Cryptowall 3.0 Embraces Exploit Kits

Cryptowall 3.0 Embraces Exploit Kits

The Cryptowall ransomware has evolved into a third-generation baddie, with a streamlined dropper and new functionality such as incorporating I2P anonymous network communication. According to an analysis from Cisco, the updated dropper is the main change in the new variant; it is much more streamlined in functionality, and many of the dropper features deployed in Cryptowall 2.0 are no longer present in the 3.0 sample. The latest 3.0 sample comes wrapped in a zip file contains multiple dropper files which are essentially identical in functionality except for the encryption algorithm used to obfuscate the dropper and eventually build the Cryptowall 3.0 binary. But, several dropper features have been removed, including multiple exploits and an anti-VM check to prevent it from running in virtual environment. It’s likely that the changes indicate that Cryptowall’s authors are focusing more on exploit kits as an attack vector. “Examining the dropper in the 2.0 sample indicates that it includes a lot of useless API calls and dead code,” said Cisco researchers Andrea Allievi and Earl Carter, in the analysis. “Apparently the dropper for this version of Cryptowall has been streamlined.” They added, “The lack of any exploits in the dropper seems to indicate that the malware authors are focusing more on using exploit kits as an attack vector, since the exploit kit’s functionality could be used to gain privilege escalation on the system. Without privilege escalation, attempting to turn off many enabled security features on the system is likely to fail.” They also found that Cryptowall 3.0 acquires much of system information (like the computer name, main processor speed and type, and so on),...
Mobile industry association GSMA plans for 5G mobile

Mobile industry association GSMA plans for 5G mobile

The GSMA explores the potential use cases for the hopefully faster and more reliable network By Antony Savvas | Techworld | Published: 11:37, 10 December 2014 Facebook0Twitter2LinkedIn0Google Plus0Share This39Article comments Mobile industry association the GSMA has released a new report to outline its perspectives on the development of 5G mobile. The Understanding 5G: Perspectives on Future Technological Advancements report outlines the technical requirements of future 5G networks, and explores potential use cases as well as the implications for operators and other mobile ecosystem players. “Already being widely discussed, the arrival of 5G will help deliver a fresh wave of mobile innovation that will further transform the lives of individuals, businesses and societies around the world,” said Anne Bouverot, director general of the GSMA. Related Articles on Techworld 5G is not about speed – but it turns out we can provide the fastest wireless speed ever, say researchers | Data speed shouldn’t be the only concern for 5G says government advisor | London will have 5G by 2020, says Boris Johnson “Of course, 5G is still to be standardised by the industry and it has not been fully agreed what 5G will look like or what it will enable,” she said. “However, the GSMA is already collaborating with operators, vendors, governments and other industry organisations in ensuring that the future 5G standard is both technically and economically viable.” Evolution The report aims to provides “clarity” on the industry’s “evolutionary path” towards 5G, and addresses “many of the misconceptions” around 5G. It examines the two main views on 5G that exist today, which are frequently mixed together to form the basis...
Six free network vulnerability scanners

Six free network vulnerability scanners

Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritised list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process. Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities, but there are also those that offer broad IT security scanning. 1. OpenVAS The Open Vulnerability Assessment System (OpenVAS) is a free network security scanner platform, with most components licensed under the GNU General Public License (GNU GPL). The main component is available via several Linux packages or as a downloadable Virtual Appliance for testing/evaluation purposes. Though the scanner itself doesn’t work on Windows machines, they offer clients for Windows. The main component of the OpenVAS is the security scanner, which only can run in Linux. It does the actual work of scanning and receives a feed updated daily of Network Vulnerability Tests (NVT), more than 33,000 in total.The OpenVAS Manager controls the scanner and provides the intelligence. The OpenVAS Administrator provides a command-line interface and can act as full service daemon, providing user management and feed management. There are a couple clients to serve as the GUI or CLI. The Greenbone Security Assistant (GSA) offers a web-based GUI. The Greenbone Security Desktop (GSD) is a Qt-based desktop client that runs on various OSs, including Linux and Windows. And the OpenVAS CLI offers a command-line interface....