Law enforcement has dismantled the Andromeda malware family, which has been infecting computers since 2011. With the help of partners—including the FBI, Microsoft, and others—Europol intercepted the internet traffic between Andromeda-infected computers and the command servers to which the malware was communicating. All that traffic was then “sinkholed” and redirected to servers under the investigators’ control, giving law enforcement a detailed view of the malware’s activities. “According to Microsoft, during 48 hours of sinkholing, approximately 2 million unique Andromeda victim IP addresses from 223 countries were captured,” Europol said.
Andromeda infections happened through attachments from spam email campaigns, tainted downloads from bootleg media websites, and through exploit kits running over hacked websites, according to security firm Avast. Once a computer was infected, Andromeda also acted as a keylogger or a form grabber to steal user IDs and passwords. In addition, it could remotely take control over a PC.
“Andromeda was also sometimes used to download up to 80 other malware families onto infected victim computers,” according to The Shadowserver Foundation, a group of security experts that also helped dismantle the Andromeda botnet.
The main targets of the malware include North America, Asia, and Romania, among others.
Security firm ESET has a free tool that anyone can use to check if they have Andromeda (also known as Wauchos) secretly running on their computer. Systems found infected with Andromeda tend to contain other malware, according to security researchers.
ESET also noted that Andromeda was sold to cyber criminals in underground internet forums. “There is always a possibility that someone will reuse the Andromeda kit to build a new botnet,” the company said in an email.
For the original content, please visit:
On average, organizations take about 200 days to identify new ransomware threats. In combination with aging hardware, out of date software, poor network monitoring, and lack of professional IT assistance, this makes for quite the mess.
Hackers are less likely to attempt an attack against an automatically patched software or newly issued hardware. The reason being that vulnerabilities are lower and exploits for newly issued hardware most likely have not been found yet, or are already patched. Those that are behind in refreshing their technology are an easy target for attack.
Here are 5 best practices to follow to secure your network and avoid ransomware attacks.
Improve Network Hygiene – Automatic deployment of patches and updates, replace old or out of date firewalls, IPS, as well as ensure you are using a quality email spam filtering service to protect against phishing and malicious links and sites.
Defend Strategically rather than Haphazardly – It is recommended that organizations employ security as a big picture solution rather than single use. Integrated security is the best defense for networks as it reduces backdoor vulnerabilities and holes that might be exploited.
Reduce Detection Time – It would be ideal if your organization had the tools and professional aid to recognize an attack as soon as it occurred. But most organizations find themselves in the dark for weeks before an attack is detected. By measuring the time to detection, you vet that the systems in place are capable or not capable of delivering the fastest detection time. This ensures that your organization can respond to threats in real time, and prevent further attack.
Protect Users No Matter the Location – Ensure that you are protecting your users while they are on the company network and when they are not. Good password manager software and VPN tunnels are key to keeping to a good security practice. It is also important that you communicate with your users the importance of cyber security and illustrate good habits.
Routinely Test Backups – Confirm that your backups are healthy and current. Test that they are free from compromise. If you are hacked, you will want to have backups that are ready to go.
If you are interested in reading the original article, or would like to educate yourself in more detail about the information presented in this blog post, please visit: https://newsroom.cisco.com
New Android Trojan virus reported by Kaspersky Lab, that goes by the name, Switcher.
Switcher Trojan infects wifi routers through an infected Android, where an attacker can then reroute other users on the network to malicious sites. This is through brute force attacks against the admin interface of the router – using a predetermined list of password/login combos. The DNS servers are then replaced with both an active and backup server of the hacker. This allows for a multitude of potential infections, since every DNS query is directed to a network controlled by the attacker.
Kaspersky Lab researchers explained that “the ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system … the approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.” – www.techgenix.com
Attacks primarily in china and proven track record predicts that the attacks will certainly spread across locations. This is the first Android malware that has been used to attack routers in this manner.
At the moment it is advised that admins and users alike should be on the look out for the following rogue DNS servers:
“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on,” says Kaspersky Lab cybersecurity researcher Nikita Buchka. – www.zdnet.com
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.techgenix.com
Now that holiday shopping is upon us, security researchers are handing out advice on how to protect yourself and your information from cyber hacking. More and more shoppers use their smartphones while they are shopping, to compare prices and deals at other stores or online. Reports by RiskIQ, an enterprise security firm, estimates that 30 percent of Cyber Monday and Black Friday shopping will be done on a mobile device.
Cyber criminals are well aware that shoppers are relying heavily on their smartphones this holiday season. Noticing that many consumers often connect to free wifi hotspots while shopping, hackers have taken to setting up fake wifi zones to entice people into connecting. Consumers may see a wifi network available named “Macysfreewifi” and connect without even second guessing – often times the store isn’t even in the mall! If you see a wifi network labeled with a store name that is nowhere nearby, do not connect. The same goes for wifi networks set up with the word “free”, often these are bogus as well. Hackers will also monitor communications over legitimate networks that are poorly secured and not properly configured, but this is a more difficult process than getting an unsuspecting shopper to connect to a malicious network.
Hackers are also known to repackage legitimate applications so that the fake application they create looks almost identical to the real thing, in the hopes you will choose theirs instead. Sometimes hackers will create a completely fake application from scratch, such as “Amazon Rewards” that does not exist in the official app stores. Many times these fake apps will promise rewards or points for downloading. The fake Amazon Rewards app was found to be a trojan, spread by using fake Amazon vouchers and a link to a fake website sent via SMS text messages. The fake app even accesses the user’s contacts to send the vouchers to more mobile phones without permission.
This is not the first fake application, and it most certainly will not be the last. RiskIQ found 1 million applications that have been blacklisted for using brand names in the title or description of the application to trick consumers. The only real way to avoid such applications is to go directly to official application stores such as Google Play and Apple App Store to download applications.
Things To Remember:
Download applications only from official app stores
Beware of apps that ask for permissions to contacts, text messages, stored password or credit card information
Question applications that have rave reviews, they are easy to forge
If you do not understand the warning on your device, do not click continue
Update your device to the most current operating system
Disconnect from the network if your phone begins to act up or crash
If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.computerworld.com
The vulnerability is called Strontium, found in Windows code. Google stumbled across the flaw, and wrote a blog post in late October stating the affects on Adobe’s Flash media player. Google’s policy concerning such critical vulnerabilities is to publish them actively seven days after Google has reported them to the software’s creator.
According to Google, the flaw exists in the Windows kernel and can be used as a “security sandbox escape”. Sandboxes are use in software in order to stop malicious or malfunctioning programs from reaching or otherwise damaging other parts of the machine.
Microsoft has acknowledged the flaw, but also criticized Google for releasing it before a fix was available, stating to a member of VentureBeat,
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” said a Microsoft spokesperson. “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”
Microsoft Executive Vice President Terry Myerson, explained the vulnerability in more detail in his blog post on Tuesday. In order for the computer to be affected with the malware, it must first infiltrate Adobe;s Flash to gain control of the web browser. After which privileges are elevated in order to escape the browser’s sandbox. Finally the malware would be able to install a backdoor to provide access to the victim’s computer.
Those that are using Microsoft Edge browser are protected, as the browser prevents the installing of the backdoor. Everyone else is left to wait for the next available patch to solve the issue, which should be November 8th.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com
The three best practices to avoid mobile malware is to use an official app store, resist temptation to jailbreak your device, and keep updates current. Apple and Google app stores remain the most vigilant about mobile malware concerns. Google uses Verify Apps that runs in the background of modern Android systems to scan for spyware, ransomware, and fraudulent apps. The company also checks mobile apps that are submitted to the Google Play Store. Less than one out of every 10,000 devices that only downloads from the Google Play Store has a program in the malicious category.
Jailbreaking your device undermines much of the already pre-installed security on the phone. In addition to this, the ability to restrict applications from accessing personal data on the phone as well as validate applications is disabled. Basically, if you jailbreak your device you better have a pretty good understanding of technology, because you just became the sole provider of security for that device.
This may be a surprise to most, but vulnerabilities actually do not increase the likelihood on malware on mobile devices. Symantec’s Internet Security Threat Report released Apple iOS had nearly 8 times as many vulnerabilities as Android in 2014, but near all malware for that year were targeted at Android devices.
The reliance and increased functionality of mobile devices leads developers to push out updates and bug fixes as fast as possible. Users should pay attention to this and keep their applications and software updates current. Android users often wait to update because of the lengthy process involved, but the benefits usually out whey this inconvenience, especially considering Android devices are most susceptible for malware.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcworld.com
Cerber ransomware earned close to $200,000 in July alone, despite a payment rate of 0.3 percent (not even 1 percent!), due to its affiliate distribution model, according to Check Point Software technologies Ltd.and IntSights Cyber Intelligence.
If this rate were to continue, without increasing, that would mean a $2.3 million payout over the course of the year, said Maya Horowitz, group manager of threat intelligence at Check Point.
An affiliate model means that non-technical customers can run their own campaigns using the platform and still walk away with 60 percent of the profit. Customers receive access to management rools, Cerber’s Bitcoin laundering system, and of course, the Cerber ransomware. Horowitz reports that each day an average of eight new cerber ransomware campaigns are launched, adding to the over 150 affiliates.
Another “brand name” ransomware commonly seen today is Locky. Locky differs greatly from Cerber in that Locky is run by one solo team of threat artists, with all proceeds directly going to this team as they do not share their malware with any other parties. Cerber is acting as a business model, taking ransomware to a new level and allowing anyone to join in on the cyber crime cash cow. Not only does Cerber allow user to gain a 60 percent cut, but they also offer a 5 percent referral bonus for member that recruit. This is most certainly the future of malware, with more services to follow this model.
This is one of the first times that security researchers have been able to follow the trail. By extracting the unique Bitcoin wallet identifiers assigned to each victim, Check Point was able to follow the money trail to the central wallet, then to a network of other wallets that are apart of the Bitcoin mixing service, and then to the final destinations. Hundreds of thousands of wallets were followed, which allowed Check Point to actually see the payment rate of people who paid the Bitcoin ransom.
Surprising to most, the number was a very small 0.3 percent. In comparison to other ransomware reports, this percent is much lower. However, this number has been able to foster a hefty income.
To view the origin of this post, and to educate yourself in more detail, please visit : www.csoonline.com
Encryption is the transformation of data from plain text to ciphertext. In other words, basically taking data that is easy to read and placing it into a riddle that has no rhyme or pattern so that only those that know the riddle, can read your data. Still with me?
Encryption alone is not enough to guarantee the safety of your data. An endpoint protection software is necessary to monitor for malware, especially making sure you aren’t hit with ransomware which will most certainly blackmail you for the encryption key, bringing us back to square one. It is known however, that hackers don’t particularly like encrypted data, and are much less likely to continue along once they learn you’ve employed encryption throughout your business.
“The best reason to encrypt your data is that it lowers your value,” said Mike McCamon, President and CMO at SpiderOadk. “Even if [attackers] got in, all the data stored is encrypted. They’d have no way to do anything if they downloaded it.”
Passwords are a great start, but lets take it one step further. If an attacker were to get into your network they most likely can navigate around and find where all your passwords are kept, again back to square one. No point in a password if hackers can find it without breaking a sweat. Password encryption allows you to put an extra layer of protection on your passwords. Any password you use to log in to a portal, will be encrypted as soon as you press Enter. The password will be scrambled and saved on your company’s endpoint in the same matter explained above, a riddle so to speak. The only way to get past the encryption is to have the encryption key.
Protect the house, with database and server encryption. Anyone who can gain access to your network can see information in plain text. If the house of all your data is in plain text, that is a surefire road to disaster.
Secure Sockets Layer (SSL) Encryption protects the transfer of data from the browser to the website. This will encrypt and protect the data employees and clients exchange via browsers to your company website. This is a safeguard against the interception of information as it is being transferred from the browser to the endpoint. However, once the data has reached your company server the information will be in plain text, and yet another encryption method should be used.
Email identity encryption provides employees with a complex key, known as a Pretty Good Privacy (PGP) key. This key is given to all email recipients, so that if and possibly when one of your clients receives an email without the decryption prompt, such as one claiming to be from your company’s CEO, the client knows to ignore the email.
Device Encryption is critical to the safety of your organisation. Device encryption should be required of all employees. IT management can significantly help in this process, and can also set up mobile device management software for all mobile devices. This will protect your employees and your business from avoidable and preventable vulnerability.
End-to-End and Zero-Knowledge Encryption is the most comprehensive form of encryption. Before your data can reach the end-point it is manipulated, jumbled, bamboozled – including all log ins, device passwords, application information, files. The only way to decipher the code and gain access to the information is with an encryption key that only your IT management company has, along with the software company that works to encrypt the data.
If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com