Category Archives: Ransomware

Ransomware can now encrypt your smart TV too

Ransomware keep evolving and can now encrypt smart TVs.

According to the software developer, when he first contacted LG’s tech support, he was told that a technician would have to come over and take a look for a fee of around $340.

The ransom amount itself was $500 although even paying that would have been difficult because there was no way to click on the payment section to find the instructions on how to do so. The only thing that worked was just moving a mouse-like pointer on a portion of the TV screen via an accompanying smart remote.

In order to keep your smart TV safe, avoid downloading strange apps (even if they are in the Google Play store), keep your software up to date and protect your home Wi-fi.

Top 10 Tips To Stay Safe Online


With hacks, scams, malware and more, the Internet can feel like a dangerous place these days. And, the recent proliferation of devices, from smartphones and tablets to Internet-connected appliances, has opened us up to even greater risks.

But the good news is that by taking just a small handful of security measures we can greatly reduce our exposure to all these threats.

Here are some tips to help you get started:

1. Create Complex Passwords. We know you’ve heard it before, but creating strong, unique passwords for all your critical accounts really is the best way to keep your personal and financial information safe. This is especially true in the era of widespread corporate hacks, where one database breach can reveal tens of thousands of user passwords. If you reuse your passwords, a hacker can take the leaked data from one attack and use it to login to your other accounts. Our best advice: use a password manager to help you store and create strong passwords for all of your accounts.

Then, check to see if your online accounts offer multi-factor authentication. This is when multiple pieces of information are required to verify your identity. So, to log into an account you may need to enter a code that is sent to your phone, as well as your password and passphrase.

2. Boost Your Network Security. Now that your logins are safer, make sure that your connections are secure. When at home or work, you probably use a password-protected router that encrypts your data. But, when you’re on the road, you might be tempted to use free, public Wi-Fi.The problem with public Wi-Fi is that it is often unsecured. This means it’s relatively easy for a hacker to access your device or information. That’s why you should consider investing in a Virtual Private Network (VPN). A VPN is a piece of software that creates a secure connection over the internet, so you can safely connect from anywhere.

3. Use a Firewall. Even if your network is secure, you should still use a firewall. This an electronic barrier that blocks unauthorized access to your computers and devices, and is often included with comprehensive security software. Using a firewall ensures that all of the devices connected to your network are secured, including Internet of Things (IoT) devices like smart thermostats and webcams. This is important since many IoT devices aren’t equipped with security measures, giving hackers a vulnerable point of entry to your entire network.

4. Click Smart. Now that you’ve put smart tech measures into place, make sure that you don’t invite danger with careless clicking. Many of today’s online threats are based on phishing or social engineering. This is when you are tricked into revealing personal or sensitive information for fraudulent purposes. Spam emails, phony “free” offers, click bait, online quizzes and more all use these tactics to entice you to click on dangerous links or give up your personal information. Always be wary of offers that sound too good to be true, or ask for too much information.

5. Be a Selective Sharer. These days, there are a lot of opportunities to share our personal information online. Just be cautious about what you share, particularly when it comes to your identity information. This can potentially be used to impersonate you, or guess your passwords and logins.

6. Protect Your Mobile Life. Our mobile devices can be just as vulnerable to online threats as our laptops. In fact, mobile devices face new risks, such as risky apps and dangerous links sent by text message. Be careful where you click, don’t respond to messages from strangers, and only download apps from official app stores after reading other users’ reviews first. Make sure that your security software is enabled on your mobile, just like your computers and other devices.

7. Practice Safe Surfing & Shopping. When shopping online, or visiting websites for online banking or other sensitive transactions, always make sure that the site’s address starts with “https”, instead of just “http”, and has a padlock icon in the URL field. This indicates that the website is secure and uses encryption to scramble your data so it can’t be intercepted by others. Also, be on the lookout for websites that have misspellings or bad grammar in their addresses. They could be copycats of legitimate websites. Use a safe search tool such as McAfee SiteAdvisor to steer clear of risky sites.

8. Keep up to date. Keep all your software updated so you have the latest security patches. Turn on automatic updates so you don’t have to think about it, and make sure that your security software is set to run regular scans.

9. Lookout for the latest scams. Online threats are evolving all the time, so make sure you know what to look out for. Currently, ransomwareis on the rise. This is when a hacker threatens to lock you out of all of your files unless you agree to pay a ransom. Stay on top of this and other threats by staying informed.

10. Keep your guard up. Always be cautious about what you do online, which sites you visit, and what you share. Use comprehensive security software, and make sure to backup your data on a regular basis in case something goes wrong. By taking preventative measures, you can save yourself from headaches later on.

Reference

Beware of fake delivery notifications (emails)

Cybercriminals have been using fake delivery notification emails to spread malware for many years now. In spite of their history and frequency, this attack tactic still works.

Some of the reasons include lack of proper security measures taken by the companies you purchase things from, but also emotions clouding people’s judgement when prompted by such an alert.

[why%20so%20many%20people%20fall%20for%20the%20fake%20delivery%20notifications?]You can see an example here and read the words of an experienced malware researcher on the topic.

Be very, very careful when receiving and reviewing delivery notifications, as they’re very effective for spreading the worst kind of malware, including financial malware and ransomware.

Recognizing and Avoiding Spyware

What is spyware?

Despite its name, the term “spyware” doesn’t refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as “adware.” It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:

  • What information is being gathered?
  • Who is receiving it?
  • How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

  • you are subjected to endless pop-up windows
  • you are redirected to web sites other than the one you typed into your browser
  • new, unexpected toolbars appear in your web browser
  • new, unexpected icons appear in the task tray at the bottom of your screen
  • your browser’s home page suddenly changed
  • the search engine your browser opens when you click “search” has been changed
  • certain keys fail to work in your browser (e.g., the tab key doesn’t work when you are moving to the next field within a form)
  • random Windows error messages begin to appear
  • your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

  • Don’t click on links within pop-up windows – Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the “X” icon in the titlebar instead of a “close” link within the window.
  • Choose “no” when asked unexpected questions – Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select “no” or “cancel,” or close the dialog box by clicking the “X” icon in the titlebar.
  • Be wary of free downloadable software – There are many sites that offer customized toolbars or other features that appeal to users. Don’t download programs from sites you don’t trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.
  • Don’t follow email links claiming to offer anti-spyware software – Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:

  • Adjust your browser preferences to limit pop-up windows and cookies – Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited.

How do you remove spyware?

  • Run a full scan on your computer with your anti-virus software – Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically
  • Run a legitimate product specifically designed to remove spyware – Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft’s Ad-Aware, Microsoft’s Window Defender, Webroot’s SpySweeper, and Spybot Search and Destroy.
  • Make sure that your anti-virus and anti-spyware software are compatible – Take a phased approach to installing the software to ensure that you don’t unintentionally introduce problems

“Locky” ransomware – what you need to know

The rise of ransomware is one of the biggest cybersecurity trends of the past few years, and out of all the variations out there, Locky is the most widespread one.

It is technologically impossible to decrypt, so once you get hit you either abandon the files or pay up the ransom to get them back.

“Locky” feels like quite a cheery-sounding name.

But it’s also the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.

The most common way that Locky arrives is as follows:

  • You receive an email containing an attached document (Troj/DocDl-BCF).
  • The document looks like gobbledegook.
  • The document advises you to enable macros “if the data encoding is incorrect.”

  • If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it.
  • The saved file (Troj/Ransom-CGX) serves as a downloader, which fetches the final malware payload from the crooks.
  • The final payload could be anything, but in this case is usually the Locky Ransomware (Troj/Ransom-CGW).

Locky scrambles all files that match a long list of extensions, including videos, images, source code, and Office files.

Locky even scrambles wallet.dat, your Bitcoin wallet file, if you have one.

WHAT TO DO?

  • Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
  • Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
  • Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
  • Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.
  • Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!
  • Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

Source/Reference

Avoiding Social Engineering and Phishing Attacks

Author US-CERT Publications

Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

  • natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
  • epidemics and health scares (e.g., H1N1)
  • economic concerns (e.g., IRS scams)
  • major political elections
  • holidays

How do you avoid being a victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Don’t send sensitive information over the Internet before checking a website’s security.
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
  • Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Watch for other signs of identity theft.
  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

Source

How you can contribute to stopping DDoS Attacks (Malware)

Protecting your devices against malware that will turn them into bots used for malicious purposes it not only important for you, but for the entire Internet.

Unless you want your laptop or fridge to power the next attack on Internet routers in Germany or another part of the world, here’s what you have to do:

  • Change default usernames and passwords on your devices and online accounts
  • Use strong passwords (set up a password manager) and NEVER reuse passwords for multiple accounts
  • Use basic security measures, such as antivirus
  • Keep your software up to date on all your devices (including your IoT gadgets – web cameras, fridges, etc.)
  • Regularly scan your devices for malware and keep an eye out for strange behavior
  • Unplug devices when you don’t use them (maybe not your fridge, but your toaster doesn’t need to stay plugged in – you get the picture).

These basic measures will help reduce your risk of infection and make the Internet a safer place for all!

What is a Botnet & How to Prevent Your PC From Being Enslaved

What is Botnet?

A botnet is a network of infected computers that communicate with each other in order to perform the same malicious actions, like launching spam campaigns or distributed denial-of-service attacks. The network can be controlled remotely by online criminals to serve their interests and, at the same time, this allows the hackers to avoid detection or legal actions by law agencies.

  • attack other computers,
  • send spam or phishing emails,
  • deliver ransomware,
  • spyware, or many other similar malicious acts.

You’ve probably read about the massive cyber attacks launched by botnets against networks, DNS providers and routers across the world. The consequences were very real and quite impactful as well.

Well, these attacks were powered by infected Internet of Things devices, such as Internet-connected cameras, fridges and other such gadgets.

If you have such a device at home or plan on buying one, you should know that attackers can infect it in less than 4 minutes since you’ve connected it to your Wi-fi network.

What you can do stop this from happening:

  • Change the default username and passwords on your device (this is critical!)
  • Use a strong password when you set a new one
  • Protect your home Wi-fi network with basic measures
  • Keep your IoT gadgets’ software up to date (this is critical too!).

These are the very basic measures you can take for your safety. Plus, they’ll contribute to making the Internet a safer place too!

The dramatically changing cyber threat landscape in Europe:

What EU countries are being targeted with the greatest frequency?

Cyber hackers are increasingly opportunistic – smart, savvy, and innovative. Hackers are bypassing traditional defenses by continually engineering new methods of attack. Even sophisticated cybersecurity programs are being thwarted, often by targeting weak links in the chain, including vendors and employees. Due to its advanced economies and important geopolitical positioning, Europe is a prime target for these attacks.
In late 2014, the German Federal Office for Information Security (BSI) reported that a cyber attack had caused “massive damage” to a German iron plant. Utilizing a combination of spear phishing and social engineering, hackers gained access to the iron plant’s office network, moved laterally to control the production network and then disabled the shut-off valves on the plant’s blast furnaces. In the parlance of the industry, this was a “kinetic” or physical attack against hard assets.
In late 2015, hackers turned their focus to the power industry. In one of the largest attacks of its kind, hackers shut off the power to hundreds of thousands of residents in Ukraine. According to public reports, the attacks that caused the power outage were accompanied by parallel cyber intrusions into Ukraine’s train system and TV stations.
In October 2016, the head of the International Atomic Energy Agency at the United Nations, Yukiya Amano, publicly disclosed for the first time that a “disruptive” cyber attack had been launched against a nuclear facility in Germany. This report came on the heels of an analysis by the Nuclear Threat Initiative warning of lax cyber security at nuclear facilities in a number of countries across Europe.
Thus, cyber attacks against critical infrastructure, dubbed a potential “Cyber Pearl Harbor” by US military officials, are no longer the fantasies of Hollywood producers, conspiracy theorists or sci-fi aficionados, but are the reality that governments and businesses across Europe must now confront.
Europe is being forced to confront a growing cyber threat against physical assets. Hackers and purportedly nation states are increasingly targeting industrial control systems and networks — power grids, chemical plants, aviation systems, transportation networks, telecommunications systems, financial networks and even nuclear facilities.

Source/Reference

Dangerous ‘Fireball’ Adware Infects a Quarter Billion PCs

Author: Andy Greenberg

Adware that infects your computer to display pop-ups is an annoyance. But when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims, it’s an epidemic waiting to happen.

The security firm Check Point has warned of a massive new outbreak: They count 250 million PCs infected with malicious code they’ve called Fireball, designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. But more disturbingly, Check Point says it found that the malware also has the ability to remotely run any code on the victim’s machine, or download new malicious files. It’s potentially serious malware, disguised as something more trivial.

“A quarter-billion computers could very easily become victims of real malware,” says Maya Horowitz, the head of Check Point research team. “It installs a backdoor into all these computers that can be very, very easily exploited in the hands of the Chinese people behind this campaign.”

The Hack

Check Point found that at least some portion of an estimated hundreds of millions of computers infected with Fireball contracted the malware via free software that was “bundled” with Rafotech’s code. The researchers point to freeware like Soso Desktop and FVP Imageviewer, both of which have been packaged with the adware in some cases. But since none of those free applications is particularly popular or even recognizable to Americans, Check Point’s Horowitz admits that the researchers don’t know if other common techniques, like phishing or exploit kits, are also used to install the malware. Rafotech didn’t respond to WIRED’s request for comment.

Check Point traced the Fireball infections to Rafotech by analyzing the domains of the command and control servers that the malware links back to. They were also able to check the registration of the domains used to host the highly obscure search engines—which actually load results from Google and Yahoo—Fireball forces on its victims.

Rafotech may monetize the traffic of its infected computers by taking a fee when infected machines visit the website of one of its clients, Check Point speculates. The search engines to which it directs hijacked browsers use tracking pixels that could identify infected machines again when they end up on a destination site. But Check Point says it can’t be exactly sure how Rafotech profits from hosting Google and Yahoo search results on obscure sites. Neither Google nor Yahoo responded immediately to a request for comment about any potential involvement in the adware scheme.

Who’s Affected?

Check Point arrived at its 250 million infections estimate by looking at Alexa traffic statistics to those search sites. But the security firm says it’s possible they missed some domains, and therefore undercounted. (Rafotech suspiciously boasts that it has a reach of over 300 million users on its website.) Based on analysis of its own network of clients, Check Point estimates that one in five corporate networks globally have at least one infection. But only a fraction of those victims, around 5.5 million PCs, are in the US. Far worse hit are countries like India and Brazil, with close to 25 million infected machines each.

How Serious Is This?

Adware is a troubling nuisance. But Check Point warns that FireBall should be judged not by what’s it’s doing, but what it could do: Allow its administrators to turn their unwilling ad-revenue generation audience into a botnet, or to harvest credentials and other private data en masse.

That means anyone infected with the malware—if your browser loads one of these shady obscure search engines by default, that’s a giveaway—should remove it by running an antivirus scanner that includes cleaning up adware. Otherwise, victims may soon find themselves suffering from more than spammy browser tweaks, Check Point’s Horowitz warns.

“Something behind this is fishy, and the intentions of the developers aren’t only to monetize on advertisements,” she says. “We don’t know their plan, and if there really is one. But it looks like they want to have the opportunity to take it to the next level. And they can.”

Source