The modern warfare keywords are always - Web attacks, messaging attacks, botnets, rootkits, logic bombs, data theft, etc…. McAfee estimates 1 trillion USD in cybercrime activities in one year! This is the world we live today! the battles are for information such as identity theft theft and data inaccessibility as e.g. denial-of-service attacks. The most popular battlefields are social networking platforms such as Twitter, MySpace, Facebook, LinkedIn, etc.. Leave us a have a quick look at some events:
Mikeyy worm - April 09.A computer worm named the Mikeyy thousands of Tweets (messages) on Twitter.com gesendet.Die tweets promoted Michael Mooney's website (author), which maintains a website with information relating to twitters vulnerabilities!
Koobface worm - Sept 09.Koobface is a computer worm, which is aimed at users of social networking sites Facebook, MySpace, hi5, Bebo, Friendster and Twitter. The primary purpose of Koobface is users to collect personal information such as credit card numbers.
Botnet compatible - Aug 09.It was reported that stealing an information Twitter site as the most important botnet operation wurde.Ein Twitter account was used, instructions to infected computers to grant that are part of a botnet. Tweets come from the malicious account statements bots were sent to actually. Other Twitter weaknesses have been reported recently (Aug 2010) Cyber criminals were used the cross site scripting vulnerability.
If the information battlefield social networks as are, then who are the target machines. If the current Web 2.0 platform allows the distribution of botnets, then it will more captured civilians (botnets controlling our machines). Way back in 2008, the Conficker worm captures more than 7 million computers under their control! Conficker specifically uses the Microsoft Windows operating systems and deficiencies in the operating system, these machines remotely.
Another bypasses remote administration tool (backdoor) that secretly control normal safeguards a program, computer or network is known as poison ivy. Poison ivy is virtually complete control over the infected computer attackers. Backdoors is how you can rename, delete, or run files than user-based attacks for illegitimate purposes. Can also upload files and the and downloaded from the system.
Other botnets and rootkits
Srizbi botnet was torn down in one of the largest contributors of spam that, if a hosting provider identified as the main source of Srizbi suffered, was a major setback.The walk is a kernel-mode rootkit that changes kernel data structures and is one of the most frequently used Rootkits.Eine more powerful version of FU, FUTo was created to demonstrate the weaknesses in software to detect rootkits. The AFX rootkit is able to hide Windows registry keys, processes, files and folders, services, modules and other system related info. The rootkit detection can be achieved by the presence of iexplore.dll and/or explorer.dll.
DDOS attacks
Twitter DDOS attack - Aug 09.Twitter was for hours millions of users around the world are shut down.The failure was the result of a distributed denial of service attack and considered suffered during the great failure of the service.
Google attack (Aurora) - Dec 09.Gmail accounts have been under attack by a very sophisticated tool that originate from China.Google said that these attacks on e-Mail accounts of Chinese human rights activists aligned waren.Diebstahl intellectual property from Google and other large enterprises were also reported.
Data theft, disgruntled employees and logical bombs
A large bank employees had a logic bomb to plants, which was directed at about 4,000 banks production servers after he was said he was - fired the Freddie Mac Vorfall.Die never fell bomb, as was discovered in time, but had the disgruntled employees, a script to plants, when raised was able to block all monitoring systems so that no warnings would be sent, locks all data on production servers with zeros replace applications on production servers, and finally clear all failover Mechanismen.Im August 2008 were 11 men accused of hacking in TJX network and steal million credit card numbers from nine U.S. Unternehmen.Der TJK case (owner of TKMaxx) is one of the largest data theft cases.
Heartland payment systems suffered a similar incident where a malicious keystroke logging tool ausgebeuteten millions of records of this PCI (payment card industry) compliant payment Unternehmen.Diese attacks raise doubts about payment card industry (PCI)-Compliance Standards.Die datasets which incorporate the digital information stolen from Heartland on codiert.Letztes year integrated magnetic stripe in the back of credit and debit cards, Bank of America (BOA) had a call center employees steal customer information and commissioned for the bank fraud while, to steal some time later in a separate case, an internal programmer accused of trade secrets.
More comments are superfluous……
No comments:
Post a Comment