Researcher Put Their Focus on the Masque Attack on OS X/iOS

According to the reports released to public by the researchers working at FireEye on 17 November, Mac OS X and iOS operating systems have threat from Masque Attack, which has already come into existence. This report was published within a gap of a week post the discovery of WireLurker by the Palo Alto Networks.

What is Masque Attack? 

Masque attack can easily utilize a drawback in the operating system of Apple, which allows the user to replace one app by another app, as long as both these apps are using the same bundle identifier. One of the threatening issues is that through this attack, all the preinstalled apps on the operating systems (example Mobile Safari) can be easily replaced.

The duplicate apps will be able to track the local data of the original apps, which includes the login details like user id and password. Through this attack, an attacker can easily login into anyone’s account and make transactions from their bank accounts.

These attacks become more easy, has the iOS usually does not put in force certificate matching for apps that come with the same bundle identifier. FireEye researchers were able to verify and identify the vulnerability on both regular iOS and jailbroken. The regular iOS includes iOS 7.1.1, iOS 7.1.2, iOS 8.0, iOS 8.1, and iOS 8.1.1 beta. Attackers can influence the vulnerability through USB ports and even wireless networks.

According to the blog post of FireEye researchers Tao Wei, Hui Xue and Yulong Zhang, Apple is unable to prevent such attacks due to the existing standard interfaces and protections. They are requesting the Company to develop interfaces that are more powerful and give it to professional security vendors.

This way these vendors will be able to protect their enterprise users from all these advanced attacks. This attack will prompt the users to download malicious apps with new names like for example, the new angry bird.

The users of these operating systems are more susceptible to these attacks when they download any app from third party source or by ignoring the un-trusted app message popping on their phones. Users, who have set the Gatekeeping feature on “Anywhere”, actually nullify their protection.

As per FireEye's researchers, WireLurker utilizes very limited form of the attack when hitting the iOS through USB ports.

According to director of software engineering at Arxan, Joe Abbey, WireLurker will be able to deliver the workload only if the user has installed any un-trusted app on MAC, on the other hand for the Masque attack to occur, the user must have downloaded enterprise-provisioning profile.

Companies who have the BYOD policies are more susceptible to Masque attack. According to Abbey, it is recommended that the owners of BYOD policies disable the provisioning profiles, till Apple comes out with a solution.

Masque attacks and WireLurker are additional examples of highly sophisticated and automated attacks, which are growly rapidly. These attacks highlights that we are in serious need of automotive proactive protection and prevention methods.

Researchers Identified Sophisticated Chinese Cyber Espionage Team

Collaboration between various security firms has thwarted one of the biggest and most sophisticated cyber espionage crew called the Axiom which is thought to be linked to China. This Axiom Threat Actor Group mostly targeted NGO and pro-democratic along with other individuals who are perceived as potential threat to China.

The Axiom Group

The group mostly targets pro-democratic NGOs in Asia along with industrial espionage by targeting organizations with influential energy policy and environmental policies. Also on the list is IT giants, chip makers, telecom companies and infrastructure providers.

The group mostly used phishing attack and malwares to get the job done. The typical attack seems more like a state-sponsored attack yet again. Their prime is the Hikit tool linked to an attack referred to as Deputy-dog attack, which famously used an IE zero day bug to attack Asian firms mostly.

The group seems to work relatively quietly and is thought to be more heavily funded than say APT1 crew (Shanghai based and PLA affiliated). According to Novetta, the group is active for 6 years, is highly disciplined and is well-resourced. The suspect that Chinese government is related is most certainly true.

The Collaboration and Solution

The attacks performed did not go unnoticed however and sooner rather than later, security firms started collaborating to bring it down. The coalition among the partner is led by Novetta along with Bit9, Cisco, F-Secure, ThreatTrack Security, iSIGHT Partners, Microsoft, FireEye, Tenable, ThreatConnect, Volexity and other unnamed partners. Via Microsoft’s coordinated malware removal campaign, the coalition took its first public action called operation SMN.

Over 43k machines with Axiom tool installations have been removed from machines. Among them 180 were clear examples of Hikit – the last stage persistent and data exfiltration tool that is the peak of the Axiom victim’s lifecycle. This was perhaps the first of its kind from security firms to fight off potentially deadly state-sponsored threats to the whole world.

The Diplomacy 

China has clearly denied any involvement in Axiom. According to Chinese Embassy spokesman, such events and allegations judging from the past are fictitious and China has itself been on the wrong end of cyber espionage according to revelations by Snowden.

With 2 weeks to go before President Barrack Obama gives Beijing a visit, cyber security will be a high priority agenda to discuss. Washington has previously tried hard enough to pressurize China over issues of possible state-sponsored cyber warfare against the US but has failed to sustain it after the Snowden revelations.

Novetta however hopes that the example set by the coalition will be followed in future to fight cyber terrorism. However, it will be very stupid to think that Axiom is gone for good. The operation was more of a remediation than knock-out blow and chances are that Axiom will be back soon though with probably different tools and strategies this time around.

The group has amassed lots of technical data regarding the threat and its workings which will help in future in fighting against such groups.

1.2 Billion Passwords Snipped: Secure Your Online Account with a Strong Password

Technology represents a new identity with the extensive improvement and thus you can easily acknowledge the optimistic features helping you to set up a new identity online. However, along with the advanced attributes also you may be the victim of a negative impact such as hacking. Nowadays it appears as one of the biggest concerns that you need to take care of maintaining a suitable profile online. Manifold users complain that they have been hacked and the passwords are stolen, which lead to lose the confidential and important data.

The newspapers and the online news channels reveal the entire fact specifying the dark side of technology. According to the authenticated information, a particular Russian group hacked about 1.2 billion passwords from nearly 500 accounts. Therefore, all the users using the accounts faced serious problems recovering the entire set of data.

How to maintain the privacy of your account? 

From the above fact, it emerges as the essential feature to sustain a suitable privacy that blocks the hackers stealing your password. You need to set a password that is really difficult to retrieve. The passwords accumulating the common characters or figures can be easily tracked by the hackers that may be threatening for your account.

Incorporate other security features such as the secret questions that protect your account from the unauthorized access. So, all your information remains safe and you would not have to worry regarding the spamming activities. Furthermore, nowadays the webmail providers and the other social sites are implementing multiple security attributes to safeguard their users from the unruly bustles. Follow the regular news and other technical periodicals that depict useful information helping you to know how you can incorporate more safety measures to your account. Hence, you can prevent the leaking out of the data that may bring a tragic episode in your life.

Cyber Security to safeguard the Online Users

Furthermore, the administration employs a specific cyber security feature that protects the privacy of the users and thus you can carry out the online activities without any worry. The entire society is therefore convinced that they attain the ultimate safety over the web that leads to the flawless execution of the operations. Browse the various online sites that consist of other information revealing the particular facets for the cyber security. Acknowledge certain software and other equipment installing which you can increase the safety of your account online.

Eliminate the Negative Technical Brunt

Once, you are able to put a complete barrier to the hackers and other unqualified persons entering your personal account the overall theft will decrease to the large extent. It comes out as a significant feature that is really useful to affix a strict blockade to your top secret data. Employ the feasible security measures and ensure the effective account free from the spamming activities that destroy your useful information. Make sure that you are on the safe hands protecting your account from every type of unscrupulous bustle. Finally, you are able to set up a complete well-organized online account that achieves the ultimate safety.

Why Internet Security is Important to Small Businesses

Online security isn’t just important to businesses – it’s important to every user of the Internet. We all have something to lose when we’re online; we are all vulnerable. As an individual, knowing that your emails have been hacked is enough of a breach of privacy, let alone if you’re a business which has a lot more to lose.
Whether we like it or not, the increasing dominance of the Internet has brought with it a rise in hackers and cybercrime. The best way in which we can deal with the prevalence is by ensuring that we’re safe and secure, at home and at work.

Small businesses are becoming increasingly targeted. According to a part one of an infographic, targeted attacks on small businesses have risen by 13% between 2011 and 2012. The Symantec infographic, found in two parts, exposes some web threat trends that may be of interest to you and your business and may help you to understand the importance of internet security for small businesses.
The fact of the matter is, cybercrime can happen to anyone. Small businesses may not think that they’re vulnerable but the infographic shows that they are. It’s important the business owners don’t become complacent with an “it won’t happen to me” attitude. If suitable security measures are in place and updated regularly, the chance of a malicious attack is substantially smaller. Protecting yourself online isn’t just a technical measure though; it’s also down to you and the policies you implement so that every employee knows how to be as secure as possible while online.

Something as easy to install as reliable anti-virus software can help to maintain a high level of security for your business network. This sort of software is well worth the investment and, on the grand scale of things, is inexpensive too. Once it’s installed, it will help to spot any malicious activity, by warning you before opening attachments that it may deem suspicious, and also scanning the websites you visit and flagging up any that are vulnerable or are potential phishing sites.

As a business, your efforts shouldn’t stop at your online activity. You should also ensure that your business network is protected, too. Most small businesses that use more than one computer are connected to a network which can be targeted by unscrupulous third parties. According to the infographic mentioned, the vast majority of security breaches came from outside business networks, meaning that strong user passwords, wireless passwords and private SSIDs are essential.

By implementing some simple measures, your business will be as safe as possible and should, hopefully, be able to avoid any prolific security attack. Unfortunately, nothing you do will make you completely invincible, but ensuring that some element of protection is in place will mean that chances of your business being caught out are much less.

Your employees need to understand the importance of online security so that they don’t unwittingly cause your business to be victimised. Appropriate training and business policies should be put into place so that every working day can run smoothly.

Being aware of online security issues is the first step towards protecting yourself from cybercrime. Educate yourself and your staff to minimise the risk to your business.

by Roxanne