When Google Ads Deliver Malware, Will Your Employees Download It?

A new method is out for distributing BumbleBee malware: Google Ads. Researchers at Secureworks discovered Google Ads campaigns and downloads promoted through high-ranking sites in Google Organic Search that included malware along with downloads of popular software, including Zoom and ChatGPT.

When Google Ads Deliver Malware, Will Your Employees Download It?Employees who search for installation packages for popular programs may come across these downloads through ads or Organic Search listings. The downloads do contain the software installer, but they also contain a second file that deploys BumbleBee malware, a back-door program that can give hackers the access they need to steal business data or deploy ransomware. BumbleBee is one of the more dangerous malware trojans, as it can install itself without setting off antivirus software.

Why This Malware Scam Works

Most employees are not software experts and may not detect the presence of malware in a download. If they see an ad or a search listing for software they need, they will click. In this case, a compromised WordPress site was used to create phony pages that mirrored the look of the actual software makers. The only way to discover the malware was to examine the download file.

Scams like this rely on a lack of employee sophistication, an urgent need for the employee to install or update software and the appearance of legitimacy to trick people into installing malware. If a Google ad or a top search listing looks legitimate and points to a legitimate-looking site, the download must be legitimate. If the download works and the software installs correctly, why would anyone suspect a scam? An employee who downloaded this malware would find the experience so ordinary and problem-free that they may not even consider it when asked by IT if they experienced anything unusual ahead of a ransomware attack.

Every Business Should Take These Steps to Prevent Malware Attacks

Google has an obligation, and considerable financial incentive, to protect its users from advertising and search-based scams. The company has protections in place to prevent hackers from promoting malicious software, but the same hackers that target businesses with malware also work to circumvent Google’s protections. Fraudulent sites do not last long, but they are a risk, which puts the ultimate responsibility for stopping these malware attacks on individuals.

There are three levels of defense that businesses can use to prevent malware downloads, with varying levels of success.

  1. Prevent employees from downloading software. If you have the resources and a central IT department, this is the highest level of security available. All employee software downloads can be blocked, which prevents these types of scams. The tradeoff may be a very busy schedule for IT employees, who will need to handle every software download request. Depending on the size of your business, this may result in delays for employees who need to download new software or updates.
  2. Discourage employees from downloading software. Company policy can be set to discourage downloads or to download software only from sources supplied by IT professionals within the organization. This is less effective than a ban, as some employees may circumvent the policy, so it works best in conjunction with employee cyber security training.
  3. Train employees to download only from trusted sites. Employees should be trained to only download software from the manufacturer, and to go directly to the manufacturer’s site whenever they need a new installation or update. Businesses can reinforce this practice by providing all employees with a list of links to software sites, either by email or through a company Intranet, so that employees do not rely on search to find software publishers.

These legitimate-looking malware attacks are the stuff of nightmares for cyber security professionals because they can deceive almost anyone, even well-trained employees, into downloading malicious software. Business policies can go a long way toward thwarting these hacking attempts, but they work best when combined with vigilant, empowered employees who value company security and speak up when something seems wrong. Protect Now can help you develop a vigilant workforce through our CSI Protection Certification program. To learn more, contact us online or call us at 1-800-658-8311.

Cryptocurrency Fraud and Malware Scamming Investors

Cryptocurrency is hot right now, and whenever something is hot, hackers pay attention. Research has recently showing that more than 10 percent of all the funds that were raised through the ICOs, initial coin offerings, simply disappeared.

CryptocurrencyIt is popular for ICO’s to be used as an early-stage investment form. So, instead of buying shares, investors buy digital tokens. However, the companies that sell these ICOs don’t have any product to give investors except a whitepaper. This whitepaper tells them how things could theoretically work, the investment scheme, but it seems, it doesn’t always happen that way.

Sometimes the Money Just Disappears

Ernest & Young took a look at over 370 ICOs. The firm found that out of the $3.7 billion raised through these offerings, about $400 million vanished. Where did it go? Research shows it went to hackers using phishing attacks.

It’s not clear if the researchers looked at companies that didn’t deliver or disappeared. For instance, one company, Tezos, pulled in about $232 million during an ICO. However, investors got nothing. That looks like fraud.

How Malware is Responsible for Missing Money

At this point, you might be wondering how these scams are happening. One way is criminal hackers using malware. Specifically, it’s Satori. Satori, which is the actual malware responsible for this, is definitely wreaking havoc with investors who are looking for a huge return. Netlab 360, a Chinese-based company, released a report recently pointing the finger at Satori, which is affecting the Claymore Miner software.

By using mining software, investors are able to obtain the cryptocurrency. However, the malware is making this impossible getting in the middle of the transaction. After the malware gets control of the software, it replaces the address of the wallet with one that is controlled by the hacker.

So, the user believes that this currency is coming into their wallet, but in reality, they are doing the work and someone else, the hacker, is getting the currency. What’s even worse is that the owners of the wallets don’t even realize this is happening unless they look at their software configuration.

In total, researchers have determined just over one Etherium coin has been hacked, so it’s not extremely profitable at this point, yet. However, there is great potential, and when it comes to cybercriminals, they will certainly find a way.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Bitcoin Scams Up the Ying Yang

If you are thinking of jumping onto the Bitcoin bandwagon, or any type of cryptocurrency, you have to make sure that you are watching out for scams. There are a ton of them out there, including the following:

Fake Bitcoin Exchanges

You have to use a Bitcoin exchange if you want to buy or sell Bitcoins, but not all of them are legitimate. Instead, many of them are created for the sole purpose of taking people’s money. Only use well-known exchanges.

Ponzi Schemes

Bitcoins are not exempt from Ponzi schemes, and you have to look out for these. These are like pyramid schemes, and you definitely don’t want to get caught up with this, as you will certainly lose your money.

Fake Currency

You have certainly heard of Bitcoin, but there are other cryptocurrencies on the market, too, as alternatives to Bitcoin. However, there are also fake ones. For instance, one of these, My Big Coin, was fake, yet the people behind it managed to take more than $6 million from customers.

Well-Known Scams

Bitcoin scammers also rely on old school, well-known scams to trick people. They might, for instance, send emails pretending to be the IRS or even having some type of Bitcoin sale. People fall for these scams every day. If it seems weird, like the IRS emailing about Bitcoin, it is most definitely a scam.

Malware

Malware is another associated scam with Bitcoin. Most, or all wallets are connected online, scammers can use malware to access the account and take your money. Malware can get on your computer in a number of ways, including from websites, social media sites, and even through email.

Fake News

We live in an era where online news is the most popular method to get news, but it’s also very easy to create news stories that seem totally legitimate, yet they are absolutely fake. Basically, scammers create these stories to bait victims, so always think before you start clicking.

Phishing

These Bitcoin scammers also use phishing scams to try to get money from people who are trying to buy and sell Bitcoin. These scams are often done by clicking malicious links.

It doesn’t matter if you join the Bitcoin craze or not, you can also use these tips to keep yourself safe from other scams. Here’s some final tips:

  • Always do a security scan on your laptops, computers, phones, and tablets on a regular basis.
  • Do your research before investing in any cryptocurrency website. Make sure it is trustworthy and secure.
  • Store all of your cryptocurrency in a wallet offline, which keeps it protected from scammers.
  • Always monitor all of your banking, credit card, and cryptocurrency accounts.
  • Always insist the crypto site has two step or two factor authentication.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Top 10 Signs of a Malware Infection on Your Computer

Not all viruses that find their way onto your computer dramatically crash your machine. Instead, there are viruses that can run in the background without you even realizing it. As they creep around, they make messes, steal, and much worse.

Malware today spies on your every move. It sees the websites you visit, and the usernames and passwords you type in. If you login to online banking, a criminal can watch what you do and after you log off and go to bed, he can log right back and start transferring money out of your account.

Here are some signs that your device might already be infected with malware:

  1. Programs shut down or start up automatically
  2. Windows suddenly shuts down without prompting
  3. Programs won’t start when you want them to
  4. The hard drive is constantly working
  5. Your machine is working slower than usual
  6. Messages appear spontaneously
  7. Instead of flickering, your external modem light is constantly lit
  8. Your mouse pointer moves by itself
  9. Applications are running that are unfamiliar
  10. Your identity gets stolen

If you notice any of these, first, don’t panic. It’s not 100% that you have a virus. However, you should check things out. Make sure your antivirus program is scanning your computer regularly and set to automatically download software updates. This is one of the best lines of defense you have against malware.

Though we won’t ever eliminate malware, as it is always being created and evolving, by using antivirus software and other layers of protection, you can be one step ahead. Here are some tips:

  • Run an automatic antivirus scan of your computer every day. You can choose the quick scan option for this. However, each week, run a deep scan of your system. You can run them manually, or you can schedule them.
  • Even if you have purchased the best antivirus software on the market, if you aren’t updating it, you are not protected.
  • Don’t click on any attachment in an email, even if you think you know who it is from. Instead, before you open it, confirm that the application was sent by who you think sent it, and scan it with your antivirus program.
  • Do not click on any link seen in an email, unless it is from someone who often sends them. Even then, be on alert as hackers are quite skilled at making fake emails look remarkably real. If you question it, make sure to open a new email and ask the person. Don’t just reply to the one you are questioning. Also, never click on any link that is supposedly from your bank, the IRS, a retailer, etc. These are often fake.
  • If your bank sends e-statements, ignore the links and login directly to the banks website using either a password manager or your bookmarks.
  • Set your email software to “display text only.” This way, you are alerted before graphics or links load.

When a device ends up being infected, it’s either because of hardware or software vulnerabilities.  And while there are virus removal tools to clean up any infections, there still may be breadcrumbs of infection that can creep back in. It’s generally a good idea to reinstall the devices operating system to completely clear out the infection and remove any residual malware .

As an added bonus, a reinstall will remove bloatware and speed up your devices too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Malware Hack Attacking the Grid…BIGLY

For more than four years, malware has been posing as legitimate software and infecting industrial equipment across the globe.

The malware, which looks just like the Siemens control gear software, has affected at least seven plants in the US. According to security experts, the malware was specifically designed to attack this industrial equipment, but what it does is not totally known. It is only described as a type of “crimeware.”

The malware was first hinted at in 2013, but at that time, it was not seen as dangerous, and many anti-virus programs were flagging it as dangerous, but it was considered a false positive. Eventually, it was seen as a type of basic malware, and upon further inspection, it was found that there are several variations. The most recent flag was in March 2017.

This particular infestation is only one of many malware infections that target industry. Approximately 3,000 industrial locations are targeted with malware each year, and most of them are Trojans, which sometimes can be brought in by staff on found or compromised USB sticks.

Most of these programs aren’t extremely harmful, meaning they won’t shut down production. However, what they could do is pave the way for more dangerous threats down the road. It also allows for sensitive information to be released.

It is not easy for hackers to infiltrate an industrial plant, and it takes good knowledge of layout, industrial processes, and even engineering skills to pull something like that off. This goes way beyond a simple malware attack.

However, these attacks have also brought to light the issue of how many legitimate files are being flagged as malware and vice versa. This means that the files can be used by the bad guys, who can then target a specific industrial site. There are thousands of these programs out there, ripe for the picking by observant hackers.

What can they do if they get this information? They could find out where the site is, who operates it, the layout and configuration, what software they have, and even what equipment they are using. Though this wouldn’t give them everything they need, it would be enough to plan a bigger, more dangerous attack.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Pokemon Go a Network Malware Nightmare

Pokémon Go has taken the world by storm, even though it is nothing more than a silly little game that people play on their mobile device. And it is not just child’s play, either. Plenty of adults are hooked on Pokémon Go—including college degreed professionals who conduct business on company owned devices as well as mobile devices of their own that they bring to work.

6DPokémon Go is chockful of security risks, says the International Association of IT Asset Managers. If you run a company in which employees use your mobile devices, and/or you permit or know that employees conduct your company’s business on their personal phones, you’d better take this warning seriously.

Employer solution: ban the Pokémon Go application from mobile devices: those given to workers by the company, and those personally owned by the workers who bring them to the workplace.

Pokémon Go malware is on the upswing, and it poses a security threat to company e-mail. It also presents a possible malware threat to cloud storage.

Company decision makers must not be swayed by the popularity of this game, and instead, must see it for what it truly is: just a game. So yes, it just might be one of the smartest moves a company may make to outright prohibit this app for BYOD and company owned mobile phones. Or, at least, abolish it on just the company owned devices. But something needs to be done, urges the IAITAM.

Company decision makers can ask themselves a classic question: “Is my company better with Pokémon Go or without it?” Or, to put it another way, create a risk-benefit ratio. How can this game possibly benefit employees? How can this game harm the business? See which list is longer or has more compelling answers.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Yes, Macs Can get Malware

So Macs can be infected with malware. Who would have ever thought? The malware at issue here is the dreaded ransomware. Ransomware scrambles up your files, and the hacker at the helm says he’ll give you the cyber “key” in exchange for a handsome payment.

6DRansomware historically has primarily impacted Windows users, but recently it got into OS X—its latest version, Transmission.

  • The virus cyber-incubates for three days.
  • Then with a Tor client, it connects to an Internet server and locks vulnerable files.
  • The cyber key costs $400.
  • Nevertheless, this attack, which doesn’t happen as easily as, say, being lured into clicking a malicious video, is easily spotted.
  • Apple quickly mitigated the problem before anyone’s data had a chance to get encrypted by the virus and held hostage for the bitcoin payment.
  • In summary, Macs are not immune to ransomware, but the circumstances under which the user is victimized are unique and rigid.
  • To avoid the crush of a ransomware attack, regularly back up your data!

It’s time to take precautionary measures, while at the same time, not allowing anxiety to creep in every time you use your device.

  • Be careful when downloading applications.
  • Never run apps that are unfamiliar to Apple. Go to System Preferences, then Security and Privacy, then General.
  • You will see three safety levels. Now, you should never download an app from a third-party vendor. One of the safety levels is called Mac App Store. If you choose this one, all the apps you get will only come from the Mac app store, meaning they will have been given the green light by Apple.
  • To widen the app selection, you can choose Mac App Store with identified developers. This will allow you to get applications created by developers whom Apple has endorsed. However, this doesn’t mean it’s as secure as the Mac App Store choice, because the identified developers’ product was not tested for security by Apple—but at least Apple will block it if it’s infected.

Updates

  • Never put off tomorrow what you can update today. Download updates the moment you are cued to do so.
  • Go into the App Store, hit Updates and then Update All to make sure you’re caught up on updates.
  • To avoid this hassle in the future, put your settings on automatic updates: System Preferences, App Store, Download newly available updates in the background.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Businesses Struggling to Keep Up with Latest Wave of Malware Attacks

Companies have been struggling for years to keep cyber-attacks at bay. Cyberthieves are working faster than ever before to send out their malicious attacks, and it’s become increasingly difficult for companies to keep up.

CNN reports that almost one million malware strains are released every day. In 2014, more than 300 million new types of malicious software were created. In addition to new forms of malware, hackers continue to rely on tried and true bugs because many companies simply haven’t found a fix or haven’t updated their systems to mitigate the threats.

In almost 90% of these cases, the bugs have been around since the early 2000s, and some go back to the late 1990s. The irony here is that companies can protect themselves and create patches for these bugs, but there tends to be a lack of effort and resources when it comes to getting the job done.

Some industries are targeted more than others. After hackers get information from these companies, such as proprietary data, they attempt to sell the information on the black market.

Cyberattacks are spreading quickly, and it takes almost no time after an email is sent for a victim to fall for the scheme. When a hacker is successful at breaking into a certain type of company, such as a bank or insurance firm, they will typically use the same exact method to quickly attack another company in the same industry.

New and improved cyber attacks

While old methods of cyber-attack can still be effective, it is the new scams that users should be nervous about. Here are some examples:

  • Social media scams
    Social media scams work and cybercriminals just love them because the people being scammed do most of the work. Cybercriminals release links, videos or stories that lead to viruses, and people share them with their friends because they are cute, funny or eye-raising. These tend to spread quickly because people feel as if they are safe.
  • Likejacking
    Hackers may also use a practice known as “likejacking” to scam people on social media. In this case, they will use a fake “like” button that tricks people into installing malware. The programs then post updates on the user’s wall or newsfeed to spread the attack.
  • Software update attacks
    Hackers are also focusing on more selective attacks. For example, a hacker may hide malware inside of a software update. When a user downloads and installs the update, the virus is set free.
  • Ransomware
    These attacks, where thieves steal or lock files on a person’s computer and then demand a ransom for access, climbed more than 110% in the last year alone. Once infected, the only way to regain access to the files is to pay a fee, usually between $300 and $500, for a decryption key.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of those hackable Holiday Gifts

If you’re going to drone on and on about how you got hacked by a cyber thief, maybe it’s because you played with your new drone—you know, those rad little flying devices that hover via remote control over your street? Yes, they are hackable.

5WIf you don’t have a drone, don’t be surprised if you get one as a gift this season, as Americans are spending tens and tens of millions of dollars on them.

First off, if you spot a drone, before you go, “Wow, cool, there’s a drone! Kids, come look at this!” consider the possibility that it’s spying on you.

Drones can be connected to the Internet and also have a camera—two ways the cyber crook could spy on you. If something is connected through Wi-Fi, it can hacked, and this includes wireless Bluetooth.

So this means that your drone or your kids’ drone could get hacked into. To guard against this, you must continually keep its firmware updated, and use a password-protected Wi-Fi.

So even though the drone is your nine-year-old’s “toy,” it’s a potential gateway for hackers to slither their way into your bank account, medical records and online accounts. And since the drone can be the hacker’s portal, so can your child’s other remote controlled, Wi-Fi connected devices.

Every device, even a remote controlled car that’s connected to Wi-Fi, should at a minimum have the latest software updates or in some cases have security software to protect against viruses and other malware and also phishing scams.

And it’s not just thieves who want to hack into your personal affairs to get your money. A hacker may be a pedophile, seeking ways to find victims.

A hacker could get in even through an application you just downloaded. Before downloading anything, you should read what the app has access to. You may be unknowingly granting permission for the app to access e-mails or turn on cameras.

Anything that’s “smart” – not just the smartphone, smartdrone, Ebook or tablet – can be a portal to a cybercriminal. This means that smartwatches are on this list. So are those fitness trackers you put on your arm. A hacker could get into your phone via that device on your upper arm that’s tracking your heart rate.

So before you do the “cool!” thing, first do the “security!” thing. Be mindful of what you purchase and the measures you take to protect it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Protect Your Family Online With WOT

The web is a dangerous place. Malware, scams and privacy dangers are around every corner, and children can easily find themselves face to face with sites that are not suitable. What can a parent do? One option is to try WOT, Web of Trust, a free browser add-on.

WOT rates each site on the Internet for reliability, privacy, trustworthiness and child safety. When searching a website with WOT, you will see a colored icon, red for bad and green for good, which indicates if a user should proceed. You can also use the WOT rating for every site and read reviews from those who have been on the site.

wot1

WOT offers other features, too. For instance, when visiting a “red site” a large warning appears on the screen. This allows people to choose if they go through or surf away. Additionally, you can also click the WOT button in the browser, and you can see information about the rating of the site, too.

When performing an Internet search and you come across a link that looks fishy, WOT places a red icon next to it. You may also see a yellow icon, which indicates the site may or may not be safe, and gray icons indicate the site is unrated. Hovering over each icon will give you more details about the website, as well as ratings and reviews from users.

WOT2

The latest version of WOT has four levels of safety included. Lite, the lowest level, only shows icons for dangerous websites. The highest level, Parental Control, not only blocks dangerous websites, it also blocks any sites that are not suitable for kids.

Web of Trust is available as a browser add-in for Firefox, Google Chrome, Opera, Internet Explorer and Safari.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. This is a review opportunity via BlogsRelease. Disclosures.