Dangerous virus infections continue to spread and as they evolve, the distribution methods change as well. In the last few months we observed several high severity virus attacks that were done against various institutions and businesses using direct software vulnerability intrusion attempts. Continue reading about the changing ways of some of the most devastating viruses.
Direct Malware Attacks Surge In Popularity
Ransomware strains are one of the most popular types of virus attacks that are used by computer hackers against their predefined targets. In comparison with previous time periods we have seen a massive surge of intrusion attempts that use direct hacking techniques.
So far the most popular infection strategies include the following:
- Email Spam Campaigns – The criminals use phishing schemes that employ different methods. Simpler message campaigns may only include hyperlinks or directly attach the virus binary file. More complex scenarios use payloads that are delivered when the user interacts with a certain script. Some of the more devastating virus infections are done using malicious macros in Microsoft Office documents that pose as legitimate invoices, contracts and other files of user interest. When the user interacts with the macro the malicious payload is delivered to the host computer.
- Dangerous Redirects – All forms of dangerous redirects including malicious ads, hacked sites, and browser hijackers can deliver dangerous payloads. They can both deliver directly (as a download) all forms of malware or link them in various pages and scripts.
- Software Installers – In many cases viruses come bundled with software installers that are found on various pirate sites and BitTorrent trackers.
In comparison with them direct hacking techniques rely much more on weak security measures and service misconfigurations. To a large extent they can be automated using penetration testing frameworks, which means that hackers can cause a significant amount of damage to the target computer systems and even whole networks. Some of the noteworthy cases that have occurred recently include the following:
- The Large-Scale Magento Attack – Computer experts discovered that thousands of Internet stores powered by the Magento e-commerce solution were hacked using an SQL injection attempt. This is one of the most popular ways to gain control of a victim database. The criminals have employed brute force attacks on a component of the system, which in turn has exposed access to its administrator panel. For more information about the hack click here.
- The recent CrySiS Ransomware Campaign – A series of dangerous brute force RDP (Remote Desktop Protocol) attacks were done in an automated fashion against computer users worldwide. The goal was to infect them with the dangerous CrySiS ransomware. This virus is able to efficiently encrypt the majority of the user’s data and then extort the victims for a ransomware fee. To learn more about the incident click here.
- The Quimitchin Malware Attack Against Mac OS X and Gnu/Linux Users – The dangerous virus has recently been discovered (click here to read more about it). The intrusions were detected after the hackers managed to infiltrate specific facilities operating in a biomedical facility.
- Spora Ransomware Direct Infections – The Spora ransomware is one of the most popular ransomware families that has appeared in the last few months. As such hackers have used different methods, including software exploits and brute force attacks. Read more about Spora here.
The Classic Direct Malware Attack Scenario
The majority of hacker attacks can easily be prevented if the system administrators employ and enforce a strict security policy. The penetration testers in many cases discover that many of undergone direct exploit-based attacks happen in a semi-automated fashion. The classic scheme is the following:
- The computer hackers create a list of their predefined targets.
- Network analysis is performed to check for any running services (including information about their version and configuration) and open ports.
- The hackers select the carried payload – Trojan, ransomware, botnet client, etc.
- Software exploits are chosen to reflect the target environment.
- With the use of a dedicated framework and botnets or dedicated servers the attack is initiated against the remote clients.
A well-defined and implemented security policy can mitigate such attempts. Computer and information security standards can be employed to protect any production networks and individual workstations.
The basic security measures include the following precautions:
- Sensitive services should be well protected inside the corporate networks. Servers and applications that provide private data can enforce additional authentication mechanisms to better protect them against potential abuse.
- Insecure devices and applications should not be used inside the corporate networks when dealing with private data. The network administrators can enforce a trusted devices policy that can block all devices that are not placed in a predefined white list.
- A well configured firewall and Intrusion Detection System (IDS) can sense and block the majority of brute force and dictionary attacks.
- Software exploit testing can be countered by always updating to the latest releases of all installed operating systems and applications.
This is not a complete list of everything that a security policy contains. However, it can be used as a good start into creating effective measures that safeguard against most hacker attempts. At the same time it is highly recommended that all end users also use a quality anti-spyware solution, which is able to both remove any active infections and protect the computers constantly against incoming malware.
Author Bio: Martin Beltov graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast, he enjoys writing about the latest threats and mechanisms of intrusion. He mainly contributes to the Best Security Search website.
Martin Beltov is a guest blogger, all opinions are his own.