Malware Attacks Hundreds of Security Cameras Using Botnets
With the Internet of Things (IoT) emerging as the next big technology to watch, Incapsula observes that one of the most common IoT botnet vulnerabilities are closed-circuit security cameras (CCTV), where a code turned approximately 900 CCTV cameras into a botnet. Incapsula has noted this trend since 2014 when botnet activity increased by 240% with most of them traced back to CCTVs.
The botnet consists of a DDOS attack using a series of HTTP GET floods, and all compromised CCTVs were running an embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources. With the vulnerability in place, the botnet bombarded an undisclosed “large cloud service” that serves millions of people.
Uber Designs MySQL-like Interface Schemaless
Uber explains the process from migrating PostgresSQL to designing and implementing their own unique interface using MySQL called Schemaless. Until 2014, Uber was using Postgres, an object-relational database management system (ORDBMS) to store trip data. As their database grew drastically, Uber have tried to iteratively deal with the scaling issues that come with rapid trip growth.
What Uber ultimately wanted in a datastore was the ability to linearly add capacity by adding more servers, write availability, have a way of notifying downstream dependencies, secondary indexes and operation trust in the system, as it contains mission-critical trip data. After looking at popular SQL alternatives Cassandra, Riak, and MongoDB, the issues for switching to any of them came down to operational trust. Thus, Uber designed Schemales rather than use a completely new storage system. Schemaless operates as as a storage node for cells in their new data model, but they have implemented their own non-relational data model (such as trip data), and they manage things like columns and versions entirely within their application code.
Bromium Advises Anti-Virus Software Not Enough, Use Prevention-Based Services Instead
As cyber threats and data breaches increased at an all-time high last year, Bromium declares that there should be less confidence for users to rely on using only an anti-virus software and the security industry should push more for prevention-based services. The results come from Bromium’s Enterprise Security Confidence Report, wherein the security group surveyed 125 professionals to determine the state of cyber threats and the security industry. The survey found that a staggering 92% of respondents are losing confidence in detection-based like anti-virus and whitelisting, and 78% of those interviewed said that anti-virus software is not effective against general attacks.
Bromium’s micro-vm vSentry software is designed as an endpoint isolation to make malware and virus protection invisible to the user. The micro-vm tracks the user’s website visits and data on Windows. The software will isolate untrustworthy tasks on Windows in a micro-VM immediately, and guarantees that any malware the users come across will be defeated and discarded without the user noticing.
Netflix Explains High Video Encoding at Scale
Netflix provides their take on how they produce multiple encoded formats from source video, especially for the sake of building a video encoding pipeline that is highly efficient and scalable. From their source videos, Netflix generates video encodes of various codec profiles, at multiple quality representations per profile.
Even with video sources of an older, poorer quality, Netflix rejects the problematic source video and requests redelivery using quality control checks. Netflix then uses parallel chunked encoding to generate multiple quality representations at different bitrates (ranging from 100 kbps to 16 Mbps) and selects the optimal stream adaptive to the quality of the source video. The encodes are packaged and then deployed to a CDN for video streaming.
Anonymous Threat Group Uses BBSRAT Malware to Attack Russian Organizations Linked to Roaming Tiger
In late 2014, ESET revealed the details of “Roaming Tiger,” an attack campaign by an undisclosed threat group targeting high profile organizations in Russia and former Soviet Union countries. The threat group used RTF exploits and the PlugX RAT to conduct espionage and steal data from their targets. Later in August 2015 and continuing into December, Palo Alto Networks observed a similar series of attacks against Russia, using similar malware mechanisms to PlugX Rat that is dubbed “BBSRAT.”
In one attack instance, the threat group sent out an email containing a malicious Word document designed to exploit an old Microsoft Office vulnerability (CVE-2012-0158) to deliver BBSRAT. BBSRAT is delivered via droppers and downloaders and creates registry entries for persistence. Once installed on a system, the malware collects data on the infected device and sends it back to a remote server via a POST request. From the remote serve, the attacker can send commands such as installing or uninstalling BBSRAT, execute a shell code, or read and manipulate files.