All posts by 007admin

Your Company’s IT Resources are a Mine for Hackers

Blockchain technology was invented in early 2009 to support bitcoin, a new digital currency with a clear objective: make transactions without the need for traditional intermediaries. Invented by the enigmatic Satoshi Nakamoto, bitcoin kicked off the cryptocurrency boom. But as society’s interest in cryptocurrencies has grown, so has criminal interest, creating headaches for companies’ security departments.

The rise of cryptojacking

Mining cryptocurrency is necessary for the system to work. Mining consists of a series of computations performed to process transactions made on blockchains. It creates new cryptocurrency and confirms transactions along the blockchain network. To create more cryptocoins, it is necessary to mine them. Without mining, the system would collapse.

Many users themselves have begun mining cryptocurrencies as a way to make money. Miners perform mathematical operations to verify transactions, and to do so, they use special software. Therefore, for mining to be lucrative, it is necessary to have a great deal of computational power. To make money from mining, cybercriminals are turning to cryptojacking.

Cryptojacking consists of the unauthorized use of a user’s devices to mine cryptocurrency. Basically, attackers make use of malware to hijack computers, tablets or smartphones, for example, and use them to covertly mine cryptocurrency. The user will probably note some lag in their device, but won’t be aware that it’s due to an attack attemping to mine cryptocurrency. One of the most common techniques consists in taking control of the victim’s CPU or GPU from a website infected with malware to mine cryptocurrency, such as what happened recently with YouTube. In this case, the advertising agency DoubleClick was victim of an attack that hid a Coinhive cryptojacking script in the code of YouTube advertisements. Coinhive is the most commonly used script to carry out these types of attacks. A study by security researcher Troy Mursch detected 50,000 new infected websites with cryptojacking scripts, with 80% of them using Coinhive.

Another attack technique consists in using Microsoft Word’s online video function, which allows users to insert videos in documents without the need to embed them. In this case, attackers take advantage of this feature to insert malicious scripts and to covertly take control of the power of the victim’s CPU.

Background theft

Cryptocurrency has become the gold of the 21st century. As a result, we are set to see more attacks attempting to mine cryptocurrency. Now that IT teams and state security forces have their eye on ransomware attacks, cybercriminals are opting for more secure methods to make a buck and have begun stealing IT resources to mine.

The difficulty in detecting this type of attack is making it one of cybercriminals’ preferred methods to illegally line their pockets. These attacks are also becoming increasingly sophisticated in order to affect the greatest number of devices possible. The more computational power they steal, the faster they can mine. This is giving rise to attackers fighting each other over CPU resources. Cybercriminals are including a mechanism in their code to detect competing miners and eliminate them in order to take complete control over the CPU’s resources.

That’s why companies are becoming the prime objective of attackers in 2018. If they get access to a corporate network, they have an enormous amount of resources available to them.

How can a company protect itself from cryptojackers?

These attacks have serious consequences for businesses. The most evident consequence comes from stealing CPU cycles which can slow down systems and networks, putting business and the general system availability at risk. Furthermore, once a company has been attacked, it is likely that a lot of time, money and effort will be required to get rid of and correct the problem. Intensive cryptocurrency mining can also have financial repercussions for a company, as electricity bills can be quite a bit higher due to the high energy demand.

Additionally, these attacks can wreak havoc on corporate devices. If mining is performed over a prolonged period of time, devices and their batteries can experience extreme overheating which can the devices.

Of course, one should also not forget that being a victim of cryptojacking means that an attacker has gotten through security systems and has obtained control of the company’s devices, putting the company’s data privacy at risk.

To be protected from a possible cryptocoin mining attack, one should follow these security measures:

  • Perform periodic risk evaluations to identify vulnerabilities.
  • Regularly update all systems and devices.
  • Adopt advanced cybersecurity solutions that allow for a detailed visibility of activity on all endpoints and control all running processes.
  • Create a secure browsing environment, installing extensions that hinder cryptocurrency mining.

The post Your Company’s IT Resources are a Mine for Hackers appeared first on Panda Security Mediacenter.

Read More

How Cybercriminals Target Freelancers – And What You Can Do About It

Whoever coined the adage “time is money” was probably a freelancer. It’s tough for the self-employed to enjoy the financial or emotional benefits of paid time off. Any hour you’re not writing, designing, or programming is an hour you’re not getting paid. There’s also the non-billable time you spend communicating with clients, tracking down late payments, and promoting yourself. You simply can’t afford extra downtime from a computer virus or a data breach. Unfortunately, your career choice makes you a tantalizing target for cybercriminals.

Malware makers and hackers know you handle private client data, that you work from home, that you likely use public WiFi, and that you probably haven’t downloaded cybersecurity software. It’s not an ideal situation … except for enterprising cybercriminals.

Take the time now to study these cybersecurity tips, and you’ll save money later when you don’t become a victim of ransomware.

Modernize your OS

Operating systems work their best to protect you against malware when they contain the latest security patches. The sooner you update, the better your chances of avoiding a hack. Set your OS to update automatically and check it regularly. Update all of your apps, too. Hackers exploit antiquated app architectures to make their way to your clients’ private data.

Also consider moving your work flow to the developer’s latest operating system. Many people still like working in Windows XP, and Microsoft still offers security updates. But if you just can’t part with Windows 7, at least make sure you’ve installed the correct Windows Service Pack.

Passwords: On-point protection

If hackers know the passwords for your clients’ accounts, nabbing their data is pretty simple. That’s why creating strong passwords is a cybersecurity must. Never use the same password for multiple accounts or create conspicuous ones like “123456” or “password”. Follow these steps for creating secure passwords and install a password manager to help …

  • Automatically generate strong passwords
  • Remember your passwords more easily
  • Protect you from phishing attacks
  • Make changing your passwords a breeze
  • Use your passwords on mobile devices

Beware phishing scams

Phishing is a popular online scam cybercriminals use to steal login credentials. With phishing scams, cybercriminals don’t need complex malware and sophisticated algorithms to infiltrate your laptop and steal your data. They trick you into voluntarily supplying your own passwords, credit card numbers, and SSN. The trick to defeating a phishing scam is understanding how phishing emails work and looking for common characteristics like these:

  • Suspicious links. Before clicking, check to see if any email link is taking you to the right URL. On a Mac or PC, hover your cursor over the link and check the lower left-hand corner of your browser to see the address. If they’re different, be extremely cautious. To check a URL on a smartphone, long press the link, and a window will open to reveal the address.
  • Grammar bad is. A common trait of many phishing emails is broken English, misspellings, and bad grammar.
  • Bad Body Image. Phishing scammers often use entire images for the body of their emails to bypass spam filters. If an email’s body is a .jpg or .png file, it may be a scam.
  • Click or Else! If the email has a threatening tone and asks you to sign into your account through a link in the email, you’re likely dealing with a phishing attempt.

With phishing attacks, you can’t be too cautious. Cybercriminals are constantly upping their email game, even using emails from legitimate websites like YouTube to launch their attacks. And scammers don’t limit themselves to just emails. The two websites and (don’t go here!) both exist, but they have vastly different content. If you’re not sure a website is legitimate, you can use online tools to look up a domain’s reputation for safety.

Cloak your data in a VPN

Virtual Private Networks encrypt the data you transmit over the internet by routing it through smaller, private networks. As a result, you can make it impossible for cyberthieves to identity you as the sender and receiver of the data or to locate your physical location.

VPNs offer encryption at every step of the browsing process, which makes them ideal for remote work and surfing public WiFi networks like cafes, hotels, or libraries. They’re also useful during work trips to countries with strict internet censorship.

The best VPNs are paid services, but research before you buy. Not all VPNs are created equal. You can run a compliance test to make sure a VPN adheres to standard encryption methods.

Working off-site isn’t a time to let your guard down

That Starbucks around the corner you consider your “off-site office” has free WiFi, but don’t assume it’s safe to surf. Using open WiFi networks leaves your clients’ data more vulnerable to hackers who can intercept your communications with a man-in-the-middle attack.

Cybercriminals also conspire in the physical world, stealing devices, swiping USB drives, or taking pics of laptop screens. Don’t make your clients pay for your mistakes. Follow these tips when using public WiFi:

  • Never leave your devices unattended.
  • Lock your laptop screen when your computer is idle.
  • Sit with your back against the wall when possible.
  • Get a privacy screen for your laptop.
  • Remove USB drives and DVDs from your computer when not using them.
  • Install tracking software for your devices in case of physical theft.
  • Encrypt sensitive files with encryption software.
  • Look for trusted local spots to get your work done.

Treat a public workspace like a phishing email: Scrutinize it well. You don’t need to be the roving Eye of Sauron — just practice common sense, and you’ll go a long way in protecting your clients’ data.

More copies of your data makes it safer

Backing up your files protects you from crashed drives and malware attacks. Data backups neutralize ransomware attacks. When people only have one copy of their high-priority data, cyberthieves can demand large sums of money for its return. If you have copied data to an external hard drive, ransomware popups become empty threats.

Ideally, you should make two backups: one on a physical hard drive and one online. Cloud storage services are inexpensive services that have the added benefit of letting you access the data anywhere there’s an internet connection. A little investestment is also a selling point for your services. Clients feel safer knowing you’re protecting their data. That translates into more contracts for you!

Download antivirus software

It’s takes effort to watch out for phishing scams and manage passwords, but downloading antivirus software helps take some of the burden off of you. Antivirus software is like hiring a 280-pound MMA badass to stand guard outside your apartment door. It scans for and eliminates common computer viruses and other malware, warning you if they try to break into your devices and kicking them out if they do. Paid versions of AV software often come with added features like password managers and firewalls.

Time is actually more than money

When you protect your clients’ data, you’re saving more than just your money, you’re saving the a business’s lifeblood — the thing that ensures their success. These tips prove you don’t need to get an online computer science degree to protect your clients’ data from cybercriminals. You also don’t need to take out a second mortgage to protect your devices. A sizeable chunk of good cybersecurity habits are just common sense and resourcefulness, two qualities, as a freelancer, you demonstrate every day.

Download your Free Antivirus

The post How Cybercriminals Target Freelancers – And What You Can Do About It appeared first on Panda Security Mediacenter.

Read More