Tag : malware

Blasted by Phishing Calendar Invitations

calendar

Have you been getting random calendar invitations from unfamiliar sources about events you have never heard of before? It seems we are not the only ones. Most of the calendar invitations seem to be coming from email accounts from other countries, promising deals on brand name products such as Ray-Bans.

This is just another type of phishing scam. Do not accept or decline calendar invitations from unknown senders. If possible, try not to open the invitation at all, and if you do open the invitation, do not click any links that may be attached. From what we know about email phishing and malware, this is most likely an attempt at retrieving personal information from your device.

Apple is in the process of blocking the suspicious email addresses and hopefully putting a quick end to the unknown invitations. In the meantime, you can do a few things to protect yourself. Firstly, do not decline the invitations, this only alerts the sender of an active email account, and will most likely lead to even more invitations. Go into your calendar settings and change invitations to be sent via email rather than device iPhone notifications. Finally you can create a junk calendar, purely for these spam invitations. These are temporary alternatives while we wait for Apple to block the email addresses and secure the problem. If you would like to create an alternative calendar for these invitations, which is the best way to protect yourself at the moment, click here.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.mashable.com

 

Windows 10 Vulnerability – Edge Browser users Safe

windows-10-cyber-threat-bug-558378

The vulnerability is called Strontium, found in Windows code. Google stumbled across the flaw, and wrote a blog post in late October stating the affects on Adobe’s Flash media player. Google’s policy concerning such critical vulnerabilities is to publish them actively seven days after Google has reported them to the software’s creator.

According to Google, the flaw exists in the Windows kernel and can be used as a “security sandbox escape”. Sandboxes are use in software in order to stop malicious or malfunctioning programs from reaching or otherwise damaging other parts of the machine.

Microsoft has acknowledged the flaw, but also criticized Google for releasing it before a fix was available, stating to a member of VentureBeat,

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” said a Microsoft spokesperson.  “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”

Microsoft Executive Vice President Terry Myerson, explained the vulnerability in more detail in his blog post on Tuesday. In order for the computer to be affected with the malware, it must first infiltrate Adobe;s Flash to gain control of the web browser. After which privileges are elevated in order to escape the browser’s sandbox. Finally the malware would be able to install a backdoor to provide access to the victim’s computer.

Those that are using Microsoft Edge browser are protected, as the browser prevents the installing of the backdoor. Everyone else is left to wait for the next available patch to solve the issue, which should be November 8th.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com 

 

Do this and not that – Mobile Malware

mobile-malware1

The three best practices to avoid mobile malware is to use an official app store, resist temptation to jailbreak your device, and keep updates current. Apple and Google app stores remain the most vigilant about mobile malware concerns. Google uses Verify Apps that runs in the background of modern Android systems to scan for spyware, ransomware, and fraudulent apps. The company also checks mobile apps that are submitted to the Google Play Store. Less than one out of every 10,000 devices that only downloads from the Google Play Store has a program in the malicious category.

Jailbreaking your device undermines much of the already pre-installed security on the phone. In addition to this, the ability to restrict applications from accessing personal data on the phone as well as validate applications is disabled. Basically, if you jailbreak your device you better have a pretty good understanding of technology, because you just became the sole provider of security for that device.

This may be a surprise to most, but vulnerabilities actually do not increase the likelihood on malware on mobile devices. Symantec’s Internet Security Threat Report released Apple iOS had nearly 8 times as many vulnerabilities as Android in 2014, but near all malware for that year were targeted at Android devices.

The reliance and increased functionality of mobile devices leads developers to push out updates and bug fixes as fast as possible. Users should pay attention to this and keep their applications and software updates current. Android users often wait to update because of the lengthy process involved, but the benefits usually out whey this inconvenience, especially considering Android devices are most susceptible for malware.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcworld.com 

Pegasus Spyware Detected – Upgrade to iOS 9.3.5 ASAP

Pegasus2Pegasus

Malware that spies on user phone calls and text messages, has been alleviated thanks to the latest iOS mobile operating system upgrade, and the wise proceedings of a human rights activist. Canadian cyber security research group, Citizen Lab, published a report that a human rights activist, Ahmed Mansoor, received a text message with a malicious malware link attached. Thankfully Mansoor was not tempted to click on the link.

Rather he passed the link to Citizen Lab where researchers identified the correlation between the link and the NSO Group, an Israeli company notorious for selling a government-exclusive spyware product, Pegasus, that is described as a “lawful intercept”. Most have dubbed this the most sophisticated spyware software detected and Apple, Android and Blackberry smartphone users are the target. The main difference between this malware and others is Pegasus’s ability to infect the powerhouse of the operating system, the kernel of the phone. This allows the software to intercept any conversation before encryption ever takes place, so encrypting such apps proves pointless against Pegasus. The link would have been capable of jail breaking the iPhone and installing surveillance software used to access the camera and microphone. Mansoor’s WhatsApp and Viber calls would have been especially vulnerable in addition to his GPS location services.

Citizen Lab wrote in its report that “[w]e are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign.”

Last Thursday Apple released the latest version of iOS 9.3.5, which I highly advise upgrading to if you have not already done so. The update improves how iOS devices access memory and adds a patch that prevents visits to maliciously crafted websites from remotely executing arbitrary code.

Phew.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com 

Cerber Ransomware – Business Model for Extortion

cerber ransomware

Cerber ransomware earned close to $200,000 in July alone, despite a payment rate of 0.3 percent (not even 1 percent!), due to its affiliate distribution model, according to Check Point Software technologies Ltd.and IntSights Cyber Intelligence.

If this rate were to continue, without increasing, that would mean a $2.3 million payout over the course of the year, said Maya Horowitz, group manager of threat intelligence at Check Point.

An affiliate model means that non-technical customers can run their own campaigns using the platform and still walk away with 60 percent of the profit. Customers receive access to management rools, Cerber’s Bitcoin laundering system, and of course, the Cerber ransomware. Horowitz reports that each day an average of eight new cerber ransomware campaigns are launched, adding to the over 150 affiliates.

Another “brand name” ransomware commonly seen today is Locky. Locky differs greatly from Cerber in that Locky is run by one solo team of threat artists, with all proceeds directly going to this team as they do not share their malware with any other parties. Cerber is acting as a business model, taking ransomware to a new level and allowing anyone to join in on the cyber crime cash cow. Not only does Cerber allow user to gain a 60 percent cut, but they also offer a 5 percent referral bonus for member that recruit. This is most certainly the future of malware, with more services to follow this model.

This is one of the first times that security researchers have been able to follow the trail. By extracting the unique Bitcoin wallet identifiers assigned to each victim, Check Point was able to follow the money trail to the central wallet, then to a network of other wallets that are apart of the Bitcoin mixing service, and then to the final destinations. Hundreds of thousands of wallets were followed, which allowed Check Point to actually see the payment rate of people who paid the Bitcoin ransom.

Surprising to most, the number was a very small 0.3 percent. In comparison to other ransomware reports, this percent is much lower. However, this number has been able to foster a hefty income.

 


 

To view the origin of this post, and to educate yourself in more detail, please visit : www.csoonline.com 

Undetected Hacker Group Spying Since 2011…

Russia

Strider hackers reference the all-seeing eye of Sauron in their ‘nation-state level’ malware, which has been used to steal files from organisations across the globe. Unknown hacker group, ‘Strider’, has just been discovered by cyber-security researchers at Symantec. Strider hackers are referencing the all-seeing eye of Sauron in the groups ‘nation-state level’ malware in use currently to steal files from organisations all over the world. Apparently the group has aimed their malware at those that would be of potential interest to a nation state’s intelligence services.  The Remsec malware is mainly targeting organisations in Russia, however the group has infected airline systems in China, an embassy in Belgium, and a large organisation in Sweden, who’s name could not be confirmed. The malware in use is designed to infect a system and open a backdoor where it logs keystrokes and steals files.

 

The malware has been in operation since October 2011, but avoided detection by the majority of antivirus systems for nearly five years. Only 36 infections have been reported in these five years, but the nature and capability of the malware in terms of stealth and detection is rather unsettling. Components that make up Remsec are built as “BLOBs”, which stands for Binary Large Object, collections of binary data which are often difficult for antivirus security software to detect. The malware is deployed across a network rather than stored on a disk, which makes it increasingly had to detect.

A deeper look in the modules of the malware found the modules are written in the Lua programming language. This embedded scripting language is used to perform various functions and processes. In the case of Remsec, these functions include key logging and the code that contains references to the all-seeing eye of Sauron from the Lord of the Rings. The use of Lua modules leads security researchers to believe that Strider may have connections to the Flamer hacking group, known for using this type of programming in it’s malware. Another lead could be the connection the the infamous Regin malware. One of the victims of the Remsec malware had also been the victim of Regin malware. That poor machine!

 

The nature of the malware, combined with the coding and programming, leads security researcher to believe that the Strider group are highly proficient technically in the development of malicious software, and very well could escalate to a nation-state level attacker.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

Do you understand the importance of cyber security?

cybersecurity-professionals-top-complaints

 

 

It is extremely important that you as the user understand why in the heck you should be concerned about the security of your device. Sure you may have heard about the tons of malware out there or the ransomware stealing millions from large corporations, but it is easy to disregard such headlines as a user. “What would anyone want with my computer?” proves to be the usual user mindset. It really does pay to be conscious however, and proactive none the less. Malware, and ransomware, a type of malware, is designed by cyber criminals with boatloads of knowledge as to how to steal your information, passwords, bank account numbers, log-ins, sensitive data and of course, your money. The general tactic appears in the form of downloaded malware or ransomware, unsuspecting to the user, waiting idly by until the person on the other side decides to take a dig into your life. Like the monster under your bed, but worse.

Malware  is something to worry about because for one, it is used to indefinitely steal your data and these days..your money. Not to mention the fact that if you happen to lose to cyber theft, not much can be done to help your case. Most cyber criminals operate in foreign countries outside U.S. legal jurisdiction, and to be honest even if they were, you still wouldn’t get your money back. It’s just not the way it works.

Don’t be a victim.

Ask anyone and they will tell you the quickest way to get hacked is by lack of updates for commonly hacked programs, basically leaving your doors unlocked and asking to be robbed, and by being tricked into installing a Trojan, the equivalent of the robber ringing the doorbell and you inviting them to stay for dinner before they rob you dry. Neither is good!

“Sure, there are hundreds of other methods: SQL injection attacks, password guessing, and so on. But nearly everything besides unpatched software and downloaded Trojans is statistical noise. In fact, if you fix the main two issues, you almost don’t need to do anything else.” – Roger A. Grimes computer security columnist for Info World

Malware can be broken down into worms, viruses, Trojans, and hybrids. Viruses spread by infecting other host files and when run initiate the malware to commence. Worms are self replicating, once started they need no further assistance. Trojans need victims to get to business. They do not spread themselves, rather the originating hacker must spread each copy to each victim separately, usually via email. The benefit to this is that unless you experience ransomware, that locks the device, Trojans can be removed once identified.

You’d be surprised the amount of users that still give away their logins to hackers every day. It’s insane. Typically the user is sent a phishing email asking for credentials and claims to be from a legitimate website. Many times the email makes a small call to action such as threatening the termination of service. Trust the website in this case, not the email and go directly to the website to confirm.

Signature-based anti-malware simply cannot keep up with the thousands of malicious programs that hit each month. That is just the truth of the matter. Some of the responsibility must be in the hands of the user, or a good IT management team. A single antivirus program can only get so far, it would be who of you to periodically run a boatload of free antivirus programs at once. Together, the programs together can identify what the single one could not.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.infoworld.com

Webcam Malware aimed at company employees

aaaaayaaaaa

Attacks face many working employees as the newest form of malware has been aimed at webcams in the workplace. The new malware is used to record employee’s private moment sin order to extort information out of them later. Sounds like everyone’s worst nightmare. The malware is called Delilah, a sweet sounding name for something so morally compromising. Delilah is the world’s first insider threat Trojan. It allows operators to capture sensitive and compromising footage of victims, which is then used to pressure victims into leaking important company secrets. The malware is being delivered via multiple popular adult and gaming sites. Thus far it is not clear if any engineering or software vulnerabilities are the source of the installed malware. The bot comes with a social engineering plug in that connects to the webcam operations so you never know you are being filmed. The attackers are using encrypted channels to communicate with victims. The bot itself needs a high level of management from a human to know who to recruit, choosing who to scam effectively. The bot, once installed, seeks to gather as much personal information about the candidate as possible, in order to bully the victim into complying with attacker requests. This can span to family and friend information as well. At the moment, not much has been accomplished as to checking for the malware. All that is known is that the bot is still buggy, and that because of the number of screenshots it is taking, often makes the screen freeze momentarily.

As security researchers look into this type of malware, more preventative information should follow.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.zdnet.com

Mac Malware blocked if you fix this simple Setting

mac malware

In the last week two different types of OS X malware made their debut and it has Mac users biting their nails about the possibility of an unprotected Mac. Backdoor.MAC.Eleanor and OSX/Keydnap, the two newest Mac malware, are both blocked from execution if managed with the appropriate Mac settings.

As MacWorld points out to us, with some malware there is little that can be blamed on the user. The software that leverages vulnerabilities in the operating system to install without verification or that has the ability to mask itself as an application that it is really not, is usually to blame. But how easy is it to really spot this in the act? Most of us can’t, and have to rely on an operating system, or researchers  in order to find out about the malware and by that time who knows whats happening on the device.

The Backdoor.MAC.Eleanor is a Trojan horse distributed under the name EasyDoc Converter. Masking itself as a file converter application through reputable websites that offer Mac software, users think they are downloading valuable Mac software when really, they are in for a big surprise. This is the time when I advise you the user, to be careful when downloading software from sites that are not the direct developer. Nowadays many download sites package software inside of installers that also install adware or other unwanted apps. The OSX/Keydnap  malware vector distribution is unknown. We do know that it arrives in the form of a ZIP archive that has to be extracted, with the file inside double clicked.

OK the goods. Unsigned apps can only launch by either right-clicking the app after it is downloaded, selecting Open from the contextual menu, and agreeing to launch the app even though it is unsigned. OR If the Security & Privacy system preference pane’s General tab has Allow Apps Downloaded From set to Anywhere. This should be changed to Mac App Store and Identified Developers.  In the new macOS Sierra, this won’t be a problem as the Anywhere option has been removed for this very reason. Remember, Backdoor.MAC.Eleanor and OSX/Keydnap will be blocked if these settings are in place, so even if you mess up and don’t take any of my advice to heart, your Mac will still be safe.

 


 

If you would like to educate yourself in more detail about the information presented in this post, please visit : macworld.com

HummingBad Malware targets 85 million Android devices…

HummingBad  

As reported on the blog last week, malware has had a taste for Android devices.

The HummingBad software is another type of Android malware that has infected 85 million users globally. HummingBad infects Android devices in two ways, via drive-by downloads and malicious payloads delivered by websites distributing adult content. By using a rootkit, the malware attempts to gain root access to the device. If successful, the device is full accessible. In the event this method of access is not successful, a fake system update notification is used to trick users into handing over full access to the device.

With access granted, HummingBad will begin the usual malware process, installing fraudulent apps on the infected mobile device. Hackers are making a boatload of cash off this software alone, nearly $300,000 a month.  It’s an easy equation, the fraudulent applications deliver advertisements daily, generating a ridiculous amount of clicks. Engagement with these adds delivers nearly $10,000 to hackers daily, just from HummingBad alone. Researchers estimate that 10 million victims are using malicious applications without even knowing it.

Chinese cyber criminal group, Yingmob, consists of 25 employees spread out across four groups, and is responsible for managing HummingBad. It is suspected that Yingmob is behind the iOS malware called Yispecter, from 2015. China and India are the most affected by the HummingBad software, with 1.6 million devices in China affected, and 1.35 million affected in India. The United States is relatively small in the big picture, with 286,800 devices infected.

At the moment, HummingBad has not encrypted devices in order to steal data, but that doesn’t mean it won’t in the future.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post, please visit : www.zdnet.com