{"id":199,"date":"2016-06-29T08:12:36","date_gmt":"2016-06-29T08:12:36","guid":{"rendered":"http:\/\/www.volucer.it\/?p=199"},"modified":"2016-06-29T09:13:30","modified_gmt":"2016-06-29T09:13:30","slug":"malicious-software-sophistication-mass","status":"publish","type":"post","link":"https:\/\/www.volucer.it\/?p=199","title":{"rendered":"MAlicious Software Sophistication (MASS)"},"content":{"rendered":"

Strong interests in the cyberspace produce lots of highly sophisticated malicious software.<\/em><\/p>\n

CYBERSPACE INHABITANTS<\/strong>
\nTo enter the cyberspace means to probably be the target of thieves, hackers, activists, terrorists, nation-states cyber warriors and foreign intelligence services. In this scenario the strong competition in cybercrime and cyberwarfare continuously brings an increasing proliferation of malicious programs and an increment in\u00a0their level of sophistication.<\/p>\n

 <\/p>\n

MALWARE PROLIFERATION<\/strong><\/p>\n

According to the data published by the major antivirus companies we have an average of 400000 new malware samples every day.<\/p>\n

\"Malware<\/p>\n

This data could be a little bit inflated by the antivirus companies but if we consider as true only the 2% of 400000, this means that we have 8000 new strains of computer malware per day in the wild.<\/p>\n

Today it is impossible to live without digital technology, which is the base of digital society where governments, institutions, industries and individuals operate and interact in the everyday life.<\/p>\n

So, to face the high-profile data breaches and ever increasing cyber threats coming from the same digital world, huge investments in information security are made around the world (according to Gartner in 2015 the spending was of above $75.4 billions).<\/p>\n

But the security seems an illusion after hearing about the result of a research made at Imperva, a data security research firm in California.
\nA group of researchers infected a computer with 82 new malwares and ran against them 40 threat-detection engines of the most important antivirus companies.
\nThe result was that only 5 percent of the malwares was detected. This means that even if the antivirus software is almost useless for fighting new malwares, it is necessary to protect us from the already known ones by increasing\u00a0the level of security and protection.<\/p>\n

 <\/p>\n

EVERYONE COULD BE A TARGET<\/strong><\/p>\n

In the leakage involving\u00a0Twitter on June 8th 2016 user accounts have been hacked, but not on Twitter's servers. This means that 32.888.300 users have been singularly hacked by a Russian hacker. This is amazing and underlines how easy it is to guess the users' passwords and to infect users' computers in order to steal users' credentials.
\nThe password frequencies in the following chart show how users don\u2019t pay too much attention to the passwords they use. In the chart we consider only the first 25th most used passwords. The statistic is done on 20210641 user accounts released from several leakages [04].
\nThey probably think: why should I be hacked? I\u2019m a normal ordinary guy, who cares about\u00a0me? But what it is important for a bad guy is to get some profit. So, a huge quantity of accounts to sell in the dark market is a good reason to steal every Twitter user's credentials. In fact, the amount is the key factor which attracts the buyer.<\/p>\n

\"Most<\/p>\n

Even if the chameleon attacks or the werewolf attacks are able to bypass easily the antivirus defense, it is important to pay\u00a0more attention to our access keys to prevent\u00a0the leakage of this huge quantity of user accounts because, I think, most of Twitter user accounts are simply guessed by the bad guy.<\/p>\n

 <\/p>\n

 <\/p>\n

MALICIOUS SOFTWARE ANALYSIS<\/strong><\/p>\n

Malicious Software is characterized by four components:<\/p>\n