Jump to content

Search the Community

Showing results for tags 'kaspersky lab'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 13 results

  1. Revenues and reputation have taken a hit in the wake of the US Department of Homeland Security's decision to prohibit use of its products and services by the feds, the company says. Security vendor Kaspersky Lab has filed a motion for a preliminary injunction in its lawsuit challenging the US government's recent ban on the use of the company's anti-malware products by federal agencies. The ban has seriously hurt Kaspersky Lab's reputation and revenues and should be overturned expeditiously, the company argued in the motion filed Wednesday in US District Court for the District of Columbia. The US Department of Homeland Security (DHS) last September ordered the removal of Kaspersky Lab software and services from all federal information systems covered under the Federal Information Systems Management Act, and banned further use of all products from the company. The ban, issued under DHS Binding Operational Directive (BOD) 17-01, stemmed from concerns about the firm's ties to the Russian government and the belief that Russian agents had used the company's software to steal sensitive data from US government systems. In its motion, Kaspersky Lab claimed the ban has caused considerable reputational damage and loss of sales to the company in North America. The debarment has precluded Kaspersky Lab from doing business with the US federal government, while hurting its consumer and commercial business as well, the motion said. US retailers that used to carry its products have now removed it from their shelves and are encouraging customers to switch to rival products, resulting in an overall decline in North American sales of over 50% during the second half of 2017. According to Kaspersky Lab, the government issued the BOD without giving the company enough notice or enough of an opportunity to contest the evidence for the ban, thereby violating Fifth Amendment rights to due process. The BOD is also not supported by any substantial evidence and is therefore both "arbitrary and capricious," Kaspersky Lab said in seeking an injunction overturning the ban. "DHS used the BOD to achieve a preordained result—the immediate debarment of Kaspersky Lab, and the consequential and foreseeable adverse effect on its U.S. commercial sales," the security vendor said in its motion. "The BOD achieved this result while depriving Kaspersky Lab of any meaningful or constitutionally sound process to challenge the tenuous, often anonymous, and uncorroborated media stories and other self-serving public statements which DHS relied upon to justify its action." Ed McAndrew, a trial lawyer at Ballard Spahr, says Kaspersky Lab's injunction is curious in what it does not seek. After the ban went into effect, it was codified into law under the 2018 National Defense Authorization Act, he says, and as a result, the government will likely argue that Kaspersky’s challenge to the agency actions is moot. Kaspersky Lab is attempting to use the Administrative Procedures Act (APA) to challenge DHS's administrative actions. But "there's no need to focus on the administrative action because we now have the ban codified as a law," McAndrew says. In addition, the DC federal court has previously already ruled in another case that the APA does not provide a basis for judicial review under FISMA, he adds. The security vendor's bid to get a temporary injunction — and eventually a permanent injunction— against the ban faces other legal challenges as well, McAndrew notes. To obtain injunctive relief the company will have to prove a variety of things, including the fact that it will suffer irreparable harm, and that issuing an injunction would be in the public interest. It is unlikely that the company will be able to satisfy any, let alone all, of the requirements, he says. "Winning the case may not be Kaspersky's only objective," however, McAndrew notes. "Seeking injunctive relief will provide Kaspersky with a public judicial forum in which to air its dispute with the government's action – and perhaps to attempt to repair its reputation." If a hearing is held, Kasperksy Lab will have an opportunity to publicly present evidence disputing the disbarment while requiring the government to present public proof of the basis for its decision to ban Kaspersky Lab products, he says. source
  2. Kaspersky is being reviewed by NSA Kaspersky Lab is stuck in the middle of a rather nasty fight between Washington and Moscow as the Russian-based anti-virus provider is being investigated by the US intelligence agencies. Following news that US officials were more and more concerned about how Russian spies could use Kaspersky's software to spy on Americans and sabotage US systems, the National Security Agency has revealed that it is reviewing the government use of the company's products. Mike Rogers, NSA Director, told a Senate committee that he was personally involved in monitoring the Kaspersky issue, but refrained from elaborating, most likely due to the sensitive nature of the situation. Defense Intelligence Agency Director Vincent Stewart also confirmed the investigation saying they are tracking Kaspersky and their software. Kaspersky's defense Kaspersky has issued a statement earlier this week saying the allegations are false. "The company has a 20 year history in the IT security industry of always abiding by the highest ethical business practices, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations," the statement reads. The company points out that the reports are unlikely given how engaging in such an act would ruin a multi-million dollar business that took decades to build. Furthermore, Kaspersky notes that users have full control over telemetry sharing, with participation being voluntary. Kaspersky also points out that over the past ten years, they've discovered and publicly reported on multiple Russian-speaking cyber espionage campaigns, despite the connection the company has with the country. Eugene Kaspersky, the company's founder and CEO, also addressed the issue during an AMA session on Reddit. He said he would be happy to testify before the Senate to clear up any concerns regarding the products his company makes. "I respectfully disagree with thier opinion, and I'm very sorry these gentlemen can't use the best software on the market because of political reasons," Kaspersky said. Source
  3. Kaspersky was also keeping an eye on this hacker group Symantec wasn't the only security firm keeping an eye on what is now believed to be one of CIA's teams, but also folks over at Kaspersky. Instead of Longhorn, however, they'd called the group "The Lamberts." Pretty much like folks from Symantec, Kaspersky had been watching The Lamberts for years, since 2014, more specifically when an attack was observed taking advantage of a zero-day vulnerability (CVE-2014-4148). The attack at the time leveraged malware Kaspersky called "BlackLambert," targeting an unnamed high profile organization in Europe. Kaspersky tracks back The Lamberts to at least 2008 and say they've been using multiple sophisticated attack tools against high-profile victims, with their arsenal including network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers. Their tools work both for Windows and OSX, with the latest samples noticed by Kaspersky created in 2016. " "Although the operational security displayed by actors using the Lamberts toolkit is very good, one sample includes a PDB path that points to a project named “Archan~1” (perhaps ‘Archangel’). The root folder on the PDB path is named “Hudson”. This is one of the very few mistakes we’ve seen with this threat actor," Kaspersky notes. Elementary, my dear Watson According to Symantec, following the Vault 7 Wikileaks revelations regarding CIA's hacking tools, they've been able to correlate the tools mentioned there to a group they've been calling "Longhorn." They'd long believed the group was state-sponsored due to the fact that they seemed to work Monday to Friday and they had ample capabilities. Following Vault 7, they were able to correlate some 40 attacks across 16 countries in Europe, the Middle East, Asia and Africa, focusing on organizations operating in various sectors, such as financial, telecoms, energy, aerospace, information technology, education, and natural resources. "The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group," Symantec wrote in its presentation. Source
  4. DDoS attacks are a popular cyber criminal technique, used either to cause a distraction for a different crime or demand a ransom for calling off or not launching an attack. New research from Kaspersky Lab reveals how profitable this activity can be. Researchers studied the DDoS services on offer on the black market and looked at how far the illegal business has advanced, as well as the extent of its popularity and profitability. The findings show that DDoS attacks can cost anywhere from $5 for a 300-second attack to $400 for a 24-hour attack. Based on the research, the average price for an attack is around $25 per hour. Kaspersky Lab's experts were also able to calculate that an attack using a cloud-based botnet of 1000 desktops is likely to cost the providers about $7 per hour. That means the cybercriminals organizing DDoS attacks are making a profit of around $18 per hour. Ransoms for calling off or not launching an attack can be the bitcoin equivalent of thousands of dollars, meaning the profitability of a single attack can exceed 95 percent. Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, as the former are high risk, while the latter are more difficult to attack. For instance, on one DDoS-as-a-service website, the cost of an attack on an unprotected website ranges from $50 to $100, while an attack on a protected site costs $400 or more. Arranging a DDoS attack is very similar to dealing with a legitimate business. The only difference is that there is no direct contact between the provider and the customer. The "service providers" offer a convenient site where customers, after registering, can select the service they need, pay for it, and receive a report about the attacks. In some cases, there is even a customer loyalty program, with clients receiving rewards or bonus points for each attack. Some sites go so far as to offer protection against attacks too. "Cybercriminals are constantly on the lookout for new and cheaper ways of organizing botnets, as well as coming up with ever more ingenious attack scenarios that security solutions will have difficulty dealing with," says Denis Makrushin, security researcher at Kaspersky Lab. "That's why, as long as there are vulnerable servers, computers and IoT devices connected to the internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency." You can read more about the findings on the Kaspersky Securelist blog. Source
  5. When your job is writing about technology you get used to receiving the somewhat off the wall ways companies come up with to promote their products. Kaspersky's latest endeavour though had us scrambling for the calendar to check whether it was April 1st, as the company is launching a fragrance. Described as 'threatening yet provocative' the rather disturbingly named Threat de Toilette comes, like all the best scents, in pour femme and pour homme versions. "Fear awakens our senses," says David Emm, Kaspersky Lab's principal security researcher and face of the new scent. "The men and women who wear Threat de Toilette understand today's online threats and protect themselves against them. Fear is no longer felt only in the physical world -- it's all around us in our connected lives too and we need to make sure we're constantly protected." So far so gimmicky, but the launch in London's trendy Soho does have some serious points to make about information security. Scents in the range include; Ransom (reassuringly expensive), Social Enginoir, Mal-wear, and Phish. In an interesting twist, UK beauty blogger Scarlett London (no, us neither) gave her take on cyber security, "I don't feel that we discuss cyber-security enough -- or that enough attention is given to it, especially considering how much of our time and life is spent online. My business and livelihood is based online -- so if a hacker was to be able to get in and steal content or wipe files from my computer, channel or feeds, it would severely disrupt my business and my ability to grow my channel. My audiences' experience would also be disrupted because they wouldn't have any new content to watch." So, in future expect to buy your fragrances from your IT security company -- we look forward to the launch of Symantec Scents and Panda Pongs -- and don't forget to pop down to the beauty salon for your cyber security advice. It's a funny old world... < Here >
  6. A new report released by Kaspersky found that almost half of all phishing attacks registered by its lab were targeting victims’ money with phishing pages which looked exactly like legitimate banking services. Robert Capps, VP of Business Development at NuData Security commented below. “It’s not much of a surprise that Phishing is still a valid concern for cyber security professionals. The Internet is awash in stolen consumer data ripe for malicious use providing fertile soil in which fraudsters can grow innovative attacks using purloined black-market data. Victims of stolen data are a natural target for phishing since most major data breaches target login credentials, email addresses, and passwords. This dataset is perfect to concoct nearly flawless Phishing attacks, often by impersonating major organizations or financial institutions with which they normally interact online. Just educating the consumer about online risks is an uphill battle. One that inevitably finds even the savviest consumer ensnared in some fraudulent scheme. There are many solutions currently available that could render most Phishing attacks obsolete by devaluing any benefit the fraudsters get out of it.” < Here >
  7. Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS, a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating system is not made for your average home PC; instead, it is meant to protect industrial systems and embedded devices from cyber attacks by preventing any third-party or malicious code from executing. Kaspersky Lab CEO Eugene Kaspersky confirmed the rumors of a new operating system on his official blog published on Monday, saying this project under the codename 11-11 has been in the works for 14 years and has been designed from scratch. The reason behind developing KasperskyOS is simple: Growing Internet-of-Things and embedded devices in industrial control systems (ICS) to power critical infrastructure. It's quite easy for most companies to get rid of the virus-infected computer, as they all need to do is unplug the infected ones from the network, according to Kaspersky. But since industrial control systems (ICS) are usually managing critical operations or infrastructure that must be powered on all the time and can not be taken offline for even a while, the malware targeting these ICS systems is a challenging problem. So, according to Kaspersky, the solution lies in a secure operating system with strict cyber security requirements that could help reduce the chances of undocumented functionality and thus mitigates the risk of cyber attacks targeting ICS or IoT devices. It’s Secure, But KasperskyOS is not Linux! Yes, this OS is not just another Linux flavor. One of the major distinctive features of Kaspersky OS is that the GUI-less operating system has been constructed from scratch and does not contain even a single string of Linux code in it. "All the popular operating systems are not designed with security in mind, so it is simpler and safer to start from the ground up and do everything correctly. Which is just what we did," said Kaspersky. The new OS has been designed to allow programs to execute only documented operations under its strict security policy. Only what is defined by the policy can be executed, including the functionality of the OS itself. The customers can also examine the source code of KasperskyOS to make sure the operating system has no undocumented capabilities. The OS also has independent security engine that lets users enforce the policy that suits their security objectives. KasperskyOS is not a general-purpose operating system; instead, it is designed for embedded devices, including IoT, telecommunication equipment, connected cars, and industrial control systems. To create a package that could be applied in several different areas of granular customization, Kaspersky has developed three products: An Operating System (KasperskyOS) A standalone secure hypervisor (KSH) for running virtual machines A system for secure interaction between OS components (KSS) KasperskyOS was designed to not only solves security issues but also addresses organizational and business challenges related to secure application development for embedded systems. Credit: http://thehackernews.com/2017/02/kasperskyos-operating-system.html
  8. Cyber criminals are now turning to ransomware more than ever Everyone knows Russian hackers are extremely busy people, but knowing that about 75% of all ransomware is made by Russian-speaking cyber criminals is still surprising. According to senior malware analyst at Kaspersky Lab, Anton Ivanov, out of the 62 crypto ransomware families discovered by the company's researchers in the past year, 47 of them were developed by Russian or Russian-speaking people. "This conclusion is based on our observation of underground forums, command and control infrastructure, and other artefacts which can be found on the web. It is hard to draw strong conclusions on why so many of the ransomware families out there have a Russian origin, but it is safe to say that this is because there are a lot of well-educated and skilled code writers in Russia and its neighboring countries," Kaspersky's analysis reads. Kaspersky data shows that all ransomware families attacked more than 1.4 million people around the globe in 2016, which is a massive number of people who have either paid up to get their data back or said goodbye to their files altogether. And, keep in mind, 75% of those ransomware variants used for these attacks were made by Russian-speakers. Of course, there are ways to bypass ransomware, from free decryption tools for certain variants to initiatives such as No More Ransom which will offer free help to those seeking to get rid of the spies on their devices. The new old tool of cyber criminals - ransomware Analyzing the attack stats for 2016, Kaspersky further noticed that a regular user was attacked with encryption ransomware on average every 10 seconds, while organizations were hit about every 40 seconds. The frequency of attack has grown considerably over the past few years, and we're even noticing spikes throughout the year. Ransomware is by no means a new type of malware out into the wild; it's been around for over a decade. Hackers are now discovering, however, just how much more profitable it can be to use this type of attacks. Ref: < http://news.softpedia.com/news/three-quarters-of-all-ransomware-signed-by-russian-speakers-513050.shtml >
  9. Peer pressure is having a big impact on how children communicate with each other, making them more dependent on staying connected to the Internet, according to new research carried out by Kaspersky Lab and iconKids & Youth. Parents provide their kids with connected devices to help them maintain contacts with their friends, and children themselves claim that they use these devices because their friends do so. The Connected Kids survey found that over half of parents (52%) provide their children with mobile devices so that they can communicate with their peers. The research also revealed that one in four (27%) parents provide their children with connected devices because of concerns that their child would be treated as an outsider without them. Kids are increasingly using connected devices as an essential means of communicating with their friends and peer pressure is playing a role in pushing modern friendships online. 44% of young people say they use a connected device because their friends do and one third of kids (32%) keep in touch with their friends more often online than offline. The importance attributed to online friendships is as much as real world friendships for many children. Over two fifths of kids (42%) have claimed that they are equally afraid to lose friends online and offline, and one in ten (11%) are more afraid to lose friends online than offline. Use of modern communication platforms is a major online activity for young people, including social media (35%) and messaging apps (35%). The research also reveals that the older children get, the less likely they are to meet friends face-to-face, preferring to use instant messengers, social networks and SMS to communicate. 76% of kids aged between eight and 10 prefer real world contact, as opposed to only 46% of teenagers aged 14-16. “Online communication has become such a substantial part of modern kids’ lives that parents should be paying extra attention to it. Kids are now experiencing peer pressure to use online tools as part of everyday communication and it’s important that parents are as vigilant as possible to the threats and aware of what their kids are doing on the Internet. It is also very important to talk to the child, explain online dangers and the advantages of communicating in the offline world. Online safety programs allow parents to see what is happening with their children online and to take measures when needed to protect them,” comments Andrei Mochola, Head of Consumer Business at Kaspersky Lab. “Online communication adds a whole new dimension to peer interaction, underlining the importance of social and emotional skill development – an area consistently overlooked in school curricula. Young people today generally cultivate their friendships in a blended on- and offline environment, and we are already getting a glimpse of the problems that can arise from this form of socialization. We at European Schoolnet believe that developing a young person’s capacity for self-reflection and empathy is essential. As the most impactful way for a child to learn is by example, it is up to parents to show their children how enjoyable and entertaining face-to-face conversations can be and that real life is just as much fun and entertaining as virtual life,” says Janice Richardson, Senior Advisor at European Schoolnet. Article source
  10. Survey results further showed that 44 percent confessed that they did not know what data or information could be stolen in a ransomware attack The Kaspersky Lab study highlights the discrepancy between the spread of ransomware attacks and what consumers know about the threat. WOBURN, Mass.--(BUSINESS WIRE)--Kaspersky Lab today published a new study that reveals almost half (43%) of connected consumers today do not know what ransomware is, despite the recent aggressive spread of this type of cyber threat. In addition, a similar amount (44%) confessed that they did not know what data or information could be stolen in a ransomware attack. For the study, Kaspersky Lab surveyed over 4,000 U.S. and 1,000 Canadian consumers aged 16 and older. The results showed that only a small number (16%) of consumers mentioned ransomware as a cyber threat they were worried about, compared to their concern of viruses, spyware and Trojans. Moreover, it’s not a clear concern for even those of a tech-savvy generation: only 13 percent of Millennials said they were worried about ransomware in general. As a malware that can restrict access to a computer system so it becomes difficult or impossible to access, ransomware has become a danger to individuals and businesses alike. In addition to a lack of understanding and concern about ransomware, many consumers do not know what cybercriminals can take once they have control over a computer, smartphone or tablet. Not knowing that cybercriminals can take personal documents, photos, videos, audio files and lock them out of a person’s reach, can leave people vulnerable. However, since consumers store emotionally and financially valuable content on their digital devices, 26 percent of Americans and 24 percent of Canadians said they would be willing to give up social media permanently in order to guarantee the future protection of their personal digital files. Also, many respondents would not know what to do if a ransom attack occurred. The survey found that 15 percent of Americans and 17 percent of Canadians think unplugging the computer or turning off the mobile device could stop it, with a small amount even believing negotiating with the attacker is the best way to stop the attack. The findings also indicated that the percentage of those surveyed who would not know what steps to take in a ransomware attack grew with increasing age, from 37 percent of those aged 16-34 to 54 percent of those aged 55+. “Right now, ransomware is an epidemic. Although it has been around for more than a decade, we have seen a recent explosion of new ransomware families that is cause for serious concern,” said Ryan Naraine, head of the Global Research and Analysis team in the USA, Kaspersky Lab. “With this epidemic, the need for increased consumer awareness about ransomware is essential. Consumers today must not only learn about ransomware, but also use solutions to protect themselves against it, including installing internet security, making sure all devices are updated with available software patches, routinely backing up all important digital assets and implementing better user habits.” Article source
  11. The Russian antivirus vendor Kaspersky Lab reports that ATMs are poorly secured. An important reason is that the majority runs on Windows XP but also because banks sometimes install software like Acrobat Reader 6.0, Radmin and TeamViewer on the machines. “The engineers servicing ATMs often think that if the ATM is working, it is better “not to touch” (read: “not to update”) it. As a consequence, some cash machines still have the unpatched critical vulnerability MS08-067 which allows remote code execution”, Kaspersky Lab’s Olga Kochetova writes on the company’s blog. Besides insecure software, Kochetova also warns for insecure hardware. According to her it’s relatively easy to open an ATM to use an USB port to infect a system. In some cases the system can even be accessed without opening the ATM because it’s possible to connect to it through communication cables or routers that are connected. After a malware infection a cash box can be emptied with a specific key combination. Another issue is the XFS standard which used by malware to communicate with the ATM. The XFS standard (extensions for financial services) works the same on all ATMs and provides API’s that allow cybercriminals to issue money without authorisation or to open cash boxes. ATM manufacturers are very lax about security. For example they’ve told Kaspersky when the company pointed out the USB issues, “This vulnerability is inherent in the USB technology and is expected be mitigated by the use of appropriate physical controls on access to the ATM top box.” Another ATM manufacturer told Kaspersky, “We regret informing you that we had decided to stop producing this model more than 3 years ago and warranties for our distributors been expired.” Obviously ATMs should be properly secured, Kochetova therefore advises ATM manufacturers to focus more on security. An advice is to use two-factor authentication, to revise the XFS standard and to use legitimate software. She also advises to use encryption for all data transferred between hardware components of the ATM and the computer. And last but not least, banks are advised to stimulate ATM manufacturers to develop secure products and to quickly fix vulnerabilities. Article source
  12. Kaspersky Lab India held a 2-day meet with its South Asia distributors covering the regions of India, Sri Lanka, Bangladesh, Nepal, Bhutan and Maldives. The meet was held on March 18-19, 2016 at the Hyatt Regency, Mumbai, the conference had Kaspersky Lab South Asia’s leading distributors – VR Infotech, Comguard, SEA Infonet, eCaps, OfficeXtracts & Avian in attendance. The meet began with a review of the year 2015. This was followed by setting a business roadmap for the 2016. Kaspersky Lab discussed their business vertical projections in detail in their one-on-one sessions with their distributors. Kaspersky Lab South Asia team discussed the past year’s performance, set target for the coming financial year and reviewed the technical and marketing support it needs to lend to the distributors. The dynamic industry’s fast changing factors were deliberated upon in great detail. Kaspersky Lab encouraged its distributors to freely discuss the challenges they faced, based on which solutions were worked out. Kaspersky presented to its distributors all the new product offerings that are slated to be launched in the coming financial year, sharing vital information and key feature presentation with its distributors. Endpoint and Security Intelligence Services were at the centre of a wide dialogue. The distributors were apprised with every bit of information that they needed to know on sales, marketing, and technical. Altaf Halde, Managing Director – South Asia, Kaspersky Lab said, “Our distributors are a very important part of our eco system. The SA Distributor meet gave us a clarity on how we can work together to achieve the goals set for 2016. We also took this opportunity to present our non-endpoint solutions i.e Security for Virtualization, Security for Storage and Threat Intelligence Services. Now that we have our goals set and the path charted out, we all go back with renewed energy and focus!” Ajay Joshi, Director Channel Sales – South Asia, Kaspersky Lab said “The SA Distributor meet gives us a strong platform to review the past & plan for the current year. This also gives our team an opportunity to meet with our distributors and share their feedback and plan the year”. The meet concluded on March 19 with a day packed with detailed one-on-one meetings with all the distributors. Kaspersky Lab South Asia is optimistic that this annual dialogue has helped it to bring clarity and depth to their roadmap for the coming year. Article source
  13. Criminals plan to release a fresh wave of advanced cyber attack campaigns using the anonymising Tor network, according to Kaspersky Lab. Kaspersky Lab senior security researcher Sergey Lozhkin issued the warning during a webinar attended by V3, citing the recently discovered ChewBacca and evolved Zeus Tor malware as proof of their claim. "The Tor network started small but lots of hackers and cyber criminals have discovered the benefits of storing their communities and malware there. We've seen malware developers creating malware that communicates with the Tor network and passes its command-and-control servers (C&C) through it. This is because when you create a resource in Tor it's almost impossible to know who owns it or where it's hosted," he said. "They're putting their C&C server inside the Tor network so no one can easily destroy it. Already we found ChewBacca and Zeus that uses a Tor module to interact with their C&C. [This means] the communication channel [between the infected system and the C&C] is encrypted and protected by Tor. They are creating malware to support the Tor network and this will continue to rise." Tor is an anonymising network designed to help people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 5,000 relays to conceal the user's location. Lozhkin said the company has already seen a marked increase in the number of "hidden services" running on Tor, which rose from 910 to 1,077 over the last month. The services included a variety of different cyber rackets outside of basic malware hosting, ranging from digital black markets, such as the recently shut down Silk Road, to recruitment pages for hacker-for-hire groups. "Malware isn't the only thing stored in Tor. You can find any resource in there now, be it a single hacker for hire or a full-on mercenary group. They offer everything," said Lozhkin. "There are also a lot of trade places in Tor and the number is growing every month. We see lots of new things, like stores that sell botnets operating in it. Now you can go inside Tor and easily buy a botnet. You can buy it using Bitcoins and in two clicks become a botnet master." Kaspersky Lab's senior security researcher Stefan Tanase said criminals' use of Tor is particularly dangerous as the NSA's PRISM campaign has driven many users with appropriate cyber skills to begin using it. "With recent goings on in the cyber world and people realising how much cyber espionage is happening, people are beginning to use Tor. In the last year, we've seen services like Tor are becoming more and more used and popular around the world and the number of users is always increasing," he said. PRISM whistleblower Edward Snowden listed Tor and tools such as end-to-end communications encryption as key ways people can protect themselves from mass surveillance operations such as PRISM, during a privacy discussion at the SXSW conference. Source
×