When you think of zombies (if you ever think of zombies, that is) you probably think of soul-less, shifty creatures, mindlessly searching for a bite to eat. And as for bots, those things can go either way, can’t they? Cute little dog-shaped robo-floor washers…Or dangerous AI, looking to make us simple humans obsolete…
Well, just in time for Halloween, we bring you two real life tales of zombies and bots. No, this isn’t some holiday nightmare, they are both true-to-life malware-o-sphere attacks happening right now and…. they are coming for you.
Creepy Tale #1 – Of Zombies and Cameras
Closed circuit TV cameras, or CCTV’s, are surveillance devices designed to record or take still images of areas for security purposes in places like malls, banks and airports. Well, that’s what they are supposed to do. But last week security firm Incapsula discovered that over 900 security cameras all over the globe were being controlled as part of a botnet.
A botnet or zombie army, as it is sometimes referred to, is a group of computers being controlled by one or more computer for malicious purposes. This type of attack is a critical element in DDoS attacks – or distributed denial of service attacks. In DDoS attacks, such as was being carries out with the CCTV’s here, computers infected with a strain of malware become part of a network of computers which repeatedly attack a single entity, like a server, by sending a continuous stream of commands. This barrage causes the system to become overwhelmed with traffic and eventually crashes it.
According to the firm, “Their target was a rarely-used asset of a large cloud service, catering to millions of users worldwide”. Whether they were attempting to take the entity offline entirely or just jam it’s servers intermittently is unknown at the moment. Incapsula noted that the most astounding aspect of this particular attack was that one of the infected cameras was sitting right outside their office at the entrance to a nearby mall.
This all just highlights the potential dangers caused by IoT, or the internet of things.
Items like CCTV’s, hospital pumps and even traffic lights are not safe from hackers when they are connected to the internet. The internet of things can be very cool and convenient but all that tech needs to be secured, just as your laptop or smartphone does. Consumers and operators burying their heads in the ground will be very sorry they did when they find out that their internet-connected doorbell monitor has been hacked and is phoning home sensitive information to crooks.
Creepy Tale #2 The Malware that Wouldn’t Die
It seemed like the perfect balance of teamwork and guile, the good guys fighting together to free the world from the dangers of a raging banking malware. In early October, the FBI and UK authorities announced the take down of the notorious Dridex banking malware to much fanfare.
Dridex is an advanced malware that was used to steal over $3.5 million from Penneco Oil’s US bank account and has been used in other attacks as well, totaling over $30 million in losses for corporations.
Dridex works by infecting computers as part of botnets to send out phishing emails with infected links. When an unsuspecting target opens the link, the malware infests the computer. Then the malware begins to do its work, collecting login details and other information. According to security expert Graham Cluley, Dridex bots were sending out 350,000 malware-laced emails a day to businesses and organizations all over the world.
The creator of the malware, Andrey Ginkhul, was arrested in Cyprus in August and the US has requested that he be extradited and stand trial there. The servers that were controlling the bots were placed under the control of security firms working in conjunction with the US and UK governments. Ahh, right and decency had prevailed.
But it seems that that the fanfare was premature.
Unsettling signs are appearing that Dridex is not yet dead and in fact, may be perfectly functional. Security researcher with Rackspace, Brad Duncan noted that though Dridex’ activities had slowed down initially, much of the action has resumed. There may be additional servers or variants operating elsewhere and now they have to be located and stopped as well.
So will the powers of good find the remainder of Dridex and its evil cronies?
Only time will tell. But for now, as always, never open any attachments or embedded links in emails.
If you do open them, you just might find yourself being chased by those same zombies and bots.