Computer Virus 101
What is a computer virus?
Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from functioning normally and often requires something powerful to get rid of it. A computer virus is very similar. Designed to relentlessly replicate, these threats infect your programs and files, alter the way your computer operates or stop it from working altogether. It’s estimated that the ‘Conficker’ malware infected more than 10 million computers in 2009, which was a massive amount back then.
The amount of viruses and their capability to inflict damage have only increased since then. Today, hundreds of thousands of them operate over the internet, and new variants are discovered every day. When you couple this with the discoveries of mass-scale security flaws/vulnerabilities (such as ‘Heartbleed’ and ‘Bash’ in 2014), the cyber-world really starts to look like a scary place. It is. But that doesn’t mean there’s nothing you can do to protect yourself and your devices.
How does it find me?
Even if you’re careful, you can pick one up through normal online activities like:
- Sharing music, files or photos with other users
- Visiting an infected website
- Opening spam email or an email attachment
- Downloading free games, toolbars, media players and other system utilities
- Installing mainstream software applications without fully reading license agreements
What does it do?
Some computer viruses are programmed to harm your computer by damaging programs, deleting files, or reformatting the hard drive. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful versions can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.
What are the symptoms?
Your computer may be infected if you recognize any of these malware symptoms:
- Slow computer performance
- Erratic computer behavior
- Unexplained data loss
- Frequent computer crashes
Arming yourself with the best protection
When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Take these steps to safeguard your PC with the best protection:
Make sure that you have the best security software products installed on your computer:
- Use anti-virus protection and a firewall
- Get anti-spyware software
- Always keep your anti-virus protection and anti-spyware software up-to-date (Webroot SecureAnywhere updates automatically)
- Update your operating system regularly (most update automatically)
- Increase your browser security settings
- Avoid questionable websites
- Only download software from sites you trust and carefully evaluate free software and file-sharing applications before downloading them
Practice safe email protocol:
- Don’t open messages from unknown senders
- Immediately delete messages you suspect to be spam
An unprotected computer is like an open door for malware. Firewalls monitor Internet traffic in and out of your computer and hide your PC from online scammers looking for easy targets. Products like Webroot SecureAnywhere Complete provide total protection from the most dangerous threats out there, thwarting them before they can enter your PC, and standing guard at every possible entrance of your computer to fend off any malware that tries to enter, even the most damaging and devious strains.
While free anti-virus software is available, it simply can’t offer the consistent protection that you need to keep up with the continuous onslaught of new strains. Previously undetected forms of can often do the most damage, so it’s critical to have up-to-the-minute protection that won’t take a break to update and miss the oncoming threat.
What is Social Engineering?
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software which will give them access to said passwords and bank information as well as giving them control over your computer.
Cybercriminals use social engineering tactics because it is often easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving away their password than it is to hack their password (unless the password is really weak).
Security is all about knowing who and what to trust – Knowing when and when not to take a person at their word, when to trust that the person you are communicating with is indeed the person you think you are communicating with, when to trust that a website is or isn’t legitimate or when to trust that the person on the phone is or isn’t legitimate, and knowing when providing your information is or isn’t a good idea.
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. Hypothetically speaking, it doesn’t matter how many locks and deadbolts are on your doors and windows, or how many alarm systems, floodlights, fences with barbed wire, and armed security personnel you have; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate, you are completely exposed to whatever risk he represents.
Common social engineering attacks
Email from a ‘friend’ – If a cybercriminal manages to hack or socially engineer a person’s email password, they have access to that person’s contact list, too. And because many people use one password everywhere, they probably have access to that person’s social networks, banking accounts, and other personal accounts.
Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave messages on all their friend’s social pages, and possibly on the pages of the person’s friend’s friends as well.
These messages may use your trust and curiosity. For example, they may:
- Contain a link that you just have to check out–and because the link comes from a friend and you’re curious, you’ll trust the link and click–and as a result, be infected with malware so the criminal can take over your machine and collect your contacts’ info and deceive them like they just deceived you.
- Contain a download such as pictures, music, movies, documents, etc., that has malicious software embedded. If you download–which you are likely to do since you think it is from your friend–you become infected. Now, the criminal may have access to your machine, email account, social networks and contacts, and the attack spreads to everyone you know. And on, and on.
These messages may create a compelling story or pretext:
- Urgently ask for your help–your ‘friend’ is stuck in country X, has been robbed, beaten, and is in the hospital. They need you to send money so they can get home, but in reality, they give you instructions on how to send the money to the cybercriminal.
- Ask you to donate to their charitable fundraiser, or some other cause, which is of course a front. Really, they’re again providing you with instructions on how to send the money to the cybercriminal.
Phishing attempts. Typically, a phisher sends an e-mail, instant message, comment, or text message that appears to come from a legitimate (and typically popular) company, bank, school, or institution.
These messages usually have a scenario or tell a story:
- The message may explain there is a problem that requires you to “verify” your information by clicking on the displayed link and provide information in their form. The link location may look very legitimate with all the right logos and content (in fact, the criminals may have copied the exact format and content of the legitimate site). Because everything looks legitimate, you trust the email and the phony site and provide whatever information the crook is asking for. These types of phishing scams often include a warning of what will happen if you fail to act soon, because criminals know that if they can get you to act before you think, you’re more likely to fall for their phishing attempt.
- The message may notify you that you’re a ‘winner’. Perhaps the email claims to be from a lottery, or a dead relative, or a site claiming that you’re the millionth person to click, etc. In order to claim your ‘winnings’, you have to provide information, such as your bank routing number, so they know how to send it to you, or give your address and phone number so they can send the prize, and you may also be asked to prove who you are often being asked to provide your Social Security Number. These are the ‘greed phishes’ where even if the story pretext is thin, people want what is offered and fall for it by giving away their information, then having their bank account emptied and identity stolen.
- The message may ask for help. Preying on kindness and generosity, these phishing attacks ask for aid or support for whatever disaster, political campaign, or charity is trending at the moment.
Baiting scenarios. These socially engineering schemes know that if you dangle something people want, many people will take the bait. These schemes are often found on Peer-to-Peer sites offering a download of something like a hot new movie or music album. But these schemes can also be found on social networking sites, malicious websites you find through search results, and so on.
Alternatively, the scheme may show up as an amazingly great deal on classified sites, auction sites, etc.. To allay your suspicion, you can see the seller has a good rating (all planned and crafted ahead of time).
People who take the bait may be infected with malicious software that can generate any number of new exploits against them and their contacts, may lose their money without receiving their purchased item, and, if they were foolish enough to pay with a check, may find their bank account empty.
Response to a question you never had. Criminals may pretend to be responding to your ‘request for help’ from a company while also offering additional help. They pick companies that millions of people use like a large software company or bank. If you don’t use the product or service, you will ignore the email, phone call, or message, but if you do happen to use the service, there is a good chance you will respond because you may actually need help with a problem.
For example, even though you know you didn’t originally ask a question, you may have a problem with your computer’s operating system (such as slow-downs) and you seize on this opportunity to get it fixed, for ‘free’ no less. The moment you respond, however, you have bought the crook’s story, given them your trust and opened yourself up for exploitation.
The representative, who is actually a cybercriminal, will need to ‘authenticate you’, have you log into ‘their system’ or, have you log into your computer and either give them remote access to your computer so they can ‘fix’ it for you, or tell you the commands so you can ‘fix’ it yourself with their ‘help’. In actuality, some of the commands they tell you to enter will open a way for the criminal to get back into your computer later.
Creating distrust. Some social engineering is all about creating distrust, or starting conflicts; these are often carried out by people you know and who are angry with you, but it is also done by nasty people just trying to wreak havoc, people who want to first create distrust in your mind about others so they can then step in as a ‘hero’ and gain your trust, or by extortionists who want to manipulate information and then threaten you with disclosure.
This form of social engineering often begins by gaining access to an email account or other communication account on an IM client, social network, chat, forum, etc. They accomplish this either by hacking, social engineering, or simply guessing really weak passwords.
- The malicious person may then alter sensitive or private communications (including images and audio) by using basic editing techniques and forward these to other people to create drama, distrust, embarrassment, etc. They may make it look like it was accidentally sent, or appear like they are letting you know what is ‘really’ going on.
- Alternatively, they may use the altered material to extort money either from the person they hacked, or from the supposed recipient.
There are literally thousands of variations to social engineering attacks. The only limit to the number of ways a cybercriminal can socially engineer users through this kind of exploit is the their imagination. And you may experience multiple forms of exploits in a single attack. Afterwards, the criminal is likely to sell your information to others so they too can run their exploits against you, your friends, your friends’ friends, and so on, as cybercrooks like to leverage people’s misplaced trust.
Don’t become a victim
- Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics, be skeptical and never let their urgency influence your careful review.
- Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site. You can also find their real support phone number listed on the site.
- Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
- Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. Furthermore, if you did not specifically request assistance from the sender, consider any offer to ‘help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
- Don’t let an email link control dictate where you land. Stay in control by finding the website yourself by using a search engine to be sure you land where you intended to. Hovering over links in an email will show the actual URL at the bottom, but a good fake can still steer you wrong.
Curiosity leads to careless clicking–if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email as it is easy for a scammer to pretend you’re talking to a bank teller, a support agent, etc.
- Secure your computing devices. Install an effective anti-virus solution that can keep up with ever-evolving threats. Make sure to keep your OS and browsers updated, and if your smartphone doesn’t automatically update, make sure to manually update it whenever you receive a notice to do so.
- Email hijacking is rampant. Hackers, spammers, and social engineers gaining access to people’s emails (and other personal accounts) has become commonplace. Once they control someone’s email account, they prey on the trust of all that person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment, be sure to check with your friend before opening links or downloading. Even then, the legitimacy of the links isn’t guaranteed, which is why it’s critical to be using anti-virus software.
- Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
- Foreign offers are fake. If you receive email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money, it is guaranteed to be a scam.
- Set your spam filters to high. Every email program has spam filters. To find yours, look under your settings options, and set these to the highest setting; just remember to check your spam folder periodically to see if legitimate email has been accidentally trapped there. You can also search for a step-by-step guide to setting your spam filters by searching on the name of your email provider plus the phrase ‘spam filters’.
Threat Recap: Week of June 27th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Hard Rock Las Vegas Confirms Credit Card Breach
Recently, the Hard Rock Cafe in Las Vegas issued a statement regarding the unauthorized access to its card processing systems, confirming that a breach had occurred and that affected customers from the last 9 months. The resort has since been in contact with customers that may have been affected by any fraudulent activity and are working to determine how the breach was carried out.
https://threatpost.com/hard-rock-las-vegas-noodle-and-co-confirm-hacks/118966/
Auto-rooting Malware? There’s An App For That!
In the past week, researchers have identified a new app on the Google Play marketplace that, once installed, will give itself root access to the device and begin installing new apps without any user interaction. The app, called ‘LevelDropper’, appears to be a simple horizontal leveling app, but once it’s active on the device with elevated permissions, it allows for attackers to install numerous other apps in order to increase ad revenue per installation.
https://threatpost.com/google-play-hit-with-rash-of-auto-rooting-malware/118938/
CCTV Botnet Used to DDoS Jewerly Shop
While stories of DDoS attacks targeting banks and other financial institutions are quite common these day, using a botnet comprised solely of hacked CCTV security cameras to attack a jewelry store website seems a bit out of place. The botnet in question is currently in control of over 25,000 cameras across at least 100 different countries. At this strength, it was capable of sending over 50,000 requests per second, rendering the jewelry site completely inaccessible.
Microsoft Loses Lawsuit Over Windows 10
With the deadline for the free Windows 10 upgrade only a few weeks away, some users who have been automatically updated to the latest Microsoft OS are less-than-pleased with it. One such case is a travel agent in California who went to court seeking restitution for her lost revenue and the cost of a new computer after the automatic Windows 10 upgrade failed and caused her computer to become unusable. Microsoft declined to appeal the case and the resulting judgement cost them $10,000.
NASCAR Team Hit With Ransomware Prior to Race
In a time where ransomware is running rampant, it comes as no surprise that one of the highest grossing entertainment events in the world would enter the crosshairs of cybercriminals. Shortly before the race at Texas Motor Speedway in April, the Circle-Sport Leavine Family Racing team was hit with the TeslaCrypt ransomware variant that effectively shut down their 3-computer system, and almost cost them years of time and money spent on racing technology. The team paid the $500 ransom in bitcoins and was able to successfully decrypt their computers in time for race start.
https://www.helpnetsecurity.com/2016/06/27/nascar-team-victim-ransomware/
How to Block Pornography on Internet-Connected Devices
With the sheer amount of available pornographic images of child abuse – often called child porn – available online, it may seem that there is little you can do to protect your children, or yourself, from this type of content. This isn’t true.
Here are eight key tools and tactics to eliminate – or significantly reduce – the risks of you or your child coming across pornographic material.
Eight tools to help block internet pornography
- Set your search engine to “safe search” mode: Google users can visit the ‘Google Safety Center‘ to adjust the settings, while Bing users can change preferences in the Bing Account Settings. If you use another search engine, it’s usually straight-forward to access the equivalent settings for that specific search engine. Also, if you child uses YouTube, be sure you have set the “safe” mode on that platform as well.
- Use the family safety tools provided by your computer’s/other device’s operating system: Windows and Mac operating systems provide family safety settings. Many mobile device manufacturers also provide a wide variety of safety settings within their mobile devices.
- Use family safety tool services: Sometimes called parental controls, these tools allow you to set specific filters to block types of content you find inappropriate. This isn’t just something to apply to youth; plenty of adults prefer to filter out pornographic and other types of content like ‘hate’ and ‘violence’. The appropriateness of some types of content will change as children mature; other types of content may always be unacceptable. To find the tools that best fit your family’s needs, search for parental-control or family-safety-tool reviews. Keep in mind that these tools need to be installed on every device your child uses to go online: game consoles, smartphones, tablets, personal laptops and computers. Some services have coverage for all types of devices, others are limited to just computers or phones. You may find that using a single solution on all devices makes your monitoring much easier.
- Periodically look at your children’s browser history. There are a number of phrases youth use to get around pornography filters – like “breast feeding” and “childbirth” – and some fast-changing slang terms that filters may not have caught up with like “walking the dog,” which is a slang term for sex. If you see odd search terms, give the sites a quick look.
- Have your children restrict access to their social networking sites to only known friends, and keep their sites private. A great deal of pornography is shared among private albums on social networking sites.
- Scan the photos on your child’s smartphone/mobile device time-to-time. While the youngest kids aren’t ‘sexting’, by the time they’ve hit their ‘tweens’, there’s a chance that they have begun participating in this type of behavior. Let your children know that you plan to sit down with them and go through the pictures they have stored on their phone.
- Review the applications your child has downloaded to their phone or tablet. Mobile content filters may not catch all the potentially inappropriate apps.
- You are your strongest tool. No technical blocking solution alone is enough to protect a determined child or teen from finding pornography online. Have the “talk” on an ongoing basis with your children about the content your family finds appropriate and inappropriate; this exchange should never be a one-time conversation.
Teens in particular may balk at the conversations, but they do listen far more than you might imagine. To learn more about your influence on your teens’ lives, see Psst! Parents! If you talk to your teen, they will listen to you, as well as this article about how to talk to teens.
How to Prevent Phone Hacking and Sleep Like a Baby Again
It was only a matter of time before phone hacking rose to the top of the media-driven hysteria list
Thanks to the rapid growth of mobile device adoption and the subsequent rapid growth in mobile threats, phone hacking prevention is a hot topic. A headache reserved for celebrities in the past, smartphone-infiltration concerns have crossed the VIP vs. everyone else blood-brain barrier and now potentially impacts anyone who owns a smartphone.
But is this really a serious problem for us regular folks? Are our voicemail messages so interesting that someone would invade our privacy to listen in? Before we go barking up the narcissism tree, it’s best to examine what phone hacking is and whether you really need to worry about it.
With everything I’ve got going on, do I need to worry about my phone’s security?
This security threat can be broken down into two types: hacking into a live conversation or into someone’s voicemail, and hacking into data stored on one’s smartphone. Just as the majority of abductions are carried out by a member of the abductee’s family—unless you go by code name POTUS or are Hugh Grant—the person most likely to hack into your live conversation or voicemail will be someone that you know who has an ax to grind.
And in today’s mobile world, mobile security is a growing issue. As people increasingly store sensitive data on their mobile devices, the opportunity to exploit privacy weaknesses becomes more tempting to unscrupulous ‘frenemies’, exes or the occasional stranger.
It doesn’t help that there is a cottage industry of software ostensibly developed for legal uses but is easily abused (password crackers aptly named ‘John the Ripper’ and ‘Cain and Abel’ are two examples). Opportunistic hackers can wreak havoc with data deletion or install malicious software that gathers bank account logins and confidential business emails.
So what’s a smartphone owner to do?
If you want to be proactive, there are several measures you can take to protect yourself against this threat, most of which involve common sense. For example:
- Don’t leave your phone unattended in a public place.
- Be sure to change the default password that comes with a new phone to something more complex (resist the usual “1234,” “0000” and 2580)
- Avoid using unprotected Bluetooth networks and turn off your Bluetooth when you aren’t using it.
- Use a protected app to store pin numbers and credit cards, or better yet, don’t store them on the phone at all.
Throwing the baby out with the bathwater
If you’re still worried about your smartphone’s security, there are further steps you can take to protect yourself. However, taking things too far will defeat the purpose of having a smartphone at all.
- Avoid accessing important locations such as bank accounts via public Wi-Fi that may not be secure.
- Turn off your auto complete feature so critical personal data isn’t stored on the phone and must be re-entered every time you need it.
- Regularly delete your browsing history, cookies and cache so your virtual footprint is not available for prying eyes.
- If you have an iPhone, you can enable ‘Find My iPhone’ in your settings, and it will locate your phone if you misplace it before the hackers can lay their hands on it.
- Use a security app that increases protection. For Android owners, Webroot offers the all-in-one SecureAnywhere Mobile app that provides antivirus protection and allows you to remotely locate, lock and wipe your phone in the event you lose track of it.
Remember—if the thought of your smartphone getting breached has you tossing and turning at night, you can just turn the phone off, remove the battery and hide it under your pillow for some sweet lithium-ion induced dreams.
Threat Recap: Week of June 20th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
First ‘Hack the Pentagon’ Event a Major Success
Several months ago, the Department of Defense launched a program designed to bring in registered hackers and have them attempt to breach several public-facing websites, for cash prizes. With over 1,400 hackers participating, the DoD was able to confirm 138 discovered vulnerabilities and paid out amounts up to $15,000. Furthermore, in the 3-week period, not a single malicious attack was attempted on DoD sites.
Apple Customers Targeted With Phishing Campaign
In the last week, many Apple users had received an email warning them of a virus in the iTunes Database that required all users to re-validate all of their user information, and threatened to delete accounts if the user delayed inputting the information. However, with a redirected splash page riddled with misspelling, this phishing attempt was quickly thwarted and the associated pages were taken down, though Apple still warns users to be vigilant for similar emails in the future.
https://www.helpnetsecurity.com/2016/06/21/itunes-database-phish/
Ded Cryptor, Latest Bilingual Ransomware Variant
Researchers have uncovered another ransomware variant, this time with a less-than-jolly Santa figure appearing alongside the ransom instructions, written in both English and Russian. The so-called Ded Cryptor replaces the user’s wallpaper with the ransom note and gives an email address to contact for further steps towards payment and decryption of their files, which are appended with a .ded extension upon encryption.
Court Rules FBI No Longer Needs Warrant to Hack Computers
In a recent court ruling surrounding a child pornography case, the FBI had granted a warrant to hack into certain computers and retrieve information that lead to multiple offenders being arrested. The presiding judge had determined that while the offenders had used Tor to anonymize their browsing, having a publicly accessible IP address removed the need for law enforcement to obtain a warrant when gaining unauthorized access to any computer, regardless of probable cause or any real suspicion.
Acer Security Breach
Recently, Acer has come forward and admitted to a breach in their systems that allowed hackers to access the sensitive information of over 34,000 customers, which ranges over a course of a year and contains a full year’s worth of transactions. This information includes names, addresses, and credit card information (that may or may not have been encrypted prior to the breach), and other private information that criminals could use to commit fraud.
Threat Recap: Week of June 13th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Compromised RDP Servers Offer Cheap Attack Platform
Recently, researchers discovered an online marketplace that allowed for the purchase of hacked remote desktop servers for a minimal fee. The Russian-based site, known as the xDedic Marketplace, has listings for over 70,000 servers located in 173 different countries, which range from government institutions to universities.
http://www.theregister.co.uk/2016/06/15/hacked_server_market/
Chat Support: The Latest Ransomware Feature
Ransomware has become an all-too-common occurrence in the cyber world, and a new variant named ‘Jigsaw’ has a curious surprise for its victims: live phone support. An option on the lock screen offers the victim a chance to speak with someone about paying the ransom by using ‘onWebChat’, a free-to-use chat program. This feature is just another step towards professionalizing the ransomware industry and instilling trust in their worldwide “customer” base that they will decrypt the user’s files once a payment has been made.
Lone Hacker Claims Responsibility for DNC Breach
Earlier this week, it was reported that the DNC’s (Democratic National Committee’s) official servers had been compromised and sensitive information regarding opponent Donald Trump had been stolen by the Russian Government. Shortly after Kremlin officials stated their innocence in the matter, a hacker going by Guccifer 2.0 posted a blog on WordPress where he took full credit for the hack and included several (supposedly) related documents. Security officials are working to determine the authenticity of the documents, while further research has turned up additional information about other intrusions into the DNC network.
http://www.reuters.com/article/us-usa-election-hack-idUSKCN0Z209Q
Japanese Travel Agency Hacked
In the past week, the Japanese travel agency JTB announced a data breach encompassing nearly 8 million customers. The leak is said to contain not only the names and addresses of users, but passport information as well. It is believed that the attack stemmed from a phishing email attachment, which was downloaded by an unsuspecting employee. Fortunately, after further investigation, it seems only 4,300 of the passport numbers are actually valid.
http://www.zdnet.com/article/japans-largest-travel-agency-fears-data-leak-impacting-8-million-users/
Android TV Ransomware Spotted
A variant of ransomware that’s been around since 2015, known as ‘Frantic Locker’, has started to appear on Android Smart TVs with a demand for ransom in the form of iTunes gift cards. The infection initiates via a downloaded file from an infected site, then determines its geolocation and, based on its region, either launches a lock screen or shuts down. While users in Eastern Europe seem unaffected by the infection, victims in other regions are already discovering various methods to simply remove the infection, rather than paying the ransom.
http://www.theregister.co.uk/2016/06/13/android_ransomware_infects_tvs/
Threat Recap: Week of June 6th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Human Error Remains Top Security Threat
In a study conducted over the course of 3 years by the Information Commissioner’s Office, it was found that security breaches due to human error were the number one issue, with the number of reported issues growing steadily year-over-year. While many companies have been increasing the amount of security precautions in regards to cyber attacks, most of them do not see human error as the real problem and thus provide no additional cybersecurity training for their employees.
University of Calgary Pays High-Dollar Ransom
In the past week, the University of Calgary was hit with a ransomware attack that left them with few options. In the end, they ended up paying the nearly $20,000 ransom in hopes of regaining their important files and keeping their systems functional. Fortunately for students and faculty, the decryption keys have been successful, but there still remains much left to do to protect against future attacks.
Social Media Hacks On The Rise
Recently, many high-profile Twitter and other social media accounts have been hacked, including the official NFL Twitter account and Mark Zuckerberg’s seemingly unused account. The hacker behind the NFL breach claims to have had access to an NFL Social Media Staffer’s email that contained the login information for the @NFL account, although it’s unclear exactly how that access was gained.
Game Torrents Redirecting to PUA Downloads
Many people who download pirated copies of games are aware of the risks involved, as some of these downloads have the possibility to contain malicious software. However, a current trend across torrent sites is instead to bundle potential unwanted applications (PUAs) with legitimate game titles and have the file launch an executable rather than the zipped game files. Once the user allows the download, some variants are capable of silently downloading additional PUAs onto the machine without further notifications to the user.
Microsoft’s Anti-Macro Efforts Missing Target
With macro-based infections continuously on the rise, Microsoft has made an attempt to secure its users through the use of more messaging, which warns of macros launching out of Word or Excel documents. Unfortunately, the wording of these warnings has changed for the worse since early iterations of the Office Suite. Where once the messages warned users of possible malicious content and aimed them away from enabling the macro, they now show an almost cheerful dialog box with options only to enable the macro or ignore the bright yellow bar atop the screen.
Threat Recap: Week of May 30th
There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
MySpace Hack Could Be Largest in Recent History
Recently, LeakedSource announced that they had obtained the login credentials for over 300 million MySpace users. While the leaked database doesn’t show the full credentials for every user (as some usernames/passwords were missing), over 100 million of the passwords had a username attached. Along with posting the entire dataset, LeakedSource also posted the top 50 passwords being used and their frequency of use.
http://www.itnews.com.au/news/myspace-breach-potentially-the-largest-ever-420184#ixzz4A9aotQr4
Majority of Phishing Emails Contain Ransomware
This week, PhishMe published a report showing that a staggering 93% of all phishing emails contained a dropper for some version of ransomware. This number, which contributes to the overall steady increase in phishing attempts (which have risen nearly 800% since the end of 2015), is likely as high as it is thanks to ransomware becoming increasingly easy to deploy and having a high success rate for extortion. With these numbers always on the rise, it’s important to remain vigilant for any suspicious emails containing attachments, especially ones asking for sensitive information.
http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html
TeamViewer Possibly Hacked, Main Site Goes Offline
In news that has spread quickly over the past week or so, many users have claimed to have been hacked via TeamViewer, which has led to thousands of dollars of fraudulent charges being attained in only a few hours. According to many of the victims, the attacks took place in the early morning hours, with PayPal transfers to offshore accounts ranging from several hundred to several thousands of dollars. TeamViewer’s response to these claims has been the denial of any security issue. Rather, they’re stating that a DNS issue was at fault for their site and services being offline.
New Ransomware Variant Acts Like Virus
In the past week, a new form of ransomware, which behaves like a traditional computer virus by copying itself to new drive or network locations to continue propagating itself, was discovered. The variant, ZCrypt, comes through like typical ransomware via an email attachment from a seemingly harmless sender. It then requests downloading a zip file, which launches an executable of the same name (usually an Invoice or Order form), and displays the ransom splash screen.
https://nakedsecurity.sophos.com/2016/06/01/zcrypt-the-ransomware-thats-also-a-computer-virus/
Lenovo Warns of Security Flaw in Pre-Installed Software
This week, Lenovo has strongly recommended that all users should remove the pre-installed Accelerator Application from their computers, as the software makes no security checks when searching for and downloading updates. Amongst the flaws, the application doesn’t use encryption when making outside connections to download updates, nor does it check the validity of digital signatures for said updates, leaving users open for man-in-the-middle attacks during the time the system makes these update checks.
Threat Recap: Week of May 23rd
Government IT Systems Long Outdated
In a recent study done by the Government Accountability Office, a large portion of the US government’s critical business systems have been found to be requiring an increasing amount for maintaining their basic operation, but also they are a major security risk. From defense systems to scientific research systems, these agencies are constantly working to maintain the aging infrastructure with little to no plans for replacement or any significant overhauls.
Microsoft Steps In To Increase Business Security
With the recent news of LinkedIn’s security breach, Microsoft has announced that users of Azure Active Directory will no longer be allowed to use passwords that were found in the LinkedIn breach to be the most common, and therefore vulnerable. By stopping these weak passwords from being used, Microsoft hopes to stop the bad habits that form around password creation, and keep more businesses secure.
http://www.theregister.co.uk/2016/05/25/microsoft_password_policy/
Kansas Hospital Pays Ransomware, Remains Encrypted
In the past week, another hospital was the focus of a ransomware attack that was fortunately mitigated enough to allow continuing operations and maintaining patient data. Although the hospital did pay the ransom initially, not all of their data was restored and a second demand for additional payment was issued. The hospital refused the demand and was able to resume operations quickly as they had a plan in place for a possible cyber attack.
http://www.techspot.com/news/64954-hackers-demand-ransom-payment-kansas-heart-hospital-files.html
Employees Still Number One Security Risk
It comes as no surprise that the majority of security breaches are caused by employee negligence and lack of knowledge on potential security hazards. A study released in the last week shows that half of the nearly 600 companies had experienced some for of security issue due to employee negligence, and of those companies, 60% felt it unnecessary to require additional security training. The study also revealed that most companies provide neither incentive for following correct security procedures nor consequences for the employee found to be at fault for the breach.
https://www.experianplc.com/media/news/2016/dbr-ponemon-institute-managing-insider-risk/
Hong Kong Bitcoin Exchange Hacked
Recently, the Hong Kong firm, Gatecoin was hacked and the attackers made off with nearly $2 million worth of cryptocurrencies. The company is still unsure of how the breach occurred, though Gatecoin has already begun work on improving it’s cyber security to prevent or deter these types of attacks in the future. In addition, the company has also offered a bounty for the return of any bitcoins that were taken.
Threat Recap: Week of May 16th
A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
TeslaCrypt Closing It’s Doors
Here’s a bit of good ransomware news, for once. This week, it was brought to the attention of the security world that TeslaCrypt, one of the largest ransomware creators/distributors, was shutting down their operation for good. Researchers from ESET contacted TeslaCrypt via their support chat function and requested the master decryption key, which was provided freely, along with an instruction guide on how to use it.
https://www.helpnetsecurity.com/2016/05/19/end-of-teslacrypt/
New World Hackers Group Continues With University Hack
The New World Hackers (NWH), a hacktivist group participating in the OpAfrica Anonymous campaign, have targeted Limpopo University in South Africa in response to the ongoing human rights violations that are occurring in the country. Along with replacing the university’s main webpage, the group was able to gain access to both alumni and faculty personal information, which was then released publicly online.
http://news.softpedia.com/news/anonymous-leaks-data-from-south-african-university-504081.shtml
LinkedIn User Data On Sale
Recently, it was reported that the user account information of nearly 167 million LinkedIn users was available on the dark web 5 bitcoins, a small price. The leaked data likely comes from the 2012 hack of LinkedIn, in which over 6 million user accounts were made available, and resulting in hackers working to successfully crack a majority of the hashed passwords. While this breach doesn’t affect all of LinkedIn’s customers, it is advisable that all users change their passwords to avoid any potential future attacks on personal accounts.
Apple Pushes Out High Volume of Security Updates
This week, Apple started sending out security updates for all platform versions of its operating systems, with iOS alone receiving 39 different patches. These updates come just months after Apple participated in Pwn2Own, a hacking event focused on finding security vulnerabilities in the products of several industry leaders. Many of the patches are around the ways Apple product users view web content, with the goal being to keep them safe from any malicious attachments or redirects that may be lurking around.
http://www.eweek.com/security/apple-makes-security-improvements-to-ios-and-os-x.html
Germany Blames Russia for Cyber Attacks
German intelligence officials are pointing their fingers at Russia in regards to attacks dating back to 2015 on the German parliament, as well as the the more recent attacks on Chancellor Angela Merkel. In the past year, attacks originating in Russia have become increasingly common and have a wide spread of targets, including Ukraine’s power grid, TV stations in France, and computer system in the Netherlands. While it’s impossible to know for sure, many of the victims believe it to be the work of the Russian government rather than individual hackers.
http://www.securityweek.com/evidence-russia-behind-cyber-attacks-germany-secret-service?
Hacker Selling Pornhub Shell Access was a False Claim
In the past week, a hacker claimed to be selling shell access to Pornhub’s site, though this information later proved to be false. When contacted by Pornhub in regards to the vulnerability, the hacker was unable to provide any evidence of his capability to gain access or execute any injected code on the site. Pornhub has an ongoing bug bounty program, which will pay out up to $25,000 USD for the discovery of vulnerabilities on their sites.
Threat Recap: Week of May 9th
A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Microsoft and Adobe Vulnerabilities Revealed
In the past week, Microsoft announced a vulnerability in Windows, which would allow attackers to target users visiting a specific site and execute malicious code automatically. In the same statement, Adobe also issued a warning for Flash users, as an exploit was discovered that could allow remote access to unsuspecting computers. Patches for both issues are in the works, and users are strongly encouraged to run these updates promptly.
Google Breach Attributed to Third-Party Vendor
Recently, Google sent out an email to its employees, notifying them of a data breach that occurred with their benefits management partner. Fortunately for Google employees, the recipient of the unauthorized data contacted the company and deleted the information that was sent. As a result of the incident, Google is providing its employees with credit monitoring to safeguard against any fraud that may occur.
British Retailer Hacked for Customer Information
Kiddicare, a British children’s retailer, was recently targeted by attackers who gained access to the personal information of nearly 800,000 customers. The issue stems from a test website that Kiddicare created in late 2015, which contained a large quantity of real customer information, and was never secured or disposed of properly after testing was complete. It is still unclear why the test site was publicly accessible, but some customers have claimed to have received multiple phishing messages via text and email.
School District Hit With Ransomware Attack
In the steadily-rising trend of infrastructure cyber attacks, a Texas school district is seeing the impacts firsthand. Multiple district websites were taken down when the Education Services Center’s servers were struck with ransomware. The district refused to pay the ransom and has been reasonably successful at restoring their systems from secure backups. Fortunately, no data was compromised and the sites have been mostly restored to their previous states.
GPS Security Still Major Concern
GPS is used around the globe by nearly 4 billion individuals on a daily basis, and while it has become a necessity for many, it’s susceptible to be jammed, which makes it a potential security issue. GPS jamming can range from a localized area to a much larger region, with the user having no knowledge that the jam is occurring, and can cause a large disruption in functionality. Currently, the U.S. Air Force is working on a better version of GPS, which uses a stronger signal that has less chance of being broadcast over by a signal jammer.
http://www.csmonitor.com/World/Passcode/2016/0510/Why-GPS-is-more-vulnerable-than-ever