Daily Archives: January 9, 2019

2019 is Here – Have You Made Any Digital Parenting Resolutions for The Year?

Hello parents! Welcome to 2019. I have a hunch you are feeling all charged up and ready to start the new year on a positive note. Are your resolutions for the year ready? Take a minute and check- have you included any digital parenting resolutions in your list? If yes, great! If no, worry not, McAfee Cybermum is here for you.

Parenting is not an easy job and the rapid progress of technology has added to it. In addition to teaching your kids values and life skills for the real world, you have to now do the same for the digital world too. At times, you don’t know whether you are doing too much or not enough; given the digital immigrants that we are- we have no resources to draw from. There is little time to step back and reflect over one’s own parenting style, leading to doubts and guilt. Wouldn’t it be lovely therefore if there was a ready reckoner on the subject?

Sharing my list of digital parenting resolutions with you. They are broadly aimed at helping us be more involved and evolved digital parents who are empowered to guide kids in the digital world. Feel free to add, delete or customize as per your family’s needs. Always keep in mind that each family is different, in terms of values and environment; and each child is different, in terms of ability and maturity.

Parents, presenting to you My Digital Parenting Resolution List for 2019:

  • Focus on digital media balance: There are several devices at home these days. The collective time spent working on a laptop, reading from an e-book and browsing social media on tabs or phones is considerable. To a young child, who can’t differentiate between work and pleasure, it may look like you can’t stay off digital devices the whole day and they may follow suit. You have to therefore fix your online schedule and practice digital balance.
  • Focus on having a positive digital media presence: What many parents fail to realize is that all social media users are media content creators and consumers. Each user is a newsmaker who can use digital media to create and share content, either negative or positive. As a consumer, a gullible user may accept the content as truth, without verifying. Fake news is rampant, and parents need to impress the need for fact-checking upon the kids.
  • Focus on values like empathy and mercy: The digital world brings the world to your homes and you connect with both strangers and acquaintances. There is therefore a greater need for kindness, tolerance and empathy. Posts may go viral and cause trouble or lead to cyberbullying. Children need to learn the importance of kindness and forgiveness to keep their digital world clean and happy. Parents can set an example by displaying these virtues in the real and the digital world.
  • Focus on self-control: One of the biggest issues nuclear families face today is that of work-life balance. Too many hours spent working, can lead to parents feeling guilty, who then try to compensate by gifting them expensive gifts. Set up a routine for games, chat and story time with kids to make up for long hours of absence.
  • Focus on being the perfect role model: As we know, children copy their parents. It’s like being a celebrity with the camera rolling 24/7. Modify your speech, actions, and digital actions so that children have the right guidance for their online behavior.
  • Focus on listening more: Parents generally tend to preach rather than listen. Plan to listen well in 2019. You will come to know a lot about your child’s life, aspirations and concerns if you do. The bonus is, they too will pay attention to you and your advice.
  • Focus on general health: You want your child to be healthy and active, right? The be the perfect role model, Exercise daily and play some games with your kids. Your kids too will then develop the same disciplined outlook towards health and sports. A healthy, active family usually prefer games to digital devices.
  • Focus on monitoring digital footprints and reputation: As your kids grow up, talk to them about the importance of exercising the right behavior online and the consequences of a poor digital reputation on academic and job prospects. Use examples from social media to differentiate between a desirable and an avoidable post or photo. Discuss what should be kept private and what can be shared.
  • Focus on cybersafety and privacy: With the rise in data breaches and ID theft via phishing attacks, it is imperative to discuss cyber safety regularly at home. Insist on the use of secured devices and scanning of every external device before use. Also, educate your children about malware and how apps, links and attachments are used to share them.
  • Focus on the monitoring and extent of parental supervision online: Though your children will have no problems with the installation of security tools like McAfee Total Protection, parental control is another matter altogether. Here, your diplomatic approach will stand in good stead. Share your concerns about strangers and cyber criminals and establish that you plan to monitor their online lives till they are mature enough to tackle issues themselves. Ensure that they understand you don’t mean to pry but protect

Start the year on a positive note. Take charge of your family’s digital life. Plan your parenting schedule, just like you plan your day. And yes, Happy New Year!!!

 

The post 2019 is Here – Have You Made Any Digital Parenting Resolutions for The Year? appeared first on McAfee Blogs.

Ryuk Ransomware Attack: Rush to Attribution Misses the Point

Senior analyst Ryan Sherstobitoff contributed to this report.

During the past week, an outbreak of Ryuk ransomware that impeded newspaper printing services in the United States has garnered a lot of attention. To determine who was behind the attack many have cited past research that compares code from Ryuk with the older ransomware Hermes to link the attack to North Korea. Determining attribution was largely based on the fact that the Hermes ransomware has been used in the past by North Korean actors, and code blocks in Ryuk are similar to those in Hermes.

The McAfee Advanced Threat Research team has investigated this incident and determined how the malware works, how the attackers operate, and how to detect it. Based on the technical indicators, known cybercriminal characteristics, and evidence discovered on the dark web, our hypothesis is that the Ryuk attacks may not necessarily be backed by a nation-state, but rather share the hallmarks of a cybercrime operation.

How McAfee approaches attribution

Attribution is a critical part of any cybercrime investigation. However, technical evidence is often not enough to positively identify who is behind an attack because it does not provide all the pieces of the puzzle. Artifacts do not all appear at once; a new piece of evidence unearthed years after an attack can shine a different light on an investigation and introduce new challenges to current assumptions.

Ryuk attack: putting the pieces together

In October 2017, we investigated an attack on a Taiwanese bank. We discovered the actors used a clever tactic to distract the IT staff: a ransomware outbreak timed for the same moment that the thieves were stealing money. We used the term pseudo-ransomware to describe this attack. The malware was Hermes version 2.1.

One of the functions we often see in ransomware samples is that they will not execute if the victim’s system language is one of the following:

  • 419 (Russian)
  • 422 (Ukrainian)
  • 423 (Belarusian)

That was October 2017. Searching earlier events, we noticed a posting from August 2017 in an underground forum in which a Russian-speaking actor offered the malware kit Hermes 2.1 ransomware:

What if the actor who attacked the Taiwanese bank simply bought a copy of Hermes and added it to the campaign to cause the distraction? Why go to the trouble to build something, when the actor can just buy the perfect distraction in an underground forum?

In the same underground forum thread we found a post from October 22, 2018, mentioning Ryuk.

This post contains a link to an article in the Russian security magazine Xakep.ru (“Hacker”) discussing the emergence of Ryuk and how it was first discovered by MalwareHunterTeam in August 2018. This first appearance came well before last week’s attack on newspaper printing services.

Manga connection

Ryuk, according to Wikipedia, refers to a Japanese manga character from the series “Death Note.” Ryuk apparently drops a death note, a fitting name for ransomware that drops ransom notes.

Ransomware is typically named by its cybercriminal developer, as opposed to the naming of state-sponsored malware, which is mostly is done by the security industry. It seems the criminals behind Ryuk are into manga.

The use of manga character names and references is common in the cybercriminal scene. We often come across manga-inspired nicknames and avatars in underground forums.

Technical indicators

Looking at research from our industry peers comparing Ryuk and Hermes, we notice that the functionalities are generally equal. We agree that the actors behind Ryuk have access to the Hermes source code.

Let’s dive a bit deeper into Ryuk and compare samples over the last couple of months regarding compilation times and the presence of program database (PDB) paths:

We can see the PDB paths are almost identical. When we compare samples from August and December 2018 and focus on the checksum values of the executables’ rich headers, they are also identical.

From a call-flow perspective, we notice the similarities and evolution of the code:

The Hermes 2.1 ransomware kit, renamed and redistributed as Ryuk.

The author and seller of Hermes 2.1 emphasizes that he is selling is a kit and not a service. This suggests that a buyer of the kit must do some fine tuning by setting up a distribution method (spam, exploit kit, or RDP, for example) and infrastructure to make Hermes work effectively. If changing a name and ransom note are part of these tuning options, then it is likely that Ryuk is an altered version Hermes 2.1.

Attribution: analyzing competing hypotheses

In the race to determine who is behind an attack, research facts (the What and How questions) are often put aside to focus on attribution (the Who question). Who did it? This pursuit is understandable yet fundamentally flawed. Attribution is crucial, but there will always be unanswered questions. Our approach focuses on answering the What and How questions by analyzing the malware, the infrastructure involved, and the incident response performed at the victim’s site.

Our approach is always to analyze competing hypotheses. When investigating an incident, we form several views and compare all the artifacts to support these hypotheses. We try not only to seek verifying evidence but also actively try to find evidence that falsifies a hypothesis. Keeping our eyes open for falsifying facts and constantly questioning our results are essential steps to avoid conformation bias. By following this method, we find the strongest hypothesis is not the one with the most verifying evidence, but the one with the least falsifying evidence.

Examining competing hypotheses is a scientific approach to investigating cyber incidents. It may not help with the race to attribution, but it ensures the output is based on available evidence.

The most likely hypothesis in the Ryuk case is that of a cybercrime operation developed from a tool kit offered by a Russian-speaking actor. From the evidence, we see sample similarities over the past several months that indicate a tool kit is being used. The actors have targeted several sectors and have asked a high ransom, 500 Bitcoin. Who is responsible? We do not know. But we do know how the malware works, how the attackers operate, and how to detect the threat. That analysis is essential because it allows us to serve our customers.

The post Ryuk Ransomware Attack: Rush to Attribution Misses the Point appeared first on McAfee Blogs.

Google Public DNS now supports DNS-over-TLS



Google Public DNS is the world’s largest public Domain Name Service (DNS) recursive resolver, allowing anyone to convert Internet domain names like www.example.com into Internet addresses needed by an email application or web browser. Just as your search queries can expose sensitive information, the domains you lookup via DNS can also be sensitive. Starting today, users can secure queries between their devices and Google Public DNS with DNS-over-TLS, preserving their privacy and integrity.

The DNS environment has changed for the better since we launched Google Public DNS over eight years ago. Back then, as today, part of Google Public DNS’ mission has been to improve the security and accuracy of DNS for users all over the world. But today, there is an increased awareness of the need to protect users’ communication with their DNS resolvers against forged responses and safeguard their privacy from network surveillance. The DNS-over-TLS protocol specifies a standard way to provide security and privacy for DNS traffic between users and their resolvers. Now users can secure their connections to Google Public DNS with TLS, the same technology that protects their HTTPS web connections.

We implemented the DNS-over-TLS specification along with the RFC 7766 recommendations to minimize the overhead of using TLS. These include support for TLS 1.3 (for faster connections and improved security), TCP fast open, and pipelining of multiple queries and out-of-order responses over a single connection. All of this is deployed with Google’s serving infrastructure which provides reliable and scalable management for DNS-over-TLS connections.

Use DNS-over-TLS today

Android 9 (Pie) device users can use DNS-over-TLS today. For configuration instructions for Android and other systems, please see the documentation. Advanced Linux users can use the stubby resolver from dnsprivacy.org to talk to Google’s DNS-over-TLS service.

If you have a problem with Google Public DNS-over-TLS, you can create an issue on our tracker or ask on our discussion group. As always, please provide as much information as possible to help us investigate the problem!

Preventing Cryptojacking Malware with McAfee WebAdvisor’s New Cryptojacking Blocker

By now, you’ve probably heard of cryptocurrency, but you may not know exactly what it is. To put it simply, cryptocurrencies are virtual currencies that have actual monetary value in today’s world. They are limited entries of transactions into a single database, or public ledger, that can’t be changed without fulfilling certain conditions. These transactions are verified and added to the public ledger through cryptocurrency mining. Cryptocurrency miners try to make money by compiling these transactions into blocks and solving complicated mathematical problems to compete with other miners for the cryptocurrency. While this process of mining for cryptocurrencies can be lucrative, it requires large amounts of computing power.

Unfortunately, the need for massive amounts of hardware has provoked cybercriminals to participate in cryptojacking, a method of using malware to exploit victims’ computers to mine for cryptocurrencies. Cybercrooks spread cryptojacking malware through sketchy mobile apps, flawed software, and malware-infected ads. They can even cryptojack your device during a browsing session while you’re perusing a website that appears completely harmless. Once a user’s device becomes infected, the malware drains the device’s CPU, causing the user’s computer fan to be loud while the malware mines for cryptocurrencies in the background. Unfortunately, symptoms of cryptojacking are usually pretty subtle, with poor device performance being one of the few signs of its presence.

Thankfully, McAfee WebAdvisor is here to help. This security solution, which helps block users from malware and phishing attempts, now includes Cryptojacking Blocker. This enhancement is a Windows-based browser add-on available for Google Chrome that helps stop malicious websites from mining for cryptocurrency. So far, our direct and retail McAfee WebAdvisor customers have already started receiving the update that adds Cryptojacking Blocker to their product, and the customers who have WebAdvisor through other partners should begin to see this update roll out during Q1. The same thing goes for those who own McAfee LiveSafe and McAfee Total Protection. Additionally, we’re aiming to add support for Firefox in the coming months. And if you don’t already have WebAdvisor, you can download it for free on our website, with Cryptojacking Blocker included in your download.

In addition to using a security solution like McAfee WebAdvisor, here are some other general tips to help you stay safe online:

  • Create a strong, unique password. Although it may be easier to remember, reusing passwords across multiple accounts puts all of your data at risk even if just one of your accounts is breached. Choosing a complex password for each individual online account will act as a stronger first line of defense. You can also use a password manager so all of your credentials are consolidated into one place.
  • Be careful where you click. If you come across a website that seems sketchy or notice that the URL address looks odd, avoid interacting with the site entirely. Stick to browsing websites you know are reputable.
  • Update, update, update! Cybercriminals can take advantage of old software to spread cryptojacking malware. Keeping your software updated with the latest patches and security fixes can help you combat this threat.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Preventing Cryptojacking Malware with McAfee WebAdvisor’s New Cryptojacking Blocker appeared first on McAfee Blogs.

7 things IT should be automating

To take advantage of innovations like artificial intelligence you must first move away from manual processes. For that reason alone, automation should be a key short-term priority for most CIOs.

Automation isn’t just about saving time or money. Done well, automation reduces errors, increases employee satisfaction by freeing staff from tedious tasks, improves the customer experience and allows you to scale up.

Automation also forces you to address hidden problems in your processes that are normally handled by staff working around the process. That kind of routine exception handling greatly reduces employee productivity. Automated systems are also self-service systems; automating the most common tasks in a process will free up time for staff to spend on more nuanced problems that require judgment.

To read this article in full, please click here

(Insider Story)