Well, here we are about to close out the week. It’s been a busy one for me, with doing tons of freelancing work. I have written everything from a whitepaper on how to create an Incident Response Plan to the fundamentals of what a VPN Concentrator are. But today is no rest for me either today, as I have to compose articles on Routers/Hubs, and Data Loss Prevention.
Get theme here? Yea, it’s all about Security at one form or another. I do plan to write more about these technologies in some future blog posts, but most of my time is trying to educate you, my readers, as to how you can avoid from being a victim in a Cyber attack. Also, some of my other writing angles have been involved in trying to get inside the mind of the Cyber attacker themselves, and see what makes them think and operate the way they do.
So with that in mind, when we think of a Cyber attacker launching his or her attack, we often think of it as a unilateral, or one side attack. This simply means that the Cyber attacker launches only one attack at a time, with just one attack vector, such as that of Phishing, deploying a Trojan Horse, or sending out Ransomware and locking up a computer or wireless device.
But, the attack not just hits one victim, but many all at once . For example, this could be employees within the same business or corporation, or even different organizations of all different kinds at once. I call this as what is known as a “One to Many Attack”. Meaning, there is a Cyber attacker (or even multiple ones in the same group) that use just one attack vehicle.
That is the common thinking today in the world of Cyber security. But, have you ever thought of the fact that the same Cyber attacker can use multiple attack vehicles at the same time in order to hit multiple attacks, in a “Many to Many” style? Well, such is the case with a new malware called the “MysteryBot”, and so far, it has only targeted only Android based devices.
Security researchers at a Cybersecurity firm known as “ThreatFabric” discovered this banking malware. It consists of a keylogger and ransomware features. The malware also comes with a whole suite of data-stealing abilities, including harvesting SMS messages, mails, contacts and more.
Worst yet, MysteryBot can also place calls from the infected Android device, send spam SMS messages, delete all SMS messages and much more. The malware also consists of a Trojan Horse, thus making it a triple threat when it is launched. With regards to this, it makes use of the popular AccessibilityService, allowing the Trojan Horse to enable and abuse any required permission without the explicit permission of the victim.”
It is believed that MysteryBot is actually a variant from an existing piece of malware known as “LokiBot.” In terms of specifics on this malware, it doesn’t make use of any known or defined keylogging techniques. Rather, it employs a new and innovative technique that involves calculating the location of each key on a phone. In other words, the keylogger uses the phone’s touch data to log users’ keystrokes.
Let us illustrate this point with an example. Suppose your Android has been hit with a covert keylogging kind of malware. Rather than recording the direct keys that you are typing, this new malware has such sophisticated algorithms in that it can create a profile of your typing patterns, and from there, discern the exact keys that you are typing.
This just makes MysteryBot all that more stealthy and difficult to trace on an Android device. With this, there is the potential that these algorithms could even be recording much more than just keystroke profiles. In terms of the Ransomware component, it embeds a feature that encrypts all files in the infected Android’s external storage. This process involves allocating all files to a password-protected ZIP archive that can only be unlocked by paying the Cyber attacker the ransom, most likely in Bitcoins.
According to the Security researchers, expect the next wave of Cyber attacks to come in the “Troublesome Threes”. Meaning, at least three or even more attack vectors used all at the same time. Of course it is not just restricted to those vehicles just described, but other forms of rogue applications can be deployed as well, such as sound recording and file uploading capabilities.
These functionalities not only allow the Cyber attackers jailbreak or root the infected Android device, but it also enables advanced data harvesting to occur without any specific triggers being actually executed.
My thoughts on this? Wow, for sure. I know that Cyber attackers are getting much more sophisticated every day, but this is the stealthiest that I have seen so far. In this regard, it is really difficult to keep up with the pace of these kinds of attacks from happening.
Yea, the good news is that there are tons of Cyber security researchers that are being paid the big bucks to track all of this, but it takes a considerable amount of time to discover these new pieces of malware, as well as research their mechanics and impacts. By the time all this is said and done, the Cyber attacker will have come out with at least ten new variants.
This is where the role of Artificial Intelligence (AI) could possibly come into play. Meaning, as the Cyber security researchers are examining a current form of malware, the data that is being discovered could fed into the AI package, in a simultaneous effort to guess what future variants could like, thus saving time and increasing the response rate to these sorts of attacks.
What can you do in the meantime? Well, not much really. Just make sure, that whatever Smartphone you have, that you at least do the following:
*Always keep the OS updated when the alert appears on your device;
*If your device is ever lost or stolen, if possible, activate the Remote Wipe tool;
*If you suspect your device is infected, take it back to the nearest retail store and have it replaced. But, before you throw your old device, make sure that all data is transferred and moved over to the new device, and deleted from the old one!!!