New vulnerabilitites Trend Report: “Companies keep making life easier to attackers”

Friday, January 29, 2016

You can now download the “New 2014-2015 Vulnerability Trend Report” by ElevenPaths' Analyst Team. This vulnerability trend report analyses the data of over 100 companies, thus representing the main activity sectors and geographical regions for the period 2014-2015.

The report shows the critical points which the companies must focus on in order to improve their security level. The 85% of the results obtained correspond to 5 specific vulnerabilities, shown below:

Information Management Errors and Leakages on Metadata
These errors appear when organizations perform an inadequate information management turning their private data public. Below it is shown our conclusions after the analysis of this data:

  • Lack of awareness regarding the risks and issues in this sense. The cybercriminals plan their attacks based on an initial phase which identifies the target where the information can be obtained in order to arrange the subsequent actions.
  • The human factor is still being used by the attackers as an entry point, thereby performing targeted-phishing campaigns, resulting from information leakages on metadata.

Configuration error
The 78,56% of the vulnerabilities detected show that the majority of the failures are found on the system and application configuration itself. The origin of most vulnerabilities analyzed does not come from existent vulnerabilities resulting from code failures by the developers, but the performance of bad practices carried out by the system and application administrators during the configuration phase.

Code injections, XSS and Cryptographic Issues
The vulnerabilities caused by the Improper input validation (code injections, XSS among others) and Cryptographic issues are well known in the security world and have been widely broadcasted by the mass media.

The analysis performed on the results obtained demonstrate yet again that these type of errors still remain a high risk security problem for organizations.

You may also be interested on:

New Whitepaper "Scope, scale and risk like never before: Securing the Internet of Things" by Telefónica and ElevenPaths Analyst Team

Thursday, January 28, 2016

This week we are launching both in London and Madrid, in a round table with security analysts and journalists, our new Whitepaper "Scope, scale and risk like never before: Securing the Internet of Things" carried out by Telefónica and ElevenPaths' Analyst team. This whitepaper has been written by professionals in the security field with the expertise level of Chema Alonso (ElevenPaths CEO), Antonio Guzmán (ElevenPaths Scientific Director), Andrey Nikishin (Kaspersky Lab), John Moor (IoT Security Foundation), Jaime Sanz (Intel Iberia), Luis Muñoz (University of Cantabria), Belisario Contreras (CICTE) y Bertrand Ramé (SIGFOX).

» It's available at ElevenPaths web.

We live in a hyperconnected world, where millions of devices join the IoT, our challenge is to provide innovative security solutions that easily respond to current circumstances and priorities. This context of insecurity has encouraged Telefónica and the ElevenPaths' Analyst Team to do an investigation on those subjects and in more depth about the scope, scale & risk of the Internet of Things.

Some details about the report:
  • IoT devices in corporate environments such as printers, camera, VoIP phones or network systems are the new jigsaw for the IT departments, and obviously provide cybercriminals a new way to access corporations’ networks.
  • It is mandatory to establish new measures to secure the network and the IT infrastructure, and in the long term, standardize these protection measures delivering an end to end security.
  • When these days everybody is talking about insecurity in the IoT, from ElevenPaths we propose answers and challenges to achieve a secure deployment of your IoT solutions.

» Download Press Release

More information at

New report: Financial CyberThreats Q4 2015

Sunday, January 17, 2016

You can now download the full report about Financial CyberThreats (Q4 2015) carried out by Kaspersky’s Global Research & Analysis Team (GReAT) & ElevenPaths' Analyst Team. It`s available at ElevenPaths web.

This report analyzes the current trends related to financial phishing and banking malware, including attacks on mobile devices, POS (Point of Sales) systems and ATMs. It is mainly based on statistics and data from KSN (Kaspersky Security Network) although reliable information from other sources may also be referenced. The timeframe for this analysis contains data obtained during the period from October 1st, 2015 to January 1st, 2016.

A group of 14 countries are on the receiving end of 88.42% of all phishing attacks. The remaining 11.58% is distributed among 167 different countries. Mexico, United States and Brazil accounts suppose almost half of the worldwide detected attacks, followed by Germany and Canada.

Figure 1. Percentage of total phishing attacks – Distribution by country in Q4 2015.

Mexico have shown the biggest percentage of phishing attacks of the entire year, even surpassing the percentage from Germany in the last period which was the most attacked country at that moment. New Zealand was the country that suffered more phishing attacks per user over the course of Q3 2015 and now has been displaced by Mexico which shows an alarming increase of users affected by phishing.

Figure 2. Percentage of users affected by phishing – World.

Phishing messages targeting the financial sector (banks, payment systems and online shops) accounted for 43.38% in this period, an increase of 13.19 % compared with the data analyzed in Q3 2015. In the online payment sector, PayPal, Visa, American Express and MasterCard continue to be by far the most targeted entities, just as in 2013 and 2014.

Regarding e-commerce targeted by phishing attacks, during the first months of 2015 one of the most remarkable trends was the big increase of attacks against Steam (on-line game distributor and social networking platform developed by Valve Corporation) users. Although the numbers for Q3 showed a decrease in such attacks, during this last period it has suffered an astonishing increase, from 17.59% in the past period to 41.79% in Q4 2015. A logical explanation for this increase could be the Christmas season and the raise of activity in the online gaming world, from the increase in purchases to the growth in the number of players interacting with Steam.

Banking malware
The number of infections of the Zeus Trojan and its variants keeps decreasing for the third period in a row during this year.

Although the Dyre Trojan decreases its percentage (representing the 19.21% of all the infections performed by banking Trojans in Q4) it keeps being the lead actor in the banking malware area.

Figure 3. Banking malware global distribution by families in Q4 2015.

During this year several new families of Point of Sale Malware have appeared: LogPOS, Punkey, FighterPOS, BernhardPOS, GamaPOS, ModPOS and so on until the approximately number of 26 known malware families included in this category (our heuristic engine identifies several samples with similar functionality that do not belong to any given family).

Figure 4. Geographical distribution. Generic POS verdict (Trojan-Spy.Win32.POS) | Q4 2015.

Mobile malware
Continuing the trend observed during the last few years Android has been the most affected platform in this period too. The platform is targeted by 99.78% of all samples detected on any mobile platform. At the end of 2014 this figure was 99.41%.

Figure 5. Mobile banking trojans geographic distribution.

Russian Federation alone takes the 86.50% of infected users, followed distantly by the rest of countries. Germany, Italy, France, Poland and Austria are the most infected European countries.

The deadline for our Latch and Sinfonier contests has been extended!

Friday, January 15, 2016

Latch Plugins Contest 2015 
Are you aware of the second edition of Latch Plugins Contest? Submit your Latch plugins before February 15h! As a developer or intelligence analysts, do what you do best and get paid for it! We extended our Latch Plugins Contest deadline! The winners will be notified by e-mail within the next 14 days after the close of the contest. You have a period of 10 days to accept the prize.

Sinfonier Community Contest 2015

The Sinfonier Community Contest will award best sets of 10 modules or topologies developed for the Sinfonier Project Community. Innovative, interesting and useful modules and topologies for Smart Cities, Digital Economy and Digital Identities environments. Submit your Sinfonier modules or topologies! You can do it until the 15th of February at 1:00 pm (Central European Time), hurry up!

Good luck!