Posts

Another Successful Ransomware Attack

Ransomware thieves sure know how to pick their victims—institutions that store loads of highly critical data that they need on a daily basis, that without—even just 24 hours without—can have crippling effects. This form of cybercrime is growing by leaps and bounds.

11DRecently a ransomware attacker struck the network of the University of Calgary. An article at arstechnica.com says that the institution’s IT experts have made some headway in isolating the ransomware infection and making some restoration progress.

Why not just pay the thief and get the “key” back to the scrambled data? Because there is never any guarantee that these thieves will provide the cyber key after they are paid the ransom. And even when they do provide this key, there’s no guarantee it will release all of the hijacked data, but only some of it.

“Ransomware attacks and the payment of ransoms are becoming increasingly common around the world,” says a statement out of the arstechnica.com report. Decrypting the scrambled data “is time-consuming and must be performed with care,” continues the report. “A great deal of work is still required by IT to ensure all affected systems are operational again,” and this process requires patience.

The University of Calgary is a research institution that absolutely cannot afford to lose its data, points out the university’s vice president, Linda Dalgetty, in an article from The Globe. She explains, “We are conducting world class research daily and we don’t know what we don’t know in terms of who’s been impacted and the last thing we want to do is lose someone’s life’s work.”

Ransomware crimes have become so commonplace that some thieves have set up call centers for victims who don’t know how to navigate their data hostage situations, such as how to pay in bitcoins—the highly preferred payment methods by the criminals.

Often, the thief imposes a deadline for the payment, and if it’s not met by that deadline, the payment escalates.

This is actually really stupid. Meaning, if the last thing anyone wants to do is lose someone’s life’s work, then BACK IT UP. That’s “Data 101”.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

What is Malvertising?

Malevolent advertising is called malvertising. The “ad” is placed on a website by cybercriminals who want control of your computer for financial gain.

11DAnd the real scary thing about malvertising is that these trick-ads have appeared on trusted, popular websites like the Weather Network, BBC, NFL and the New York Times.

Oh, and it gets worse: The malicious ad can be hidden, unseen by the site visitor, thanks to a special html code that allows the bad ad to be inside legitimate content. This trick-code is usually hidden in what are called iframes—without affecting the rest of the site appearance.

The type of cybercriminal who succeeds at this needs to be patient and clever.

  • Legitimate advertisers place their ads with ad networks, bidding for ad placement.
  • Ad networks, which handle the bidding, serve the ads to websites.
  • Crooks may place legitimate ads with these networks to gain a good reputation, or, crooks run networks.
  • After building trust with placement of legit ads, the crooks graduate to ad placement on high traffic sites, and then they put in their malicious code in the iframes: malvertisements.
  • When you’re on one of these infected pages, the ad will release malware to your computer that can do a whole host of damage.

What to do?

  • Keep all your software and systems up to date.
  • Install an ad blocker, but be judicious, because ad blockers can disrupt the presentation of some sites, e.g., blocking some content, not just the ads. You may not mind this inconvenience, but also realize that an ad blocker will not block every malvertisement, either.
  • Install antivirus software or an anti-exploit kit that will snuff out exploit kits, a favorite tool of the malvertiser.
  • Exploit kits prowl your computer for vulnerabilities, and the right software will detect and neutralize them.
  • Uninstall browser plugins you have no use for, especially if they’re the vulnerable Adobe Flash and Java.
  • Set the remaining plugins to click to play, which will give you the option to run a plugin when a site you’re visiting wants to load one.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Majority of Executives believe Attackers will overcome Corporate Defenses

Many technology executives don’t have a favorable outlook on their ability to sideswipe cybercriminals, according to research conducted by McKinsey and World Economic Forum.

2DThe research also shows that both big and small businesses lack the ability to make sturdy decisions, and struggle to quantify the effect of risk and resolution plans. As the report authors state, “Much of the damage results from an inadequate response to a breach rather than the breach itself”.

These results come from interviews with more than 200 business leaders such as chief information officers, policy makers, regulators, law enforcement officials and technology vendors spanning the Americas, Europe, Asia, Africa and the Middle East.

Cybercrimes are extremely costly and the cost can hit the trillions of dollars mark.

Several concerning trends regarding how decision makers in the business world perceive cyber risks, attacks and their fallouts were apparent in the research findings:

  • Over 50 percent of all respondents, and 70 percent of financial institution executives, think that cybersecurity is a big risk. Some executives believe that threats from employees equal those from external sources.
  • A majority of executives envision that cyber criminals will continue being a step ahead of corporate defenses. 60 percent believe that the gap between cyber crooks and corporate defense will increase, with, of course, the crooks in the lead.
  • The leaking of proprietary knowledge is a big concern for companies selling products to consumers and businesses.
  • Service companies, though, are more worried about the leaking of their customers’ private information and of disruptions in service.
  • Large organizations, says ongoing McKinsey research, reported cross-sector gaps in risk-management competency.
  • Some companies spend a lot but don’t have much sophistication in risk-management capabilities, while other companies spend little but are relatively good at making risk-management decisions. Even large companies can stand to improve their risk management capabilities substantially.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Cybercriminals Camping Out on Hotel WiFi Using Evil Twins

When traveling on business or for pleasure, seeking out a reliable WiFi connection is usually a priority for most travelers. While mobile 3G/4G connections satisfy some, the speed of WiFi for laptops or uploading/downloading larger files doesn’t compare.

NBC news reports, “More and more hotels are stepping up and offering guests free WiFi, but security experts say some thieves are using the popular service to steal guests’ sensitive information, and they’re doing it by tricking people into using a fake free WiFi connection.

“A cyber thief creates a dummy WiFi connection using a mobile hot spot, and will give it a generic name to resemble a hotel’s actual WiFi connection, such as ‘Free Hotel WiFi.’ If a guest connects [his or her] laptop to the dummy WiFi, the thief gains access to all of the guest’s browsing activity, and will often times use a key-logger program to capture username and password information.”

This is called an evil twin: Anyone can set up a router to say “T-Mobile” “AT&T Wireless” or “Wayport.” These connections may appear legitimate but are often traps set to ensnare anyone who connects to it.

Wireless users who connect to an evil twin risk their data being scraped by a criminal who captures all of their unencrypted communications that are going through his wireless router. Each and every wireless data packet is sniffed and captured by a software program that will later piece together all the information in order to steal identities. Unsecured, unprotected and unencrypted communications over an evil twin on any publicly connected WiFi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers.

On wireless connections that aren’t properly secured, your best line of defense is to use virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is free and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

“Operation High Roller” Makes Banks Cringe

According to a McAfee and Guardian Analytics report dubbed “operation High Roller,” an international ring of cybercriminals has been attacking banks around the world. They have been siphoning roughly $78 million from bank accounts in Columbia, Germany, Italy, the Netherlands, the United Kingdom and the U.S.

In the report, McAfee Director of Advanced Research and Threat Intelligence Dave Marcus writes that this organized crime ring built on tactics established with previous malware is coming up with innovations including: “bypasses for physical ‘chip and pin’ authentication, automated ‘mule’ account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 (US$130,000).”

These hackers’ methodology represents a shift from traditional man-in-the-browser attacks on victims’ PCs to server-side automated attacks. Where they once used multipurpose botnets, they now rely on dedicated servers built for the express purpose of processing fraudulent transactions.

Like most financial fraud rings, this one had previously focused on European targets, but McAfee found that their thefts have gone global, spreading to Latin America and more recently to the U.S.

This threat impacts commercial accounts, high-net-worth individuals, and financial institutions of all sizes. The new methodology allows criminals to operate more quickly and to attempt a wider variety of transactions. It is a purpose-built, multiple-strategy approach that helps the criminals’ servers avoid detection, which keeps them live for longer, facilitating even more fraud.

Consumers can begin to protect themselves with antivirus, anti-spyware, anti-phishing, and firewall protection.

Banks and other financial institutions can improve their fraud detection rates even more by incorporating device reputation management into their layered defense. Many leading financial institutions use iovation’s ReputationManager 360 to helps stop new account fraud, detect fraud at user login, detect fraudulent credit applications and also to stop check deposit fraud from mobile phones.

Dutch Hacker Extradited From Romania, Charged With Credit Card Fraud

A 21-year-old Dutch hacker known within the online hacking community as “Fortezza” was arrested in Romania in March, and extradited to the United States in June.

U.S. Attorney Jenny A. Durkan, who chairs the Attorney General’s Advisory Committee on Cybercrime and Intellectual Property Enforcement, said, “This defendant has wrought havoc on victims and financial institutions around the world, this indictment alleges that in just one transaction he trafficked in as many as 44,000 stolen credit card numbers resulting in millions of dollars in losses to financial institutions. Cybercriminals need to know: We will find you and prosecute you. I commend the cyber investigators at the U.S. Secret Service Electronic Crimes Task Force and Seattle Police Department for tracking down these international criminals.”

Hackers like “Fortezza” employ a variety of methods to obtain credit card data. One technique is wardriving, in which criminals hack into wireless networks and install spyware. Another is phishing, in which spoofed emails prompt the victim to enter account information. “Smishing” is similar to phishing, but with text messages instead of emails. Some hackers use keylogging software to spy on victims’ PCs, while others affix devices to the faces of ATMs and gas pumps in order to skim credit and debit card data.

All this stolen data is ultimately used to steal from financial institutions, which lose $40 billion a year to credit card fraud, and from retailers. These business fraud targets must employ multiple layers of protection to thwart cybercriminals.

One layer that businesses put upfront in their fraud detection process is based on device intelligence—what that device is doing right now on the site, and what fraud or abuse that device has caused with other businesses, even in other geographies. The leader in device identification technology is iovation, and they offer a fraud prevention service that allows online businesses to create customized business rules for identifying potentially risky transactions, and those rules can be adjusted on the fly as new threats emerge.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

5 Lessons Learned from RSA

A couple of weeks ago, the RSA Security conference took place in San Francisco, CA.  The increasing sophistication of hackers and visibility of data breaches (including one on the conference’s namesake company last year) makes this an exciting time to be in the security business.. While this show is for corporate IT and security professionals, there are some things that consumers can take away from all of this.

Social networking sites are prime targets for cybercriminals: Hackers are aware of the large numbers of people using sites like Facebook, Twitter, YouTube, and are using this to their advantage by putting offers out there to try and get you to click on malicious links. Security companies are using it to get the word out on protection. Security companies are using social media to help educate consumers – take the time to read their advice. McAfee pulls together lots of great content and advice and has over 575k on Facebook.

Hackers are targeting intellectual property: For a decade now credit card numbers, Social Security numbers and everything needed to take over accounts or open news ones has been a target. Criminals still want all that, and they also want proprietary data that will help their nation or company get an edge.

Advanced Persistent Threats (APTs) will be a bigger topic: You’ve heard the term “it’s not a matter of IF, but WHEN” and this applies to APTs. APTs are ongoing threats where the intent to persistently and effectively target a specific entity and can take criminals days to decades to achieve their goal.

Multiple layers of protection: For the enterprise, this is protection at all points, but this also applies to consumers. It used to be that all you needed was a firewall, then you needed antivirus, now you need anti-spam, anti-phishing, anti-spyware and for heavens sake make sure your wireless is protected too.  This is just the beginning! Expect more layers to come.

Protect the data and the device: It used to be all you had to be concerned about was protecting your PC. Now you have to be equally proactive in protecting your Mac, tablet and mobile phone. You still need antivirus and all the different layers of protection mentioned in the point above, but you also need to be aware of what stuff you have all your devices that can expose your personal information and identity.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Cybercriminals Target Senior Citizens

Cyber scams happen to the young and the old, the rich and the poor. It doesn’t matter how good or bad your credit is, or whether or not you have a credit card. Cybercriminals target everyone, regardless of how much or how little you rely on a computer.

The lowest of the lowlifes, however, tend to prey upon the weak and uninformed. And all too often, that means children or elderly.

Senior citizens are in a unique position because they often have money in the bank, plus access to additional lines of credit. They are less likely to be frequent Internet users, relative to younger generations, and are therefore less likely to be aware of the many scams that may be targeting them.

Many common scams take place using the telephone rather than the Internet, such as “grandparent scams,” in which victims receive calls from their supposed grandchildren, requesting money.

Online, beware of social media and dating scams. Not everyone who contacts you online is your friend, so be cautious before sharing personal information. Never, under any circumstances, should you send money on the basis an online relationship.

You’re most likely heard the term “phishing,” and have certainly received a fake email at some point. But scammers are getting better at creating targeted, personalized emails that include your name, email address, and even stolen account numbers. Never click any links within an email. Instead, go to your favorites menu or manually type the address into the address bar. If you suspect that an email might not be legitimate, hit delete.

Scammers are constantly searching for the information they need to take over your existing accounts, either by hacking into your own personal computer or by stealing data from your bank, credit card company, a government agency, or any other institution that keeps personal data on file. To prevent account takeover, keep your antivirus software updated, and pay close attention to all your bank statements. Refute any unauthorized transactions right away.

Bad guys love your Social Security number, because they can use it to open new credit accounts in your name. You’ve probably disclosed your Social Security number hundreds of times in your life, and can’t avoid disclosing it in the future. But you can protect yourself with identity theft protection and a credit freeze.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)