Tag Archive for Ransomware

| November 4, 2014
Comments Off on What is Ransomware?

What is Ransomware?

What is Ransomware?Ransomware is a nasty form of malware. It is also known as data kidnapping. It locks up your computer by encrypting your data and then demanding you pay a fee to unlock them. The fee is usually in Bitcoins. The decryption key may or may not unlock your files. Ransomware can be terrifying. We rely so completely these days on our PCs that to stare helplessly at yours—often with a racy image on the screen—is frustrating and crippling to your productivity. Cybercriminals may use one of several tactics to extort money from their victims.

Tactics to extort money

1. After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.

2. The victim is duped into believing he is the subject of a police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.

Avoid sketchy websites3. The attackers sneak malware onto a computer, usually by a drive-by download, which encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.

Cut your ransomware risks

Here are tips that cut your risk of becoming a victim.

1. Avoid sketchy websites, searches, and downloads. You know the old expression “You can’t cheat an honest man”? Well, many (though not all) ransomware infections begin when a user surfs to pornographic or gambling websites, while others start with a click on a suspicious link. Steer clear of sites known to house malware, and never click a link in an email unless you know it is legit.

2. Back up your data. Experts stress that the single biggest thing that will defeat ransomware is having a regularly updated backup. That way, if you are beset by ransomware, you can restore your system while losing relatively little work.

3. Update your software regularly. Ransomware, like most malware threats, may sneak onto your PC through a known flaw in your operating system or other software programs. And hackers often rely on people running outdated software with those known vulnerabilities. You can definitely decrease the potential for ransomware if you make a practice of updating your software often.

4. Use a reputable security suite. It is always a good idea to have both anti-malware software and a firewall to help you identify threats or suspicious behavior. Malware authors often send out new variants, to try to avoid detection, which is why it’s important to have both layers of protection.

Anti-malware vendor Webroot provided this infographic that shows the prevalence of ransomware and the methods IT professionals use to deal with it.

Webroot Ransomwear infographic

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| September 25, 2014
Comments Off on Internet of Things Full of Holes

Internet of Things Full of Holes

Internet of Things Full of HolesThe Internet of Things, is big and heading towards huge. The Internet of Things (IoT) is a system where unique identifiers are assigned to objects, animals, or people. These “Things” then transfer data over a network without requiring human-to-human or human-to-computer interaction. Whatis.com says IoT evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), and the Internet.

Business Insider believes that the IoT will be the biggest thing since sliced bread. They claim there are 1.9 billion IoT devices today, and 9 billion by 2018, which roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined. Gartner (IT) predicts that there will be 26 billion IoT devices by 2020. Based on a recent article in InfoSecurity Magazine is a very scary thing.

BI Global IOT Installed Devie projectionsThe InfoSecurity article says HP (HPQ) found 70% of the most common IoT devices have security vulnerabilities. HP used its Fortify On Demand testing service to uncover security flaws. HP detected flaws in IoT devices like TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers as well as their cloud and mobile app elements according to the new study.

HP tested IoT devicesHP then tested them with manual and automated tools and assessed their security rating according to the vendor neutral OWASP Internet of Things Top 10 list of vulnerability areas. The author concludes that the results raised significant concerns about user privacy and the potential for attackers to exploit the devices and their cloud and app elements. Some of the results are:

  • A total of 250 security concerns were uncovered across all tested devices, which boils down to 25 on average per device,
  • 90% of devices collected at least one piece of personal information via the device, the cloud, or its mobile application,
  • 80% of devices studied allowed weak passwords like 1234 opening the door for WiFi-sniffing hackers,
  • 80% raised privacy concerns about the sheer amount of personal data being collected,
  • 70% of the devices analyzed failed to use encryption for communicating with the Internet and local network,
  • 60% had cross-site scripting or other flaws in their web interface vulnerable to a range of issues such as the Heartbleed SSL vulnerability, persistent XSS (cross-site scripting), poor session management and weak default credentials,
  • 60% didn’t use encryption when downloading software updates.

Mike Armistead, VP & General Manager, HP Fortify, explained that IoT opens avenues for attackers.

IoT opens avenues for the attackers.While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface … With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.

HP urged device manufacturers to eliminate the “lower hanging fruit” of common vulnerabilities. They recommend manufacturers, “Implement security … so that security is automatically baked in to your product … Updates to your product’s software are extremely important.”

Antti Tikkanen, director of security response at F-Secure, told InfoSecurity said the problems HP uncovered in this report were just the tip of the iceberg for IoT security risks.

One problem that I see is that while people may be used to taking care of the security of their computers, they are used to having their toaster ‘just work’ and would not think of making sure the software is up-to-date and the firewall is configured correctly … At the same time, the criminals will definitely find ways to monetize the vulnerabilities. Your television may be mining for Bitcoins sooner than you think, and ransomware in your home automation system sounds surprisingly efficient for the bad guys.

rb-

I covered the threats that IoT or “smart” devices presented back in 2012. I don’t know where HP (or the rest of the security community) has been.

The current generation of “smart” devices does not seem to have any security. Most likely the manufacturer did not consider basic security or worse calculated it was better to ignore the secure design in their rush to gain market share.

It is also annoying that HP did not reveal the details on the products they tested.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| July 1, 2014
Comments Off on Another Cloud Implosion

Another Cloud Implosion

Another Cloud ImplosionCode Spaces, formerly a popular cloud-based source code hosting service run by AbleBots from New Jersey was forced to close. Infosecurity reports that after an attacker managed to get access to its Amazon (AMZN) Web Services EC2 control panel and delete most of its customers’ data.  According to an explanation on the Code Spaces website, the firm was a victim of DDoS with the apparent attempt to extort “a large fee to resolve the DDOS.”

As the firm attempted to restore control of its machines, the attacker escalated the attack, the site says;

hanging out a closed sign

… the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel … We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances. In summary, most of our data, backups, machine configurations, and offsite backups were either partially or completely deleted.

Code Spaces marketed itself as a trusted provider offering “Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management” and a “full recovery plan” with full redundancy, duplication, and distribution of the data across three different geographical data centers if things went wrong. According to the Infosecurity blog despite the marketing hype the Code Spaces sites is folding up its tent and hanging out a closed sign by saying;

cost of refunding customers who have been left will put Code Spaces in an irreversible financial position Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on-going credibility.

rb-

Another high-profile Cloud Computing service goes bust. Last year when Nirvanix went belly up I wrote about the need for a cloud exit plan. Calum MacLeod, vice president of EMEA at Lieberman Software told CIO.com that security incidents like this are avoidable if companies take effective steps. He suggested firms should implement:

  • Certificate-based authentication along with normal user IDs and passwords,
  • Whitelist applications,
  • A schedule for changing Credentials every few hours for critical applications,
  • Continuous discovery of the systems and applications to check if there were any changes to account settings, like happened to Code Spaces where new privileged accounts were created to allow the attack to continue.

He concludes that the Code Spaces incident reads like a cyberattack 101 scenario, where the failure to properly manage privileged credentials ultimately was the cause of the breach.

Other suggested measure for organizations using AWS would be to enable multi-factor authentication for admin logins. Alternatively, to prevent the wholesale loss of files Amazon Glacier could be used for longer-term data archival, to augment regular offline backups.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| January 22, 2013
Comments Off on 5 Odd Tech Predictions

5 Odd Tech Predictions

5 Odd Tech PredictionsJulie Bort at the BusinessInsider found some really interesting ideas buried within this prediction season’s avalanche of humdrum thoughts. She shared them in the hope they will become self-fulfilling prophecies.

Software as a Service -SaaS1. Bad guys start offering “hacking as a service” – Security company McAfee says that criminal hackers have begun to create invitation-only forums requiring registration fees. The author speculates that these forums could become some sort of black-market software-as-a-service. Pay a monthly fee and your malware is automatically updated to the latest attack. Don’t pay, and it would be a shame if something happened to your beautiful website …

Mobile ransomware2. Bad guys try to kidnap your smartphone – Hackers have become fond of a form of malware called “ransomware.” It’s a popular way to harass people who view Internet porn. While visiting a porn site, bad guys plant malware on a computer that threatens to report the computer user to the police unless they pay up.

In 2013, the article says the trend will be to hold your smartphone hostage. Hackers will sneak malware onto smartphones and then make you pay if you don’t want all the data on your phone destroyed or leaked. So thinks Chiranjeev Bordoloi, the CEO of security vendor Top Patch.

Fake meat3. Fake meat becomes a real thing – Vegetarians have been manipulating vegetable protein to make it look a little like meat and taste nothing like it. But now BusinessInsider says the race is on to produce fake meat like bacon in much more technically advanced ways.

Dutch researchers have found a way to “grow hamburger” in the laboratory from just a few bovine stem cells. Tech investors have funded companies that will create food from plants. Stealthy startup Sand Hill Foods is one such company on investors’ watch list. Beyond Meat, a startup funded by Twitter cofounders Ev Williams and Biz Stone, makes realistic fake chicken and will ramp up availability in 2013.

Your smartphone will be your personal nurse4. Your smartphone will be like a personal nurse – Ms. Bort reports there is a healthcare revolution headed to your smartphone. IBM (IBM) has promised that one day soon doctors will use tech that will scan your body. They will send that data to the cloud for a diagnosis. Companies are developing smartphones with biosensors that do everything from check your blood sugar to detect the flu. Apple (AAPL) has promoted the iPhone as a platform for health technology since 2009, but some new devices are just coming to fruition.

tech you use for work will be fun5. The technology you use for work will be as much fun as the stuff you use at home – Most of us are so used to tech at work being a source of frustration that we can’t imagine a different world. But the author predicts that’s changing. In 2013, tablets will lead software to be redesigned for touch interfaces—which will make it fun and easy to use, more like a game than a spreadsheet. Best of all, more companies are adopting tech that lets you download a “virtual work desktop” on any device, simply by logging in on a Web browser or launching a mobile app.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| April 12, 2012
2 comments

What is Malware?

MalwareMost users I talk to about malware seem to use the following terms interchangeably; malware, virus, trojan, keylogger, worm, backdoor, bot, rootkit, ransomware, adware, spyware, and dialer. Raymond.cc offers some standard definitions to clarify the conversations.

MalwareMalware is short for Malicious Software where all the terms above fall into this category because they are all malicious. The different term being used instead of just plain virus is to categorize what the malicious software is capable of doing.

Virus spreads on its own by smuggling its code into application software. The name is in analogy to its biological archetype. Not only does a computer virus spread many times and make the host software unusable, but also runs malicious routines.

Trojan horseTrojan horse/Trojan is a type of malware disguised as useful software. The aim is that the user executes the Trojan, which gives it full control of your PC and the possibility to use it for its own purposes. Most of the time, more malware will be installed in your system, such as backdoors or key loggers.

Worms are malicious software that aims at spreading as fast as possible once your PC has been infected. Unlike viruses, it is not other programs that are used to spread the worms, but storage devices such as USB sticks, communication media such as e-mail, or vulnerabilities in your OS. Their propagation slows down the performance of PCs and networks, or direct malicious routines will be implemented.

Key loggerKey loggers log any keyboard input without you even noticing, which enables pirates to get their hands on passwords or other important data such as online banking details.

Dialers are relics from a time when modems or ISDN were still used to go online. They dialed expensive premium-rates numbers and thus caused your telephone bill to reach astronomic amounts. Dialers have no effect on ADSL or cable connections, but they are making a comeback with mobile devices and QR codes (I covered Attaging here).

BotnetBackdoor / Bots is usually a piece of software implemented by the authors themselves that enable access to your PC or any kind of protected function of a computer program. Backdoors are often installed once Trojans have been executed, so whoever attacks your PC will gain direct access to your PC. The infected PC, also called “bot”, will become part of a botnet.

Exploits are used to systematically exploit vulnerabilities of a computer program. Whoever attacks your PC will gain control of your PC or at least parts of it.

Spyware is software that spies on you, i.e. collect different user data from your PC without you even noticing.

AdwareAdware is derived from “advertisement”. Besides the actual function of the software, the user will see advertisements. Adware itself is not dangerous, but tons of displayed adverts are considered a nuisance and thus are detected by good anti-malware solutions.

Rootkit mostly consists of several parts that will grant unauthorized access to your PC. Plus, processes and program parts will be hidden. They can be installed, for instance, through an exploit or a Trojan.

Rogues / Scareware are also know as “Rogue Anti-Spyware” or “Rogue Anti-Virus”, rogues pretend to be security software. Often, fake warnings are used to make you buy the security software, which the pirates profit from.

RansomwareRansomware “Ransom” is just what you think it is. Ransomware will encrypt personal user data or block your entire PC. Once you have paid the “ransom” through an anonymous service, your PC will be unblocked.

There are different categories of malware the author says that most of the malware today combines different kinds of malware to achieve a higher rate of infection and giving more control to the hacker. Most malware is invisible that runs silently without your knowledge to avoid detection except for ransomware and adware.

Using “virus” as a catch-all phrase to include all types of malware is no longer right. The correct word to use should be malware. However, don’t expect the big anti-virus companies to rebrand their products to Kaspersky Anti-Malware or Bitdefender Anti-Malware because doing that may risk losing their brand identity even if they do offer a complete anti-malware solution.

The blog says it doesn’t mean that you’re safe if you don’t see it so it is important to run an anti-virus software from reputable brands such as Kaspersky, ESET, Avast, Avira, AVG (at one time AVG was installing a Yahoo toolbar without notice) MSE together with a second opinion anti-malware such as HitmanPro, Malwarebytes Anti-Malware, and SUPERAntiSpyware. As for Emsisoft Anti-Malware, it comes with its own Anti-Malware engine and Ikarus Anti-Virus Engine.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »