In this episode we cover the new news and there is lots of it this week.  And we cover the security predictions for 2013.

Downloads

HD  Apple HD  Apple SD  Audio MP3  Android

The 2013 Predictions

These are the predictions from a number of sources such as Computer World and Trend Micro.

  • ZeuS. Though last updated around more than 2 years ago, ZeuS remains popular among cybecriminals due to its reliability. Because it was coded well, cybercriminals continue to earn money from this toolkit and evade law enforcement.
  • Spyeye. Initially deemed as ZeuS’ rival, SpyEye’s creator Gribodemon offered the toolkit as an alternative while providing support to existing ZeuS customers. Since its debut in 2009, it underwent several improvements until its creator disappeared sometime in 2010.
  • Blackhole exploit kits. Known to distribute malware by exploiting known software vulnerabilities, the stealthier version of Blackhole Exploit Kit was recently released. To avoid detection, its creator Paunch does not directly provide the kit, but instead installed in a web server somewhere that is connected to a database for logging and reporting.
  • These kits will also likely to be more robust, reliable and harder to detect. The current life cycle for a kit is around 2 or 3 years, we should then expect a new wave of new kits anytime soon as we are already seeing some new kits popping up such as Red Kit, Sweet Orange, CritXPack and Cool ExploitKit.
  • Increasing sophistication in malware attacks, not necessarily in the technical aspects of the malware itself but in the deployment of an attack. Such attacks will increasingly have a destructive capacity and that it will be challenging to determine attribution.
  • increasing recognition that social, political and economic indicators must be used in conjunction with technical indicators to fully assess and analyze targeted attacks.
  • destructive capacity
  • We will see an increase in localized attacks such as malware that will not execute unless certain conditions are met, such as language settings, or “watering hole” attacks that will only affect certain geographic regions or even only specific netblocks.
  • Africa will become a new safe harbor for cybercriminals.
  • Conventional malware threats will only gradually evolve, with few, if any, new threats. Attacks will become more sophisticated in terms of deployment.
  • Consumers will use multiple computing platforms and devices. Securing these will be complex and difficult.
  • The volume of malicious and high-risk Android apps will hit 1 million in 2013.
  • Since 2012 saw a surge of “ransomware malware which encrypts your data and holds it for ransom,” expect to see more “irreversible malware.”

This week in the News:

  • Blackhole Spam
  • Java Zero Day
  • Phishing Attacks Increase In December
  • Watering Holes
  • IE Zero Day
  • Adobe Flash and Microsoft Updates
  • Ruby On Rails Flaw
  • Facebook and Yahoo Security Hole
  • Android Apps in Debug Mode
  • Malware Author Funds An Exploit Buying Spree
  • Hacker Arrested
  • Android Spam Malware

Article References:

These are the links to the references we used for news items during the show.

blackhole spam

http://blog.trendmicro.com/trendlabs-security-intelligence/blackhole-spam-runs-return-from-holiday-break/  *

  • Holiday Phish- Just because the holiday season is over – Phish campain all for the new year
  • Exploits Exploits — 2.9 percent

Phishing Attacks increase in december

http://blog.trendmicro.com/trendlabs-security-intelligence/holiday-season-unwraps-phishing-blackhole-exploit-attacks/

java zero day

http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-in-the-wild-spreading-ransomware/http://arstechnica.com/security/2013/01/critical-java-zero-day-bug-is-being-massively-exploited-in-the-wild/http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kithttp://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
  • New years gift
  • Another Java Zero day is being exploiting
  • Cool – Blackhole – Reverton – Ruby on rails – ransomware
  • Why Java – unplug

Watering Hole

http://blog.trendmicro.com/trendlabs-security-intelligence/why-is-the-watering-hole-technique-effective/

IE zero day

http://www.symantec.com/connect/blogs/elderwood-project-behind-latest-internet-explorer-zero-day-vulnerability

Adobe Flash and Microsoft Updates

http://www.adobe.com/support/security/bulletins/apsb13-01.htmlhttp://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-adobe-start-2013-with-security-updates/

Ruby On Rails flaw

http://threatpost.com/en_us/blogs/exploit-code-metasploit-module-out-ruby-rails-flaws-011013?utm_source=twitterfeed&utm_medium=twitterhttp://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-threatens-more-than-200000-sites/

Facebook

http://krebsonsecurity.com/2013/01/facebook-yahoo-fix-valuable-ecurity-hole/

android debug

http://blog.trendmicro.com/trendlabs-security-intelligence/the-issues-surrounding-android-debugging/
  • Can Steal information
  • App must be in in debug mode
  • Approximately 5% of apps in the Top Free apps list are set to be debuggable, so the risk is not insignificant.

Malware author funds a exploit buying spree

http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/

Hacker Arrested

http://krebsonsecurity.com/2013/01/police-arrest-alleged-zeus-botmaster-bx1/

android spam malware

http://www.symantec.com/connect/blogs/malware-authors-create-androidexprespam-after-prosecutors-drop-case