Lots of coverage this week relating to ‘Hand of Thief’, the latest black-market Trojan designed for any aspiring cyber-fraudster – yours for just $2000.

Server room racksIt’s concerning news in that the threat to your personal data – predominantly your internet banking details – is an increasingly marketable commodity, but for the IT community, the additional interest in this particular piece of malware is that it has been engineered specifically for Linux. Estimates suggest that Linux as a desktop OS accounts for less than 1% of the worlds’ total. Of course, Linux is very popular as a host/server OS, but Hand of Thief is squarely intended to intercept a user’s browser interactions. It may be a proportionally small pool of potential targets but at least you get 100% of it – the quantity of malware targeted on the Linux OS is negligibly tiny compared to the tens of millions of newly added malware variants being discovered in the Windows world every year.

What Would Walter White Do?

The market for Hand of Thief seems to be modeled in the image of Breaking Bad’s Walter White’s structure for his blue crystal meth market (I’m sure I don’t need to explain what Breaking Bad is?). At the top, there is a development lab manufacturing the malware, and the guys engineering the code, like Walter and his trainee cooks, seem satisfied just to produce and sell the product. Their customers will either be the criminal gangs looking to use the malware to steal banking information, or there could even be a further tier of middle-men operating the phishing network to distribute the malware and gather account codes and passwords to sell onto other groups. These will be the guys actually logging in and transferring the cash-out.

The timing is interesting too – with the Citadel bust just being made public, the headline and moral of the story should have been that the perpetrators have just been jailed, but maybe the estimated $500M stolen was actually the more eye-catching element of the story? So instead of acting as a warning and deterrent to other cyber criminals, the story could just as likely have inspired even more to “get rich or die tryin’”, just like the notorious Albert Gonzalez who held this as his motto when he undertook his various scams targeting cardholder data theft.

Linux Users – Welcome to the New Wild West

The only real conclusion is that the inevitable proliferation of cybercrime-enabling malware continues and that the previous ‘high ground’ afforded by the Non-Windows Operating Systems seems now to be diminishing. The good news is that host intrusion detection system (HIDS) technology is also progressing – real-time FIM is already available for Mac OS X, and nearly all other contemporary Linux and Unix, including Solaris, Ubuntu, RedHat, and Suse. This means that there is already HIDS technology to detect malware, even Zero Day attacks that will evade anti-virus systems. Furthermore, with prevention always being the ideal strategy, hardening checklists can now be applied using the same File Integrity Monitoring technology to audit Linux hosts and Desktops to ensure most vulnerabilities are closed down and kept out. And of course, vigilance is always going to be required – phishing attacks have doubled in the last 12 months and this all points to a potentially upwards spiraling trend.

 
 
NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.