data from the infected computer (like encryption or SSH keys, VPN configurations, RDP files or other files types related to sensitive information). According to researchers, the complexity of tools used by the attackers suggest that this could be a campaign sponsored by a state.

    A cyber-espionage campaign called Turla, infecting hundreds of government computers across Europe and the United States, occurred in early March, 2014. Researchers from BAE Systems Applied Intelligence consider Turla a successor of Red October campaign discovered in October 2012, a massive global cyber-espionage operation targeting diplomatic, military and nuclear research networks.

    RAISA (www.raisa.org) will continue to inform users about the latest cyber-attacks and computer vulnerabilities through Cybersecurity Web Portal (www.securitatea-informatiilor.ro) and Cybercrime Web Portal (www.criminalitatea-informatica.ro).

    Sources: kaspersky.com, securelist.com

    Additional Information

    Title: Editorial: Considerations Regarding Cyber Threat Evolution
    Author(s): PETRICĂ, Gabriel
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225, e-ISSN: 2286-0096
    Issue: Volume 3, Issue 1, Year 2014
    Page Range: 7-8

    Copyright ©2012-2020
    The International Journal of Information Security and Cybercrime (IJISC)

    All rights reserved
    The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.