Speaking of Security – The RSA Blog and Podcast

With all the recent Java Virtual Machine (JVM) exploits, a lot of attention is being focused on figuring out how best to mitigate the vulnerability. Detection has been limited to signature-based attempts, mostly firing on class names or well-known strings within the JAR/Class. While this works for the commodity malware based on pre-packaged kits like Black Hole and Redkit, a clever adversary will re-write the exploit and avoid that simple detection method.

Several vulnerabilities with multiple implementations of Universal Plug and Plan (UPnP) were announced January 29 by security firm Rapid7. These vulnerabilities can result in remote code execution and affect “between 40 and 50 million” internet connected devices (according to Rapid7). Said another way, this affects products made by “over 1,500 vendors and 6,900 products”. The Rapid7 announcement, available here, discusses their findings in depth.

We, the RSA FirstWatch team, are always at the forefront of solving the latest malware problems –one of those is malware encryption. Malware encryption is not new. It has been around since the DOS days, but has simply evolved to address the antivirus solutions designed to beat it. In this multi-part blog, I will discuss how malware encryption has evolved from the simple application of an encryption/decryption engine to the more complicated metamorphic engine.

Introduction In the first installment of this blog series we discussed several principle ideas and concepts necessary for security analysts as they seek to master an understanding of indicators of compromise (IOC).  We discussed how IOCs relate to observables and how observables tie or relate to measurable events or stateful properties on a host.  We [...]

Recently, there has been some media noise generated by a new malware reportedly attacking targets in the Middle East such as Saudi Aramco. But what exactly does this attack look like once the malware compromised the system? Check out our visual examples of Shamoon, including a video showing its destructive payload in action.

As more information about the attack on Saudi Aramco has emerged, such as in the article in Dark Reading last week, it increasingly appears to be an aggressive and significant attack, with one attacker claiming to have compromised 30,000 of the company’s clients and servers. As described in the Saudi Aramco press release, however, the [...]

Mobile apps, and the content they provide, are the reason smartphones and tablets are so popular; recent statistics show that mobile users around the globe download over 67 million app every day! Although these numbers are staggering, security-awareness did not follow, and it was a matter of time – and only logical for cybercriminals – before online threats, such as phishing and malware, became a reality on mobile devices.

Advances made in the cybercrime world over the past year prove that the trickle-down effect does not only apply to tablet computers and space tourism. Rather, much like real world products, techniques that were once reserved for the cybercrime elite have trickled down to the public domain, bestowing low-skilled botmasters with the same research-thwarting tools that not too long ago were used solely by malware experts.

Shady Rat, Aurora, Poison Ivy, ZeuS, SpyEye, Ice IX, Stuxnet and Flame. This strange combination of terms may have no immediate relation to the layman, but for those involved in computer security and incident response, they speak of events that have sparked press coverage, executive interest and late nights.

A couple of weeks ago, my colleague Alina Oprea and I participated in the ZISC Workshop on Secure Mobile and Cloud Computing 2012 sponsored by the ETH here in Zürich. The second day of the workshop focused on cloud security, ending with Alina’s great presentation on research that RSA Labs is doing on mechanisms that enterprises could use to validate the security and availability of data entrusted to a cloud service provider. There were also very interesting talks by Vinod Vaikuntanathan (University of Toronto) on fully homomorphic encryption and George Danezis (Microsoft) on considerations for deploying cryptographic protocols for the cloud.