You are on page 1of 21

I.Sophos Security Threat Report 2014 1.

Li ta Phn nh v an ninh v mi e da cnh quan ca nm 2013, mt xu hng ni bt l kh nng ngy cng tng ca cc tc gi phn mm c hi ngy trang cc cuc tn cng ca h. ph bin rng ri ca botnet tin tin v khai thc m ngun b cho php tc gi phn mm c hi hn to ra cc cuc tn cng mi sng to v a dng Ti phm mng bt u tn dng tip th trc tuyn nh mt cch qung b v bn dch v ca h trn th trng ch en . Cc botnet kt qu l chu trch nhim v s gia tng mnh trong cc cuc tn cng phn mm c Phn mm c hi hin i c s dng nhiu trong vic nghe ln. nng cao lin tc mi e da (APTs), mt trong nhng v d xu xa nht ca vic nghe ln l mi e da, chnh xc mc tiu c nhn, doanh nghip, chnh ph v d liu ca h. APTs l mt v kh tinh vi thc hin ra mc tiu nhim v trong khng gian mng. R r, bao gm c d liu hot ng gin ip v tip xc d liu ca 1 cng tyl mt ch chnh trong nm va qua.Cc cuc tn cng APT trong nm 2013 ln k hoch tt v c ti tr;tin hnh bi cc cng ngh tin tin, v i th c trnh cao. Ngay c sau khi hon thnh thnh cng nhim v, APT tip tc sng trn thu thp thm thng tin. Bo v chng li s nghe ln v ko di bn cht ca APTs l mt cng vic phc tp, v i hi mt cch tip cn phi hp trn cc h thng cng nh cc mc mng.Cc doanh nghip v cc chnh ph phi quan tm d liu nhy cm ring t v bo v t by gi c c nhiu hn nhn thc v cc vn an ninh phin h m c th c tm thy trong cc h thng c s h tng quan trng . S c ca cuc tn cng vo cc quan trng c s h tng mng v h thng kim sot chng minh l hng trong c s h tng thit yu ca x hi chng ta.

H thng bao gm c c s h tng li in thng minh c th tr thnh mc tiu tp trung nhiu hn cho ti phm mng trong nm ti. S ph bin ngy cng tng ca "Internet of Things" (v d nh in thoi di ng thit b, ng dng, mng x hi, v lin kt vi nhau tin ch v cc thit b) cng lm cho nguy c e da mt mc tiu tng. Mi e da mi pht sinh vi cc cng ngh mi nh cm ng t trng (NFC) c tch hp vo in thoi di ng nn tng. S dng sng to cc dch v GPS kt ni ca chng ti cuc sng k thut s v vt l c hi mi hin nay cho ti phm mng vi phm an ninh v s ring t ca mi ngi. H thng nh vy c th mang li cc cuc tn cng vo cc c nhn lm tc ng trn mi chng ta. Trong nm 2014 chng ta cn phi bt u xem xt li khng ch s tin trin ca cc cuc tn cng hin c, m cn cn bit cc loi tn cng mi ang ni ln m hin ti cha bit. Gii thiu:S pht trin ca phn mm c hi nm 2013 Phn mm c hi v cc mi e da bo mt c lin quan pht trin v trng thnh, v cc nh pht trin v nh xut bn ca m c hi v cc trang web ngy cng sng to hn trong vic che giu m c. Vo nm 2013 ,botnet v cc b cng c khai thc tng ln nhanh chng,tc gi phn mm c hi hc hi kinh nghim v pht hnh m ngun ca ngi tin nhim h.Khi ngi dng tip tc tp trung vo cc thit b di ng v dch v web ,do c tc gi phn mm c hi.Cc cuc tn cng Android tng trng v ngy cng phc tp. Nh nhng ngi khc trong ngnh cng nghip an ninh,ti Sophos chng ti quan st cc mi e da tp trung nhiu hn vo cc cng

ty mc tiu c th.Nhm mc tiu vo cc ti khon v cc giao dch bt u xut hin nhiu hn v rng ri. Mt s mi e da tip tc l theo chu k, quay li vi cc kch bn sau khi m dn trong nhiu nm. V d, chng ta thy s tr li pump-and-dump la o chng khon email m gn xa s bi y ban Chng khon v Hi oi M cch y vi nm. Trong nm 2013 chng ti cng nhn thy mt phin bn mi ca cc phn mm c hi gi l Cryptolocker. Trong khi phn mm c hi c c khong gn mt phn t th k, phin bn mi nht s dng rt mnh m n m ha to file nh ca ngi s dng khng th truy cp v tng tin t h.May mn thay,mt vi d liu s c chng thc.Google t c tin b trong nm 2013 trong vic m bo nn tng Android ca n t mt quan im k thut v trong tht cht cc quy nh hn ch rt nhiu kh nng tch cc cc ng dng khng mong mun.Trong khi ,cc nh nghin cu cao cp trn th gii ca chng ti SophosLabs ang i tin phong trong phng php tip cn mi quan trng pht hin v x l,tn dng cc cng ngh in ton m my v cc cng ngh d liu ln.Cho d bn l mt doanh nghip nh hay ln mt trng hc hoc c quan chnh ph,hocmt ngi dng c nhn chng ta hay cng nhau chin u chng li phn mm c hi. S pht trin ca Botnet v nghe ln Trong 12 thng qua,botnet tr nn ph bin hn,linh ng v dng nh ang tm kim mt s mc tiu nguy him mi. M ngun Botnet c truyn thng c bo v cht ch bi ch s hu ca n.Ngay c khi ti phm mng khng chy botnet na,h thng bn m ca h vi gi rt cao.Nhng trong nhng nm gn y,m ngun botnet lm vic b r r.iu ny cho php ngi khc bt chic to ra botnet cho ring mnh v sau pht trin chng hnh x theo nhng cch cc lp trnh ban u.V d,vic tit l m ngun Zeus mt vi nm trc dn ngi khac pht trin thnh Gameover,thay th Zeus lnh v kim sot(C &C) lien kt truyn thng tp trung vi mt mng li cc thit b b nhim peer-to-

peer.Gameover thm c ch truyn thng d phng , m ha v lm cho k cm u Botnet linh hot hn trong quy tc thit lp cho hnh vi ca Botnet nh kh nng tham gia vo cng ng DDos ph bin(tn cng t chi dch v). Botnet l linh hot hn Botnet ang tch hp nhiu hnh thc sao lu lnh v kim sot. V d, nu mt botnet nhim vo khch hng nh Gameover khng th kt ni n cc a ch ca khc my tnh b nhim trn mng, n chy c xy dng trong "min quan h " ca thut ton. Nu cc thut ton pht hin ngay c mt server mi ca C & C c thnh lp, khch hang c th khi phc vai tr tch cc ca n i vi cc botnet. Khai thc botnet cng c nhanh hn v hiu qu ng ph vi bin php i ph. Mt cng ty chng virus mt kim sot mt phn ca botnet ZeroAccess, chuyn hng lu lng truy cp t 500.000 khch hng b nhim ti mt my ch iu khin bi cng ty chng virus. p li,lm vic vi cc mng li lin kt, ch s hu ca botnet mt cch nhanh chng y mnh s lng nh git mi h t v khch hng. Trong vng vi tun, h thay th nhng ngi b mt v cc phin bn mi khng phi l d b tn thng vi cng bin php i ph. Botnet cung cp phn mm c hi nguy him hn Khi ngi s dng pht trin kh nng chng cnh bo gi mo v chng virus la o , nhiu botnet c cung cp phn mm c hi thay th. By gi,ngi dng ang phi i mt vi mt nhu cu tuyt i phi tr gi khi phc li quyn truy cp vo d liu ring ca h,v d l Cryptolocker .Phn mm c hi ny cho bit thm chnh n vo danh sch cc chng trnh Windows chy lc khi ng

ti ln mt tp tin ID nh t my tnh ca bn ,ly mt kha cng khai t my ch , v sau m ha tt c cc d liu v tp tin hnh nh n c th tm thy trn my tnh ca bn . Mt khi d liu ca bn c m ha bi nhng k xu, Cch duy nht ly l vi kha ring ca h c lu tr trn my ch m bn phi tr tin nhng tn ti phm . Trong khi Cryptolocker i khi c cung cp thng qua th rc, n thng n thng qua cc botnet bn c b nhim. Trong nhng trng hp , cc chng trnh ch n gin l tr lin mt lnh nng cp cho php nhng k la o cp nht ,thay th , hoc thm vo cc phn mm c hi m h b vo PC. M ngun ca Carberp, mt chng nhn nh cp b botnet ngn hng theo nh hng s dng n cp hn 250 triu USD t t chc ti chnh v khch hng ca h, b r r trong gia 2013 Min trung Nga, chng ti nhn thy gn y bng chng v hot ng trn ton th gii Carberp, v cc yu t ca phn mm b r r bt u xut hin trong cc mng botnet khc. Chng bao gm m da trn in ti, trong bao gm mt s cc k thut tinh vi nht cha to ra trnh b pht hin trong khi b phn mm c hi vo my tnh. Trong khi , trn khp nc Anh v chu u, nhiu ngi s dng c gn y gp Shylock / Caphaw, botnet giao phn mm c hi ti chnh m c th l mc tiu ca nhiu khch hang t chc ti chnh ton cu, t Barclays v Ngn hng hng u ca M Capital One, Citi Private Bank, v Wells Fargo Botnet ang ngy cng da vo cc "darknet" Botnet ngy cng s dng cc mng n nh Tor c c thit k chng li gim st. Tor t c cng khai nh mt cng c quan trng c s dng bi Wikileaks v nhng ngi khc bo v ngun tin ca h;

v nh my ch cho th trng ch en trc tuyn Con ng t la gn y b buc ti to iu kin cho cc giao dch bt hp php. Botnet c th lu tr cc my ch C & C nh cc dch v n trn Tor mng, lm cho chng thm rt nhiu kh khn theo di. Doanh nghip thng phn ng bng cch a ra quyt nh iu hnh nhn vin ca h khng nn s dng Tor, v s dng ng dng cng ngh kim sot ngn chn vic s dng cc trnh duyt my khch Tor phn mm. Khai thc Botnet Bitcoin: Mt ngun thu nhp phn mm c hi Khai thc botnet khng ngng tm kim ngun doanh thu mi. Khai thc Bitcoin thc hin li nhun ti chnh ln trong nm 2013. Bitcoins l mt tin t hon ton k thut s khng c h tr bi bt k chnh ph. trong khi gi tr ca mt Bitcoin dao ng ng k, trong gn y thng n thng dao ng t $ 150 v $ 200 USD Bitcoins mi c to ra bng cch gii quyt vn ton hc phc tp yu cu x l my tnh ln cc loi botnet ton cu ln c th khai thc. V vy, t thng 5 nm 2012 cho n thng Hai nm 2013, v sau trong ba tun vo thng T nm 2013, khch hng b nhim vo mng botnet ZeroAccess lm n l cho Bitcoins Mc d gi tr ca Bitcoins tng ng k trong thi gian , cui cng ZeroAccess v hiu ha chc nng ny. Ti sao? Chng ti khng chc chn. C l n thu ht qu nhiu s ch . C l h khng lm nh nhiu doanh thu nh h c th thng qua gian ln click. Mt s nh quan st ni rng mi, ty chnh phn cng Bitcoin-mining l xa hiu qu hn trong cng vic hn

botnet phn phi.

Trong khi ZeroAccess khng cn khai thc Bitcoins, botnet khc ch s hu khng t b c m. Nghin cu bo mt hng u Brian Krebs pht hin ra vic nhy vt FeodalCash botnet Nga ln hot ng khai thc Bitcoin vo thng 5 nm 2013 Phn mm c hi Android: bin i v thng minh hn Phn mm c hi Android tip tc tng trng v pht trin.Nhng c tin b bo co trong vic m bo nn tng ny. T khi chng ti pht hin ln u tin phn mm c hi Android vo thng Tm nm 2010, chng ti ghi nhn hn 300 gia nh b nhim phn mm c hi. Gn y, chng ta thy s i mi ln trong cc phn mm c hi trn Android ,tm cch trnh v chng li phng php pht hin. Ginmaster l mt v d. Pht hin u tin Trung Quc trong Thng 8 nm 2011, chng trnh trojan c hi ny c tim vo nhiu cc ng dng hp php cng c phn phi thng qua bn th ba trn th trng. Vo nm 2012, bt u Ginmaster chng li s pht hin ca s che giu trc s tn cng ca cc h thng bo v mng v di chuyn theo hng cc k thut a hnh tr nn ph bin trong phn mm c hi Windows. Trong nm 2013, s pht trin ca Ginmaster c nhiu phc tp v s che giu tr nn tinh t v m ha ngy cng phc tp, lm cho phn mm c hi ny kh khn hn pht hin.Trong khi , vi mi qu k t u nm 2012, chng ta thy mt s tng trng n nh trong pht hin ca Ginmaster, t hn 4.700 mu gia thng hai v thng 4 nm 2013. Botnet Android

Gn y, bo co cho thy s ni ln ca mt botnet quy m ln kim sot cc thit b Android theo cc mng botnet tng t c my tnh kim sot. Trong Botnet , Sophos pht hin nh Andr / GGSmart-A,n s dng tp trung, kim sot hng dn tt c cc in thoi di ng cc thit b b nhim, v d, gi tin nhn SMS cao cp tin nhn s c tnh cho ch s hu thit b. Khng ging nh cc cuc tn cng Android in hnh, n c th thay i v kim sot cao cp.S tin nhn SMS, ni dung, v thm ch c cc chng trnh lin kt trn ton b mng li rng ln ca n. iu ny lm cho n c t chc tt hn, v nguy him hn nhiu so vi nhiu phn mm Android c hi, chng ti nhn thy trc. Khi bt u, Android Defender s dng k thut la o v c mt ci nhn chuyn nghip v lin tc tm kim c quyn qun tr thit b. Nu c nhng c quyn, n c th hn ch quyn truy cp vo tt c cc khc cc ng dng, lm cho n khng th thc hin cuc gi, thay i ci t,cc nhim v, cc ng dng,g b ci t, hoc thm ch thit lp li. N th hin mt thng ip cnh bo,thm ch v hiu ha nt Back / nt Home v khi ng li chng li loi b. V iu duy nht n khng lm l m ha ni dung ca bn hoc d liu c nhn.Thnh tht m ni, chng ti s ngc nhin nu chng ti khng bo co cc cuc tn cng m ha trong mi e da trong nm ti. Phn mm c hi trn Android Phn mm c hi c mt lch s-cc phin bn di v c hi ln u tin c pht hin 25 nm trc y. i vi nhng ngi khng quen vi n,lm cho cc tp tin hoc thit b ca bn khng th tip cn, v sau yu cu mt khon thanh ton gii thot h. Vo thng Su nm 2013, Sophos nghin cu ca Rowland Yu pht hin ra phn mm c hi u tin tn cng chng li cc thit b Android. c gi l Android Defender, iu ny lai gi chng virus / ng dng i hi mt $ 99,99 khi phc li quyn truy cp vo thit b Android ca bn.

Hnh vi nh cp ti khon ngn hng, gi qua in thoi thng minh Vo thng Chn nm 2013, chng ti pht hin mt hnh thc mi ca ngn hang phn mm c hi kt hp thng thng Man-in-theBrowser cc cuc tn cng chng li Windows vi k thut la o c thit k tha hip qua cc thit b Android v hon thnh vic nh cp thng qua in thoi thng minh. i khi c gi l Qadars, chng ti pht hin n nh Andr /Spy-ABN. Trong khi chng ti ang gp phi tng i thp mc phn mm c hi ny, n nhm mc tiu vo Php, H Lan v cc t chc ti chnh n . Ging nh cc m c tin nhim ca n Zeus, Andr / Spy-ABN bt u t ngy bn Windows, tim chch m vo Internet Explorer ngn chn thng tin ngi dng trc khi n c m ha v chuyn tip cho cc t chc ti chnh. N cng nm bt c trnh duyt chng thc c nhn v cc tp tin cookie.Sau khi xc thc, ngi dng c thng bo rng ngn hng ca h by gi yu cu s dng mt ng dng in thoi thng minh mi nh mt bin php chng gian ln.Ngi dng c yu cu / in thoi ca mnh s lng v m hnh, v mt tin nhn SMS c gi i, lin kt ti v ca cc ng dng c hi. Nu y khng phi l xu, tim m ngay c khi ngi dng truy cp ti khon ca h cho n khi cc phn mm c hi c ci t in thoi thng minh v cung cp mt m kch hot. Bo mt Android Chng ti hi lng rng Google thc hin mt s bc i quan trng tip tc bo m nn tng Android trong nhng thng gn y. u tin, Android 4.3 loi b ti ng dng t ng tn ti trong cc phin bn trc . Th hai, Google tht cht cc tha thun pht trin ca n, c bit l khi n lin quan n kh nng cc ng dng khng mong mun (PUAs), m khng phi l phn mm c hi khng th nhm ln nhng c xu hng hnh x theo nhng cch xa kh khn hn so hu ht ngi dng mong mun.

Google xc nh mt s ng dng v khun kh hnh vi qung co s khng cn c cho php. V d, cc nh pht trin khng cn c th t qung co ca bn th ba v cc lin kt trn mn hnh ch, thay i trnh duyt trang ch, hoc s dng vng thng bo h thng cho cc mc ch khng lin quan n hu ch chc nng ca h. Linux: mu cht cng ngh,thu ht ti phm Linux l mt nn tng m cc mc tiu nhm vo bi v cc my ch Linux c s dng rng ri chy cc trang web v cung cp ni dung web. Trong khi Linux nhn thy mt phn nh ca khi lng ca phn mm c hi nhm vo Windows hay Android. Hn na, chng ti pht hin mt s lng ln cc mu nhm mc tiu vo cc dch v c thit k c nn tng c lp, nhng thng chy trn cc my ch Linux. i vi nhiu l do, cc my ch web da trn Linux tr thnh mc tiu r rng cho bn ti phm tm cch chuyn hng truy cp . u tin, Linux l h iu hnh c bn chy mt t l ln cc my ch web ca Internet trong c nhiu ng dng quan trng nht, khi lng cao nht, cc trang web lun lun kt ni th gii. Th hai, cc my ch Linux c gi nh rng ri c an ton hn so vi cc h iu hnh khc, v vy h i khi b b qua nh l mc tiu b ly nhim.iu ny c ngha l mt my ch Linux nhim c th vn cn b nhim bnh cho nhiu thng hoc nhiu nm.Kt qu l, nghin cu ca chng ti cho thy rng phn ln ng k cc my ch b nhim bnh chuyn hng lu lng truy cp n ti phm trong thc t, cc my ch Linux. V vy, mc d khi lng ca phn mm c hi chy trn Linux l nh hn, phn mm c hi B ly nhim phi l mt mi quan tm nghim trng cho tt c cc qun tr vin Linux. Chng ti hin ang xc nh hng chc ngn

mu ng ng trong m PHP (mt ngn ng kch bn pha my ch thng s dng trn cc trang web) ang chy trn my ch Linux mi thng,mc d tc gi phn mm c hi ang c gng thay i PHP script ca h trnh b pht hin.Chng ta thy mt s lng ln cc kch bn PHP c hi c thit k lm cho cc my ch Linux hot ng nh cc nt trong mt lu lng truy cp ln hn h thng phn phi vi nhiu tnh nng ca mt botnet. iu ny lm cho n c cc cuc tn cng DDoS. Tn thng cc kch bn PHP thng chy trn cc nn tng d b tn thng chng hn nh phin bn v ca WordPress. V d,vo nm 2013, mt khai thc c tm thy trong cng c PHP chy Plesk h thng qun l ni dung. Thng qua mt bi c th lnh, h c kh nng c th c truy cp vo my ch v chy bt k kch bn PHP h chn. Tt nhin, nh qun tr vin thm cc kch bn ca bn th ba v dch v, h m rng b mt tn cng ca cc h thng Linux,lm cho n thm ch cn quan trng hn p dng cc bn v li nhanh chng, v c mt lp cch tip cn chuyn su lm cng c h iu hnh Linux v cc dch v ang chy trn n.Thng thng, cc my ch tp tin truyn thng Linux lu tr phn mm c hi nhm vo mc tiu Windows v cc h iu hnh khc. V vy, ngay c khi mt My ch Linux khng phi l bn thn b nhim trc tip, n vn c th ly nhim cc thit b khc m nhn c tp tin t n. Trong nm 2013, ln u tin, chng ti cng bt u pht hin quan trng s lng phn mm c hi Android trn cc h thng Linux. Tt nhin, nu mt my ch Linux, my ch kch bn, hoc my ch web vi phn mm c hi, n l k thut n gin cho phn mm c hi pht hin cc yu cu HTTP n t cc thit b Android, v phc v ln phn mm c hi Android cho ph hp Mac OS X: Mt nm ca nhiu cc cuc tn cng nh

Trong khi chng ti thy khng c cuc tn cng cao cp vi Mac OS X trong nm nay, chng ti pht hin cc cuc tn cng khim tn, sng to v a dng m lm cho n khn ngoan cho ngi dng Mac.Cc cuc tn cng chng li nn tng Mac OS X tip tc pht trin trong nm 2013, mc d chng ti thy khng c cuc tn cng ton cu .Cc loi tn cng Mac chng ta thy bao gm Trojan , cc cuc tn cng chng li l hng trong nn tng Java v Microsoft Word nh dng ti liu , trnh duyt tch cc b sung, JavaScript c hi v kch bn Python, v phn mm c hi k kt vi mt ID Apple pht trin i qua Bo v Gatekeeper v la ngi dng ca Apple tin rng n l hp php.Vo thng Hai nm 2013, v d, Reuters bo co rng Mac ca ngi cng nhn b tn hi ca tin tc thng qua mt li zero-day Java d b tn thng,v tn cng ca Microsoft.

Mac Trojan Nm ngoi, AlienVault v Sophos xc nh Trojan backdoor Mac m b xm nhp chu thng qua cc ti liu. Cc Trojan c nhng trong vn bn tuyn b tho lun v vi phm nhn quyn Ty Tng, gy ra suy on rng cc cuc tn cng c th n t cc ngun lin quan n chnh ph Trung Quc. Thng hai ny, cc cuc tn cng tng t ch i trong cc ti liu v lm dng b co buc chng li ngi dn Duy Ng Nh ng Turkestan. Tt c cc cuc tn cng da trn mt l hng Li 2004/2008 Microsoft t lu cung cp bn v li cho (MS09-027). Cho d bn l trong mt phn ca th gii hay khng, nu bn chy nhng phin bn ca Word cha c v, by gi s l mt thi gian tuyt vi cui cng h v.Nu nhng iu ny trong cc cuc tn cng nhm mc tiu vo thc t Thng 9 nm 2013 nhn thy OSX / Bckdr-RQV, mt mi

tn cng backdoor , khi ci t, truyn nhiu thng tin v cc my tnh b nhim. theo Intego, mt s phin bn c gng ti v mt hnh nh t Qun i in t Syria, mt nhm tin tc t xng l tin hnh chin tranh trc h tr chnh ph Syria Bashar al-Assad. Apple ID pht trin ca n cc cuc tn cng.Theo mc nh trn hu ht cc phin bn gn y ca OS X. Nhng nu phn mm c hi c k kt vi mt ID pht trin ca n lm vic? xy ra gia thng 12 nm 2012 v thng Hai nm 2013, khi cc email c hi gi cc ng dng Ging sinh Card ch k ca Apple pht trin ca n "Rajinder Kumar." Phn mm c hi trn web:Phc tp, a dng v ngy cng b n. Nguy him, kh khn pht hin cc cuc tn cng my ch web v khai thc b dng c m rng vo nm 2013,dn n nhiu cuc tn cng qua cng i vi cc khch hng web d b tn thng. Darkleech tn cng cc my ch web.H s c nhn cao nht v d nm nay l Darkleech, m(theo mt bo co) b xm nhp thnh cng hn 40.000 lnh vc v cc khu cng nghip trang web vo thng nm 2013. Cc trang web ni ting nh Los Angeles Times v Seagate c bo co l nn nhn. Cc my ch web Darkleech d tn thng chu trch nhim cung cp mt s phn mm c hi c bit nghim trng, bao gm Nymaim, m m ha cc tp tin ca ngi s dng v yu cu mt 300 $ thanh ton cung cp cha kha.Trong nghin cu ca chng ti, 93% Darkleech cc trang web b nhim ang chy Apache.Cc cuc tn cng my ch web lm ni bt s cn thit cho mi quan h gn gi hn gia an ninh v cc cng ty lu tr t c tm nhn ln hn vo cc cuc tn cng phc tp v tinh t nh Darkleech. T mt quan im k thut, cc cuc tn cng c bit kh pht hin. Chng ti lm vic cht ch vi mt s nh cung cp hosting b nh hng gip h lm sch cc my ch ca h. Tuy nhin, do tnh cht li nhun thp ca cc doanh nghip lu tr, khi mt s nh cung cp hosting khm ph mt my ch b nhim bnh, h thng ch n gin l xy dng li

mt trng hp my ch o mi, thay hn chn on nhng g din ra. V khng phi h cng khng cc i tc an ninh ca h hiu nhng g xy ra.Nhng ngy ny, qung co c hi thng c dng c hi trong ni dung flash. Nu ngi dng nhp vo mt qung co Flash, h c th c chuyn hng n mt trang web c hi qua m ActionScript. Mt v d l gn y Trojan Troj / SWFRed-D rng ri gp phi trong qung co YouTube trong nm 2013, Trojan ny chuyn hng ngi dng ti b khai thc Styx gip chim t l cao Styx ca cui nm.Trong mt s trng hp, ngi s dng Flash c th b nhim m ngay c khi c chuyn, bi v cc qung co Flash c cha m khai thc nhm vo l hng Flash Player ca khch hng. Beyond Blackhole: Mt th gii ca b dng c khai thc Blackhole vn cn xung quanh: trn thc t, n c s dng trong cc cuc tn cng Darkleech tho lun trn. Nhng Blackhole khng cn l duy nht.Mc d khng c k thut o ngc Blackhole, mt s nhm to ra mnh m khai thc b dng c mi xy dng trn cc i mi. Trong nghin cu gn y nht ca chng ti, Blackhole ch l th tm v t l. Cc e da nhm mc tiu n cc ti khon ti chnh. Trong khi chng ta khng th xc nh s lng tng, SophosLabs quan st c cc cuc tn cng kin tr hn m dng nh nhm mc tiu vo cc cng ty c th hoc cc t chc, bao gm c cc t chc trc y khng c coi l mc tiu hng u. Ngy cng, cc cc cuc tn cng xut hin c nhm n nhng ti khon ti chnh , cho thy s quan tm ca truyn thng tin n cp ti phm mng trong phng thc giao hng trc y c s dng trong mi tn cng e da lin tc tin tin (APT) . A wolf in sheeps clothing: Plugx, Blame and Simbot: Mt s cuc tn cng nhm mc tiu vo c gng ngy trang mnh nh cc ng dng hp php. c bit, chng ti ang nhn thy nguy

him cc cuc tn cng nh cp giy chng nhn, trong s dng cc thnh phn k t h iu hnh Windows hoc cc nh cung cp bn th ba trong ti cc thnh phn c hi. Cc m c hi sau thc hin theo mt quy trnh ng tin cy, v vy nu mt bc tng la thy d liu thng u ra bn ngoi, n c th kt lun rng hp php.Sophos nghin cu chnh Gabor Szappanos gn y c trnh by nhng hiu bit mi v cc cuc tn cng nhm mc tiu vo, m t lm th no h vn tn ti khng b pht hin trong nhiu thng hoc nhiu nm bi gim thiu tc ng h thng, gi cho gn nh mi th trong hnh thc m ha, v sp xp cht ch vi cc ng dng sch.Nhng k thut ny vch ra con ng hng ti mt k nguyn khi cc cuc tn cng s cn kh khn hn pht hin ra.Windows:Cc ri ro trong h thng cha c v. Bt u t thng 4 nm 2014, khng c bn v li mi s c sn cho Windows XP v Office 2003. Android v cc trang web c s ch xng ng trong ngy ny. Tht d dng qun rng hn mt t my tnh vn chy Windows Trong khi cng c Microsoft Update t ng gi nhiu h thng v v cp nht, ng k v nhng khong trng ng lo ngi tn ti. Theo NetMarketShare, tnh n thng 9 nm 2013, hn hn 31% ca tt c cc my tnh vn chy Windows XP, cc phin bn rt ph bin u tin c gii thiu vo nm 2001. Microsoft c nhiu ln nhc li rng n s ngng cung cp h tr v cp nht bo mt cho Windows XP trn ngy 08 thng 4 nm 2014. Nu bn ang chy mt h thng Windows XP, hoc nu bn chu trch nhim i vi ngi khc l ai, l mt mi quan tm nghim trng.Nh l ca ring Trustworthy Computing Gim c ca Microsoft, mt s l hng trong cc phin bn mi hn ca Windows s c tng thch ngc vi Windows XP. Khi cc bn sa li ca Microsoft nhng l hng trong Windows Vista, Windows 7 hoc Windows 8, n chc chn s c s ch ti thc t rng h l

vn cha c v trong Windows XP. Vn th rc: Thm 1 nm ca th rc. N khng phi l hp dn i vi cc tin tc, nhng cc nguy c bo mt cha bao gi c b ri. Min l mi ngi gi th in t, nhng k xu c th s gi gi th rc. Mt s th rc ch n thun l gy phin nhiu. cc loi khc th rc c kt ni vi nhng tr gian ln ti chnh hu ht chng ta c th bit v b qua. V mt s lin kt th rc phn mm c hi c th pht trin.Mt vi chin thut c s dng bi ngi gi th rc khng bao gi dng nh bin mt. v d, da trn hnh nh th rc (nhng n lc bn Rolex gi-ng h vn l mt cy lu nm) v th rc lin quan n s kin hin ti (v d, thng 4 nm 2013 tn cng khng b trn Boston Marathon). Cc hnh thc khc ca th rc dng nh mang tnh chu k, ri ra khi chu k v sau ti xut hin nm sau . V d, vo nm 2013 chng ta thy s hi sinh ca th rc c in chng khon dumpand-dump. Pump-and-dump la o chng khon tr li: Thng ip Pump-and-dump ha rng mt c phiu penny l Vn nhy cm v gi c. Khi mt vi nn nhn mua vo tr la bp, ngi gi bn v nm bt tt c cc li nhun. nhiu nm trc, dump-and-dump th rc chim hn 50% ca tt c cc th rc trong mt s ngy, nhng sau khi mt chng khon Hoa K ngn chn, n gn nh bin mt. Bt u t u nm 2013, dump and dump cha l 1-7% ca tt c cc th rc t ngy 17-ngy 31 thng 1, 5-15% t thng Hai 16-20% v 5-20% thng qua hu ht thng Ba. Sau ,

khi lng tng vt: thng qua Thng By, thng Tm v thng Chn, chng ti thy khi lng hng ngy t 10-20%. SophosLabs:Hu nh cc cuc tn cng trong ngy nay u tinh vi Nh cc cuc tn cng phn mm c hi pht trin ngy cng phc tp v kh nm bt, cng ty chng khon phi p ng vi tr thng minh cao hn, tnh linh hot v tc . SophosLabs c lm vic . c mt thi gian, cc cng ty chng phn mm c hi tp trung ch yu vo vic xc nh cc ch k lin quan n c hi trong phn mm. Sau , k tn cng p tr bng a hnh cc cuc tn cng to ra phin bn c o ca phn mm c hi cho mi my tnh b ly nhim-do khin pht hin tnh xa km hiu qu. Mt s cuc tn cng a hnh l d dng ngn chn. V d, lc email gn nh lun lun c th ngn chn cc cuc tn cng cung cp thng qua file nh km email. Nhng ngy nay, hu ht cc cc cuc tn cng nguy him c bao gm cc chui phc tp ca cc cuc tn cng cc thnh phn ph bin rng ri trn web. V, nh nm nay Bo co m t, h p dng k thut mi mnh m chng pht hin. p li, chng ti da vo mt s tng c tch hp v bo v. V d, chng ti u t rt nhiu trong vic pht hin v ngn chn trang web m my ch khai thc b dng c v ni dung c hi. chng ti xy dng lp pht hin nhm pht hin mt s c th khai thc cc thnh phn b, bao gm JavaScript chuyn hng, khai thc Java v cc vn bn tha hip. Xu hng vo nm 2014

Pht trin cng ngh ln trong nm v cui cng mt lot cc tit l v C quan An ninh quc gia lm rung chuyn cng ng an ninh quc t nm 2013 mt nm th v cho cc nh quan st xu hng trong nm 2013 lm ni bt s kin bo mt ca nm qua, chng ti xem xt mt s xu hng ang ni ln chng ta c th thy trong nm ti Theo cc doanh nghip ngy cng ph thuc vo cc dch v m my khc nhau cho dch v qun l d liu khch hng ca h, k hoch d n ni b v ti sn ti chnh.chng ta mong i xem mt xut hin ca cc cuc tn cng nhm mc tiu thit b u cui, thit b di ng v cc thng tin nh cc phng tin tip cn vi m my ca cng ty hoc c nhn.Tht kh d on nhng hnh thc tn cng g trong tng lai s c, nhng chng ti c th tng tng phn mm c hi n cp thng tin khng ch ti a phng ti liu, m cn bt k loi d liu lu tr in ton m my. cc cuc tn cng c th khng cn m ha d liu v c th mang hnh thc hm e da s cng khai vi cc d liu b mt ca bn Mt khu v cc chnh sch m my truy cp d liu mnh m c nhiu quan trng hn bao gi ht. APTs p ng phn mm c hi c ng c ti chnh Chng ti hy vng s thnh cng ca cc mi e da lin tc nng cao (APTs) trong vic thc hin cc cuc tn cng vo cc mc ch cng nghip,gin ip s truyn cm hng cho cc trng hc c bng nhm phn mm c hi ti chnh,p dng k thut ca h. Trong thc t, chng ti nhn thy khai thc k thut mn t cc nhm APT c s dng cho phn phi phn mm c hi. Phn mm c hi Android, ngy cng phc tp, tm ra nhng mc tiu mi.Trong nm 2013 chng ta thy s tng trng theo cp s nhn trong phn mm c hi Android, khng ch v s lng cc

nn nhn b nhim v cc loi, nhng cng c s lng cc thit b b nh hng trn ton cu. Trong khi chng ti hy vng rng tnh nng bo mt mi trong Android Nn tng ny s lm cho mt s thay i tch cc trong t l ly nhim theo thi gian, li hu ht ngi dng tip xc vi cc cuc tn cng k thut la o n gin. ti phm mng s tip tc khm ph nhng con ng mi cho phn mm c hi Android lu hnh tin t. Mc d la chn ca h trn nn tng ny l hn ch hn so vi Windows, cc thit b di ng l mt hp dn b phng cho cc cuc tn cng nhm vo cc mng x hi v in ton m my nn tng. Gim thiu ri ro ny bng cch p mt BYOD chnh sch ngn chn ph ti v ng dng di ng t cc ngun khng r, nhim v bo v chng phn mm c hi. Phn mm c hi a dng ha v tinh vi.S a dng trong phn mm c hi v ti chnh nng ng phn nh s khc nhau gia cc a l v kinh t khu vc. a dng Phn mm c hi ca i tng mc tiu s c kh nng tip tc tng trng trong nm 2014, c bit l phn bit gia ngi tiu dng v ngi dng doanh nghip. Chng ti cng c th mong i cc cuc tn cng chuyn bit hn trong mi quan h vi cc mc khc nhau v mc bo v v gi tr mc tiu. Nguy him d liu c nhn t in thoi di ng,cc ng dng v mng x hi Bo mt di ng ni chung s tip tc l mt ch nng vo nm 2014. Vic p dng lin tc ca cc ng dng ang ni ln cho thng tin lin lc c nhn v doanh nghip m rng cc cuc tn cng bo mt, c bit l la o. S a ch ca bn v x hi ca bn kt ni th l mt kho tng cho k gian o v tt c cc loi,

v vy hy ch n ngi bn u thc truy cp vo n v ti sao. kim sot di ng v cc ng dng web cho ngi dng doanh nghip s gip gim thiu ri ro ny. Thm nhp phng th Trong cuc chin khng bao gi kt thc gia ti phm v cc nh cung cp an ninh, chng ti mong i xem v kh mi nhm vo c ch mng mi nht. Dch v uy tn, in ton m my c s d liu bo mt, danh sch trng tn cng theo nhng cch mi v c c. Chng ta s thy phn mm c hi hn k kt vi b nh cp ch k k thut s, c gng cht c bo mt d liu v phn tch t xa v k thut bc cu, v tng cng s dng cc cng c hp php cho mc ch c hi. 64-bit phn mm c hi Vi pht trin thng qua cc h iu hnh 64-bit trn my tnh,chng ti ang mong i mt s tng trng ca phn mm c hi l khng th chy trn My tnh 32-bit Khai thc cc ng dng tip tc l mt mi e da chnh cho Windows Mc d Microsoft c nhng tin b cng ngh trong h iu hnh Windows nng cao thanh cho khai thc pht trin, cng ty vn cha chin thng cuc chin. Vi Windows XP t cui cng ca cuc sng sau 12 nm, n s tr thnh mt mc tiu rt ln cho nhng k tn cng. Windows 7 s c hng s thng tr rng ri nh vy cho bao nhiu nm? bao lu trc khi chng ta thy phn ln cc thit b u cui di c n hn phin bn gn y ca Windows vi cc tnh nng bo mt c ci thin? Giao hng mi e da i hi tng tc ngi dng (x hi k thut) cng s tip tc l mt vector nhim ln. Nhng tc gi phn mm

c hi s phi tinh chnh k thut ca h thuyt phc nn nhn thc hin ti trng, khi mi ngi tr thnh thng minh hn v phn bit c hi t lnh tnh. Hacking Everything Chng ti tip tc a dng ha cc thit b trong ca chng ti mi trng, v cc thit b t chc kinh doanh d liu nhy cm Cho nhng ngi mun lm hi chng ta, cc thit b nhng ca chng ti trong nh, vn phng v thm ch c cc thnh ph i din cho cuc tn cng th v mc tiu. V ng tin in t mi v thanh ton k thut lm nhiu hn so vi ch gi tr th tn dng xem xt. Trong khi chng ti khng mong i cc cuc tn cng chng li "Internet of Things" tr nn ph bin vo nm 2014, chng ti d on s gia tng l hng c bo co v bng chng ca khi nim khai thc.