Tag Archive for Kaspersky Lab

| February 23, 2017
Comments Off on What to Think About Before You Click

What to Think About Before You Click

What to Think About Before You ClickReaders of the Bach Seat know that the Internet can be a risky place. The typical advice to stay safe on the Intertubes is to think before you click. But why should you care and what should you think about before you click on a link in your email or on Facebook?  Email is the leading source of attacks at home and at work.

Kaspersky reports that over 2/3 of emails sent in 2014 were SPAM. Merely clicking on a SPAM link can lead to password and data theft, and even “drive-by” malware downloads. In order to stay safe at work and at home ESet wants you to ask yourself these questions before you click on any link:

1. Do you trust the person sending or posting the link?Do you trust the person sending or posting the link? People have gotten better at distinguishing good emails and links from bad. Nonetheless, you still need to be alert, so the first question to ask yourself is:

  • Do I trust the person sending or sharing this link? If you don’t recognize the name, the email account, or the content, delete it.

2. Do you trust the platform? Here’s what we mean by “platform”: A link shared on your company’s private Intranet is likely to be safe. But anybody can send you an email — so be skeptical.

many social media accounts are fake and pose a riskPay special attention to Twitter (TWTR) and Facebook (FB), as both social media sites have been hit by copious amounts of spam. Online security experts have found that many social media accounts are fake and pose a risk to anyone they come in contact with.

  • Researchers say that an average of 40% of Facebook and 20% of Twitter accounts claiming to represent a Fortune 100 brand are fake. 99% of malicious URLs posted on social media channels led to malware or phishing attacks.

3. Does this link coincide with a major world event? Cybercriminals seize any opportunity to get someone to click a link. They commonly use news events like natural disasters, Olympics, and World Cups to lure victims to identity theft or malware sites.

Do you trust the destination4. Do you trust the destination? Look at the link that has been shared. Does it go to a website you recognize? If you don’t trust or don’t know, the destination, don’t click the link.

5. Is it a shortened link? The rise of social media, especially Twitter, has prompted people to shorten links for convenience. Bad guys can easily shorten scam links, making them harder to spot.

  • With shortened links, the advice is clear; ask yourself the above four questions and if you’re unsure still, use LongURL and CheckShortURL, to restore the shortened link to its original length.

rb-

Even if you follow this advice, you still need to be alert. If for whatever reason, you’re unsure, you could pick up a phone and call them (Did you remember that you can talk to people on phones?) to verify that they did indeed send that information and maybe talk about something else too.

 

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| February 11, 2017
Comments Off on Your Bad Password Habits

Your Bad Password Habits

Your Bad Password HabitsYet more proof that passwords suck. Kaspersky Lab has published new data that reinforce the fact that passwords suck. Kaspersky found that Internet users around the world have bad password habits. Most users have not mastered how to use passwords effectively to protect themselves online.

Kaspersky Labs logoThe Kaspersky research has shown that people are putting their online safety at risk by making bad password decisions and simple password mistakes that may have far-reaching consequences. The research outlined in Networks Asia unearthed three common bad password habits that are putting many Internet users at risk. Internet users:

Common bad password habits

  1. Use the same password for multiple accounts, meaning that if one password is leaked, several accounts can be hacked.
  2. Use weak passwords that are easy to crack.
  3. Store their passwords insecurely, defeating the point of having passwords at all.

PasswordAndrei Mochola, Head of Consumer Business at Kaspersky Lab said, “Considering the amount of private and sensitive information that we store online today, people should be taking better care to protect themselves with effective password protection.

Password research

  • 10% of people use the same password for all their online accounts. Should one password be leaked, these people are at risk of having every account Head in the sandhacked and exploited.
  • 18% have faced an account hacking attempt but few have effective and cyber-savvy password security in place.
  • Only 30% of Internet users create new passwords for different online accounts

Additionally, Kaspersky found that people are not creating passwords that are strong enough to protect them from hacking and extortion. Despite that users think their online banking (51%), email (39%), and online shopping accounts (37%) need strong passwords, only;

  • 47% use a combination of upper and lowercase letters in their passwords,
  • 64% use a mixture of letters and numbers.

simple password management mistakesKaspersky’s Mochola observed,  “This seems obvious, but many might not realize that they are falling into the trap of making simple password management mistakes. These mistakes, in turn, are effectively like leaving the front door open to emails, bank accounts, personal files, and more.

Mistreating their passwords

According to the article, the study found that people’s bad password habits include sharing them with others and using insecure methods to remember them.

  • 28% have shared a password with a close family member.
  • 22% have admitted to writing their passwords down in a notepad to help remember them. Even if a password is strong, this leaves the user vulnerable because other people may see and use it.
  • 11% have shared a password with friends, making it possible for passwords to be unintentionally leaked.

people are mistreating their passwordsMr. Mochola described good password practices, “The best passwords cannot be found in the dictionary. They are long, with upper and lowercase letters, numbers, and punctuation marks. However, with people having so many online accounts today, it’s not easy to remember a secure password for everything. Using a password management solution can help people remember and generate strong passwords to minimize the risk of account hacking online.”

rb-

Great advice from Kaspersky, but as followers of the Bach Seat know, humans suck at passwords they use the same bad password habits here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| June 25, 2016
Comments Off on Malware Steals Your Cash At ATM

Malware Steals Your Cash At ATM

Malware Steals Your Cash At ATMOn September 2, 1969, America’s first automatic teller machine (ATM) started dispensing cash to customers at Chemical Bank in Rockville Center, New York. Since then ATMs have been a trusted avenue for many banking transactions. However, Business Insider warns that the next time you pull cash out of the ATM, or “Tap the Mac” you should take extra care. BI reports that Internet security firm Kaspersky Lab has announced the return of a newer and more dangerous version of the Skimer malware.

TATMs hackedhe report characterizes Skimer as an especially dangerous malware that turns whole ATMs into card-skimming machines. The malware first appeared in 2009 and has been distributed at ATMs all over the world.

The majority of ATM fraud takes place through card skimming. Card skimming is usually physical, as criminals typically install an illegal card-reading device into ATMs, film people entering their PINs on keypads, and then create duplicate cards for sale and use, reports the New York Times. Fortunately, users can uncover these card skimmers because they’ll spot a problem with the card reader or notice an unusual camera.

Gas pump skimmerSkimer is particularly problematic because it is software-based. The article explains the threat is undetectable to the common ATM user since there is no physical sign of the ATM being tampered with. The Russian-based program lets criminals access an ATM remotely, install the malware, and then gather data such as PINs, card numbers, and account numbers over the course of time. A “money mule” can then insert a special magnetic stripe card into the ATM to access the stolen data, take out money, or print card numbers onto a receipt.

The attack begins by gaining access to the ATM system either through physical access or via the bank’s internal network. Then Backdoor.Win32.Skimer malware is installed which infects the core of the ATM. The ATM core is responsible for the machine’s interactions with the banking infrastructure, cash processing, and credit cards. After that, the ATM has become a skimmer. The compromise allows the attackers to withdraw all the funds in the ATM or grab the data from cards used at the ATM, including customers’ bank account numbers and PIN codes.

Kaspersky logoKaspersky is trying to help banks detect Skimer and is providing techniques for identifying affecting machines and securing their ATM networks in the future. Sergey Golovanov, a principal security researcher at Kaspersky Lab explains it is possible for banks to stop Skimer.

We have discovered the hardcoded numbers used by the malware, and we share them freely with banks … they can proactively search for them inside their processing systems, detect potentially infected ATMs and money mules, or block any attempts by attackers to activate the malware

To prevent ATM attacks, Kaspersky recommends that banks:

  • Perform regular AV scans,
  • Use whitelisting technologies,
  • Have a good device management policy,
  • Enable full-disk encryption,
  • Protect the ATM’s BIOS with a password,
  • Only allow HDD booting,
  • Isolate the ATM network from any other internal bank network.

ATM fraud continues to growDespite a way to control Skimer, ATM fraud continues to grow according to BI. A recent FICO study found the number of compromised ATMs in the U.S. surged 546% from 2014 to 2015, thanks in large part to the slow EMV migration of debit cards and ATMs. The article speculates that EMV upgrades would stop Skimer. The resistance to EMV means ATM fraud could grow even more from 2015 to 2016.

John Heggestuen, at BI Intelligence, explains that EMV cards are being rolled out with an embedded microchip for added security. The microchip carries out real-time risk assessments on a person’s card purchase activity based on the card user’s profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.

EMV cardsRetail card fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion in 2013. To solve the card fraud problem across all channels, payment companies and merchants are implementing new payment protocols that could finally help mitigate fraud. In the article, BI’s Heggestuen describes some of the other technologies that financial institutions are utilizing to reduce fraud risks.

Encryption of payments data is being widely implemented. Encryption degrades valuable data by using an algorithm to translate card numbers into new values. This makes it difficult for fraudsters to harvest the payments data for use in future transactions.EncryptionPoint-to-point encryption electronically changes sensitive payment data from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions.

Point-to-point encryption
Tokenization increases transaction security. Tokenization assigns a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often “multiuse,” meaning merchants don’t have to force consumers to re-enter their payment details. Apple Pay uses one emerging form of tokenization.Tokenization
3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to confirm that the person using card data is actually the cardholder. 3D Secure adds a level of user authentication by requiring the customer to enter a passcode or biometric data as well as payment data to complete a transaction online.

rb-

The best recommendation to protect yourself from Skimer and other ATM threats is to use the ATMs at your bank or credit union. These ATMs are harder for thieves to install any type of skimmers or malware on because of the higher traffic and monitoring. ATMs located outside a financial institution like at a 7-11 are highly suspect.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| July 28, 2015
Comments Off on Snoops Offer Security Tips

Snoops Offer Security Tips

Snoops Offer Security TipsIn one of the more ironic, notice I did not say tragic, turns in the post-Snowden era, the National Security Agency (NSA) has published a report with advice for companies on how to deal with malware attacks. FierceITSecurity says the report (PDF) boils down to “prevent, detect and contain.” To be more specific, the report recommends that IT security pros:

  • Segregate networksSegregate networks so that an attacker who breaches one section is blocked from accessing more sensitive areas of the network;
  • Protect and restrict administrative privileges, in particular high-level administrator accounts, so that the attacker cannot get control over the entire network;
  • Deploy, configure, and monitor application whitelisting to prevent malware from executing;
  • Restrict workstation-to-workstation communication to reduce the attack surface for attackers;
  • Deploy strong network boundary defenses such as perimeter and application firewalls, forward proxies, sandboxing and dynamic analysis filters (PDF) to catch the malware before it breaches the network;
  • Network monitringMaintain and monitor centralized host and network logging product after ensuring that all devices are logging enabled and their logs are collected to detect malicious activity and contain it as soon as possible;
  • Implement pass-the-hash mitigation to cut credential theft and reuse;
  • Deploy Microsoft (MSFT) Enhanced Mitigation Experience Toolkit (EMET) or other anti-exploitation capability for devices running non-Windows operating systems;
  • Employ anti-virus file reputation services (PDF) to catch known malware sooner than normal anti-virus software;
  • Implement host intrusion prevent systems to detect and prevent attack behaviors; and
  • Update and patch software in a timely manner so known vulnerabilities cannot be exploited.

The author quotes from the report;

I Luv your PCOnce a malicious actor achieves privileged control of an organization’s network, the actor has the ability to steal or destroy all the data that is on the network … While there may be some tools that can, in limited circumstances, prevent the wholesale destruction of data at that point, the better defense for both industry and government networks is to proactively prevent the actor from gaining that much control over the organization’s network.

rb-

For those who have not been following along, the TLA’s have been attacking and manipulating anti-virus software from Kasperskey.

SpyingWe also now know suspect that the TLA’s have compromised at least one and probably two hardware vendors. The Business Insider recalls, way back in 2013, as part of the Edward Snowden NSA spying revelations.German publication Spiegel wrote an article alleging that the NSA had done a similar thing — put code on Juniper Networks (JNPR) security products to enable the NSA to spy on users of the equipment. 

Over at Fortinet (FTNT) they had their own backdoor management console access issue that appeared in its FortiOS firewalls, FortiSwitch, FortiAnalyzer and FortiCache devices. These devices shipped with a secret hardcoded SSH logins with a secret passphrase.

The article seems like advertising for the TLA’s hacking program.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,