Category Archives: Viruses

Ransomware can now encrypt your smart TV too

Ransomware keep evolving and can now encrypt smart TVs.

According to the software developer, when he first contacted LG’s tech support, he was told that a technician would have to come over and take a look for a fee of around $340.

The ransom amount itself was $500 although even paying that would have been difficult because there was no way to click on the payment section to find the instructions on how to do so. The only thing that worked was just moving a mouse-like pointer on a portion of the TV screen via an accompanying smart remote.

In order to keep your smart TV safe, avoid downloading strange apps (even if they are in the Google Play store), keep your software up to date and protect your home Wi-fi.

Why keeping your OS up to date

They say Macs are safer than Windows PCs, but Apple’s devices have their own share of vulnerabilities that can be exploited by hackers to seize full control of the systems.

If you’re still unsure of why you should update your operating system to the latest version, here’s a true story I hope will persuade you why it’s the right thing to do.

A Swedish security expert showed how a $300 device can steal passwords from sleeping or closed Macs (the same which most people think are impenetrable to cyberattacks).

“Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable. Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!”

Apple fixed this vulnerability in macOS 10.12.2, so that’s why applying these updates is key for your cyber security. Of course, the same goes for Windows, even more so than for Mac OS X.

Recognizing and Avoiding Spyware

What is spyware?

Despite its name, the term “spyware” doesn’t refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as “adware.” It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:

  • What information is being gathered?
  • Who is receiving it?
  • How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

  • you are subjected to endless pop-up windows
  • you are redirected to web sites other than the one you typed into your browser
  • new, unexpected toolbars appear in your web browser
  • new, unexpected icons appear in the task tray at the bottom of your screen
  • your browser’s home page suddenly changed
  • the search engine your browser opens when you click “search” has been changed
  • certain keys fail to work in your browser (e.g., the tab key doesn’t work when you are moving to the next field within a form)
  • random Windows error messages begin to appear
  • your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

  • Don’t click on links within pop-up windows – Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the “X” icon in the titlebar instead of a “close” link within the window.
  • Choose “no” when asked unexpected questions – Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select “no” or “cancel,” or close the dialog box by clicking the “X” icon in the titlebar.
  • Be wary of free downloadable software – There are many sites that offer customized toolbars or other features that appeal to users. Don’t download programs from sites you don’t trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.
  • Don’t follow email links claiming to offer anti-spyware software – Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:

  • Adjust your browser preferences to limit pop-up windows and cookies – Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited.

How do you remove spyware?

  • Run a full scan on your computer with your anti-virus software – Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically
  • Run a legitimate product specifically designed to remove spyware – Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft’s Ad-Aware, Microsoft’s Window Defender, Webroot’s SpySweeper, and Spybot Search and Destroy.
  • Make sure that your anti-virus and anti-spyware software are compatible – Take a phased approach to installing the software to ensure that you don’t unintentionally introduce problems

Torrent poisoning allows big companies to track your IP

Torrenting is mostly associated with software or content pirating. Big companies are aware of the threat this process has to their profitability, so sometimes they employ unusual methods to fight back against torrenting.

One of these is torrent poisoning. Basically, they infect a torrent with software that then tells the company the IP of the user who downloaded the file. After this, the company might send you a cease and desist letter, or in the (very) worst case scenario, demand reparations for any damage inflicted.

“Locky” ransomware – what you need to know

The rise of ransomware is one of the biggest cybersecurity trends of the past few years, and out of all the variations out there, Locky is the most widespread one.

It is technologically impossible to decrypt, so once you get hit you either abandon the files or pay up the ransom to get them back.

“Locky” feels like quite a cheery-sounding name.

But it’s also the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.

The most common way that Locky arrives is as follows:

  • You receive an email containing an attached document (Troj/DocDl-BCF).
  • The document looks like gobbledegook.
  • The document advises you to enable macros “if the data encoding is incorrect.”

  • If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it.
  • The saved file (Troj/Ransom-CGX) serves as a downloader, which fetches the final malware payload from the crooks.
  • The final payload could be anything, but in this case is usually the Locky Ransomware (Troj/Ransom-CGW).

Locky scrambles all files that match a long list of extensions, including videos, images, source code, and Office files.

Locky even scrambles wallet.dat, your Bitcoin wallet file, if you have one.

WHAT TO DO?

  • Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
  • Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
  • Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
  • Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.
  • Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!
  • Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

Source/Reference

What is digital signature? – Definition from WhatIs.com

A digital signature (not to be confused with a digital certificate) is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.

A digital signature is a type of encryption used to ensure that a certain file, message or document is genuine and safe to open. A good digital signature is difficult for a malicious hacker to duplicate, so all around it is a great positive addition to your online security.

The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.

In many countries, including the United States, digital signatures have the same legal significance as the more traditional forms of signed documents. The United States Government Printing Office publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.

How digital signatures work

Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash — along with other information, such as the hashing algorithm — is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.

The value of the hash is unique to the hashed data. Any change in the data, even changing or deleting a single character, results in a different value. This attribute enables others to validate the integrity of the data by using the signer’s public key to decrypt the hash. If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn’t changed since it was signed. If the two hashes don’t match, the data has either been tampered with in some way (integrity) or the signature was created with a private key that doesn’t correspond to the public key presented by the signer (authentication).

A digital signature can be used with any kind of message — whether it is encrypted or not — simply so the receiver can be sure of the sender’s identity and that the message arrived intact. Digital signatures make it difficult for the signer to deny having signed something (non-repudiation) — assuming their private key has not been compromised — as the digital signature is unique to both the document and the signer, and it binds them together. A digital certificate, an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity.

Source

How you can contribute to stopping DDoS Attacks (Malware)

Protecting your devices against malware that will turn them into bots used for malicious purposes it not only important for you, but for the entire Internet.

Unless you want your laptop or fridge to power the next attack on Internet routers in Germany or another part of the world, here’s what you have to do:

  • Change default usernames and passwords on your devices and online accounts
  • Use strong passwords (set up a password manager) and NEVER reuse passwords for multiple accounts
  • Use basic security measures, such as antivirus
  • Keep your software up to date on all your devices (including your IoT gadgets – web cameras, fridges, etc.)
  • Regularly scan your devices for malware and keep an eye out for strange behavior
  • Unplug devices when you don’t use them (maybe not your fridge, but your toaster doesn’t need to stay plugged in – you get the picture).

These basic measures will help reduce your risk of infection and make the Internet a safer place for all!

The dramatically changing cyber threat landscape in Europe:

What EU countries are being targeted with the greatest frequency?

Cyber hackers are increasingly opportunistic – smart, savvy, and innovative. Hackers are bypassing traditional defenses by continually engineering new methods of attack. Even sophisticated cybersecurity programs are being thwarted, often by targeting weak links in the chain, including vendors and employees. Due to its advanced economies and important geopolitical positioning, Europe is a prime target for these attacks.
In late 2014, the German Federal Office for Information Security (BSI) reported that a cyber attack had caused “massive damage” to a German iron plant. Utilizing a combination of spear phishing and social engineering, hackers gained access to the iron plant’s office network, moved laterally to control the production network and then disabled the shut-off valves on the plant’s blast furnaces. In the parlance of the industry, this was a “kinetic” or physical attack against hard assets.
In late 2015, hackers turned their focus to the power industry. In one of the largest attacks of its kind, hackers shut off the power to hundreds of thousands of residents in Ukraine. According to public reports, the attacks that caused the power outage were accompanied by parallel cyber intrusions into Ukraine’s train system and TV stations.
In October 2016, the head of the International Atomic Energy Agency at the United Nations, Yukiya Amano, publicly disclosed for the first time that a “disruptive” cyber attack had been launched against a nuclear facility in Germany. This report came on the heels of an analysis by the Nuclear Threat Initiative warning of lax cyber security at nuclear facilities in a number of countries across Europe.
Thus, cyber attacks against critical infrastructure, dubbed a potential “Cyber Pearl Harbor” by US military officials, are no longer the fantasies of Hollywood producers, conspiracy theorists or sci-fi aficionados, but are the reality that governments and businesses across Europe must now confront.
Europe is being forced to confront a growing cyber threat against physical assets. Hackers and purportedly nation states are increasingly targeting industrial control systems and networks — power grids, chemical plants, aviation systems, transportation networks, telecommunications systems, financial networks and even nuclear facilities.

Source/Reference

Dangerous ‘Fireball’ Adware Infects a Quarter Billion PCs

Author: Andy Greenberg

Adware that infects your computer to display pop-ups is an annoyance. But when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims, it’s an epidemic waiting to happen.

The security firm Check Point has warned of a massive new outbreak: They count 250 million PCs infected with malicious code they’ve called Fireball, designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. But more disturbingly, Check Point says it found that the malware also has the ability to remotely run any code on the victim’s machine, or download new malicious files. It’s potentially serious malware, disguised as something more trivial.

“A quarter-billion computers could very easily become victims of real malware,” says Maya Horowitz, the head of Check Point research team. “It installs a backdoor into all these computers that can be very, very easily exploited in the hands of the Chinese people behind this campaign.”

The Hack

Check Point found that at least some portion of an estimated hundreds of millions of computers infected with Fireball contracted the malware via free software that was “bundled” with Rafotech’s code. The researchers point to freeware like Soso Desktop and FVP Imageviewer, both of which have been packaged with the adware in some cases. But since none of those free applications is particularly popular or even recognizable to Americans, Check Point’s Horowitz admits that the researchers don’t know if other common techniques, like phishing or exploit kits, are also used to install the malware. Rafotech didn’t respond to WIRED’s request for comment.

Check Point traced the Fireball infections to Rafotech by analyzing the domains of the command and control servers that the malware links back to. They were also able to check the registration of the domains used to host the highly obscure search engines—which actually load results from Google and Yahoo—Fireball forces on its victims.

Rafotech may monetize the traffic of its infected computers by taking a fee when infected machines visit the website of one of its clients, Check Point speculates. The search engines to which it directs hijacked browsers use tracking pixels that could identify infected machines again when they end up on a destination site. But Check Point says it can’t be exactly sure how Rafotech profits from hosting Google and Yahoo search results on obscure sites. Neither Google nor Yahoo responded immediately to a request for comment about any potential involvement in the adware scheme.

Who’s Affected?

Check Point arrived at its 250 million infections estimate by looking at Alexa traffic statistics to those search sites. But the security firm says it’s possible they missed some domains, and therefore undercounted. (Rafotech suspiciously boasts that it has a reach of over 300 million users on its website.) Based on analysis of its own network of clients, Check Point estimates that one in five corporate networks globally have at least one infection. But only a fraction of those victims, around 5.5 million PCs, are in the US. Far worse hit are countries like India and Brazil, with close to 25 million infected machines each.

How Serious Is This?

Adware is a troubling nuisance. But Check Point warns that FireBall should be judged not by what’s it’s doing, but what it could do: Allow its administrators to turn their unwilling ad-revenue generation audience into a botnet, or to harvest credentials and other private data en masse.

That means anyone infected with the malware—if your browser loads one of these shady obscure search engines by default, that’s a giveaway—should remove it by running an antivirus scanner that includes cleaning up adware. Otherwise, victims may soon find themselves suffering from more than spammy browser tweaks, Check Point’s Horowitz warns.

“Something behind this is fishy, and the intentions of the developers aren’t only to monetize on advertisements,” she says. “We don’t know their plan, and if there really is one. But it looks like they want to have the opportunity to take it to the next level. And they can.”

Source

Majority of US Companies DDoS Defenses Breached

Survey finds 69% of companies’ distributed denial-of-service attack defenses were breached in the past year – despite confidence in their mitigation technologies.

A whopping 88% of US companies claim confidence in their DDoS mitigation technologies, yet 69% have suffered an attack in the past 12 months, according to a report released today by CDNetworks that surveyed 500 senior IT professionals from the US, UK, Germany, Austria, and Switzerland.

Some 82% of respondents from Germany, Austria, and Switzerland, were also confident in their DDoS mitigation technologies, but 57% had suffered an attack in the past year.

Despite US companies spending an average of $34,750 a year on DDoS mitigation, these companies sustained a higher percentage of attacks than those in Germany, Austria, and Switzerland, which spent an average of $29,000, according to the report.

Nonetheless, 66% of US companies plan to increase their DDoS mitigation spending over the next 12 months, the report states.

Source