December 30th, 2013
The malware being used by hackers and their tactics are changing all the time. Throughout 2013, we’ve seen new threats emerge. Robert Lemos of Dark Reading lists some of the advanced attacks we saw in 2013 and how businesses should be changing their security infrastructure to protect against similar attacks in the future.
This form of ransomware began infecting users over the summer. Since then, it claimed an estimated 200-thousand victims in its first 100 days in the wild. Cryptolocker encrypts files stored on a user’s computer and demands a ransom before giving the key to decrypt. For businesses, educating users on how to avoid malware is imperative. Unlike some other forms of ransomware, Cryptolocker is not a bluff and will encrypt and destroy files if no payment is given. The best way to prevent that damage is to avoid malicious files from ever reaching your network.
This year, we saw more instances of attacks filtering through service and technology providers in order to reach their intended targets. This was demonstrated by the Syrian Electronic Army’s headline making attacks against the New York Times and other media outlets. In the New York Times attack, hackers tricked the domain registrar to transfer ownership of ‘nytimes.com’ to them. For businesses, this underscores the importance of selecting the right suppliers. Not only do you need to be wary of who you are working with, but you also need to be able to monitor them in real-time to stay ahead of any emerging threats.
Distributed Denial of Service attacks have been around for years, but 2013 saw them grow in size and scope and also become harder to recognize. Hackers use these attacks to flood websites and applications with requests, which either cause them to shut-down, or at least cause them to slow down and make it difficult to respond to legitimate requests. To increase the capabilities of DDoS attacks, hackers have begun to use reflection attacks, where mis-configured servers amplify the size of an attack. This is a threat that not only isn’t going away, but it’s increasing in frequency. Being aware of the capabilities of DDoS attacks and having a plan in place in case your organization is targeted is important.
These are threats that all businesses need to be prepared for and plan for. There are a number of ways to secure your organization, and each threat demands a different action.
For help with your company’s security, contact Geek Rescue at 918-369-4335.
December 24th, 2013
The amount of malware for smartphones grew exponentially throughout 2013. Because of its open source environment and number of users, Android phones were targeted most. Now, it seems some of the same tactics used for years by cyber criminals on PCs are transitioning to Android smartphones. Satnam Narang reports for Symantec that scareware has been observed attempting to trick users into downloading malware to their devices.
Scareware is a common practice used by hackers. By using social engineering, a criminal convinces a user that they’re facing an impending threat and need to buy or download a product to protect themselves. Usually, the scareware scam involves telling users that there is a virus or malware on their device and offering to remove it.
The latest scam observed targeting Android users involves mobile ads. They claim the user’s device has been infected by a trojan called MobileOS/Tapsnake. Tapsnake is a legitimate threat to Android users that’s been around since 2010, but it’s used here only to make the scam seem more credible. The ads include a button that claims to install a security app on your phone or scan and remove this threat. In actuality, you’re downloading malware.
Avoiding this type of scam should be simple. First, no online ad will scan your device and alert you of any malware it discovers. But, some unsuspecting users fall for it because they’re extremely worried about threats to their smartphone. This particular scareware displays on any smartphone, however. So, even iPhone users will be alerted that their Android device is at risk.
If you encounter on of these ads and are concerned about your phone, run your existing security app or download a trusted one from the Play store. To avoid accidentally downloading a malicious app, never download directly from a website.
If your smartphone has actually been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.
December 23rd, 2013
Microsoft Security Essentials, which goes by the name Windows Defender for Windows 8 users, is built into the Windows operating system. It’s designed to give users protection from malware and other security threats, just as any antivirus or anti-malware application would. As Barry Collins reports for PC Pro, however, Security Essentials doesn’t provide adequate protection when compared to other antivirus options.
Security company Dennis Technology Labs tested nine security programs meant for use on personal computers on a machine running Windows 7. Eight of those tested detected and protected against at least 87-percent the malware samples used. Five security programs detected 98 to 99 percent of malware. Security Essentials protected against only 61-percent of malware threats.
These tests tell users that the free, built in option of Security Essentials can’t be relied on to keep your system safe from threats. According to Microsoft, it was never meant to be used as the sole security in place. Instead, it is meant to act in conjunction with other tools. With only 61-percent of malware detected, however, it seems unlikely that Security Essentials would be much help at all in assisting a more robust antivirus program.
Microsoft’s reasoning for not making Security Essentials a better security tool is sound. If every Windows user were able to use a free antivirus program that comes with their operating system, then all of them would likely use it and nothing else. That would eliminate diversity in the market, which would make it much easier for hackers to develop malware to specifically infiltrate systems running Security Essentials. With Security Essentials being viewed as an inferior tool, or at best a good assistant, users must decide on their own what third part antivirus program to put in place. Each of these has its own strengths and weaknesses and makes it more difficult to create malware that is capable of staying undetected for all users.
Though the thinking may be sound, Microsoft needs to do a better job alerting users about the nature of Security Essentials. Too many computers are using it as their primary antivirus protection, which leaves them incredibly vulnerable to attack. If you have no other security tools in place on your PC, look into trusted names like Norton and Kaspersky immediately.
If your computer has been infected by malware, bring it to Geek Rescue or give us a call at 918-369-4335.
December 20th, 2013
Security researchers have reported previously that hackers and some forms of malware can claim control of your computer’s webcam. In some instances of ransomware, the webcam is used to capture an image of the user in an intimidation attempt. In other cases, the webcam can be used without the users knowledge to spy on unsuspecting victims. Lucian Constantin of Network World reports that users with older Macs are particularly susceptible to this form of cyber attack.
On iMac and MacBook computers manufactured before 2008, first generation iSight webcams were used. These webcams have their LED light, which indicates when the webcam is in use, linked directly to the image sensor. When the LED is on, it means the webcam is capturing images, but hackers have found a way to alter the webcam’s firmware so the light doesn’t come on while the camera is active.
Not only does this allow spying on users without their knowledge, but being able to modify the webcam’s firmware also allows for malware to infect a Mac from a virtual machine. To do so, hackers would need to reprogram the webcam to act as a keyboard.
To defend against this type of attack, an extension could be created that blocks certain USB device requests. With a defense such as this in place, a hacker would need root access to alter the webcam’s behavior.
The most impenetrable defense would need to come in the form of a hardware redesign of the camera itself, which would make it impossible to disable the LED indicator. Researchers have already sent suggestions to Apple, but have yet to hear back.
Users who have an older Mac computer can take one easy precaution to prevent spying. That’s put tape, or a bandage, over the webcam. This doesn’t prevent malware infections, however that type of attack is extremely rare, at least for the time being.
If your device has been attacked or you’d like to improve your security, call Geek Rescue at 918-369-4335.
December 19th, 2013
If you’re on the ball this holiday season, you’ve probably already completed your online holiday shopping. For those who like to wait until the last minute, there’s still time with expedited shipping to find the perfect gift online. When you do shop online, it’s important to know how to stay protected to avoid scams, malware and identity theft. A post on the 2-Spyware blog details some of the threats to your security and what you’ll need to avoid them when shopping online.
Before you start surfing the web, check to make sure your antivirus program is up to date. You need to update your antivirus often because new malware is introduced every day and updating helps your antivirus identify and protect you from those latest threats. When shopping online, you’re more likely to visit sites you are unfamiliar with while searching for a deal. That makes it more likely you’ll visit a malicious site that’s designed to infect your computer with malware. Ecommerce sites also naturally experience more traffic during the holiday shopping season, which makes them more attractive targets for hackers than other times. This means that even trusted sites may be compromised.
If you’re shopping at sites you haven’t used before, you’ll probably be asked to create an account. It’s important to use a strong password that is long and uses upper and lower case letters, numbers and symbols so it’s difficult to hack. It’s also important not to use the same password for each account you create. Some of these sites may have less security than others, which means if their passwords are stolen and you use identical passwords for multiple sites, a hacker could gain access to all of your accounts.
Where you do your holiday shopping is also important. If shopping from home, make sure your network is secured and you’re using a firewall. Shopping while out and about it tempting, but it isn’t recommended. Public WiFi doesn’t offer any type of security. So, anytime you enter your account log-in and credit card information, that data can be monitored and stolen by a third party.
There are major sites like Amazon that you can trust to keep your payment information secure, but holiday shopping can sometimes lead you to untrusted sites in search of a deal. Some of these sites are completely legitimate, but don’t do enough to keep your information from being stolen. Other sites are scams claiming to sell popular items, but in reality they’re designed to steal your credit card information or infect your computer with malware.
Online shopping is convenient and a great way to quickly finish buying gifts, but it can also lead to costly cyber attacks.
For help improving the security on your computer or network, call Geek Rescue at 918-369-4355.
December 18th, 2013
In humans, early detection is important for treating viruses and other infections. The same goes for computers. Malware, viruses and other threats that infiltrate your system become more damaging the longer it takes to discover them. A post at Rediff points to some signs all computer users should look for that suggest your computer has been infected.
Email addresses are often hacked, but the good news is that it’s usually easy to tell when something’s wrong. Make a habit to check your sent messages and make sure they’re all emails you sent personally. If you have sent messages you don’t recognize, it’s likely that someone else has access to your account. If you’ve received a message from a contact that looks like spam, be sure to tell them that their email may have been compromised.
Most hackers will try to hide their actions, but some malware will still alter the look of your computer’s desktop. If your wallpaper has changed, or there are new icons you don’t recognize, there’s probably malware hiding somewhere on your system.
Malware has the ability to change your passwords, prevent you from accessing Windows tools like Control Panel and Task Manager and lock you out of your computer completely. If you notice your system performing strangely, even if it’s just slower than usual, it’s important to act quickly. Otherwise, you may find that you’ve lost control of your machine completely.
Malware infects computers in a variety of ways. Most commonly, it’s downloaded when a user opens a bad email attachment, or clicks on a bad link. Visiting untrusted websites and downloading programs from untrusted sources are also ways that malware can infect you.
There are two steps to avoiding malware. First, secure your computer. Install an antivirus program and use a secured network with a firewall in place. Then, be careful when surfing the web. Avoid potentially dangerous situations that could lead to a malware infection.
If your computer is infected by malware, bring it to Geek Rescue or call us at 918-369-4335. We’ll remove any harmful files and help you protect against future attacks.
December 16th, 2013
Two malicious applications, Win32/Winwebsec and Win32/FakePav, have been in the wild for years, but are troubling security experts thanks to their recent development. Both are fake antivirus programs, which go by ever-changing more common names like ‘Antivirus Security Pro”. They were first discovered in 2009 and 2010 respectively, but as Jeremy Kirk of Network World reports, only recently they’ve been observed using stolen digital security certificates.
Digital certificates are granted by Certification Authorities, or CAs, so legitimate developers can sign their applications and users can cryptographically verify that the application comes from a trusted source. When criminals steal these certificates, it makes it more difficult to catch their malicious programs before they damage a user’s system.
This isn’t a new practice. These bogus antivirus applications only just started using it to slip past security, however. Even more troubling is the way certificates are being stolen. Samples of this malware have been found carrying certificates from a number of different CAs from all over the world. Some of the certificates being used were as little as three days old.
The age of certificates is interesting because it reveals evidence that hackers are regularly stealing new certificates. It’s an ongoing problem. Previously, it had been thought that since stealing certificates is so difficult, older certificates were being used from successful attempts from long ago. In reality, it appears hackers are more successful than originally thought.
CAs are able to revoke certificates once they’ve been discovered being used with malicious software, but malware like these fake antivirus programs replace certificates periodically to stay ahead.
This poses a problem for both users and developers. For developers, having certificates stolen damages their credibility and can be expensive to replace certificates. For users, it’s harder to tell if an application can be trusted or not, which can result in the loss of data or the infection of your device is you choose wrong.
If you’ve downloaded a malicious program and are suffering from a malware infection, call Geek Rescue at 918-369-4335. We’ll fix your machine and help you prevent future attacks.
December 12th, 2013
Adobe’s products are used across the internet, which is why it’s a serious problem when security exploits pop up for one of them. Lucian Constantin reports for Network World that critical vulnerabilities that existed in both the Flash and Shockwave players have been patched.
The vulnerability involved the players’ auto-play functions. Attacks were being designed to trick user into opening a Microsoft Word document containing malicious Flash elements that were automatically executed upon opening. By exploiting this vulnerability, hackers are able to take control of a user’s computer.
For users who updated Flash recently to version 11.6, a patch wasn’t needed. That version introduced a click to play feature for all Flash elements embedded in Microsoft Office documents. This patch was still needed not only for users with older versions of Flash and Shockwave, but also because it updated the players bundled with web browsers Google Chrome and Microsoft Internet Explorer 10 and 11.
With millions of users of both Flash and Shockwave, they’re valuable targets for attacks. Keeping them updated and patched is important to close security flaws and vulnerabilities.
Keeping applications like antivirus programs and web browsers and your operating system up to date is important for security reasons and to resolve bugs and performance issues. If your computer has been infected by a virus or malware due to a security vulnerability, or if you’d like to improve your system’s security, call Geek Rescue at 918-369-4335.
December 12th, 2013
There are a number of options for improving the security on any of your devices and there are articles across the internet trumpeting the effectiveness of each of them. With the evolution of cyber attacks, however, some security tools that once were trusted have lost effectiveness. Alan Kahn of Techopedia lists three of these that no longer provide proper protection from advanced threats.
- Next-Generation Firewalls
Compared to traditional firewalls, next-generation firewalls offer more detailed controls. They attempt to stop attacks through classifying network traffic, but their reactive approach to security renders them useless against today’s more advanced attacks. Recent advances to next-generation firewalls include hourly updates, cloud based binaries and DLL analysis, but even with these additions, they don’t offer enough protection.
This isn’t to say that having an antivirus program installed on your computer isn’t advisable. You’re certainly at a much greater risk of a malware infection without running a proper antivirus application. However, many users get into trouble because they trust their antivirus too much. It should be used as a complementary tool, not as a stand alone catch-all. Security experts have estimated that up to 90-percent of malware changes within an hour, which allows it to be undetected by antivirus programs. Zero-day exploits are also able to slip through vulnerabilities that an antivirus can’t prevent. So, using an antivirus alone leaves you incredibly vulnerable, but it’s still a needed precaution in conjunction with other tools.
Web gateways are able to keep users off of certain websites that are known to be potentially harmful. However, by using lists of known, “bad” URLs, web gateways are unable to keep up with the rapidly evolving threats faced today. Once again, this is a reactive approach that has little hope of stopping advanced malware delivery systems. Web gateways still have some uses but as a security measure they’re extremely limited.
These three tools aren’t necessarily completely obsolete, but can’t be trusted as the primary tool in your security infrastructure.
For help putting the right tools in place on your computer or your company’s business, call Geek Rescue at 918-369-4335.
December 11th, 2013
Ransomware has been a concern for internet users for some time now, but experts are predicting that the malware will affect more victims than ever before in 2014. As Warwick Ashford of Computer Weekly reports, hackers are producing malware kits that allow ransomware to be created more easily.
Ransomware is a type of trojan malware. It locks a computer or encrypts the data stored on it and demands a payment to unlock or decrypt it. The specific tactics taken are different from attack to attack, but usually victims find that their payment doesn’t restore their computer.
Researchers have discovered conversations on hacking websites about malware kits that make it easier to produce ransomware. These kits allow criminals without advanced knowledge of hacking to produce dangerous malware and even come with technical support. Kits can be used to produce all kinds of malware and the recent rapid rise of malware production is being attributed to their existence. Experts expect more ransomware to be produced with malware kits because it is an attack that directly leads to a payout, unlike other threats that require multiple steps to become profitable.
The best way to protect yourself from ransomware and other malware is to prevent it from infecting your computer in the first place. Be extremely cautious of untrusted email attachments and links in the body of emails. Try not to visit any untrusted websites and trust your browser when it warns you about potential dangers.
It’s also important to keep all applications, especially your antivirus program, updated. Backing up files is also helpful so that if some files are encrypted or damaged, you’ll be able to restore them.
If your computer is infected with malware, don’t pay a ransom. Bring your device to Geek Rescue, or call us at 918-369-4335.