Month: November 2015
Nov 26, 2015 | Cybersecurity News, Email & Web Spam, Internet Security
The biggest online shopping day of the year may be Cyber Monday, but for the Bitcoin community it is Bitcoin Black Friday.
Bitcoin has grown in popularity with the online community as a secure alternative method of paying for goods and services online. On Bitcoin Black Friday, transactions using the currency increase substantially. Last year, on November 28th, more Bitcoin transactions took place than on any single day in the history of the currency. This year promises to be even bigger.
Bitcoin Black Friday is a day when bitcoin buyers are given amazing discounts on their online purchases, and are able to pick up amazing deals on jewelry, holidays, gifts, electronic gadgets, domain registrations, and much more. The only condition being all purchases must be made using Bitcoin. Last year over 600 online retailers took part and offered special offers to kick start the holiday shopping season. In 2015, the number of participating merchants is expected to be double that figure.
Since the online currency can be used to make anonymous purchases, it has proven popular with online criminals. Bitcoin Black Friday is the day when theft of Bitcoin increases substantially. It is also a day when users of the currency are fooled into revealing their personal information to criminals.
Bitcoin Black Friday Phishing Website Launched
Criminals have targeted Black Friday purchasers by launching a new website offering bargains galore. The site offers numerous discounts for purchasers, with many apparently genuine deals.
The website bitcoinblackfriday.info is a rip off of a genuine offer site; piggybacking on the name of the genuine dotcom version of the site.
The rip off site looks similar in style to the genuine article but, instead of providing visitors with real offers, it links to phishing websites that will relieve users of their personal information and Bitcoin. These mock websites were set up to closely mimic real sites, albeit with slight differences. Unless visitors had used the real site before and were familiar with the layout, they would likely be convinced that they were visiting a genuine online retailer. Most of the phishing websites linked to from the .info site were set up in in the past few days. This is a clear sign that the sites are not genuine, but few people would likely check before making a purchase.
It is not clear whether the owner of the .info website was aware that the site was being used to host links to phishing websites or if the domain had specifically been set up with phishing in mind.
The links contained on the .info version of the website look convincing. For instance, adverts were placed on the website that link to variants of popular store names such as “buy-trezor.com” instead of “buytreznor.com.” Many purchasers are therefore likely to be fooled.
Since many deals were not available until Black Friday, the site requested users to leave their email addresses in order to be sent information about the best deals as soon as they were released on the big day. Any person who did will not only receive Black Friday offers, but their email addresses are likely to be used to send further email scams.
Bitcoin users should be wary. It is not only credit cards that online criminals seek. Bitcoin and personal information are just as valuable to online thieves. On Bitcoin Black Friday, when special deals are offered for a very limited time, users should be extra careful. The golden rule is to always take time to verify the genuineness of a website before parting with any money or divulging any personal information.
Nov 25, 2015 | Cybersecurity News
The discovery of a new IRS e-Services scam has prompted the Internal Revenue Service to kick off its Security Awareness Tax Tips with a phishing warning.
New IRS e-Services Scam Reported
IRS tax scams are nothing new. In fact the IRS regularly issues warnings about new phone and email scams. Criminals frequently devise new scams to get U.S. consumers to reveal personal information. However, the latest IRS e-Services scam targets tax practitioners and attempts to get users to reveal their IRS e-Services login credentials.
As is the case with most phishing campaigns, a highly realistic email is sent requesting action to be taken to address a matter that requires a user’s urgent attention. Many IRS phishing scams warn of immediate suspension of an account; although the latest IRS e-Services scam says this has already happened. In order to lift the suspension on the account, the user must click on the link contained in the email and update their Electronic Filing Identification Numbers (EFINs).
The email warns “Our account surveillance have detected some suspicious activities over your account and to maintain the security we have temporarily disabled some functions on your account.”
Users are provided with a link which they must click on in order to reactivate all functions on their account. After clicking the link, users are asked to verify their identity by entering in their username and password.
The link contained in the email may appear genuine, but it will direct the user to a phishing website that will capture the username and password as they are entered.
Gaining access to IRS e-Services is potentially very lucrative for criminals. The service allows tax professionals to conduct a number of services online on behalf of their clients. Access to one of these accounts can potentially allow the scammers to gain access to a wealth of data that can be used to commit identity theft and tax fraud. Should access to the account be gained, criminals would be able to obtain details of past tax returns and other client account details.
The email appears to have been sent from a genuine IRS email address. The new IRS e-Services scam shows that sender email addresses cannot be trusted as a way of checking the genuineness of emails.
Tax professionals have been warned not to click on the link contained in the phishing email and to delete it. The IRS has told users that it does not initiate conversations with individuals via email, social media channels, or text message. The IRS will also not request that users reveal their passwords.
The IRS will soon be launching its new “Taxes. Security. Together” initiative ahead of the 2016 tax season. The campaign is aimed at improving awareness of phishing scams and other methods used by criminals to get unsuspecting users to reveal their tax information.
Nov 20, 2015 | Cybersecurity News, Internet Security, Mobile Security, Network Security
A new critical Android vulnerability has been discovered that could potentially allow Android Smartphones to be hijacked by hackers without any user interaction required. The vulnerability affects Chrome JavaScript v8 – and not just older devices but the latest models now being released. Even the Nexus 6, one of the most advanced and secure Android phones, contains the vulnerability.
Hackers could potentially use the exploit to install apps on the device without any user interaction. The apps could be given permissions to access all communications made through the device. The new critical Android vulnerability was demonstrated at the recent Tokyo PacSec conference. Full details of the exploit have been shared with Google and a patch is currently being developed to plug the security hole.
This is just one more critical Android vulnerability to be discovered, and it will not be the last. Fortunately, this time the security hole was found by a security expert rather than a hacker.
Fake ID critical android vulnerability still exists on many Smartphones
Last year, researchers at Bluebox Security discovered another critical vulnerability which affects all Android Smartphones running KitKat (version 2.1 to 4.4). The critical Android vulnerability affects millions of devices,
The vulnerability, named Fake ID, potentially allows hackers to develop apps that can exploit a flaw in the way the devices deal with security certificates. The vulnerability can be used to gain privileges granted to other applications – even those with high levels of privileges such as Google Wallet.
Fortunately, to exploit this critical Android vulnerability, hackers would need to convince the user to download a malicious app to their device, which would be difficult if the user only used Google Play Store to obtain new apps.
However, StageFright – a critical Android vulnerability discovered this summer – is potentially much more serious. The bug enables a hacker to remotely execute code on an Android phone and escalate privileges. StageFright allows a hacker to attack an Android device via a video sent by MMS text message. The attack is possible via the libStageFright mechanism.
Android phones running Google Hangouts would potentially be vulnerable and could be exploited without the user’s knowledge as the app processes video automatically before the message is viewed by the user.
Due to how patches are rolled out, Smartphones could still be vulnerable to both Fake ID and StageFright, even though patches have now been released.
When a new critical security vulnerability is discovered, a patch is rapidly developed to plug the security hole. Even when a patch is issued, it can take some time before it is rolled out and installed on each device. The speed depends on the carrier. Patches are rolled out quickly in some cases – Google Nexus and LG for example – but slower with other brands such as Samsung and HTC.
Often updates to the operating system are packaged together with manufacturer updates and are not rolled out immediately. Sometimes they are not rolled out at all, leaving some phones particularly vulnerable to attack.
A recent study conducted by the University of Cambridge showed that 87% of Smartphones contain at least one critical Android vulnerability, and many contain more than one.
Reducing Security Risk from Android Devices
BYOD has grown in popularity in recent years, and many employers are now allowing employees to bring their own mobile devices to work. While not all allow the use of personal laptops, employees are commonly allowed to use their Smartphones at work, and even use them to connect to their employer’s network.
Any employer operating BYOD, should carefully consider which devices are allowed to connect to the corporate network. Some Smartphones are safer than others and will involve much lower network security risk. Allow devices to connect that can be easily compromised, and they could be used as a platform to launch an attack on the network.
Nov 13, 2015 | Cybersecurity Advice, Email & Web Spam, Malware Alerts, Web Filtering
SMB ransomware infections can be time-consuming, expensive, or catastrophic. Which category an infection falls into will, to a large extent, depend on how you have prepared. If you run a SMB, ransomware protection is essential.
Ransomware protection is no longer an option, it is a necessity
It may not simply be a case of paying a ransom to recover your data. Data may be permanently lost. There is no guarantee that a security key will work, or will even be provided if a ransom is paid.
Unfortunately, ransomware is here to stay. Criminals have found it to be one of the best methods of obtaining untraceable money from victims. Ransoms are paid in Bitcoin – or via other anonymous payment systems – and infecting computers is exceptionally easy in many cases.
Ransomware will continue to be used as long as it proves profitable for cybercriminals. The profits from Cryptowall infections alone are estimated to be in the region of $325 million (£215 million) and the ransomware was only developed and released in September 2013. With such high profits, ransomware is here to stay – so businesses need to get prepared.
Importance of ransomware protection highlighted by Power Worm variant
Infected with ransomware? It’s not the end of the world, you could just pay the ransom. Unfortunately, that does not necessarily mean you will get your data back. Take the latest Power Worm variant for example.
Not all hackers diligently prepare their malware. Sometimes mistakes are made. The latest variant of Power Worm is a good example. The developers of the ransomware attempted to make decryption a more straightforward process, but made a critical error. The Power Worm variant they created encrypts files, but deletes the security keys to unlock them.
Even if a ransom is paid, data will not be unlocked. An infection will mean data will be permanently and irrevocably encrypted. This has not stopped the users of the ransomware from asking for a payment of 2 Bitcoin to decrypt the data. It just prevents them from making good on their promise.
There is never any guarantee that a security key will be provided even if a ransom is paid but, with this infection, it is simply not possible. This latest ransomware highlights the importance of implementing ransomware protection strategies to deal with infections when they occur. If you don’t, it could spell total disaster.
Ransomware protection strategies
Unfortunately, while ransomware is spread via spam email and social media networks, exploit kits are now being used to infect computers by taking advantage of security vulnerabilities. Fortunately, there are a number of ways you can protect against a malware infection.
Regularly back up your data on a separate device
A ransomware infection need not spell disaster, even if the criminal behind the infection does not unlock your data. If you have a backup, an infection is a pain, but you can recover your data.
Install a robust spam filter
Ransomware is often spread via infected email attachments. Configure your spam filter to block executable files, and you can prevent malicious email attachments from being delivered to users’ inboxes.
Show hidden file extensions
Windows often hides known file extensions. Criminals take advantage of this. If they name an executable file report.pdf.exe, when Windows hides the extension, it will appear as report.pdf. Users may inadvertently open an executable file believing it to be harmless. Make sure file extensions are shown to reduce the chance of accidental infections.
Make sure Remote Desktop Protocol (RDP) is disabled
You may use RDP to provide support to end users on your network, but hackers can exploit RDP to gain access to devices and install malware without any user interaction. If you do not use RDP, or can get away without using it, make sure that it is disabled on all internet enabled devices.
Make sure browsers are kept up to date and patches installed
Exploits are used to probe browsers for security vulnerabilities that can be exploited. It is therefore essential that the latest version of web browsers are always installed, and patches and updates are installed as soon as they are made available.
Install web filtering software
Ransomware is often installed using drive-by attacks. Malicious websites are not always easy to identify, but the sites can be blocked if web filtering software is employed. Stop end users from visiting malicious websites and you will greatly reduce the risk of ransomware being installed.