Pinterest Stumbleupon Whatsapp
Ads by Google

Cyber-attacks continue to grow in 2015. According to anti-virus testing site AV-TEST, more than 390,000 new malicious programs are now registered every single day, and the total amount of malware attacks in circulation now stands around the 425,000,000 mark.

On the positive side, the rate of growth of new malware doesn’t seem to have changed much since last year. By the end of the year it is expected that around 150,000,000 new strains will have been detected, up from 142,000,000 in 2014. To put that in context, between 2013 and 2014 the amount of new malware almost doubled from 81,000,000.

Out of this vast amount of malware, some is more important than others. Here’s our rundown of the five most significant….

Facebook Porn

In late-January / early-February, a Trojan horse tore its way through Facebook Five Facebook Threats That Can Infect Your PC, And How They Work Five Facebook Threats That Can Infect Your PC, And How They Work Read More , infecting 110,000 users in just two days.

The malware worked by tagging an infected user’s friends in a post, which when opened, started to play a preview of a porn video. At the end of the preview it asked them to download a fake Flash player in order to be able to see the rest of the footage. That fake download is actually the malware downloader.

Ads by Google

The Trojan is especially dangerous due to a new technique called “magnet”. Previous iterations of social media malware worked by sending messages to an infected person’s friends, thus limiting its progress to direct friends only. The new technique of tagging people in a public post means the tag may be seen by friends of the victim’s friends as well – thus allowing it to spread faster.

Why is it important?

Virtually everyone has a social media account of some description. While some users are more security-savvy than others, the youngest (Facebook takes users from age 13) are arguably more vulnerable than most. It means that a) your child could be exposed to videos that they really shouldn’t be at that age, and b) if your child uses your computer, they could infect it without you realizing.

Syrian Spies

At the same time as the Facebook scandal was happening, another malware attack was rumbling along in the Middle East.

Using a combination of malware on Windows and Android Malware on Android: The 5 Types You Really Need to Know About Malware on Android: The 5 Types You Really Need to Know About Malware can affect mobile as well as desktop devices. But don't be afraid: a bit of knowledge and the right precautions can protect you from threats like ransomware and sextortion scams. Read More , a group that aligned with embattled Syrian President Bashar Al-Assad managed to haul in a vast amount of intelligence about Syrian rebels. Data collected included personal information, battle plans, troop locations, political strategies, and information on alliances between the various rebel groups

The attack worked by using fake Skype and social media accounts that purported to be female supporters of the rebels that were based in Lebanon and other surrounding countries. The accounts lured the rebel fighters into “sexy chats”. After asking the rebels what operating system they used, they would send photos, videos, and other chat software downloads to infect their victims’ machines.

Why is it important?

Hackers and malware attacks no longer originate solely out of geeks’ bedrooms. They are now a weapon in the geo-political arena and are being actively used to influence the outcomes of wars. Horror stories of nuclear reactors and missile silos getting hijacked by an enemy are not far away.

Mac Firmware Worm

Macs are impenetrable, right Mac Malware Is Real, Reddit Bans Racism... [Tech News Digest] Mac Malware Is Real, Reddit Bans Racism... [Tech News Digest] Unmasking Mac malware, the Reddit racism row, Apple Music users, YouTube moves on from 301+, Destiny drops Dinklage, and The Human Torch drone. Read More ? Wrong.

While the amount of Mac-based crapware, homepage hijackers, and content trackers has been steadily rising for the last few years, it’s always been (incorrectly) assumed that Apple systems are locked down in ways that Windows-based PCs aren’t – thus making them almost invincible to the torrent of attacks that Microsoft users have to withstand.

A little under a month ago, news broke that two white hat researchers had successfully created the world’s first firmware worm for Mac.

While this worm isn’t “on the market” at the moment – the proof-of-concept virus is dangerous. It can be delivered either via an email, an infected USB stick, or a peripheral device (like an Ethernet adaptor). Once it’s on your machine it cannot be removed from the firmware manually (you’d have to re-flash the chip), and it can’t be detected by any existing security software.

If the concept has been proved, it’s only a matter of time until black hat hackers start exploiting it. If you’re a Mac user, take appropriate security steps now.

Why is it important?

Lots of Mac users are blissfully ignorant about the threats they face and how to combat them. The anti-virus market is significantly under developed when compared to that of Windows, providing would-be criminals with a huge, and easy, opportunity.

Hacked Jeep

The hacked Jeep story Can Hackers REALLY Take Over Your Car? Can Hackers REALLY Take Over Your Car? Read More made headlines around the world in July.

The vulnerability arose from carmakers’ new-found desire to turn their products into “smart” cars – enabling drivers to control and monitor certain aspects of their vehicles remotely How To Monitor Your Car's Performance With Android How To Monitor Your Car's Performance With Android Monitoring tons of information about your car is incredibly easy and cheap with your Android device -- learn about it here! Read More .

One such system – Uconnect – makes use of a cellular connection that allows anyone who knows the car’s IP address gain access from anywhere in the country. One of the hackers described the loophole as “a super nice vulnerability“.

After gaining access, the hackers implanted their own firmware on the car’s How Secure Are Internet-Connected, Self Driving Cars? How Secure Are Internet-Connected, Self Driving Cars? Are self driving cars safe? Could Internet-connected automobiles be used to cause accidents, or even assassinate dissenters? Google hopes not, but a recent experiment shows there is still a long way to go. Read More entertainment system. They then used it as a springboard to send commands through the car’s internal computer network to its physical components such as the engine, brakes, gears, and steering.

Thankfully the men behind the hack, Charlie Miller and Chris Valasek, have been working with Chysler for almost a year in order to shore-up their vehicles. However, like the Mac worm, the fact that a proof-of-concept hack worked means it’s only a matter of time until less honest people start to find their own exploitations.

Why is it important?

Hacking has moved on from computers. In the age of the smart home, smart car, smart TV, and smart everything else, there are now far more vulnerable access points than ever before. With common protocols not yet widespread, hackers have a rich array of targets. Some of these targets have the ability to cause physical harm to a victim, as well as costing them a lot of money.

Rowhammer

What’s the worst kind of security hack? The answer is almost certainly one that cannot be fixed.

Rowhammer.js is a new security attack that was revealed in a paper by security researchers earlier this year. It’s so dangerous because it doesn’t attack your software, but instead targets a physical problem with how current memory chips are constructed.

Apparently the manufacturers have known about the hack since 2012, with chips from 2009 all affected.

It’s so worrying because it doesn’t matter what type of operating system you’re using – Linux, Windows, and iOS are all equally vulnerable.

Worst of all, it can be exploited by a simple webpage – there is no requirement for a machine to already be partially compromized. As one researcher behind the paper explained, “It’s the first remote software-induced hardware-fault attack“.

Why is it important?

Like the Mac worm, it shows that previously safe Linux and Apple users are now fair game. It also shows that old methods of anti-virus protection Why You Should Replace Microsoft Security Essentials With A Proper Antivirus Why You Should Replace Microsoft Security Essentials With A Proper Antivirus Read More might not be enough; users who previously thought of themselves as security-aware might now find themselves exposed.

Android Texts

During the summer it was reported that a staggering 950 million Android phones and tablets were vulnerable How 95% of Android Phones Can Be Hacked with a Single Text How 95% of Android Phones Can Be Hacked with a Single Text A new Android vulnerability has the security world worried - and it leaves your smartphone extremely vulnerable. The StageFright bug allows malicious code to be sent by MMS. What can you do about this security... Read More to hacks that could install malicious code via text message or via a website.

If an attacker has the phone number of their victim, they can send a modified multimedia message (MMS), which, once opened, would execute the code. The phone’s owner would have no idea that they were being attacked, and there would be nothing obviously wrong with the device.

It is claimed that all versions of Android from 2.2 onwards are susceptible.

As with the Jeep hack, this exploit was found by white hat hackers who reported it to Google. As yet, there is no evidence that it’s being used by criminals.

Why is it important?

As security firm Zimperium said in a recent blog post:

“A fully weaponized successful attack could delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.

The vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromized and you will continue your day as usual—with a trojaned phone”.

What Have We Missed?

We know this is just a snapshot of the important hacks that have taken place this year. There has been so many that it’s impossible to list them all in a single article.

Which do you think were the most important? What would you add?

We’d love to hear your feedback and thoughts in the comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *