cyber threats 2015
TRANSCRIPT
-
CYBER THREATS 2015
ThaiCERT
, , , , , Martijn Van Der Heide, , , , , , , , , , ,
1 2559
3,000
300
.. 2537
() (Thailand Computer Emergency Response Team : ThaiCERT)
() (.) Electronic Transactions Development Agency (Public Organization) (ETDA)
Ministry of Information and Communication Technology
() 20 33/4 9 10310
: 0 2123 1212 | : 0 2120 1200 : [email protected] : www.thaicert.or.th () : www.etda.or.th : www.mict.go.th
-
Digital Economy Cybersecurity
() (.) ETDA ()
2558 E-banking
-
" CYBER THREATS 2015" 2558
()
-
1
Awareness
1. Microsoft Mainstream Windows 7 13 2558 ...............................................................21
2. FBI 6,000 ..........................21
3. FBI Sony .......................................22
4. Apple ..........22
5. ................................................................23
6. FB ...................................................23
7. ..........................................................24
8. FireEye IT ...................................25
9. Google Chrome Adware ...............................................26
10. Facebook ..............27
11. Signal 2.0 iOS - Android ........28
12. Cybersecurity 2558 ZDNet .......................................................29
13. iOS ......................30
14. Google Play Store .......................30
15. IBM X-Force 2557 ..........................31
16. Samsung Galaxy Tab .......................................................32
17. ..........................................32
18. World Backup ..............................................................34
19. Android find my phone Google ..................................................34
1 264
-
20. Biometrics Scanner BodyPrint ..........34
21. Facebook PGP ..................................................................................................35
22. MasterCard ..............................................36
23. Microsoft Security Essentials Windows XP ................................................................37
24. ........38
25. Microsoft, Google, Facebook, Twitter Yahoo .........................................................39
26. Facebook ......................................39
27. Microsoft Internet Explorer 12 2559 ...............................................................................40
28. SHA-1 ...................................................................................41
29. .....................................................................42
Computer Security Incident
30. twitter ............................................45
31. 19,000 ...................................................................45
32. Malaysia Airline ..................................................................................46
33. Baby Monitor .......................47
34. Kaspersky Equation group APT NSA ..............................48
35. 300 100 .....................49
36. Lizard Squad Google ........................................................................................50
37. Torrent Bitcoin .....................................51
38. Panda .........................................................52
39. APT30 .....................................................................52
-
40. DDoS ........................................................................53
41. Kaspersky Naikon APT ..............................................54
42. ....................................................................................55
43. SMEs Grabit .....56
44. LastPass ..................................................................57
45. ICANN ..................................................58
46. ThaiCERT () .......................................59
47. MySQL DDoS ...............................................60
Law & Policy
48. ETDA 10 . ........................................63
49. .................................................................63
50. .............................................................64
51. ....................................................65
52. Backdoor ..............................................................................65
Malware
53. Twitter #JeSuisCharlie ..............................................67
54. iOS ............................................67
55. Lenovo SSL ..................................................................68
56. .........................................69
57. LastPass Superfish VisualDiscovery ...................................................................69
-
58. Microsoft Windows Defender Superfish ...........70
59. ........................71
60. Killer USB .........................................................................72
61. Android 3 .............72
62. "Your Facebook login is currently removed" ......................................................................................73
63. ...................................................................................73
64. ..................................................75
65. PuTTY ...........................................76
66. Ransomware .......................................................................76
67. Ransomware Android .......................................................................................................77
68. UnfriendAlert Facebook ...............................................78
69. CTB-Locker 14 ....................................79
70. adf.ly ............80
71. Play Store Android ...................................................................80
72. Red Star ....................................................................81
73. CTB-Locker Windows 10 ...............................................................................82
74. Smartwatch ....................................................83
75. Tweak iCloud ..............................................84
76. Android .......................................................................84
77. Brain Test Play Store root / 1 ................................................85
-
78. Mac OS X ......................................86
79. Dell eDellroot Dell .......................................................87
Phishing/Scam
80. Facebook .........................................................89
81. Phishing Facebook Facebook Apps .....................89
82. / Facebook App ............................................................................90
83. ............................................90
84. Dance of the Pope ...................................................91
85. / PayPal .91
86. Outlook/Hotmail / ..............93
87. PayPal .....94
88. ..............95
Privacy
89. ........................................97
90. ...................................................................................................97
91. .................98
92. Edward Snowden ..................................................................................................99
93. Apple Siri .................................99
94. G20 ................................................................................. 100
95. Facebook .................................................................................................. 101
96. NSA / ...................................................................................................... 101
97. Selfie ................................................. 102
-
98. Snowden NSA Google Play Store ................................. 103
99. Facebook Messenger ..... 104
100. 17% Facebook ................................................................................ 105
101. "DuckDuckGo" 6 .................................................................................... 106
102. WhatsApp .......................................................................................................... 106
103. 47 1 ........ 107
104. GhostShell .................................................................................. 108
105. Hacking Team 400 GB ......................... 110
106. - 4.8 2 . Vtech .................................. 111
Vulnerability
107. Mac Thunderbolt....................................................................................... 113
108. OpenSSL .................................................................................. 113
109. Google Android 4.4 ............................................................................................ 114
110. Samsung Smart TV ............................ 114
111. Facebook .......................................................... 115
112. Microsoft PowerPoint ............................................................. 115
113. BIND ......................................... 116
114. FireEye Masque Attack .......................................................... 116
115. Mac OS X Internet Explorer 2557 .......................................................... 117
116. Telegram .................................... 118
-
117. Samba .................................... 118
118. WP-Slimstat WordPress ... 119
119. Bitdefender SSL ...................................................... 119
120. Business Storage 2-Bay ......................................................... 120
121. Blu-ray Blu-ray .................................... 121
122. Toshiba Admin 122
123. Yoast WordPress 14 .. 122
124. Line .............. 123
125. D-Link DCS-93xL ........................................................... 123
126. Drupal ................................ 124
127. PHP Ubuntu ........................................ 124
128. OpenSSL ......................... 125
129. Mozilla Firefox 36.0.3 Pwn2Own .................................................................. 125
130. Firefox, Chrome, IE, Safari Pwn2Own 2015 .... 126
131. BIOS OS .............................. 126
132. IP Phone Cisco ....... 127
133. Android ................................................................................................ 127
134. YouTube .................................................................. 128
-
135. WordPress .................................................. 128
136. ntpd ................................ 128
137. WordPress ............................................................... 129
138. iOS 8 iPhone-iPad WiFi ........................................................ 129
139. Lenovo System Update ................................................................................................................. 130
140. VENOM Virtual Machine ................................................... 131
141. URL Safari ............................................ 132
142. Logjam TLS ...................................................................... 132
143. UC Browser Android ........................................ 133
144. Add-on Unity Web Player ........................... 134
145. Samsung Galaxy 600 ........................................................................................... 135
146. Drupal ........................... 136
147. Flash Player .................................................................... 136
148. Flash Player ........ 137
149. Apple OS X 10.10.4, iOS 8.4 ..................................................................... 137
150. OpenSSL .......................................... 138
151. Adobe Adobe Flash Player Hacking Team .................................................................................... 138
-
152. Internet Explorer (CVE-2015-2372) ....................... 139
153. Windows (CVE-2015-2426) ....................... 139
154. WordPress 4.2.3 Cross-Site Scripting ................ 140
155. Stagefright Android MMS ............................................................................... 140
156. Android Stagefright MMS.................................................... 142
157. Google Chrome Extension ......................................................................................... 143
158. Android Stagefright ...... 144
159. Dropbox, Google Drive, OneDrive man-in-the-cloud.................................................................................. 145
160. PDF Firefox Firefox 39.0.3 ....................................................... 146
161. Android AudioEffect ............................................................................ 146
162. Android ...................... 147
163. Belkin N600 (CVE-2015-5989) ....................................................................................................... 148
164. ISC 2 BIND (CVE-2015-5986, CVE-2015-5722) ..................................................................... 149
165. Seagate Telnet Username Password root ............................... 149
166. WordPress 4.3.1 Cross-Site Scripting (CVE-2015-5714) Privilege Escalation (CVE-2015-5715) ........................................................ 150
167. AirDrop iOS, OS X .......................... 151
168. WinRAR 152
-
169. Zyxel NBG-418N, PMG5318-B20A P-660HW-T1 ........................................................ 152
170. Apple 4 Keynote, Pages Numbers ........................................................... 153
171. Mozilla Firefox 41.0.2 .................................................. 153
172. Joomla! 3.4.5 ................ 154
173. ColdFusion 10, 11 Cross-Site Scripting (CVE-2015-8052, CVE-2015-8053) Server-side Request Forgery ......................................................................... 154
174. OpenSSL ....... 155
175. Joomla! 1.5 3.4.5 ................................................. 155
176. MacKeeper ........................................ 156
177. Juniper ScreenOS ........................................................................................ 157
1. CTB Locker ........................................................ 160
2. glibc (GHOST, CVE-2015-0235) ............................................ 170
3. D-Link DNS . 174
4. (Phishing) .................................................................... 177
5. SSL/TLS (FREAK) ..................................... 182
6. HTTP Protocol Stack (HTTP.sys) BSOD (CVE-2015-1635) ........................................................................ 187
-
7. OpenSSL SSL (CVE 2015-1793) ....................................... 191
8. Adobe Flash Player (CVE-2015-5122, CVE-2015-5123) ..................................... 193
9. Asus, ZTE, Digicom Observa Telecom . 195
10. Xcode iOS WeChat .......................... 197
11. Bookworm ...................................................................................................... 200
12. Microsoft Windows DNS (CVE-2015-6125, MS15-127) .................... 207
1 Gmail, Outlook Yahoo ................................................................... 212
2. Locker Unlocker : Ransomware .................... 239
3. Flash Player ....................................................................... 252
.......................................................................................... 264
....................................................................................................... 266
-
18
-
CYBER THREATS 2015 19
-
20
Awareness
-
CYBER THREATS 2015 21
FBI Charles Gilgen FBI 2,000 4,000
2553 CyberCorps 20,000-25,000 3 45 3
: 08-01-2558 : Businessweek
2FBI 6,000
Microsoft Mainstream Windows 7 13 2558
Windows 7 Mainstream 13 2558 Feature Windows 7
Windows 7 Extended Support 14 2563
: 07-01-2558 : Microsoft
1
Awareness
-
22
Apple TouchID iPhone iPad Apple
Apple Apple
: 20-01-2558 : The Register
4Apple
FBI Sony
FBI James Comey Sony the Guardians of Peace Proxy
FBI
: 13-01-2558 : Foxnews
3
-
CYBER THREATS 2015 23
13.00-15.00 . 27 2558 Facebook Instagram Lizard Squad Facebook BBC
Facebook Instagram
: 28-01-2558 : BBC
6FB
hackerlist.com
Facebook, Gmail 2,000 hackerforhirereview.com
: 23-01-2558 : Nakedsecurity
5
-
24
password Software Advice
56% (, , , )
54%
17% 2 (2-Factor Authentication)
14% Biometric Authentication
: 04-02-2558 : Infosecurity-magazine
7
-
CYBER THREATS 2015 25
FireEye IT
FireEye M-Trend 2015: A View from the Front Lines IT 78% (44%)
(Remote Access) / 2 (2-Factor Authen-tication)
1. 205 2556
2. 69%
3.
4.
8
: 2015-02-25 : FireEye
-
26
Google Chrome Adware
Google Chrome Download.com, Sourceforge, Softonic Adware
Google Chrome Google Chrome
9
: 27-02-2558 : Ghacks
-
CYBER THREATS 2015 27
Facebook
Facebook Facebook Support
(Irish Data Protection Commissioner)
: 03-03-2558 : The Hacker News
10
-
28
Signal 2.0 iOS - Android "Edward Snowden " (http://thcert.co/7452m8) 3 Android TextSecure iOS iPhone (https://www.eff.org/secure-messaging-scorecard)
iPhone Android iPhone iMessage Apple Apple
2 2558 Open Whisper Systems iOS Signal 2.0 Signal iOS TextSecure Android https://itunes.apple.com/us/app/signal-private-messen-ger/id874139669?mt=8
Signal 2.0 iOS - Android 11
: 05-03-2558 : The Hacker News ,
Ars Technica , EFF
-
CYBER THREATS 2015 29
Cybersecurity 2558 ZDNet
ZDNet ( Heartbleed Shellshock ) Apple
Sandboxing
ZDNet Firewall Cloud Firewall, VPN, IDS/IPS
: 10-03-2558 : ZDNet
12
-
30
MDSec iOS 4 USB (Brute-force) 111 1
iOS 10
Google Play Store Apple App Store Google E (Everyone) , T (Teen) , M (Mature)
iOS
Google Play Store
13
14: 19-03-2558
: MDSec
: 19-03-2558 : The Hacker News
-
CYBER THREATS 2015 31
IBM X-Force Threat Intelligence Quarterly IBM 2557
1. 2556 25%
2.
(Security Question)
3. Cryptography Libraries Heartbleed, POODLE, FREAK
4. 28.7%, 13%, 10.7 %
IBM X-Force 2557 15
: 27-03-2558 : Net-security
-
32
Ben Gurion University (Air-gapped Computer)
17
Stanford Research Institute (SRI) Samsung (Iris-scanning) Galaxy Tab Pro 8.4
SRI 1,000 SRI Iris on the Move (IoM)
Samsung Galaxy Tab 16
: 27-03-2558 : The Register
-
CYBER THREATS 2015 33
31 2558 World Backup Day worldbackupday.com 30% 113 (Ransomware)
Google Drive Dropbox 2 (2-Factor Authentica-tion) worldbackupday Infographic https://vimeo.com/97489098
World Backup 18
: 27-03-2558 : The Hacker News
: 01-04-2558 : World Backup Day
2 Air-gapped
Computer 8
-
34
Google Android find my phone Google ( Android Device Manager)
Google Account Remote locate this device Google Settings Google
(Biometric)
Yahoo! BodyPrint BodyPrint
Android find my phone Google
Biometrics Scanner BodyPrint
19
20: 16-04-2558
: +Google
-
CYBER THREATS 2015 35
Facebook HTTPS, HSTS Facebook Tor
Facebook
Facebook PGP Profile Facebook Facebook Facebook
Facebook PGP 21
: 28-04-2558 : The Hacker News
: 02-06-2558 : Facebook
(touchscreen) BodyPrint .
99.98% 12 Yahoo!
-
36
( .. - ..) MasterCard Apple, Google, Microsoft Samsung
MasterCard SecureCode 3
MasterCard 22
: 06-07-2558 : CNN
-
CYBER THREATS 2015 37
Windows XP 2557 Microsoft Security Essentials ( Microsoft) Windows XP 14 2558 Microsoft Microsoft Security Essentials
Windows XP " Windows XP 8 2557" (http://thcert.co/Jp6761)
Microsoft Security Essentials Windows XP 23
: 17-07-2558 : ZDNet
-
38
HP 10
1. SSL/TLS 40%
2. 30%
3. 30%
Two Factor Authentication 2
4. 70%
HP
24
: 28-07-2558 : The Hacker News ,
HP
-
CYBER THREATS 2015 39
Internet Watch Foundation IWF 5 IT Microsoft, Twitter, Google, Facebook, Yahoo IWF Hash
IWF 500
Face-book Facebook
Microsoft, Google, Facebook, Twitter Yahoo
Facebook
25
26: 13-08-2558
: Naked Security
-
40
: 14-08-2558 : The Hacker News
: 07-10-2558 : Microsoft
Facebook API ( ) API
Facebook
https://www.etda.or.th/content/social-network-security.html
Microsoft 12 2559
Internet Explorer Internet Explorer 11
Microsoft Internet Explorer 12 2559 27
-
CYBER THREATS 2015 41
: 16-10-2558 : Ars Technica
Hash Hash Hash Hash Hash Collision ( http://thcert.co/sbR2L2) Hash Collision
SHA-1 Hash SHA-1 2561
SHA-1 173,000 75,000-120,000
SHA-1 SHA-2 SHA-3 (Certificate Authority) SHA-1 SHA-1 2558 2559
SHA-1 28
-
42
: 18-12-2558 : ThaiCERT
(https://thaicert.or.th/alerts/user/2015/al2015us007.html)
1.
2. ,
3.
Infographic (https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Mail-Scam.jpg)
29
-
CYBER THREATS 2015 43
-
44
Computer Security Incident
-
CYBER THREATS 2015 45
: 14-01-2558 : bbc
: 21-01-2558 : ap
12 2558 CyberCaliphate Twitter YouTube (US Central Command)
US Central Command Twitter YouTube
Arnaud Coustillire 19,000 DDoS Charlie Hebdo 7
Arnaud Coustillire
twitter
19,000
30
31
-
46
: 27-01-2558 : nakedsecurity
26 2558 NakedSecurity Malaysia Airline "404-Plane Not Found" Lizard Squad
Malasia Airline 22
Malaysia Airline DNS Server ( ) Lizard Squad
Malaysia Airline 32
-
CYBER THREATS 2015 47
: 03-02-2558 : nakedsecurity
(Default Password)
nakedsecurity Baby Monitor Foscam
Baby Monitor 33
-
48
Kaspersky Equation group APT 2001 0-Day
C&C C&C C&C
0-Day Stuxnet Equation group Stux-net
()
NSA
Kaspersky Equation group APT NSA 34
-
CYBER THREATS 2015 49
: 17-02-2558 : Ars Technica
: 18-02-2558 : Secure List
Kaspersky 300 100 2556
Carbanak ATM
300 100 35
NSA
NSA
-
50
: 24-02-2558 : TeachWorm
23 2558 Google (google.com.vn) "Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)Buy DDOS.."
zing.vn DNS 8.8.8.8
Lizard Squad Google 36
-
CYBER THREATS 2015 51
: 10-03-2558 : The Verge
5 2558 Torrent 3.4.2 build 38913 EpicScale Bitcoin Torrent
Torrent Windows EpicScale Windows Task Manager Ctrl+Shift+ESC
EpicScale
1. Control Panel > Pro-grams and Features EpicScale Uninstall
2. C:\programdata Folder EpicScale
3. Windows+R regedit Registry Editor
4. HKEY_CURRENT_US-ER>Software>EpicScale EpicScale Delete
5. HKEY_CURRENT_USER>-Software>Microsoft>Win-dowsCurrentVersion>Run EpicScale delete
Torrent Bitcoin 37
-
52
: 12-03-2558 : Panda Security
Panda Security (Panda Cloud Office Protec-tion, Panda Cloud Office Protection Advanced, Panda Antivirus Pro 2015,Panda Internet Security 2015, Panda Global Protection 2015, Panda Gold Protection)
Signature
Panda Security http://www.pandasecurity.com/uk/homeus-ers/support/card?id=100045
FireEye APT30
aseanm.com (asean.org)
FireEye IOC (Indicators of Compromise) https://github.com/fireeye/iocs/tree/master/APT30
Panda
APT30
38
39
: 16-04-2558 : FireEye
-
CYBER THREATS 2015 53
(Telecom Regulatory Authority of India TRAI) Net Neutrality
ISP , , TRAI Vodafone Airtel Net Neutrality
TRAI 1 TRAI
TRAI (trai.gov.in) AnonOp-sIndia @opindia_revenge DDoS (Distributed Denial of Service) TRAI TRAI
DDoS 40
: 29-04-2558 : The Hacker News
-
54
: 15-05-2558 : MAwarenessboard ,
Secure List
Kaspersky Naikon APT APT30 FireEye
Kaspersky Naikon APT 5 ( )
Microsoft Word
Naikon APT Microsoft Word Microsoft Word
Kaspersky Naikon APT 41
-
CYBER THREATS 2015 55
Chris Roberts United Airlines Chris Roberts In-flight Entertainment (IFE) Ethernet
Cable
Chris 15 United Airlines
42
: 20-05-2558 : The Hacker News
-
56
Kaspersky Grabit 10,000
Grabit
Grabit (.doc)
HawkEye 3,023 2,887 1,053 4,928 Outlook, Facebook, Skype, Google mail, Yahoo, LinkedIn Twitter
Kaspersky Grabit
1. C:\Users\\AppData\Roaming\Microsoft executable file ( .exe)
SMEs Grabit 43
-
CYBER THREATS 2015 57
: 09-06-2558 : Kaspersky Lab
15 2558 LastPass , Password reminders, Salt (Master Password) Hash
LastPass LastPass LastPass 2 LastPass 1. , 2. 3. 2 (2 Factor Authentication) https://helpdesk.lastpass.com/multifactor-authenti-cation-options/
LastPass 44
: 16-06-2558 : LastPass
2. Windows System Configurations startup grabit1.exe
3.
4.
-
58
ICANN Internet Corporation for Assigned Names and Numbers
5 2558 ICANN ICANN.org
ICANN Hash ICANN.org https://www.icann.org/users/password/new
ICANN 45
: 07-08-2558 : ICANN
-
CYBER THREATS 2015 59
23 2558 Fallaga Team (Web Defacement) 19,000 Charlie Hebdo 25 2558 Fallaga Team 106
Web Defacement
Web Defacement [email protected] 0 2123 1212
/
ThaiCERT () 46
-
60
Log
: 26-08-2558 : ETDA
: 02-11-2558 : Net-Security , Symantec
Symantec Chikdos MySQL DDoS SQL Injection User-defined Function (UDF) UDF
MySQL Administrator, SQL Injection
MySQL DDoS 47
-
CYBER THREATS 2015 61
-
62
Law & Policy
-
CYBER THREATS 2015 63
: 24-01-2558 : thaicert
24 2558 ETDA ICT Law Center 10 ETDA
ETDA Digital Economy
... 1 10
10
24 2558 66A Information Act 2000
3
ETDA 10 .
48
49
-
64
: 26-03-2558 : Naked Security
: 21-04-2558 : Infosecurity Magazine
(China Banking Regulatory Commission : CBRC)
50
-
CYBER THREATS 2015 65
: 07-05-2558 : Euronews ,
BBC
: 13-10-2558 : The New York Times
5 2558
(Mass Surveillance) Liberal Democrats
iMessage, Facebook Messenger (Backdoor)
Apple Google
Backdoor
51
52
-
66
Malware
-
CYBER THREATS 2015 67
: 19-01-2558 : cbronline
Charlie Hebdo Twitter DarkComet Remote Access Trojan (RAT)
#JeSuisCharlie
Trend Micro 2 XAgent iOS Contact, SMS, GPS, , 1 MadCap
2 Pawn Storm
(Defense Contractor) iOS 7 iOS 8 iOS 7 1 4 iOS
iOS Enterprise/Ad-hoc provisioning App Store
Twitter #JeSuisCharlie
iOS
53
54 Malware
-
68
(
iOS App Store)
: 10-02-2558 : Trend Micro
: 19-02-2558 : The Next Web ,
Y Combinator
Lenovo Superfish VisualDiscovery Lenovo Search engine
Superfish VisualDiscovery SSL Superfish VisualDiscovery SSL
Superfish VisualDiscovery
Superfish VisualDiscovery Lenovo 2557 https://www.youtube.com/watch?v=oMMOPg9DRDc
Lenovo SSL 55
-
CYBER THREATS 2015 69
: 20-02-2558 : AVG
AVG . Animation
AGV
Superfish VisualDis-covery Lenovo Lenovo Y50, Z40, Z50, G50 Yoga 2 Pro HTTPS SSL
LastPass https://lastpass.com/superfish/
SSL
Windows start > "uninstall program" > uninstall program > Superfish inc VisualDiscovery > Uninstall
SSL
LastPass Superfish VisualDiscovery
56
57
-
70
Windows Start > "certmgr.msc" > certmgr.msc > > Trusted Root Certification
Authorities > Certificates > Superfish Inc delete >
: 20-02-2558 : LastPass
: 23-02-2558 : Ars Technica ,
Ars Technica
Superfish Lenovo (http://thcert.co/e9zx5p) Microsoft Windows Defender Windows Vista SSL
Internet Explorer, Chrome Opera Firefox
SSL Superfish Mozilla Firefox
1. Menu Options
2. Options Advanced Certificates
3. View Certificates
4. Certificate Manager Superfish, Inc
5. Delete or Distrust
6. OK
Microsoft Windows Defender Superfish 58
-
CYBER THREATS 2015 71
: 13-03-2558 : Net Security
Bromium Labs (Ransomware)
Call of Duty, StarCraft 2, Diablo, Minecraft, Half-Life 2, Skyrim, WarCraft 3, Assassin's Creed, World of Warcraft, Day Z, League of Legends, World of Tanks Steam RPG Maker, Unity3D Unreal Engine
iTunes Library
CryptoLocker Word-Press CVE-2015-0311 Flash Player CVE-2013-2551 Internet Explorer
59
-
72
: 13-03-2558 : Kukuruko
: 31-03-2558 : We Live Security
USB Stick Killer USB
Killer USB -110V USB Stick
Carnegie Mellon Android (Geolocation) 3 The Weather Channel 2,000 Groupon 1,062
( ) Groupon 20
Google Play Services 2,200 Android iOS
Killer USB
Android 3
60
61
-
CYBER THREATS 2015 73
: 30-04-2558 : Online Threat Alerts
Facebook "Your Facebook login is currently removed" ( "")
Ransomware () " /
(Encryption) External Drive
"Your Facebook login is currently removed"
62
63
-
74
(Bitcoin) (Decryption)
1.
2. Java PDF Reader
3.
4.
1.
2. (Portable Storage) (Network Storage)
3. IT
[email protected] 0 2123 1212
: 07-05-2558 : ThaiCERT
-
CYBER THREATS 2015 75
: 11-05-2558 : Softpedia
Ransomware (CV)
( (En-cryption) External Drive (Decryption) )
64
-
76
: 11-05-2558 : Softpedia
Cisco MalPutty PuTTY Secure Shell Credential HTTP GET
PuTTY
PuTTY for Mac, PuTTY for Android platforms Search Engine
Hash PuTTY Cisco
Ransomware
McAfee
Ransomware Tox
PuTTY
Ransomware
65
66
-
CYBER THREATS 2015 77
: 27-05-2558 : Net Security
Bitdefender Android.Trojan.SLocker.DZ Android Ransomware 500 1500
Adobe Flash Player
Home Launcher Back Home
Safe mode ADB (Android Debug Bridge)
Ransomware Android 67
: 27-05-2558 : Softpedia
20%
Ransomware
-
78
Malwarebytes UnfriendAlert Facebook Unfriend UnfriendAlert / Facebook (yougotunfriended.com) Facebook
Facebook
Facebook Facebook OAuth "Log in with Facebook account" Facebook
Unfriend Alert Malwarebytes Log out of Awareness devices
UnfriendAlert Facebook 68
: 08-06-2558 : Malwarebytes
-
CYBER THREATS 2015 79
Trust-wave Trustwave Global Security Report 2015 547 15 2557
- 1,425% ($84,100 ) 14 (Ransomware) CTB-Locker
- 98% Trustwave 1 (Median) 2557 43%
- "Password1"
- 188
- 43% (13%) (12%)
- / 31% / (CVV)
- 81%
- (Remote Access)
- Spam 60% (69%)
CTB-Locker 14 69
: 15-06-2558 : Trustwave
-
80
Malwarebytes adf.ly Internet Explorer Flash Player
HanJuan exploit kit
ESET Facebook "Cowboy Adventure" "Jump Chess"
Facebook
Google Play Store
1. Facebook
2. Google Play Store
adf.ly
Play Store Android
70
71: 25-06-2558
: Softpedia
-
CYBER THREATS 2015 81
ERNW Red Star Linux
OpenOffice
Red Star 72
: 20-07-2558 : The Register
: 13-07-2558 : The Hacker News
3. "Cowboy Adventure" Facebook
4. 2 (2 Factor Authentication) Facebook
5.
-
82
Cisco CTB-Locker update @microsoft.com Windows 10 .zip (Win10Installer.zip) .zip CTB-Locker
Windows 10 Microsoft (http://www.microsoft.com/th-th/windows/windows-10-upgrade)
CTB-Locker (https://www.thaicert.or.th/alerts/user/2015/al2015us001.html)
CTB-Locker Windows 10 73
: 04-08-2558 : Cisco
-
CYBER THREATS 2015 83
Smartwatch, Smart TV, Smart Fridge Smart Lock
Symantec Simplocker Smartwatch Smartwatch Smartwatch Smartwatch
Memory Card Smartwatch Smartwatch (Factory Reset)
Smartwatch Smart TV (http://thcert.co/jw1f9T) Android TV Box
Smartwatch 74
: 17-08-2558 : The Hacker News ,
IOT+Security
-
84
Wooyun.com iCloud 220,000 iOS Tweak () iCloud
Tweak Wooyun iOS App Store
Zscaler Adult Player ( Google Play Store)
Device Administrator
Tweak iCloud
Android
75
76: 28-08-2558
: The Hacker News
-
CYBER THREATS 2015 85
Check Point Brain Test Google Play Store 10-15 2558 1 Google Play Store root
IP Google
Google Play Store
root
Brain Test Play Store root / 1 77
: 22-09-2558 : Check Point
: 08-09-2558 : The Hacker News ,
Zscaler
Safe Mode Settings > Security > Device Administrator Adult Player Settings > Apps > Uninstall
Google Play Store Device Administrator
-
86
Rafael Salema Marques Mabouia (Ransomware) Mac OS X Ransomware Windows
YouTube (https://www.youtube.com/watch?v=9nJv_
PN2m1Y) Ransomware Mac OS X
Apple Mac OS X Ransomware
Mac OS X 78
: 09-11-2558 : LinkedIn , Softpedia
-
CYBER THREATS 2015 87
Dell eDellroot Root CA Dell (Private key) Man-in-the-middle https
Dell eDellroot Dell Dell XPS 15 laptops, M4800 worksta-tions, Inspiron desktop Inspiron laptop Dell https://dellupdater.dell.com/Downloads/APP009/eDellRootCertFix.exe
Dell eDellroot Dell 79
: 25-11-2558 : Ars Technica ,
Dell
-
88
Phishing/Scam
-
CYBER THREATS 2015 89
Facebook Facebook Facebook
"Many people on Facebook have reported that this story contains false information"
business2community / Facebook Facebook Fanpage Facebook /
(hxxps://apps.facebook.com/1538154846437637 - )
Facebook apps.facebook.com
Facebook
Phishing Facebook Facebook Apps
80
81: 23-01-2558
: fb
: 20-02-2558 : Business 2 Community
-
90
Online Threat Alerts / Facebook App "hello ! Do you want to know after 20 years you will look like? Please Click here to view hxxp://bit.ly/1BDzD84 I tried very fun and interesting hxxp://appnew2015.cf/"
Facebook /
/ Facebook https://www.facebook.com/hacked
Neil Moore Wandsorth 88
3 Neil Moore
/ Facebook App
82
83: 09-03-2558
: Online Threat Alerts
: 30-03-2558 : BBC
-
CYBER THREATS 2015 91
Social media "" (The Dance of the Pope) (Hoax) 2558
onlinethreatalerts.com (Billing Address) PayPal
PayPal /
Dance of the Pope
/ PayPal
84
85: 09-04-2558
: Hoax Slayer , Snopes
-
92
From: servces paypal [mailto:info@fanandish .com]
Sent: 20 April 2015 16:31
Subject: Your Transaction Needs Verification
Verify mailing address
Dear Customer,
Please confirm your billing address as we cannot match it to your card billing address. Did you change/update your billing address. We cannot process any payment for your purchase. You need you to confirm this action now.
Take a minute to confirm this address so we know it belongs to you. Once you confirm it, you can use this email address to receive alerts and updates concerning your account to avoid account blocked.
Confirm My Address
It's important because it helps us make sure no one is getting into your account without your knowledge.
Sincerely,
PayPal
: 22-04-2558 : Online Threat Alerts
(https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Mail-Scam.jpg,https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Phishing.jpg)
-
CYBER THREATS 2015 93
Outlook/Hotmail / 86
: 22-05-2558 : Online Threat Alerts
onlinethreatalerts.com Reset Outlook/Hotmail
(hxxp://www.webaccess12.esy.es/Access12.html) /
Hello!
Someone started the process to reset your account password without success.
Was this you?
Press here to validate your identity if you requested account login reset.
If you did not request to reset your account login information, it is nowmandatory for you to link your location to your account for improved security.
Press here to validate location if login information reset was not requested.
Please note your account will be disable if you fail to comply to request as we shall assume you no longer require service and account. Also note you may receive this email on your work email address and or alternative email address which you supplied to us at the time of registration.
Thank you for choosing yahoo as your email service provider.
Team Microsoft Outlook!
-
94
Subject: Account information needs to be updated.
From: Pay/Pal ([email protected])
Dear Member,
Please login to your Pay.Pal Account and visit the Message Center section in order to read the message.
To Login, please click the link below:
____Message Center____
2015 Pay_Pal Corporation. All rights reserved.\\
PayPal 87
Online Threat Alerts PayPal Pay/Pal ( [email protected]) PayPal
(hxxp://www.cswl168.com/us/Revalidate.htm?cmd_submitaccess0023044.submit=data_refund) / ,
PayPal
(https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Mail-Scam.jpg, https://www.thaicert.or.th/downloads/files/info_ThaiCERT_Phishing.jpg)
: 13-06-2558 : Online Threat Alerts
-
CYBER THREATS 2015 95
.88
Social Engineering
1.
2.
3.
4.
5.
6.
OTP https://www.youtube.com/watch?v=_dj_90TnVbo
: 23-06-2558 : The Hacker News
-
96
Privacy
-
CYBER THREATS 2015 97
89
90
Rex Mundi Banque Cantonale de Geneve 10,000
Reuters 30,000
The Intercept Communications Security Establishment (CSE) 2 BADASS IP
LEVITATION Rapidshare Megaupload 2012
: 14-01-2558 : nakedsecurity
: 30-01-2558 : Net Security
-
98
91
Stanford PowerSpy Android 90%
: 23-02-2558 : The Hacker News
-
CYBER THREATS 2015 99
Edward Snowden
Apple Siri
92
93
19 2558 (Edward Snowden) NSA GCHQ Gemalto NSA GCHQ 2553-2554 Gemalto 2 Token VPN
NSA/GCHQ
Gemalto
Walk N' Talk Technologies Siri Apple Apple Apple Siri
Apple Apple Samsung Samsung Smart TV
: 27-02-2558 : The Intercept ,
Gemalto
: 17-03-2558 : The Hacker News
-
100
G20 94 Guardian
G20 , ,
(Auto-fill) Outlook
Auto-fill
10,000
: 31-03-2558 : The Guardian
-
CYBER THREATS 2015 101
Facebook
NSA /
95
96
26 2558 ( Great Firewall of China) Facebook JavaScript Facebook Login
( VPN) Facebook Login
Facebook wpkg.org ptraveler.com
Baidu GitHub DDoS ( The Great Cannon)
7 2558 National Security Agency NSA
NSA (Edward Snowden) 2556
: 29-04-2558 : The Verge
-
102
FBI
: 08-05-2558 : The Hacker News
Selfie 97
Darth Vader Facebook 20,000
Facebook
: 13-05-2558 : Naked Security
-
CYBER THREATS 2015 103
Snowden NSA Google Play Store 98
(Edward Snowden) NSA 5 Five Eye (Hijack) Google Play Store Samsung App Store
2011 2012 IRRITANT HORN
Man-in-the-middle
Google Play Store Samsung App Store 2012 Jon Oberheide Charlie Miller SummerCon 2012 Android Market ( Play Store) HTTP
: 22-05-2558 : The Hacker News ,
Jon Oberheide
-
104
Facebook Messenger 99
Cambridge Chrome extension Marauders Map Facebook Messenger
Marauders Map Location New messages include your location by default
: 28-05-2558 : The Hacker News
-
CYBER THREATS 2015 105
17% Facebook 100
The Parent Zone 2,000
17% Facebook
70%
51%
39% 17% Facebook Instagram 2
Facebook Messenger
: 29-05-2558 : Naked Security
-
106
"DuckDuckGo" 6
WhatsApp
101
102
NSA (Privacy) DuckDuckGo 6 3
DuckDuckGo Google Google
Google DuckDuckGo
DuckDuck-Go https://duckduckgo.com Firefox Safari Search Engine DuckDuckGo
Electronic Frontier Foun-dation - EFF (https://www.eff.org/) WhatsApp
AT&T Verizon
EFF 5
: 20-06-2558 : NakedSecurity
-
CYBER THREATS 2015 107
47 1 103
Recorded Future 1 89 47 Pastebin
2558 47 12 2 (2 Factor Authentication)
http://go.recordedfuture.com/government-credentials-report
: 22-06-2558 : The Hacker News
1.
2.
3.
4.
5. backdoors
https://www.eff.org/who-has-your-back-government-data- requests-2015
: 26-06-2558 : Softpedia
-
108
GhostShell 104
2 2558 2.00 . GhostShell
GhostShell 28 2558 500 13,000 4,000 (.edu) 108 82 .com 61 40
Ghost-Shell SQL injection
58 3 21
1.
2.
3.
-
CYBER THREATS 2015 109
: 02-07-2558 : Twitter ,
Computerworld
1.
2. Log
3.
4.
Ghostshell .. 2012 120,000 NASA, Pentagon, Federal Reserve FBI 1.6
-
110
Hacking Team 400 GB 105
Hacking Team Malware ( ) Spyware ()
400 GB Hacking
Team
Hacking Team Hacking Team
Hacking Team
: 07-07-2558 : The Hacker News
-
CYBER THREATS 2015 111
- 4.8 2 . Vtech 106
MAwarenessboard Vtech , , 4.8 (), , 2
14 2558
4 ( haveibeenpwned.com) 1 Adobe 152 www.haveibeenpwned.com
: 01-12-2558 : MAwarenessboard
-
112
Vulnerability
-
CYBER THREATS 2015 113
Mac Thunderbolt
OpenSSL
107
108
Chaos Computer Congress (30C3) Trammell Hudson Mac Thunderbolt Thunderbolt Thunderstrike
Hudson
OS X ROM
Mac Apple Mac mini iMac 5K Retina Mac
OpenSSL OpenSSL Denial of Service
OpenSSL 1.0.1 ,1.0.0 ,0.9.8 1.0.1k, 1.0.0p, 0.9.8zd
: 06-01-2558 : thehackernews
: 09-01-2558 : openssl
-
114
Google Android 4.4
Samsung Smart TV
109
110
Rapid7 Android 4.4
Google Android 4.4 Android 4.4 61% Android Google
Smart TV Samsung Smart TV (Voice Recognition) Samsung
Samsung
: 15-01-2558 : nakedsecurity
: 09-02-2558 : The Hacker News
-
CYBER THREATS 2015 115
Facebook
Microsoft PowerPoint
111
112
Laxman Muthiyah Facebook
Public Laxman Facebook
Micorosoft 10 2558 KB2920732 Microsoft PowerPoint 2013
Microsoft PowerPoint Microsoft Windows Update
8 ( 2557) Microsoft Windows Update 6
: 13-02-2558 : Naked Security
: 16-02-2558 : The Register
-
116
BIND
FireEye Masque Attack
113
114
18 2558 ISC Denial of Service BIND
9.9.6-P2 9.10.1-P2
2557 FireEye Masque Attack iOS App Store Jailbreak ( https://thaicert.or.th/papers/technical/2014/pa2014te003.html)
FireEye
URL scheme iOS URL
URL scheme URL "googlechrome://" Google Chrome
: 19-02-2558 : ISC
-
CYBER THREATS 2015 117
Mac OS X Internet Explorer 2557 115
GFI 2557
1. Mac OS X (147 ) iOS Linux Windows 7 5 Windows 8 7
2. IE (242 ) Chrome Firefox
3. Nation-al Vulnerability Database (NVD) 2557 7,038 2556 4,794
4. 2557 24% 1,705 2556 1,612
: 20-02-2558 : FireEye
: 24-02-2558 : GFI Blog
URL "fb://" Facebook
iOS URL scheme URL scheme
CVE-2014-4494 Apple iOS 8.1.3 iOS
-
118
Telegram
Samba
116
117
Zimperium Telegram Telegram Kernel Android root Cache Telegram
Telegram 30
Telegram Telegram root root OS
23 2558 Samba Samba (CVE-2015-0240) (Remote Code Execution)
Samba 3.5.0 - 4.2.0rc4
: 24-02-2558 : CIO
-
CYBER THREATS 2015 119
WP-Slimstat WordPress
Bitdefender SSL
118
119
Sucuri WordPress WP-Slimstat SQL Injection
WordPress 1,300,000 3.9.6
Risk Based Security Bitdefender SSL (Revoke) Bitdefender Antivirus
Plus, Bitdefender Internet Security Bitdefender Total Security
Bitdefender HTTPS SSL
: 27-02-2558 : Sucuri
: 27-02-2558 : Samba
Debian: http://www.debian.org/security/2015/dsa-3171
Redhad:https://securityblog.redhat.com/2015/02/23/samba-vulnera-bility-cve-2015-0240/
Ubuntu: https://securityblog.redhat.com/2015/02/23/samba-vulner-ability-cve-2015-0240/
-
120
: 27-02-2558 : PC World
SSL Bitdefender
SSL Bitdefender SSL SSL
SSL Bitdefender
Bitdefender Bitdefender
Business Storage 2-Bay 120
0-day Business Storage 2-Bay NAS Seagate root
Business Storage 2-Bay NAS 2014.00319, 2013.60311 2014.00319
: 03-03-2558 : The Hacker News
-
CYBER THREATS 2015 121
Blu-ray Blu-ray 121
NCC Group Blu-ray Blu-ray
PowerDVD Blu-ray Blu-ray Disc Java (BD-J) Java Blu-ray
BD-J Xlets Xlets PowerDVD
Xlets
Blu-ray Linux BusyBox root Blu-ray
PowerDVD Blue-ray Blu-ray Blu-ray
: 05-03-2558 : PC World
-
122
Toshiba Admin
Yoast Wordpress 14
122
123
Blue-tooth Stack TOSHIBA Service Station Toshiba (Administrator)
Toshiba CVE-2015-0884 Bluetooth Stack for Windows 9.10.32 TOSHIBA Service Station 2.2.14 TOSHIBA (http://www.toshiba.co.uk/innovation/generic/computing-support/)
WPScan Vulnerability Database SQL Injection WordPress Yoast SQL Injection
WordPress 14,00,000 1.7.4
: 06-03-2558 : Softpedia ,
CERT
: 12-03-2558 : The Hacker News
-
CYBER THREATS 2015 123
Line
D-Link DCS-93xL
124
125
16 2558 Line Man-In-The-Middle
Line WiFi
D-Link D-Link DSC-93xL
(Arbitrary Code Execution)
Firmware
: 17-03-2558 : Line
: 19-03-2558 : D-Link
-
124
Drupal
PHP Ubuntu
126
127
18 2558 Drupal Drupal URL Drupal
URL redirect Parameter "destination"
Drupal (6.35, 7.35)
18 2558 Ubuntu PHP Ubuntu 14.10, 14.04 LTS, 12.04 LTS 10.04 LTS
(Denial of Service) (Remote Code Execution) PHP
: 23-03-2558 : Drupal
: 23-03-2558 : Ubutu
-
CYBER THREATS 2015 125
OpenSSL
Mozilla Firefox 36.0.3 Pwn2Own
128
129
19 OpenSSL OpenSSL (Denial of Service) OpenSSL
OpenSSL (OpenSSL 1.0.2a 1.0.2 , OpenSSL 1.0.1m 1.0.1, OpenSSL 1.0.0r 1.0.0 OpenSSL 0.9.8zf 0.9.8)
Mozilla Firefox Pwn2Own 2015
(Remote Code Execution)
Mozilla Firefox 36.0.3, Firefox ESR 31.5.2 SeaMonkey 2.33.1
: 23-03-2558 : OpenSSL
: 24-03-2558 : Mozilla
-
126
Firefox, Chrome, IE, Safari Pwn2Own 2015
BIOS OS
130
131
HP Pwn2Own 2015 Firefox, Chrome, IE Safari (Privilege Escalation)
Jung Hoon Lee 7 IE, Chrome Safari ilxu1a Firefox
BIOS CanSecWest (Malicious Code) BIOS
BIOS 2
BIOS BIOS Dell, Lenovo HP
: 24-03-2558 : HP
: 24-03-2558 : Wired
-
CYBER THREATS 2015 127
IP Phone Cisco
Android
132
133
IP Phone Cisco SPA300 SPA500 3
Cisco 7.5.5 Cisco
Palo Alto Networks PackageInstaller Android .apk .apk
.apk (permission) .apk
Android 4.4 49.5% Android root Palo Alto Networks Android Google Play Store
: 24-03-2558 : IT News
: 25-03-2558 : Palo Alto Networks
-
128
YouTube
WordPress
ntpd
134
135
136
Kamil Hismatullin YouTube Request Session Token
Google Facebook
US-CERT WordPress WP Super Cache
Cross-Site Scripting 1.4.4
8 US-CERT ntpd The Network Time Foundation
Man-in-the-middle (Denial of Service) ntpd 4.2.8p2
: 07-04-2558 : Naked Security
: 10-04-2558 : US-CERT
: 10-04-2558 : US-CERT
-
CYBER THREATS 2015 129
WordPress
iOS 8 iPhone-iPad WiFi
137
138
21 2558 WordPress Cross-Site Scripting
WordPress SQL Injection
WordPress 4.1.2
iOS 8 ( iPhone iPad)
iOS 8 SSL Certificate SSL Certificate
WiFi Access Point SSL Certificates Access Point WiFi NO iOS ZONE DoS (Denial-of-Service)
: 22-04-2558 : WordPress
-
130
NO iOS ZONE
WiFi Free WiFi
: 23-04-2558 : The Hacker News
Lenovo System Update 139
IOActive 3 Lenovo System Update Lenovo 3
1. Lenovo System Update Service SYSTEM (CVE-2015-2219)
2. Lenovo System Update
Man-in-the-middle
3. Lenovo System Update
3 Lenovo System Update 5.6.0.27 Lenovo IOActive Lenovo
: 07-05-2558 : Gizmodo ,
IOActive
-
CYBER THREATS 2015 131
VENOM Virtual Machine 140
13 2558 CrowdStrike Computer Virtualization Platform Floppy disk ( Virtual Machine Escape)
QEMU 2004 Opensource
Virtualization Opensource Xen, KVM, VirtualBox VMware Microsoft Hyper-V
VirtualBox 4.3.28 Redhat, Ubuntu, Debian, Xen Project, QEMU, Citrix, FireEye, Linode, Rackspace, SUSE, DigitalOcean, f5 http://venom.crowdstrike.com/
: 14-05-2558 : CrowdStrike
-
132
URL Safari
Logjam TLS
141
142
Safari iOS OS X URL () Safari
URL
Apple
TLS Man-in-the-middle TLS HTTPS, SSH, IPSec, SMTPS VPN Logjam
TLS Diffie-Hellman (
TLS) Client DHE_EXPORT Client
DHE_EXPORT Server Client
: 20-05-2558 : The Hacker News
-
CYBER THREATS 2015 133
UC Browser Android 143
University of Toronto UC Browser Android 500 ( IMEI, Geolocation, Search)
UC Browser UCWeb Inc. Android,
iOS, Windows Phone Windows UC Browser Android
UC Browser Android 2 Xiaomi App Store UC Browser (Permission) . SMS Geolocation .
: 21-05-2558 : Weakdh
512
1 HTTPS 8.4%
( HTTPS) Logjam https://weakdh.org/sysadmin.html DHE_EXPORT https://weakdh.org/sysadmin.html
-
134
UC Browser 270 HTTP WiFi
WiFi Access Point UC Browser
Search UC Browser Search Google Yahoo! HTTP Google Yahoo! HTTPS
: 22-05-2558 : Citizenlab
Add-on Unity Web Player 144
Cross- domain Policy
Jouko Pynnnen Unity Web Player Add-on 3D
Unity Web Player Gmail (https://www.youtube.com/watch?v=zzujoyWzUvo) Unity Web Player Redirect http://attacker.site:[email protected]/
-
CYBER THREATS 2015 135
: 05-06-2558 : Softpedia
Unity Technologies Unity Web Player
2557
Samsung Galaxy 600 145
Samsung 600 Samsung Galaxy S5, S6 (Remote Code Execution)
Samsung IME Keyboard Android 4.4 WiFi
Samsung IME Keyboard Extract
Samsung IME Keyboard Samsung WiFi
: 18-06-2558 : Ars Technica
-
136
Drupal
Flash Player
146
147
Drupal 4 Drupal (Critical) 1 OpenID OpenID
OpenID OpenID Verisign, LiveJournal, StackExchange
Drupal 6.x 7.x (6.36, 7.38)
23 2558 Adobe Adobe Flash Player (Remote Code Execution)
Internet Explorer
Windows 7 Firefox Windows XP
Adobe Flash Player (18.0.0.194 Windows Macintosh, 11.2.202.468 Linux)
: 19-06-2558 : Drupal
: 24-06-2558 : Adobe
-
CYBER THREATS 2015 137
Flash Player
Apple OS X 10.10.4, iOS 8.4
148
149
Adobe Adobe Flash Player
(Exploit Kits) Magnitude (Ransomware)
Magnitude Adobe Flash Player
Adobe Flash Player (18.0.0.194 Windows Macintosh, 11.2.202.468 Linux)
30 .. Apple QuickTime 7.7.7, iTunes 12.2, Safari 8.0.7, Safari 7.1.7, Safari 6.2.7, Mac EFI Security Update 2015-001, OS X Yosemite 10.10.4 and Security Update 2015-005 iOS 8.4 77
(Remote Code Execution) EFI Mac Flash Memory Format
: 30-06-2558 : Malware don't need Coffee
: 01-07-2558 : net-security
-
138
OpenSSL
Adobe Adobe Flash Player Hacking Team
150
151
OpenSSL OpenSSL 1.0.2d 1.0.1p
1.0.0 0.9.8 9 2558
8 Adobe Adobe Flash Player Hacking Team ( http://thcert.co/7y4A41) (Remote Code Execution)
Angler Exploit Kit Nuclear Exploit Pack
Flash Player ( 18.0.0.203 Windows OSX, 11.2.202.481 Linux )
: 07-07-2558 : openssl.org
: 09-07-2558 : Adobe ,
Trendmicro
-
CYBER THREATS 2015 139
Internet Explorer (CVE-2015-2372)
Windows (CVE-2015-2426)
152
153
Hacking Team ( http://thcert.co/93Tsh6) Vectra Internet Explorer (Remote Code Execution) CVE-2015-2372
Microsoft 14 2558 12 Remote Code Execution (Privilege Escalation) Windows
20 2558 Microsoft OpenType
(Remote Code Execution) CVE-2015-2426
Microsoft Windows KB3079904
: 16-07-2558 : Naked Security ,
Microsoft
: 21-07-2558 : Microsoft
-
140
WordPress 4.2.3 Cross-Site Scripting
Stagefright Android MMS
154
155
23 2558 WordPress 4.2.3 Cross-Site Scripting
20 WordPress Auto Update 4.2.3 Dashboard Update
Zimperium Android Stagefright Stagefright Remote Code Execution
MMS Message
Stagefright MMS Google Hangouts SMS Hangouts MMS Preview Google Hangouts SMS MMS MMS
: 24-07-2558 : WordPress
-
CYBER THREATS 2015 141
: 28-07-2558 : Forbes
root
Android Google Android
Google Hangouts SMS MMS Message MMS APN MMS
-
142
Android Stagefright MMS156
Stagefright Android MMS (http://thcert.co/1S01ZY) Trend Micro MMS
Stagefright Android Stagefright
MMS
Google Chrome Mozilla Firefox Firefox 38 Android Firefox ( Facebook Twitter) Play Store
-
CYBER THREATS 2015 143
: 03-08-2558 : The Hacker News ,
Android Police
Google Chrome Extension 157
Detectify Labs Google Chrome (Extension)
Google Chrome ping ID / ID
HTTPS Everywhere ID "gcbommkclmclpchllfjek-cdonpmejbdp" ping ""
Google Google
Google Android 5.1.1_r5 Android Android 5.1
Custom Firmware ( CyanogenMod)
: 05-08-2558 : Softpedia ,
Detectify labs
-
144
: 06-08-2558 : Ars Technica ,
The Verge , Android Police
Android Stagefright158
Zimperium Stagefright Android MMS ( http://thcert.co/nIxh6A)
Google Stagefright Nexus Stagefright
- Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 Nexus Player
- Samsung Galaxy S5, S6, S6 Edge, Note 4 Note Edge
- HTC One M7, One M8, One M9
- LG G2, G3, G4
- Sony Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact
- Android One
-
CYBER THREATS 2015 145
: 07-08-2558 : ZDNet
Dropbox, Google Drive, OneDrive man-in-the-cloud159
Black Hat USA 2015 Imperva cloud man-in-the-cloud cloud
man-in-the-middle token ( token cloud cloud )
token
( ) token cloud ransomware cloud token
(design flaw)
-
146
: 10-08-2558 : Naked Security ,
Security Week , Mozilla
PDF Firefox Firefox 39.0.3
Android AudioEffect
160
161
Mozilla Firefox CVE-2015-4495 PDF (PDF Viewer)
Mozilla Firefox (Firefox 39.0.3 Firefox ESR 38.1.1) Firefox Android PDF Viewer
Trend Micro AudioEffect Android CVE-2015-3842 Android 2.3 (Gingerbread) 5.1.1 (Lollipop)
AudioEffect AudioEffect (Permission)
-
CYBER THREATS 2015 147
: 20-08-2558 : The Hacker News
Android 162
Stagefright Mediaserver CVE-2015-3842 Pennsylvania State University FireEye Android Task Hijacking Android (Multitasking)
1.
2. Video Player
3.
4.
5.
Google Android
-
148
Google Verify Apps (https://support.google.com/accounts/an-swer/2812853?hl=th)
Play Store
: 26-08-2558 : The Hacker News ,
USENIX
Belkin N600 (CVE-2015-5989)163
CERT 5 Belkin N600 DB Wireless Dual Band N+, F9K1102 v2 2.10.17
1. ( CVE-2015-5989)
2. DNS Response ( CVE-2015-5987)
3. Firmware HTTP ( CWE-319)
4. Cross-Site Request Forgery DNS ( CVE-2015-5990)
-
CYBER THREATS 2015 149
: 01-09-2558 : CERT
: 03-09-2558 : ISC , ISC
ISC 2 BIND (CVE-2015-5986, CVE-2015-5722)
Seagate Telnet Username Password root
164
165
ISC CVE-2015-5986, CVE-2015-5722 BIND DoS
(Denial-of-Service) BIND 9.9.7-P3 BIND 9 version 9.10.2-P4
CERT Seagate 3
- CVE-2015-2874 Telnet Username Password root
- CVE-2015-2875
- CVE-2015-2876 /media/sda2
ACL (Access Control List)
-
150
Seagate 3.4.1.105 Seagate
Seagate (https://apps1.seagate.com/downloads/request.html)
: 04-09-2558 : CERT
: 17-09-2558 : Wordpress
WordPress 4.3.1 Cross-Site Scripting (CVE-2015-5714) Privilege Escalation (CVE-2015-5715)166
15 2558 Word-Press 4.3.1 Cross-Site Scripting ( CVE-2015-5714) Privilege Escalation
( CVE-2015-5715) Private Sticky Post WordPress Auto Update 4.3.1 Dashboard Update
-
CYBER THREATS 2015 151
: 17-09-2558 : Forbes
AirDrop iOS, OS X 167
Mark Dowd Azimuth Security AirDrop iOS iOS AirDrop Jailbreak
AirDrop Enterprise iOS App Store Dowd iPhone AirDrop
Dowd iOS 9 Apple AirDrop iOS 9 OS X (Yosemite) OS X El Capitan
Apple Apple
-
152
: 05-10-2558 : SecLists
WinRAR
Zyxel NBG-418N, PMG5318-B20A P-660HW-T1
168
169
WinRAR 5.21 (Remote Code Execution)
SFX (self-extracting file) .exe Extract
SFX WinRAR Description .exe description .exe
WinRAR .exe
13 2558 CERT Zyxel NBG-418N, PMG5318-B20A P-660HW-T1 5 Remote Code Execution (CVE-2015-6018) ,
XSS (CVE-2015-6017) (CVE-2015-6016) 2 (CVE-2015-6019, CVE-2015-6020)
-
CYBER THREATS 2015 153
: 14-10-2558 : CERT
: 16-10-2558 : Apple
: 16-10-2558 : Mozilla
Apple 4 Keynote, Pages Numbers
Mozilla Firefox 41.0.2
170
171
15 2558 Apple 4 (CVE-2015-3784, CVE-2015-7032, CVE-2015-7033, CVE-2015-7034) 3 iOS OS X Keynote, Pages Numbers
(Remote Code Execution)
(Keynote 6.6, Pages 5.6, Numbers 3.6)
15 2558 Mozilla (CVE-2015-7184) Firefox Cross-origin bypass
Firefox (Firefox 41.0.2) Alt Help > About
Zyxel P-660HW-T1
()
-
154
: 23-10-2558 : Joomla
: 23-11-2558 : Adobe
Joomla! 3.4.5
ColdFusion 10, 11 Cross-Site Scripting (CVE-2015-8052, CVE-2015-8053) Server-side Request Forgery
172
173
22 2558 Joomla! Joomla! 3.4.5 SQL Injection (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) (CVE-CVE-2015-7859,
CVE-2015-7899)
Joomla! (http://thcert.co/Z9vSJP)
17 2558 Adobe ColdFusion 10 11 Cross-Site Script-ing ( CVE-2015-8052, CVE-2015-8053)
Server-side Request Forgery (CVE-2015-5255) ColdFusion Cold-Fusion 11 Update 7 ColdFusion 10 Update 18
-
CYBER THREATS 2015 155
: 04-12-2558 : OpenSSL
OpenSSL
Joomla! 1.5 3.4.5
174
175
3 2558 OpenSSL OpenSSL 4 (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) OpenSSL Denial of Service
(0.9.8zh, 1.0.0t, 1.0.1q 1.0.2e) 0.9.8zh, 1.0.0t OpenSSL 0.9.8 1.0.0 1.0.1 1.0.2
14 2558 Joomla! Joomla! 3.4.6 4 Remote Code Execution
Sucuri Joomla! Log Request 146.0.72.83 74.3.170.33 194.28.174.106 Request "JDatabaseDriv-erMysqli" "O:" Request
-
156
Website Security Standard 7.1.1 (https://standard.etda.or.th/wp/wp-content/uploads/2014/09/Website-Securi-ty-Standard_V6E6.2.pdf)
Joomla! 1.5 2.5 (End of Life) (https://docs.joomla.org/Security_hotfix-es_for_Joomla_EOL_versions) Joomla!
: 15-12-2558 : Joomla! ,
Sucuri
: 16-12-2558 : MacKeeper ,
The Hacker News
MacKeeper 176
Chris Vickery MacKeeper Antivirus (Macintosh) 13 21 (Hash) MacKeeper
MacKeeper MacKeeper
-
CYBER THREATS 2015 157
: 22-12-2558 : Juniper ,
SANS , Shodan
Juniper ScreenOS 177
22 2558 SANS SSH Telnet Shodan 170
17 2558 Juniper 2 ScreenOS Firewall NetScreen
VPN Juniper (ScreenOS 6.2.0r19 6.3.0r21) (ScreenOS 6.2.0r15-6.2.0r18 6.3.0r12-6.3.0r20)
-
160
CTB Locker
: 23 2558 : 11 2558 : CTB Locker
: Malicious code
CTB-Locker
Curve-Tor-Bitcoin Locker Ransomware External Drive .pdf, .xls, .ppt, .txt, . py, .wb2, .jpg, .odb, .dbf, .md, .js, .pl, .doc
1
-
CYBER THREATS 2015 161
630 ( 20,000 ) Bitcoin ( )
CTB-Locker 2 CTB-Locker 4 ( ) 5 96
1 CTB-Locker [1]
-
162
2 [2]
CTB-Locker
1 ( .zip) ( .scr)
3 8-10
-
CYBER THREATS 2015 163
3
3 BTC 630 96 4
5
-
164
[]
breteau-photographe.com jbmsystem.fr maisondessources.com pleiade.asso.fr scolapedia.org voigt-its.de
4
CTB-Locker
-
CYBER THREATS 2015 165
5 Directory Windows Temp
Windows CTB Locker
5
1. External Drive
2. Public Key 6 CTB-Locker
Private Key Public Key
-
166
3. Windows 7 Shadow volumn copies volumn 7 - 11
Shadow volumn copies CTB-Locker
6 Public Key CTB-Locker
7 Shadow volumn copies CTB-Locker
-
CYBER THREATS 2015 167
8 - 9 Shadow volumn copies CTB-Locker ()
-
168
10 - 11 Shadow volumn copies CTB-Locker ()
-
CYBER THREATS 2015 169
4. Format
1.http://blog.trendmicro.com/trendlabs-security-intelligence 2.https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25696/en_US/McAfee_Labs_Threat_Advisory_CTB-Locker.pdf
1.
2. / Java Adobe Reader
3.
4.
5. CTB-Locker
CTB-Locker
-
170
(GHOST, CVE-2015-0235)
glibc
: 29 2558 : 29 2558 : glibc
(GHOST, CVE-2015-0235)
: Intrusion
27 2558 Qualys glibc GNU C Library Library C Linux [1] __nss_host-name_digits_dots() gethostbyname() Hostname Buffer overflow
(Remote code execution) Exim Address space layout randomization (ASLR), Position-independent executables (PIE) No-execute (NX) [2] CVE CVE-2015-0235 [3]
2
-
CYBER THREATS 2015 171
Ubuntu [4]
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.10
Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.20
Debian [5]
Debian 7 LTS (Wheezy): 2.13-38+deb7u7
Red Hat Enterprise Linux CentOS [6]
RHEL 5: glibc-2.5-123.el5_11.1
RHEL 6: glibc-2.12-1.149.el6_6.5
RHEL 7: glibc-2.17-55.el7_0.5
CentOS 6: glibc-2.12-1.149.el6_6.5
CentOS 7: glibc-2.17-55.el7_0.5
Linux Debian Redhat (Patch) glibc
glibc
-
172
glibc
Debian Ubuntu
ldd --version ldd glibc
[user@ubuntu ~]$ ldd version ldd (Ubuntu GLIBC 2.19-10ubuntu2.2) 2.19 Copyright (C) 2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
Red Hat Enterprise Linux CentOSU>
rpm -q glibc
[user@centos ~]$ rpm -q glibc
glibc-2.17-55.el7_0.5
-
CYBER THREATS 2015 173
1. Distribution
Debian Ubuntu
sudo apt-get update && sudo apt-get dist-upgrade reboot sudo reboot glibc
Red Hat Enterprise Linux CentOS
sudo yum update glibc reboot sudo reboot glibc
2. glibc
Linux
1.https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability2.http://www.openwall.com/lists/oss-security/2015/01/27/93.http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-02354.https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST5.https://lists.debian.org/debian-security-announce/2015/msg00025.html6.https://rhn.redhat.com/errata/RHSA-2015-0092.html
glibc
-
174
DNS D-Link
: 30 2558 : 30 2558 : D-Link
DNS : Intrusion
27 2558 Computerworld Todor Donev Ethical Hacker ZyNOS D-Link DSL-2740R DNS server [1] ZyNOS TP-Link ZTE [2] [3] D-Link
DNS server DNS server Domain name IP address Server DNS server
3
-
CYBER THREATS 2015 175
Remote Access Control
Advance WAN
1
D-Link DSL-2740R
ZyNOS TP-Link ZTE
ACL (Access Control List) D-Link
-
176
1 Remote Access Control DSL-2740R
Apply Settings
1.http://www.computerworld.com/article/2876292/dns-hijacking-flaw-affects-d-link-dsl-router-possibly-other-devices.html2.http://en.wikipedia.org/wiki/ZyNOS3.http://packetstormsecurity.com/files/130113/D-Link-DSL-2740R-Unauthenticated-Remote-DNS-Change.html
-
CYBER THREATS 2015 177
(Phishing)
: 12 2558 : 12 2558 : (Phishing)
: Phishing
11 2558
http://goo.gl/B7YLSZ 1 (goo.gl Google URL) http://www.form2pay.com/publish/publish_form/163363
4
-
178
Phishing () 2
1
-
CYBER THREATS 2015 179
2 Phishing
10 .. 2558 ( 12 .. 2558 9.30 .)
285 7 ( Referer) 3
-
180
3 12 2557 9:30 .
-
CYBER THREATS 2015 181
1.
2. Phishing
3. Phishing URL
http://goo.gl/B7YLSZ
http://www.form2pay.com/publish/pub-lish_form/163363
4.
-
182
(FREAK)
SSL/TLS
: 5 2558 : 5 2558 : SSL/TLS
(FREAK) : Other
3 INRIA, Microsoft Research IMDEA Software FREAK (Factoring RSA Export Keys) Cipher suite SSL/TLS Cipher suite [1] OpenSSL CVE CVE-2015-0204 [2] [3] Apple
Google [4]
Cipher suite Cipher suite (Cipher suite Export-grade EXP EXPORT Cipher suite) RSA 512 bits
5
-
CYBER THREATS 2015 183
OpenSSL
1.0.1 1.0.1k
1.0.0 1.0.0p
0.9.8 0.9.8zd
Android
Safari OS X iOS
Cipher suite RSA export-grade cipher suite [5][6]
University of Michigan HTTPS 36.7% RSA export-grade cipher suite [7] 1 Alexa .th 60 (
) [8] e-banking
Man-in-the-middle SSL certificate HTTPS
-
184
1.
https://freakattack.com/clienttest.
html
1
-
CYBER THREATS 2015 185
1. SSL/TLS RSA export-grade cipher suite
Terminal openssl s_client -connect : -cipher EXPORT
handshake failure SSL
certificate RSA export-grade cipher suite
https://www.ssllabs.com/ssltest Cipher Suites Cipher suite RSA_EXPORT RSA export-grade cipher suite
2. Android Browser Safari
Mozilla Firefox
3.
-
186
2 RSA export-grade cipher suite
1.https://www.smacktls.com2.https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-02043.https://www.openssl.org/news/secadv_20150108.txt4.http://www.reuters.com/article/2015/03/03/us-apple-cybersecurity-idUSKBN0LZ2GA201503035.http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html6.https://blogs.akamai.com/2015/03/cve-2015-0204-getting-out-of-the-export-business.html7.https://freakattack.com8.https://freakattack.com/vulnerable.txt
2. OpenSSL OpenSSL Linux
OpenSSL
-
CYBER THREATS 2015 187
BSOD (CVE-2015-1635)
HTTP Protocol Stack (HTTP.sys)
: 16 2558 : 17 2558 : HTTP Protocol Stack (HTTP.sys)
BSOD (CVE-2015-1635)
: Intrusion Availability
14 2558 Microsoft Security Bulletin MS15-034 HTTP Protocol Stack ( HTTP.sys) Remote Code Execution [1] (Critical) CVE-2015-1635 [2] Bluescreen Error Blue Screen Of Dead (BSOD)
SANS [3] SANS (Honeypot) Bluescreen Error
HTTP Protocol Stack HTTP Request HTTP Request [4]
6
-
188
Bluescreen error
HTTP.sys Kernel SYSTEM
Windows 7 Windows 7 Service Pack 1 32 bit 64 bit
Windows Server 2008 R2 Windows Server 2008 R2 Service Pack 1 32 bit 64 bit
Windows 8 Windows 8.1 32 bit 64 bit
Windows Server 2012 Windows Server 2012 R2 32 bit 64 bit
Windows Server 2012 Windows Server 2012 R2 Server Core
: HTTP Protocol Stack (HTTP.sys) IIS Windows [5]
-
CYBER THREATS 2015 189
IIS
1. https://lab.xpaw.me/MS15-034/
2. Command Line CURL
[6]
1 https://lab.xpaw.me/MS15-034/
2
#curl -v SERVER_IP -H "Host: anything" -H "Range: bytes=0- 18446744073709551615"
-
190
Microsoft KB3042553 Microsoft Windows Update
IIS IIS Kernel Caching [7]
1.https://technet.microsoft.com/en-us/library/security/ms15-034.aspx2.http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-16353.https://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible+Remote+Code+Execution+PATCH+NOW/19583/4.https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/5.https://nakedsecurity.sophos.com/2015/04/15/update-tuesday-april-2015-urgent-action-needed-over-microsoft-http-bug/6.https://blog.sucuri.net/2015/04/website-firewall-critical-microsoft-iis-vulnerability-ms15-034.html7.https://technet.microsoft.com/en-us/library/cc731903%28v=ws.10%29.aspx
-
CYBER THREATS 2015 191
SSL (CVE 2015-1793)
OpenSSL
: 11 2558 : 11 2558 : OpenSSL
SSL (CVE 2015-1793)
: Other
OpenSSL SSL TLS Open source OpenSSL Linux, , VPN
6 2558 OpenSSL OpenSSL 1.0.2d 1.0.1p 1.0.0 0.9.8 OpenSSL
9 2558 [1]
SSL Man-in-the-Middle (MitM) [2] [3]
7
-
192
OpenSSL [4]
1.0.1o 1.0.1p
1.0.1n 1.0.1p
1.0.2b 1.0.2d
1.0.2c 1.0.2d
OpenSSL
DPKG Debian, Ubuntu
dpkg -s openssl
RPM CentOS, Redhat
rpm -q --info openssl
1.https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html2.https://www.thaicert.or.th/papers/general/2012/pa2012ge012.html3.https://nakedsecurity.sophos.com/2015/07/09/the-openssl-cve-2015-1793-certificate-verification-bug-what-you-need-to-know/4.https://www.openssl.org/news/secadv_20150709.txt
-
CYBER THREATS 2015 193
(CVE-2015-5122, CVE-2015-5123)
Adobe Flash Player
: 13 2558 : 16 2558 : Adobe Flash Player
(CVE-2015-5122, CVE-2015-5123)
: Intrusion
14 2558 Adobe Adobe Flash Player (18.0.0.209 Windows Mac OS X) CVE-2015-5122 CVE-2015-5123 [8]
11 12 2558 Adobe Flash Player Hacking Team Use-after-free [1] [2]
CVE-2015-5122 CVE-2015-5123
Flash Microsoft Office Flash
8
-
194
Adobe Flash Player [3]
Adobe Flash Player 18.0.0.203 Windows Mac OS X
Adobe Flash Player Extended Support Release 13.0.0.302 13.x Windows Mac OS X
Adobe Flash Player Extended Support Release 11.2.202.481 11.x Linux
Adobe Flash Player [4] [5]
Adobe Flash Player Click-to-Play ( Flash ) [6]
Microsoft Enhanced Mitigation Experience Toolkit (EMET) [7]
1.http://www.kb.cert.org/vuls/id/3387362.http://www.kb.cert.org/vuls/id/9185683.https://helpx.adobe.com/security/products/flash-player/apsa15-04.html4.https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html5.https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html6.http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/7.www.microsoft.com/emet8.https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
-
CYBER THREATS 2015 195
Asus, ZTE, Digicom Observa Telecom
: 28 2558 : 28 2558 : Asus, ZTE, Digicom
Observa Telecom
: Intrusion
25 2558 CERT Carnegie Mellon ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN ZTE ZXV10 W300 (CVE-2014-0329) 2557 [1] Mac Address Mac Address (Remote Access) [2]
(Remote Access) DNS Server
ASUS DSL-N12E, ZTE ZXV10 W300, DIGICOM DG-5524T, Observa Telecom RTA01N Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN
9
-
196
ACL (Access Control List)
1.https://www.kb.cert.org/vuls/id/2288862.http://www.kb.cert.org/vuls/id/950576
-
CYBER THREATS 2015 197
iOS WeChat
Xcode
: 21 2558 : 21 2558 : Xcode
iOS WeChat
: Malicious Code
17 2558 Palo Alto Networks XcodeGhost Xcode Apple Xcode iOS / [1]
Xcode iOS Mac OS X Xcode Apple
Palo Alto Networks Xcode Xcode iOS Xcode / App Store Apple iOS Jailbreak
10
-
198
Palo Alto Networks Xcode WeChat
iOS / [2]
iOS Palo Alto Networks Fox-it 50 [1]
WeChat 6.2.5 [3]
WinZip
CamScanner
CamCard
Oplayer
PDFReader
Perfect365
-
CYBER THREATS 2015 199
Xcode [1] iOS Apple App Store [4]
Xcode [5]
iOS Apple ID
: WeChat 6.2.6 [3]
1.http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affect-ing-hundreds-of-millions-of-users/2.http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/3.http://blog.wechat.com/2015/09/19/fixed-security-flaw-in-wechat-v6-2-5-for-ios/4.http://www.bbc.com/news/technology-343112035.https://developer.apple.com/xcode/download
-
200
Bookworm
: 13 2558 : 13 2558 : Bookworm
: Intrusion
10 2558 Palo Alto Bookworm [1] (Key Logging) (Clipboard Grabbing) (Command and Control Server C2 Server)
11
-
CYBER THREATS 2015 201
Bookworm
1 Bookworm hybrid-analysis.com [2] Executable Flash Player Flash Player
10
Bookworm
Palo Alto Bookworm [1]
Smart Installer Maker Extract 2 Side-loaded DLLs Microsoft Malware Protection (MsMpEng.exe) Kaspersky Anti-Virus
-
202
2 Bookworm
(ushata.exe) MpSvc.dll ushata.dll (Decrypt file) readme.txt extract XOR Bookworm DLL KBLogger.dll (Key
logging) (Clipboard grabbing) DLL (Command and Control server C2 server) DLL
-
CYBER THREATS 2015 203
3 Bookworm C2 [2]
1.
%AllUsersProfile%\Application Data\Microsoft\Crypto\RSA\Ma-chineKeys\sgkey.data ( 4)
%AllUsersProfile%\Application Data\Microsoft\DeviceSync ( 5)
%appData%\Surge ( 6)
Bookworm (Indicator of Compromise)
-
204
4 sgkey.data Bookworm
5 DeviceSync Bookworm
6 Surge Bookworm
2.
-
CYBER THREATS 2015 205
Domain Name IP Address
bkmai[.].blogdns[.]com 50.21.181.152, 74.208.153.9, 87.106.253.18, 87.106.149.145, 87.106.20.192,
213.165.83.176
debain[.]servehttp[.]com 115.144.107.22
linuxdns[.]sytes[.]net 115.144.107.134
news[.]nhknews[.]hk 127.0.0.1
sswmail[.]gotdns[.]com 50.21.181.152, 74.208.153.9, 87.106.253.18, 87.106.149.145, 87.106.20.192,
213.165.83.176
sswwmail[.]gotdns[.]com 50.21.181.152, 74.208.153.9, 87.106.253.18, 87.106.149.145, 87.106.20.192,
213.165.83.176
sysnc[.]sytes[.]net 115.144.107.134
systeminfothai[.]gotdns[.]ch 115.144.107.134
thailandbbs[.]ddns[.]net 153.251.226.56
ubuntudns[.]sytes[.]net 115.144.107.22
web12[.]nhknews[.]hk 127.0.0.1
1 C2 Server ( 13 .. 2558)
1. 2.
1 C2 Server ( 13 .. 2558)
1.
2.
3. Bookworm Hash Palo Alto [1]
https://www.virustotal.com/en/file/ac5742bf871c-7cabf9415721d88f38834d-6f73bb-926479b338861ab398090f81/analysis/
https://www.virustotal.com/en/file/2b02460613d-888536b83ec-9e658e33e98cb8d8d89eb-811cf5528fed78cebd062/analysis/
-
206
1.http://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-modular-architecture/2.https://www.hybrid-analysis.com/sample/ac5742bf871c7cabf9415721d88f38834d6f73bb926479b338861ab398090f81?en-vironmentId=1
4.
5. (Block) 1
6. [email protected] 0 2123 1212
-
CYBER THREATS 2015 207
(CVE-2015-6125, MS15-127)
Microsoft Windows DNS
: 9 2558 : 9 2558 : Microsoft Windows DNS
(CVE-2015-6125, MS15-127)
: Intrusion
8 2558 Microsoft Windows DNS ( Remote Code Execution) Critical
(Remote Code Execution)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
12
-
208
1. https://technet.microsoft.com/en-us/library/security/ms15-127.aspx
Microsoft Windows Update [1]
-
CYBER THREATS 2015 209
-
210
-
CYBER THREATS 2015 211
-
212
Gmail, Outlook Yahoo
: : 12 2558 : 12 2558
Gmail, Outook Yahoo
1. 2 (2-step verifica-tion)
2 2 2 3
1. (Something you know)
2. (Something you have) ,
3. (Something you are) ,
2
1
-
CYBER THREATS 2015 213
Gmail, Outlook Yahoo
2 SMS
5.1, 5.2 5.3
2 , Outlook 2010, Thunder-bird 5.4, 5.5 5.6
2.
Trusted Device 2 5.7, 5.8 5.9
-
214
3.
Keylogger Keylogger
On-Screen Keyboard Keylogger On-Screen Keyboard Windows XP 1 On-Screen Keyboard
1 On Screen Keyboard 7
-
CYBER THREATS 2015 215
4.
( [1])
1. 8
2. -
3.
4.
5. 3
/
/
-
216
5.
5.1 2 Gmail
[2] 2 - 7
2 - 3 2
-
CYBER THREATS 2015 217
4 - 6 2 ()
-
218
7 2 ()
2
2 8 - 10
8 2
-
CYBER THREATS 2015 219
9 - 10 2 ()
-
220
2
2 Backup codes 11 - 14
11 - 12
-
CYBER THREATS 2015 221
5.2 2 Outlook
2 Outlook 15 - 23
13 - 14 ()
-
222
15 - 16 2 Outlook
-
CYBER THREATS 2015 223
17 - 20 2 Outlook ()
-
224
5.3 2 Yahoo
2 Yahoo 24 - 29
21 - 23 2 Outlook ()
-
CYBER THREATS 2015 225
24 - 27 2 Yahoo
-
226
5.4 Gmail
Gmail 2-Step Verification google !! [3]
5.5 Outlook
Outlook Manage advanced security setting ( 5 5.2 2 Outlook) 30 - 31
28 - 29 2 Yahoo ()
-
CYBER THREATS 2015 227
5.6 Yahoo
Yahoo 32 - 38
30 - 31 Outlook
-
228
32 - 35 Yahoo
-
CYBER THREATS 2015 229
36- 38 Yahoo ()
5.7 Gmail
Gmail
Security Checkup 39 - 44
-
230
39 - 40 Gmail
-
CYBER THREATS 2015 231
41 - 43 Gmail ()
-
232
44 Gmail ()
5.8 Outlook
Outlook
Microsoft Account [4] Security & Privacy 45 - 50
45 Outlook
-
CYBER THREATS 2015 233
46 - 47 Outlook ()
-
234
48 - 50 Outlook ()
-
CYBER THREATS 2015 235
5.9 Yahoo
Yahoo 51 - 60
51 - 52 Yahoo