Attack vectors and campaigns in 2014 - SC Magazine
In this video Teri Robinson sits with Jaime Blasco, director of AlienVault Labs, to discuss the prominent cyber criminal activity he and his team has witnessed this year.
T- Teri Robinson
J- Jaime Blasco
T: Hi. Teri Robinson with SC Magazine and I’m here at Black Hat 2014 on the exhibit floor with Jamie Blasco. He is the director of Alien Vault labs. Hi Jamie, how you doing?
T: Good to see you today. Um, let’s start off. What are some of the biggest threats you guys are seeing?
J: Uh, I would say that this year, and well, during the last few years we have seen a real increase on the number of campaigns are groups that are performing cyber espionage. And we are seeing, I mean, in the last years, we were tracking most of them were coming from China mainly, but we are seeing more and more campaigns are groups that are operating from other countries. So yeah.
T: Like Russia?
J: Well, Russia is one of the, I mean—They have a good start, a history and all these kind of facts, but they were, in the past they were basically performing more financial crime, what we call crimeware, which is basically trying to compromise banking credentials for instance. But they are also starting to perform all these targeted attacks against other kind of industries and trying to steal confidential data and intelligent property.
T: Ok, um, are any countries taking you by surprise or…?
J: Well, I don’t think so. I always say that every single country in the world is performing these kind of operations. So, in the end, it doesn’t surprise me in any, any country. It’s like; for sure all of them are, are or want to perform these kind of cyber-attacks and cyber-campaigns.
T: Let’s talk a little bit about Internet Explorer. There’s been a lot of activity there. Could you tell me some of the techniques that, uh, that vectors have been using?
J: Yeah, well, like a few weeks ago, we published this, uh, research that we did that was basically like, uh—We were describing some of the new techniques that the attackers have been using in the last few months. So, these techniques were basically, they were able, if you are visiting a website, they are able to obtain information about which software is running in your system. So, the way they were using this information was first of all, they were able to detect which kind of security products were you using. Like which antivirus, which firewall were you using, and based on that, they could exploit—Basically, they could change the malware, they could use another technique that they know that antivirus or that security technology will not be able to, to detect. And at the same time, they were using that to map, like, potential attack vectors, uh, that they can use in the future. Like, for instance, if they are able to, to know that you are using a specific version of Chrome or PDF or a specific version of Java, next time they can launch attacks and, and exploits to, exploits to release in that version of the software.
T: Ok, um, what about the—Let’s talk about the, the Tor Network for a moment because there’s been a, a lot of talk about efforts to de-anonymize it. So, um, how comfortable can Tor users be that their privacy is protected or can they be? And then, um, what do they need to do to ensure their privacy is protected?
J: Ok, I mean the, the deal with Tor is like—I mean, Tor was created to, to give you a, let you be anonymous on, on the internet, but thing is like you cannot truly trust Tor. It’s like you have to use all the other techniques in order to be, you know, sure that, I mean, not only law enforcement, but other people can’t intercept your communications and can see what you’re using either on the internet and within Tor. Uh, so, I mean, my recommendation is like of course you have to run security software in your system because the problem with Tor is like—For example, the FBI, last year they were performing this attack. Uh, so they were planting exploits called in specific websites within the Tor network. So, when people were visiting those websites, they were exploit a vulnerability in the, in Firefox and they could actually de-anonymize those users because they were obtaining the micro threats. That is basically the unique identifier of your system so. I mean, you have to use this, basically use the same techniques that you use to browse the internet. So, antivirus, update your systems, try, try to use a secure browser. So, I always recommend Chrome. Uh, what else? Well, you can also use Tor also with a VPN so, at the same time. So it’s gonna give you even more, you know, another layer of security.
T: Any surprises on the threat landscape these days?
J: Well, I will say that, and we have seen this theme during Black Hat. It’s like, this new theme of the internet of things. We are seeing how instantly hack into home allows. You can instantly hack into medical devices, into airplanes, into everything that is connected to a network. So, I guess—Well, we already knew that, but I think this year is the year where the security industry is trying to, you know, to talk a lot about that and. And we should, you know, like, uh, have a plan in order to secure those kinds of devices. Because at some point it’s gonna backfire. I mean, it’s like—It’s basically those devices that are, especially medical devices and all that. It’s really important that we have a plan in order to secure those.
T: Yeah, well, there’s a lot a stake there. Um, it, there seems to be problems, I guess, these days, just protecting more traditional devices. How’s that gonna work with the internet of things though? I mean are there any particular measures that you see coming down the pike?
J: Well, I guess that we are gonna use the same technologies that we have been using to protect other kind of systems and I think that the solution for this problem is really to start designing those devices from the beginning with security in mind. So as long as you are designing with security in mind before you build those devices, you won’t have that problems because—You don’t have those problems because, I mean, the device itself will be secure. So think that industry companies, and, I mean, companies that are building all, all these devices are gonna start like hiring a lot of security people. So, security will be there from the beginning from the design of those products. And I think that’s the only solution that we, that we have.