Alphabet, the parent company of Google, has launched Chronicle, a new cybersecurity venture, following two years of development at the Alphabet X research lab.
The idea behind Chronicle stems from the fact that many companies receive tens of thousands of security alerts per day, more than most teams can handle, Gillett said last week in an online post introducing the new firm. Typically, security teams can filter those alerts to a few thousand, and at best, review several hundred at a time.
Chronicle will be able to speed up the detection process by as much as 10 times, using the same infrastructure that is employed in other Alphabet programs, thus allowing those threats to be analyzed in minutes.
The real goal is to create an “immune system” for the digital world, allowing companies to predict future attacks rather than react after the damage has been done, wrote Alphabet X CEO Astro Teller, captain of moonshots, in an online post.
Alphabet’s New Chronicle Promises to Speed Threat Data Analysis
The source code for Mirai, the malware behind the botnet that launched a massive attack on the Krebs on Security website — the largest DDoS attack on record — has been released in the wild, according to Brian Krebs, author of the blog.
A hacker who goes by the handle “Anna-senpai,” apparently because of increased scrutiny from the cybersec industry, last week announced the release on Hackforums, Krebs said.
The code release has heightened fears that the Internet of Things will be flooded with attacks from new botnets.
“The current lack of guidance and regulations for IoT device security is one of the bigger problems in this area, and why we see breaches in the IoT space rising,” said Reiner Kappenberger, global product manager at HPE Security – Data Security.
IoT Could Become Playground for Botnets Gone Wild
Symantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated advanced persistent threat that had eluded security researchers for at least five years.
A previously unknown group called “Strider” has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings, according to Symantec.
The APT spyware is called “ProjectSauron” or “Strider” in Kaspersky’s report.
The malware has been active since at least October 2011, Symantec said. It obtained a sample after its behavioral engine detected it on a customer’s systems.
Kaspersky found out about ProjectSauron when its software caught an executable library registered as a Windows password filter loaded in the memory of a Windows domain controller. The library had access to sensitive data in cleartext.
“Learning that some sophisticated malware has been running in your infrastructure for half a decade without detection is certainly painful,” said Sándor Bálint, security lead for applied data science at Balabit.
“Installing antivirus software and running a personal firewall provide only a bare minimum of protection,” he told TechNewsWorld.
Antimalware systems “stop 99.999 percent of known attacks,” claimed Balabit CEO Zoltán Györkő.
However, the Strider APT mimicked a password filter module, which “is yet another clear sign that passwords are dead and behavior is the new authentication,” he told TechNewsWorld. “The only way to catch these attacks is to spot changes in the behavior of users at the end points.”
Super-Sophisticated Spyware Spotted After 5-Year Run
“Patch your systems in a timely manner” is a mantra of security experts, but what happens when the patch well runs dry because a product’s maker no longer supports it? That is a situation many large enterprises find themselves in, and it’s one that poses security risks.
Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date, according to a BDNA report released last month.
End-of-life products pose a serious security risk to the enterprise.
“The vast majority of vulnerabilities — more than 99 percent — exploit out-of-date software with known vulnerabilities,” said BDNA President Walker White.
Oversight is a common reason end-of-life products continue to run on an organization’s systems.
“There may be a new version of a product, but because you don’t have a clear view of what’s in your environment, you can miss the old version in your upgrade process,” White told TechNewsWorld.
That’s how orphan apps are created, too.
“These products may remain on a network and are not removed because no one is using them, and no one has turned off their lights,” White said. “A hacker will exploit that kind of leftover artifact.”
Old Tech Can Create New Security Woes
More than 85 million Android devices worldwide have been taken over by the Yingmob, a group of China-based cybercriminals who created the HummingBad malware, according to a Check Point report released last week.
HummingBad establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.
If it fails to establish a rootkit, it effectively carpet bombs the target devices with poisoned apps.
HummingBad has been generating revenue of US$300,000 a month, according to Check Point.
The malware runs along with legitimate ad campaigns that Yingmob has produced for its legitimate ad analytics business.
HummingBad Mucks Up Android’s Works
The number of mobile ransomware victims across the globe has increased fourfold compared to a year ago, suggests a Kaspersky Lab report released last week.
Kaspersky software protected 136,532 users targeted by ransomware from April 2015 to March 2016 — up from 35,413 in the year-ago period, the company said.
“The growth curve may be less than that seen for PC ransomware, but it is still significant enough to confirm a worrying trend,” the report notes.
It identifies several factors contributing to the growth of ransomware in general:
- First, people are willing to pay the ransoms.
- Second, the value of the information stored on digital devices is so high now that paying a ransom to recover it is more cost-effective than not paying the ransom.
- Third, law enforcement is having difficulty responding to the problem.
- Fourth, new payment tools make it easier for extortionists to collect ransoms.
Mobile Ransomware Has Mushroomed