The Hacker News

on Friday, 18 October 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Exclusive: Security Researcher developed the first malware ever for Firefox Mobile OS
10/18/2013 2:25:00 PM

Firefox OS is a mobile operating system based on Linux and Mozilla's Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript.
After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available.
Shantanu Gawde, 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi.

Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device's hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose.

Basically, there are two types of Firefox OS apps: packaged and hosted. Packed apps are essentially a zip file containing all of of an apps assets: HTML, CSS, JavaScript, images, manifest, etc.

Hosted apps are just a website is the application, means you can host the app on a publicly accessible Web server, just like any other website.

 His PoC will demonstrate his malware application, created using just HTML, CSS, and JavaScript, but capable to perform many malicious tasks remotely on the device i.e. Accessing SD Card Data, Stealing Contacts, downloading-uploading Files on device, Tracking Geological location of the user etc.

"The purpose of the PoC is of course to motivate developers to ensure better security on their platforms rather than providing inspiration to those with malicious intents." he told 'The Hacker News'.

The rapid growth and evolution of mobile malware is swiftly becoming a highly profitable business for cybercriminals. According to the third annual Mobile Threats Report from Juniper Networks, mobile malware threats have grown a huge 614% in the period March 2012 to March 2013.
With mobile malware on the rise and attackers becoming increasingly clever and they are also targeting every possible new platform. Make sure you will be at Ground Zero this year to see live threat to one of the prominent upcoming mobile operating systems.

 

DDoS Attacks : A Serious unstoppable menace for IT security communities
10/18/2013 4:16:00 PM

It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you likely just become yet another victim of a distributed denial of service (DDoS) attack.

By now, everyone who uses the Internet has come across DDoS attacks. It is one of the oldest attack technologies on the web, and a popular way of paralyzing the huge data centers.

Just yesterday we have reported about a massive 100Gbps DDoS attack that hit World's 3rd Largest Chinese Bitcoin exchange for 9 hours.

Arbor Networks, a leading provider of DDoS and advanced threat protection solutions, today released data on global distributed denial of service (DDoS) attack trends for the first three quarters of 2013, revealed that this kind of attack still represents a serious menace for IT security communities. 

The document provides an interesting overview into Internet traffic patterns and threat evolution. The data show a constant growth in the number or attacks and related efficiency, the experts observed a meaningful increase (32%) for malicious traffic, the IPv4 traffic reached 69Tbps of peak, up from 47Tbps in registered in Q2.

DDoS attacks have been around since the inception of the web, but have evolved over time to become more sophisticated and powerful. The data show that the DDoS continues to be a global threat, with alarming increases in attack size this year and the last quarter was included in the 3-3.5 Gbps range.

The graph below shows the average monthly Mbps of attacks and peak Gbps of the attacks, both picture confirm the significant growth of the cyber threat.

The average attack sizes on monthly base touched 3Gb/Sec, the experts remarked that despite the attack volume seem to be taking up across the board when it comes to bits-per-second, the situation is inverse if it is considered in packets-per-second.

The DDoS Q3 2013 report states that the largest DDoS attack size had a peak at 191Gbps and occurred in August 2013, this data is considered concerning because it has broken through the psychological threshold of alert estimated on 100Gbps.

Another element of interest in the data proposed by DDoS Q3 2013 are the information on the magnitude of single events, ATLAS has monitored a superior number of attacks over 20Gbps respect previous year.

Following key findings for proposed by Atlas on DDoS attacks:
  • 54% of attacks so far this year are over 1Gb/Sec, up from 33% in 2012
  • 37% of attacks so far this year are in the 2 – 10 GB/Sec range, up from 15% last year
  • 44% growth in proportion of attacks over 10Gb/Sec, to 4% of all attacks
  • More than 350% growth in the number of attacks monitored at over 20Gb/Suez so far this year, as compared to the whole of 2012
  • For 2013 an average DDoS attack now stands at 2.64Gb/sec, up 78% from 2012
  • 87% of all attacks monitored so far this year last less than one hour
  • Largest monitored and verified attack size increases significantly to 191Gb/sec.
DDoS attacks are becoming an increasingly significant problem. I suggest the reader to read the full report to better understand the evolution of the DDoS cyber threat.
Photo of Pierluigi Paganini Hacker News - Researcher, Security Evangelist, Security Analyst. Founder of 'Security Affairs' Author: The Deep Dark Web. ()

Popular Stories

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)