Category Archives: Malware

3,1 billion data records leaked in 2016. How do you protect yourself?

In 2015, data breaches caused for 480 million data records to be leaked, breached or otherwise exploited by cyber criminals. But that figure doesn’t even compare to the astounding statistic from 2016.

With 3.1 BILLION data records breached in 2016, chances are high that your own data was involved in one of the massive breaches of the year.

let’s walk through some of the major hacks and data breaches from the past couple of years, and how they impacted the users:
1. Ashley Madison – August 2015 – 37 million people that were using the Ashley Madison site had their data published online, including credit card and sexual preferences. The service encouraged extramarital affairs, by helping users cheat on their partners. It led to many divorces and even some suicides.
2. iCloud / Apple – September 2014 – Not even cloud storage is safe from data breaches. Hundreds of nude celebrity photos leaked online, in a hack that was dubbed “The Fappening”. Apple later reported that the data was obtained using a highly targeted attack on user names, passwords and security questions.
3. Sony Pictures Entertainment – November 2014 – You most likely remember the Sony hack, that was allegedly planned by North Korea. 47.000 social security numbers of Sony employees were taken by attackers, plus names, address and financial information. However, the press mainly focused on the gossip side of the hack. The published stories covered the private conversations between Hollywood actors and movie industry players that also leaked.
4. Snapchat / SnapSaved – October 2014 – Also known as the Snappening, in reference to the Fappening, more than 13 GB of Snapchat videos and photos leaked online. The files were breached via a third-party app, SnapSaved, that was used to save and access Snapchat files.
5. IRS – May 2015 – More than 330.000 taxpayers were affected in this data breach. It may seem like a small number, compared to other data breaches, but the impact was disastrous. The attackers gained access to filed tax returns, financial information and social security numbers.
6. Vtech – November 2015 – Information on 6.4 million children and 5.9 million adults were exposed in what experts consider the largest theft of personal data targeting kids. Name, gender and birthdate were among the stolen data on the kids, while parents had their name, mailing address, secret question and answer for password retrieval, IP address, download history and encrypted password leaked. We don’t even want to imagine what could happen if some ill-intentioned individuals would pair the info on the parents and their children.
7. LastPass – June 2015 – Who says password manager services are safe? LastPass servers were attacked last summer. The data accessed by the intruders included email addresses, password reminders and authentication hashes. However, encrypted user data (aka your stored passwords) was not breached. The company prompted all the users to update their master password immediately.
8. eBay – May 2014 – One of the biggest data breaches of all times, that let 145 million users with their names, email and postal addresses, phone numbers, birthdates and encrypted passwords exposed.
9. Anthem – February 2015 – A data breach of the second biggest health insurer in America exposed medical information of 80 million customers. Plus names, birthdays, social security numbers, email and home addresses.
10. Spotify – November 2014 – Not even music streaming services are safe from attackers. Last year, over a thousand Spotify users had their email addresses and passwords leaked online. Gaana, the most popular indian music streaming service, with more than 7.5 million monthly users, also got hacked and had its database exposed.

Source

Ransomware can now encrypt your smart TV too

Ransomware keep evolving and can now encrypt smart TVs.

According to the software developer, when he first contacted LG’s tech support, he was told that a technician would have to come over and take a look for a fee of around $340.

The ransom amount itself was $500 although even paying that would have been difficult because there was no way to click on the payment section to find the instructions on how to do so. The only thing that worked was just moving a mouse-like pointer on a portion of the TV screen via an accompanying smart remote.

In order to keep your smart TV safe, avoid downloading strange apps (even if they are in the Google Play store), keep your software up to date and protect your home Wi-fi.

Top 10 Tips To Stay Safe Online


With hacks, scams, malware and more, the Internet can feel like a dangerous place these days. And, the recent proliferation of devices, from smartphones and tablets to Internet-connected appliances, has opened us up to even greater risks.

But the good news is that by taking just a small handful of security measures we can greatly reduce our exposure to all these threats.

Here are some tips to help you get started:

1. Create Complex Passwords. We know you’ve heard it before, but creating strong, unique passwords for all your critical accounts really is the best way to keep your personal and financial information safe. This is especially true in the era of widespread corporate hacks, where one database breach can reveal tens of thousands of user passwords. If you reuse your passwords, a hacker can take the leaked data from one attack and use it to login to your other accounts. Our best advice: use a password manager to help you store and create strong passwords for all of your accounts.

Then, check to see if your online accounts offer multi-factor authentication. This is when multiple pieces of information are required to verify your identity. So, to log into an account you may need to enter a code that is sent to your phone, as well as your password and passphrase.

2. Boost Your Network Security. Now that your logins are safer, make sure that your connections are secure. When at home or work, you probably use a password-protected router that encrypts your data. But, when you’re on the road, you might be tempted to use free, public Wi-Fi.The problem with public Wi-Fi is that it is often unsecured. This means it’s relatively easy for a hacker to access your device or information. That’s why you should consider investing in a Virtual Private Network (VPN). A VPN is a piece of software that creates a secure connection over the internet, so you can safely connect from anywhere.

3. Use a Firewall. Even if your network is secure, you should still use a firewall. This an electronic barrier that blocks unauthorized access to your computers and devices, and is often included with comprehensive security software. Using a firewall ensures that all of the devices connected to your network are secured, including Internet of Things (IoT) devices like smart thermostats and webcams. This is important since many IoT devices aren’t equipped with security measures, giving hackers a vulnerable point of entry to your entire network.

4. Click Smart. Now that you’ve put smart tech measures into place, make sure that you don’t invite danger with careless clicking. Many of today’s online threats are based on phishing or social engineering. This is when you are tricked into revealing personal or sensitive information for fraudulent purposes. Spam emails, phony “free” offers, click bait, online quizzes and more all use these tactics to entice you to click on dangerous links or give up your personal information. Always be wary of offers that sound too good to be true, or ask for too much information.

5. Be a Selective Sharer. These days, there are a lot of opportunities to share our personal information online. Just be cautious about what you share, particularly when it comes to your identity information. This can potentially be used to impersonate you, or guess your passwords and logins.

6. Protect Your Mobile Life. Our mobile devices can be just as vulnerable to online threats as our laptops. In fact, mobile devices face new risks, such as risky apps and dangerous links sent by text message. Be careful where you click, don’t respond to messages from strangers, and only download apps from official app stores after reading other users’ reviews first. Make sure that your security software is enabled on your mobile, just like your computers and other devices.

7. Practice Safe Surfing & Shopping. When shopping online, or visiting websites for online banking or other sensitive transactions, always make sure that the site’s address starts with “https”, instead of just “http”, and has a padlock icon in the URL field. This indicates that the website is secure and uses encryption to scramble your data so it can’t be intercepted by others. Also, be on the lookout for websites that have misspellings or bad grammar in their addresses. They could be copycats of legitimate websites. Use a safe search tool such as McAfee SiteAdvisor to steer clear of risky sites.

8. Keep up to date. Keep all your software updated so you have the latest security patches. Turn on automatic updates so you don’t have to think about it, and make sure that your security software is set to run regular scans.

9. Lookout for the latest scams. Online threats are evolving all the time, so make sure you know what to look out for. Currently, ransomwareis on the rise. This is when a hacker threatens to lock you out of all of your files unless you agree to pay a ransom. Stay on top of this and other threats by staying informed.

10. Keep your guard up. Always be cautious about what you do online, which sites you visit, and what you share. Use comprehensive security software, and make sure to backup your data on a regular basis in case something goes wrong. By taking preventative measures, you can save yourself from headaches later on.

Reference

Why keeping your OS up to date

They say Macs are safer than Windows PCs, but Apple’s devices have their own share of vulnerabilities that can be exploited by hackers to seize full control of the systems.

If you’re still unsure of why you should update your operating system to the latest version, here’s a true story I hope will persuade you why it’s the right thing to do.

A Swedish security expert showed how a $300 device can steal passwords from sleeping or closed Macs (the same which most people think are impenetrable to cyberattacks).

“Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable. Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!”

Apple fixed this vulnerability in macOS 10.12.2, so that’s why applying these updates is key for your cyber security. Of course, the same goes for Windows, even more so than for Mac OS X.

Beware of fake delivery notifications (emails)

Cybercriminals have been using fake delivery notification emails to spread malware for many years now. In spite of their history and frequency, this attack tactic still works.

Some of the reasons include lack of proper security measures taken by the companies you purchase things from, but also emotions clouding people’s judgement when prompted by such an alert.

[why%20so%20many%20people%20fall%20for%20the%20fake%20delivery%20notifications?]You can see an example here and read the words of an experienced malware researcher on the topic.

Be very, very careful when receiving and reviewing delivery notifications, as they’re very effective for spreading the worst kind of malware, including financial malware and ransomware.

Online Shopping Safety Tips

Using Public Wi-fi

“If you are shopping on your phone or computer and using an unknown WiFi connection, save the purchases for later. Don’t enter any personal information such as name, address, or credit card number until you are on a secure and known connection.” – Loki Labs, www.lokilabs.io

Visiting a New Website

“Check the seller’s customer satisfaction ratings. Review other user’s comments and check out the seller’s rating on sites like Google Shopping. Low “star” ratings may provide a red flag that cautions you to find a more reputable seller.” – Diverse Concepts, www.dciits.com“Check the Better Business Bureau website to see if there are a large number of complaints about the seller. https://www.bbb.org/greater-maryland/” – Diverse Concepts, www.dciits.com

“Go directly to the seller’s site rather than clicking a “coupon” link that was sent to you by an unknown source. Scammers can often use a tactic called cross-site scripting to craft a hyperlink that appears to be the actual merchant site but actually relays your credit card information to the scammer when you put your payment information into the payment web form. Unless you can verify that a coupon came from the actual vendor’s site to which you have already subscribed, it’s best to avoid random coupons with unknown origins.” – Diverse Concepts, www.dciits.com

“Find out the seller’s physical address. If the merchant only has a P.O. box listed, then that may be a red flag. If his address is 1234 in a van down by the river, you may consider shopping elsewhere.” – Diverse Concepts, www.dciits.com

“Check the seller’s privacy policy. While we might not think about it, some sellers resell our personal information, buying preferences, and other data to market research companies, telemarketers, and spammers. Read carefully and always make sure that you are opting-out and not opting-in when asked whether you want to have your information shared with “3rd parties” (unless you like a lot of spam in your e-mail). You may also want to obtain a separate e-mail account to use while shopping online to avoid clogging up your personal e-mail box with the barrage of sale ads and other junk mail that is frequently sent out.” – Diverse Concepts, www.dciits.com

“If you’re buying something on a new website and they want you to sign up for an account, use a new password. Never use the same passwords for shopping sites as you do for anything else, such as email, bank logins, etc. (It’s a good idea to use a different password for every site you go to but this is especially important.) Even if the company you’re purchasing from is legitimate, you don’t know who might have access to their database now or in the future.” – Loki Labs, www.lokilabs.io

Resources:

FBI Warns of Dramatic Increase in Business E-Mail Scams


FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam or “B.E.C.,” a scheme that targets businesses and has resulted in massive financial losses in Phoenix and other cities.

The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.

There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.

  • Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries.
  • From October 2013 through February 2016, law enforcement received reports from 17,642 victims.
  • This amounted to more than $2.3 billion in losses.
  • Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss.
  • In Arizona the average loss per scam is between $25,000 and $75,000.

If your company has been victimized by a BEC scam:

  • Contact your financial institution immediately
  • Request that they contact the financial institution where the fraudulent transfer was sent
  • File a complaint—regardless of dollar loss—with the IC3.

Tips for Businesses:

  • Be wary of e-mail-only wire transfer requests and requests involving urgency
  • Pick up the phone and verify legitimate business partners.
  • Be cautious of mimicked e-mail addresses
  • Practice multi-level authentication.

Resources:

Recognizing and Avoiding Spyware

What is spyware?

Despite its name, the term “spyware” doesn’t refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as “adware.” It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:

  • What information is being gathered?
  • Who is receiving it?
  • How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

  • you are subjected to endless pop-up windows
  • you are redirected to web sites other than the one you typed into your browser
  • new, unexpected toolbars appear in your web browser
  • new, unexpected icons appear in the task tray at the bottom of your screen
  • your browser’s home page suddenly changed
  • the search engine your browser opens when you click “search” has been changed
  • certain keys fail to work in your browser (e.g., the tab key doesn’t work when you are moving to the next field within a form)
  • random Windows error messages begin to appear
  • your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

  • Don’t click on links within pop-up windows – Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the “X” icon in the titlebar instead of a “close” link within the window.
  • Choose “no” when asked unexpected questions – Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select “no” or “cancel,” or close the dialog box by clicking the “X” icon in the titlebar.
  • Be wary of free downloadable software – There are many sites that offer customized toolbars or other features that appeal to users. Don’t download programs from sites you don’t trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.
  • Don’t follow email links claiming to offer anti-spyware software – Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:

  • Adjust your browser preferences to limit pop-up windows and cookies – Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited.

How do you remove spyware?

  • Run a full scan on your computer with your anti-virus software – Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically
  • Run a legitimate product specifically designed to remove spyware – Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft’s Ad-Aware, Microsoft’s Window Defender, Webroot’s SpySweeper, and Spybot Search and Destroy.
  • Make sure that your anti-virus and anti-spyware software are compatible – Take a phased approach to installing the software to ensure that you don’t unintentionally introduce problems

Torrent poisoning allows big companies to track your IP

Torrenting is mostly associated with software or content pirating. Big companies are aware of the threat this process has to their profitability, so sometimes they employ unusual methods to fight back against torrenting.

One of these is torrent poisoning. Basically, they infect a torrent with software that then tells the company the IP of the user who downloaded the file. After this, the company might send you a cease and desist letter, or in the (very) worst case scenario, demand reparations for any damage inflicted.

“Locky” ransomware – what you need to know

The rise of ransomware is one of the biggest cybersecurity trends of the past few years, and out of all the variations out there, Locky is the most widespread one.

It is technologically impossible to decrypt, so once you get hit you either abandon the files or pay up the ransom to get them back.

“Locky” feels like quite a cheery-sounding name.

But it’s also the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.

The most common way that Locky arrives is as follows:

  • You receive an email containing an attached document (Troj/DocDl-BCF).
  • The document looks like gobbledegook.
  • The document advises you to enable macros “if the data encoding is incorrect.”

  • If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it.
  • The saved file (Troj/Ransom-CGX) serves as a downloader, which fetches the final malware payload from the crooks.
  • The final payload could be anything, but in this case is usually the Locky Ransomware (Troj/Ransom-CGW).

Locky scrambles all files that match a long list of extensions, including videos, images, source code, and Office files.

Locky even scrambles wallet.dat, your Bitcoin wallet file, if you have one.

WHAT TO DO?

  • Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
  • Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
  • Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
  • Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.
  • Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!
  • Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

Source/Reference