Tags


Latest Posts


Latest Comments


Authors

Security threat review: May 2015

stuart-brown.jpg

Posted by |

As the security landscape continues to worsen, it’s more important than ever to keep up to date with recent threats in order to protect yourself and your organisation. As part of our security managed service we run threat assessments for clients that identify who is trying to breach their network and how. With all this information at our fingertips we thought that it would be useful to share it with you. So from now on, every month on our blog we’ll post a quick overview of the top security threats from the previous month. We hope that by warning you of recent, common attacks we can put you in a safer position.

Without further ado, here are the most common malware, vulnerabilities and exploits that we detected in May 2015:

Malware

CTB-Locker: As a form of ransomware, CTB-Locker will scan your computer and encrypt data based on file types, such as .pdf, .xls and .ppt. If targeted you would be sent an alert highlighting the encrypted files and offered a valid decryption key. The key, which is usually only valid for 96 hours, will be provided once you’ve paid the ransom using Bitcoins.

W32/Kryptik.CWXI!tr: We saw a relatively new type of ‘decoy’ trojan malware last month that imitates what you would expect when running an ordinary file. Simply put, when you open the file, a .scr Windows executable file (normally associated with screensavers) is loaded. While at first it seems innoxious, CTB-Locker trojan is later downloaded and executed with your system.

Mitigation: Ensure that you adequately patch your anti-virus software and update Intrusion Prevention System (IPS) signature. Get the updates as soon as your provider releases them.

Vulnerabilities

Microsoft: Last month, PC users were particularly under threat by vulnerabilities for Microsoft programmes.

Adobe: This has become the platform of choice for cybercriminals due to the high number of devices running through the software.

We noted that a total of 65 new critical vulnerabilities with a Common Vulnerability Scoring System (CVSS) score of 7-10 (considered to be the biggest risk) were logged in May.

Mitigation: Those using older or unpatched versions of Windows and Adobe are particularly at risk. Consequently, you should ensure that your Windows operating system and browsers are set to receive automatic updates, as should your Adobe applications.

Exploits

We detected many untargeted attacks that could exploit unpatched systems. The main threats are as follows:

LogJam: Here attackers are exploiting a flaw in encryption algorithms by accessing and modifying data being encrypted. They can then spy on supposedly secure communications. We detected a high number of attacks that looked to exploit unpatched systems for weaknesses in SSL and TLS.

Bash bug: Although the Linux and Unix bash bug was identified in September 2014 and patching is in place to mitigate it, we detected a number of untargeted attacks that exploit unpatched systems.

Weaknesses in CKEditor: Enabled by web application developer platform ColdFusion.

Mitigation: Attackers are exploiting unpatched systems, so ensure that all applications undergo regular updates.

Comments

 

Post a comment

Comment submitted! Comments needs approval before being displayed.