June 9th, 2014
Ransomware has surged in popularity for attackers over the past year. In a ransomware attack, a user’s files are encrypted and only released once a ransom is paid. Usually, this type of malware finds its way onto a user’s device through a malicious email attachment, or phishing website set-up specifically for infection. Neither of these methods are particularly efficient for criminals, however. That’s why, as Jeremy Kirk reports at TechWorld, ransomware attacks have begun appearing in conjunction with malicious advertisements on trusted websites.
Disney, Facebook and the Guardian Newspaper’s website were all found to be hosting malicious ads by Cisco Systems, who called the practice “insidious”. Also known as malvertising, legitimate websites are tricked into displaying ads that redirect users to malicious domains. While advertising networks are working hard at protecting websites against malvertising, their security is far from perfect, which leads to attacks like these.
For users, not only is the website trusted, but so is the ad. The advertisement of legitimate and trusted companies is shown, but while the user is expecting to visit that company’s website, a click actually delivers them to a site that downloads malware to their device.
In the attacks noticed by Cisco, an exploit kit on the malicious site checked for any vulnerabilities in a user’s version of Flash, Java or Silverlight. Those who hadn’t patched vulnerabilities were exploited and a ransomware relative of Cryptolocker, called CryptoWall, was installed. CryptoWall then encrypted files and demanded a ransom. The longer a user delays, the higher the ransom gets.
The group behind the attacks hasn’t been identified yet and no real protection is being offered. To avoid infection, you could avoid clicking on any advertisements online, but even that doesn’t protect you against attacks that only require the display of malvertisements. A better course of action would be to ensure that all of your applications are fully updated and patched. Then, be aware of what you’re clicking on and what website you expect to load.
If any of your devices are infected with malware, come to Geek Rescue or give us a call at 918-369-4335.
June 4th, 2014
Cryptolocker unveiled itself in 2013 as one of the worst malware threats on the web. Victims saw their files encrypted only to be released after a ransom payment was made, and even then sometimes the files would remain inaccessible. A new spam email scheme, as reported on the Symantec blog, uses the Cryptolocker name, but actually infects users with another form of crypto malware.
While the malware used in this attack isn’t Cryptolocker, it performs similarly. Users’ files are encrypted and a ransom is demanded. The use of the Cryptolocker name is perhaps to convince users that there’s no way around the encryption. Cryptolocker uses notoriously difficult, or nearly impossible, to break encryption. While this threat’s encryption hasn’t been closely analyzed, it’s likely that it hasn’t been crafted as carefully.
The attack begins with an email arriving appearing to be from an energy company. Users are told that they have an outstanding debt on an electric bill. That should be the first clue for most users. In this sense, this particular threat is more believable than others. Many companies, including electric providers, often send an email to customers telling them their latest bill is ready.
The message contains a link supposedly allowing users to view their bill. It directs them to a website containing a CAPTCHA. The number you’re directed to enter never changes, however. From there, users arrive on a page with a link to download their bill. It downloads as a file disguised as a .PDF. Again, this is all fairly believable.
Opening that file, however, immediately causes files to be encrypted and a text file pops-up informing the victim that they’ve been hacked with Cryptolocker. They’re informed to send an email to a provided address to start the ransom process.
There’s an added feature to this attack also. The malware checks to see if the user is running email client Outlook or Thunderbird. If you are, your contact list is stolen and sent to the attacker, presumably to help spread the malware to more users.
As with any other crypto attack, the key is to avoid infection. Once your files are encrypted, it’s extremely difficult to unlock them. Avoid these threats by being extremely cautious about following links in emails and downloading attachments. Also, regularly back-up your important files in case they’re encrypted or corrupted.
For help recovering from a malware infection, call Geek Rescue at 918-369-4335.
June 3rd, 2014
About two months ago, the Heartbleed bug was the scourge of the internet. Since then, websites have scurried to update and patch the vulnerabilities that could potentially lead to the theft of their users’ data. As Jeremy Kirk of Computer World reports, the Heartbleed name is still being used to strike fear into users only now it’s in association with a phishing scam.
Security firm TrendMicro reports that spam emails are being distributed that promise a “Heartbleed removal tool”. Individuals who have some understanding of what Heartbleed is will understand that it isn’t a virus or malware that can simply be removed. But, others who are familiar with the name ‘Heratbleed’ but unfamiliar with any other details are being fooled.
The attachment to these emails, the supposed removal tool, is actually a keylogger, which is used to record the keystrokes of the user and sends them to the criminal who launched this attack.
Given the apparent misunderstanding of Heartbleed, this scam is already poorly constructed, but it falls apart even more when you consider the content of the email. While the body contains a warning about Heartbleed and urges users to run the attached removal tool, the subject line reads “Looking For Investment Opportunities from Syria”. A more spammy email subject has rarely been written and, of course, the subject and body don’t match.
These characteristics make this particular scam easy to spot for users and spam filters, but criminals trading on the Heartbleed name isn’t likely to stop anytime soon. Be wary of any email, even those purporting to be from legitimate companies, that advises you to protect yourself from Heartbleed. Don’t follow links in those emails and don’t download the attachments.
If your computer is infected by malware, Geek Rescue is here to help. Call us at 918-369-4335.
June 2nd, 2014
For businesses, creating a secure IT infrastructure is difficult even if you’re only working with a handful of desktop computers that all run the same operating system and applications. Complications come from adding new devices, especially when employees begin using their own personal devices on your network. In most cases, it’s not the devices themselves that cause problems, but rather the apps they’re running. At Beta News, Ian Barker explains how mobile apps threaten the security of your business.
Even for individual users, relatively secure smartphones are exploited through security vulnerabilities in mobile apps. These aren’t malicious apps, but rather legitimate apps that contain flaws and hold high risk permissions.
According to studies, the average smartphone contains about 200 apps. This includes apps that come pre-installed from the manufacturer or service provider and those that the user downloads themselves. Each app averages about 9 permissions, or abilities to access and use your phone’s data, which includes access to your social media profiles, location and more. Of these nine permissions, about five would be considered high risk on average for each app. This means if the app were exploited, a criminal could cause significant harm to your device, or to your finances and identity, through these high risk permissions.
For businesses, this introduces hundreds of potential vulnerabilities for each employee and multiple data leaks associated with each vulnerability. Mobile security specialist, Mojave, categorizes about half of the mobile apps they examine to be at least moderate risk, which means they have access to a large amount of valuable data and don’t have a large amount of security associated with them.
Keeping your business secure requires close attention to not only every device that connects to your network, but also every application that device is running. Without that, you risk an employee opening the door for an attack that compromises your company’s data, or your customer’s.
For help securing your business, or recovering from an attack, call Geek Rescue at 918-369-4335.
May 30th, 2014
Implementing proper security features on your computer isn’t high on most individual’s priority list. The assumption is that it will take hours to install new antivirus software and make other necessary changes. But, in reality, some significant improvements can be made in just a few minutes. Andy O’Donnell of About offers his “10-minute security tune-up”. While these won’t make you computer immune to malware infections, they are helpful.
Whether it’s your operating system, browser, antivirus program or other applications, it’s important to keep them updated and install the latest patches released by the developer. It’s a quick and easy process, but it protects you from some of the most dangerous threats to your PC. Patches and updates are often released to fix a vulnerability that has been demonstrated to be exploitable by criminals. So, failing to install these updates leaves a known security flaw open. That’s like asking for trouble. Similarly, updating your antivirus program allows it to stay up to date with the latest recognizable threats so it can identify them on your PC or stop them from infecting it in the first place.
Most users have an antivirus scanner installed on their PC, but have you ever considered the need for a second one? Even if you keep a trusted antivirus program updated, it’s still likely to miss a few threats. Some experts suggest adding a second antivirus scanner to identify problems that would have slipped through. This can potentially cause issues if both antivirus programs are set to actively scan at all times. Instead, you may consider using your primary antivirus program at all times, then run additional, regularly scheduled scans with your secondary scanner.
Regardless of how many security tools you put in place, there is always the chance of a catastrophe. Cyber attacks grow more intelligent every day and it’s impossible to close every potential vulnerability. Even if your PC isn’t taken down by malware, you could lose your data because of a hardware issue or natural disaster. That’s why it’s important to regularly back-up all the important data stored on your hard drive. With cloud storage readily available, you can even store it off site so the loss of your computer doesn’t mean the loss of your back-ups.
As mentioned, no security is perfect. If any of your devices are infected with malware or you’re experiencing other issues, call Geek Rescue at 918-369-4335.
May 29th, 2014
Microsoft ended support for their operating system, Windows XP, on April 8th. Since then, users continuing to use XP have been at risk of attacks via known exploits because no patches are being released to fix them. One security expert has discovered a potential workaround, however. Gregg Keizer of ComputerWorld explains how users could trick Microsoft into delivering patches to their outdated operating system.
To understand this hack, you first need to get to know another Microsoft operating system, Windows Embedded POSReady 2009. In this case, POS stands for point of sale. This operating system was developed for use in cash registers, ATMs and other point of sale devices. It shares the same core as Windows XP, however. It also will enjoy support from Microsoft for another five years.
So, the security experts hack involved tricking Microsoft into thinking an XP system was actually an Embedded POSReady 2009 system. The updates and patches delivered aren’t developed specifically for XP, but the environment is close enough that they reportedly don’t cause crashes, blue screens or other errors.
Before you start thinking that this will keep your XP machine protected for five years, understand that neither Microsoft, nor the security expert who developed this hack, is sold on it effectively patching vulnerabilities. A Microsoft spokesman told the public that these patches intended for POSReady 2009 won’t fully protect XP users. Microsoft’s stance is that users need to upgrade to Windows 7 or 8 as soon as possible.
However, some businesses have built their entire infrastructure on XP and upgrading isn’t a simple option. For those individuals, wouldn’t doing something to protect themselves be better than nothing?
Doing something is certainly preferred, but implementing this hack might not be the smartest choice. Instead, switching web browsers from Internet Explorer to Chrome or Firefox should be an XP users first move. Both Google and Mozilla have continued support for their browsers used with XP. There are also security tools to implement that would help protect against the gaping, known security flaws in XP. It’s not a patch that ends the possibility of an exploit, but it is additional protection.
Whether your computer has been infected, or you’d like to improve security, call Geek Rescue at 918-369-4335.
May 28th, 2014
No doubt you’ve heard about and read about the capabilities, features and benefits of transitioning your business, or at least a portion of it, to the cloud. Before diving into it, however, you’ll need to carefully assess your needs. At Beta News, Andy Lancaster published a list of key areas to consider that will affect the transition to the cloud and the operations of it.
Most likely, your on-site IT solutions have been built to handle the peak workload of your operations. This means that much of the time, assets and resources are being wasted, which means money is being wasted. The advantage of the cloud in this context is that it is flexible and able to quickly scale up and scale down. A careful assessment of your assets and their use will allow you to accurately gauge your needs and plan for peak usage.
Transitioning to the cloud can be a tricky process. Before moving any of your storage or applications off of your on-site servers, you’ll want to carefully consider which will be best served on the cloud and what order they’ll need to transition. Not every application will offer benefits by being in the cloud and some may need to migrate at a different time than others. Planning ahead allows to save on costs, reduce downtime and results in a better, more stable environment.
Some applications can be moved directly from a physical server environment to the cloud with little to no alterations. Some require more attention, however. Effectively integrating some applications with the cloud may require “re-architecting” in order to efficiently host them. This could affect your decision to transition that application to the cloud so it’s important to consider this factor.
Security is a primary concern for businesses integrating with the cloud. You’ll want to consider where data will physically reside, how the data center is protected and who will have access and maintenance responsibilities. Also, think about how you handle security in your organization now and consider how integrating the cloud could complicate, or streamline those operations.
Most likely, you’re conducting regular back-ups and planning for disaster recovery in-house currently. Transitioning these responsibilities to the cloud frees up resources and IT staff. Be sure to consider how you’ll re-appoint staff and think about if you’ll be able to get rid of servers and other hardware.
Introducing the cloud to your company’s IT infrastructure can save time and money, but it needs to be done intelligently.
At Geek Rescue, we help you use the cloud effectively for the maximum benefit to your business. To find out more about cloud solutions, call us at 918-369-4335.
May 28th, 2014
Identity theft and malware infections are two of the biggest security related worries for internet users. Unfortunately, both often stem from a lack of security for social media sites. Facebook, Twitter and other popular social media platforms are continuously working to make users safer, but you can take some additional steps on your own too. At Gizmodo, David Nield offers a few tips for how to make your social media accounts nearly unhackable.
- Two-Factor Authentication
Most of your social media accounts require nothing more than a password to log-in. When you stop and think about how much valuable information is available to anyone with access to your account, however, you’ll likely decide that more protection is needed. With two-factor authentication, you’ll log-in with a unique PIN sent directly to you via text message or through a mobile app. No device will be able to access your account without first going through this process. For Twitter, head to the ‘Security and Privacy’ menu in ‘Settings’ to enable two-factor authentication. Similarly on Facebook, the option is found under the ‘Login Approvals’ section of the Security Settings page.
Instagram, Facebook, Twitter and many other social media sites allow users to add apps to their profiles for extra features. These may be related to games, photo sharing and editing or a number of other uses. These apps often create a security flaw that allows criminals to hack your account, however. While having no apps is the safest, that may not be realistic. If you’d rather not sacrifice apps entirely, regularly audit your apps and remove those that you no longer use or that the developer is no longer updating.
Phishing scams have infiltrated social media through instant messages, or in the case of Twitter, malicious tweets and profiles. Clicking on a bad link often leads users into trouble, but the most popular web browsers have some protections in place for these scenarios. Users must keep their browsers up to date, however, in order to be protected. Even with these security features, it’s a good idea to avoid any link you’re not absolutely sure about.
On the devices you use the most, your social media accounts are likely available without the need to sign in. No one wants to enter their password every time they check Facebook or Twitter on their smartphone, but what happens if your phone is lost or stolen. Now, whoever finds your device can look through your profiles, send out messages and steal whatever personal information is available. To limit this possibility, make sure to put a secure lock on your device. Require a PIN, password or pattern to be put in whenever the screen turns off.
In addition to these suggestions, it’s also a good idea to use a strong, unique password for each account and change it regularly, especially when there’s news of a large site being hacked.
If you’ve been the victim of an attack through social media, email or another source, bring your infected device to Geek Rescue or call us at 918-369-4335.
May 27th, 2014
Apple devices are extremely popular, which unfortunately makes them a target for theft. To combat this as much as possible, Apple includes features to help users find lost or stolen devices, but these features contain security vulnerabilities of their own. The latest reports, as noted by Loek Essers of TechWorld, center around the “Find My iPhone” feature and a form of ransomware.
When ‘Find My iPhone’ is enabled, users are able to track it to see its current location or lock the device and display a custom message. Users are reporting that their iCloud accounts are being hacked and ‘Find My iPhone’ enabled on their own devices, however. A message informing them that they’ve been hacked by “Oleg Pliss” is displayed and a $100 ransom is demanded.
Users have also reported that while they’re able to log-in to their Apple accounts, they’re unable to disable Lost mode and unlock the device on their own.
At least for some of the victimized users, the problem may stem from the eBay hacking from earlier this month. Some users admit they use the same passwords for their Apple account as they did for eBay.
For now, Apple has been silent on the issue and hasn’t officially suggested a way to unlock hacked devices. The only fix to be found so far is to restore the device to factory settings.
It’s not just iPhones that have been affected either. All Apple device have a similar feature to help find them when they’re lost or stolen and all are vulnerable to this same ransom tactic. So far, users in Australia, Great Britain and Canada have all reported being hacked, but no users from the US have had the same problem.
Before the problem spreads to the US, it’s a good idea to change your passwords, especially if you held an account at eBay that may have been compromised.
If any of your device are hacked, infected with malware, or break, bring them to Geek Rescue or call us at 918-369-4335.
May 22nd, 2014
Microsoft’s Silverlight plug-in, which has features similar to Flash and is used for a variety of rich media applications on websites, including Netflix, is leaving users vulnerable to exploits. As Mathew J. Schwartz reports for Dark Reading, outdated versions of Silverlight contain vulnerabilities that lead to malware infections.
Up until recently, vulnerabilities in Silverlight were largely ignored by attackers. In late April, however, a pair of security flaws came to light and drew the attention of a number of exploit kit developers. In many of these attacks, malicious code is hidden in ads displayed by legitimate advertising networks. When these ads are displayed on websites that a user with an outdated version of Silverlight visits, malicious files can be installed.
While these vulnerabilities only exist for users who have failed to keep Silverlight updated, it seems that there’s a large number of users vulnerable and a large number of successful attacks stemming from these flaws. Currently, Silverlight is the most popular target for exploit, according to a report from Cisco.
Part of that popularity stems from the development of exploit kits. These kits are basically attacks in a box that any individual can purchase and launch without the need for any real expertise. These particular Silverlight flaws have made the development of exploit kits fairly simple, which has meant that many are being created at a rapid pace.
Silverlight is the latest, but certainly not the only plug-in that has caused security issues. In 2013, 85-percent of successful attacks involved an exploit of a third-party plug-in like Java or Adobe products like Flash or Reader.
The biggest danger in these plug-in exploits is businesses who are shockingly unprepared for them. Only 29-percent of businesses who were hit with this type of exploit in 2013 were able to discover the breach themselves. In some cases, they were unaware until their client base informed them of a problem.
If you’ve been the victim of an attack and need help clearing the malicious files off your computer and network, or if you’d like to find out more about properly securing your company, call Geek Rescue at 918-369-4335.