Opinion

Where will real-time search take us?

As you’ve most probably read by now search engines providers have been working on providing so called real time search results. These results include queries to, for instance, Facebook, Twitter and Myspace.

We may not all realize this, but we have just turned yet another technological corner. Everyone will have exponentially more and faster access to personal information now including data from social networks. Everyone naturally includes cybercriminals.

In my opinion, cybercriminals now have a great new opportunity to combine two major threat vectors – Black Hat Search Engine Optimization and social networks. Now turnaround will be faster and more people will see the malicious links created by black hat SEO – something search engines have already failed to control.

This is important, because to date attacks via social networking sites aren’t yet as prevalent or sophisticated as they could be. The gang behind Koobface has recently stepped up their game but overall isn’t really technically advanced. In fact, from where I sit, the development of malware that’s targeting social networks is really reminiscent of that of IM-Worms some years back. It’s the same situation: your friend’s compromised account is used to persuade you to click on a malicious URL. So we’ll probably soon see the social engineering approaches used to spread social networking threats following a similar evolutionary path.

I’m also concerned about how real time search results will affect our online privacy.

Clearly, it’s no coincidence that Facebook introduced their new set of privacy guidelines just days before Google introduced real time search. The recommended Facebook settings – which surely will be used by the vast majority of the Facebook community – put a lot of information into the public and semi-public domains.

Yes, this approach will definitely make real time search results more effective. But I definitely think that the recommended settings expose too much PII.

What does this hold for the future? I’m convinced that real time search is just in its infancy. I’m positive that soon enough search engine providers will offer everyone the opportunity to use real time search with their Facebook/Twitter/MySpace/etc. credentials. This would then allow people to more effectively crawl what their friends – or friends of friends – are up to. An opportunity that the cyber criminals will surely not let go to waste.

Where will real-time search take us?

Your email address will not be published. Required fields are marked *

 

Reports

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

What did DeathStalker hide between two ferns?

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Subscribe to our weekly e-mails

The hottest research right in your inbox