October was named European Month of Cyber Security and because of that, many events intended to raise cyber security awareness (such as Security Fest in Prague) were held during the 30 day period. Unfortunately, October has seen just as many new developments on the proverbial “dark side” of cyber security.
One of these was a widely followed theft of personal data (including credit card numbers) of up to four milion customers of a British telecommunication service provider TalkTalk. Russian hacker group has claimed responsibility for the attack, however the end of the month has seen arrest of a small number of young men in Great Britain in connection with the theft.
The Stagefright vulnerability in the Android operating system has seen a new development with the discovery of a new vulnerability dubbed Stagefright 2.0. The vulnerability is due to a fault in a code used for accessing multimedia files and enables a potential attacker to execute arbitrary code on the affected device. According to some sources, the vulnerability might affect up to one bilion devices. Google has already published a patch for Stagefright 2.0, however since an update can not be provided for all Android-based devices, the vulnerability might provide to be an interesting vector of attack in the future.
A good final topic for “Looking back” dedicated to European Cyber Security Month might be the discovery of a new “malware” named Linux.Wifatch. It spreads by usual network vectors to vulnerable devices running Linux operating system and changes their configuration in a way which makes them harder for other malware to attack. The interesting point is that Wifatch performed no malicious actions on infected devices, as is documented by an interview with its authors.