Ransomware
Discuss the threat When infected restricts you to access to a computer system. This will become more refined in its targets and methods. Experts predict that the variants of ransomware that hurt the security software that are installed within a computer may particularly target the endpoints which sign up with cloud-based storage solutions like Google Drive, Dropbox, OneDrive and many more. On detecting the endpoint, ransomware will exploit the stored personal credentials of the logged-in user and will even infect the cloud storage that is backed up. McAfee has warned that ransomware attackers will try out as many ways possible to shell out ransom payments from their victims.
Degree of damage
The most advanced and most damaging ransomware in the wild at the moment, specifically targeting U.S. businesses and individuals. It's a $70 million per year criminal enterprise. Its magnitude is now confirmed by law enforcement. Some quick math shows $18,145 in costs per victim, caused by network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. As you can see, the total costs of a ransomware infection goes well above just the ransom fee itself, which is usually around $500 but can go up to $10,000.
What it attacked
Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin.
How it was controlled
Have security software installed and most importantly up to date with a current subscription. Remember with the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad has having no protection.
Make sure all the software on your system is up to date. This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.

Mac Firmware Worm

Discuss the threat
While the amount of Mac-based crapware, homepage hijackers, and content trackers has been steadily rising for the last few years, it’s always been (incorrectly) assumed that Apple systems are locked down in ways that Windows-based PCs aren’t – thus making them almost invincible to the torrent of attacks that Microsoft users have to withstand.
A little under a month ago, news broke that two white hat researchers had successfully created the world’s first firmware worm for Mac.
Degree of damage
While this worm isn’t “on the market” at the moment – the proof-of-concept virus is dangerous. It can be delivered either via an email, an infected USB stick, or a peripheral device (like an Ethernet adaptor). Once it’s on your machine it cannot be removed from the firmware manually (you’d have to re-flash the chip), and it can’t be detected by any existing security software.
If the concept has been proved, it’s only a matter of time until black hat hackers start exploiting it. If you’re a Mac user, take appropriate security steps now.
What it attacked
A firmware worm is a type of attack that targets the part of a computer responsible for booting it up and launching the operating system. On Windows machines, that can include BIOS (Basic Input/Output System). On the Mac, it's EFI (Extensible Firmware Interface).
Bugs in BIOS or EFI code create vulnerabilities in the system that, if not otherwise defended against, can be exploited by malicious programs like firmware worms, which try to infect one system and then "worm" their way onto others.
Because firmware exists outside the operating system, it's typically not scanned for or otherwise detected and isn't erased by a re-installation. That makes it much harder to find and harder to remove. In most cases, you'd need to re-flash the firmware chips to eradicate it.
How it was controlled
Of the six vulnerabilities the researchers tested, five were found to affect the Mac. The same researchers said that Apple has already patched one of those vulnerabilities and partially patched another. OS X 10.10.4 breaks the proof-of-concept by restricting how Thunderstrike can get onto the Mac. Whether OS 10.10.5 breaks it even more, or proves to be even more effective at preventing this type of attack altogether, remains to be seen.

Rowhammer
Discuss the threat
What’s the worst kind of security hack? The answer is almost certainly one that cannot be fixed.
Rowhammer.js is a new security attack that was revealed in a paper by security researchers earlier this year. It’s so dangerous because it doesn’t attack your software, but instead targets a physical problem with how current memory chips are constructed.
Apparently the manufacturers have known about the hack since 2012, with chips from 2009 all affected.
Degree of damage
It’s so worrying because it doesn’t matter what type of operating system you’re using – Linux, Windows, and iOS are all equally vulnerable. Worst of all, it can be exploited by a simple webpage – there is no requirement for a machine to already be partially compromized. As one researcher behind the paper explained, “It’s the first remote software-induced hardware-fault attack“.
What it attacked
“‘Rowhammer’ is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process,” Seaborn wrote in his post.
“When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.”
How it was controlled
However, one good defense against the attack is the use of ECC memory, which has extra bits to help correct errors. ECC is more expensive, though, and mainly is used in servers rather than laptops and desktops, said researcher Robert Graham of Errata Security.
“The biggest threat at the moment appears to be to desktops/laptops, because they have neither ECC memory nor virtual machines. In particular, there seems to be a danger with Google’s native client (NaCl) code execution. This a clever sandbox that allows the running of native code within the Chrome browser, so that web pages can run software as fast as native software on the system. This memory corruption defeats one level of protection in NaCl. Nobody has yet demonstrated how to use this technique in practice to fully defeat NaCl, but it’s likely somebody will discover a way eventually,” Graham said.
The new techniques, Seaborn said, are a good example of why manufacturers and researchers should be paying close attention to hardware vulnerabilities.
“History has shown that issues that are thought to be “only” reliability issues often have significant security implications, and the rowhammer problem is a good example of this. Many layers of software security rest on the assumption the contents of memory locations don’t change unless the locations are written to,” he said.
“Though the industry is less accustomed to hardware bugs than to software bugs, we would like to encourage hardware vendors to take the same approach: thoroughly analyse the security impact of ‘reliability’ issues, provide explanations of impact, offer mitigation strategies and — when possible — supply firmware or BIOS updates. Such discussion will lead to more secure hardware, which will benefit all users.”

Stagefright, Xcode, and More Weak Points in Android and iOS
Discuss Threat
A spying tool for Android and iOS devices; and an Android app that can bypass Google Play security. One of these discovered flaws was also added to the Angler Exploit Kit and used in attacks in Korea and Japan; another, in attacks against Taiwan and Hong Kong websites.
Degree of damage
It enables attackers to install malware through MMS, a malicious app, or a specially-crafted URL.
What it attacked iOS app and Android apps, iOS devices were also at risk through tampered versions of iOS developer tools Xcode and Unity. Apps created via the Trojanized Xcode remain a problem for iOS users today. Apart from Xcode, a vulnerability was also found in Apple’s Airdrop feature and another in the way that iOS devices handle configuration sent through MDM clients (quicksand).
How it was controlled
A majority of Android devices were put on a standstill with the emergence of Stagefright, which enables attackers to install malware through MMS, a malicious app, or a specially-crafted URL. Multiple vulnerabilities in the mediaserver component were also uncovered.

Rombertik
Discuss Threat
Rombertik is spyware designed to steal confidential information from targets using Internet Explorer, Firefox, or Chrome running on Windows computers. It was first publicized by researchers at Cisco Talos Security and Intelligence Group. It employs several techniques to make analyzing or reverse-engineering it difficult. Over 97% of the file is unnecessary code or data meant to overwhelm analysts. It loops through code hundreds of millions of times to delay execution, and checks for file names and user names used by Malware Analysis Sandboxes.
Degree of damage
Rombertik incorporates several layers of obfuscation along with anti-analysis functionality. Obfuscating the functionality of a malware sample can be accomplished in many different ways. A common method is to include garbage code to inflate the volume of code an analyst might have to review and analyze. In this case, the unpacked Rombertik sample is 28KB while the packed version is 1264KB. Over 97% of the packed file is dedicated to making the file look legitimate by including 75 images and over 8000 functions that are never used. This packer attempts to overwhelm analysts by making it impossible to look at every function. The Rombertik malware goes to extreme measures to avoid detection and cause damage to victims' computers.
What it attacked
Rombertik goes through several checks once it is up and running on a Windows computer to see if it has been detected.
That behavior is not unusual for some types of malware, but Rombertik “is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis,” wrote Ben Baker and Alex Chiu of the Talos Group. Such “wiper” malware has been used in the past, notably against South Korean targets in 2013 and against Sony Pictures Entertainment last year, an attack attributed to North Korea by the U.S. government.
The last check Rombertik does is the most dangerous one. It computes a 32-bit hash of a resource in memory, and if either that resource or the compile time had been changed, Rombertik triggers self-destruct
How it was controlled
Rombertik will scan the user’s currently running process to determine if a web browser is currently running. If Rombertik detects an instance of Firefox, Chrome, or Internet Explorer, it will inject itself into the process and hook API functions that handle plain text data. Once accomplished, Rombertik is then able to read any plain-text data the user might type into their browser and capture this input before it gets encrypted if the input is to be sent over HTTPS. This enables the malware to collect data such as usernames and passwords from almost any website. Rombertik does not target any site in particular, such as banking sites, but instead, attempts to steal sensitive information from as many websites as possible. The collected data is then Base64 encoded and forwarded to www.centozos.org.in/don1/gate.php over HTTP with no encryption.