AUGUST 20169In another mobile threat area, improved malware detection has provoked greater efforts at deception. We have seen the potential of mobile apps to work together and exfiltrate mobile device data. These colluding apps use inter-process messaging techniques that enable a high-privilege app to pass sensitive information to another app, which then sends the data to its control server in the cloud.These apps do not appear malicious when their code is examined individually by the app market or other security defenses. It is only when they are examined together that their malicious intent is revealed. Specific threat types identified include information theft, financial theft, and service misuse.It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Old Threats, New TacticsThe development of threats in general shows no signs of slowing, and cyber criminals show no signs of losing their ability to innovate. In 2016, we saw a number of new versions of older, proven threats.One example is the Trojan Pinkslipbot. First appearing in the wild in 2007, the malware went dormant for a couple of years before returning to its previous activity levels. This malware steals personal and financial data and can also take control of an infected system. Once inside, it can determine the location, organization, and individual account of the system. It also aggressively moves laterally through an organization, infecting additional systems. The group behind Pinkslipbot actively enhances the code to improve its effectiveness. It can now disable web reputation security products, shut down if a virtual machine or a debugger is detected, and can change folder permissions to defend it against anti-malware tools.Target #1: UsersCybercriminals have responded to stronger corporate de-fenses by targeting employees through relatively insecure home systems, and subsequently use these exploits to gain access to corporate networks. They also simply focus ef-forts on the exploitation of human error and ignorance about basic security practices.For instance, macro malware continues on the growth trajectory, began in 2015 with a 42 percent quarter over quarter increase in new macro malware samples. The new breed of macro malware continues to attack corporate net-works primarily through sophisticated spam `phishing' campaigns. These campaigns leverage employee informa-tion gathered through social networks to develop targeted email messages. Employees open attachments from send-ers they believe to be colleagues or vendors with whom they do business. Upon doing so, their system and perhaps their organizations' networks are infected.Threat Intelligence SharingIn the lasts 18 months, we have seen threat-intelligence sharing among enterprises and security vendors improve and mature. This progress is encouraging because the breadth and speed of information sharing will reduce the number of security compromises, enabling all types of organizations to ultimately better defend themselves against emerging threats.Cyber-threat intelligence comprises details and metadata about suspicious and malicious activity, including attack vectors, weaknesses that are being exploited, and mitigation or containment actions.Although there are still barriers to overcome before cyber-threat intelligence sharing is widespread, those bar-riers are falling, as successes are publicized and regula-tions are enacted to provide liability protection. Within a couple of years, shared cyber-threat intelligence will be a critical component of security operations, enabling organi-zations to better protect their digital assets and respond more quickly to emerging threat. The new breed of macro malware continues to attack corporate networks primarily through sophisticated spam 'phishing' campaigns
< Page 8 | Page 10 >