10 Histórias de Segurança de 2012
10 security stories that shaped 2012
Summary: From a major malware attack on the Mac OS X to state-sponsored cyber-espionage attacks, IT security in 2012 will be remembered as the year that piqued the imagination.
1. Flashback hits Mac OS X
Although the Mac OS X Trojan Flashback/Flashfake appeared in late 2011, it wasn't until April 2012 that it became really popular. At its peak, Flashback infected more than 700,000 Macs, easily the biggest known MacOS X infection to date. How was this possible? Two main factors: a Java vulnerability CVE-2012-0507 and the general sense of apathy among the Mac faithful when it comes to security issues.
2. Flame and Gauss: nation-state cyber-espionage campaigns
In mid-April 2012, a series of cyber-attacks destroyed computer systems at several oil platforms in the Middle East. The malware responsible for the attacks, named “Wiper”, was never found – although several pointers indicated a resemblance to Duqu and Stuxnet. During the investigation, we stumbled upon a huge cyber-espionage campaign now known as Flame.
Of course, when Flame was discovered, people wondered how many other campaigns like this were being mounted. And it wasn’t long before others surfaced. The discovery of Gauss, another highly sophisticated Trojan that was widely deployed in the Middle East, added a new dimension to nation-state cyber campaigns.
3. The explosion of Android threats
During 2011, we witnessed an explosion in the number of malicious threats targeting the Android platform. We predicted that the number of threats for Android will continue to grow at an alarming rate. The number of samples continued to grow and peaked in June 2012, when we identified almost 7,000 malicious Android programs. Overall, in 2012, we identified more than 35,000 malicious Android programs, which is about six times more than in 2011. That’s also about five times more than all the malicious Android samples we received since 2005 altogether!
4. The LinkedIn, Last.fm, Dropbox and Gamigo password leaks
These attacks show that in the age of the ‘cloud’, when information about millions of accounts is available in one server, over speedy internet links, the concept of data leaks takes on new dimensions. We explored this last year during the Sony Playstation Network hack; there is perhaps no surprise such huge leaks and hacks continued in 2012.
5. The Adobe certificates theft and the omnipresent APT
On 27 September 2012, Adobe announced the discovery of two malicious programs that were signed using a valid Adobe code signing certificate. Adobe’s certificates were securely stored in an HSM, a special cryptographic device which makes attacks much more complicated. Nevertheless, the attackers were able to compromise a server that was able to perform code signing requests.
6. The DNSChanger shutdown
When the culprits behind the DNSChanger malware were arrested in November 2011 during the “Ghost Click” operation, the identity-theft infrastructure was taken over by the FBI. It was a large scale action that showed that success against cybercrime can be achieved through open cooperation and information sharing.
7. The Ma(h)di incident
During late 2011 and the first half of 2012, an ongoing campaign to infiltrate computer systems throughout the Middle East targeted individuals across Iran, Israel, Afghanistan and others scattered across the globe. In partnership with Seculert, Kaspersky Lab investigated this operation and named it “Madi”, based on certain strings and handles used by the attackers.
Although Madi was relatively unsophisticated, it did succeed in compromising many different victims around the globe through social engineering and Right-To-Left-Override tactics. The Madi campaign demonstrated yet another dimension to cyber-espionage operations in the Middle East and one very important thing: low investment operations, as opposed to nation-state sponsored malware with an unlimited budget, can be quite successful.
8. The Java 0-days
In the aftermath of the previously mentioned Mac OS X Flashback attack, Apple took a bold step and disabled Java across millions of Mac OS X users. It might be worth pointing out that although a patch was available for the vulnerability exploited by Flashback since February, Apple users were exposed for a few months because of Apple’s tardiness in pushing the patch to Mac OS X users. The situation was different on Mac OS X, because while for Windows, the patches came from Oracle, on Mac OS X, the patches were delivered by Apple.
In the middle of August, details appeared about a piece of highly destructive malware that was used in an attack against Saudi Aramco, one of the world’s largest oil conglomerates. According to reports, more than 30,000 computers were completely destroyed by the malware.
Detailed analysis of the Shamoon malware found that it contained a built-in switch which would activate the destructive process on 15 August, 8:08 UTC. Later, reports emerged of another attack of the same malware against another oil company in the Middle East.
Shamoon is important because it brought up the idea used in the Wiper malware, which is a destructive payload with the purpose of massively compromising a company’s operations. As in the case of Wiper, many details are unknown, such as how the malware infected the systems in the first place or who was behind it.
10. The DSL modems, Huawei banning and hardware hacks
In October 2012, researcher Fabio Assolini published the details of an attack which had been taking place in Brazil since 2011 using a single firmware vulnerability, two malicious scripts and 40 malicious DNS servers. This operation affected six hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems.
artigo completo no site da ZDnet