In this post, we are going to look at Cyber Security from the perspective of a normal internet user and why Cyber Security should matter to every internet user to prevent them from losing data and or having to pay money as a result of a cyber security attack .
We we will start with how Cyber Crime works with Zeus banking Trojan then move on to examine how a ‘DriveBy download’ coupled with ‘ hackers are not interested in my computer because I don’t do internet banking’ can make you vulnerable. Finally we shall look at the uses for a compromised PC and suggest solutions to keep you safe on the internet.
Zeus Banking Trojan: a Cyber Crime example
The poster below is from the FBI and shows how the Zeus banking Trojan works. Click the image to enlarge it in a new window.
As you can see this was a professional operation spanning many jurisdictions with actual losses of $70 million. Zeus is by no means the only banking trojan around but it is the most known, Symantec has information on it here.
So we need to protect ourselves if we are doing internet banking.
How do we protect ourselves from Banking Trojans ?
- Protect your computer with strong security software such as anti-virus and make sure it is regularly updated.
- Enable automatic Windows® updates and installed software updates for programs installed on your computer. You can find out what updates are needed to keep you safe by using this free tool from Secunia here
- Update your browser regularly and check at the Qualys Browser check service here.
- Use extreme caution when opening attachments.
- Be careful when engaging in peer-to-peer (P2P) file-sharing.
- Download the latest version of your browser.
- Be certain a web site is legitimate before you go there.
- Back up your files regularly.
What is a ‘DriveBy download’?
Let’s now look at how a ‘DriveBy download’ used by hackers works as shown in the diagram below
Hackers use so called “exploit kits”, these are essentially sold by malicious exploit writers on the cyber underground. These kits come with licenses and upgrades as new exploits are incorporated into the kits, it is not uncommon for users of one kit to see that another kit has a new exploit, complain to their kits author asking for it to be included. Next they rent a server from a hosting company with false details using pre-paid credit cards / E-Money, Liberty Reserve ( now taken down) and or Western Union, this gives them a server to which they can redirect victims. The last stage is to infect a legitimate site and redirect victims to there exploit server. Once, they have a victim, they will using install a remote access trojan and or make the computer part of a Botnet. There is a good explanation of how Botnets work at the Infosec Institute in three parts at Part 1, Part 2 and Part 3.
The most famous exploit kits are “The Black Hole Exploit Kit 2” and “Phoenix”, you can see the exploits available in each kit in 2012 here. There is a spreadsheet managed by a blogger called Mila here which as up to date 2013 information here. These exploits kits can also be rented on a daily basis for as little as $50 per day which includes 50,000 hits per month or per month for $500 with 70,000 hits. This means that you can create a Botnet of up to 70,000 compromised computers for as little as £320 !!
“I don’t do internet banking so why would hackers be interested in my computer?”
This phrase is often used by people as reason why not to take Cyber Security seriously at a personnel and small business level. It is this attitude when coupled with the ‘DriveBy download’ phenomena that allows the attackers to compromise internet users PC’s. There is also the attitude that ‘it does not matter if i get infected anyway’ which further aids complacency and the hackers.
So what if i get infected ? What are the risks?
Once you become infected, many things can happen to your digital life, we shall look at two of them.
Fake anti-virus – Once installed it tells you a virus and asks you to pay for a solution by buying there software whilst in the mean time preventing your computer from functioning fully and or removing it.
Ransomware – This malware encrypts your hard drive and then asks you to pay for access so you either pay or loss your data
At this point, a word of caution. if you suffer something like the above please do not be tempted to pay any money as it will not solve your malware problem. Please contact someone you can trust with IT experience.
This Sans Institute diagram shows all the uses for a compromised computer.
So with all this hacking occurring, what should the average internet and or small business do ?
- Apply the security guidelines for doing internet banking even if you are not as outlined above
- Consider signing up for the Sans Institute OUCH newsletter, it is a monthly newsletter for non technical users, here
- If you are a business, consider having your systems and or networks independently professionally tested