Author Archives: Trend Micro

There She Breaches! Watch Out For Your Identity Data!

Data breaches keep on coming. Here’s what you can do to stay ahead of the hackers

Money makes the world go around. It’s the glue that holds our society together and the engine that drives our economy. But it’s also coveted by a growing global population of highly resourceful and determined cyber-criminals. They’re out to get what they can and their route to riches usually begins with the theft of data—your data. While sometimes it’s stolen direct from individuals, there’s a far bigger potential pay-off from hitting a company that may be storing personal data on millions of customers.

These data breaches have become depressingly common in the 21st century. And over the past month or so another two firms have been found wanting – exposing a further 30 million customers. To keep ourselves insulated as much as possible from incidents like this we need to be alert, to track when breaches happen and if we’re affected, and we need to plan ahead to protect the gateways to our digital lives: our digital IDs and passwords.

Breaches are here to stay

So, what’s the scope of the problem? Well, if cybercrime were a country it would have the 13th highest GDP in the world, generating as much as $1.5 trillion each year, according to some estimates. And according to a new report, there have been nearly 4,000 data breaches already in the first six months of 2019, a 54% increase on the same period last year — exposing 4.1bn records.

A sophisticated underground economy offers hackers all the tools and expertise they need to launch attacks, and a thriving digital Dark Web marketplace in which to sell stolen data to fraudsters and other cyber-criminals. Many do not even need technical skills to get started, they simply rent hacking kits as a service, point and click.

This is what businesses are up against. As long as there’s money to be made, there’ll be a steady stream of cyber-criminals knocking at their door, testing their systems and trying to get in. The latest two to suffer major breaches of customer data are the popular online merchandise store CafePress and the e-commerce firm StockX.

We know by now that even the most secure business in the world can be hacked, as long as the attacker is determined enough. Instead, it’s how the business responds to an attack that matters. Unfortunately, these two firms have been heavily criticized for various deficiencies including:

  • Failing to quickly spot and contain the breach. For CafePress the intrusion is said to have occurred in February, but the breach only came to light in August. In the case of StockX it happened in May, but went unreported until August.
  • Failing to come clean straightaway about the breach. In the case of CafePress, its 23 million affected users don’t appear to have been formally notified at all. Instead, they were urged to change their log-ins as part of an ‘updated’ password policy. StockX also sent out a general password reset for its customers, although a week later it did finally reveal what had happened.
  • Failing to properly secure passwords. Half of those compromised in the CafePress breach are said to have been protected by a weak algorithm (SHA-1), meaning hackers could effectively still use them. Just days after the StockX breach was revealed, it emerged that decrypted passwords were already being sold on the Dark Web.

What could hackers do with my password?

Stolen identity data can be used to impersonate victims online in identity fraud attempts, or in phishing attacks designed to grab even more sensitive data from the victim.

However, a lot of the time it is the email-address-and-password combos that the hackers are after. Why? Because these are the virtual keys to our digital world – offering access to everything from online banking to our emails, cloud storage and even video streaming services.

We all own so many online accounts today that password reuse across these sites and apps is commonplace. Remembering hundreds of complex, secure log-ins is simply unfeasible, so we go for one or two simple ones, and use them for everything.

The problem is the bad guys know this, and use so-called “credential stuffing” techniques to try the log-ins they’ve stolen from CafePress, StockX, or the latest breached company, across multiple sites. They can run these at great speed, and use huge volumes of breached log-ins to try and crack open user accounts on other sites/apps. They only have to be lucky a tiny fraction of the time to make it worth their while.

This technique was behind an estimated 30 billion unauthorized log-in attempts in 2018.

With working log-ins, hackers could:

  • Steal the personal identity information in your account to sell it to fraudsters
  • Sell access to the account itself. The Dark Web is awash with stolen accounts for sale, offering free taxi rides (Uber), video streaming (Netflix) discounted travel (Air Miles) and much more. You might not notice until you next log-in that something is wrong.

What you can do

It’s important than ever for consumers to get proactive about their own data security, by utilizing an identity monitoring service, which notifies you when your credentials have been compromised or are being sold on the Dark Web; and by beefing up how you manage your online credentials—your IDs and passwords—using a password manager tool to create longer and stronger passwords. Trend Micro has solutions for both (see below).

You should also consider adding a second layer of security by switching on two-factor authentication for any accounts that offer it. This will request another “factor” such as a fingerprint, facial scan, or one-time SMS passcode[i] in addition to your passwords. You can achieve the same end-result by downloading a handy 2FA app, such as Google Authenticator or Authy.

Here’s a checklist of other data security tips:

  • Change your password immediately if a provider tells you your data may have been breached and make sure that all of your passwords across all of your online accounts are unique. Hackers will try to use stolen credentials to log in to other sites.
  • Keep an eye on your bank account/credit card activity
  • Only visit/enter payment details into HTTPS sites
  • Don’t click on links or open attachments in unsolicited emails
  • Only download apps from official app stores
  • Invest in AV for all your desktop and mobile devices
  • Ensure all operating systems and applications are on the latest version

[i] Note that one-time passcodes texted to your phone will not keep you safe if the hacker has access to your mobile phone number/account. This has happened multiple times in the past.

How Trend Micro can help

Data breaches at firms like CafePress and StockX may be happening on an almost regular basis today, but Trend Micro offers two complementary services to reduce your risk exposure:

  • Trend Micro ID Safe, available for iOS and Android, ID Safe monitors underground cybercrime sites on the Dark Web to securely check if your personal information is being traded by hackers. If an alert comes back, you can take immediate action, such as cancelling a credit card or changing an account password. All personal data is hashed and sent through an encrypted connection.
  • Trend Micro Password Manager provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to. This means if one site is breached, hackers will not be able to use that password to open your other accounts. If ID Safe alerts you of a compromise, simply open up Trend Micro Password Manager and update the relevant password. Simple and secure.

Staying vigilant about the integrity your online accounts, beefing up your access with 2FA, and using a password manager will contribute significantly to maintaining the safety of your identity in an unsafe world.

_______________________

[1] Note that one-time passcodes texted to your phone will not keep you safe if the hacker has access to your mobile phone number/account. This has happened multiple times in the past.

The post There She Breaches! Watch Out For Your Identity Data! appeared first on .

Finding a Better Route to Router and Home Network Security

When was the last time you looked at your home router? We tend to only notice these magical boxes when something goes wrong. And given that many of us get our router as part of a single broadband box (technically known as a gateway, combining modem and router in one device), there’s even less incentive to peek under the covers and get familiar with the technology. Yet as our main link to the internet, either by Ethernet cable or Wi-Fi, routers play an absolutely crucial role for us, akin to a cyber front door for the smart home.

There’s just one problem: hackers know this and they’re becoming increasingly adept at exploiting any security weaknesses on these devices to grab our data, install malware, and remotely control our smart devices.

New research published by Consumer Reports reveals that many of the home routers sold in the US today are still missing basic protections. It’s time we got to grips with our routers (or the routers in our gateways), and took proactive steps to protect the smart home.

The gateway to your smart home

There was a time when the router simply provided an internet connection for your home PC, your laptop and/or your mobile devices, assigning an identity (an IP address) to each to enable their connections. Things have since become a lot more complicated. With the advent of the Internet of Things (IoT), over a quarter (27%) of US consumers now claim to have three or more smart home devices. These could be anything from smart TVs and speakers to connected baby and home security monitors, to smart door locks and intelligent refrigerators. It’s no surprise that sales of connected home products in the US alone are estimated to generate $5.4 billion in revenue by the end of 2019.

The router is the network hub for all of this connected technology. It’s vitally important to keep it secure because, unlike PCs and mobile devices, smart gadgets don’t have the capacity for anti-malware software to be installed on them. That means if a hacker manages to get inside your virtual smart home via the router, they could have free reign to target these devices.

How is my router exposed to hackers?

As mentioned above, according to the August 2019 research from Consumer Reports, multiple router models are still failing on security. The non-profit testing body screened for around 60 different indicators of good security and privacy practice. Here’s a brief list of common failings:

  • Eleven of the router models tested accept very weak passwords. These would make it easy for malware like Mirai to search for exposed devices online and then crack them open. One router even prevented users from changing its default log-ins of “admin” and “password,” making it even easier to hijack.
  • Around two-thirds of the routers had Universal Plug and Play (UPnP) enabled. This protocol enables devices on the network to discover each other, but it has a history of serious security vulnerabilities.
  • Eleven of the routers appraised did not support automatic software updates. These are crucial to keeping devices secure from the latest threats, which try to expose emerging vulnerabilities. If security updates aren’t automatic, users may find it hard to apply them, or forget completely, leaving their router exposed indefinitely. A 2018 study by the American Consumer Institute found that 83% of home routers are vulnerable to attack, primarily because of a lack of firmware updates.

What attacks are possible via home routers?

A vulnerable router means a vulnerable smart home. Attackers can target security deficiencies to: steal your most sensitive data and log-ins; take-over your smart devices and router to launch attacks on others; or even manipulate your home gadgets to compromise the physical security of the building. Here’s a breakdown of those threats:

  • Attacks target the router in order to take control of smart home devices. These can then be recruited into botnets and used to target others with: DDoS (denial of service), spam, click fraud campaigns, or attempts to hijack consumer accounts en masse (credential stuffing).
  • Attacks can change the DNS server your router uses to resolve URLS (websites) into server IP addresses. Your devices can then be redirected to fake but convincing login pages and your credentials and money can be stolen.
  • Home devices could also be hijacked to illegally mine for crypto-currency, slowing down your network.
  • Your router itself could be remotely controlled and turned into a botnet for the same purposes as the above.
  • Attacks could try to compromise smart home systems in order to spy on your family via home security cameras and even unlock smart door and window locks.
  • Routers are the gateway for your web traffic. By hijacking them, hackers could monitor your emails and browsing history and grab passwords to sensitive accounts like online banking.
  • If you’re a home worker, there’s even a chance that hackers could grab log-ins to corporate accounts, putting your company’s security at risk.

How to protect your router

Because your router is the hub for the entire smart home, it should be your first port of call when looking to improve home cyber security. Consider the following best practice tips:

  • Change factory default passwords in your router to strong and unique credentials.
  • Switch on two-factor authentication for even more log-in protection, if offered.
  • Check regularly for firmware updates and apply them as soon as they’re available. This may require you to visit the manufacturer’s website from time-to-time.
  • Use WPA2 on your routers for encrypted Wi-Fi.
  • Disable UPnP and any remote management features.
  • Set up a guest network for your devices, which isolates harm guests can cause, as well as hackers’ efforts.
  • Put the router in middle of house if possible, so the signal is not unduly extended to hackers who may be lurking in parked cars outside.
  • Invest in security for your entire home network from a reputable provider like Trend Micro.

How Trend Micro can help

Trend Micro HouseCall for Home Networks, a free application available on Windows, Mac, iOS and Android, helps home users who want to know if their home network or connected devices are vulnerable to hacking or network threats. This free app scans your devices, including your router, for known severe vulnerabilities and provides advice to help you mitigate the risk.

In addition, Trend Micro Home Network Security (HNS) provides deep protection against network intrusions, web threats and identity theft for every device connected to the home network. It features:

  • Internal Attack Blocking: HNS scans traffic between the devices in your network and stops them with Intrusion Prevention (IPS). This includes attacks on your router.
  • Router Access Protection*: HNS helps stop hackers hijacking your router and making changes to important configurations, such as DNS settings, that can leave your network and devices vulnerable. It does this by blocking unauthorized attempts to access the router’s log-in page.
  • Cyberattack Shield*: HNS deploys emergency security from the cloud in the case of a global threat outbreak, which could spread ransomware to your router and network or turn your devices into botnets.
  • Vulnerability Check: Scans your router and devices for any known flaws or vulnerabilities that could be used as entry points for hackers and provides guidance to help you resolve the issues, which may include firmware updates.
  • Password Check: HNS also scans for weak or default router and device passwords to ensure your devices aren’t exposed to attack.
  • Dangerous Website and File Blocking: Blocks malicious websites and files to protect your personal and financial data from hacking, phishing, ransomware, and risky remote connections. Scans potentially executable PDFs and EXEs in the cloud for malware before they are downloaded to your devices.
  • Smartphone app: features an easy-to-use app to make changes and get notifications and updates straight to your mobile phone.

* Note: These features are available through the Early Access Program for those who wish to be the first to try the latest protections from Home Network Security.

To find out more about securing your smart home, go to Trend Micro Housecall for Home Networks and  Trend Micro Home Network Security.

Watch our Trend Micro Home Network Security YouTube videos for easy-to-understand snapshots showing how HNS works.

The post Finding a Better Route to Router and Home Network Security appeared first on .

Three Common Email Security Mistakes That MSPs Make

MSPs can generate recurring revenue by being proactive about educating customers about email threats and how to defeat them—if they avoid three common mistakes.

Businesses have come to rely on cloud email and file-sharing applications for communication and productivity. But, too often, they assume these platforms’ built-in security delivers enough protection against email-borne threats.

The reality is quite different.

While the built-in protection of platforms such as Microsoft Office 365 and Google Drive catches some threats, it is not designed to detect the myriad unknown dangers that amount to 95% of all cyber threats in the wild, according to Trend Micro research.

Businesses need an added layer of protection for email and file-sharing platforms. But most organizations don’t realize this need until it’s too late and their systems have already been breached.

That’s why MSPs and IT service providers should be proactive in educating customers about email threats–and how to defeat them. In so doing, providers position themselves to generate new recurring revenue. But they must avoid three common mistakes providers make regarding email security:

1. Failing to educate customers

Surprisingly, not all MSPs and IT service providers are aware of the need to add a layer of protection to cloud email platforms. Like their customers, many believe built-in controls get the job done.

This being the case, providers fail to educate customers on the dangers of email-born threats, leaving them susceptible to malware infections through phishing and spam, fraud, spying and information theft. Providers must make clear that an attack caused by one user’s bad decision to click an infected URL or attachment can bring an organization to its knees and have long-term repercussions: Atlanta is still reeling from a 2018 ransomware attack that cost the city $2.7 million.

2. Placing too much faith on end-user training

There’s no question users need education on safe security practices to avoid infecting their own computers and their network. Phishing is effective because it preys on users’ trust and curiosity to deliver ransomware and other forms of malware: Consider that in 2018, credential phishing tactics accounted for 40 percent of all high-risk email threats. But you can’t stop phishing by merely telling users not to click a link or attachment; someone is always going to do it.

Because training alone cannot fully address security risks, providers should introduce solutions to customers that stop threats before they reach users. They should also teach users to spot threats before clicking infected links and attachments.

3. Leaving service revenue on the table

Providers can build various services around security, including assessments that show how many threats their cloud platforms miss, as well as simulations that determine how many end users fall for phishing scams.

Assessments can lead to other, ongoing services, including awareness and training programs to help users avoid and report email threats. These services create new revenue streams and stickiness with customers.

Trend Micro’s Approach

Increased customer reliance on cloud email makes these platforms a bigger target for hackers. MSPs can minimize the target with the right solutions and services to protect customers. Trend Micro’s email security solution is easy to set up; it has direct APIs for various cloud applications, and it employs advanced features such as machine learning and Writing Style DNA to identify and stop phishing and other threats. Secure your email–and your company’s future–today.

 

The post Three Common Email Security Mistakes That MSPs Make appeared first on .

FAKE APPS!—courtesy of Agent Smith

As new mobile malware sweeps the globe, here’s how to keep your device secure.

We’re spending more and more of our lives online and for most of us the door to this digital world is our smartphone. It’s the first thing we look at when we wake up and the last thing we check at night. It’s where we do our banking and shopping, where we hang out with friends, play games to pass the time, post status updates and share photos. It’s where we watch TV, hail cabs and even consult our local doctor.

There’s just one problem: the bad guys know this and they’ve become highly skilled at making money off the back of our reliance on mobile devices. Early this month a new global Android malware campaign called Agent Smith was revealed to have compromised 25 million handsets across the globe including many in the US.

It should be another reminder to users not to take mobile security for granted. Fortunately, with a few easy steps you can make giant strides towards keeping the hackers at bay.

What is Agent Smith?

Remember the malignant agent/virus antagonist to Neo in The Matrix? Well, Agent Smith is the latest in a long line of malware campaigns designed to infect consumers’ mobile devices. It begins life embedded inside legitimate-looking applications like photo apps, gaming titles and/or adult-themed software. These are found more on popular third-party marketplaces such as 9Apps, rather than the official Google Play store, though it showed up there too.

Once a user installs one of these booby-trapped apps, the malware will get to work, exploiting vulnerabilities in the Android operating system. It extracts a list of all the legit apps that the user has installed on their phone and then sets about replacing them with identical-looking but malicious versions.

How does it affect me?

If you’re unlucky enough to have your device infected with Agent Smith, it will then go on to hijack your apps to show unwanted ads – thereby generating the hackers money. Although this doesn’t sound too catastrophic for the victim, there is the potential for the attack to get much worse. Researchers have claimed that the same malware could be used to steal sensitive information like online banking credentials from an infected device.

As of early July, Agent Smith had already infected over 302,000 mobile devices in the US. The number may be even higher today. It’s one of the biggest threats seen so far this year, but it’s by no means the only one. Attackers are always looking for ways to get malware onto consumers’ devices, and in so doing:

  • Steal log-ins for key accounts like online banking
  • Secretly mine for crypto-currency using your device, which can cause it to slow down
  • Flood your screen with pop-up adverts, making it unusable
  • Lock your device with ransomware until a fee is paid
  • Sign your device up to premium rate services which can incur heavy charges

How do I stay safe?

Google is getting better at preventing apps loaded with hidden malware from being published on its official Play Store, but there are still occasions when some sneak through. The hackers behind Agent Smith were found to have hidden malware elements on 11 apps listed on Google Play. Two of them had already reached 10 million downloads by the time Google was notified and they were withdrawn.

App downloads are also only one of several avenues where your mobile device could be at risk of attack. Others include via malicious text or IM messages, public Wi-Fi networks that you might be sharing with hackers, and even lost or stolen devices.

Here’s a quick rundown of some key steps to stay safe:

  • Stick to legitimate stores (Google Play and Apple’s App Store) – you are 23 times more likely to install a potentially harmful application (PHA) outside Play, according to Google.
  • Read the permissions requested by applications when you install them. If they seem excessive (i.e., a gaming app that wants to access your address book and microphone) then avoid. It’s better to be safe than sorry.
  • Always ensure you’re on the latest version of Android.
  • Don’t log-in to public Wi-Fi, or if you must, don’t use any sensitive accounts (email, banking etc) until you get back onto a private and secure network. Otherwise, use a WiFi VPN, like Trend Micro WiFi Protection.
  • Ensure your device has a remote lock and wipe feature switched on, to sign out of accounts and wipe the device if it is lost or stolen.
  • Don’t brick/jailbreak the device as this can expose it to security risks.
  • Be cautious – you may be more likely to click on phishing links in emails, texts, and via social channels when on the move as you could be distracted and/or in a rush.
  • Run anti-malware on your mobile device, from reputable company like Trend Micro.

How can Trend Micro help?

The last recommendation is non-trivial. Trend Micro offers customers comprehensive anti-malware capabilities via Trend Micro Mobile Security (TMMS), which provides protection from malicious apps via the Mobile App Reputation Service (MARS).

With Agent Smith, there are two malicious parts: the Agent Smith malware itself and the doppelganger apps that it creates on victim devices to replace the legitimate ones. MARS/TMMS detects both. On Google Play, the MARS/TMMS pre-install scan will detect Agent Smith before it installs. (This same function will prevent you from downloading other malicious apps to your device.) Otherwise, both Agent Smith (installed from a 3rd-party store) or the doppelganger apps it creates will trigger the real-time scan in MARS/TMMS and warn you the apps are not safe, so you can delete them from your device.

Among its other features, Trend Micro Mobile Security also:

  • Blocks dangerous websites
  • Checks if public WiFi connections are safe
  • Guards financial and commercial apps
  • Optimizes your device’s performance
  • Protects your kids’ devices with parental controls
  • Protects your privacy on social media
  • Provides lost device protection.

Used in conjunction with Trend Micro Password Manager, for securing and managing your passwords, and Trend Micro WiFi Protection, for keeping you save on public WiFi, Trend Micro Mobile Security can help keep your mobile device—both you and your identity—safe from threats like Agent Smith and countless others.

The post FAKE APPS!—courtesy of Agent Smith appeared first on .