Viry a Červi

Three Areas to Consider, to Focus Your Cyber-Plan

VirusList.com - 22 Listopad, 2019 - 23:05
DNS, rogue employees and phishing/social engineering should be top of the list of threat areas for organizations to address.
Kategorie: Viry a Červi

Critical Flaws in VNC Threaten Industrial Environments

VirusList.com - 22 Listopad, 2019 - 20:50
Some of the bugs allow remote code-execution.
Kategorie: Viry a Červi

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

VirusList.com - 22 Listopad, 2019 - 17:54
Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.
Kategorie: Viry a Červi

Google plans to take Android back to ‘mainline’ Linux kernel

Sophos Naked Security - 22 Listopad, 2019 - 14:59
Android could be returning to its roots.

Iran’s APT33 sharpens focus on industrial control systems

Sophos Naked Security - 22 Listopad, 2019 - 14:32
Iran's elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week.

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways

VirusList.com - 22 Listopad, 2019 - 14:32
Financial institutions are in the crosshairs of hackers leveraging the malware to steal sensitive data.
Kategorie: Viry a Červi

VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

Virus Bulletin News - 22 Listopad, 2019 - 14:11
A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his presentation.

Read more
Kategorie: Viry a Červi

News Wrap: Amazon Ring Risks, Stalkerware, and D-Link Router Flaws

VirusList.com - 22 Listopad, 2019 - 14:00
From stalkerware to Amazon Ring doorbell outrage, Threatpost editors break down the top news stories of the week.
Kategorie: Viry a Červi

Google Will Award $1M-Plus to People Who Can Hack Titan M Security Chip

VirusList.com - 22 Listopad, 2019 - 12:53
The company expanded its Android bug bounty program as one of several recent moves to ramp up mobile security.
Kategorie: Viry a Červi

Why cryptocoin scams work, and how to avoid them

Sophos Naked Security - 22 Listopad, 2019 - 12:12
What are ICOs, why are they so popular and why do crooks love them so much?

Convicted Nigerian fraudster keeps a-fraudin’ from behind bars

Sophos Naked Security - 22 Listopad, 2019 - 12:11
He was supposed to be serving a 24-year sentence in the "maximum security" prison, not continuing the fraud... and going to parties.

5G security and privacy for smart cities

Kaspersky Securelist - 22 Listopad, 2019 - 11:00

The 5G telecommunications revolution is imminent. It is the next generation of cellular network, making use of the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serve as the foundation for advanced services, including:

  • 8k streaming, real-time mobile gaming into augmented/virtual reality experiences;
  • Complex remote operations such as remote unmanned vehicles, delivery and surveillance drones, surgical robots;
  • Critical infrastructure operations: enhanced management and monitoring systems for traffic, energy and water facilities;
  • Emergency and healthcare interventions: services for saving lives greatly benefit from 5G installations; drones can quickly reach and live broadcast an incident location, could be used for delivering first aid and equipment or even to transport a victim to the closest medical center.
5G risks and challenges

Managing security is a continuous and dynamic process. With the dramatic increase in the number of connected devices comes a natural expansion of the attack surface and threat intensity. As 5G technologies become widely deployed, the weaknesses and inherent security flaws of 5G will be identified and hopefully quickly patched.

The key anticipated risks can be described as follows:

  • Protocol weaknesses and large-scale vulnerability exploitation
  • Severe DDoS attacks
  • BYOD threats
  • Data security and privacy
  • State-funded terrorism, anti-fossil fuel activism, espionage or corporate sabotage
  • Critical infrastructure/public safety
Public privacy, safety and critical infrastructure

Connected services and infrastructure is a double-edged sword that helps provide better visibility, efficiency and performance, but is making non-critical infrastructure critical and therefore exposing more of the population to unaffordable risks. The general public is being ‘lulled’ into welcoming the convenience and continuous visibility provided by 5G, though in the event of a disruption, public order could be at stake.

The conventional boundaries of critical infrastructure such as water supply, energy grid, and military facilities, and financial institutions will expand much further to other unprecedented areas in a 5G-connected world. All these will require new standards of safety.

On the privacy side, matters become more complex. The advent of 5G with its short range will definitely mean more cell communication towers and building antennas being deployed in dense urban centers. With the right toolset, someone could collect and track the precise location of users. Another issue is that 5G service providers will have extensive access to large amounts of data being sent by user devices that could show exactly what is happening inside a user’s home and at the very least describe via metadata their living environment, in-house sensors and parameters.

Taking into account all of the above, it is our view that government and industry leaders need to combine their efforts to promote secure and safe 5G technology projects to enhance the services and quality of life for citizens of smart cities.

To learn more about 5G technologies, risks, challenges and security solutions, please read the full report.

Black Friday Alert 2019: Net Shopping Bag of Threats

Kaspersky Securelist - 22 Listopad, 2019 - 10:04

Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts. In the rush to get a big discount or, even more panic-inducing, a limited time offer, many shoppers lose all sense of vigilance. Caution goes out the window and consumers start tapping on links and email vouchers without their usual care and attention.

Spam and Phishing

Unfortunately, online shopping at this time of year needs more security-awareness, not less. It is the peak season for phishers and spammers. Along with many genuine offers, there also lurk phishing scams ready to reel in an unwitting bargain hunter’s bank details. By clicking on a too-good-to-be-true discount link online without checking it’s genuine, you could find yourself at a fake marketplace, that may look indistinguishable from the real website. On these sites, entering your bank details could result in money leaving your account, but no package arriving at your door.

Since Kaspersky has been analyzing financial phishing activity, which began in 2013, there has been a steady rise in threats – peaking at 54% in 2017. However, last year this trend did slow down and decrease. The figure dropped to 44.70%. Financial phishing attacks are still expected to be a big risk around the upcoming Black Friday event, and there will be close analysis to see if the figure rises once more.

Share of financial phishing attacks from all phishing decreased for the first time in four years in 2018

Social Engineering in the Retail Sector How do phishing scams work?

In order to make these scams a success, fraudsters need to lure their potential victims to fake webpages and obtain their bank details. To do this, attackers register website domains, often containing the magic phrase ‘Black Friday’ and keep their registration data hidden.

Their sites are usually well designed and appear to be genuine and of a high quality. Unlike many old typo-filled spam emails, phishing web pages are relatively easy to make look authentic – scammers can simply copy the source code from the real store’s website and make theirs appear to be a near perfect match.

Domain addresses are usually hidden until the event itself, so they are not blocked in advance by antivirus software vendors. The scam website is then activated immediately before the phishing mail goes out, just as shown in these screenshots.

Occasionally, these attacks appear to be sent by large banks or payment systems, allegedly partners of the Black Friday sales campaign, while in fact these are carefully crafted copies of legitimate pages and mailshots made by criminals. Emails or warnings may threaten to block the user’s account or promise some financial benefits by clicking on the email. These phishing emails make it seem like all you have to do is follow the link and log in to your account.

However, if you do log in to these sites with your credentials, all your bank account or payment card data — such as card numbers or usernames and passwords — will be leaked to the scammers.

Once they have this data, scammers could be able to withdraw money from your account, sell your bank card details on the dark web, or spend your money in various ways. This is often carried out by teams in other countries.

These scams come in a variety of forms. In one example, scammers offer goods at crazy discounts, encouraging the victim to share their bank card details, thereby risking losing all of their account funds and of course, not receiving their order. In another scheme, the victim might be tricked into transferring money to the attacker’s account, after which the fraudster breaks off all contact and the funds are lost.

There is also another widespread and very successful phishing scheme which asks users to complete a survey and fill in a large registration form, along with bank card details to take part in the promotion. After completing the form, you’re asked to send a link to the website to 10 friends via a messenger app.

Of course, victims of this scam won’t ever receive any prizes but instead end up bombarded with various links and emails for more useless surveys. Any additional clicks on these survey usually mean that scammers receive even more money. Because the survey is shared through messenger apps, more users, who often trust links that come from their friends, might also fall for the trick. And so the cycle continues.

Where are phishing scams occurring?

According to our statistics, more than half of phishing attacks carried out in the digital retail space are in the payment sector – online stores, payment systems and banks. Frequently, criminals use brands of Amazon, eBay and Alibaba to trick users. Amazon was used as a disguise in more than a million attacks in the first three quarters of 2019 alone, as the graph below shows.

Online retailers most hit by phishing attacks during Q1-Q3 2019

Notably, the share of phishing incidents in the online retail space during the peak sales period significantly increased compared to what happens during the rest of the year. For instance, attacks that were using the eBay brand reached nearly 25,000 during the week of November 4th, 2018, two weeks before Black Friday, after experiencing minimal disruption in the preceding days. The Amazon disguise was also a key target for scammers too – facing more than 20,000 phishing attacks during the week of November 19th, 2018, which was the week of Black Friday last year.

Spikes in phising attacks on online marketplaces from August – December 2018

These 2018 findings allow us to predict that in 2019 the situation may repeat.

Banking trojans

Similarly to phishing scams, Banking Trojans also target e-commerce brands so that they can track down user credentials – like banking login details, passwords, bank card numbers or phone numbers.

But with Trojans, the malware can intercept data fields on targeted websites. This means they can modify online page content and steal credentials entered, while the victim will keep thinking that they enter login and password to legitimate fields on the website. Because of this, cybercriminals can monitor a hacked user’s online behavior, such as which sites they visit while on the infected device.

Once the user browses to one of the targeted e-commerce websites, the Trojan activates its form-grabbing functionality and saves all the data a user inputs on the website. On an e-commerce website, this means a credit or debit card number, expiration date and CVV, as well as your site login credentials.

If the site or user’s bank doesn’t feature two-factor authentication, then the criminals behind the Trojan will have access to all this data and can use it to empty the user’s bank account or use their card details for purchases.

In the first three quarters of 2019, Kaspersky discovered 15 families of financial malware targeted at users of popular brands. In addition to the already known banking families such as Zeus, Betabot, Cridex and Gozi, this year, we have also seen two mobile banking Trojans joining our list: Anubis and Gustuff.

Last year’s report saw a 10% increase in the detection rate of financial malware between 2017 and 2018[1], but over the course of the full year that growth was a far more significant 24%. More than 15 million attacks by banking Trojans have been registered in the first three quarters of 2019. This means we have already seen a nine percent increase on what was found during 2018.

Overall number of attacks by Banking Trojans, 2015 – 2019

Mobile Trojans are also able to steal user credentials. The common scenario for user account theft on mobile devices is an overlay-attack, which overlays windows from the hacker’s program on top of the app, or window the user is browsing. Often the overlayed window or data input form is identical to the real one and the user enters their data believing that they are dealing with the original program.

Targeted e-commerce categories

In 2019, we found those 15 malware families were targeting a total of 91 consumer e-commerce sites and mobile apps across the world.

Of those, consumer goods websites such as fashion and clothing, or toys and jewelry, were the most commonly targeted, with 28 websites falling into this category. Also popular with phishing scams are entertainment websites with 20 examples found and travel bookings with 15 in that category.

Surprisingly, sites which sell big ticket items, such as consumer electronics (two websites found) and telecoms (12 websites), which are popular purchases on Black Friday, are at the bottom of the list.

Proportion of e-commerce categories targeted by malware in Q1-Q3 2019

Consumer apparel (fashion, shoes, gifts, toys, jewelry, department store) 28 Entertainment (cinema, games etc.) 20 Travel (Flights, taxi, hotels, etc.) 15 Online retail platform (eBay, Alibaba group etc.) 14 Telecoms 12 Consumer electronics 2

Proportion of e-commerce categories targeted by malware in 2019, by number of targeted brands

Advice and recommendations

As shown in this overview, Black Friday offers a golden opportunity for fraudsters and scammers to steal consumers’ cash. Sometimes a deal can seem too-good-to-be-true, but retailers still offer great discounts at this time of year, so it’s important to examine every deal closely. Shopping around for a bargain can still be enjoyable, it just needs extra vigilance to make sure you can tell the difference between the must-have offers and fake promotions. With incidents of phishing and banking Trojans on the rise, it’s important to stay safe from cyberthreats during the peak Black Friday shopping season.

To stay safe and keep your hard-earned money secure while shopping online, Kaspersky recommends taking the following security measures:

If you are a consumer:

  • Avoid shopping from websites that appear suspicious or flawed, no matter how great their Black Friday deals are
  • Don’t click on unfamiliar links you receive in emails or social media messages, even from people you know, unless you were expecting the message
  • Double check the email address of the sender. If it not the official brand’s website domain, do not click on the link
  • Hover over the linked text in the email or message and see which URL it will actually open
  • Invest in a robust cybersecurity solution to protect all your devices you use to shop online
  • Think about how much money you wish to spend in an online payment transaction account at any one time
  • Reduce the amount of funds you have in your bank and online accounts. The greater the balance, the more can be lost to fraudsters
  • Restrict the number of attempted transactions on your bank card
  • Turn on and always use two-factor authentication (Verified by Visa, MasterCard Secure Code, etc.)

If you are an online brand or retailer:

  • Use a reputable payment service and keep your online trading and payment platform software up to date. Every new update may contain critical patches to make the system less vulnerable to cybercriminals
  • Use a tailored IT and cybersecurity solution to protect your business and customers
  • Pay attention to the personal information used by customers who buy from you. Use a fraud prevention solution that you can adjust to your company profile and the profile of your customers

All research used in this report is based on user data obtained with consent and processed using the Kaspersky Security Network (KSN). All referenced banking Trojan malware were detected and blocked by Kaspersky security solutions.

Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much

The Register - Anti-Virus - 21 Listopad, 2019 - 23:40
Ad-tech arms race continues: DNS system exploited to silently follow folks around the web

Developers working on open-source ad-blocker uBlock Origin have uncovered a mechanism for tracking web browsers around the internet that defies today's blocking techniques.…

Kategorie: Viry a Červi

Senators Demand Amazon Disclose Ring Privacy Policies

VirusList.com - 21 Listopad, 2019 - 23:07
Amazon's Ring data collection policies are in the spotlight.
Kategorie: Viry a Červi

Microsoft Outlook for Android Bug Opens Door to XSS

VirusList.com - 21 Listopad, 2019 - 20:15
Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.
Kategorie: Viry a Červi

Bon sang! French hospital contracts 6,000 PC-locking ransomware infection

The Register - Anti-Virus - 21 Listopad, 2019 - 18:15
Good news? They're not paying the ransom

A French hospital has suffered a ransomware attack that reportedly caused the lockdown of 6,000 computers.…

Kategorie: Viry a Červi

Linux Webmin Servers Under Attack by Roboto P2P Botnet

VirusList.com - 21 Listopad, 2019 - 17:43
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers.
Kategorie: Viry a Červi

Gnip Banking Trojan Shows Ongoing, Aggressive Development

VirusList.com - 21 Listopad, 2019 - 17:35
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.
Kategorie: Viry a Červi

DNS-over-HTTPS is coming to Windows 10

Sophos Naked Security - 21 Listopad, 2019 - 16:22
Microsoft will soon add the ability to use DNS-over-HTTPS and DNS-over-TLS into its networking client.
Syndikovat obsah