Reader@mReotEch.com

Latest Tech Feeds to Keep You Updated…

Symantec Discovery Finds That Phishers Are Creating YouTube Channels to Document Their Attacks

Symantec recently discovered a phishing site for Amazon.com, which didn’t seem out of the norm, at first. However, when taking a closer look at the HTML source code, an interesting comment from the attacker was uncovered. The “brag tag,” found details that consisted of the name of the scam, “Scama Amazon 2016,” along with the attacker’s name, website, and even a YouTube channel.

Upon investigating Code nour, the phisher’s YouTube channel, it was found that it has only five subscribers, and most of the videos have fewer than 100 views at the time of writing. While not many people subscribe to the channel or watch the videos, the few that do are keen and enthusiastic. The videos on the channel show walkthroughs of the phisher’s convincing-looking phishing kits.

Code nour isn’t the only phisher with a YouTube presence. This kind of activity is normally expected to take place on secretive underground forums, so it’s surprising that phishers are so brazenly, and publicly publishing this material on YouTube.

This completely open trade in phishing knowledge and tools shows the scale of today’s phishing problem. With more and more aspects of our lives being managed online, we expect phishing to increase.

How Do I Know if it’s a Phishing Scam?

Phishers often masquerade as legitimate, well known companies in order to trick you into divulging sensitive information. These scams may use email as a platform to try to request personal information and direct users to malicious websites where malware can be hiding. These tricksters tend to use real company logos, and use what is called a spoofed email address, which is an email address that looks like it is coming from the legitimate company’s address. However, the address may be misspelled slightly or come from a spoofed domain.

These fraudulent emails come in many forms, which can look like a help desk support ticket, a message from your bank, or someone soliciting money via a 419 scam. In these emails, phishers tend to use some kind of urgent call to action. You may get a notice that an account is being shut down and you need to log in “immediately” in order to avoid that from happening. They may also request personal information in order to verify your identity. It is important to remember to NEVER click on the links in the suspicious emails, no matter how legitimate the link may appear. It is always best to visit the website in question by manually typing the address in your browser’s URL bar. For extra security, be sure to look for the verified HTTPS at the beginning of the URL in the task bar.

 

Stay Safe Against Phishing Attacks:

To protect against phishing attacks, we suggest the following best practices:

  • Use two-factor authentication (2FA) when possible. 2FA is a method of verifying your identity that adds a second factor of authentication in addition to your account password.
  • Do not click on links in messages from unknown senders. And be especially selective about what you download to your computer- if you’re not expecting the email, definitely do not download any attachments.
  • Keep software and security patches up to date. By regularly performing these updates, you are actually patching vulnerabilities, or “holes” that malware can sneak through.
  • Never give out any personal information via email, social media platforms, text messages or instant messages.
  • Use Norton Security to provide anti-spam protection and proactively protect from other security risks.

You can learn more about phishers and their tactics here.

First Mac Ransomware Targets Apple Users

Between March 4th and 5th, 2016, Apple customers were the targets of the first Mac-focused ransomware campaign executed by cybercriminals. There have been previous reports of what is called “proof of concept,” which means that researchers have found a way to execute malware on a Mac, however, in these instances, it was not cybercriminals abusing the malware. In this instance, it is the first time that cybercriminals are using this malware to execute real life attacks. 

What is Ransomware?
Ransomware is far more advanced and aggressive than ordinary malware. Ransomware will encrypt the data on your hard drive, essentially locking you out of it unless you have the key to unlock the encryption. Ransomware generally presents users with an ultimatum: pay a fee to unlock and reclaim personal data, or don’t pay the fee and lose the data indefinitely. The cybercriminals will then hold personal and professional data ‘ransom’ unless demands for payment are met within a specific period of time.
In the event that the fee is not paid, ransomware can also automatically corrupt and delete the locked files, leaving most users with little time to resolve the problem through alternate means.

How is it transmitted?
In this particular case, users were downloading a program called “Transmission for BitTorrent,” which is used for peer-to-peer file sharing using BitTorrent files. BitTorrent is usually used to illegally download media files such as movies, music, and television shows. These users downloaded a “bad” version of the installer for the software, which contained a malicious Trojan horse, known as OSX.Keranger. A Trojan horse is malicious software that can wreak havoc with data in many ways, such as deletion, ransomware, modification, copying, and stealing. Like most ransomware, OSX.Keranger will encrypt a user’s files and demand a fee (in this case, one Bitcoin, or ~$400) to release the files.

Unfortunately, once a person is infected with ransomware, it’s probably already too late to save your files, as there is no guarantee that you’ll be able to retrieve your files. We recommend that you don’t pay the ransom—why fund the criminals so that they can do the same thing to someone else?

What should I do to prevent ransomware?

If you aren’t already infected, keep ransomware crime at bay by backing up your files regularly. This is one of the most important steps you can take in defending yourself against ransomware. If the cybercriminals try to encrypt your files, you’ll still have a copy, and you won’t have to feel torn between paying a ransom and possibly seeing your precious photos and documents again.

If you don’t have security software on your Mac, it’s important to think about getting protected to avoid getting hit hard by cybercriminals. Early on, Apple’s Mac OS X was a tough system for hackers to crack, and when it wasn’t a very popular platform, it just wasn’t worth it for cybercriminals, especially when there were other platforms that people were using that were easier to get into. As Apple has become more and more popular around the world, cybercriminals have found more of a reason to target these machines. We’ve seen malicious websites targeting Mac computers.  Symantec security researchers have been seeing more Apple malware prototypes created, as well as the increased discovery of vulnerabilities in the operating system, over recent years.  The threat landscape is a rapidly changing one, and, with more hackers targeting the platform, Apple users should be making sure that their systems have robust security software.
 

What does Norton do to prevent ransomware?

Norton Security Premium with Backup offers up a host of features to help protect you against ransomware:

  • Backup protection- Norton can help you get on track with regularly scheduled backups, and 25 GB of secure cloud backup space, which provides additional protection against ransomware by securing your data safely.
  • Malware Detection- Norton not only protects your precious data, it can also stop these threats (including this one) from getting onto your computer in the first place.

Tips to stay protected against ransomware:

  • Back up your files regularly! If you already have your files, the criminals have no leverage, because you have an uninfected copy of all of your data safely hidden away.
  • Update your security software. Norton updates its protections as soon as new threats are discovered, so you’ll stay secure.
  • Keep all of your software up-to-date. Software updates regularly include patches to fix security holes that criminals might have used to get into your system. This is also a vital step in protecting yourself against ransomware. By updating all software programs on your device as soon as updates become available, you’re actually patching vulnerabilities, or “holes” in the software that malware can sneak through.
  • Trash any suspicious-looking emails, especially if they contain links or attachments.
  • Be on the alert for any Microsoft Office email attachment that tells you to enable macros to be able to view the content. Unless you know and trust the source of the email, just delete it.

For more information on what to do about ransomware, see these helpful posts:

Ransomware: 5 Do’s and Don’ts

Ransomware: When Cybercriminals Hold Your Computer Hostage

Beware of W2 Phishing Emails Targeting Employees

With the IRS’s due date of April 18th looming overhead, fraudsters are rapidly trying to cash in on tax refunds. Over the past two weeks, we’ve seen an increase of BEC (business email compromise) fraudster scams involving requests for employee’s W2 taxpayer information. In this scam, the scammer pretends to be a member of upper management, and targets a more junior member of the organization. The phishing email requests that the target send employees’ W2 forms for inspection.

It’s important to realize that these documents contain tax and wage information for employees as well as their social security number, home address and employment location. Once these documents are obtained, the criminals would have everything they need to perform tax refund fraud; effectively stealing tax refunds owed to workers. In addition to tax refund fraud, these documents contain a plethora of information that can help the scammer commit identity fraud as well.

This group sends emails from what appear to be stolen email accounts and match the compromised domain. A different “Reply-to” address is set in the email so that when a victim replies, the reply goes to an account under the attackers’ control, and not to the address it appears to have originated from. In the past 12 days, this group has used at least eight stolen domains for sending emails and has sent over 600 emails to victims.

For W2 fraud, these are some of the email subjects we are seeing:

Subject: Request For All Employees W2s
Subject: Request For All Employees W2s, Monday 29th February, 2016

In addition, employees should keep the following tips top of mind:

  • Be cautious of links and attachments in emails from senders you don’t recognize, or are requesting actions that seem unusual or don’t follow normal procedures. Avoid providing personal information when answering an email, unsolicited phone call, text message or instant message.
  • Additionally, do not reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message.
  • Never enter personal information in a pop-up web page or anywhere else that you did not initiate.
  • Keep security software and all other software programs updated.
  • Report security warnings from your Internet security software to IT immediately, chances are, they aren’t aware of all threats that occur.

You can learn more about safe cyber security practices for employees here.

Newly Discovered DROWN Vulnerability Allows Attackers to Decrypt Information

A recent vulnerability involving the handling of SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates dubbed as DROWN, has been discovered by researchers. DROWN stands for “Decrypting RSA with Obsolete and Weakened eNcryption.” Attackers probing for vulnerable servers affected by the DROWN vulnerability can force certain web servers to use an older, insecure version of SSL/TLS, resulting in weak encryption that is easily decrypted by an attacker. DROWN was discovered by a team of researchers from Tel Aviv University, Münster University of Applied Sciences, the Horst Görtz Institute for IT security, Ruhr University Bochum, the University of Pennsylvania, the Hashcat Project, the University of Michigan, and the OpenSSL project.

One of the purposes of Secure Socket Layer (SSL) certificates is to indicate secure, encrypted connections between personal devices and websites. This new vulnerability can allow attackers to decrypt encrypted data being sent between devices and a server via what is called a man-in-the-middle (MITM) attack. In MITM attacks, the attacker is monitoring the connection to these websites. Data is sent from point A (computer) to point B (server/website), and an attacker can get in-between these transmissions, and nab the data being sent. The saving grace with these types of attacks is that the information (when being submitted via a website using SSL/TLS) is encrypted while it is in transit. The attacker can gain access to it, however they cannot see what the data actually is. In the case of DROWN, the encryption is very weak and attackers can easily decrypt the data once they have obtained it through a MITM attack.

Encryption can secure just about everything under the sun, from email services, online shopping sites, online banking sessions and more. As a result of this vulnerability, attackers can decrypt personal and financial information such as log in credentials, credit card information, and any other data they can get their hands on.

The researchers stated that about a third of all computer servers using the HTTPS protocol were vulnerable to these so-called DROWN attacks. This amounts to an estimated 11 million servers, most of which host websites or email services. 

How to Protect Yourself from this Threat

While no evidence has emerged that DROWN has been exploited in the wild to date, it is now only a matter of time before attackers attempt to find and exploit unpatched systems.

Add Extra Security to the Sites you Visit:

Use a Virtual Private Network (VPN) when using unsecured and public Wi-Fi:
VPN software sets up an encrypted data connection in between your computer and a remote server. Encryption is a way of protecting personal data, sort of like a “secret code,” so that it cannot be read by anyone who doesn’t have the code key. This blocks any attempts by hackers, malware or any other threat from accessing that data and eavesdropping, stealing information, and even performing a MITM attack.

Enable two-step authentication on websites that offer it:
This will add an extra layer of security to your account by requiring you to provide something you know (your password) and something you have (such as your phone or a fingerprint).

Keep an eye on your sensitive online accounts:
It’s always a good practice to do this anyway, but particularly now, pay special attention to online accounts (banks, email etc), as well as bank and credit card statements to check for any unusual transactions.

Be especially on the look out for scams:
Popular current event and news stories are music to scammers’ ears. Since there are a multitude of stories about these events flying around the Internet, scammers are looking to capitalize on the popularity of the story. Be on the lookout for unsolicited emails, instant messages, and even text messages about this threat. If you ever get a notice to change your password- do NOT click on the link in the message. Instead, visit the website directly by typing the known address into your URL bar in your browser.

According to the official DROWN website, “there is nothing practical that web browsers or other client software can do to prevent DROWN. Only server operators are able to take action to protect against the attack.”  You can also check their page that lists examples of websites susceptible to this vulnerability here.

Mobile Apps and IoT Devices Are an Overlooked Security Risk by Consumers – and That’s a Problem

Today, Norton released findings from a survey of more than 5,000 consumers from U.S., U.K., Canada, Australia and Japan about their fears of and forays into the connected world. The survey makes clear that there are two types of people: those who understand smartphones and IoT devices come with risks, and those who do not.  

More than half of respondents globally (56 percent) say the prospect of the financial and banking information stored on their phone being hacked is upsetting. What is more striking is that nearly half either do not care about their information being hacked or they are less concerned about financial hacks than other information being compromised.

For nearly 10 percent of smartphone users there is not a single thing a hacker could take from their phone that would upset them. This includes text and voice messages, pictures and videos, mobile app-controlled home security cameras and appliances. They see it as a device they talk to friends with and check on social media. They use it to easily manage their money. They don’t think anything bad could happen on a smartphone.

We are seeing this split with IoT devices in the US as well.

Globally, consumers feel just slightly more comfortable using banking and financial apps (56 percent) than apps for home entry (44 percent). We have seen an endless array of IoT devices present severe security weaknesses. Yet in the US, 39 percent of consumers say they would feel secure using a home entry app that allows them to open the door remotely for friends and family.

Getting hacked is not something consumers worry about with the devices they use to monitor their children or to lock their front doors. Most of the research into attacks on IoT devices has focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps. Control someone’s phone and you can control their IoT devices. The risk to consumers moves from online and into their home – it’s personal.

The point is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away. In fact, 60 percent of US respondents use mobile apps to manage both connected devices and their personal finance. 26 percent control their home entertainment components with a mobile phone, and 16 percent have connected home devices such as security cameras, alarms, home entry systems, baby monitors, light bulbs, light switches and appliances.

We want the people who are not concerned about hacking to understand the risk.

In January 2016, Norton scanned the approximately 25 million Android apps in our database. 40 percent of the 94 app stores we scanned exhibited malicious behavior. We identified more than 9 million malicious apps and found more than 16 million apps with potential privacy or intrusive behaviors. These apps can send sensitive information from your phone, including your account and device details, browser history, location and call logs from the device without encryption. The intrusive behaviors include adding browser favorites, putting up big banner ads, or changing desktop images or ringtones.

Staying Safe with Mobile Apps and IoT Connected Devices

Whichever kind of person you are, you need to stay safe. And whatever type of IoT device or mobile app you want to use there are some simple, best practices you can adopt.

Protecting Mobile Devices

  • Use a reputable mobile security app. Norton Mobile Security pre-scans Android apps and identifies potential vulnerabilities before downloading from Google Play. You should know what you’re downloading before it gets on your device.
  • Download apps from official app stores. Third-party app stores may not put apps through the same rigor as official app stores such as the Google Play Store or Apple’s App Store.
  • Be mindful of your app settings. Beware of apps that ask you to disable settings that protect you from installing unsecure apps. This makes your device more vulnerable and opens you to attacks.

Protecting IOT Devices

  • Keep your device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer.
  • Protect your device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers and symbols.
  • Be stingy with your device. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device, you don’t use, turn it off.

Internet Scams Based on Current Events Plague Users

It’s sad to say, but cybercriminals have learned how to use our emotions against us. When we read media reports about accidents or watch videos of natural disasters on the news, it’s normal to feel empathy for the victims of tragic current events, or even concern for our own safety. Unfortunately, that’s when scammers have learned that we are at our most vulnerable, and they have an array of tools to take advantage of that. Here are just a few of the standard Internet scams that fraudsters trick us into.

Donating to “Charities”

Beware of unsolicited emails from charities that promise to send your donation to victims of “fill-in-the-blank” tragedy. These emails could be attempts by scammers to exploit your generosity. The emails may have links that lead you to fake websites where you can donate money — directly to the cybercriminals, who now have your credit card information. Or you could also end up downloading malware by clicking such links. It’s safer to go directly to the websites of well-known, established charities and relief organizations to learn how you can contribute to the cause and not a fraud. You can also verify a charity’s authenticity on sites like Give.org or Charitynavigator.org.

Helping a Friend

Our instincts to help those less fortunate than ourselves could hit even closer to home if we think our friends are victims. When natural disasters strike, another type of “charity” scam could be an email plea from a loved one. The message could say they’ve been vacationing in whatever location that has just been devastated by a natural disaster, and they need money right away to get medical help or fly home. As sad as this plea for help may be, stop and think before you deposit money into your friend’s bank account. If possible, try to reach them by phone. If their only way of communicating is via email, be sure to ask them a question that only they would know the answer to. If a cybercriminal has been tracking your friend’s online accounts with spyware, they may be able to answer some personal questions, but not all. Most important, contact a family member of the friend to verify the story.

Sharing Socially

When a scandalous photo or story of a celebrity gets leaked, it doesn’t take long to see related scams pop up across the Web, whether via email or social networking sites. You may get an email, supposedly from a friend, sharing a link to a video. When you click on the link, you get a notification that you need to download a plug-in in order to view the video. Click on it and you could be downloading spyware that will stay on your device and collect any personal information that could be used for identity theft. Remember to delete emails from unknown senders and don’t download unknown plug-ins.

Similar scams on social media sites where users can share videos abound. Be wary before you share a video in your stream, and even more cautious about watching videos shared by your friends— you may be helping cybercriminals spread their threats. If you decide to view a video, you could be directed to a page saying you need to fill out a survey first. The questions may seem basic, but they’re actually designed by scammers to collect information that can be used in spear phishing scams.

How to Make News-Related Scams History

Curiosity, generosity, and sharing are qualities that make us human — as is making mistakes. Don’t let online scammers prevent you from acting on your emotions. Just remember to take the precautions above to help make sure you won’t become the victim of a current events-related scam. And if you think you’ve been scammed, be sure to:

  • Run Internet security software, like Norton Security Premium, to detect and eliminate any malware that you may have downloaded.
  • Change your passwords to your most critical accounts.
  • If you received an email from a friend’s email account that seems to have been hijacked by a cybercriminal, call your friend to let them know the account has been compromised.
  • If you’ve downloaded a bad app, remove it as soon as possible. Next time, use proactive protection like Norton Mobile Security, which can alert you to bad apps before you download them.
  • For social media scams, be sure to post about it, alerting your friends or followers to be careful. Also, report the scam to the social media site’s administrators. 

Latest Cyberthreat Intelligence for January

Symantec’s Global Intelligence Network (GIN) team has updated their intelligence page, which provides the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam, and other potentially harmful risks. The GIN is a respected source of data and analysis for global cybersecurity threats, trends and insights. Symantec regularly publishes informed analyses based on the latest GIN data available. Here are some key takeaways from this latest batch of intelligence.

There is good news and there is bad news. The good news is there is a decrease in the number of spear-phishing activities. The bad news is there is an increase in social media scams.

In terms of social media, manually shared scams continued to dominate and made up nearly 56 percent of all social media scams. However, this number is down from 64.9 percent in December. The reason for the dip is a significant increase in the number of fake offers seen on social media in January, accounting for around 38.6 percent of social media scams. This number is up more than 11 percentage points from December.

Social media scams in January 2016

Retail trade topped the industry spam rates at 59.4 percent, saw phishing rates at one in 507 emails, and one in every 57 emails in this sector contained malware. One silver lining is that targeted attacks were down slightly for retail trade, from 3.6 percent in December to 2.2 percent for January.

Email malware by industry in January 2016

Spear-phishing activity is down once again this month, at 16.7 attacks per day, after reaching a 12-month high in November. However, the finance, insurance, & real estate sector saw an increase to 40.2 percent from these types of attacks, up from 24.6 percent in December.

OSX.CnetDownloader was again the most commonly blocked Mac OS X threat on OS X devices, accounting for 60.4 percent, though its dominance may be waning. January saw a surge in detections of OSX.Klog.A. This threat made up 4.2 percent of blocked OS X threats in December, but is now responsible for 23.5 percent.

These are just a few items that stood out during the month. Be sure to check out the Latest Intelligence for January 2016 for more charts, tables, and analysis covering the threat landscape.

Mazar BOT Malware Invades and Erases Android Devices

Android smartphone users should be aware of a dangerous new type of malware that spreads via spam SMS or MMS messages that link to a malicious app file. The Mazar BOT, as it is called, tricks the Android user into gaining administrative access to the infected Android phone and can then erase any stored data. Although security research experts believe this malware has several hidden capabilities that are still being discovered, they know this malware will turn your smartphone into part of a hacker botnet web.

How the Mazar BOT Attacks Androids

Android mobile phone users receive this (or similar) SMS or MMS message that includes a link to a malicious Android application package (APK):

“You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net /mms.apk to view the message.”

When the user clicks on the link, a download of a file with the generic name of “MMS Messaging” is initiated. If the user installs the app, the Mazar BOT is able to grant itself administrator rights on the now-infected Android. From then on the cybercriminals behind the bot are able to access all stored data and use the Chrome browser to see the user’s history and potentially launch MITM (man-in-the-middle) attacks. Essentially the hackers have complete control over any function the Android device can perform, like making phone calls and sending and reading messages — which could include two-factor authentication (2FA) texts from users’ banks or social media accounts.

Although the Mazar BOT has been available for sale on the Dark Web for a few months, authorities have not found the cybercriminals behind this virulent malware. However, the fact that the malware cannot be downloaded on Android devices set to the Russian language may indicate its country of origin.

How to Stay Protected

  1. Don’t click on links in SMS or MMS messages.
  2. Only install apps from reliable sources like the Google Play Store.
  3. Protect your mobile devices with Internet security software, like Norton Mobile Security.

New Ransomware Variant Locky Spreading Like Wildfire Since the Day It First Appeared

A new variant of ransomware has been discovered on Tuesday (February 16), known as “Locky,” and has been spreading swiflty since it first appeared. The attackers behind Locky have spread the malware using massive spam campaigns and compromised websites. Locky typically spreads itself by tricking users into opening a document attachment sent to them by email. Once downloaded, the document looks like random characters and symbols, and victims are prompted to enable macros in the document, which downloads a malicious file that encrypts files on compromised Windows PCs.

Locky encrypts files on victims’ computers and adds a “.locky” file extension to them. The ransom demand varies between 0.5 to 1 bitcoin (approximately US$210 to $420).

Figure 1. Example of spam email used to distribute Locky

What is a Macro Virus?

Word documents containing a malicious macro are attached to these emails. A macro virus is defined as “a computer virus written in the same language used for software applications, such as word processors.” Microsoft Word and Excel are two examples of applications that feature powerful macro languages, which are embedded in documents so they run automatically when the documents are open. If this macro is allowed run it will install Locky on to the victim’s computer.

Figure 2. Example of Locky ransom message

Tips on protecting yourself from ransomware

  • Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware is removed from the computer.
  • Be sure to have Internet security software such as Norton Security. Always keep your security software up to date to protect yourself against any new variants of malware.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
  • Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
  • If you do not use macros, you can disable them by following these instructions.
  • If you are unable to disable macros, you can also try using Word Viewer by Microsoft. Word viewer will allow you to view a Microsoft document, however, it does not support macros, therefore will not run them.

*UPDATE* 
Since its discovery, Symantec has observed the attackers behind Locky are continuing to spread the ransomware through extensive spam campaigns. One of the most recent spam campaigns occurred on Friday (March 11 2016) and the emails were disguised as coming from an address on the recipient’s network. 

Spam email can be disguised in many ways, including appearing to come from network connected devices such as scanners and printers, still, by far the most common tactic is to disguise spam emails as financial statements, especially as invoices. A wide variety of sender names and addresses were used in the campaign we observed. Most sender addresses were spoofed, which makes them appear to come from domains registered to legitimate companies. 

While ransomware infections had been detected at a rate of between 10,000 and 15,000 per week January and early February 2016, the number began to rise, coinciding with Locky’s appearance on February 16, and detections stood at more than 20,000 in the week to March 8. 

Ransomware – What Can You Do About It

Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data. Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it. Ransomware, as it is known, now scores high profile victims like hospitals, public schools and police departments.

The nefarious ransomware business model has turned out to be a lucrative industry for criminals. Over the years its ill repute has made law enforcement team up with international agencies to identify and bring down scam operators.

Most of the ransomware attacks that have taken place in the past have been linked to poor protection practices by employees.

There are a few dos and don’ts when it comes to ransomware.

1. Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.

2. Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.

3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.

4. Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.

5. Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.

6. Do make sure that all systems and software are up-to-date with relevant patches Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.

7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. If offered, make sure you know how to connect to the company’s Virtual Private Network (VPN).

8. Taking intellectual property and releasing professional secrets are against most corporate policies. It’s not just unethical but you can get in trouble.

9. Read your company’s Acceptable Electronic Use (AEU) policy, and follow the policies for safe use of your devices.

10. When backing up to cloud services, be sure to talk to your IT department first, for a list of acceptable cloud solutions. Organizations can make this part of their AEU policy and make it a fire-able offense.

11. If you’re unsure about an email’s legitimacy, contact your IT department.

Ransomware criminals often attack small and medium sized businesses. Among other cyber attacks, ransomware is one criminal activity that can be easily worked around with the above-mentioned solutions. Norton Security Premium coupled with education about these threats is an excellent protection plan for today’s cyber landscape.

This Valentine’s Day, Beware of Fake Apps as Cybercriminals Look to Cash in on Love

Every February, users both single and coupled tend to increase their downloads of Valentine’s Day-centric apps. These apps can come in the forms of Valentine’s Day-themed wallpapers, horoscope compatibility tests, greeting cards for significant others, and love-related games. While these types of apps may seem like a fun novelty for the time being, our research has found that these romance-related apps are four to five times more likely than other applications to be uninstalled within a month of installation. As a result, cybercriminals are looking for their chance to take advantage of users both looking for love, and those who are using mobile apps to celebrate Valentine’s Day.

As a result, this Valentine’s Day there are some things you should be on the lookout for.

Apps that send premium SMS texts

Some apps will masquerade as special Valentine’s Day-themed apps and may try to send their own text messages in the background to a special phone number that is for premium texts. These premium texts charge the user, so the attackers earn money from this activity without the user’s knowledge

Trojanized apps

A lot of attackers will take existing popular apps, and make copies of them, load them up with malware, and then place them on unofficial and pirate app markets for unsuspecting users to download. Trojanized applications have the appearance of a safe app, but can contain malware hiding in the background. These apps can then steal information from your device, and generate revenue by sending premium SMS texts.

Information theft

Malicious apps are often used to steal your personal information, including sensitive financial information that can then be used to steal your identity. Some of these bad apps may steal text message data, sensitive emails, photos, and contact information.

Grayware and leaky apps

While some apps may not set out to harm their users, they may unintentionally cause damage because of their insecure data practices. A significant number of popular apps don’t encrypt sensitive user information, and can allow phone numbers, contacts, and the user’s location to end up on the Internet. Be sure to read the privacy policy to see what they plan on doing with your information before downloading that app.

One of the ways that free applications earn revenue is through advertising. The developers of perfectly legitimate apps will add third-party ad libraries to their applications. These ad libraries have usually not been examined by the app store properly and may display advertisements at a high rate. This isn’t dangerous, but can be highly annoying while trying to do things on your phone.

Practice safe text

We still want you to have fun on Valentine’s Day, despite these sneaky apps. If you’re looking for the right mobile app to send a greeting card or find a date, we recommend the following best practices:

  • Download apps from trusted sources: Only download apps from the official app store based on your operating system. These apps tend to be heavily verified by the app store, whereas apps being sold on third-party sites can be made by anyone.. In addition to checking out the privacy policy, be sure to check out the reviews, comments, and how many people have downloaded the app.
  • Watch for strange device behavior: Malicious software can often give away their presence by making the device behave in strange ways. Be on the lookout for signs such as slow Internet connections, large unexplained charges on your phone bill, and unusually high data usage and a quickly draining battery. By keeping an eye out for behaviors that are out of the ordinary, you may be able to catch a problem before it gets too bad.
  • Keep your software up to date: Software updates perform a myriad of tasks. These updates will deliver a multitude of revisions to your device, such as adding new features, removing outdated features, and most importantly, fixing security holes that have been discovered. Try to use automatic update if available.
  • Use Norton Mobile Security: Norton Mobile Security works beyond just finding and reporting malicious activities on a user’s device. Our App Adviser provides valuable insight on problems with an app before they can be downloaded and installed. This lets users make safe decisions by keeping them informed while they are looking for the right app.

Scroll Up