Category : Spyware/Malware

Shopper Safety – Beware of Fake Apps and Wifi Hotspots

shopper

Now that holiday shopping is upon us, security researchers are handing out advice on how to protect yourself and your information from cyber hacking. More and more shoppers use their smartphones while they are shopping, to compare prices and deals at other stores or online. Reports by RiskIQ, an enterprise security firm, estimates that 30 percent of Cyber Monday and Black Friday shopping will be done on a mobile device.

Cyber criminals are well aware that shoppers are relying heavily on their smartphones this holiday season. Noticing that many consumers often connect to free wifi hotspots while shopping, hackers have taken to setting up fake wifi zones to entice people into connecting. Consumers may see a wifi network available named “Macysfreewifi” and connect without even second guessing – often times the store isn’t even in the mall! If you see a wifi network labeled with a store name that is nowhere nearby, do not connect. The same goes for wifi networks set up with the word “free”, often these are bogus as well. Hackers will also monitor communications over legitimate networks that are poorly secured and not properly configured, but this is a more difficult process than getting an unsuspecting shopper to connect to a malicious network.

Hackers are also known to repackage legitimate applications so that the fake application they create looks almost identical to the real thing, in the hopes you will choose theirs instead. Sometimes hackers will create a completely fake application from scratch, such as “Amazon Rewards” that does not exist in the official app stores. Many times these fake apps will promise rewards or points for downloading. The fake Amazon Rewards app was found to be a trojan, spread by using fake Amazon vouchers and a link to a fake website sent via SMS text messages. The fake app even accesses the user’s contacts to send the vouchers to more mobile phones without permission.

This is not the first fake application, and it most certainly will not be the last. RiskIQ found 1 million applications that have been blacklisted for using brand names in the title or description of the application to trick consumers. The only real way to avoid such applications is to go directly to official application stores such as Google Play and Apple App Store to download applications.

Things To Remember:

  • Download applications only from official app stores

  • Beware of apps that ask for permissions to contacts, text messages, stored password or credit card information

  • Question applications that have rave reviews, they are easy to forge

  • If you do not understand the warning on your device, do not click continue

  • Update your device to the most current operating system

  • Disconnect from the network if your phone begins to act up or crash

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.computerworld.com 

 

Windows 10 Vulnerability – Edge Browser users Safe

windows-10-cyber-threat-bug-558378

The vulnerability is called Strontium, found in Windows code. Google stumbled across the flaw, and wrote a blog post in late October stating the affects on Adobe’s Flash media player. Google’s policy concerning such critical vulnerabilities is to publish them actively seven days after Google has reported them to the software’s creator.

According to Google, the flaw exists in the Windows kernel and can be used as a “security sandbox escape”. Sandboxes are use in software in order to stop malicious or malfunctioning programs from reaching or otherwise damaging other parts of the machine.

Microsoft has acknowledged the flaw, but also criticized Google for releasing it before a fix was available, stating to a member of VentureBeat,

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” said a Microsoft spokesperson.  “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”

Microsoft Executive Vice President Terry Myerson, explained the vulnerability in more detail in his blog post on Tuesday. In order for the computer to be affected with the malware, it must first infiltrate Adobe;s Flash to gain control of the web browser. After which privileges are elevated in order to escape the browser’s sandbox. Finally the malware would be able to install a backdoor to provide access to the victim’s computer.

Those that are using Microsoft Edge browser are protected, as the browser prevents the installing of the backdoor. Everyone else is left to wait for the next available patch to solve the issue, which should be November 8th.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com 

 

Do this and not that – Mobile Malware

mobile-malware1

The three best practices to avoid mobile malware is to use an official app store, resist temptation to jailbreak your device, and keep updates current. Apple and Google app stores remain the most vigilant about mobile malware concerns. Google uses Verify Apps that runs in the background of modern Android systems to scan for spyware, ransomware, and fraudulent apps. The company also checks mobile apps that are submitted to the Google Play Store. Less than one out of every 10,000 devices that only downloads from the Google Play Store has a program in the malicious category.

Jailbreaking your device undermines much of the already pre-installed security on the phone. In addition to this, the ability to restrict applications from accessing personal data on the phone as well as validate applications is disabled. Basically, if you jailbreak your device you better have a pretty good understanding of technology, because you just became the sole provider of security for that device.

This may be a surprise to most, but vulnerabilities actually do not increase the likelihood on malware on mobile devices. Symantec’s Internet Security Threat Report released Apple iOS had nearly 8 times as many vulnerabilities as Android in 2014, but near all malware for that year were targeted at Android devices.

The reliance and increased functionality of mobile devices leads developers to push out updates and bug fixes as fast as possible. Users should pay attention to this and keep their applications and software updates current. Android users often wait to update because of the lengthy process involved, but the benefits usually out whey this inconvenience, especially considering Android devices are most susceptible for malware.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcworld.com 

Pegasus Spyware Detected – Upgrade to iOS 9.3.5 ASAP

Pegasus2Pegasus

Malware that spies on user phone calls and text messages, has been alleviated thanks to the latest iOS mobile operating system upgrade, and the wise proceedings of a human rights activist. Canadian cyber security research group, Citizen Lab, published a report that a human rights activist, Ahmed Mansoor, received a text message with a malicious malware link attached. Thankfully Mansoor was not tempted to click on the link.

Rather he passed the link to Citizen Lab where researchers identified the correlation between the link and the NSO Group, an Israeli company notorious for selling a government-exclusive spyware product, Pegasus, that is described as a “lawful intercept”. Most have dubbed this the most sophisticated spyware software detected and Apple, Android and Blackberry smartphone users are the target. The main difference between this malware and others is Pegasus’s ability to infect the powerhouse of the operating system, the kernel of the phone. This allows the software to intercept any conversation before encryption ever takes place, so encrypting such apps proves pointless against Pegasus. The link would have been capable of jail breaking the iPhone and installing surveillance software used to access the camera and microphone. Mansoor’s WhatsApp and Viber calls would have been especially vulnerable in addition to his GPS location services.

Citizen Lab wrote in its report that “[w]e are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign.”

Last Thursday Apple released the latest version of iOS 9.3.5, which I highly advise upgrading to if you have not already done so. The update improves how iOS devices access memory and adds a patch that prevents visits to maliciously crafted websites from remotely executing arbitrary code.

Phew.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com 

Cerber Ransomware – Business Model for Extortion

cerber ransomware

Cerber ransomware earned close to $200,000 in July alone, despite a payment rate of 0.3 percent (not even 1 percent!), due to its affiliate distribution model, according to Check Point Software technologies Ltd.and IntSights Cyber Intelligence.

If this rate were to continue, without increasing, that would mean a $2.3 million payout over the course of the year, said Maya Horowitz, group manager of threat intelligence at Check Point.

An affiliate model means that non-technical customers can run their own campaigns using the platform and still walk away with 60 percent of the profit. Customers receive access to management rools, Cerber’s Bitcoin laundering system, and of course, the Cerber ransomware. Horowitz reports that each day an average of eight new cerber ransomware campaigns are launched, adding to the over 150 affiliates.

Another “brand name” ransomware commonly seen today is Locky. Locky differs greatly from Cerber in that Locky is run by one solo team of threat artists, with all proceeds directly going to this team as they do not share their malware with any other parties. Cerber is acting as a business model, taking ransomware to a new level and allowing anyone to join in on the cyber crime cash cow. Not only does Cerber allow user to gain a 60 percent cut, but they also offer a 5 percent referral bonus for member that recruit. This is most certainly the future of malware, with more services to follow this model.

This is one of the first times that security researchers have been able to follow the trail. By extracting the unique Bitcoin wallet identifiers assigned to each victim, Check Point was able to follow the money trail to the central wallet, then to a network of other wallets that are apart of the Bitcoin mixing service, and then to the final destinations. Hundreds of thousands of wallets were followed, which allowed Check Point to actually see the payment rate of people who paid the Bitcoin ransom.

Surprising to most, the number was a very small 0.3 percent. In comparison to other ransomware reports, this percent is much lower. However, this number has been able to foster a hefty income.

 


 

To view the origin of this post, and to educate yourself in more detail, please visit : www.csoonline.com 

Why You Need to Deploy Encryption and How

encryption

Encryption is the transformation of data from plain text to ciphertext. In other words, basically taking data that is easy to read and placing it into a riddle that has no rhyme or pattern so that only those that know the riddle, can read your data. Still with me?

Encryption alone is not enough to guarantee the safety of your data. An endpoint protection software is necessary to monitor for malware, especially making sure you aren’t hit with ransomware which will most certainly blackmail you for the encryption key, bringing us back to square one. It is known however, that hackers don’t particularly like encrypted data, and are much less likely to continue along once they learn you’ve employed encryption throughout your business.

“The best reason to encrypt your data is that it lowers your value,” said Mike McCamon, President and CMO at SpiderOadk. “Even if [attackers] got in, all the data stored is encrypted. They’d have no way to do anything if they downloaded it.”

Passwords are a great start, but lets take it one step further. If an attacker were to get into your network they most likely can navigate around and find where all your passwords are kept, again back to square one. No point in a password if hackers can find it without breaking a sweat. Password encryption allows you to put an extra layer of protection on your passwords. Any password you use to log in to a portal, will be encrypted as soon as you press Enter. The password will be scrambled and saved on your company’s endpoint in the same matter explained above, a riddle so to speak. The only way to get past the encryption is to have the encryption key.

Protect the house, with database and server encryption. Anyone who can gain access to your network can see information in plain text. If the house of all your data is in plain text, that is a surefire road to disaster.

Secure Sockets Layer (SSL) Encryption  protects the transfer of data from the browser to the website. This will encrypt and protect the data employees and clients exchange via browsers to your company website. This is a safeguard against the interception of information as it is being transferred from the browser to the endpoint. However, once the data has reached your company server the information will be in plain text, and yet another encryption method should be used.

Email identity encryption provides employees with a complex key, known as a Pretty Good Privacy (PGP) key. This key is given to all email recipients, so that if and possibly when one of your clients receives an email without the decryption prompt, such as one claiming to be from your company’s CEO, the client knows to ignore the email.

Device Encryption is critical to the safety of your organisation. Device encryption should be required of all employees. IT management can significantly help in this process, and can also set up mobile device management software for all mobile devices. This will protect your employees and your business from avoidable and preventable vulnerability.

End-to-End and Zero-Knowledge Encryption is the most comprehensive form of encryption. Before your data can reach the end-point it is manipulated, jumbled, bamboozled – including all log ins, device passwords, application information, files. The only way to decipher the code and gain access to the information is with an encryption key that only your IT management company has, along with the software company that works to encrypt the data.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com

Undetected Hacker Group Spying Since 2011…

Russia

Strider hackers reference the all-seeing eye of Sauron in their ‘nation-state level’ malware, which has been used to steal files from organisations across the globe. Unknown hacker group, ‘Strider’, has just been discovered by cyber-security researchers at Symantec. Strider hackers are referencing the all-seeing eye of Sauron in the groups ‘nation-state level’ malware in use currently to steal files from organisations all over the world. Apparently the group has aimed their malware at those that would be of potential interest to a nation state’s intelligence services.  The Remsec malware is mainly targeting organisations in Russia, however the group has infected airline systems in China, an embassy in Belgium, and a large organisation in Sweden, who’s name could not be confirmed. The malware in use is designed to infect a system and open a backdoor where it logs keystrokes and steals files.

 

The malware has been in operation since October 2011, but avoided detection by the majority of antivirus systems for nearly five years. Only 36 infections have been reported in these five years, but the nature and capability of the malware in terms of stealth and detection is rather unsettling. Components that make up Remsec are built as “BLOBs”, which stands for Binary Large Object, collections of binary data which are often difficult for antivirus security software to detect. The malware is deployed across a network rather than stored on a disk, which makes it increasingly had to detect.

A deeper look in the modules of the malware found the modules are written in the Lua programming language. This embedded scripting language is used to perform various functions and processes. In the case of Remsec, these functions include key logging and the code that contains references to the all-seeing eye of Sauron from the Lord of the Rings. The use of Lua modules leads security researchers to believe that Strider may have connections to the Flamer hacking group, known for using this type of programming in it’s malware. Another lead could be the connection the the infamous Regin malware. One of the victims of the Remsec malware had also been the victim of Regin malware. That poor machine!

 

The nature of the malware, combined with the coding and programming, leads security researcher to believe that the Strider group are highly proficient technically in the development of malicious software, and very well could escalate to a nation-state level attacker.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

Ransomware – Never too late to negotiate

negotiate

Researchers claim that ransomware campaigns are usually willing to negotiate these days.

“Cybersecurity firm F-Secure released a new report, “Evaluating the Customer Journey of Crypto-Ransomware and the Paradox Behind It,” which claims that three out of four ransomware criminal gangs were willing to negotiate the ransom fee.” – Charlie Osborne, writer for ZDNet.

By creating a fake account, researchers were able to negotiate with hackers and even receive up to 30 percent “discounted” from their ransom. This changes what we already know about ransomware. Many times when ransomware takes hold, a deadline for payment is put into place, creating a sense of urgency and stress for the victim. Hackers want you to pay as quickly as possible, and often place a lingering threat of further file deletion if payment is not met in a timely fashion. F-secure states that this is not exactly true, and that ransomware deadlines are more flexible than the average victim is aware of. As proven to be true with the fake account, each cyber attacker contacted by fake victims offered deadline extensions for payment. Remember this is for payment, not for letting victims off without file deletion.

F-Secure believes hackers are interested in establishing trust between victim and hacker to ensure they receive payment in some form. Hackers don’t necessarily care about the files lost, but are willing to work with you, purely for payment purposes. Begging and pleading still won’t get you much more than that.

As always, taking steps to stay secure is the best practice to avoiding ransomware. Negotiating is now on the table, but the reward is small in comparison to avoiding the malware altogether.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com 

Webcam Malware aimed at company employees

aaaaayaaaaa

Attacks face many working employees as the newest form of malware has been aimed at webcams in the workplace. The new malware is used to record employee’s private moment sin order to extort information out of them later. Sounds like everyone’s worst nightmare. The malware is called Delilah, a sweet sounding name for something so morally compromising. Delilah is the world’s first insider threat Trojan. It allows operators to capture sensitive and compromising footage of victims, which is then used to pressure victims into leaking important company secrets. The malware is being delivered via multiple popular adult and gaming sites. Thus far it is not clear if any engineering or software vulnerabilities are the source of the installed malware. The bot comes with a social engineering plug in that connects to the webcam operations so you never know you are being filmed. The attackers are using encrypted channels to communicate with victims. The bot itself needs a high level of management from a human to know who to recruit, choosing who to scam effectively. The bot, once installed, seeks to gather as much personal information about the candidate as possible, in order to bully the victim into complying with attacker requests. This can span to family and friend information as well. At the moment, not much has been accomplished as to checking for the malware. All that is known is that the bot is still buggy, and that because of the number of screenshots it is taking, often makes the screen freeze momentarily.

As security researchers look into this type of malware, more preventative information should follow.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.zdnet.com

Mac Malware blocked if you fix this simple Setting

mac malware

In the last week two different types of OS X malware made their debut and it has Mac users biting their nails about the possibility of an unprotected Mac. Backdoor.MAC.Eleanor and OSX/Keydnap, the two newest Mac malware, are both blocked from execution if managed with the appropriate Mac settings.

As MacWorld points out to us, with some malware there is little that can be blamed on the user. The software that leverages vulnerabilities in the operating system to install without verification or that has the ability to mask itself as an application that it is really not, is usually to blame. But how easy is it to really spot this in the act? Most of us can’t, and have to rely on an operating system, or researchers  in order to find out about the malware and by that time who knows whats happening on the device.

The Backdoor.MAC.Eleanor is a Trojan horse distributed under the name EasyDoc Converter. Masking itself as a file converter application through reputable websites that offer Mac software, users think they are downloading valuable Mac software when really, they are in for a big surprise. This is the time when I advise you the user, to be careful when downloading software from sites that are not the direct developer. Nowadays many download sites package software inside of installers that also install adware or other unwanted apps. The OSX/Keydnap  malware vector distribution is unknown. We do know that it arrives in the form of a ZIP archive that has to be extracted, with the file inside double clicked.

OK the goods. Unsigned apps can only launch by either right-clicking the app after it is downloaded, selecting Open from the contextual menu, and agreeing to launch the app even though it is unsigned. OR If the Security & Privacy system preference pane’s General tab has Allow Apps Downloaded From set to Anywhere. This should be changed to Mac App Store and Identified Developers.  In the new macOS Sierra, this won’t be a problem as the Anywhere option has been removed for this very reason. Remember, Backdoor.MAC.Eleanor and OSX/Keydnap will be blocked if these settings are in place, so even if you mess up and don’t take any of my advice to heart, your Mac will still be safe.

 


 

If you would like to educate yourself in more detail about the information presented in this post, please visit : macworld.com