Agregátor RSS

Recent attacks on healthcare thrust infosec agency into alert mode

CISA is calling on the software industry to stamp out directory traversal vulnerabilities following recent high-profile exploits of the 20-year-old class of bugs.…

Meteory – lidově označované jako padající hvězdy – je možné pozorovat prakticky každou noc v roce. Některé noci však slibují vydatnější podívanou než jiné. Tato skutečnost vyplývá z faktu, že se naše planeta při svém obíhání kolem slunce setkává s oblaky prachu a úlomků, které za sebou zanechaly ...

The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software Manager. These changes aim to enhance the overall user experience within the Linux Mint ecosystem, bolster security, and improve compatibility. Let's examine what you have to look forward to in Linux Mint 22 and the implications of these changes for Linux admins and security practitioners.

Bylo vydáno do češtiny přeložené číslo 717 týdeníku WeeklyOSM přinášející zprávy ze světa OpenStreetMap.

Cetin začne od 1. srpna letošního roku testovat rychlejší upload v metalických i optických sítích. Velkoobchodní partnery zve do nového programu Uplink Boost 2024 s tím, že zrychlování linek bude probíhat postupně po celých následujících dvanáct měsíců až do 31. července 2025. Zrychlování se týká ...

Infinix Hot 40 Pro potěší cenou a konkurenceschopností • Telefon má vysokou kapacitu RAM, úložiště a má i slot na karty • Když přihlédneme k ceně, lze nalézt jen minimum nedostatků

Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question

Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question The Hacker Newshttp://www.blogger.com/profile/[email protected]

Monitor Iiyama G2745QSU-B1 tento týden koupíte na Smarty.cz jen za 3899 Kč, jinde minimálně o pět stovek víc. Levněji neseženete ani alternativy s podobnými parametry. Je to jediný monitor s úhlopříčkou 27 palců, rozlišením 2560 × 1440 px, IPS panelem a frekvencí 100 Hz (či vyšší), který se dá ...

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm Newsroomhttp://www.blogger.com/profile/[email protected]

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Amid the current threat landscape, Kaspersky has conducted a comprehensive analysis of the financial risks, pinpointing key trends and providing recommendations to effectively mitigate risks and enhance security posture.

Methodology

In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. To gain an understanding of the financial threat landscape, we analyzed anonymized data on malicious activities detected on the devices of Kaspersky security product users and consensually provided to us through the Kaspersky Security Network (KSN).

Key findings Phishing

• Financial phishing accounted for 27.32% of all phishing attacks on corporate users and 30.68% of phishing attacks on home users.
• Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.
• PayPal phishing accounted for 54.78% of pages targeting electronic payment system users.
• Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million detections compared to 5.04 million in 2022.

PC malware

• The number of users affected by financial malware for PCs dropped by 11% from 2022.
• Ramnit and Zbot were the prevalent malware families, together targeting over 50% of affected users.
• Consumers remained the primary target of financial cyberthreats, accounting for 61.2% of attacks.

Mobile malware

• The number of Android users attacked by banking malware increased by 32% compared to the previous year.
• Agent was the most active mobile malware family, making up 38% of all Android attacks.
• Users in Turkey were the most targeted, with 2.98% encountering mobile banking malware.

Financial phishing

In 2023, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organizations. The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page.

This year, we analyzed phishing detections separately for users of our home and business products. Among phishing and scam pages blocked on the devices of business users, 27.32% were financial phishing pages (pages mimicking online banks, payment systems and online stores). For fake pages blocked on home devices, this number was even higher at 30.68%.

TOP 10 organizations mimicked by phishing and scam pages that were blocked on business users’ devices, 2023 (download)

TOP 10 organizations mimicked by phishing and scam pages that were blocked on home users’ devices, 2023 (download)

Overall, among the three major financial phishing categories, online store users (41.65%) were targeted the most, followed by banks (38.47%) and payment systems (19.88%).

Distribution of financial phishing pages by category, 2023 (download)

Online shopping scams

Online stores were the most targeted category, comprising more than 40% (41.65%) of all financial phishing pages. Fraudsters impersonated popular online store websites, such as Amazon, eBay and Shopify, as well as brand websites and popular streaming services, such as Spotify and Netflix.

TOP 10 online shopping brands mimicked by phishing and scam pages, 2023 (download)

The most frequently impersonated e-commerce site was Amazon, which was mimicked in more than one third (34%) of all online store phishing attempts. Apple came in second with 18.66% of fraudulent pages, followed by Netflix, with 14.71%.

Sample of a phishing site that impersonates Amazon

The tenth most-copied site was the Latin American online market MercadoLibre, which was mimicked by 1.77% of phishing pages. Fake sites also frequently targeted Louis Vuitton (5.52%), Shopify (4.73%), Alibaba Group (3.17%), Spotify (3.14%), eBay (3.12%) and Luxottica (2.94%) users.

Phishing pages impersonating AliExpress, Spotify and Louis Vuitton websites

One of the most common scam types targeting online shoppers consists in cybercriminals offering heavy discounts (which, of course, expire soon), special offers, early access to goods or entertainment, and other “bargains”. Both home users and businesses were targeted. For instance, in the screenshot below, a fake page presumably is offering a bus at an attractive price. If the user attempts to buy the vehicle, they are prompted to log in with their eBay account, which is then stolen.

Fake page offering a bus at a relatively low price

Fraudsters use similar scams on social networks. For example, in the screenshot below, a fake Instagram store is offering Louis Vuitton products.

Fake Louis Vuitton store on Instagram

As new and more secure, authentication technologies appear, scammers find ways to evade these, too. The phishing page in the screenshot below, mimicking the Shopify sign-in form, implements a scenario for when the victim uses a passkey as the authentication method. Passkeys can only be used on websites and apps they are created for. To authorize passkey authentication, the user has to unlock the device the passkey was issued for. That means passkeys are of no use to phishers. To trick users into choosing to authenticate with a manually entered one-time code, the fake page displays an error message.

Fake Shopify page trying to bypass passkey authentication

Payment system phishing

Payment systems were mimicked in 19.88% of financial phishing attacks detected and blocked by Kaspersky products in 2023.

TOP 5 payment systems mimicked by phishing and scam pages (download)

Among these, PayPal (54.73%) was the one that received the most attention, with more than half of attacks using its image.

Fake page targeting PayPal users

Other most frequently victimized payment systems included MasterCard (16.58%), Visa (8.43%), Interac (4.05%) and PayPay (2.96%). Notably, of these, Visa and MasterCard are typically mimicked on fake payment pages linked to a variety of phishing and scam sites.

Cryptocurrency scams

In 2023, the number of phishing and scam attacks relating to cryptocurrencies continued to grow. Kaspersky antiphishing technologies prevented 5 838 499 attempts to follow a cryptocurrency-themed phishing link, which is 16% more than in 2022. This may be due to the fact that the Bitcoin rate, after hitting rock bottom in 2022, started to climb again in 2023. With the price of the number-one cryptocurrency setting new records at the beginning of 2024, this trend can be expected to develop further.

We have seen a number of different cryptocurrency-related schemes throughout the year. Scammers impersonated well-known cryptocurrency exchanges and offered coins in the name of major companies. Among the most notable schemes was a phishing campaign that targeted hardware crypto cold wallets. This type of wallet, normally disconnected from the internet, is considered quite safe. However, under the guise of a crypto giveaway, the attackers tricked users into connecting their hardware wallets to a fake website.

We have also seen crypto wallet phishing using well-known non-cryptocurrency brands as a lure. For example, a phishing website bearing the Apple logo and photos of Apple products invited users to get cryptocurrency called “AppleCoin”. Interestingly, a coin under that name does exist, but it has nothing to do with Apple Inc.

Phishing website touting AppleCoin in the name of Apple Inc

If the user believes that Apple has at last issued its own cryptocurrency and enters their wallet credentials, the scammers grab their funds.

PC malware

In 2023, the decline in the number of users affected by financial PC malware continued. Our data showed a decrease from 350,808 in 2022 to 312,453 in 2023, reflecting an 11% drop. This trend has persisted for the past years, and there are several reasons for that. First, users increasingly prefer mobile banking, and sign in to their online bank accounts on PCs less frequently than on smartphones. Although they may still store their banking credentials in browsers on their desktop computers, most notorious banking malware for PCs was repurposed to deliver other malware, such as ransomware, to infected systems. Often, these banking Trojans are used in more sophisticated targeted attacks, which usually means they infect fewer users.

Changes in the number of unique users attacked by banking malware in 2023 (download)

As can be seen in the graph above, banking malware attacks spiked in March. This coincided with a fourfold increase in Emotet‘s activity, which was its last large-scale campaign observed in 2023.

Key banking malware actors

The notable strains of banking Trojans in 2023 included Ramnit (35.1%), Zbot (22.5%) and Emotet (16.2%), which remained the top three financial malware families for the PC. The percentages of all three grew compared to 2022, together comprising nearly three-quarters of all financial malware attacks on desktop computers.

Name Verdict %* Ramnit/Nimnul Trojan-Banker.Win32.Ramnit 35.1 Zbot/Zeus Trojan-Banker.Win32.Zbot 22.5 Emotet Trojan-Banker.Win32.Emotet 16.2 CliptoShuffler Trojan-Banker.Win32.CliptoShuffler 6.9 Danabot Trojan-Banker.Win32.Danabot 2.2 Tinba Trojan-Banker.Win32.Tinba 2.1 SpyEyes Trojan-Spy.Win32.SpyEye 1.9 Qbot/Qakbot Trojan-Banker.Win32.Qbot 1.8 BitStealer Trojan-Banker.Win32.BitStealer 1.3 IcedID Trojan-Banker.Win32.IcedID 1.2

* Unique users who encountered this malware family as a percentage of all users attacked by financial malware

These three Trojans have a range of capabilities apart from stealing banking credentials. They can download additional modules and third-party malware, collect various types of data, such as passwords stored in browsers, and perform other malicious activities.

Fourth and fifth were CliptoShuffler (6.9%) and Danabot (2.2%), both frequently appearing in the rankings, and in sixth place was Tinba (2.2%), also known as “Tiny Banker Trojan”. Although we have not seen this family among the most active banking Trojans in previous years, it dates back to 2012, and its source code has been leaked. It is written in Assembler and gets its name for a remarkably small size.

Among other most active banking malware types were SpyEyes (1.9%), QakBot (1.8%), BitStealer (1.3%) and IcedID (1.2%).

Brazilian malware

While the overall number of desktop financial malware attacks has steadily declined, we have observed a trend for Brazilian families attempting to fill the void. In the beginning of 2023, we shared insights into new functionality added to Prilex, a type of malware known to target ATMs and PoS (point of sale) terminals. Kaspersky experts found the new modification was specifically designed to exploit contactless payments. When someone tries to pay with a contactless card, the infected PoS terminal displays an error message, prompting the buyer to insert the card and thus helping attackers to capture sensitive payment details. Cybercriminals can then run unauthorized transactions and potentially steal large sums of money from unsuspecting victims.

Another interesting malware strain is GoPIX, which targets the Brazilian instant payment system PIX. It spreads by impersonating the WhatsApp web app. Once successfully installed, it starts monitoring clipboard contents. If the malware detects PIX transaction data, it substitutes it with malicious data, tricking the user into transferring money to cybercriminals. It targets Bitcoin and Ethereum transactions in the same manner.

Recently, our Global Research and Analysis Team (GReAT) discovered Coyote, a new banking Trojan of Brazilian origin. Targeting more than 60 banking institutions, primarily in Brazil, this malware uses a sophisticated infection chain that utilizes various relatively new technologies. Spreading via the Squirrel installer, it leverages a NodeJS environment and the Nim programming language to complete infection. Coyote is capable of keylogging, taking screenshots, and setting up fake pages to steal user credentials.

Geography of PC banking malware attacks

To highlight the countries where financial malware was most prevalent in 2023, we calculated the share of users who encountered banking Trojans in the total number attacked by any type of malware in the country. The following statistics indicate where users are most likely to encounter financial malware.

The highest share of banking Trojans was registered in Afghanistan (6%), Turkmenistan (5.2%) and Tajikistan (3.7%). Switzerland (3.2%) and Mauritania (3%) were also among the worst affected by this type of threats.

TOP 20 countries by share of attacked users

Country* %** Afghanistan 6 Turkmenistan 5.2 Tajikistan 3.7 China 3.2 Switzerland 3 Mauritania 2.4 Sudan 2.3 Egypt 2.2 Syria 2.1 Yemen 2 Paraguay 2 Algeria 1.9 Venezuela 1.9 Uzbekistan 1.7 Libya 1.7 Zimbabwe 1.7 Spain 1.6 Pakistan 1.6 Iraq 1.6 Thailand 1.5

* Excluded are countries and territories with relatively few (under 10,000) Kaspersky users.
** Unique users whose computers were targeted by financial malware as a percentage of all Kaspersky users who encountered malware in the country.

Types of attacked users

Consumers (61.2%) were the main target of financial malware attacks in 2023, with their share unchanged from 2022.

Financial malware attack distribution by type (corporate vs consumer), 2021–2022 (download)

Mobile Malware

In 2023, 32% more Android users encountered mobile banking malware than in the previous year: 75,521 attacks compared to 57,219 in 2022. Moreover, we observed notable growth in the number of affected users in the last quarter of the year, which may be due to a new financial malware family called Mamont that targets mainly users in the CIS.

Number of Android users attacked by banking malware by month, 2022–2023 (download)

The most active Trojan banker was Bian.h (22.22%), followed by Agent.eq (20.95%), whose share grew by 17.50 pp compared to 2022. Third was Faketoken.pac, which affected 5.33% of all users who encountered mobile financial threats in 2023.

Verdict %*, 2022 %*, 2023 Difference in pp Change in ranking Trojan-Banker.AndroidOS.Bian.h 23.78 22.22 -1.56 0 Trojan-Banker.AndroidOS.Agent.eq 3.46 20.95 +17.50 +6 Trojan-Banker.AndroidOS.Faketoken.pac 6.42 5.33 -1.09 +1 Trojan-Banker.AndroidOS.Agent.cf 1.16 4.84 +3.68 +13 Trojan-Banker.AndroidOS.Agent.ma 0.00 3.74 +3.74 Trojan-Banker.AndroidOS.Agent.la 0.04 3.20 +3.16 Trojan-Banker.AndroidOS.Anubis.ab 0.00 3.00 +3.00 Trojan-Banker.AndroidOS.Agent.lv 0.00 1.81 +1.81 Trojan-Banker.AndroidOS.Agent.ep 4.17 1.74 -2.44 -4 Trojan-Banker.AndroidOS.Mamont.c 0.00 1.67 +1.67

* Unique users who encountered this malware as a percentage of all Kaspersky mobile security users who encountered banking threats.

Geography of the attacked mobile users

To find out which countries were worst affected by mobile financial malware in 2023, we calculated the percentage of users who encountered mobile banking Trojans among all active Kaspersky users in the country. Users in Turkey were attacked the most at 2.98%, with Saudi Arabia coming in second at 1.43% and Spain (1.38%) in third place.

TOP 10 countries by number of users who encountered mobile banking malware, 2023:

Country* %** Turkey 2.98% Saudi Arabia 1.43% Spain 1.38% Switzerland 1.28% India 0.60% Japan 0.52% Italy 0.42% South Korea 0.39% Azerbaijan 0.24% Colombia 0.24%

* Countries and territories with relatively few (under 25,000) Kaspersky mobile security users have been excluded from the rankings.
** Unique users attacked by mobile banking Trojans as a percentage of all Kaspersky mobile security users in the country.

Conclusion

Although the number of users affected by PC banking malware continues to decline, there are other financial threats that underscore the need to stay vigilant and protect your digital assets. Unlike 2022, the year 2023 saw the number of users encountering mobile banking Trojans increase significantly. Cryptocurrency-related phishing and scams continued to grow, too, and they are not expected to stop in the nearest future.

To protect your devices and finance-related accounts:

• Use secure authentication methods, such as multifactor authentication, strong unique passwords, and so on.
• Do not follow links from suspicious messages, and do not enter your credentials or payment details, unless you are 200% sure that the website is legitimate.
• Download apps only form trusted sources, such as official app marketplaces.
• Use reliable security solutions capable of preventing both malware and phishing attacks.

To protect your business:

• Regularly update your software and install security patches in a timely manner.
• Improve your employees’ security awareness, conduct regular security training and encourage safe practices, such as proper account protection.
• Implement robust monitoring and endpoint security to detect and mitigate threats at an early stage.
• Implement network segmentation and default deny policies for users with access to financial assets.
• Stay aware of the latest cybercrime trends by obtaining threat intelligence from trusted sources and sharing it with industry partners.

I’m lucky. On average, I’m only on videoconference calls for about five hours a week. I have friends and colleagues who burn that many hours on camera every day!

I’ve been videoconferencing since the 1990s — when you needed a dedicated ISDN line and a $1,000 worth of audio-video gear to make it happen. Today, you open up your laptop and you’re ready to go, even if you’re in a McDonald’s. Back then, when it worked, it was exciting. Today…, not so much.

Though most people call it Zoom fatigue, you’ll find it on any videoconferencing platform. Another name for the same effect is MEGO, short for “My Eyes Glaze Over.”  You know how it goes. A combination of boredom, conversation drift, and a lack of meeting focus, and soon you’re as snoozy as grandpa after a big lunch.

Zoom and its rivals know all about this phenomenon. And lately, they’ve been trying to make meetings more lively and productive by combining visual tricks and AI. 

The visual games have been with us for a while. Who could forget the “I’m Not a Cat!” meme when a misused filter made a lawyer appear as a white kitten with gray markings and large eyes during a civil forfeiture hearing on Zoom in February 2021? 

Now, this kind of thing — for better or worse — has gotten more advanced. Apple Vision Pro users, for example, can now use CGI avatars (Personas) in Zoom meetings. Personas, you can remove the backgrounds of your meeting participants and “pin” their real-time avatars in your physical workspace. (I have no doubt that those avatars will soon be able to move around in your augmented reality space.)

I consider that more fun than practical for business meetings. But I can see how  Microsoft’s Mesh, when used with Microsoft Teams and spatial audio, could be useful by allowing avatars to “step away” from the main meeting for private conversations.

Another meeting technology I could see seriously taking off involves having your avatar, but not you, attend a meeting. Thanks to the Microsoft 365 Copilot chatbot and Google’s Duet AI for Workspace, we can already get meeting minutes from gatherings we didn’t actually attend. Why not make it “appear” that we’re there while we’re actually ordering a Big Mac? 

Other tools, such as Zoom’s AI Companion, are already making meetings more productive by presenting meeting summaries, identifying action items, and prompting people to share the next steps. Personally, I’ve been doing this for a while by running Otter.AI, my voice transcription program of choice, manually with videoconferencing programs. Today, Otter AI Assistant for Zoom Meetings can do this on auto-pilot. 

All that’s neat and nifty, but I remain unconvinced they’ll help much. For example, if I had my avatar record a meeting to boil it down to what I needed to know and act on, why wasn’t it an e-mail in the first place? 

Sure, if there’s a conversation — that’s different. But there’s no talk going on if our meetings are mostly attended by avatars. So what’s the point?

Avatars and AI aren’t really going to make videoconferencing meetings more productive. While they can be fun and helpful, they don’t address the real reasons so many meetings are deadly dull. 

As my friend Alfred Poor (he’s my video meeting advisor and founder of The 75% Solution), told me, “I firmly believe that there is no such thing as ‘Zoom Fatigue.’ Instead, I believe that people are observing ‘Bad Zoom Fatigue,’ which is not much different from ‘Bad Conference Room Meeting Fatigue’ that we’ve suffered from for generations. It’s just that the vast majority of Zoom (and Teams and Google Meet and webinars and all those other platforms) meetings are not prepared and executed with intention.”

Specifically, Poor believes you must properly organize “the meeting itself — ‘this meeting could have been an email’ — which requires analyzing the objectives along with the type and direction of information flow required to achieve those objectives.” 

For example, if a meeting involves the boss simply telling people what’s what in the next quarter, it could just as well be a webinar rather than a videoconference. Or, if there’s a meeting to determine what will happen in the next quarter, it should involve only the people planning what’s what, not everyone and their assistant. Your aides-de-camp will be fine with meeting minutes and action items. 

Yes, sometimes videoconferences are necessary and helpful. Yes, AI tools can make them more productive. And, yes, I, for one, would be happy to have a meeting where I was represented by an avatar of my dog Telly and my editor by his Lil Joe. That would be fun, at least once. But for videoconferences to really be useful, we need organization and planning, not technical tricks. 

Augmented Reality, Collaboration Software, Generative AI, Productivity Software, Videoconferencing, Zoom Video Communications

Není tajemstvím, že Čína usilovně pracuje na strategii Anti-Access/Area Denial (A2/AD), kterou se obvykle snaží používat slabší ze soupeřů. Jde o vytvoření oblastí, které jsou prakticky neprostupné. Protivník se do takové oblasti nemůže bez významných ztrát dostat (Anti-Accsess) ani se v ní volně ...

V marketech se pravidelně objevují slevy na aplikace a hry • Vybírejte pro platformy Android i iOS • Na titulu můžete ušetřit desítky korun

Zatímco dosud se 125W modely procesorů Intelu od 65W liší jen přítomností písmene „K“ v názvu, od generace Arrow Lake se nejspíš budou lišit i číselně. Core Ultra 285K existovat bude, 285 asi ne…

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are Newsroomhttp://www.blogger.com/profile/[email protected]