Tag Archives: Cybersecurity

National Cybersecurity Awareness Month Twitter Chats part 2

In the first part of our series we addressed issues such as the role an everyday internet user has in making the internet a safer place, and ID theft. The second part of the Twitter chat continues with the theme of Simple Steps to Online Safety.

The post National Cybersecurity Awareness Month Twitter Chats part 2 appeared first on WeLiveSecurity

Read More

New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock


DoubleLocker—as the name suggests, it locks device twice.

Security researchers from cybersecurity firm ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN.

On top of that:

DoubleLocker is the first-ever ransomware to misuse Android accessibility—a feature that provides users alternative ways to interact with their smartphone devices, and mainly misused by Android banking Trojans to steal banking credentials.

“Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers,” said Lukáš Štefank, the malware researcher at ESET.

“Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom.”

Researchers believe DoubleLocker ransomware could be upgraded in future to steal banking credentials as well, other than just extorting money as ransom.

First spotted in May this year, DoubleLocker Android ransomware is spreading as a fake Adobe Flash update via compromised websites.

Here’s How the DoubleLocker Ransomware Works:

Once installed, the malware requests user for the activation of ‘Google Play Services’ accessibility feature, as shown in the demonstration video.

After obtaining this accessibility permission, the malware abuses it to gain device’s administrator rights and sets itself as a default home application (the launcher)—all without the user’s knowledge.

“Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence,” explains Štefanko.

“Whenever the user clicks on the home button, the ransomware gets activated, and the device gets locked again. Thanks to using the accessibility service, the user does not know that they launch malware by hitting Home.”

Once executed, DoubleLocker first changes the device PIN to a random value that neither attacker knows nor stored anywhere and meanwhile the malware encrypts all the files using AES encryption algorithm.

DoubleLocker ransomware demands 0.0130 BTC (approximately USD 74.38 at time of writing) and threatens victims to pay the ransom within 24 hours.

If the ransom is paid, the attacker provides the decryption key to unlock the files and remotely resets the PIN to unlock the victim’s device.

How to Protect Yourself From DoubleLocker Ransomware

According to the researchers, so far there is no way to unlock encrypted files, though, for non-rooted devices, users can factory-reset their phone to unlock the phone and get rid of the DoubleLocker ransomware.

However, for rooted Android devices with debugging mode enabled, victims can use Android Debug Bridge (ADB) tool to reset PIN without formatting their phones.

The best way to protect yourself from avoiding falling victims to such ransomware attacks is to always download apps from trusted sources, like Google play Store, and stick to verified developers.

Also, never click on links provided in SMS or emails. Even if the email looks legit, go directly to the website of origin and verify any possible updates.

Moreover, most importantly, keep a good antivirus app on your smartphone that can detect and block such malware before it can infect your device, and always keep it and other apps up-to-date.

Powered by WPeMatico

Perry Carpenter: “Don’t be Afraid of Simulated Attacks”

Perry Carpenter is Chief Evangelist and Strategy Officer at KnowBe4, one of the most popular platforms for phishing simulations and building cybersecurity awareness. Perry was previously Research Director for Security & Risk Management at Gartner, and is an expert on what can be called the “human side” of cybersecurity. We spoke with Perry about good password hygiene, conditioning ourselves to create good security habits, and the benefits of continual employee training with simulated attacks.

 What is your overall vision of the state of enterprise cybersecurity in 2017?

The thing that’s been most encouraging this year when it comes to cybersecurity is seeing some of the teamwork that has happened across the globe. So the threats, I think, will always increase — we’re always going to see new attack vectors, we’re going to see new financially motivated crimes, we’re going to see larger and larger data breaches, like the Equifax breach. I think we’re going to continue to see that, but what’s been encouraging for me is, in the wake of issues like WannaCry and NotPetya, or the GoogleDocs phishing event, we’ve seen a very strong international community of people coming together and sharing real-time research and progress on working through these problems. This seems very new to this year, whereas in past years we’ve seen people hold some of that information close and not share it, because they perhaps wanted to monetize it by building the patches, or selling the fixes to one of the major security vendors, and letting that vendor have an exclusive way for mediating the problem. But we’ve seen a lot of open-source, intelligent sharing between security researchers this year. It’s been great.

Do you believe employees are the weakest link in enterprise cybersecurity?

I believe that users in general can be the weakest link. The thing with users is that we’re all human, and we’re all vulnerable based on the way that our brains are wired. Attackers find ways to manipulate us and get us to perform actions that maybe we believe we’re not susceptible to performing, like clicking on a link or downloading an attachment, or violating a policy. And some of that happens in spite of a person’s better judgement. So we can be the weak links, and it’s because of behavior patterns and neurological factors in how we’re wired. The good news behind that, though, is that, like anything that we learn, and have that learning ingrained in us, good patterns can become habit. That’s the good news for us.

Perry Carpenter

So while a user can be the weak link, we have to realize that they are the last line of defense in many organizations. But if we properly use some behavioral conditioning and some other psychological factors around how we train users, then we can channel them into the right behavior so that they can actually become a very strong part of our layered defense model. After a firewall hasn’t prevented something, or a secure email gateway hasn’t prevented something, or an Endpoint Detection and Response vendor hasn’t protected something, there is that last line of defense that is the human. And we would hope that some of the innate pattern matching abilities that humans have can be strengthened, and some of the muscle memory, and psychological habits that people can get in, can become very strong habits over time.

Do you have any employee protocol that you teach or follow to actually improve how they react to potential threats?

We do, specifically in the social engineering context. We are firm believers, and we are innovators in the market, of automated social engineering testing. And the way that works is, you can configure in the system the types of phishing emails, or voicemail phish, or even multi-pronged phish that span email and text messaging and invoice, all to try to drive somebody to take an unsecure action. By presenting those simulated situations to end users, hopefully without warning, and giving them the opportunity to see those, and giving them the training on how to detect the red flags — when you frequently expose people to that, and you tell them the best practices, and allow them to fail safely the first few times, they’re able to build the more secure reflexes that we would hope that end users have.

The key, for me, is doing that type of testing frequently. And where I see a lot of companies fail is that they will do a simulated social engineering test once a year, or once every three months, and that’s not going to train people. That’s just going to show you how bad the problem is. If you actually want to train people, then it’s like anything else in life. It’s like physical fitness, or a habit that you’re trying to create. You have to engage in that in a very deliberate routine pattern, and in frequent intervals. If you’re testing quarterly, then you’re taking a quarterly baseline. If you’re training every two weeks or every month, then you’re actually starting to develop some muscle memory. If we do that, then we’ll see the behavior improve, we’ll see what we call the person’s “phish-prone percentage” go down. Ultimately the attack surface has been lessened, because the habits are what you want them to be. The only way is to have continual testing, so that they’re continually training that muscle and not letting it atrophy.

How do you overcome cybersecurity fatigue? Even simple security steps, like using strong passwords for example, can frustrate employees. How do you communicate to them the importance of cybersecurity?

There is a behavioral researcher out of Stanford University in the US, BJ Fogg, and I love the way he phrases the behavior problem when it comes to people making healthy choices — and security is pretty much the same way. He says there are three fundamental things about humans. Number one is we’re lazy. Number two is we’re social. And number three is that we’re creatures of habit.

In your example, when it comes to creating a good password, you hit exactly on those three things that he mentions. One, we’re lazy: we want to choose the easy password. Two, we’re social: we’re going to have the same habits as the people around us, so if we’re in a group of people and we’re all complaining, then going with the group mindset is the easiest thing to do. And three, we’re creatures of habit: that definitely plays into password mentality. We’ll choose a password, and then whenever it comes time to create a new password, we’ll just put a number on the end of it. We’ll change it from “monkey1” to “monkey2”, and then “monkey3” and so on. So with passwords we see all three of those principles, and the way to effect change isn’t necessarily just to keep saying security is important. We need to reinforce the “why” behind the policy. The critical thing that we have to do is to facilitate the change we want. So that means pushing them in the right direction in friendly ways, ways that they won’t want to rebel against. You can show them that creating a new password is easy, by even looking at the new NIST password recommendations, where they’re talking about moving to passphrases that are easy to remember, rather than these huge complex passwords that nobody could ever grasp.

What are the key takeaways that an employee should get from cybersecurity training?

I’ll boil it down to the most important one, which is: think before you act. The reason why is because if we just go with our default reflex, that could be wrong. Somebody could be playing us based on emotion or urgency, and we might just react. But if we could slow down for a second and think logically, then we might have the result that the organization wants from a security perspective.

Number two would be to create and remember good passwords, and have good password hygiene. And the reason behind that is that it is one of the things that we can fix now. Even though the password management market has a bad rap, it is better than the system that we use mentally. So a product like LastPass or Dashlane or KeePass can help people have this vault for the 50-60 passwords that they have to remember.

Three would be to care as much about your customer’s data as you care about your personal data.

What advice would you give to a company that wishes to stay safe in the new cyber ecosystem, from both the technological and human side of security?

I would say that safety is relative. We live in the age of having to come to grips with the fact that everybody is compromised, every system is compromised, so when it comes to safety, the key is trying to determine how we handle compromise when we hear of it and what mitigating factors we put in place post-compromise so that the same thing doesn’t happen again. For organizations that are wanting to work on the human behavior side, my best advice is to not be afraid of simulated attacks. That’s the only way to know how your people are going to behave when the real thing comes, and it’s the only way to condition them to have the right behavior. When it comes to safety, we have to take the blinders off, know the situation that we’re in, and act accordingly.

Parts of this interview were lightly edited for clarity.

The post Perry Carpenter: “Don’t be Afraid of Simulated Attacks” appeared first on Panda Security Mediacenter.

Read More

Warning: Millions Of P0rnHub Users Hit With Malvertising Attack


Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections.

Active for more than a year and still ongoing, the malware campaign is being conducted by a hacking group called KovCoreG, which is well known for distributing Kovter ad fraud malware that was used in 2015 malicious ad campaigns, and most recently earlier in 2017.

The KovCoreG hacking group initially took advantage of P0rnHub—one of the world’s most visited adult websites—to distribute fake browser updates that worked on all three major Windows web browsers, including Chrome, Firefox, and Microsoft Edge/Internet Explorer.

According to the Proofpoint researchers, the infections in this campaign first appeared on P0rnHub web pages via a legitimate advertising network called Traffic Junky, which tricked users into installing the Kovtar malware onto their systems.

Among other malicious things, the Kovter malware is known for its unique persistence mechanism, allowing the malware to load itself after every reboot of the infected host.

The Traffic Junky advertising network redirected users to a malicious website, where Chrome and Firefox users were shown a fake browser update window, while Internet Explorer and Edge users got a fake Flash update.


“The [infection] chain begins with a malicious redirect hosted on avertizingms[.]com, which inserts a call hosted behind KeyCDN, a major content delivery network,” Proofpoint writes.

The attackers used a number of filters and fingerprinting of “the timezone, screen dimension, language (user/browser) history length of the current browser windows, and unique id creation via Mumour,” in an effort to target users and evade analysis.

Researchers said Chrome users were infected with a JavaScript which beaconed back to the server controlled by the attackers, preventing security analysts working through the infection chain if their IP had not “checked in.”

This makes it extremely unlikely that the JavaScript can be run alone and provide the payload in a sandbox environment,” Proofpoint writes. “This is most likely why this component of the chain has not been documented previously.

In this case, the attackers limited their campaign to click fraud to generate illicit revenue, but Proofpoint researchers believed the malware could easily be modified to spread ransomware, information stealing Trojans or any other malware.

Both P0rnHub and Traffic Junky, according to the researchers, “acted swiftly to remediate this threat upon notification.

Although this particular infection chain was successfully shut down after the site operator and ad network got notified, the malware campaign is still ongoing elsewhere.

Powered by WPeMatico

Software and Security Information