Daily Archives: October 27, 2020

Election 2020: Lookout for Fake News Before and After the Election

U.S. Elections

 

Election 2020: Keep on the Lookout for Fake News Before and After the Election

As the news and conversations leading up to Election Day intensify, and with early voting already in full swing, the flood of misinformation and outright disinformation online continues—and will undoubtedly continue in the days after as the results are tabulated and announced.

Perhaps you’ve seen some instances of it yourself. For instance, one recent news story reported that numerous legitimate social media accounts have shared misinformation about the vote. An example: photos of old, empty election envelopes that were properly disposed of after the 2018 election, used to make the false claim that they were uncounted votes from the 2020 election. It’d be naïve for us to think that postings like this, and others, would suddenly come to a halt on Election Day.

We can expect election misinformation to continue even after Election Day

I touched upon this topic in my earlier blog about how misinformation online can undermine our election, yet it’s worthy of underscoring once again. It’s easy for our attention to focus on the days leading up to the election, however, this election stands to be like few others as the high volume of mail-in ballots may keep us from knowing who the certified victor is for possibly weeks after Election Day.
How that timeline plays out in practice remains to be seen, yet we should all prepare ourselves for a glut of continued misinformation and disinformation that aims to cloud the process. Feeds will get filled with it, and it’ll be up to us to make sense of what’s true and what’s false out there.

Who is fact checking posts on social media sites?

Sadly, much of onus for fact-checking will fall on us, particularly when 55% of Americans say they “often” or “sometimes” get their news via social media. There are a few reasons why:

• First, social media platforms are new to fact-checking and their processes are still developing, particularly around the transparency of their fact-checking methodology;
• Secondly, corporate leadership of the two major social media platforms have stated differing views about fact checking on their platforms;
• And third, the sheer volume of posts that these platforms pump out in any given day (or minute!) make it difficult to fact-check posts at scale.

Where does that leave us? In unprecedented times.

Historically, we’ve always had to be savvy consumers of news, where a balanced diet of media consumption allowed us to develop a clearer picture of events. Yet now, in a time of unfiltered social media, news comes to us from a multitude of publishers, bloggers, and individuals. And within that mix, it’s difficult to immediately know who the editorial teams behind those stories are—what their intentions, credentials, and leanings are—and if they’re drawing their information from bona fide, verified sources. The result is that we must read and view everything today with an increased level of healthy skepticism.

Fact-checking your news

That takes work, yet my recent blog on How to Spot Fake News and Misinformation in Your Social Media Feed offers you a leg up with several pointers to help you sniff out potential falsehoods.
In addition, here’s a short list of fact-checking resources that you can turn to when something questionable comes up in your feed. Likewise, they make for good browsing even if you don’t have a specific story that you want to check up on. You can keep these handy:

PolitiFact from the Poynter Institute
FactCheck.org from the Annenberg Public Policy Center
AP News Fact Check from the Associated Press
Reuters Fact Check from Reuters News
Snopes.com from Snopes Media Group

Stay vigilant

With the election just days away and a result that may not be declared at the end of Election Day, we all need to scrutinize the news that presents itself to us, particularly on social media. Fact-checking what you see and read, along with cross-referencing it with multiple, reputable sources, will help you get the best information possible—which is absolutely vital when it comes time to cast your ballot.

Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Election 2020: Lookout for Fake News Before and After the Election appeared first on McAfee Blogs.

Announcing the 11th Volume of Our State of Software Security Report

Today, we released the 11th volume of our annual State of Software Security (SOSS) report. This report, based on our scan results, always offers an abundance of insights and information about software vulnerabilities ??? what they are, what???s causing them, and how to address them most effectively. This year is no different.

With last year???s SOSS Volume 10, we spent some time looking at how much things had changed in the decade spanning Volume 1 to Volume 10. With Volume 11, we are going to look forward and consider the direction software development is headed. We are not trying to decide if we are doing better or worse than before, but looking at what kind of impact the decisions developers make have on software security.

Some key takeaways:

Most applications are vulnerable. Our analysis this year found that among 130,000 apps, 76 percent had at least one security flaw. But in the good news department, most apps do not have severe vulnerabilities. Only 24 percent had high-severity security flaws. Back to the bad news: fix rate is still an issue ??? half of security findings are still open 6 months after discovery.

Open source code is expanding the attack surface. Applications increasingly include open source libraries; in fact, many now include more open source than first-party code. This year, we found that 97 percent of a typical Java application is made up of third-party code. And when we looked at our analysis of open source code through Software Composition Analysis vs. first-party code through Static Analysis, we found that almost one-third of all applications have more findings in third-party libraries than in the native code base.

There are ways to ???nurture??? software security, even if the ???nature??? of your software is less than ideal. This year, we thought about what leads to the state of software security ??? is it ???nature??? or ???nurture???? Is it the attributes of the app that the developer inherits ??? its security debt, its size ???or is it the actions of the developers ??? how frequently they are scanning for security, or how security is integrated into their processes? And if it???s ???nature,??? is there anything developers or security pros can do to improve security outcomes? This year???s research unearthed some surprising ??? and promising ??? data surrounding ways to ???nurture??? the security of your applications, even if the ???nature??? is less than ideal. For example, those who scan via API (and therefore are integrating and automating security testing) shorten the time to address half their flaws by 17.5 days.

See below for the data highlights, and check out theツ?full reportツ?for all the data details, plus our advice on how to use the story told by the numbers to improve your own application security program.

Trend Micro HouseCall for Home Networks: Giving You a Free Hand in Home Network Security

Remember when only desktop computers in our homes had connections to the internet? Thanks to the latest developments in smart device technology, almost everything now can be connected— security cameras, smart TVs, gaming consoles, and network storage, to name just a few. While a home network provides lots of benefits, it can also expose us to safety and privacy risks.

But checking for those risks need not be costly. How about a network security checker available for free? Yes, you read that right. Trend Micro’s free Housecall for Home Networks (HCHN) scans the connected devices in your home network and detects those that pose security risks. And in doing so, it gives you a sense for what real network security entails. We have a solution for that also.

Want to know more?

Trend Micro HCHN uses intelligent network scanning technology to scan the devices connected to your home network for vulnerabilities. These can range from a low risk type—such as an easily identifiable Wi-Fi Name that hackers can use to attack your router and home network—to high risk types, such as SSL-Poodle (for man-in-the-middle attacks), Shellshock (for remote code execution attacks), Heartbleed (which puts website passwords at risk) and WannaCry (which is a Windows ransomware cryptoworm). These and other vulnerabilities can be detected through the help of this handy tool.

In addition, HCHN checks devices for open ports that are usually targeted by hackers and malware and can be exploited for cybercriminal activities. Examples include ports 20 and 21, used via the File Transfer Protocol (FTP) to transfer files between an FTP client (20) and FTP server (21), which can deliver a multitude of vulnerabilities to the internet; as well as port 23, which sends data in Clear Text, which can be used by attackers to listen in, watch for credentials, or inject commands, enabling the hacker to perform Remote Code Executions.

Moreover, HCHN gives you a report about the status of your home network and its connected devices and offers helpful advice for keeping your network and devices secure.

Lastly, HCHN provides you a notification when:

  • A new device joins the network
  • Connecting to a new network
  • A new vulnerability is found in the network.

 

Ready to install?

HCHN is easy to use and accessible from any device, be it Windows (7, 8 and 10), MacOS (10.12 or later), Android (5.0 or later) or iOS (8.0 or later). For your computer hardware, you just need to have Intel Pentium or compatible processor, a 256MB of RAM (512MB recommended) with at least 50MB available disk space and you’re set.

  • Download and install the application from the Web, Google Play Store or Apple App Store.
  • During install, accept the Privacy and Personal Data Collection Disclosure Agreement which indicates the necessary information gathered in order to check for and identify vulnerabilities in devices connected to your home network and you’re good to go.
  • Once installed, inspect your home network’s security risk exposure by clicking (applies to Windows and MacOS) or tapping (applies to Android and iOS) Scan Now. You’re then presented with the result.

 

Are my home network and connected devices safe?

Here’s a few scans we did–from a Windows PC, then from and Android and iOS devices.

When the scan is complete on a Windows computer it shows two tabs: Home Network and Devices.

The first tab indicates a snapshot of your home network, identifying the devices at risk.

Figure 1. HouseCall for Home Networks – Home Network

The second tab indicates a list of the devices scanned and the details of any device risks found.

Figure 2. HouseCall for Home Networks – Device List

On the Android device, once the scan has finished, the screen will reveal any security risks detected. You can view the issue to see more details of the security risk in your home network. You can then slide to the next panel and check to verify all the connected devices on your network.

Figure 3. HCHN – At Risk Devices

Similarly, upon completing the network scan from an iOS device, the app will display the risk that needs your attention. Just as with the Android device, you can move to the next panel to review the list of connected devices that were identified by Trend Micro HCHN.

Figure 4. HCHN – Needs Attention

A Few Reminders and Recommendations …

  • Use HCHN regularly to check the posture of your home network security, since new vulnerabilities and network risks may appear in the device after a time due to lack of firmware updates or a failure by the manufacturer to address a newfound risk.
  • Ensure that the devices (including mobile devices such as phones or tablets) are on and connected to the network when a scan is performed.
  • Some security products installed from the device initiating the network scan might detect the scan as suspicious and show a warning message or block user access. This doesn’t mean that HCHN is a malicious application. Add HNCN to your security product’s exception list, so it’s allowed to examine your network and connected devices for security risks.
  • The HNCN app does not automatically block dangerous network traffic or suspicious devices from connecting to your network. For that, and more home network security features, you should increase your home’s network protection with Trend Micro Home Network Security. To that we now turn.

What Home Network Security Provides

While a free network scan helps to determine the underlying dangers in your home network, to fully protect not only your home network but your family, you should consider Trend Micro Home Network Security (HNS) as a permanent enhancement to your network. It can shield your home against a wide variety of threats, including network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads. Additional features include the following:

  • New Device Approval gives you control over the devices that are allowed access to your home network.
  • Remote Access Protection limits malicious individuals from using remote desktop programs to connect to your devices at home.
  • Voice Control lets you issue voice commands to Alexa or Google Home to perform specific functions on HNS such as conducting a scan, obtaining your home network’s security status, pausing internet usage, disabling internet access for a user, and so on.
  • Parental Controls’ flexible and intuitive feature set, comprised of Filtering, Inappropriate App Used, Time Limits and Connection Alerts, can help any parent to provide a safe and secure internet experience for their kids. Combined with Trend Micro Guardian, parents can extend these protections to any network their children connect to, Wi-Fi or cellular.

Download the HNS App on your Android or iOS device to give it a spin. Note that the HNS App, when used by itself, performs the same functions as the HCHN app on those devices.

If you like what you see, pair the HNS App to a Home Network Security Station to get the full range of protections. (Note too that once you do, the HCHN App will be disabled on all your devices and network and replaced by Home Network Security.)

Figure 5. Home Network Security (HNS) App

Figure 6. HNS App Paired with the Home Network Security Station

Final Words

Home networks come with security risks. As the tech-savvy member of your household, you need to be aware of those risks. Using Trend Micro HouseCall for Home Networks (HCHN), you’ll be able to know which devices are connected to your home Wi-Fi network and whether these devices bear security risks that can be exploited by hackers and malicious software. Moreover, you’ll be provided with suggestions, in case your devices are found vulnerable.

However, just knowing the security risks is only half the battle in protecting your home network. You’ll need a more robust system that can automatically block suspicious and malicious traffic and do more— such as protecting your child’s online safety. Trend Micro Home Network Security (HNS) can address your home network’s security, even as it monitors your home network, prevents intrusions, blocks hacking attempts and web threats, and protects your family’s privacy, while keeping the internet safe for your kids.

Download Trend Micro Housecall for Home Networks from the Web, Google Play Store or Apple App Store to give it a try.

Go to Trend Micro Home Network Security to get more details on the solution, or to buy.

The post Trend Micro HouseCall for Home Networks: Giving You a Free Hand in Home Network Security appeared first on .

The Nastiest Malware of 2020

Reading Time: ~ 4 min.

For the third year running, we’ve examined the year’s biggest cyber threats and ranked them to determine which ones are the absolute worst. Somewhat unsurprisingly, phishing and RDP-related breaches remain the top methods we’ve seen cybercriminals using to launch their attacks. Additionally, while new examples of malware and cybercriminal tactics crop up each day, plenty of the same old players, such as ransomware, continue to get upgrades and dominate the scene.

For example, a new trend in ransomware this year is the addition of a data leak/auction website, where criminals will reveal or auction off data they’ve stolen in a ransomware attack if the victim refuses to pay. The threat of data exposure creates a further incentive for victims to pay ransoms, lest they face embarrassing damage to their personal or professional reputations, not to mention hefty fines from privacy-related regulatory bodies like GDPR.

But the main trend we’ll highlight here is that of modularity. Today’s malicious actors have adopted a more modular malware methodology, in which they combine attack methods and mix-and-match tactics to ensure maximum damage and/or financial success.

Here are a few of nastiest characters and a breakdown of how they can work together.

  • Emotet botnet + TrickBot Trojan + Conti/Ryuk ransomware
    There’s a reason Emotet has topped our list for 3 years in a row. Even though it’s not a ransomware payload itself, it’s the botnet that is responsible for the most ransomware infections, making it pretty darn nasty. It’s often seen with TrickBot, Dridex, QakBot, Conti/Ryuk, BitPaymer and REvil.

    Here’s how an attack might start with Emotet and end with ransomware. The botnet is used in a malicious spam campaign. An unwitting employee at a company receives the spam email, accidentally downloads the malicious payload. With its foot in the door, Emotet drops TrickBot, an info-stealing Trojan. TrickBot spreads laterally through the network like a worm, infecting every machine it encounters. It “listens” for login credentials (and steals them), aiming to get domain-level access. From there, attackers can perform recon on the network, disable protections, and drop Conti/Ryuk ransomware at their leisure.
  • Ursnif Trojan + IcedID Trojan + Maze ransomware
    Ursnif, also known as Gozi or Dreambot, is a banking Trojan that has resurfaced after being mostly dormant for a few years. In an attack featuring this troublesome trio, Ursnif might land on a machine via a malicious spam email, botnet, or even TrickBot, and then drop the IcedID Trojan to improve the attackers’ chances of getting the credentials or intel they want. (Interestingly, IcedID has been upgraded to use steganographic payloads. Steganography in malware refers to concealing malicious code inside another file, message, image or video.) Let’s say the Trojans obtain the RDP credentials for the network they’ve infected. In this scenario, the attackers can now sell those credentials to other bad actors and/or deploy ransomware, typically Maze. (Fun fact: Maze is believed to have “pioneered” the data leak/auction website trend.)
  • Dridex/Emotet malspam + Dridex Trojan + BitPaymer/DoppelPaymer ransomware

Like TrickBot, Dridex is another very popular banking/info-stealing Trojan that’s been around for years. When Dridex is in play, it is either dropped via Emotet or its authors’ own malicious spam campaign. Also like TrickBot, Dridex spreads laterally, listens for credentials, and typically deploys ransomware like BitPaymer/DoppelPaymer.

As you can see, there are a variety of ways the attacks can be carried out, but the end goal is the more or less the same. The diverse means just help ensure the likelihood of success.

The characters mentioned above are, by no means, the only names on our list. Here are some of the other notable contenders for Nastiest Malware.

  • Sodinokibi/REvil/GandCrab ransomware – all iterations of the same ransomware, this ransomware as a service (RaaS) payload is available for anyone to use, as long as the authors get a cut of any successful ransoms.
  • CrySiS/Dharma/Phobos ransomware – also RaaS payloads, these are almost exclusively deployed using compromised RDP credentials that are either brute-forced or easily guessed.
  • Valak – a potent multi-functional malware distribution tool. Not only does it commonly distribute nasty malware such as IcedID and Ursnif, but it also has information stealing functionalities built directly into the initial infection.
  • QakBot – an info-stealing Trojan often dropped by Emotet or its own malspam campaigns with links to compromised websites. It’s similar to TrickBot and Dridex and may be paired with ProLock ransomware.

Combine protections to combat combined attacks.

If businesses want to stay safe, they need to implement multiple layers of protection against these types of layered attacks. Here are some tips from our experts.

  • Lock down RDP. Security analyst Tyler Moffitt says unsecured RDP has risen over 40% since the COVID-19 pandemic began because more businesses are enabling their workforce to work remotely. Unfortunately, many are not doing so securely. He recommends businesses use RDP solutions that encrypt the data and use multi-factor authentication to increase security when remoting into other machines.
  • Educate end users about phishing. Principal product manager Phil Karcher points out that many of the attack scenarios listed above could be prevented with stronger phishing/spam awareness among end users. He recommends running regular security training and phishing simulations with useful feedback. He also says it’s critical that employees know when and how to report a suspicious message.
  • Install reputable cybersecurity software. Security intelligence director Grayson Milbourne can’t stress enough the importance of choosing a solution that uses real-time threat intelligence and offers multi-layered shielding to detect and prevent multiple kinds of attacks at different attack stages.
  • Set up a strong backup and disaster recovery plan. VP of product management Jamie Zajac says that, particularly with a mostly or entirely remote workforce, businesses can’t afford not to have a strong backup. She strongly recommends regular backup testing and setting alerts and regular reporting so admins can easily see if something’s amiss.

Discover more about the 2020’s Nastiest Malware on the Webroot Community.

The post The Nastiest Malware of 2020 appeared first on Webroot Blog.