Category Archives: cybercriminals

Artificial Intelligence’s Deep Learning, A New Cybersecurity Tool?

Among machine learning developments, deep learning is a major technological breakthrough. With the development of deep learning, programs for enhanced image recognition technology and games including Pokemon Go have come to pass. Advantages in Artificial Intelligence is likely to apply to anti-virus technology as well, rendering the currently anemic signature-based and heuristics-based antimalware obsolete. The reason is the current state of cyber attacks are becoming sophisticated, as the cybercriminals also practice research and development.

For example, the current cyber attack uses malware at a rate of 90% or more, and it is said that some attacks are being launched using malware at a rate of about once every five seconds. In the case of such a method of attack that allowed cybercriminals to break into the system, it was said that it was within one minute. Under such circumstances, conventional malware detection technology lists and detects data on malware characteristics called signatures, which is also limited. If new malware appears, it will not work unless you provide a corresponding signature.

In other words, malware without signatures is not detected, and it can not be detected until new signatures are created and the characteristics of the malware are grasped. But will it evolve quickly and catch up with malware that is customized to your target? It is also pointed out that there are a large amounts of malware that cybercriminals have created to try to evade antivirus. It is an attempt to evade signature-based malware detection by changing the content of the malware a little and creating a large amount of derived malware in order to avoid detection by signatures.

For these reasons, it has been pointed out that detection of malware with conventional antivirus functions has limitations. Therefore, more effective measures are needed, as the world is facing massive accessibility and sharing of information, all of which comes with risks:

Information leakage due to internal fraud

No matter how much security measures are taken with tools and systems, the damage caused by human disasters will not disappear. It is also reported that the staff of the company handling the information illegally uses customer’s personal information. Information to be abused includes credit cards and security codes. If it is the conduct of a trusted corporate employee, the customer has no way to prevent it and it also relates to social trust.

Attack targeting smartphones and smartphone apps

There is an increasing number of cyber attacks aimed at smartphones and smartphone applications. There is also a virus that infects smartphones, and malicious ones that extract information to a seemingly convenient free app have been confirmed. If smartphones used exclusively for business are abused, the damage to the company can be enormous.

Unauthorized use of Internet banking and credit card information

One of the most noticeable personal cyber damage is the removal of information from online banking and credit cards. Account-related information often leaks from virus-infected PCs and smartphone apps. Based on the stolen information, it leads to the result that Internet banking and credit cards are abused.

Damage caused by ransomware

Among cybercrime, the damage caused by ransomware, which is a type of malware, has been a topic in recent years. It is patterned that the PC that has invaded the malware is broken down and the ransom is paid for the information and system restoration. For a company that deals with information, the damage that makes the important information a hostage will be a great loss.

Damage caused by targeted attacks

Targeted attack refers to launching a cyber attack targeting a specific company. As a typical targeted attack, there is a method of sending an email with a virus attached to employees and departments of IT companies that are targeted. Unlike conventional spam emails, they are malicious because they can not be distinguished from regular emails at first glance. Infection with a virus or malware interferes with the operation of the system.

Also, Read:

Artificial Intelligence Makes its Way to Front-line Security

Adopting Artificial Intelligence in Your Business

Vetting of Artificial Intelligence’s Future Use

The Three Core Factors of Artificial Intelligence to Enhance Cybersecurity

Artificial Intelligence as the Next Host of Cyber Attacks, a Cybersecurity Research Firm Revealed

The post Artificial Intelligence’s Deep Learning, A New Cybersecurity Tool? appeared first on .

Cybercriminals continue to target intellectual property, putting brand reputation at risk

Despite improvements in combating cybercrime and threats, IT security professionals are still struggling to fully secure their organization and protect against breaches with 61 percent claiming to have experienced a data breach at their current employer, according to McAfee. Adding to this challenge, data breaches are becoming more serious as cybercriminals continue to target intellectual property putting the reputation of the company brand at risk and increasing financial liability. The McAfee’s Grand Theft Data II … More

The post Cybercriminals continue to target intellectual property, putting brand reputation at risk appeared first on Help Net Security.

Belkin Wemo Insight Smart Plug Vulnerability Remains Exploitable

If you own a smart home, then you may probably be aware of Belkin Wemo Insight smart plug. Yes, it helps you to turn off your lights and appliances, and you can also monitor them from anywhere.

We are trying to highlight how the plug has been vulnerable for over a year, and a fix is yet not been introduced, despite the makers being apprised about the security bug. The Belkin Wemo Insight still contains the same remote code execution, zero-day vulnerability almost a year after the bug was disclosed. The bug has been given the CVE-2018-6692 number.

Later Cybersecurity firm McAfee suggests that the Belkin WeMo Insight smart plug is vulnerable to malware attacks – and Belkin has taken this issue too lightly even after it was notified in 2016.

Earlier this month, Steve Povolny, McAfee head of advanced threat research came out swinging and said, “He claims that in May 2018 his team warned Belkin of a vulnerability (CVE-2019-6692) that could be exploited by an attacker to turn off the switch, overload it, or connect to the switch’s network to become an entry point to a larger attack.”

As a matter of fact that though Belkin realized the grave situation they never did anything about it. Instead, they apparently patched a vulnerability in a different product, which is not even in the market anymore.

According to Povolny McAfee publicly disclosed the vulnerability three months later to raise awareness that there is a definite security issue with the WeMo Insight smart plug. Still, Belkin did nothing about it.

“As of April 10th, 2019, we have heard of plans for a patch towards the end of the month and are standing by to confirm,” he writes in a blog – but there doesn’t seem to be any hard evidence or a release date yet.

Povolny also suspects that malware creators are exploiting the WeMo Insight So it has taken almost a year for Belkin to do something about it – all that time, the vulnerability has remained exploitable. Vulnerability into IoT malware, because the devices are unpatched. The Bashlite malware is one such piece of malware that is already compromised IoT devices.

“As this vulnerability requires network access to exploit the device, we highly recommend users of IoT devices such as the WeMo Insight implement strong WIFI passwords, and further isolate IoT devices from critical devices using VLANs or network segmentation,” Povolny writes.

He also points out that IoT devices are prime targets for security issues, and companies like Belkin should be quick off the mark to fix issues, especially when attackers keep track of vulnerabilities that they can weaponize.

He adds that consumers should also apply basic security measures like keeping on top of product updates, using strong passwords, and keeping critical devices away from the IoT.

What’s more, those who use their work devices on home networks should also be concerned. “Just because this is an IoT consumer device typically, does not mean corporate assets cannot be compromised. Once a home network has been infiltrated, all devices on that same network should be considered at risk, including corporate laptops. This is a common method for cybercriminals to cross the boundary between home and enterprise. “

Related Resources:

Important Features of Vulnerability Scanners

Vulnerability Helps Researchers Expose Malware C&C Servers

TOP 10 PHP Vulnerability Scanners

 

The post Belkin Wemo Insight Smart Plug Vulnerability Remains Exploitable appeared first on .

Cybercriminals are becoming more methodical and adaptive

Cybercriminals are deviating towards a more focused approach against targets by using better obfuscation techniques and improved social engineering skills as organizations improve in areas such as time to detection and response to threats, according to Trustwave. The 2019 Trustwave Global Security Report is based on the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research. Asia … More

The post Cybercriminals are becoming more methodical and adaptive appeared first on Help Net Security.

Legacy infrastructures and unmanaged devices top security risks in the healthcare industry

The proliferation of healthcare IoT devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal personally identifiable information (PII) and protected health information (PHI), in addition to disrupting healthcare delivery processes. Healthcare detections per 10,000 host devices by month Published in the Vectra 2019 Spotlight Report on Healthcare, these findings underscore the importance of utilizing machine … More

The post Legacy infrastructures and unmanaged devices top security risks in the healthcare industry appeared first on Help Net Security.

Why We Need the Antivirus Software Even in 2019

Well, this might sound somewhat silly! Discussing the very basic antivirus software once again after having come so far, after having discussed antivirus protection many times and after having dwelt on all the modern sophisticated security software that we use today for comprehensive security- What’s the use?

Well, the justification is simple. An antivirus software, which happens to be the very basic security software needed for a computer system, is so indispensable that discussing it at all times and at all levels of discussion is relevant.

There are three basic aspects of the antivirus issue, three important questions that we seek to discuss here. The first question is- Do we really need an antivirus? The second- Why do we need an antivirus when we have inbuilt tools like Windows Defender? And, the third question is- Is merely having an antivirus enough?

Let’s begin with the first question- Do we really need an antivirus? The answer, from our side, would be a loud and emphatic “Yes!”. Cybercriminals are becoming more and more innovative and sophisticated. They try all possible means to infect computers and networks with all kinds of malware. Their endeavor is mainly to steal data belonging to people and enterprises or to hijack systems/networks and make money by way of ransom. Today, users get targeted even when they are visiting legit sources, including many official websites which they believe to be safe. There are cybercriminals on the prowl who would want to seize control of Internet-connected systems and devices, and then use the same to spy on users. Phishing attacks that lead to other malicious activities as well are on the rise. In this context, securing any system or device that we use to connect to the internet and store our data has become a very important thing. As part of doing this, it’s the antivirus software that comes in handy, on the primary level. Any computing device that we use today, including smartphones, need to be secured with antivirus software, which can screen all communication and data-transfer and look for malicious elements. So, as already said, the answer is- yes, we do need an antivirus. In today’s context, we should be using the most advanced kind of antivirus software, which could help us in blocking advanced and sophisticated kinds of threats and attacks.

Now, coming to the second question…Why do we need an antivirus when we have inbuilt tools like Windows Defender? Tools like Windows Defender are definitely good and effective. But threat actors have started thinking much ahead of users, even the most tech-savvy of users, and hence it’s always good to be well equipped to face cybercriminals and attacks. Hence, in addition to having inbuilt virus detection tools, it’s always wise to install advanced antivirus software as well.

Now, over to the third question… Is merely having an antivirus enough? The answer here is a clear and loud ‘no’. There was a time, not so long ago, when people thought they were safe by just having an antivirus tool installed. The situation today is different. On the one hand, you need to be constantly updating your antivirus software; merely having it installed won’t do. In the days when just having an antivirus installed was considered to be sufficient enough to render you safe, the average internet user was not so commonly and frequently targeted. But today, the situation is different. Anyone, yes, any one of us, can be targeted at any given point of time. Every internet user now gets targeted by scores of phishing scams every month. The number of viruses and malware goes on increasing in a never-before manner- every hour, every day! Hence, updating your antivirus tool becomes very important. In addition to having an antivirus software and updating it regularly, there are certain other things that need to be done, to ensure maximum security. These include…

  • Having other basic security software, for example, firewall software, installed.
  • Installing all other security software- endpoint security tools, POS security software etc- based on your requirements and the activities that you perform on your system/network.
  • Having a robust password management system, which includes creating strong passwords, regularly changing passwords and having separate passwords for separate accounts/services etc.
  • Securing all devices- smartphones, tabs etc- that are connected to your system/network from time to time.
  • Being careful while coming across links and attachments in emails from any untrusted source and verifying, through direct communication, the genuineness of all suspicious looking emails, even if they are from trusted sources.
  • Having a back-up of all sensitive and useful data, and updating the backup regularly.
  • Monitoring all accounts and data access if you are part of an enterprise.
  • Having a good cybersecurity plan, especially if you are part of an organization/company.
  • Teaching/training employees if you are responsible for the cybersecurity of an enterprise/organization.
  • Being careful of social engineering strategies, using which cybercriminals try to make you give away your sensitive personal data, including login credentials, card data etc.

Well, the list could go on, including more things like encryption, safe browsing habits, staying wary of adware/spyware, IoT security etc. Agreed that all these have been repeated many times already, but these basic things are so important that they demand frequent mentioning, on any platform. Anyhow, coming back to where we started off, remember to always have an antivirus software installed. Yes, an effective, advanced antivirus software is always a must!!!

Related Resources:

Endpoint Security or Antivirus Software for Small Businesses?

A New Vulnerability Uses Antivirus To Cause Malware Infection

Pre-Installed Antivirus App on Xiaomi Phones Causes Hacks

The post Why We Need the Antivirus Software Even in 2019 appeared first on .

RatVermin Spyware Campaign: Ukraine Gov Agencies Targeted

A phishing campaign in which Ukraine government agencies are targeted with the RatVermin malware has been uncovered.

Security researchers working with FireEye Threat Intelligence have uncovered this ongoing spear phishing campaign that has been targeting the Ukraine government and military with emails that aim to distribute the RatVermin malware, which helps malicious actors in info-gathering activities.

FireEye’s Threat Intelligence research group researchers John Hultquist, Ben Read, Oleg Bondarenko and Chi-en Shen, in an analytical blog post dated April 16, 2019, say, “In early 2019, FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine. The spear phishing email included a malicious LNK file with PowerShell script to download the second-stage payload from the command and control (C&C) server. The email was received by military departments in Ukraine and included lure content related to the sale of demining machines.”

The guess is that it’s cybercriminals associated with the so-called Luhansk People’s Republic, a proto-state in eastern Ukraine, who could be involved in the attack. The FireEye blog post observes, “This latest activity is a continuation of spear phishing that targeted the Ukrainian Government as early as 2014. The email is linked to activity that previously targeted the Ukrainian Government with RATVERMIN. Infrastructure analysis indicates the actors behind the intrusion activity may be associated with the so-called Luhansk People’s Republic (LPR).”

The FireEye researchers had spotted a sample email from the campaign, which was sent on January 22, 2019 and used the subject “SPEC-20T-MK2-000-ISS-4.10-09-2018-STANDARD. The sender’s name, obviously fake, was given as Armtrac, a defense manufacturer in the U.K. The researchers explain, in their blog post, “The email included an attachment with the filename “Armtrac-Commercial.7z” (MD5: 982565e80981ce13c48e0147fb271fe5). This 7z package contained “Armtrac-Commercial.zip” (MD5: e92d01d9b1a783a23477e182914b2454) with two benign Armtrac documents and one malicious LNK file with a substituted icon”. This substituted Microsoft Word icon was obviously intended to trick the victim.

The group behind the campaign may have been active since at least 2014, according to the FireEye team. It was early in 2018 that the FireEye Threat Intelligence team reported activities about them for the first time. Then the group had carried out a campaign using standalone EXE or self-extracting RAR (SFX) files to infect victims, after which they gradually grew in sophistication, leveraging both custom and open-source malware. Their recent activities indicated increased sophistication by leveraging malicious LNK files. The group, which uses open-source QUASARRAT and the RATVERMIN malware, seem to be focussed on targeting Ukrainian entities, as suggested by the filenames and malware distribution data.

The blog post by the FireEye researchers points out, “This actor has likely been active since at least 2014, and its continuous targeting of the Ukrainian Government suggests a cyber espionage motivation. This is supported by the ties to the so-called LPR’s security service. While more evidence is needed for definitive attribution, this activity showcases the accessibility of competent cyber espionage capabilities, even to sub-state actors. While this specific group is primarily a threat to Ukraine, nascent threats to Ukraine have previously become international concerns and bear monitoring.”

The server has been unreachable during analysis by the FireEye researchers. They found that the network infrastructure was linked to domains that were previously connected to the RatVermin remote access tool, which could perform malicious activities like capturing screenshots, audio etc.

Lindsey O’Donnell of Threatpost writes, “The researchers made a link to LPR because the domain used by the command-and-control (C2) server in the campaign was registered under the same email (re2a1er1@yandex[.]ru) as several other domains – including one for the official website of the Ministry of State Security of the Luhansk People’s Republic.”

The Threatpost report adds, “It’s not the first time the Ukraine government has been targeted by a cyberattack – in April 2018, for instance, the Ukrainian Energy Ministry was hit by a ransomware attack, in what researchers believed was the work of amateurs rather than cyber-espionage efforts. Other efforts however have shown more skill.”

Related Blogs:

Spear Phishing Exploits Against Telstra

Tax Filing Deadlines And Issue Of Increased Phishing Attempts

Apple Made Apology Due to Apple ID Phishing Attacks

The post RatVermin Spyware Campaign: Ukraine Gov Agencies Targeted appeared first on .

Don’t Take the Bait! How to Steer Clear of Tax Time Scams

tax time scamsFor cybercriminals tax time is the most wonderful time of the year. They are in the shadows giddy, eager, and methodically setting a variety of digital traps knowing that enough taxpayers take the bait to render their efforts worthwhile.

Indeed, with the frenzy of online tax filings, personal information (and money) moving through mailboxes, and hardworking people eagerly awaiting tax refunds, crooks are perfectly positioned for big returns this year.

So let’s be wiser and let’s be ready.

Last year, the IRS noted a 60 percent spike in bogus email schemes seeking to steal money or tax information. This year its a surge in phishing scams, says the IRS, that should have taxpayers on alert.

“The holidays and tax season present great opportunities for scam artists to try stealing valuable information through fake emails,” said IRS Commissioner Chuck Rettig. “Watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from the IRS or our partners in the tax community. Taking a few simple steps can protect yourself during the holiday season and at tax time.”

Scams to Look For

According to the IRS, phishing emails are circulating with subjects such as “IRS Important Notice,” “IRS Taxpayer Notice” and other iterations of that message. The fraudulent emails may demand payment with the threat of seizing the recipient’s tax refund or even jail time.

tax time scams

Attacks may also use email or malicious links to solicit tax or financial information by posing as a trustworthy organization or even a personal friend or business associate of the recipient.

While some emails may have obvious spelling errors or grammar mistakes, some scammers have gone to great lengths to piece together a victim’s personal information to gain their trust. These emails look legitimate, have an authentic tone, and are crafted to get even skeptics to compromise personal data using malicious web links.

Scams include emails with hyperlinks that take users to a fake site or PDF attachments that may download malware or viruses designed to grab sensitive information off your devices. With the right data in hand such as a social security number, crooks can file fake returns and claim your tax return, open credit cards, or run up medical bills.

Other tax scams include threatening phone calls from bogus IRS agents demanding immediate payment of past due tax bills and robocalls that leave urgent callback messages designed to scare victims into immediate payment.

Remember, the IRS will NOT:

  • Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you several bills.
  • Call or email you to verify your identity by asking for personal and financial information.tax time scams
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  • Ask for credit or debit card numbers over the phone or
    e-mail.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.

How to Protect Yourself

Be hyper-aware. Never open a link or attachment from an unknown or suspicious source. In fact, approach all emails with caution even those from people you know. Scams are getting more sophisticated. According to the IRS, thieves can compromise a friend’s email address, or they may be spoofing the address with a slight change in the email text that is hard to recognize.

Reduce your digital footprint. Now is a great time to go through your social accounts and online profiles, posts, and photos and boost your family’s privacy. Edit out any personal information such as your alma mater, your address, birthdate, pet names, children’s names, or mother’s maiden name. Consider making your social profiles private and filtering your friends’ list to actual people you know.

Have a strong password strategy. Cybercrooks count on their victims using the same password for multiple accounts. Lock them out by using unique passwords for separate accounts. Also, consider using two-factor authentification that requires a security code (sent to your phone) to access your account.

Install security software. Phishing emails carry malware and viruses designed to infect your devices and grab your family’s sensitive data or even seize your computer via ransomware. Crooks aren’t messing around so neither should you. Meet fire with fire by investing in comprehensive security software to protect your devices.

If you are the victim of tax fraud or identity theft, take the proper reporting steps. If you receive any unsolicited emails claiming to be from the IRS, forward them to phishing@irs.gov  (then delete the emails).

The post Don’t Take the Bait! How to Steer Clear of Tax Time Scams appeared first on McAfee Blogs.