You may have already come across this strain of malware before: a big, official looking notice pops up on your screen accusing you of software piracy. You are offered the opportunity to pay your “fine” online, which appears to be the only way to remove the notice and get back the use of your computer. This form of extortion scam is known as “scareware” and has been around for years. Most technology users are savvy enough these days to no longer fall for this particular tactic, but a new form of scareware accusing users of viewing child pornography is now circulating that is giving even the most hardened malware veterans cause to pause. As you can imagine, being accused of this particularly heinous activity puts potential victims into the uncomfortable position of sharing this with someone else, something that they may be willing to avoid by paying what now may seem like a reasonable “fine”. Cybercriminals are counting on the squeamish and privacy-conscious nature of most people in this regard, and it’s likely we’ll see a huge uptick in this type of scareware tactic.
What this means for you:
No law enforcement agency in the United States issues fines via the internet, and they certainly don’t hold your computer hostage until the fine is paid. If your computer is infected with a scareware virus, immediately disconnect it from the network and contact your IT department or technology consultant, regardless of what you are allegedly accused of doing by the scareware notice. Any IT professional worth a darn will be intimately familiar with this particular type of malware and should be able to remove it from your computer, BUT, depending on the level of infection, your data and identity may be at risk, as well as your personal information, especially if you’ve accessed online bank accounts or other sensitive online information. You’ve backed up your important data on that computer right? Because many times, it’s easier to wipe a computer completely clean and start with a fresh operating system rather than cleaning up a malware infection. This is yet another reason in a long list on why you should be backing up your data regularly.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
A 2013 whitepaper published by security firm Fortinet provides eye-opening details on the increasingly well-organized world of cybercrime that now features standardized pricing, polished branding, affiliate networks and zombie armies that can be rented for as little as $15/hour. Depending on the size of the botnet army, an incredible amount of damage can be done in an hour, making this one hell of a deal if your business is exploiting security flaws and stealing identities. Criminals have noticed the huge upside to cybercrime and, like they have always done, wasted no time investing big dollars and resources in this new “industry.”
What this means for you:
Overall, it’s unlikely criminals are outspending the big companies in the cyber arms race, but it’s almost a certainty that they are outspending and are better “armed” than most small and medium-sized businesses, especially ones that can’t (or won’t) afford the necessary investment in preparation and security. The most important thing you can do as a business owner that uses technology for any aspect of your business is ensure that you are taking the appropriate precautions and making the right security investments in your technology platforms. Keep in mind this doesn’t stop at buying hardware and software, but also includes training your employees as well as holding your vendors accountable for security as well.
Image courtesy of chanpipat / FreeDigitalPhotos.net
Holidays usually bring out the best in people, especially those who truly are kind-hearted and enthusiastic about the season, but it’s also an opportunity for the Grinches among us to take advantage of everyone around them. E-cards aren’t new to the internet, and may have actually waned in overall popularity since their inception many years ago, but the winter holidays usually see a spike in their usage. Internet blackhats know this trend, and ironically, it’s like Christmas for them, because they know they can trick more than the usual number of people into opening fake greeting cards that instead of delivering cheer and love, drop a big helping of malware coal in your digital stocking.
What this means for you:
Frankly, I verge on the side of paranoia, and and don’t open any digital greeting card these days unless I recognize the URL (and confirm it’s not a counterfeit). This makes me feel vaguely Scroogish, but I’d rather not spend the holidays disinfecting my computer. If you get a E-card from someone that you weren’t expecting, especially if it’s from someone you know wouldn’t send one (or they already sent you an actual physical greeting card), take a moment to contact that person to verify they actually sent it, especially if you don’t recognize the URL. Heck, it could be your opportunity to reach out to someone you haven’t spoken to in awhile, and there’s no better time like the holidays to reconnect with acquaintances, right?
If you do decide to open that virtual card, make sure your antimalware is up to date, your operating system fully patched, and you have C2 Technology on speed dial!
Image courtesy of “mrpuen” / FreeDigitalPhotos.net
Hackers are now taking advantage of conscientious users who have been repeatedly warned by folks like myself to keep their software, specifically their browsers, up to date. If a user happens to surf to a website hosting this new style of attack, they will be presented with a realistic-looking warning that asserts their browser is out of date, but if they click the convenient link to update the browser, they instead be infected with a trojan that will forcibly change the browser homepage to a site that will deliver a full payload of malware. If the user is unfortunate enough to have his or her anti-malware software overrun, they will quickly have a severely compromised computer.
What this means for you:
You should only ever download updates for your software from the manufacturer’s website, as it’s extremely unlikely for manufacturers to use third-party hosts for software updates. In the above example, users were directed to download an update from a domain “securebrowserupdate” which is something Microsoft, Google, Mozilla or Apple would never do for their browsers. If you happen across a pop-up warning that an update is available for your browser, and you aren’t sure it’s legitimate, close it, then check your update status through the browser’s built into the interface, usually under the “Help” menu. Still not sure? Why not call an expert like C2?
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
A recent study by security firm NSS Labs shows that Google’s Chrome browser still has the best detection rate (94%) for spotting phishing URLs, and on average, new malware sites are reported and blocked by all browsers within 5 hours of discovery, a significant improvement over the 16+ hours that same process would have taken in 2009. Firefox showed the best response time to reporting and blocking new sites at 2.3 hours – more than twice as quick as IE10.
What this means for you:
All of the major browsers have significantly improved their ability to protect users, to the point that there is very little statistical difference in their security capabilities. Many of my clients still ask me if one is better than the other, and the answer is always, “It depends on what you need the browser to do.” I still use Chrome for most of my work, but there are still enough times when I’m working with online apps that only work with Internet Explorer. The most important factor to consider is making sure whatever browser you do use is kept up to date, and that you practice safe and cautious surfing whenever working with unfamiliar websites.
In August of this year, one of the world’s largest oil producers, Saudi Aramco, was targeted in a cyberattack that crippled tens of thousands of its computers. Despite the apparent success of the attack and the impact this would have had on the company’s operations, oil production did not falter, and the global economy continued its drunken flirtation with failure instead of rushing into an oil-shortage-fueled orgy of self-destruction. Saudi Aramco has not been forthcoming on the details of the attack, or how they managed to survive it relatively unscathed, but in the eyes of security analysts and even our own Secretary of Defense, Leon Panetta, this attack was “probably the most destructive attack that the private sector has seen to date.”
There are conflicting reports about the motivation behind the attack. The hacktivist group “Cutting Sword of Justice” has claimed responsibility, citing the act as a strike at the House of Saud, the ruling body of Saudi Arabia, refuting claims by security analysts who believe the attack to be a state or government-sponsored reprisal for the Stuxnet attacks that crippled the Iranian Nuclear Program. Intended to cripple oil-dependent economies like the US, government-backed cyberattacks on companies like Saudi Aramco can also gain proprietary geological survey data that could be extremely profitable for other, competing state-sponsored oil companies.
What this means for you:
Information is power, and there are very few companies that don’t store their most valuable data on computers and servers that are somehow connected to a network, if not the internet itself. Even if they had the best security known to man, it’s believed that at least one individual inside Saudi Aramco provided the means for attackers to compromise a company that produces 12% of the world’s oil. You should never rely 100% on technology alone for security – humans will always be more fallible than computers. Additionally, it’s important to provide some level of separation in your core business operations so that if a segment of your business is paralyzed, the entire operation doesn’t grind to a halt because the computers are offline getting repaired.
Kaspersky Labs just released their quarterly threat report for Q3 2012, and it’s dry reading for most folks not fascinated by IT security as I am. There are some notable trends that their research has surfaced, and I thought you might find some of these data points interesting:
- You are least likely to be infected by a fellow countryman in the nation of Denmark. (The US is in the lower first quartile, in case you were wondering.)
- Russia has overtaken the US as having the most websites hosting malware software.
- The most commonly found smartphone virus is designed to steal money from you by texting premium-rate numbers without you noticing.
- The most common way to get a virus infection is via drive-by infections, ie. visiting a dodgy website and getting infected when your browser loads pages that have embedded viruses.
- Of the top 10 most commonly found software vulnerabilities, 2 are found in Oracle software (Java), 5 from Adobe (Flash, Shockwave & Acrobat), 2 from Apple (Quicktime and iTunes), and 1 from Winamp.
- Over half of the detected malware infections came from Java vulnerabilities.
- For the first time in many years, Microsoft did not make the Top 10 list of vulnerabilities!
What this means for you:
Keep your software up to date. The java vulnerabilities have been patched, but many people ignore (or aren’t even aware) that Java needs to be kept up to date just like any other software installed on their machine. Keep your browser up to date, and if you have the choice, use the latest version of IE, or even better, Google’s Chrome browser. However, nothing will keep you safe if you don’t have proper malware protection installed, updated and ACTIVE. If you use an Android phone, see my previous article on the dangers of side-loading questionable apps. As of the moment, buying smartphone anti-virus software isn’t at the same state of “must-have” as computers, but we may be fast approaching that point. If you are careful about the apps you install on your phone, you don’t need it…yet.
According to analyst IDC, Android-based smartphones account for three out of every 4 phones sold worldwide in Q3 2012. As anticipated, this expansion of the market has also prompted a surge in fraudulent apps being developed and installed on phones. Security firm F-Secure reports a 10X increase in the number of distinct malware apps detected in the marketplace, finding over 50k apps this quarter alone. Most of these apps appear to be making their debut on 3rd party apps stores outside of the US looser security standards allow the malware to slip into the marketplace undetected.
What this means for you:
Earlier this year, Google implemented a security review process on its official “Play” store, reducing the number of fraudulent apps significantly. However, unlike the iPhone ecosystem, which locks users into only getting apps through its tightly controlled and reviewed iTunes appstore, Androids can bypass the Google’s official appstore to “sideload” apps on their smartphones via a single checkbox setting that is available in the operating system. Just because you can do something doesn’t mean you should. With the possible exception of Amazon’s App Store, I would not recommend installing apps from any 3rd party app store. Amazon.com led the way in sideloading by announcing their own appstore in early 2011, primarily as a means to avoid paying distribution fees to Google to service their own Android-based Kindle devices. Given that keeping their user base safe is probably of utmost concern, it’s likely that Amazon will be carefully reviewing apps distributed through their ecosystem.
If you insist on sideloading apps from a 3rd party app store, make sure you know what you are doing, review the apps carefully, and when in doubt, do your research before installing that magical app that will do it all, and is also free. It may not cost you any money up front, but the longterm damage to your security and identity may be a cost you can’t afford.
Now that the public’s overall awareness of phishing is much greater, getting people to click phony links in an email isn’t as easy as it used to be. However, phishers, now motivated (and possibly funded) by organized criminal elements, are investing more time in actually fooling people, producing very authentic-looking emails intended for audiences with accounts worth compromising, such as the ones that control payroll or bank accounts for small companies. A recent phishing campaign dissected by Webroot details a focused targeting of Intuit’s popular Quickbooks platform. Using a combination of scare tactics, actual Intuit branding and realistic-sounding text, actual Quickbooks users may be lulled into a false sense of security and click through to malware-laden sites which quickly compromise their computers.
What this means for you:
Whenever you receive a request from a known service provider via email, always, ALWAYS! check the integrity of the links they ask you to click, especially if the communication wasn’t expected. How do you check the links in an email? Read my previous post “Ransomware Virus Targets Skype Users” for details on how to check if the links are valid. Even if the email seems to be legitimate, skip clicking the links altogether and go straight the the website in question by typing in the URL yourself, or pick up the phone to call the company. Your computer and financial security are worth a few more minutes and keystrokes!
A new variant of the Dorkbot Worm that plagued Facebook users in late 2011 has resurfaced via emails sent to Skype users with the message reading “Lol is this your new profile pic?” The email also has a zipped attachment that contains an executable titled “skype_[today’s date]_image.exe” hoping to fool careless Skype users into thinking that the attached file is an update to their Skype software, or more foolishly somehow the above referenced profile picture. Instead, it “zombifies” the computer and, in a new twist, also installs a “Ransom-ware” form of malware which encrypts the user’s data and threatens to delete it unless a payment of $200 is made within 24-48 hours.
What this means for you:
Even if you are running the most recent and most powerful anti-virus and anti-malware software on your machine, it’s still possible for your computer to become compromised merely because you “opened the door” by purposefully running the unindentified executable. There is nothing that can prevent your computer being compromised in these types of situations except constant vigilance. Here’s what you should be watching for:
- Do you even know the sender? Do they normally email you out of the blue with an attachment? Obviously, attachments from strangers is a huge red flag!
- Is the email you’ve received characteristic of the sender? Does it have unusual spellings (or misspellings), capitalization, punctuation? Is the subject matter something you would normally discuss via email?
- Is the attachment something you were expecting, or at minimum, something you recognize? Is it normal for the sender to be sending you a file in this manner?
- If the email includes links, do the links actually go to where they say they do? For example, look at this link I made to google.com (which actually goes to bing.com). See how easy it is to fake a URL? Use your email program’s “View Source” option to check suspicious links.
- If you want to be certain, contact the sender via another means – phone, SMS, in-person – (their email account may be compromised) to verify they actually sent you a safe attachment.
Image courtesy of Victor Habbick / FreeDigitalPhotos.net