iGB North America magazine IGBNA Aug/Sep | Page 19

Compliance and Technology

customers who are not in a position to
apply the patch.

DDoS
LOT Polish Airlines was grounded for five
hours during June, 10 flights being affected
after their systems handling flight plans fell
victim to a supposed DDoS attack. According
to Sebastian Mikosz, CEO of LOT, this
problem is not confined to LOT systems and
could potentially been seen again on another
carrier in the future. Rightly, some quarters
are questioning why such critical systems are
connected to the internet in the first place.

Malware
Tinba banking malware is proliferating.
The morphing malware discovered by
security firm Malwarebytes uses web
browsers to intercept usernames and
passwords before they are encrypted and
sent to the online banking site. Although
specifically targeting the financial services
sector, the malware is capable of stealing
authentication information for any site from
an infected machine.
Stegoloader, discovered by researchers at
Dell SecureWorks, ups the ante on malware
detection. Using digital steganography to
obfuscate malicious code, Stegoloader uses
PNG picture files to host malware, thereby
hiding it from traditional detection methods
until its payload is delivered.
Ransomware, malicious software
that prevents a user from accessing their

systems or files, is on the increase too. SANS
Internet Storm Centre informs us that traffic
containing the malware Cryptowall 3.0 has
continued to grow. As well as being spread
through the Angler Exploit Kit, malicious
spam campaigns are also being used to
ensure the proliferation of the exploit.
Angler and exploit kit Nuclear are also )