Lenovo SHAREit Vulnerabilities Include Third Worst Password

Jan 28, 2016 | Cybersecurity News, Internet Security News

Ask anyone to name a basic security protection to prevent hackers from gaining access to a device or network, and the use of a secure password would feature pretty high up that list. However, even a tech giant the size of Lenovo can fail to implement secure passwords. Recent Lenovo SHAREit vulnerabilities have been discovered, one of which involves the use of a hard-coded password that ranks as one of the easiest to guess.

Recently, SplashData published a list of the 25 worst passwords of 2015, and the one chosen by Lenovo is listed in position three between “password” and “qwerty.” To all intents and purposes, Lenovo may well not have bothered adding a password at all, such is the degree of security that the password offers. That password has also been hardcoded.

In fact, the company didn’t actually bother with adding a password at all in one of the new SHAREit vulnerabilities.

Four Lenovo SHAREit vulnerabilities have now been patche

Lenovo SHAREit is a free cross-platform file transfer tool that allows the sharing of files across multiple devices, including PCs, tablets and Smartphones. Perhaps unsurprisingly, given Lenovo has been found to be installing irremovable software via Rootkit and shipping its laptops with pre-installed spyware, some security vulnerabilities exist in its SHAREit software.

Four new Lenovo SHAREit vulnerabilities have been discovered showing some shocking security lapses by the Chinese laptop manufacturer. If the Lenoto SHAREit vulnerabilities are exploited, they could result in leaked information, integrity corruption, and security protocol bypasses, and be used for man-in-the-middle attacks.

The hardcoding of the password 12345678, listed as CVE-2016-1491 by Core Security, is shocking. Configure Lenovo ShareIt for Windows to receive files, and 12345678 is set as the password for a Wi-Fi hotspot. The password is always the same and any system with a Wi-Fi Network could connect.

According to Core Security, if the Wi-Fi network is on and connected, files can be browsed by performing an HTTP Request to the WebServer launched by Lenovo SHAREit, although they cannot be downloaded. (CVE-2016-1490).

The third vulnerability, named CVE-2016-1489, is the transfer of files in plain text via HTTP without encryption. A hacker could not only view those files but also modify the content.

The fourth SHAREit vulnerability, CVE-2016-1492, concerns SHAREit for Android. When configured to receive files, an open Wi-Fi HotSpot is created and no password is set. If a hacker were to connect, the transferred files could be intercepted.

Core Security did disclose the Lenovo SHAREit vulnerabilities privately in October last year to allow a patch to be developed. Now that the patch has been issued to plug the vulnerabilities, Core Security has published the details.

Android Smartphone Malware Beating 2FA

Jan 15, 2016 | Cybersecurity News, Internet Security News

New Android Smartphone malware has been identified that gets around the security systems used by banks and other financial institutions to keep customers protected. The malware is managing to intercept messages that are sent to customers’ Smartphones used as part of the bank’s two-factor authentication system. However, an update to the Android Smartphone malware means it is now capable of intercepting passcodes on more robust 2FA systems.

Two-factor authentication is not infallible

Two-factor authentication offers enhanced security for bank customers. Rather than relying on a username and a password, and additional factor is used to verify identity. A one-time passcode is sent to a user’s Smartphone and that passcode is then used to authorize a transaction. If the passcode is not entered the transaction cannot be made. The codes are sent to the Smartphone via SMS in most cases, although some banks use an automated voice call to deliver the passcode.

This means that even if a user’s login credentials are obtained by a criminal they cannot be used to authorize a bank transfer unless the attacker has also managed to obtain the Smartphone of the account holder (or other device registered with the bank and used for two-factor authentication.)

While two-factor authentication makes it harder for fraudulent transactions to be made, the system is not infallible. In fact, the account holder’s device does not even need to be stolen in order for a criminal to empty a bank account. If malware can be loaded onto the device that can intercept the SMS text this will allow an attacker in possession of the login credentials to make fraudulent transfers.

Automated voice call passcode delivery intercepted by Android Smartphone malware

SMS messages can be intercepted easily if malware is installed on a device. Because of this, some banks are moving away from SMS passcodes and are now favoring the delivery of codes via an automated voice message. However, the latest android Smartphone malware is capable of obtaining these passcodes as well.

Android.Bankosy malware has been adapted to beat this system of passcode delivery. The malware will simply forward the voice call to the attacker, unbeknown to the victim. This is possible because Android.Bankosy is capable of enabling silent mode on the phone so the user is not aware that a call is being received. If the attacker has the login credentials, a transaction can be initiated. The voice call is redirected to the attacker, and that code is then used to complete the transaction.

BBC DDoS Cyberattack Caused by New World Hacking

Jan 7, 2016 | Cybersecurity News, Internet Security News

On December 31, 2015, the British Broadcasting Company (BBC) suffered a cyberattack which resulted in all of its websites being taken offline for a number of hours. A hacking group operating under the name “New World Hacking” has now claimed responsibility for the BBC DDoS Cyberattack.

BBC DDoS cyberattack conducted to test hacking group’s capabilities

The BBC was chosen not because of some vendetta against the broadcaster, but as a test of the power of the hacking groups servers ahead of planned attacks on ISIS. The hackers behind the BBC DDoS cyberattack did not actually intend on taking down the BBC websites, but it turned out that the servers being used for the attack proved to be “quite strong,” according to one member of the group who came forward.

‘Quite strong’ is something of an understatement. The BBC DDoS cyberattack was the largest ever recorded, with traffic up to 660 Gbps, which corresponds to many tens of thousands of connections. The hackers took down the BBC website using the Bangstresser tool, and used two nodes of attack and “a few extra dedicated servers.” Before the BBC DDoS cyberattack, the largest ever recorded was a 334 Gbps attack on an Asian network operator last year.

Attacks of this size are rare. Few manage more than 100 Gbps and when attacks of this magnitude occur they tend to be fairly short-lived, although while they are being conducted they can cause a substantial amount of damage. Many of the connections will be blocked by network filters, which are capable of identifying spoofed IP addresses, although by no means all. Attacks of this scale are likely to cause a serious amount of damage to enterprise networks.

In this case, the hacktivists were only testing capabilities and the motivation for the attack appears to have been made clear; however not all hackers conduct DDoS attacks to disrupt web services or take down servers. All too often a DDoS attack is conducted as a smokescreen to distract IT staff while the real mission is completed. One part of a network is attacked, while other members of the group attempt to gain access to other parts of the network and install backdoors for subsequent attacks or steal data. This was demonstrated recently by the attack on UK Broadband and mobile phone service provider TalkTalk.

Who are New World Hacking?

New World Hacking is an American group of 12 hackers – 8 men and 4 women – that was formed in 2012. The group has conducted numerous campaigns against terrorist organizations in the past, as well as on other groups and individuals that the hackers deem to be unpleasant or whose views or actions are contrary to the group’s beliefs.

New World Hacking has previously conducted large-scale DDoS attacks and has taken down websites run by members of the Ku Klux Klan, as well as websites depicting child pornography. Other targets include Donald Trump. That attack occurred at the same time as the BBC DDoS cyberattack and resulted in the presidential candidate’s website being taken offline for five hours. The group targeted Trump because of his recent “racist rhetoric.”

The group was also active after the recent Paris terrorist attacks and attempted to identify social media accounts used by ISIS.

The main target of New World Hacking is ISIS. The group is now planning to use its servers for attacks on ISIS websites, and those of ISIS supporters. The group claims to have a list of targets that it plans to attack in the very near future.

A member of the group going by the name of Ownz told the BBC “We realize sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists?” The group aims to unmask ISIS, stop its spread, and end the propaganda.

Ad Injection Software Risk Addressed by Microsoft

Dec 30, 2015 | Cybersecurity News, Internet Security News

The Superfish scandal discovered to affect purchasers of new Lenovo laptops last year showed that ad injection software poses considerable risks to users. Ad injection software risk cannot be easily managed. Even brand new laptops can come installed with software designed to deliver ads to users.  Unfortunately, programs such as Superfish can also be used by hackers to conduct man-in-the-middle attacks.

Hackers can potentially exploit security vulnerabilities in ad injection software. In the case of Superfish, the software was pre-installed on Lenovo laptops. In order to serve ads, the software used a self-signed root certificate that generated certificates for secure HTTPS connections. The software substituted existing HTTPS certificates with its own in order to serve ads to users while they browsed the Internet. Unfortunately, if the password for ad injection software is discovered, as was the case with Superfish, HTTPS connections would no longer be secure. Hackers would be able to eavesdrop and steal user data.

Man-in-the-middle (MiTM) techniques are increasing being used to serve adverts while users browse the Internet, but the ad injection software risk of hackers taking advantage is considerable. The software is capable of network layer manipulation, injection by proxy, and can alter DNS settings. These techniques are used to serve adverts, but this is outside the control of the browser and the user.  Since these programs can be manipulated and exploited by hackers they also pose a considerable security risk, and one that the user is unable to easily address.

Microsoft takes action to reduce ad injection software risk

The ad injection software risk is considerable, so much so that Microsoft is taking action to tackle the problem. By doing this, Microsoft will hand back choice to the user. The company has updated its criteria for determining what software qualifies as Adware, and has recently announced it will be taking action to reduce risk to users and prevent unwanted behavior by Adware.

Rather than the manufacturer of the equipment or developer of the Adware program dictating the browsing experience for users, Microsoft will be handing back control to the user. Microsoft’s policies now demand that “programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal.”

Not only will Superfish-style programs be banned by Microsoft, by March 31, 2016 any programs that are detected will be detected and removed.

New EU Fines for Privacy Violations Up to 4 PC of Annual Sales

Dec 24, 2015 | Cybersecurity News, Internet Security News

EU fines for privacy violations are likely to be issued to companies that fail to implement security measures to prevent their customers’ data from being stolen by cybercriminals. EU fines for privacy violations can be substantial, although the watchdogs that are able to issue them are limited. That is all about to change. The European Union has taken decisive action and will be penalizing companies that do too little to protect their customers.

EU fines for privacy violations apply to any company doing business in EU countries

Last week, negotiators met up in Strasbourg, France, and signed a new deal that will change data protection laws in the EU. It has taken some time for this update to take place, having first been discussed four years ago. There has been much debate about the level to which companies should be held responsible for data breaches, although finally all sides have come to an agreement that better protects consumers, make businesses more responsible, and will not interfere with efforts to bring cybercriminals to justice.

The changes to the law will ensure that more companies are held accountable for their lack of security controls. With the threat of cyberattacks increasing, and a number of major attacks suffered by companies over the past few years, an overhaul of data protection laws in Europe was long overdue.

Current legislation is somewhat patchy, offering limited protection for consumers. Companies in some industries can be fined up to 1 million Euros for privacy violations and the exposure of customer data, while others are allowed to escape without penalties.

The new EU fines for privacy violations will not have a fixed limit. Fines for businesses who are hacked or otherwise expose customer data will be as high as 4% of a company’s global annual sales. The aim of the new law change is to give companies a considerable incentive to invest in cybersecurity protections to keep their customers’ data secure, and improve consumer trust.

The law changes will also require companies doing business in any of the European Union’s 28 member states to disclose data breaches that have exposed consumer data. While privacy groups have welcomed the changes, business groups have not been quite so complimentary.

New EU fines for privacy violations to come into effect in 2018

According to EU Justice Commissioner Vera Jourova, “These new pan-European rules are good for citizens and good for businesses.” She also pointed out in a statement issued after the announcement of the conclusion of the negotiations that consumers and businesses stand to “profit from clear rules that are fit for the digital age, that give strong protection and at the same time create opportunities and encourage innovation.”

It will take a further two years for the new laws to come into effect, with the new EU fines for privacy violations expected to start being issued in 2018.

Data Breach Predictions: 25% of World Population Will Have Data Exposed by 2020

Dec 16, 2015 | Cybersecurity News, Internet Security News

The latest data breach predictions by IDC analysts do not make for pleasant reading. If the data breach predictions turn out to be true, 1.5 billion individuals will be affected by data breaches in the next 5 years.

Companies being targeted by cybercriminals looking to steal consumer data

U.S. companies are being increasingly targeted by foreign cybercriminals. European businesses are similarly suffering more cyberattacks. In fact, companies all over the world are being attacked by criminals looking to gain access to consumer data. It is now no longer a case of whether a data breach will be suffered. It is now just a case of when a data breach will occur.

Companies must therefore be prepared. They must implement a host of security defenses to prevent cyberattacks from occurring, and need to make it harder for hackers and other cybercriminals to gain access to sensitive data. Failure to take action and implement multi-layered cybersecurity defenses will see a data breach suffered sooner rather than later. A breach response plan must also be devised to limit the damage caused when an attack is successful.

Data breach predictions for the next 5 years

The number of data breaches being suffered by companies all around the world has grown considerably in recent years, and the situation is unlikely to change. Based on the current levels of attacks, and the volume of data now being stolen by cybercriminals, IDC analysts made some bleak data breach predictions this month.

They expect that by the year 2020, a quarter of the world’s population will have had data exposed as a result of cyberattacks. That’s 1.5 billion individuals!

IDC also predicts that consumers will increasingly take action when their data are exposed. In fact, we are already seeing consumers boycott brands that have suffered major cyberattacks. Many consumers who previously shopped at Target for instance, have switched retailers following the massive data breach suffered in 2013.

In the UK, many consumers are switching broadband and mobile phone provider after TalkTalk was hacked by a group of teenagers this year. In the United States, there has been considerable fallout as a result of the massive data breaches suffered by Anthem Inc., and Premera Blue Cross. Customers have switched their health insurance to companies that they believe will take better care of their health data.

Data Breach predictions for healthcare organizations

Many cybercriminals have switched from targeting retailers for credit card data to healthcare providers and insurers for Social Security numbers and health information. The value of health data is much higher than credit card information. Once a credit card has been stolen, consumers rapidly shut down their accounts. Credit card companies are on the lookout for suspicious activity and block cards quickly. Healthcare data and Social Security numbers on the other hand can be used for months or even years before identity theft and fraud are discovered. Cybercriminals can use healthcare data and SSNs to defraud individuals and obtain tens of thousands of dollars before fraud is even detected.

The value of healthcare data, combined with the relatively poor defenses put in place by many healthcare organizations, has seen cybercriminal activity increase. The volume of healthcare data breaches has grown considerably over the past few years. Those data breaches are unlikely to stop in the foreseeable future. IDC’s healthcare data breach predictions for next year are bleak. Its analysts expect one in three Americans to have their healthcare data stolen in 2016.

113 million healthcare patients had their data exposed in 2015

The company’s data breach predictions are unlikely to be far off the mark. According to figures from the United States Department of Health and Human Services’ Office for Civil Rights, the agency charged with policing healthcare organizations, over 154 million healthcare patients and health insurance subscribers have had their healthcare data exposed since data breach reports were made public in 2009.

Almost 113 million of those healthcare records were exposed this year. That’s 73% of the total number of breach victims created in the last 7 years! If anything, IDC’s healthcare data breach predictions are overly conservative!

Twitter Cyberattack Prompts Warning of Government-Backed Hacking Campaign

Dec 14, 2015 | Cybersecurity News, Internet Security News

A Twitter cyberattack has prompted the social media network to issue warnings to some users of the social media site. It would appear that attackers have attempted to gain access to the accounts of a limited number of individuals, but those attacks do not appear to have resulted in a breach of user data.

Twitter cyberattack prompts warnings to be sent to site users

The warnings appear to have only been sent to certain United States based users of the website. The emails warn users that foreign government-backed hackers are targeting the site and are attempting to steal user data. According to the warnings, user account data is not believed to have been obtained and, if it has, only a small amount of personal data would have been revealed.

Twitter has offered some suggestions to any users that have been targeted to allow them to take action to reduce risk. They have been told they can switch to the Tor network to access their accounts, or it was suggested they tweet under a pseudonym.

It would appear that the attackers responsible for the Twitter cyberattack are attempting to get the phone numbers, email addresses, and IP addresses. It is conceivable that the individuals were targeted to allow the hackers to send out tweets from the users’ accounts.

The warning alerted users to a “small group of attackers” who are targeting the site. If another Twitter cyberattack is attempted, the social media site will send out a warning email to advise the affected party or parties of the attempted attack.

Latest Twitter cyberattack appears not to be random

The Twitter cyberattack appears to have targeted specific users of the website. The individuals and companies that the attackers have targeted are security experts or activists. Coldhak, a not-for-profit company dedicated to improving privacy, security, and freedom of speech, was one of the organizations that the hackers attacked.

Twitter is currently conducting a full investigation into the attempted hacking of Twitter accounts. The warning indicates that the social media microblogging platform is being ultra-cautious and is alerting users as a proactive step to prevent a breach of customer data, as well as reducing the potential damage caused by an attack.

Both Facebook and Google have recently sent out warnings to users of their services alerting them to suspicious account activity. Those warnings alerted users to activity by foreign government-backed hacking groups. It would appear that Twitter is taking a leaf out of their books.

This is not the first Twitter cyberattack of course. In February 2013, Twitter reset the passwords of 250,000 users after hackers compromised accounts and gained user names, passwords, and other sensitive data. In 2010, the social media site was attacked and Japanese users of the site were directed to porn websites when attempting to access their Twitter accounts.

Retail Industry Cybersecurity Risk is Seriously Underestimated

Dec 10, 2015 | Cybersecurity News, Internet Security News

According to the latest cybersecurity report from Osterman Research, retail industry cybersecurity risk is being seriously underestimated. There is false confidence in cybersecurity protections, and the risk of consumer and business data being exposed is considerable.

Assessing retail industry cybersecurity risk

The retail industry cybersecurity risk assessment was conducted on 125 large retailers during the month of November. The report indicates that even though security vulnerabilities have been identified, the retail industry is not taking the necessary steps to deal with those risks.

Many security holes remain unplugged. In particular, risks associated with temporary workers are not being dealt with. Retailers bring in temporary workers at busy times such as in the run up to Christmas. However, they are introducing a considerable amount of risk when the do so because they are not monitoring the activity of those workers effectively. Many actually believe they are – which is even more worrying.

Temporary workers are often provided with login credentials which are shared instead of giving each temporary worker a separate login. This eases the administrative burden on the IT department. Why create hundreds of new logins that will only be required for a short period of time? Simply give those workers low level privileges and any risk that is introduced will be minimal. Unfortunately, that may not necessarily be the case.

The study showed that 61% of temporary retail floor workers were using shared logins. It is not known whether this is a short cut taken and the risk is known, or whether retailers are unaware of the dangers that the activity involves. Even temporary workers must be given access to some data assets, yet it is impossible for some retailers to identify assets that each of those workers are accessing.

Furthermore, it is not only temporary workers that are being allowed to share login credentials. 21% of permanent workers are also sharing their login credentials.

Retail industry cybersecurity risk is being seriously underestimated

The research indicates that 62% of retailers believe they know everything their permanent workers are doing, and 50% claimed to know what data their temporary workers are accessing. Worryingly, when asked if their IT departments can identify specific systems that individual permanent employees have accessed, 92% said they could. This is clearly not the case in reality.

The study indicated that 70% of retailers gave access to corporate systems to permanent members of retail floor staff. 7% said that permanent workers had accessed systems they were not supposed to and 3% said temporary workers had done the same.

Those figures may actually be much higher as 14% of respondents didn’t know if their permanent workers had inappropriately accessed data. 26% couldn’t tell if their temporary workers were accessing data they shouldn’t. Given the potential gains to be made from gaining access to retail networks, criminals may even be tempted to take a holiday job simply to access to retail systems.

Security awareness training is also not being provided frequently enough. 60% of respondents only conducted training once or twice a year. If workers are not being kept abreast of the retail industry cybersecurity risk, they will not be able to take action to reduce that risk.

Even with the major data breaches and cyberattacks that have recently been suffered by major U.S. retailers, security vulnerabilities persist. Unfortunately, it would appear that retail IT professionals actually appear to believe they are doing a good job. If the measure of how well retail industry cybersecurity risk is being managed is whether or not a retailer has suffered a major data breach, then the industry is in pretty good shape. Unfortunately for the retail industry, if risk is not effectively managed, data breaches are likely to be suffered sooner rather than later.

Amazon Data Breach Risk: Precautions Taken to Protect Customers

Nov 26, 2015 | Cybersecurity News, Internet Security News

Under normal circumstances the Amazon data breach risk is kept to a minimal level. The global online retailer is estimated to have generated $38.42 billion in gross profits between September 2014 and September 2015, and such deep pockets mean the company can invest heavily in cybersecurity protections.

With a company as large as Amazon, excellent data breach risk management strategies are essential. The company is a huge target for cybercriminals and a successful cyberattack has potential to make a dent in its profits. If customer data are obtained by criminals, those customers may choose to buy from an alternative retailer in the future.

Amazon data breach risk discovered in time to prevent a successful hack?

This week, a security scare has forced the company to reset some users’ passwords. It is not clear whether a data breach has actually been suffered, but the retailer certainly believes the risk to be credible as Amazon passwords were not requested to be changed. The company forced a reset.

Amazon.com announced that this was “a precautionary measure” to prevent a cyberattack from occurring. The company believes passwords were “improperly stored” or had been transmitted to the company using a method that could “potentially expose [the password] to a third party.”

The company has sent emails to all affected account holders advising them that they will need to specify a new password when then next login. No announcement was made about the number of users affected.

This is not the first time that Amazon has had a major security scare. In 2010, hackers managed to break through its security defenses and compromised a number of user’s passwords. In that instance, users were warned that their accounts had been compromised.

The Amazon data breach scare could affect more than just your Amazon account

It is not clear whether passwords were actually obtained by a third party. Because of the doubt surrounding the reason for the forced change, any individual that receives an email telling them their password has been reset should also change their passwords on all other online accounts if the accounts can be accessed using the same password.

Many consumers share passwords across multiple platforms, but password sharing is inadvisable. Many online accounts use an email address as the login name. If a password is shared across platforms, one data breach could result in all user accounts being compromised.

Amazon data breach risk management: Two-factor authentication now added

One of the easiest ways to improve protection is to introduce two-factor authentication. Many companies only insist on one factor to authenticate users: A password. Two-factor authentication involves an additional element to verify that the person attempting access is the genuine account holder.

Many global companies have now introduced two-factor authentication; although some have only done this recently. In some cases, the additional security measure was deemed necessary after a data breach was suffered. Twitter being one of the best examples. Google uses two factor authentication for its accounts, as does Facebook. This month, Amazon data breach risk management policies were changed to include two-factor authentication on user accounts. It is not clear why it took the company so long to introduce this enhanced security measure. All users should add it, especially in light of this recent security scare.

Mobile Malware Risk Increase Shown by New Kaspersky Report

Nov 3, 2015 | Cybersecurity News, Internet Security News

A new security report issued by leading Anti-Virus firm Kaspersky Labs has highlighted the growing mobile malware risk, with Adware (intrusive mobile advertising) seeing a huge increase since last quarter.

The third quarter report shows a 3.1% increase in the number of new mobile malware programs discovered by Kaspersky Labs’s Q1, 2015 figures, with a 1.1% increase since last quarter.  In total, Kaspersky products detected 323,374 new mobile malware threats over the past three months. The mobile malware risk appears to be growing.

Only a small increase in mobile malware was recorded since last quarter, but the same cannot be said of mobile malware installation packages.  1,583,094 new installation packages were detected in Q3, which is one and a half times the total discovered in Q2.

There have been some significant changes in the types of mobile malware discovered, with some vectors seeing a fall in prevalence. Trojan Downloaders, Backdoors, Trojans, Trojan-Spy’s and Trojan-SMS’s all decreased in prevalence in Q3. The most significant reduction was in Trojan-Spy and Trojan-SMS malware, which dropped by 1.6 and 1.9 percentage points respectively.

However, the biggest drop since last quarter was recorded for RiskTool, which fell by 16.6 percentage points since the last quarterly report was issued. The RiskTool category includes legitimate mobile programs which are not malicious in nature, but can be manipulated by hackers. This makes them particularly risky to have installed on mobile devices. These programs are capable of terminating processes (such as security applications), hiding processes from the user, and concealing files within the Android system.

There were marginal increases in Trojan-Dropper, Trojan-Banker and Trojan-Ransom detections. The biggest rise by a considerable margin was Adware. Mobile Adware jumped from 19% of detections in Q2 to 52.2% in Q3: An increase of 33.2 percentage points.

Huge Hike in AdWare Highlights Increasing Mobile Malware Risk

Cybercriminals manage to install malware on mobile devices, but how do they actually make money from those infections? Many items of malware log keystrokes and capture passwords and logins used to access Internet banking websites but, the majority of mobile threats involve monetization via advertising. This quarter over half of all mobile malware threats came from Adware.

While the main form of monetization comes from the adverts served, that does not mean that is the only threat to users. Adverts are certainly annoying, and can contain links to malicious websites, but there could well be much worse things happening on your mobile device.

Malware is installed that can root the device and elevate privileges. Hackers can then take full control of the entire device. With superuser privileges, hackers can make changes which even the user of the device would not be able to make. Once this happens, it can be nigh on impossible to eradicate the malware and take back control of the device. It may also be virtually impossible to tell if a device has actually been attacked.

This quarter, the malicious software capable of doing this accounted for over half of the most popular malware items affecting mobile devices. The most common malicious program recorded by Kaspersky Labs, by some distance, was DangerousObject.Multi.Generic. This malware item accounted for 46.6% of attacks. The next biggest threat came from Trojan.AndroidOS.Rootnik.d which accounted for 9.9% of attacks in Q3.

How did Kaspersky Labs Produce the Report?

The latest Kaspersky report was compiled from data collected from the Kaspersky Security Network (KSN), which includes multiple anti-malware products and components. Kaspersky collected data from over 213 countries from users who had provided consent to send data from their devices to KSN. This global information exchange allows current threats to be accurately monitored. Data sharing is vital in the fight against cybercrime.

Countering the Mobile Malware Risk

Anti-Virus software such as that produced by Kaspersky Labs can be used to reduce the mobile malware risk and prevent mobile devices from being attacked. An additional control that should be considered, especially by companies allowing the use of personal devices in the workplace, is to install a web filtering solution to prevent users from accessing websites known to contain malware. This will reduce the mobile malware risk considerably.

SpamTitan web filtering software offers excellent protection and compliments AV software programs. The web filter prevents users from visiting risky websites, even when phishing links are clicked.It is one of the best ways to reduce mobile malware risk levels, although to reduce mobile malware risk to a minimal level, a multi-layered risk management strategy should be adopted.

Critical Joomla Vulnerability Discovered

Oct 29, 2015 | Cybersecurity News, Internet Security News

Operators of websites running on the popular Joomla CMS have been alerted to a remote takeover risk following the discovery of a critical Joomla vulnerability. Approximately 2.8 million websites use the Joomla Content Management System, with the CMS second only to WordPress in terms of market share.

Joomla version 3.4.5 has now been released and contains a patch to plug the security hole that has existed for close to two years, although any site still running on previous versions will be particularly vulnerable to attack. Should a hacker successfully exploit the vulnerability, it would be able to obtain administrator privileges for the website, allowing full control to be handed over to the hacker. It would be possible for all data and content to be stolen and for the owner of the website and all other site users to be locked out.

The vulnerability, discovered by Trustwave SpiderLabs, affects version 3.2 and above and can be exploited using a hacking technique known as SQL injection. All users of versions 3.2 to 3.4.4 are at risk since this critical Joomla vulnerability affects as core module of the CMS, not an extension. Two other security flaws were also patched by the new release.

SQL injection is a common technique used by hackers to gain access to websites. The attacks are conducted by entering in SQL commands into text fields on the front end of website. These commands are misinterpreted by the web application. Instead of treating the input as plaintext, it is interpreted as executable code. As such, if the right commands are entered, the websites can be hijacked. Numerous cyberattacks have been successfully conducted using this very straightforward technique, including the recent hack of mobile and broadband provider TalkTalk.

Critical Joomla vulnerability can be used to gain access to the administrator control panel

Once access has been gained, files can be downloaded including confidential customer information. Since Joomla is used to create e-commerce websites, customers who have previously purchased products through Joomla websites could have their confidential information stolen.

This critical vulnerability can be exploited to extract a browser cookie which can be used to provide the attacker with administrator privileges. If that cookie is loaded into the browser, the hacker can gain access to the back end of the website and can access the administrator control panel. The code required to exploit the vulnerability has already been posted online.

It is therefore imperative that all administrators of Joomla sites update their website software immediately and patch the critical Joomla vulnerability in order to secure their sites.

The importance of updating software patches as soon as they are released

Zero-day vulnerabilities are frequently discovered in popular website applications and content management systems. A failure to install patches promptly leaves websites particularly vulnerable to attack. Code used to exploit the vulnerabilities can easily be found online, and is commonly shared by hackers, white hat and black hat – via online hacking and software development communities. Once an announcement has been made, there will be many amateur and professional hackers willing to exploit the vulnerability. Should that happen, data can be deleted, access rights changed, and customer data stolen.

Google Tackles Ad Injection Malware Threat

Oct 27, 2015 | Cybersecurity News, Internet Security News

Organizations face a growing risk of sensitive data being compromised by ad injection malware. The latest figures released by Google suggest that an organization employing 100 individuals is likely to have at least five computers infected with ad injection malware.

This form of malware causes adverts to be displayed to the user that would not normally appear when visiting websites. The malware infects their browsers and results in annoying adverts being displayed, some of which contain links to legitimate retailers. Others contain much more sinister content. With little control exerted over the individuals placing the ads, cybercriminals are able to take advantage and place adverts containing links to malicious websites.

However, that is not the only security risk. When the malware infects a browser it causes changes to how websites are displayed. A connection to a website would be secured under normal circumstances, preventing third parties eavesdropping on the session. Unfortunately, when a browser is infected, the process used to encrypt the connection is broken. Sessions are no longer encrypted, and any data entered by the user could potentially be seen by a hacker or cybercriminal monitoring their connection.

When accessing a webpage via an open Wi-Fi network, an eavesdropper could quite easily listen in on the session. Usernames and passwords could be revealed as well as other confidential information.

Lenovo laptops were pre-installed with ad injection software

Potentially a user could avoid having their browser infected with the malware, but not if they bought a Lenovo laptop. Even brand new, straight-out-of-the-box laptops had been “infected”. In this case, by Lenovo. They have been shipping brand new laptops with legitimate software installed that inserts adverts into Google searches. The software in question is called Superfish and it functions as an image search engine.

Superfish is able to show adverts by using a root certificate which replaces a trusted website’s security with its own. This is how it is able to display adverts. Unfortunately, the security used by Superfish can easily be cracked. In fact, it already has been, so any Lenovo computer with Superfish installed cannot be used to securely browse the Internet. On an open Wi-Fi network, even a secure website such as an online banking site would not be secure.

Anyone not wishing to lose their privacy could uninstall Superfish. Unfortunately, if the software is uninstalled the security hole remains. The owner of the laptop will be permanently at risk of having their privacy violated and their internet surfing monitored. A problem for any employer allowing Lenovo laptops to be used for BYOD.

Google takes action to protect Chrome users

This type of “malware” is not new of course. The problem is the number of new applications and browser extensions that allow this form of advertising. Google has recently removed approximately 200 Chrome extensions from its web store that are capable of injecting ads into otherwise secure sites. Unfortunately, Google has discovered approximately 34,000 standalone applications that are able to inject ads when users browse the internet. There are approximately 50K Chrome extensions that allow ad injection according to Google researchers.

The solution for now, for employers at least, is to ensure that they do not use open Wi-Fi networks in the workplace. This will prevent any eavesdropping even if a user’s browser has been infected. BYOD participants should be instructed on the risk of using open Wi-Fi networks and told never to use their devices to access work accounts using public Wi-Fi hotspots.

2014: The Year of the Data Breach

May 20, 2014 | Cybersecurity News, Internet Security News

May is not yet over. There are still seven months to go before 2015 arrives, yet Internet security experts are already calling 2014 the year of the data breach. The situation is bad and it is expected to get worse. Before the year draws to a close, many millions of Internet and email users will discover they have had their computers infected with viruses or have become victims of Internet fraud.

The U.S. Healthcare industry has been hit particularly hard this year. In February, Anthem Inc. discovered a hacker had infiltrated its computer network and stole 78.8 million insurance records. Just days later, Premera Blue Cross, another U.S health insurer, uncovered a similar cyber attack that exposed the records of 11 million subscribers. The month of February was just over halfway through, but more confidential healthcare records had been exposed than in the whole of 2012 and 2013 combined.

Then there was the cyberattack on Target. Up until February 1, Bloomberg BusinessWeek calculated the retailer had spent approximately $61 million to cover data breach resolution costs. All three of these data breaches were suffered by large organizations who had invested heavily in data and network security systems. Yet despite the investment they still suffered massive data breaches.

What makes the Target data breach stand out though is the fact that the company’s security system actually detected the intrusion. For some reason, Target decided to do nothing about it. To state the obvious, this was a mistake. So far over 100 separate lawsuits have been filed against the retailer, in the most part citing negligence for failing to protect customer data and not taking action quickly enough when the breach was discovered.

The attack exposed the records of over 110 million customers and the banks have already been forced to spend in excess of $200 million as a result. When the lawsuits are resolved, the final cost of the data breach doesn’t even bear thinking about. Typically, data breach victims seek damages of around $1,000 a head.

Then there was Heartbleed. For those who somehow missed it, this was one of the biggest and potentially most serious security vulnerabilities ever discovered. It would appear that the bug was identified in time to allow companies to prevent it from being exploited. However, that is difficult to ascertain with any degree of certainty. If the security vulnerability was exploited, there would be no way of telling whether data had been stolen.

The cost of plugging this security hole was considerable. Companies were forced to take rapid action to secure their networks and computers before hackers could take advantage. The same cannot be said of consumers. It would appear that little has been done to protect against the bug. Following the announcement very few individuals have even changed their passwords or taken other steps to protect themselves.  A recent survey conducted by MarketWatch indicates that little has been done because consumers are not even aware of the Heartbleed bug. Half of those surveyed had never even heard of it, let alone the actions they need to take to protect themselves from attack.

Many of the major data breaches suffered this year did not actually occur in 2014. Hackers first gained access to networks last year or even earlier. This was the case with Anthem, Premera, and also Neiman Marcus, another major data breach uncovered this year. That attack was also discovered in February 2014, which could become known as “the month of the data breach”.

For the past eight months, Neiman Marcus’s systems have been open to hackers. Such a breach should have triggered the company’s security system. Which it would have approximately 60,000 times had that security feature not been inadvertently turned off. Suspicious server activity was unfortunately not being monitored.

These data breaches have proved very costly indeed. According to the Ponemon Institute, the cost of resolving data breaches has increased again this year making matters worse for companies attacked by hackers.

Security systems are excellent, but what about the security staff?

It is all very well installing multi-million-dollar cybersecurity defenses, but if skilled staff are not employed to interpret the data, when networks are infiltrated by hackers intrusions may not be discovered until many months later. This was certainly the case at Neiman Marcus, but also at Target. Had the system been checked, Target would have been made aware that its defenses had been turned off. It took a full post-breach audit to determine this was the case. This should have been checked on a regular basis. Doing so may not have prevented the breach, but it could have reduced the damage caused.

The problem for many IT departments, CISOs and CIOs is a lack of funding. Organizations appreciate that money must be allocated to counter the cybersecurity threat, but too little is being spent. This was highlighted by the Ponemon Institute study. Respondents indicated that a doubling of the security budget is necessary to counter the threat, install better security, allow audits to take place, and to employ the staff necessary to monitor systems for signs of attack. If security budgets do not increase, data breaches certainly will.

Will Your Brand Image Survive a Data Breach?

Apr 8, 2014 | Cybersecurity News, Internet Security News

Consumers are spending less in bricks and mortar stores, and more people are looking for goods and services online. On top of this some major retailers have suffered data breaches which have tarnished their reputation. For Target, the data breaches it suffered have had a serious impact. Sales have been lost to competitors as a result.

According to a Cowen & Co.’s tracking survey, there has been a decrease in customer satisfaction. The survey indicates there has been a fall in satisfaction in the overall shopping experience and ratings for customer service have also declined.

The data show that reputation and brand image do have an impact on shoppers’ behavior. They will go elsewhere if they do not trust a retailer.

Target is one of the biggest retailers in the United States. What would be the impact on a small to medium sized organization? Would it be possible to weather the storm after a massive data breach has been suffered?

Data Breaches Can Cost SMBs Dearly!

The cost of a data breach can be considerable. The Ponemon Institute has recently quantified this. In a recent survey, 850 executives were asked about reputation damage following a data breach. 44% of respondents said it would take between 10 months and 2 years to recover from damage to reputation following a data breach. For some companies the effect will be felt for much longer. If they manage to stay in business that long!

Not all breaches have the same effect on a company’s reputation. Consumers are aware that security breaches are now a fact of life, but they are likely to be unforgiving if their Social Security numbers, credit card numbers, or bank account details are obtained by criminals.

The potential financial losses for a company can be considerable. Ponemon’s study suggested that brand image damage can cost between $184 million and $330 million. Best case scenario? You are likely to lose 12% of your brand’s value.

Your Competitors are Waiting to Take Advantage

All companies are likely to suffer a data breach of some description, yet many are ill prepared to deal with a security breach when it occurs. If a breach response plan is developed prior to a security incident being suffered, this can reduce the damage caused.

It is possible to win back the trust of customers after a breach, but it can be a long and difficult process. It is not actually clear whether a company’s reputation can ever fully recover. After all, today’s marketplace is particularly unforgiving. There is simply too much competition and plenty of competitors who will be ready to take advantage.

If your reputation is damaged, it will have an impact on your bottom line. Customers will change brands and there will be class-action lawsuits filed as plaintiffs try to recover damages. Revenues are likely to fall, and regulators may also issue costly financial penalties.

Fortunately, there are a number of actions that can be taken to reduce the risk of a data breach being suffered. Should the unthinkable happen, they can also reduce the severity of the breach. Think of data security investment as an investment in your brand image. That must be protected at all times.

Boston Bombing Video Used to Infect Computers with Malware

Apr 17, 2013 | Cybersecurity News, Internet Security News

Terrorist attacks are occurring with increasing regularity around the world, but it is still rare for one to happen on American soil. However, on Monday an attack took place at the Boston Marathon. The tragedy claimed the lives of three people.

It is at times like this that vigilance must be increased. Criminals often use events such as this to infect computers with malware. Big news events are often used to lure victims into clicking on links to websites infected with malware or convince them to open malware-infected email attachments. The Boston bombing is no exception. Criminals have seized the opportunity already and have started sending emails about the tragedy which contain links to infected sites.

SpamTitan is alerted when spam and phishing emails are captured. The quarantine reports are collected and analyzed, and some of the recent crop of captured messages contain titles such as “Explosion at Boston Marathon” and “Boston Explosion Caught on Video.” When news breaks, people want to find out what has happened, and images and videos of the event are sought online. Videos of the Boston bombing are being searched for on Google and social media, and emails including links to videos are likely to be clicked.

Anyone clicking one of the links in the emails will be directed to YouTube where a range of videos are listed. No harm is immediately caused.

However, after 60 seconds the visitor will be notified of a file called “boston.avi____exe”, and are asked to download it. If the file is run, it will install malware which will connect to servers in three locations: Argentina, Taiwan and Ukraine. Data from the infected machine will then be sent to those servers. SpamTitan software will prevent the email from being delivered using a variety of methods, thus protecting the user. Individuals without this software installed are unlikely to even be aware that their computers have been compromised.

Be wary about emails containing news alerts

Cybercriminals often use news events to spread malware and gain access to computers and servers. Each major news story, whether it is a terrorist attack, election result, natural disaster or celebrity wedding, will see numerous phishing and spam campaigns launched. Many of these campaigns see emails sent out randomly, often in the millions.

Any company that does not have a spam filtering solution in place is likely to see many of these emails delivered, and all it takes is for one end user to click on a link and download a file for a network to be compromised. It is not only malware that is a problem.

There have been a number of new websites registered in the past two days related to the Boston bombing. New domains have been purchased by individuals looking to capitalize on the attack. Some have been bought and are currently just parked. Some individuals have purchased the domains to prevent them from being used by scammers. Others have been activated and are seeking donations to help the families of the victims. Of course, any donations made through those websites will just go into the criminal’s pocket.

In addition to installing a spam filter to catch email spam, and employing a web filter to block links to malicious websites, be sure to adopt the following best practices and make sure that staff members do the same:

Don’t become another victim of a scam!

• Check the email address of the person sending the email even if it appears to be from someone you know
• Never click on a link in an email unless you are sure that link is genuine
• Do not open attachments contained in emails from strangers
• Be wary about opening attachments sent from friends. Their account may have been compromised or they may not realize they are sending an infected file
• Never open executable files (those that end with .exe)
• Never respond to an email request for money. If you want to donate, do so via a trusted, registered charity. Always visit the website via the search engines, not the link contained in the email
• Make sure a charity is registered before making a donation
• Be wary of any email sent to you containing information about a news event – who is sending it? How did they get your email address?
• Do not forward or share suspicious emails or links