Tor traffic increased by 350 percent over the third quarter, a new report said.
Although surging Tor usage may be attributable to anti-NSA surveillance activities, it is also possible the August and September surge in Tor activity also came from a new variant of the Mevade malware family, according to the Solutionary Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q3 2013.
Designed to use the Tor network to hide command and control servers, the developers end up deploying harder-to-detect malware.
Other findings include:
• Hacktivist campaigns continued to compromise and deface the websites of Israel- and European Union-based organizations.
• Phishing emails continued to be successful attack vectors, with attackers using them to launch APT campaigns.
• There has been an uptick in anomalous ICMP traffic outside the realm of normal activity based on the structure and frequency of packets.
The hacktivist campaigns OpUSA and OpIsraelReborn continued to compromise and deface Israel- and European Union-based organizations’ websites; the primary attack vectors consisted of spear phishing, Domain Name System (DNS) registry tampering, SQL injection, Cross-Site Scripting (XSS) and Distributed Denial of Service (DDoS) attacks, the report said.
Spear phishing attacks identified by SERT found users still fall victim to phishing attacks despite the existence of anti-phishing awareness programs within organizations. While tactics and techniques have evolved over the years, this specific attack vector has maintained a very high success rate.
The report found a noticeable increase in ICMP traffic targeting monitored devices in the U.S. and Europe. While ICMP is for diagnostic and control purposes and it occurs in normal traffic, SERT identified traffic that is outside the realm of normal activity based on the structure and frequency of the packets. One such payload shared commonalities with the worm Nachi.
For more details, click here to register to download the report.