The printing press was one of the earliest steps towards democratization of knowledge, allowing the acquisition and spread of knowledge among the masses, and not just the privileged elite. Democratization of knowledge is one of the most powerful forces for change, and in the era of globalization, democratization of technology and information have been major drivers for change and innovation.
The software industry has been highly invigorated by an inherent culture of openness and sharing, supported by human manifestations such as the open source movement and sharing tools like GitHub.
GitHub is a Web-based Git repository hosting service highly popular among developers, which publicly hosts everything from small config files and tiny experiments to major open source projects.
The combination of these kinds of movements and tools make possible that a developer located in Africa can potentially access the same resources as one in the United States. Most technology companies producing software use open source software and actively contribute to pieces of code, which are maintained by the community. A great example of this is the recent announcements from Google and Facebook, giving away their Artificial Intelligence technologies.
But, what happens when malicious software – malware - is democratized? It is not only innocuous software being shared. Democratization is also driving an explosion of malware sharing and community maintained hacking tools.
Ten years ago, hacking tools were mostly closed-sourced and exclusively maintained by small crews. But today, cyber crime is a global problem, and it is spreading rapidly thanks to increased access to quality tools and modern proof of concepts shared across GitHub and other public forums. In our research, we witness daily how a single individual is capable of deploying multiple non-trivial attacks against financial institutions overnight by using tools that are readily available in public places.
To further explain the democratization of malware, its evolution and impact to the financial sector, let’s look at three examples.
Case #1 – PowerZeus
The infamous banking malware Zeus has been out since 2007. After it was leaked in 2011, we have seen several variants derived from the original base code.
These variants add more layers of sophistication, often acquired after merging with malcodes leaked from other gangs, or with code shared in underground forums or researcher pages.
More recently, security researchers have found advanced versions of Zeus with mixed characteristics from several different malware families. These include:
- Bootkit and Antimalware neutralization from Carberp
- Webinject mechanisms from Zeus/Spyeye/Citadel
- Injection techniques from Power Loader
- Contributions from several developers
What’s the end result here? Is Zeus more prevalent today? More powerful? What do those mixed characteristics allow it to do?
Case #2 – Hacking Team Leaks
Recently, Italian spyware maker Hacking Team was hacked, resulting in the leak of 400 gigabytes of files that included at least three zero-day exploits. This one received a lot of attention because of how quick criminals are to include new tricks into their tools.
Just after a few days after the leakage, at least three exploit kits were tracked to be used in the leaked exploits - Angler, Neutrino and Nuclear Pack. This constitutes the fastest documented case of immediate weaponization in the wild, possibly thanks to detailed instructions created and left by Hacking Team. It was quite easy for the hackers to simple release the exploits and wreak havoc.
Case #3 - Ultra Resilient Banking Trojan
We are starting to hear chatter about traditional banking malware implementing features usually posted as PoCs on GitHub or documented by researchers. This would allow an attacker to take control of home devices remotely, such as routers, IP cameras, etc.
In this scenario, the malware would be much harder to trace as it reaches unprecedented levels of spread and resiliency. Consider a new variant of a banking trojan including the capability to spread across home routers or connected devices. This means unlimited access and tampering capabilities across all your network, where web injects would reach new levels of sophistication and detection would be a real challenge. Now banking at home becomes even riskier than doing so at an open Internet café.
The year 2016 has been dubbed by many as the year of Internet of Things. Undoubtedly, this will bring along countless concerns about security, mostly because this trend will bring computer power and Internet access to every device that surrounds us. Unless manufactures put security at the top of their priority list, criminals will have a new dawn of opportunities waiting to be exploited.
Democratization is here to last, and nurture human knowledge in every dimension, including criminality. As malware evolves and becomes more complex, and criminals continue to be innovative, we have to rethink how we look at cyber security.
Today individuals and institutions are vulnerable on several fronts, and require a multi-layered approach to security. We must learn to react faster than criminals, be open to learning from any source, and be aware so that we have the ability to predict and be proactive. There is enough information out there to create a new Zeus every day. We cannot continue to focus on a never-ending battle of malware cleaning and instead must focus on protection. At Easy Solutions, we believe that financial institutions have the power of enabling secure transactions regardless of attacks affecting the end users and we always strive to provide integrity even in the worse scenarios. This is fundamental design premise behind our Total Fraud Protection®.