NOTA BENE

Notes, comment and buzz from Eugene Kaspersky – Official Blog

June 30, 2014

Cybernews from the dark side: June 30, 2014

Stock market hacks for microsecond delays.

Cyber-swindling gets everywhere. Even the stock market. First, a bit of history…

The profession of stockbroker was once not only respected and honorable, but also extremely tough. Dealers in stocks and shares once toiled away on the packed floors of stock exchanges and worked silly hours a week, stressed to the limit by relentless high pressure decisions all day (and night). They bought and sold securities, stocks, bonds, derivatives, or whatever they’re called, always needing to do so at just the right moment while riding the waves of exchange rates and prices, all the while edging nearer and nearer to serious heart conditions or some other burn-out caused illness. Other times they simply jumped out of windows to bring a swift end to it all. In short – hardly the world’s best job.

Anyway, all that was long ago. All that hard manual labor has been replaced by automation. Now thinking hard, stressing and sweating aren’t needed: a large proportion of the work today is carried out by robots – special programs that automatically determine the very best moments to buy or sell. In other words, the profession of stockbroker has in large part been boiled down to the training of bots. And to these bots reaction times – to the microsecond – are vital to take advantage of this or that market swing. So speed literally depends on the quality of an Internet connection to the electronic stock exchange. That is, the nearer a robot is physically located to the exchange, the higher its chances of being the first with a bid. And vice versa – robots on the periphery will always be outsiders, just as will those not using the very latest progressive algorithms.

These critical reaction times were recently tampered with by unknown cyber-assailants. A hedge fund’s system was infected with malware to delay trading ability by a few hundred microseconds – which can – and probably did – make all the difference between clinching deals and losing them.

bae-600x255

Your password for a Twix?

Perhaps inspired by the pseudo-research conducted on the streets of London some years ago, which found that 45% (!) of women surveyed were willing to divulge their email password for a bar of chocolate, some Americans decided to find out how seducible computer users are when hard currency was on offer.

It turned out that around half of those taking part in the survey were ready to launch an unknown file from an unknown source – for one cent! For 50 cents the level rose to 58%. And for a dollar those who violated one of the principle rules of computer hygiene jumped to 64%!

Just what is wrong with people?

It’s true that computer hygiene is sadly lacking in general, despite the years we’ve put into telling folks the basics. But at the same time, that figure for the password for chocolate – I just don’t believe it!

Let’s have a closer look here: did anyone check whether the passwords given up were actually genuine? Maybe it was all a lot simpler: the female Londoners simply pulled a fast one in order to get the Snickers? That sounds more plausible :).

Half of users are willing to download an unknown file from and unknown source for one centTweet

So, pinch of salt at the ready, palm steadied and readied for the face… let’s just not forget about lies, damned lies, and statistics.

All animals are equal…

I’ve repeated countless times that there’s no such thing as absolutely secure software – especially so for such complex things like OS. Regarding vulnerabilities, it’s never a question of whether they exist or not, it’s just a question of when they’ll come to light – sooner or later.

Also, there’s a direct link between the popularity of software and its holey-ness – a non-linear one. Why would cyber-villains sweat it by targeting the relatively niche Mac OS, when hundreds of millions of vulnerable Windows comps are at the ready for immediate hire for a botnet? And the more vulnerable Windows comps there are – the less attractive to the underground become other platforms which aren’t as popular. But that doesn’t do away with the rule to be vigilant.

Here’s a fresh example from the world of Linux.

Infrequently – but regularly – we get a whiff of malware for this OS. And normally it’s quite advanced, as Linux programming is mostly done by serious professionals. For example, we recently published this analysis of a family of Trojans for Linux – real heavyweight Trojans able to carry out a DDoS attack with DNS amplification. It was found to be real effective with very limited resources and could even have a good go at bringing the Internet down!

bill_gates_botnet10

 

While over in the Apple orchard, notwithstanding occasional mess-ups, iOS is still holding up in terms of security. Thanks to its to secure architecture and pre-moderation of apps malware still hasn’t appeared for iOS (I do hope we haven’t missed anything).

Nonetheless, Apple still needs to be prepared, and to be 100% open and honest with users – happy owners of iDevices who are subject to all sorts of cross-platform attacks, including MITM and phishing. For example, at the current levels of mobile banking apps’ security, even if you’re using an iPhone you should only bank online in really secure locations. Let me tell you more…

…But some are more dangerous than others.

Let’s say you want to check the balance of your bank account using an iApplication in the departure area of an airport. And what do you see after passport control? ‘Free Wi-Fi’! And since spends on 3G add up over time and can get real slow at times – and you’d best check the balance while still at the airport as you’re not going to get stung by those extortionate roaming rates again – you decide it won’t harm to quickly use this free Wi-Fi.

What happens? All your traffic is intercepted by the guys in hoodies in the corner with the laptops…

You have to ask yourself: how well is your connection with the bank encrypted (if it’s encrypted at all)? And might there be some old bugs for which fixes haven’t been released yet? Wanna find out in such a risky way? Yes, it is a rhetorical question.

Still about Wi-Fi…

With the World Cup in full swing in Brazil, some of our top researchers decided to check out Wi-Fi access points in and around Sao Paulo, which will be used lots by football fans from all over the world.

How safe is it to use such Internet access and what should be looked out for – have a read here.

fifa3_wi-fi_security_en_3

And I’m sure that the conclusions in that report are more or less applicable to just about any country – not just Brazil. So, going back to iOS still being secure but also still being vulnerable – just remember: don’t put blind faith in your iDevices’ impermeability: instead – use your head. That rhymes. KL Marketing slogan writers – take note! :) 

Spam – still out there.

It’s been a while since I’ve mentioned spam. Maybe our filters are just working so well that we’ve stopped noticing this phenomenon?

It is true that in recent years spam protection has gotten super slick and the level of spam has been brought down; however, the phenomenon has remained and still in considerable quantities. For example, the share of the pink processed meat in email traffic still makes up around 70%.

april-2014_spam-report_en_pic9

And let’s not forget that spam is often used as the delivery mechanism for malware and phishing – especially in reaction to certain news stories and seasonal occasions. To better understand how and why this ecosystem is still going fairly strong – I recommend this here big research into the economics of the pink slime.

Though email spam is being coped with fairly well (I, for one, rarely see it in by inbox), there’s still its younger cousin – telephone cold-calling spam – which is still a serious headache in many parts of the world – particularly on the American continent.

The Federal Trade Commission even decided to ask participants of the upcoming DEF CON hacker conference for help in solving this problem! I’ve always said asking hackers to do your bidding ain’t the right way to go about thing, but still – it shows how desperate some folks are getting. Btw, this is already the second FTA attempt. The first time even a prize of $50,000 brought zero results.

That’s enough cybernews for today folks. See you!…

comments Leave a note
Leave a note
August 28, 2015

Kamchatka-2015 – top to bottom!

In my humble opinion, Kamchatka is the most fascinating and beautiful place on the planet. Bold statement, I know; but coming from a power-globetrotter like myself, maybe you won’t reject it out of hand? If you do – read the upcoming series of posts on this year’s An-Kam (annual Kamchatka), and let’s see if you haven’t […]

August 27, 2015

Top-100 Series: North America, Part 2.

Hi folks, In continuation of my revised and revamped Top-100 of the most remarkable, interesting, enchanting and beautiful places and countries of the world, here’s the next installment: part 2 of the very best – IMHO – places to visit in North America, i.e., the North American continent, which (of course?:) includes Central American countries […]

August 24, 2015

Kamchatka-2015 – aperitif.

“Further [vertically] up there, there’s a path!” – Our guide, Fyodr.   Hi all! Phew! Back to civilization from the harsh wilds of Kamchatka, and beginning the slow acclimatization back to modern city life and all its creature comforts. In all we trekked 315km on foot, and probably traveled thousands of kilometers in all-terrain vehicles […]

August 21, 2015

Top-100 Series: North America – Part 1.

Howdy folks! I’ve started – so I’ll finish. In my lengthy prelude, I promised to lay before you my updated Top-100 Must-See Places in the World in several portions over several posts. You’ve already had my new – extra – Top-20 Cities. Next up is a set of Top-Non-City-Must-See-Places – actually 17 of them – […]

August 14, 2015

The abracadabra of anonymous sources.

Who killed JFK? Who’s controlling the Bermuda Triangle? What’s the Freemasons’ objective? Easy! For it turns out that answers to these questions couldn’t be more straightforward. All you have to do is add: ‘according to information from anonymous sources‘, and voila! — there’s your answer — to any question, about anything, or anyone. And the […]

August 12, 2015

My new Top-20: Cities.

Hi folks! Following on from the prelude, herewith, my recently formed list of what are to me the world’s Top-20 cities. In this post I’ll briefly describe and present pics of my Top-20 most interesting and unique districts, quarters or whole cities of the world that I recommend everyone should visit one day. It should […]

More