Why people hack is a subject which is often discussed. Some say the explanation is the same as the one given by people who climb mountains: ‘because they [computers] are out there’. Others claim that by highlighting vulnerabilities, hacking helps increase computer security. And finally, there is the explanation most often put forward: criminal intent.
Whatever the reason, as long as computers exists there will be hackers – white hats, black hats and grey hats. And because there is no way of predicting which kind of attack (‘curiosity’ versus ‘malicious’) will hit your computer first, it is always best to be prepared for the worst.
The truth is that in hours of a machine being connected to the Internet, somebody will scan it with an automated vulnerability probing tool, looking for ways to get in. It may be somebody who is just curious to see what is on the machine, or a white hat from the other side of the world checking to see if the computer is secure. Of course, in real life you wouldn’t want passing strangers stopping to check if your house or car were locked, and, if not, to go inside, look around, go through your possessions and leave a note saying ‘Hi, I was here, your door was open, but don’t mind me and BTW, fix your lock’. If you wouldn’t want someone to do this to your house, you wouldn’t want someone doing it to your computer. And there is no excuse for doing it to someone else’s computer either.
Premeditated, criminal, hacking is obviously even worse. In the real world, somebody walks by, breaks your lock, gets inside, disables your alarm system, steals something or plants listening devices in your phone or surveillance equipment in your living room. If this happens you call the police, they look around, write a report, and you wait for the thieves to be caught. Unfortunately, this is a rare luxury in the computer world; the culprit may be far, far way, downloading your confidential files while sitting in his personal villa or sunbathing by his huge pool, nicely built with stolen money. Or, in a business environment, many large corporations prefer not to report hacking incidents at all, in order to protect their company image. This means that the criminals remain unpunished.
Another hacker motivation may be hooliganism, or digital graffiti, which can be summed up as hacking into systems to cause damage. Web site defacement is a very popular form of digital graffiti and there are some hacking groups which focus on this task alone. Just as in the physical, non-cyber world, catching the hooligans is a tedious task which usually doesn’t repay the effort or resources expended.
Whatever the reasoning, be it ‘to help others’, ‘security heads-up!’, ‘hooliganism’ or ‘criminal intent’, hacking is a phenomenon which is deeply rooted in the world of computing and will probably never die. There will always be people immature enough to abuse public resources, self-proclaimed ‘Robin Hoods’ and criminals hiding in the dark alleys of cyberspace.
In 2017, we encountered lots of samples that were ‘exploiting’ the implementation of Microsoft Word’s RTF parser to confuse all other third-party RTF parsers, including those used in anti-malware software. Read Full Article
In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service. Read Full Article
At first, it looked like we’d found a zero-day local privilege escalation vulnerability for Windows, but the sample that was triggering Exploit Checker events turned out to be the clean signed executable file, part of the multiplayer online game. Read Full Article
A search online lead me to a discovery I didn’t think was possible nowadays. I realized almost immediately that critical security issues were probably involved. I found that out of the many tens of thousands of gas stations the company claimed to have installed their product in, 1,000 are remotely hackable. Read Full Article
Q4 2017 represented something of a lull: both the number and duration of DDoS attacks were down against the previous quarter. At the same time, the increase in the number of attacks on honeypot traps in the runup to holiday sales indicates that cybercriminals are keen to expand their botnets at the most opportune moment by pressuring owners of online resources and preventing them from making a profit. Read Full Article
Being enthusiastic shoppers just like many other people around the world, at Kaspersky Lab we are, however paranoid enough to look at any Internet of Things (IoT)-device with some concern, even when the price is favorable. So we randomly took several different connected devices and reviewed their security set up. Read Full Article
Every year, Kaspersky Lab’s experts look at the main cyberthreats facing connected businesses over the coming 12 months, based on the trends seen during the year. For 2018, we decided to extract some top predictions that also have big implications for everyday connected life. Read Full Article
In 2017, Kaspersky Lab research revealed the extent to which medical information and patient data stored within the connected healthcare infrastructure is left unprotected and accessible online for any motivated cybercriminal to discover. This risk is heightened because cyber-villains increasingly understand the value of health information, its ready availability, and the willingness of medical facilities to pay to get it back. Read Full Article
Remote fault diagnostics, telematics and connected infotainment significantly enhance driver safety and enjoyment, but they also present new challenges for the automotive sector as they turn vehicles into prime targets for cyberattack. The growing risk of a vehicle’s systems being infiltrated or having its safety, privacy and financial elements violated, requires manufacturers to understand and apply IT security. Read Full Article
Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe. Read Full Article