Tuesday, May 20, 2014

Blackshade: What does it mean for you

A new cyber security story has hit the news this week: Blackshade. The FBI put out a notification about it, so it's likely to get some play in the media. But what is Blackshade and what does it mean for you?

What is it?

Blackshade is a RAT (Remote Access Trojan). If you've ever had a tech support technician or friend remote control your computer this is the same idea, but without the positive intentions. It gives an attacker remote access to your computer and thus potentially access to the things you do with your computer such as social media, web cam usage, files, and email.

Why should you care?

Do you remember the Miss Teen USA incident where a teenager was blackmailing Miss Teen USA with compromising photos? Those were taken with very similar technology. Having someone with remote access to your computer is always concerning. Especially if you tend to leave your social media logged in or do banking from your personal computer.

Who is at risk?

Blackshades is a little different than most of the cyber security news events we've seen lately. It's not a terribly sophisticated attack, and it's not really aimed at stealing c from companies. It's more aimed at an interpersonal level, like the teenager who took pictures of Miss Teen USA.

Brian Krebs had a very interesting quote:
In short, Blackshades was a tool created and marketed principally for buyers who wouldn’t know how to hack their way out of a paper bag.
All of this means that Blackshades (and RATs in general) are more of a risk to individuals than they are to businesses. Since this is more of a risk to you than your credit card company, you should pay extra attention.

What should you do?

If you are a company, the best thing to do is to search your web proxy's logs for any activity to the known Blackshades domains, which are available in the Flash Announcement. You should also check if any domains associated with your company are in there, just in case your infrastructure was used to spread the RAT.

If you are an individual, there are a couple steps you should take.

  • If you are concerned, but don't have time to check if your computer is infected take some precautionary steps like
    1. Cover up your webcam with a post it (prevents someone from taking pictures of you)
    2. Log out of any social media, email, or IM accounts (to prevent them being used to spread Blackshades)
    3. Don't do any banking on your computer
    4. Backup any important files (school papers, financial documents, etc) to prevent them from being deleted or tampered with
    5. Leave your computer off if possible (an attacker can't hurt what's not turned on)
  • Generally good advice, never click on links that look suspicious (especially if they are from a boy between the ages of 13 and 24). Even if you trust the person that sent it to you, if it's a link with no context or explanation, make sure they meant to send it before you click on it.