• Security Experts at Sophos explained the efficiency of the business model known as Cybercrime-as-a-Service in the specific case of Vawtrak botnet.

    The term Cybercrime-as-a-Service refers the practice in the cyber criminal ecosystem to provide product and services for use by other criminals. In September 2014, a report from Europol’s European Cybercrime Centre (EC3), the 2014 Internet Organised Crime Threat Assessment (iOCTA) report, revealed the diffusion of the business model in the underground communities and highlighted that barriers to entry in cybercrime ring are being lowered even if criminal gangs have no specific technical skills.

    Criminals can rent a botnet of machines for their illegal activities, instead to infect thousands of machines worldwide. These malicious infrastructures are built with a few requirements that make them suitable for the criminals, including User-friendly Command and Control infrastructure and sophisticated evasion techniques.
    The botnets are very flexible and could be used for several purposes, including to serve malware or to send out spam emails. For example, the botnet’s computers can be configured to serve as proxies or even — once all the other usability has been sucked out of them — as spambots.

    An example of banking malware botnet is Vawtrak, also known as NeverQuest and Snifula. According data provided by Sophos, Vawtrak was the second most popular malware distributed by malicious drive-by downloads in the period between September and November.

    Sophos published an interesting paper on the cybercrime-as-a-service model applied to the Vawtrak botnet, titled “Vawtrak – International Crimeware-as-a-Service“.
    “If you look at the client-side, the commands used, and the debugging code, suggests that it’s more user friendly than some of the other malware we look at,” said James Wyke, senior threat analyst at Sophos Ltd. “It’s almost certainly going to be a point-and-click Web-based interface. Simplicity is one of Vawtrak‘s positive points.”

    Despite Wyke hasn’t personally evaluated the Vawtrak for leal and ethical reasonsSophos was able to investigate the activities Vawtrak platform is being used for. The experts recognized a pattern in the “modus operandi” of the Vawtrak clients, which used the botnet to target banks and other financial institutions worldwide. The attackers are able to run sophisticated attacks in a methodical way, by-passing two-factor authentication mechanisms and implementing custom injection mechanism.

    The experts revealed that Vawtrak was used by criminal organization in US to compromise both large banks (i.e. Bank of America and Citigroup) and smaller financial institutions (i.e. Bank of Oklahoma, Cincinnati’s Fifth Third Bank, the Columbus-based Huntington National Bank).

    There are tens of thousands of computers already infected and in the network, Wyke said.
    cybercrime-as-a-service botnet infections

    That makes it smaller than some of its competitors but, because of its business model, it might actually be more profitable.
    The cybercrime-as-a-service model developed for the Vawtrak botnet allows customers to choose specific types of infected machines, to customize the botnet to hit a specific target (i.e. banks, private firms) or to request specific types of stolen data.
    “If you want banking credentials for certain banks, or certain regions of the world, they can start campaigns targeting those banks or those countries,” said Wyke. “We’re moving away from the model where the cybercriminals write their own software, or sell you a kit and you go away and create your own botnet,” Wyke said.

    The availability of stolen data makes the model of sale Cybercrime-as-a-Service very attractive for criminals that can use them to run further attacks by having more information on the targets.

    The Vawtrak botnet provides also specific data hijacked by the botnet, including banking access credentials, that allows the criminals to deliver new strain of malware to the infected computers.
    “This is a flexible business model,” he said. “Once the machine starts sending out spam it becomes obvious that it’s infected with malware and it’s not going to be infected much longer,” he said.

    Experts at Sophos suggest to keep defense systems up-to-date and provide a free removal tool for the Vawtrak botnet on the company website.

  • A basic guide to the Internet's underbelly -- the Dark Web.




    Deep or Dark?

    There's a difference between the "Deep Web" and "Dark Web." While the "Clear Web" is the surface area which is indexed by search engines such as Google and Yahoo, the Deep Web is an area search engines can't crawl for or index. Plunging in further, the Dark Web is a small area within the Deep Web which is intentionally hidden from discovery.


    How do you access the Dark Web?

    You can't use standard access methods to gain entry into the Dark Web. The most common method is through the Tor network, an anonymous network created from nodes which disguise online activity. In order to use Tor, you need the Tor browser, and may also need to be issued an invitation to access certain .onion domains hidden within the Dark Web.


    Wait, .onion domains?

    An .onion address is the result of Onion networking -- low-latency communication designed to resist traffic analysis and surveillance. The use of Onion networking is not a perfect solution to maintain anonymity, but it does help disguise who is communicating with whom.


    It's not just drugs

    Many of us heard when the underground marketplace Silk Road, one of the largest hidden within the Tor network, was taken down following an investigation by US authorities. However, there are many more vendors peddling their wares within the Dark Web. While drugs are the most commonly-thought of when it comes to the secretive area, you can also purchase a plethora of other illegal goods. Weapons, porn, counterfeit money and fake identities, hacked accounts and even hitmen can be found if you have the cash. If someone annoys you, sending over a SWAT team as a "prank" is also possible.


    It's also something of an eBay for peculiar items.

    A quick browse and I could buy lifetime membership passes to popular services such as Netflix, old consoles, clothing, emulators and DVDs, a car or two and bulk weight loss pills. Technology is also popular -- there is a wealth of devices available -- both counterfeit and apparently legitimate -- if you know where to look.



    The Dark Web is used for more than buying and selling.

    So-called "ethical" hacking and political forums, archives of forbidden books, tips on how to care for your cat -- there are potentially thousands of private .onion addresses hosted which go beyond marketplaces.


    Trading is hardly safe or risk-free

    Whether you take a risk with buying bargain designer clothes on the Clear Web or sink a few Bitcoins in purchasing illegal items through the Dark Web, neither is risk-free.
    Vendors and sellers might be trying to avoid the eyes of legal enforcement in the darker side of the Internet, but this doesn't stop scams from taking place. Scam vendors and quick grab-and-run schemes run rampant -- especially as there is no way to follow up with failed sales down the legal route.


    Buying and selling through the Dark Web

    How do you trade without being linked to bank accounts? Virtual currency is the most common method, which includes "tumbling," a laundering process which destroys the connection between a Bitcoin address which sends virtual currency and the recipient in the hopes of covering a user's tracks. Some vendors offer escrow services which holds Bitcoin in trust until goods have been delivered and both parties are happy -- although value fluctuations linked to Bitcoin use makes this move risky.


    Avoiding spying eyes

    Aside from using the Tor browser and VPNs, a number of buyers and sellers use "Tails," free software which can be booted from flash storage to provide end-to-end encryption for your browsing sessions.
    To further cover their tracks, vendors and sellers will often also use public Wi-Fi hotspots to conduct their business.


    Reddit is used as a communication platform for Dark Web transactions

    Although far from exhaustive, the best Clear Web resource to bounce around and learn a little about the darker, nastier aspects of the Internet is on Reddit. There are sub-forums in which Dark Web vendors and buyers exchange news, thoughts and seller reviews. Advice is also issued on how best to "clean house," create safe "drop" zones to pick up packages ordered from the Dark Web and what to do if you think law enforcement is keeping an eye on you.

    There is a whole lot more to know about the Deep web. Click this link to read more.



  • Microsoft's Windows 10 was launched some few weeks ago, but questions -- lots of questions -- still remain about the new operating system, from when it will be taken to the bosom of enterprise to whether some of Microsoft's moves leading up to it were premeditated.

    Microsoft expert, Steve Kleynhans, spoke at length about the latest OS answering 10 questions about Windows 10. Kleynhans' responses were lightly edited for length.


    Will Windows 10 beat Windows 7's first-year adoption rate, which stood at 22% of all Windows PCs at the end of 12 months? 

    "It is quite likely that Windows 10 will beat Windows 7's adoption in the first year due to three factors," said Kleynhans. "First, the free upgrade will probably be taken by a relatively healthy portion of the population. Second, more users have automatic updates enabled today than six years ago. And third, compatibility between Windows 7 and Windows 10 is significantly better than between Windows XP and Windows 7. There will be a lot fewer blockers to get in the way.

    "Enterprise adoption isn't likely to be significantly better in the first year. However, enterprises will move more quickly to Windows 10 than Windows 7 and there will be a few motivated to move a bit earlier if only because of the one-year free upgrade deadline. There are fewer barriers to moving with Windows 10, including in-place upgrades and no new Internet Explorer [IE] version to wrestle with, so while enterprises will take a bit longer than consumers to get started, both should be a lot higher with Windows 10."


    When will enterprises begin adopting Windows 10 in force? 

    "Companies never do anything quickly, so aside from some aggressive early adopters, most organizations will use 2016 as a time to study the new OS and potentially run some pilots," Kleynhans said. "Real roll-outs might start in late 2016, but are more likely to really kick off in 2017."


    What's Windows 10's biggest draw for enterprises? 

    "Two things: security and lighter-weight management," said Kleynhans. "There are a number of security enhancements, from biometric log-ins to hardware-enabled protection for parts of the OS, that will be compelling to enterprises.

    "Similarly, the ability to use a store for provisioning users, enabling a self-service model, and potentially opening options for BYOD will be attractive.

    "In the short term most companies are looking at Windows 10 as providing them access to 2-in-1 devices that users find intriguing, without having to figure out Windows 8 or deal with some of its enterprise shortcomings. But regardless of any goodness in the product, the biggest driver will ultimately be Windows 7's end-of-life."


    What in Windows 10 -- or about it -- will be the biggest inhibitor to adoption by enterprise? 

    "Probably inertia," said Kleynhans. "For the most part, hardware and software compatibility isn't a big blocker, although official ISV [independent software vendor] support may be, especially in regulated industries. But doing a large-scale Windows migration is a major project. While it is nice to say that this is the last one enterprises will have to do, they still have to do this one.


    "Like any major project, it will take budgeting of time and resources. It will be disruptive. There are also things to learn and integrate into existing processes, such as the new servicing model, selecting a branch, and changes in how they manage things in order to keep current and supported."

    [Computerworld couldn't resist a follow-up question about Kleynhans' reference to "the last one enterprises will have to do," asking him if that would, in fact, be the case. "I think Microsoft believes that," Kleynhans answered. "That's the plan of record. But things change. In 10 years, who know what will happen?"]


    Will enterprises accept Windows 10's new patching and update schemes, or will they reflexively lock down devices with LTSB (long-term servicing branch) and just treat Windows 10 as they now do Window 7? 

    "Some enterprises will undoubtedly try to fall back to the LTSB because it will seem safe and familiar," agreed Kleynhans. "But I suspect that they will quickly discover that the limitations make it unsuitable for a large portion of their users.

    "Once they address the new update cadence for some users, it will be straightforward to extend it to a larger group, lessening the appeal of the LTSB. We will probably see some companies start with the majority of their users on LTSB, but quickly shift towards only those who really need it. By 2019 it is likely that LTSB will be a small percentage of users, less than 10%."


    Will Windows 10 measurably help Microsoft in mobile?

    "Well, it couldn't hurt," countered Kleynhans. "But it really is a big question whether it will draw developers to the platform with the kind of apps that are being developed for iOS and Android.

    "The only thing that truly solves the problem is market share. If a developer perceives the entire Windows 10 ecosystem as a target, the market share number will look pretty good. However, it is likely that most phone developers will continue to focus solely on the Windows smartphone number, and that will dampen their interest."

    What about Microsoft's Universal app strategy? Will that have an impact? "Microsoft certainly hopes it will," said Kleynhans. "But any impact will be a relatively slow build. It will be one more option in a broad collection of options for developers, even if they only focus on the PC: Should I develop a Web app, should I write a traditional Windows app, keep building .NET?

    "I think developers targeting PCs will settle on a combination of Web and Universal apps, but that is likely to be 2018 or later, when a critical mass of Windows 10 devices is in businesses.

    "Universal Windows apps are most immediately compelling to businesses looking at building something that needs to be accessed on a tablet and a PC, or potentially a 2-in-1. So it will help Windows 10 gain a stronger foothold in vertical business applications with a mobility component.

    "In the short term, there may also be some success with games. People like casual games as a simple distraction, even on PCs, so that will be a reasonably good target."

    Will there be a repeat of the scramble to get off Windows XP as Windows 7 nears retirement in January 2020? "There is a lot more awareness of the end-of-life of Windows 7 than there was of Windows XP's," Kleynhans said. "It is still fresh in the minds of a lot of companies, and so you are seeing it pop up on long-range road maps.

    "Generally, companies will plan to be more proactive and will have great intentions about avoiding the mad dash to the finish line in 2019, but the realities of business, and human nature, will cause plans to slip. I expect it will be less of a scramble, but it will still be a scramble."

    Will Microsoft be able to continue to charge for the OS or will it revert to a support model for revenue? "Microsoft will continue to charge for Windows," Kleynhans asserted. "The real question is whether users perceive that they are paying for Windows.

    "The vast majority of users will get Windows as part of the device and the cost will be buried in the device, like the cost of the screen or battery. Unless you are building your own PCs, it won't be visible. Users will get all the updates on that device for free so they won't perceive that they ever pay for Windows.

    "Enterprises, on the other hand, will be gradually coaxed towards a Software Assurance model with flexibility, deeper support, and additional management and security capabilities being the carrots offered over traditional volume licensing. This will look much more like a subscription model."

    In hindsight, several of Microsoft's moves in 2014 now seem to be preliminary steps toward Windows 10, including the requirement that businesses migrate to Windows 8.1 Update within four months, and the deprecation of most IE editions other than IE11. Were these part of a master plan, or was Microsoft simply trying things?" "It's probably best to think of this as more an evolutionary process than a detailed master plan," said Kleynhans. "Obviously, there was always a plan to get people off older versions of IE. The specific timing, though, was in place before the details of Windows 10 were locked down.

    "I look at the updates for Windows 8.1 as being tweaking and testing towards a goal of faster updates, rather than long-term steps in a grand scheme. Remember there was a regime change in Windows, and Microsoft for that matter, right in the middle of all of this, and what we are seeing now is the output of the new leaders, tempered with some marketplace realities."