Tag Archives: DDoS @en

Avast at Virus Bulletin Conference 2015

Our team had a wonderful time meeting and networking with the crème de la crème of security industry professionals at this year’s Virus Bulletin Conference in Prague, of which we were a proud platinum sponsor. Throughout the conference, a handful of Avast employees presented talks a variety of today’s most prominent security-centered topics. For those who weren’t able to make it to the conference, we’d like to provide a brief recap of the content that was covered.

Taking a close look at denial of service attacks

Avast senior malware analysts Petr Kalnai and Jaromir Horejsi discuss distributed denial-of-service (DDoS) attacks.

Avast senior malware analysts Petr Kalnai and Jaromir Horejsi discuss distributed denial-of-service (DDoS) attacks.

In their presentation, “DDoS trojan: a malicious concept that conquered the ELF format“, senior malware analysts Petr Kalnai and Jaromir Horejsi discussed the serious issues relating to distributed denial-of-service (DDoS) attacks.

Abstract: DDoS threats have been out there since the Internet took over half of global communication, posing the real problem of denial of access to online service providers. Recently, a new trend emerged in non-Windows DDoS attacks that was induced by code availability, lack of security, and an abundance of resources. The attack infrastructure has undergone significant structural, functional and complexity changes. Malicious aspects have evolved into complex and relatively sophisticated pieces of code, employing compression, advanced encryption and even rootkit capabilities. Targeted machines run systems supporting the ELF format – anything from desktops and servers to IoT devices like routers or digital video recorders (DVRs) could be at risk.

In this session, Petr and Jaromir examined the current state of DDoS trojans forming covert botnets on unsuspecting systems. They provided a technical analysis of the most important malware families with a specific focus on infection methods, dynamic behavior, C&C communication, obfuscation techniques, advanced methods of persistence and stealth, and elimination of rivals. After studying cybercriminals’ behavior, our two speakers introduced their operation tools, including vulnerability scanners, brute-forcers, bot builders and C&C panels. They explained that in many cases, it’s unnecessary to apply reverse engineering within the analysis — the original source codes are indexed in public search engines and their customization is a subject of monetization. The pair concluded their presentation by introducing tracking methods and techniques and revealed the targets of these attacks.

Taking mobile security to the next level

Avast security researcher Filip Chytry talks about privacy in the mobile sphere.

Avast security researcher Filip Chytry talks about privacy in the mobile sphere.

Next up was security researcher Filip Chytry’s talk, “Privacy: a growing commodity in the modern age and our Remotium virtual solution to protect it“. Filip’s presentation focused on a few mobile apps that have experienced privacy leaks and provided insight on what could be used as potential solutions to these types of security breaches.

Abstract: Today, we are surrounded by millions of sensors that measure and monitor our lives, cities, travels, homes and communities. There are currently more online endpoint devices and sensors in existence across the globe than there are human beings. Smartphones have become unbelievably integrated into our daily lives, and these tiny gadgets are just the tip of the iceberg that is the modern spying age. Take cameras, for example — when you get the chance, try taking a stroll around a city and see how many cameras you can spot. These could be cameras belonging to other people or surveillance cameras capturing public images. Whether they were taken accidentally or intentionally, it’s difficult to argue with the fact that each of us is featured in public images and visual data that we remain largely unaware of.

Filip pointed out that when examining this issue through a mobile lens, it’s interesting to take a look at apps which benefit us in some way. Although these apps can lend us a helping hand or aid us in socializing with our peers, they often sharing certain data with developers that the average person is likely unaware of and would be uncomfortable with sharing. Filip went on to explain that in the worst case scenario, these apps’ developers can implement poor security standards which could permit leakages of data shared by the user. Concluding the presentation, Filip explained that Avast Remotium is a virtual space that allows users to mask their data, delivering unidentified data in its place in order to protect against data leaks and privacy breaches.

Home Network Security in the spotlight

Pavel Sramek and Martin Smarda discuss home network security issues.

Pavel Sramek and Martin Smarda discuss home network security issues.

Another two stellar Avast malware analysts, Pavel Sramek and Martin Smarda, presented “Solving the (in)security of home networked devices“. This talk outlined real-life issues of home network devices and examined potential risks related to the devices, a topic which is extremely relevant at this time.

Abstract: In the past few years, there has not been a VB conference without a talk about someone hacking the devices they have at home. Be they routers, NAS-es or ‘smart’ TVs, there is always one thing in common — the vendors ignore the problems and refuse to patch their products. We are developing an automated vulnerability scanner intended to test devices without our code running on them. The intention is to educate users about the misconfigurations and vulnerabilities that are detectable from another device in the network. Integrating such a scanner into consumer AV brings home network security to a new level and increases user awareness of those issues. We will present the technology and the challenges we faced on the way towards accomplishing this goal via maximizing the impact of even the simplest vulnerability scans.

Pavel and Martin acknowledged that while a couple researchers reporting an issue is simply not enough pressure to affect manufacturers’ decisions, the possibilities could be huge if millions of users reported this problem to their vendors or made the decision to replace their devices with more secure ones.

Fun at the Avast booth

A bottle of our own Avastweiser beer!

A bottle of our own Avastweiser beer!

In addition to the presentations given by our talented speakers, Avast had a handful of fun activities to offer to Virus Bulletin attendees. At the Avast booth, our team served three types of Czech beer in addition to our own Avastweiser brew, which we handed out to visitors free of charge.

Attendees had the opportunity to join Avast in a tournament of old-school Arcade Games, which we rented from Prague’s Arcade Museum. Among the prizes were a smartphone-controlled paper airplane and a Cheerson CX-20 drone!

We’d like to thank everyone who attended Virus Bulletin 2015 for their interest and support in the security and antivirus industry. We look forward to what next year’s conference has in store!

 

 

 

 


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Businessman hackers brought down in USA and Europe

Cybercrooks run their organizations like businesses these days. They have multinational offices, marketing departments, business development, and technical support teams. Maybe they also need some security…

Major cybercrooks get arrested

Major cybercrooks taken down

 Malware entrepreneur sentenced to 57 months in prison

One such malware entrepreneur, Alex Yucel, sold malware through a website that he operated, to other hackers. The Blackshades malware allowed hackers to remotely control their victims’ computers. They could do such things as log the victim’s keystrokes, spy through webcams, and steal usernames and passwords for email and other services. They could also turn their computers into bots which were used to perform Distributed Denial of Service (DDoS) attacks on other computers, without the knowledge of the victim.

Manhattan U.S. Attorney Preet Bharara said: “Alex Yucel created, marketed, and sold software that was designed to accomplish just one thing – gain control of a computer, and with it, a victim’s identity and other important information. This malware victimized thousands of people across the globe and invaded their lives. But Yucel’s computer hacking days are now over.” See the Department of Justice press release here.

Yucel sold the software for as little as $40 on PayPal and various black market forums. The profits from sales of the malware is estimated to be at $350,000. Yusel plead guilty to computer hacking and was sentenced to almost five years in a New York prison. Last year more than 100 customers of Blackshades were arrested in massive raids in Europe and Australia.

Cybercrooks business dismantled in Ukraine

In Europe, a joint investigation team brought down a major cybercriminal group in Ukraine. These high-level cybercrooks are suspected of developing, exploiting, and distributing well-known banking Trojans Zeus and SpyEye. The malware they developed attacked online banking systems in Europe and elsewhere. The damages are estimated to be over 2 million euros.

Their business was organized into specialty groups. Some ran a network of tens of thousands of computers, others harvested victims banking credentials such as passwords and account numbers, and others laundered their ill-gotten gains through money mule networks. This group of cybercrooks also had a marketing team that advertised on underground forums, sold their hacking services to other cybercrooks, and had a business development department seeking cooperation partners.

It took investigators and judicial authorities from six different European countries, supported by Eurojust and Europol, to stop this major cybercrime organization.

“In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group,” said Rob Wainwright, Director of Europol.

Are the hacks on Mr. Robot real?

Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.

The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.

I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.

In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.

Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?

Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.

Stefanie: Wow! That’s a bit frightening… How can I protect myself then?

Pedram: You can stay safe while using any public Wi-Fi network by using a Virtual Private Network (VPN). A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects your personal data, thus preventing hackers from accessing your files and other sensitive information stored on your device.

We actually found that more than half of Americans connect to free and open Wi-Fi networks and that of the 55% who do, 76% prefer networks that don’t require registration or a password to connect, yet only 6% use a VPN or proxy while connected to open Wi-Fi.

Fast forward to minute 10:55. We see Elliot with his therapist Krista, whom he hacked (hacking people is clearly his hobby ;) ).

Stefanie: Elliot says that hacking Krista was simple, because her password was her favorite artist and her birth year backwards. We know that you should always use a complex password, more than eight characters and that your password should include letters, numbers, and symbols, but do most people really have complex passwords? Could having simple passwords really put you at risk?

Pedram: Most people, unfortunately, do not have complex passwords. For example, we found that one-third of American’s router passwords contain their address, name, phone number, a significant date, and their child’s or pet’s name. Not only that, but last year we found that most hackers’ passwords were only 6 characters long and that the most frequently used word in their passwords was the word “hack”.

Having a simple password that is either a dictionary word or that is comprised of personal information can put you at risk

If you think about it, bits and pieces of our private lives are scattered on the Internet. Someone can easily do a quick Google search, check out some of your social media sites and with a little time and patience, they can figure out your simple password. Even worse, if you use the same password for multiple sites, you really make it easy for hackers to hack all of your accounts.

Moving forward to minute 25, Angela, Elliot’s friend and colleague, calls him for help because their client, E Corp, a multinational conglomerate, has been hit with a DDoS attack.

Stefanie: What is a DDoS attack? Can this affect the average computer user?

Pedram: DDoS stands for distributed denial of service attack and is used to make a service unavailable. In the end we discover that the attack on E Corp was actually based on rootkits that had subverted a variety of servers, but I’ll continue to describe a DDoS attack.

DDoS attacks are sent by two or more people, but more often by an army of bots AKA a botnet. These bots send so many requests to a server that the server becomes overloaded and cannot provide its service anymore. DDoS attacks target large businesses, so the average computer user does not become affected, unless the service they want to use is not available because it has been hit by a DDoS attack.

However, the average user can help facilitate a DDoS attack unknowingly. We researched home routers and found that millions are vulnerable. Routers are connected to the Internet 24/7 and can be easily exploited and used as a bot, which, as I explained, can be used in a DDoS attack. A famous example is the hack of the Sony Playstation Network and Xbox Live last Christmas – the hacker group claimed they used a router botnet for the attack.

To prevent this from happening, people should make sure their router firmware is always up-to-date and perform a router scan to check if their router is vulnerable or not.

In minute 55, Elliot tries to hack Krista’s new boyfriend, Michael. He calls Michael pretending to be a from his bank’s fraud department, confirming his address and asking him security questions to verify his account: what his favorite baseball team is, his pet’s name. Using the information he gathered combined with a dictionary brute force attack he attempts to get Michael’s password.

Stefanie: What is a brute force attack? Can this happen to the average user?

Pedram: A brute force attack is password guessing which systematically checks all possible passwords until the correct one is found. Think of it like a machine going through a huge dictionary of passwords that types each one into an account to unlock it.

Brute force was likely one of the techniques used in hacking the iCloud accounts which eventually lead to the nude celebrity pics from stars like Jennifer Lawrence and Kirsten Dunst being distributed over the Internet. This type of attack is not exclusively used against celebrities. Hackers can use brute force attacks to hack any user accounts, given they have account email addresses. Typically, they would target accounts that hold credit card or other financial information they can abuse for financial gain. This is why, again, it is vital you use strong passwords for all of your accounts.

Stefanie: Thank you for the chat Pedram. I look forward to discussing Mr. Robot’s next episode, Ones and zer0es with you next week!

You can watch MR. ROBOT on USA Network Wednesday nights 10/9 central.

Follow Avast on FacebookTwitter and Google+ where we will keep you updated on the new Avast video podcast hosted by Pedram Amini.

Lizard Squad hackers use unsecured home routers in DDoS attacks

This Lizard is out to get your home router.

This Lizard is out to get your home router.

Your home router could be part of a network used to knock sites like Sony PlayStation network offline.

During Christmas we reported that a hacker group calling themselves the Lizard Squad, took responsibility for ruining the day for Sony PlayStation and Microsoft Xbox users by taking the gaming networks offline. This and previous attacks, which included a bomb threat directed at an American Airlines flight with Sony Entertainment president John Smedley on board, have been revealed to be a marketing campaign to advertise a new product available for rent to anyone who wants to cause a Denial-of-Service (DDoS) attack to the target of their choice.

I’m not a hacker. Why should I care?

You may not be a hacker, but the power for this service could be coming from your home office! Security blogger, Brian Krebs, whose own site was attacked, found out that the network of infected devices that powers the Product-That-Must-Not-Be-Named (that’s because Lizard Squad gleefully thanked Brian for the publicity on their Twitter account) is made up mostly of compromised home routers. On that same Twitter account, Lizard Squad said that they are using 250-500k infected routers.

These are the devices in everyone’s home that we warned you about in our blog, Your home network is at risk of cybersecurity attacks. Most people neglect the security of these devices by using the default user name and password that comes from the manufacturer out-of-the-box.

Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers,” said Avast Software’s CEO, Vincent Steckler.

Lizard Squad has just proven that point.

Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment, “ Steckler said. “The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”

How to protect your home router

Start by scanning you home network with Avast’s Home Network Security Solution.

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.

The Home Network Security Solution is available in free and paid versions of Avast 2015. Get it at www.avast.com.

For more steps you can take to protect your home router, please see our blog post, 12 ways to boost your router’s security.