January 30th, 2014
Planning is a key step to effective data security for your business. If you know how you’re likely to be attacked, you’ll know how to best protect yourself. At PC World, Tony Bradley published a list of security threats he expects to be common throughout 2014.
The time when you could consider your smartphone immune from the dangers of malware has passed. With a large percentage of the population not only using mobile devices, but using them to access critical data, criminals have begun heavily targeting them with mobile-specific malware. And infection can stem from a number of places. Email, malicious links and text messaging are all popular modes of malware infection, but even connecting to an infected computer via USB has been the root of infection in some attacks.
You’ve likely seen this buzzword in the media and it refers to the growing number 0f items with internet capabilities. Your refrigerator, car, home security system, baby monitor and many other common items can now be online and controlled remotely. While this may present a convenience for you, it also poses a security risk as hackers may also be able to gain control of your things. We’ve already seen a refrigerator used as part of a botnet. Be aware that if an item in your home or business can connect to the internet, it can be hacked.
Patches and security updates for this operating system will be discontinued by Microsoft this April. While Microsoft Security Essentials will receive support until the summer of 2015, this still presents a significant security issue. A large portion of the world’s desktop computers, particularly in offices, are still running XP. Worse is that kiosks and other embedded devices also run off of XP. When Microsoft stops supporting their old operating system, developers will also likely stop releasing updates for their XP applications. This leaves users in a frozen state where known exploits won’t be fixed. Some security experts are forecasting that hackers will wait until support stops and then launch all out attacks on XP systems.
Due to the success of attacks, like those on Target and Nieman Marcus, expect large scale data breaches to continue. Cyber criminals understand how valuable data can be and are willing to launch intelligent attacks to steal it. Staying protected requires planning, putting proper security tools in place and being smart about what you download and who you allow on your network.
For help improving the security at your company or on your home PC, call Geek Rescue at 918-369-4335.
January 28th, 2014
The threat of Cryptolocker style malware has been around for months, but evolving threats continue to emerge. Copycats and other forms of ransomware are being churned out due to the ease of production and the immediate benefits. As Ken Westin reports for State of Security, the latest variant of Cryptolocker is being spread through Yahoo messenger.
The malware was first spotted in Asia where it victimized a number of financial institutions. The nature of this ransomware allows it to spread quickly, however. Much like a malicious email that infects one computer, then emails itself to every contact in a user’s address book, this malware infects a computer and then sends a malicious file to contacts through Yahoo messenger.
First, you receive a message from a contact on Messenger. It appears to be an image file called “YOURS.JPG” but the actual extension is .exe. With some clever social engineering, users are coaxed to download and open the file. Once opened, the malware goes to work adding files to your system and injecting code into memory. Eventually, the malware begins encrypting files and locking down your computer.
Users are presented an alert that their files are encrypted and given a ransom note that demands payment to unlock their computer. New encryption keys are used in each attack, making decryption particularly difficult, if not impossible. While you deal with the encryption of your files, the malware spreads itself to new victims by sending the malicious file to your contacts.
As with other forms of ransomware, the best protection is to avoid infection. Even trusted contacts can send you malicious files. Even if you’re expecting a file to be sent to you over email or instant messaging, be sure to check it thoroughly before opening.
If your computer is infected with any type of malware, contact Geek Rescue at 918-369-4335.
January 28th, 2014
Generally, pieces of malware only harmful to the devices they target. For example, malware designed for Windows won’t be harmful to mobile devices, or vice versa. However, researchers have seen examples of malware that infects Android devices with the ultimate goal of infecting a PC connected to them. Now, as the Symantec blog reports, there is evidence of malware that infects PCs with the ultimate goal of infecting an Android device that connects via USB.
So far, there’s been no official word about how the malware, known as Trojan.Droidpak, infects PCs. Once it’s downloaded, the trojan begins adding malicious files to your system. First, a DLL registers itself as a system service. Then, a configuration file is automatically downloaded. Then a malicious APK and ADB (Android Debug Bridge). If an Android device is connected to the infected PC, an installation of the APK and ADB files is attempted repeatedly to ensure infection of the mobile device.
To be successful, the malware requires USB debugging mode to be enabled. To check if your phone allows debugging mode, go to ‘Applications’ in the settings menu. Then, select ‘Development’ and you’ll see an option to allow debugging mode when your phone is connected to a PC via USB.
If the malware successfully infects your smartphone or tablet, it disguises itself as an application called ‘Google App Store’ that even steals the Play Store logo. This particular trojan specifically looks for banking applications. When found, a user is prompted to delete that version of the banking app and replace it. The replacement app is a malicious version used to steal financial data and log-ins. The malware is also able to intercept text messages and forward them to a third party.
The good news is that currently the trojan only targets Korean banking apps, but it’s easy to see how this malware could be adjusted to start targeting US Android users. Turning off USB debugging mode is a good start and you should also turn off the AutoRun feature on your PC when connecting another device.
If your PC, smartphone, tablet or any of your devices are infected with malware, bring them to Geek Rescue or call us at 918-369-4335.
January 24th, 2014
Previously, we outlined three security vulnerabilities that exist on your iPhone. With malware and hackers targeting iPhones more than ever, you not only need to know where you are vulnerable, but also how to protect your device. Steve Bell of Bullguard has a list of tactics and apps that will improve the security of your iPhone.
This isn’t technically an app, although there is one available. Find My iPhone is well-known, but it’s an indispensable tool. To activate it, go to your iPhone’s settings, then select ‘iCloud’ and check the ‘Find My iPhone’ option. Then, if your phone is lost, you’ll be able to log-in to iTunes and see its current location, display a message on its screen, play a sound, lock it or wipe it clean. The Find My iPhone app lets allows you to find other iOS devices from your iPhone. Also, consider using GadgetTrak, which offers similar features to Find My iPhone but will also use your phone’s camera to take a picture of its surroundings or its thief.
There are a large number of iPhone users that don’t lock their phones with any type of passcode. While locking your phone doesn’t provide robust security, an unlocked phone is a much more attractive target for criminals. Set a passcode by going to the general settings menu and selecting ‘Passcode Lock’. It’s also important to make sure that no one can use Siri unless your iPhone is unlocked. This is a slight security vulnerability that can be fixed by turning your phone on to the passcode screen and sliding the Siri slider to off.
Using your computer to back-up data is a great idea in case your phone is lost or stolen or data is corrupted. But, storing it unencrypted makes it easy for hackers to steal it if they gain access to your computer. Make sure when you sync your iPhone or iPod to your computer with iTunes, you encrypt the data you back-up.
If you regularly connect to public WiFi and want to be able to log-in to online accounts or shop online with your phone, you need this app. A VPN encrypts the data you transmit while connected to a wireless network so it can’t be intercepted and stolen. Hotspot Shield also protects you from spam, phishing and malware. Using a unsecured network is a common way your identity is stolen or device infected. Using a VPN is a great way to protect yourself.
Sometimes, the best defense against cyber crime is to be smart about how you use your iPhone. Don’t download apps outside the official app store, don’t download email attachments and don’t enter personal information over an unsecured network. Avoiding the cause of issues helps you stay safe.
If any of your devices are having issues, like slow performance or malware infection, come by Geek Rescue or call us at 918-369-4335.
January 23rd, 2014
The amount of malware being produced to infect Android devices is growing rapidly. Usually, it’s easy to avoid being infected by only downloading apps from Google’s Play Store and only visiting trusted sites. It’s also generally easy to spot signs of an infection. At State of Security, Anthony M. Freed reports on the latest malware threat for Android that defies these conventions.
It’s called Android.He.He and it’s able to intercept both phone calls and text messages of infected devices. While similar malware that either intercepts calls or messages or sends them will leave evidence in your call log or text message history. Android.He.He not only deletes any evidence that a call or message was ever sent to your phone, it even keeps any notification from popping up at the time of the call or message.
The malware infects users by posing as a security update to the operating system running on their device. Once downloaded, an app called Android Security is added, but the malware is even capable of hiding this apps existence from the user.
It seems these attacks are highly targeted because the malware uses a predetermined list of phone numbers. When one of these numbers attempts to contact an infected the device, the malware intercepts it. This would seem to work best for targeted attacks against specific users, but could also work for general attacks by using numbers of popular credit card companies, banks and other organizations that may give attackers an opportunity to steal valuable information.
This supposed security update is not found in the Google Play Store and, while it could be sent to users directly, it is usually first encountered in an ad advising you to update your operating system, or in a third party app store.
It’s important to put security apps in place to protect you from some threats, but unfortunately security for mobile devices is lagging behind attackers. For that reason, it’s also vital to avoid putting yourself in a potentially harmful situation, like downloading apps from an ad or untrusted source.
If any of your devices are infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
January 22nd, 2014
Worldwide there are more Android devices than Apple devices and the gap is steadily increasing. That’s likely the main reason that more malware is being produced for Androids. As Rohan Swamy reports for NDTV, a recent report from Cisco illustrates just how at risk Android users are.
Nearly three-quarters of web delivered malware targets Android devices. That’s a troubling statistic, but even worse is that over the past few months, 99 out of every 100 mobile devices that are infected with malware are Androids. This suggests that Android users aren’t taking proper precautions despite there being more risks targeting them.
Before you abandon Android for the relative safe harbor of Apple’s products, consider this. Only about 1-percent of malware attacks have a specific target. Most devices become infected because they take unnecessary risks. Downloading content from untrusted sources and visiting untrusted websites are both common ways to encounter malware.
In fact, the most common piece of malware on Android devices comes from a legal app that can’t be found in the Google Play store. Instead, it must be downloaded from third-party app stores that don’t thoroughly check the legitimacy of their apps. If users stick to officially recognized apps and only download trusted items, they greatly reduce their risk of a malware infection, regardless of what device they use.
The open source nature of Android may have a large affect on the activity of Android users. Whereas Apple users seem to only download official apps, Android users are more likely to download from unofficial sources because there are more developers making innovative products for Android.
The way to keeping your smartphone free of malware is the same way you keep your computer clean. Put security tools in place and use safe surfing techniques. Stay off untrustworthy sites and only download from official sources.
If any of your devices are infected with malware, bring them to Geek Rescue or call us at 918-369-4335.
January 21st, 2014
The recent attack on Target that ended with millions of customer’s credit card information being stolen holds multiple lessons for IT departments everywhere. We already reported the facts about the malware used in the attack. At IT Manager Daily, David King has a list of what should be learned from the attack so it less likely to happen again, or at least handled more effectively.
If your body is infected with a virus, the longer you wait the worse it gets. It’s a similar rule of thumb of malware infections and attacks. Not only do you need to secure your network and get rid of the malicious files, but you’ll also need to warn your affected customers and be prepared to handle the influx of calls. This all needs to happen as soon as possible to prevent the situation from getting even worse.
- Secure All Points Of Access
The wrinkle in the attack on Target is that computers weren’t infected with the malware. Instead, the point of sale system was the target. Similarly, recent stories have reported that anything connected to the internet, including refrigerators, can be infected with malware and used by criminals. That makes it vital to secure every device that is connected to the internet and put security tools like firewalls in place to protect your entire network.
Part of the key for acting quickly is to make a plan for recovery before disaster strikes. This way, every part of your organization knows what their job is and everything will run smoothly. This plan will need to be updated when applications and personnel change and altered for new forms of attacks.
These three tips won’t keep you completely secure from a data-scraping malware attack. Unfortunately, nothing can guarantee the safety of your data. But, when you follow the correct protocol, you’re less likely to become a victim and are able to risk less.
For help improving the security of your company’s data, or for help recovering from an attack, call Geek Rescue at 918-369-4335.
January 20th, 2014
There are so many threats to your smartphone. Malware is being created specifically for mobile devices at record numbers and, of course, you have to worry about your information, like text messages and phone calls, being intercepted and recorded. To prevent these security vulnerabilities, you could download security apps. As Rob Lever reports at Business Insider, your best option for a secure, mobile experience is to get a new phone. Specifically, the Blackphone, which is said to be the most secure smartphone ever made.
Silent Circle, described as a “secure communications firm”, began developing the Blackphone because they saw a need for truly secure mobile communication and no other companies stepping up to serve that need. The company has already released apps for both smartphone and PC users that encrypt messages and videos. The Blackphone will feature encryption for video and text, as well as securie VoIP calls.
The secure smartphone won’t be released for another month and specifications will likely be kept under wraps until then. In the meantime, we know it will be less expensive than big flagship smartphones like the iPhone 5S and Samsung Galaxy S4.
According to a Silent Circle executive, the Blackphone isn’t just useful for those who need top of the line security, such as government employees. It’s built for a typical user with features similar to other smartphones only it has the added benefit of being much more secure. All of that, however, comes with the warning that no mobile device is completely secure. Even the Blackphone with all of its attention to a more private and secure experience for users isn’t impenetrable. But, right out of the box, this smartphone has inherent advantages.
Chances are, your smartphone isn’t as secure as the Blackphone. If it’s been infected with malware or needs any other type of repair, bring it to Geek Rescue or call us at 918-369-4335.
January 17th, 2014
A shocking number of small businesses don’t invest in security to keep their data, and their customer’s data, safe from hackers and malware attacks. Many small business owners believe they won’t be a target because they don’t have as much valuable data as larger competitors. From a hacker’s point of view, however, grabbing a few credit card numbers, or infecting a small network without having to bypass robust security can be more attractive than trying to hack a complicated IT infrastructure. To help your business stay safe from cyber attacks, security expert David Campbell outlined some vital ways to improve security at Florida Today.
Updates to your operating system, antivirus program and vital applications are available nearly every day. The reason there are so many updates is because new vulnerabilities and pieces of malware are unveiled. To close flaws in security and eliminate bugs, you need to update constantly. Out of date applications tell hackers that known attacks will work against your network.
Do you know who can access your company’s data? You should be carefully tracking who is accessing your servers and from where. This way, you’ll be able to spot a potential attack before it does much damage. Also, be sure to limit employees who don’t need access to certain files or applications. By limiting access to only those individuals who need it, you minimize risk.
Proper testing can be the difference between a hassle-free integration of new technology and an extended period of downtime. From a security standpoint, make sure any new software you introduce is compatible with existing security features. Even when you have set up an effective security infrastructure, changes to your network could present vulnerabilities.
In addition to watching who is accessing data, keep an eye on how much traffic is running through servers. A spike in traffic can be a warning sign that a third party is using your resources maliciously. By closely monitoring the use of your resources, you’ll be able to spot problems before they cost you money.
If you run a business, you have information that criminals find valuable. Eventually, a lack of security will cost your company money and credibility.
Don’t wait, improve security at your business today by calling Geek Rescue at 918-369-4335.
January 17th, 2014
You’ve no doubt heard of the recent attack that stole data, including credit card numbers, from Target customers. After that attack, it was discovered that malware capable of stealing data out of the memory of point-of-sale devices, which are used by retailers and just about any organization that accepts payment digitally. Mathew J. Schwartz of Information Week published some facts about this memory-scraping malware that both users and businesses should know in order to stay safe.
The first time a memory scraping malware attack took place was in November of 2011 when several hotels had point-of-sale systems compromised. Since then, the malware has targeted hotels, auto dealerships, healthcare companies and many others. No previous attacks reached the scale of the Target breach, however. It is believed that those attackers successfully stole more records than any similar, previous attack.
You might think that important information like credit card information should be encrypted when stored to avoid this type of large scale attack. At almost all times, this information is encrypted, but not until later in the process. This malware steals data directly from memory, where it’s still in plain text. This could happen almost immediately after you swipe your card and even before payment has been authorized. Once that data is transferred to a hard drive or sent elsewhere, it’s encrypted, which makes it difficult, or in some cases impossible, for hackers to steal it.
- Vulnerabilities of point-0f-sale
Storing credit card data in plain text is an inescapable vulnerability in point-of-sale systems, which is likely the driving factor behind the way this attack was organized. When information is stored in memory, it needs to be processed, which means it has to be un-encrypted so the data can be used. Memory scraping malware is designed to wait for this moment when data is vulnerable and intercept it.
Point of sale systems operate on a network, which means there are a number of ways they can be infected. Any infected device connected to the same network could be the source. If that network isn’t secured properly and is compromised, that opens another option for malware to get in. In the Target attack, the personal information of customers was stolen in addition to credit card information. This suggests that malware had infected more than the point of sale devices. Servers or other databases connected to the internet were also attacked.
This type of attack is difficult to detect thanks to intelligent techniques used by hackers. Once malware has infected the network, it still needs to infect the point of sale device to steal valuable data. Doing so would usually set off alarms from security software protecting devices on the network, but in these attacks, encryption and antivirus evasion tools are used to confuse security and operate undetected.
There are other methods to protect devices with many of them stemming from keeping infected devices from directly connecting to point of sale devices. Unfortunately, for users, it’s seemingly impossible to tell if a retailer’s system is infected and will put your data at risk.
If your business would like to explore more robust security options to keep your information and your customer’s information safe from malware attacks, contact Geek Rescue at 918-369-4335.