The week in security: Linux Trojan bows as industrious cybercrims abound

Concerned about your anonymity online? All you have to do is stop using Windows – and disable JavaScript – according to the authors of the TOR Project, whose protections are apparently undermined by a newfound Firefox vulnerability.

Also undermined were the Lavabit and Silent Circle anonymous email services, felled by legal battles (Lavabit was the service used by infamous NSA leaker Edward Snowden). Lavabit’s founder later expanded on the reasons why, which are attributed to increased pressure by US authorities under national-security provisions.

The FBI has taken its own stab at anonymity with a new one-way portal for reporting cyber crime, called iGuardian. Crime-fighters are also dealing with the need for new strategies in unstructured data analysis, as well as a need to face new realities as one company’s audit figures suggest 63 per cent of organisations already have malware running on their networks.

The US government is considering a range of options to incentivise better cybersecurity, with work commencing on a cybersecurity framework due early in 2014. The government may also want to be considering how to maximise its culture of openness as maximise its culture of openness as estimates suggest it could lose $35 billion in business revenue to overseas companies following exposure of its NSA surveillance programs.

One survey of malicious online activity found that phishing attacks are dropping as cybercriminals shift their server resources to running distributed denial of service (DDoS) attacks.

However, DDoS isn’t the only growth area in the cybercriminal arena: Malware-as-a-service offerings are, according to one study, blossoming in Russia – which is also becoming a haven for toll fraud and malware ‘startups’ including a resourceful firm charging $US1000 ($A2190) for the new Linux-based ‘Hand of Thief” Trojan.

Russia isn’t the only country fostering a new breed of malware architects: Latvia’s foreign minister has complained about US attempts to extradite an alleged author of the Gozi data-stealing Trojan. Also on the international front, the Serious Fraud Office was in damage-control mode after and 81 tapes that formed part of a Saudi Arabian arms case. Also on the ‘oops’ front, the Bank of Scotland was hit with a £75,000 ($110,000) fine after it was found to be repeatedly faxing customers’ details to the wrong people.

Bank of Scotland may be giving away customers’ personal information, but Australian customers are the third most-susceptible in the world to doing the same on their own after a Trend Micro survey found near world-leading rates of banking malware infection. Blogs and other content-management sites were being targeted by password thieves, while content-management interests were drumming up support for a movement to do away with CAPTCHA user-authentication dialogues.

Others were exploring the possibilities of a new scheme for tracing the origin of spam text messages, while UK PM David Cameron was pushing for boycotts of troll-hosting social networks as well as attracting derision from Wikipedia founder Jimmy Wales about Cameron’s plans to introduce default pornography filters to all UK services.

Some were asking whether US and other governments’ bans on Lenovo equipment – found to have firmware backdoors – should be duplicated by private companies. Interestingly enough, nobody was asking the same question about Google’s phones, which became easier to track after Google began rolling out its Android Device Manager. Google was, however, copping heat over the fact that the company’s Chrome Web browser can reveal saved passwords to anyone that uses your computer.

There was some good news in amongst all this trouble: cybersecurity professionals among the most sought-after in the IT sector. Meanwhile, hackers at three US security conferences were talking not only about code-based penetration but the nuances of social engineering. Other interesting demonstrations included a researcher who used JavaScript to build a distributed, secure file system that functions as a botnet.

What could possibly go wrong?

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about FBIGoogleLenovoLinuxNSATrend Micro AustraliaWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts