Large scale attacks highlight 2014
Posted by: Timothy Weaver on 03/05/2015 11:14 PM
[
Comments
]
According to a breakdown of events by Trend Micro, the Heartbleed and Shellshock bugs, online and mobile banking threats, the Sony data breach and a surge in ransomware and other malware pretty well sums up 2014.
“A wider variety of PoS RAM scraper families was also seen in 2014 compared with 2013,” Trend Micro said in the report. “PoS malware creation could be considered more robust, as evidenced by the addition of more technologically advanced capabilities in newer variants, even if these took pages off their older counterparts.”
Hackers moved away from Windows exploits and move toward open source threats. “Heartbleed and Shellshock proved that even open-source applications, which were believed more secure than their commercial counterparts, were vulnerable to threats,” noted Trend Micro. For instance, both aforementioned bugs particularly affected systems running Linux, which is concerning, given that 67.7% of websites use Linux.
Pawan Kinger, director of Trend Micro Deep Security Labs, in a statement: “Open-source software is said to be inherently more secure, as it goes through more reviewers (and thus, more opportunities for any vulnerabilities to be spotted). However, that is not necessarily the case, as OpenSSL and Bash showed."
“The malware used in the breach (on the Sony network), WIPALL, is not highly sophisticated, and the attack could have been detected by a healthy knowledge of the network and its probable anomalies,” the report noted. “This reminds IT professionals of the crucial role that a layered, customized defense plays inside very large networks.”
“A wider variety of PoS RAM scraper families was also seen in 2014 compared with 2013,” Trend Micro said in the report. “PoS malware creation could be considered more robust, as evidenced by the addition of more technologically advanced capabilities in newer variants, even if these took pages off their older counterparts.”
Hackers moved away from Windows exploits and move toward open source threats. “Heartbleed and Shellshock proved that even open-source applications, which were believed more secure than their commercial counterparts, were vulnerable to threats,” noted Trend Micro. For instance, both aforementioned bugs particularly affected systems running Linux, which is concerning, given that 67.7% of websites use Linux.
Pawan Kinger, director of Trend Micro Deep Security Labs, in a statement: “Open-source software is said to be inherently more secure, as it goes through more reviewers (and thus, more opportunities for any vulnerabilities to be spotted). However, that is not necessarily the case, as OpenSSL and Bash showed."
“The malware used in the breach (on the Sony network), WIPALL, is not highly sophisticated, and the attack could have been detected by a healthy knowledge of the network and its probable anomalies,” the report noted. “This reminds IT professionals of the crucial role that a layered, customized defense plays inside very large networks.”
Comments
