Tag Archives: Mobile News

Bitcoin: definition, hacks and frauds

Despite being around for several years, Bitcoin is suddenly all over the news. You probably already know it is something to do with money, so this article will help to explain what this cyrptocurrency is, why it matters, and how to use it safely.

What is Bitcoin?

Bitcoin works pretty much like every other currency – people can buy goods and services, and money can be traded on the foreign exchange market too. Coins are held in a digital wallet – and encrypted set of files on your computer – and act just like cash when making a payment.

There are some key differences however:

  • Bitcoin is entirely digital – there are no bank notes or coins – so all transactions take place electronically.
  • It is not managed by a central bank like the US Federal Reserve, instead its users maintain a shared control.
  • It uses heavy encryption to verify “money” is genuine, and to protect the identities of buyers and sellers making a transaction.

Why does Bitcoin matter?

Free from the control of central banks Bitcoin is, theoretically, affected less by interest rate rises, or ‘quantitative easing. This makes it very attractive to foreign currency investors.

The fact that this cryptocurrency works exactly like cash makes it very attractive to criminals. Police cannot trace a payment made with a physical £5 in a physical store – and the same is true of its transactions. This is why ransomware demands typically specify payment in Bitcoin.

Bitcoin – a valuable target for theft

Currently this digital currency is not widely used by consumers – but with the increased level of attention being given to the currency, more of us may be tempted to get on board. But there are some important security issues you need to be aware of first.

The digital wallet used to store Bitcoin acts just like your real-world wallet. So if someone steals your digital wallet from your computer, they also steal all the contents – your Bitcoins. Because it is virtually untraceable, there is little chance that the thief will be caught, which is why its theft and fraud is becoming increasingly popular.

On the 7th December, hackers were able to steal 4700 Bitcoin (worth £56 million!) from an online exchange. The criminals were able to break into an employee’s computer and steal crucial data that allowed them to make off with the money – early indications suggest that malware installed on the PC provided the necessary access.

In November, another Bitcoin banking service, Tether, was compromised. Hackers managed to steal nearly $31 million worth of Bitcoin belonging to service users from the bank’s virtual account. The bank has not released details of how the attack was carried out, but again it appears that the issue was caused by one of their computers being compromised.

How to protect yourself

Your digital wallet is key to protecting your digital money. If cybercriminals can steal your digital wallet, or trick you into handing over user names, passwords or encryption keys, you could be robbed.

In reality the principles for staying safe when using cryptocurrency are exactly the same as shopping online. Never give a stranger your Bitcoin account details. And always ensure that your computer is properly protected against hacking and malware using a security solution like Panda Gold Protection. Ready to learn more? Check out our Bitcoin archive.

Download your Antivirus

The post Bitcoin: definition, hacks and frauds appeared first on Panda Security Mediacenter.

Read More

HP laptop owners – act now to avoid being hacked

HP owners need to take immediate action after it was discovered “keylogging” software has been installed by default on more than 460 models of laptop. When enabled, this function could allow hackers to monitor and steal sensitive information like user names and passwords.

What is a keylogger?

A keylogger is a small application that runs in the background, monitoring and recording every pressed on your keyboard. The version installed on affected HP laptops has been bundled with the drivers needed to make the Synaptics touchpad work.

Keyloggers are a very popular form of malware, used by criminals to capture logon details from infected computers. They can then use those details to hack into online accounts to steal money or commit other fraudulent activities.

An honest mistake

Keyloggers do have a legitimate purpose too however. In the case of the HP bug, the keylogging function is used by the Synaptics development team to run various tests and ensure that hardware and software is operating correctly as it is being created.

Normally the keylogging functionality is removed before drivers are released to laptop manufacturers, but in this case it was not. So every machine issued with the buggy drivers also has the keylogger installed.

Don’t panic, but act now

Fortunately, the keylogging function is disabled by default – so your laptop is not currently collecting your sensitive personal data. However, should a hacker gain access to your machine, they can probably enable the logging software.

HP has released an updated set of drivers for laptop owners that removes the keylogging component completely. If you have one of the machines, you should download and install these new drivers (called softpaqs) as soon as possible. There is a list of affected models and download links here.

Increasing personal protection

Normally cybercriminals have to be more creative when installing keyloggers, using the same techniques they rely on for distributing malware and Trojans. These efforts can usually be detected and blocked with a good antimalware solution like Panda Gold.

Another useful tip is to avoid using your hardware keyboard whenever entering very sensitive data. Panda Security provide a ‘virtual keyboard’, where you click letters and numbers on the keyboard displayed on your screen, rather than tapping letters on the physical keyboard. Even if your machine does have an undetected keylogger installed, by avoiding the physical keyboard, it cannot capture anything entered on screen.

Keep your machine fully updated at all times

If your laptop has the option to accept and install manufacturer updates automatically, you should enable it immediately. That way, every software patch released by HP will be applied straight away, reducing the window of opportunity for hackers to compromise your machine – and your personal data.

Learn more about the Panda virtual keyboard and how to protect against keylogger malware by downloading a free trial of Panda Gold Protection today.

 

Download Panda Free Antivirus

The post HP laptop owners – act now to avoid being hacked appeared first on Panda Security Mediacenter.

Read More

What will change after Net Neutrality gets repealed on Thursday?

The potential Net Neutrality repeal is a trending topic in the US

The potential Net Neutrality repeal is continuing to be a trending topic here in the US, and more and more people are starting to realize how the FCC decision is going to affect their lives. We recently covered what Net Neutrality is and how you can cast your vote for or against it. While Net Neutrality repeal has been accompanied by predominantly negative media coverage and the topic has sparkled furious conversations amongst hundreds of thousands of people from all over the world, this Thursday the Republican-dominated FCC will repeal Net Neutrality. Rather than pouring gasoline on the fire, we decided to accept the democratic decision and put down a list of things that will most likely change after the repeal.

Small businesses and artists

When Net Neutrality gets repealed, internet providers will lawfully be able to give priority to specific sites over others. What this means for artists is that if Verizon and SoundCloud start disagreeing at some point in the future, you may not be able to access the music website from your devices. Mobile carriers and ISPs will have the power to render websites such as Netflix and SoundCloud useless. If you are a small business owner who relies massively on Facebook advertising, you may have to start looking for a different platform to promote your business as people may not be able to access it freely and its popularity will decrease. Verizon is pushing a video platform called go90, so you may have to move from YouTube to go90. You may have to start using the Aol search engine instead of Google. If you are a website owner, you may have to pay a premium to ISPs if you want them to allow users with normal internet speeds to your website.

Increased bills

While we keep in mind that tech giants such as Facebook and Google may have to end up forking some cash to sweeten their relationships with ISPs, this may have an impact on your pocket as they will have to find a way to justify the new expense. This can come in various forms, you may have to pay additional $5 to your wireless carrier if you want to be able to access Facebook, or Facebook may have to end up charging its users for the service. If Net Neutrality gets repealed on Thursday, your new home internet bill might start looking similar to your Verizon Wireless bill – ISPs will stop being treated as utility bills. This is an equivalent of giving SoCal Edison the ability to charge you more for electricity used by a Samsung fridge vs. a fridge manufactured by Whirlpool.

User experience

After the Net Neutrality repeal, loading an Amazon page may not be as easy as it is right now. Your connection will depend on the relationship between the two companies. The internet provider of your choice will have the power to slow down your connection to sites that are on their naughty list. You may be taking for granted the fast speeds that you have now – soon it may take you minutes to load your favorite online magazine. ISPs will not breach your first amendment; they will simply make you wait more unless you, or the website, pay them.

Monopoly

One of the perks of living in the free world is the fact that if a company decides to abuse their power over its clients, these clients are free to leave and look for a better solution. If you are lucky enough to live in densely populated areas, you most likely have access to a few ISPs so you can pick and choose. If you live in a place where there are just one or two broadband providers, then you most likely should not be happy to see the Net Neutrality repealed as you will not have other options but to pay what you are being asked. And we all know that nowadays, the internet is not a luxury but a necessity.

Twilight of modern Internet

Currently, there are many websites expressing their protest against the so-called ‘twilight of the modern internet’ and want ISPs to continue being treated as utility companies. Others are glorying the decision to repeal Net Neutrality as this will “restore the internet freedom” for Internet providers and telecom companies. Whatever their decision is, we all will have to respect it – tech companies such as Google, Amazon, and Facebook have been tracking your online steps and internet habits for years, now a few more big names such as Verizon Wireless and Comcast will simply join the crowd and get their piece of the pie.

The post What will change after Net Neutrality gets repealed on Thursday? appeared first on Panda Security Mediacenter.

Read More

What is a botnet?

Botnets have become one of the biggest threats to security systems today. Their growing popularity among cybercriminals comes from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.

Botnets are also becoming a larger part of cultural discussions around cyber security. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.

The use of botnets to mine cryptocurrencies like Bitcoin is a growing business for cyber criminals. It’s predicted the trend will continue, resulting in more computers infected with mining software and more digital wallets stolen.

Aside from being tools for influencing elections and mining cryptocurrencies, botnets are also dangerous to corporations and consumers because they’re used to deploy malware, initiate attacks on websites, steal personal information, and defraud advertisers.

It’s clear botnets are bad, but what are they exactly? And how can you protect your personal information and devices? Step one is understanding how bots work. Step two is taking preventative actions.

How Do Botnets Work?

To better understand how botnets function, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cyber crime. The cyber criminals controlling them are called botmasters or bot herders.

Size Matters

To build a botnet, botmasters need as many infected online devices or “bots” under their command as possible. The more bots connected, the bigger the botnet. The bigger the botnet, the bigger the impact. So size matters. The criminal’s ultimate goal is often financial gain, malware propagation, or just general disruption of the internet.

Imagine the following: You’ve enlisted ten of your friends to call the Department of Motor Vehicles at the same time on the same day. Aside from the deafening sounds of ringing phones and the scurrying of State employees, not much else would happen. Now, imagine you wrangled 100 of your friends, to do the same thing. The simultaneous influx of such a large number of signals, pings, and requests would overload the DMV’s phone system, likely shutting it down completely.

Cybercriminals use botnets to create a similar disruption on the internet. They command their infected bot army to overload a website to the point that it stops functioning and/or access is denied. Such an attack is called a denial of service or DDoS.

Botnet Infections

Botnets aren’t typically created to compromise just one individual computer; they’re designed to infect millions of devices. Bot herders often deploy botnets onto computers through a trojan horse virus. The strategy typically requires users to infect their own systems by opening email attachments, clicking on malicious pop up ads, or downloading dangerous software from a website. After infecting devices, botnets are then free to access and modify personal information, attack other computers, and commit other crimes.

More complex botnets can even self-propagate, finding and infecting devices automatically. Such autonomous bots carry out seek-and-infect missions, constantly searching the web for vulnerable internet-connected devices lacking operating system updates or antivirus software.

Botnets are difficult to detect. They use only small amounts of computing power to avoid disrupting normal device functions and alerting the user. More advanced botnets are even designed to update their behavior so as to thwart detection by cybersecurity software. Users are unaware they’re connected device is being controlled by cyber criminals. What’s worse, botnet design continues to evolve, making newer versions harder to find.

Botnets take time to grow. Many will lay dormant within devices waiting for the botmaster to call them to action for a DDoS attack or for spam dissemination.

Vulnerable Devices

Botnets can infect almost any device connected directly or wirelessly to the internet. PCs, laptops, mobile devices, DVR’s, smartwatches, security cameras, and smart kitchen appliances can all fall within the web of a botnet.

Although it seems absurd to think of a refrigerator or coffee maker becoming the unwitting participant in a cyber crime, it happens more often than most people realize. Often appliance manufacturers use unsecure passwords to guard entry into their devices, making them easy for autonomous bots scouring the internet to find and exploit.

As the never-ending growth of the Internet of Things brings more devices online, cyber criminals have greater opportunities to grow their botnets, and with it, the level of impact.

In 2016, a large DDoS attack hit the internet infrastructure company Dyn. The attack used a botnet comprised of security cameras and DVRs. The DDoS disrupted internet service for large sections of the country, creating problems for many popular websites like Twitter and Amazon.

Botnet Attacks

Aside from DDoS attacks, botmasters also employ botnets for other malicious purposes.

Ad Fraud

Cybercriminals can use the combined processing power of botnets to run fraudulent schemes. For example, botmasters build ad fraud schemes by commanding thousands of infected devices to visit fraudulent websites and “click” on ads placed there. For every click, the hacker then gets a percentage of the advertising fees.

Selling and Renting Botnets

Botnets can even be sold or rented on the internet. After infecting and wrangling thousands of devices, botmasters look for other cybercriminals interested in using them to propagate malware. Botnet buyers then carry out cyber attacks, spread ransomware, or steal personal information.

Laws surrounding botnets and cybercrime continue to evolve. As botnets become bigger threats to internet infrastructure, communications systems, and electrical grids, users will be required to ensure their devices are adequately protected from infection. It’s likely cyber laws will begin to hold users more responsible for crimes committed by their own devices.

Botnet Structures

Botnet structures usually take one of two forms, and each structure is designed to give the botmaster as much control as possible.

Client-server model

The client-server botnet structure is set up like a basic network with one main server controlling the transmission of information from each client. The botmaster uses special software to establish command and control (C&C) servers to relay instructions to each client device.

While the client-server model works well for taking and maintaining control over the botnet, it has several downsides: it’s relatively easy for law enforcement official to location of the C&C server, and it has only one control point. Destroy the server, and the botnet is dead.

Peer-to-peer

Rather than relying on one centralized C&C server, newer botnets have evolved to use the more interconnected peer-to-peer (P2P) structure. In a P2P botnet, each infected device functions as a client and a server. Individual bots have a list of other infected devices and will seek them out to update and to transmit information between them.

P2P botnet structures make it harder for law enforcement to locate any centralized source. The lack of a single C&C server also makes P2P botnets harder to disrupt. Like the mythological Hydra, cutting off the head won’t kill the beast. It has many others to keep it alive.

Botnet Prevention

It should be clear by now that preventing botnet infection requires a comprehensive strategy; one that includes good surfing habits and antivirus protection. Now that you’ve armed yourself with the knowledge of how botnets work, here are some ways to keep botnets at bay.

Update your operating system

One of the tips always topping the list of malware preventative measures is keeping your OS updated. Software developers actively combat malware; they know early on when threats arise. Set your OS to update automatically and make sure you’re running the latest version.

Avoid email attachments from suspicious or unknown sources

Email attachments are a favorite source of infection for many types of viruses. Don’t open an attachment from an unknown source. Even scrutinize emails sent from friends and family. Bots regularly use contact lists to compose and send spam and infected emails. That email from your mother may actually be a botnet in disguise.

Avoid downloads from P2P and file sharing networks

Botnets use P2P networks and file sharing services to infect computers. Scan any downloads before executing the files or find safer alternatives for transferring files.

Don’t click on suspicious links

Links to malicious websites are common infection points, so avoid clicking them without a thorough examination. Hover your cursor over the hypertext and check to see where the URL actually goes. Malicious links like to live in message boards, YouTube comments, pop up ads, and the like.

Get Antivirus Software

Getting antivirus software is the best way to avoid and eliminate botnets. Look for antivirus protection that’s designed to cover all of your devices, not just your computer. Remember, botnets sneak into all types of devices, so look software that’s comprehensive in scope.

With the Internet of Things increasing, so too does the potential for botnet size and power. Laws will eventually change to hold users more responsible for the actions of their devices. Taking preventative action now will protect your identity, data, and devices.

The post What is a botnet? appeared first on Panda Security Mediacenter.

Read More

New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities

Controversies around “fake news” sites aren’t just nightly news fodder or political footballs. As it turns out, they’re new additions to the list of parental fears, sitting alongside computer viruses, social media, and online sexual predators.

Parents today aren’t just worried about their kids watching internet porn. Many are concerned their child will read a Breitbart article or watch a video on CNN.

Panda Security’s exclusive analysis of U.S. parents reveals what they fear the most when it comes to websites, online activities, and apps.

  • More than twice as many parents consider right-wing website Breitbart unsafe for children than CNN.
  • 20 percent of parents think CNN is not safe for their kids.
  • 47.9 percent of parents think Breitbart is unsafe for children.
  • 75.9 percent of parents think anonymous sharing is a danger to kids.
  • More parents block Facebook (5.9 percent), YouTube (5.8 percent), Netflix (4.3 percent), than they do Pornhub (2.5 percent).
  • 54.2 percent of parents are most concerned about sexual predators online.
  • 37.1 percent of parents concerned about sexual predators haven’t spoken to their kids about it.

We surveyed 1,000 U.S. parents to determine the websites, apps, and activities that most concern them when it comes to their children.

Parents Are Worried About Some Of The Web’s Most Popular Sites


Of our total sample of respondents, 90.1 percent ranked Pornhub as “Very Unsafe” or “Somewhat Unsafe”. Our analysis also shows some major social media sites as a source of concern for many parents. 47.0 percent of parents view Facebook as unsafe, while Reddit received the same rating from 46.1 percent of respondents.

Video streaming websites like YouTube and Netflix also ranked as concerning to parents. 36.7 percent of parents said YouTube was a safety concern while 15.5 percent also felt the same about Netflix.

Parents also considered news sites like CNN and Breitbart as a threat to their children. 20.5 percent felt concerned about CNN while 47.9 percent reported Breitbart News as somewhat or very unsafe.

For parents who felt “Very Safe” or “Somewhat Safe” towards specific websites, Amazon ranked first with 71.4 percent. More parents said they felt Netflix (69.9 percent) was safer than Wikipedia (65.5 percent).

More Parents Blocked YouTube than Pornhub

Our analysis showed there was a disconnect between parental concern and parental action. We found more parents reported blocking video websites like YouTube (5.8 percent) and Netflix (4.3 percent) than they did porn sites like Pornhub (2.5 percent).

One reason why parents may be blocking sites like YouTube and Netflix more than Pornhub is that parents may consider excessive screen time more concerning and more likely than specific content like pornography. Parents may feel the chances of their children finding/watching adult content too remote for concern, especially if the children are very young.

However, a University of New Hampshire survey of 1,500 internet-using youth between the ages 10 and 17 showed 42 percent of them had been exposed to online pornography in the past year. Of those, 66 percent reported unwanted exposure.

Parents Overwhelmingly Think Anonymous Online Sharing Is Unsafe for Kids


Of the seven online activities we listed, “anonymous sharing” was the online activity most concerning to parents. 75.9 percent reported feeling “somewhat unsafe” or “very unsafe” when it came to their kids and anonymous sharing.

The data suggests app developers need to include better parental controls for monitoring or stopping anonymous sharing activities of children.

Anonymity could factor into the perceived safety of social media sites. While there’s a good amount of safety concern among parents for a social website like Facebook (47 percent), it’s even more for 4chan (58.4 percent)—a site where anonymity is more prevalent.

Social networking was the second most unsafe online activity with 57.2 percent followed by “video sharing/watching” at 56.6 percent. A larger percentage of parents reported feeling concerned about video sharing than reported being concerned about the video sharing website YouTube.

Parents Are Worried About How Their Kids Get News


Our analysis shows 47.9 percent of the total pool of respondents who had heard of the right-wing website Breitbart rated it “somewhat unsafe” or “very unsafe”. That’s compared to 20.5 percent that responded the same to the more centrist Cable News Network. 8.1 percent said they considered both websites a safety concern when it came to their children.

Wikipedia also ranked as somewhat or very unsafe to 12.2 percent of parents. “Fake news” controversies and growing concerns about biased information are threatening the legitimacy of some online information sources like Wikipedia.

Parents Are Very Concerned About Sexual Predators


Of the six options presented, 52.4 percent of parents chose “sexual predation online” as their top online concern for their children. 14.3 percent chose “Maintaining online privacy” followed by “online bullying” at 11.8 percent.

More Than a Third of Parents Don’t Talk To Their Kids About Online Sexual Predation


While 52 percent of parents reported sexual predation as their primary concern, 37 percent of those said they hadn’t spoken to their children about the topic in the past year. Among parents who reported online bullying as their primary concern, a similar percentage hadn’t spoken to their children about the topic, at 33 percent.

For less emotionally and physically dangerous concerns like “Computer Viruses” and “Hidden Fees in Online Apps”, the percentage of all parents who expressed concern, but hadn’t spoken with their children, was even higher (54 percent and 43 percent, respectively).

Among parents most concerned about maintaining online privacy, 44 percent of parents overall hadn’t discussed the topic. The numbers suggest the threat of online privacy and identity theft is being perceived as a similar to hidden app fees.

Cyberbullying Is Being Underrated By Parents As A Concern


Our analysis shows parents biggest fears aren’t reflective of actual prevalence rates. Of the total group, 54.2 percent of parents said sexual predation online was their biggest concern while 11.8 percent said the same for online bullying. Sexual predation is defined as any person using the internet for the express purpose of targeting a minor to perform non-consensual sex acts.

Compared to sexual predation, cyberbullying occurs much more frequently for children. The prevalence rate for sexual predation online is only 13.0 percent. In contrast, a 2016 study commissioned by the Cyberbullying Research Center found 33.8 percent of U.S. high school students between the ages of 12 and 17 said they had experienced cyberbullying. Examples of cyberbullying can include sending threatening or hurtful texts, posting embarrassing photos or video, and/or spreading rumors.

Methodology

Panda Security conducted an online survey of 1,000 U.S. parents.
Our survey was designed to gather from parents four different types of data:

  • Demographic
  • Level of concern for specific websites, online activities, and apps
  • Actions they’ve taken to address their concerns.
  • Their knowledge level of their child’s online activities, friends, and passwords.

We wanted to discover what parents were the most concerned about and what they were doing to address those concerns, either directly (e.g. blocking content) or indirectly (e.g. discussing issues with their children).

Our approach to analyzing the data was to determine if there was a correlation between the level of concern and amount of reported activity.

The post New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities appeared first on Panda Security Mediacenter.

Read More

Computer Security Day 2017: The Current State of Cybersecurity

Thursday 30th November marks the 29th Computer Security Day – an unofficial “holiday” used to raise awareness of cybersecurity issues that affect us all. At the most basic level, people across the world are encouraged to take the opportunity to create new strong passwords.

The annual Computer Security Day is also a useful chance to assess wider cybersecurity implications, and how well industry and individuals are protecting themselves.

So, what is the current state of IT security?

Security is more complex than ever

Every day new devices are added to home networks, most of which also connect to the Internet. From smart heating thermostats to remote controlled blinds and games consoles, technology is becoming part of the very fabric of our homes. And if smart speakers like Amazon’s Alexa and Apple’s HomePod sell as well as expected this Christmas, the home network is going to become busier (and more complicated) than ever.

The only drawback to all these devices is that they increase the number of potential attack points for cybercriminals. In the past, hackers would only have the option of breaking into your home PC. But with so many network connected devices to choose from, hacking in has actually become easier.

Security is not being prioritised by manufacturers

In the rush to sell their products as quickly as possible, some manufacturers are cutting corners. The software powering these devices often contains bugs and security holes that can be used by hackers to gain access. Once connected to the device, they can then attack other more important devices, like your laptop or PC.

Where there are decent security provisions on the device, owners are making basic mistakes that place their network at risk. As always, poor passwords are the biggest problem, making the hacker’s job even easier. If you have network connected devices at home, use this Computer Security Day to update all of those passwords too.

We are getting better at cybersecurity

Networks may be more complex than ever, but our security options are also improving. Most home routers used to connect to the Internet now include firewall functions to keep hackers out for instance. And the tools used to detect and remove malware are also improving daily.

In fact, anti-malware is the last line of defence when it comes to protecting your personal data. If hackers do manage to break through defences and compromise network-connected devices like webcams and smart speakers, anti-malware will stop them accessing your computers where the really valuable personal information is held.

If you do nothing else this Computer Security Day, please take a few minutes to download and install a free copy of Panda Antivirus for your PC. You should also take the opportunity to protect your smartphone too – download a free copy of Panda Mobile Security today.

The post Computer Security Day 2017: The Current State of Cybersecurity appeared first on Panda Security Mediacenter.

Read More

Worms vs. Viruses: What’s the difference?

Worms, viruses, bots, oh my! Such names sound less like monikers for malicious software than characters in a sci-fi novel. Despite their fictional-sounding names, the monetary damage these types of malware can cause to computers and data is very real. Studies put the global cost of ransomware attacks for 2017 between 1 and 3 billion dollars.

Most types of malicious software (aka malware) work differently, but all have the same function: to install unwanted software on your computer or network for malicious purposes ranging from simple annoyance to corporate espionage.

Two of the most common forms of malware are worms and viruses. Knowing how they work can limit the damage of a malware attack sooner and help avoid infection altogether.

Spreading the Word Doc

Worms and viruses differ in two main ways: how they spread or “replicate” and their level of autonomy. To function, viruses need a host file (e.g., a Word document) or a host program (e.g., that free PDF splitter you downloaded). To replicate, viruses need humans to send them through emails, messages, attachments, etc. They can’t do this on their own.

Worms are viruses that can replicate themselves, emailing themselves to other computers and networks without help from pesky humans. A worm’s autonomy tends to make it more aggressive or contagious, while a virus may lay dormant for years waiting for a user to open an infected file. To use a cinematic analogy, worms are more like predators, viruses are more like aliens.

How viruses replicate

Computer viruses are transmitted like biological ones. For example, the common cold spreads through person-to-person contact. We pass our cold germs to other people through coughs and sneezes. Unsuspecting victims breath in our virus spray and presto! We’ve just replicated the virus to them. The point: It takes a human action (i.e., coughing and sneezing) to replicate a virus.

We replicate computer viruses by sending (sneezing) infected attachments through emails, instant messages, etc., to other users. Like us, they unknowingly download and open the attached file. Most recipients will open these attachments because they trust us. Replication of the virus took a human action and a little gullibility.

Social engineering

Social engineering is a way of tricking people into spreading malware to others. Hackers use our own assumptions and confirmation bias to fool us.

For example, when we visit our bank’s website, we usually first look for the most recognizable features: company name, logo and the familiar layout of the page. All of these features tip us off that we’re in the right place. Instead of applying a more critical eye, we quickly compare what we see to what we expect. When those basic expectations are confirmed, we click ahead.

Everyday, hackers create malicious copies of legitimate websites and emails to steal our private credentials. These digital fakes don’t need to be perfect copies either, just close enough to match our expectations. That’s why it’s best to avoid clicking email links to common websites and instead use a browser bookmark so you always know you’re in the right place.

Even a worm will turn

Worms are actually a subclass of virus, so they share characteristics. They also are passed through files like attachments or website links, but have the ability to self-replicate. Worms can clone and transmit themselves to thousands of other computers without any help from humans. Consequently, worms tend to spread exponentially faster than viruses.

Worms have this viral superpower in part because they don’t rely on a host file like a virus. While viruses use these files and programs to run, worms only need them as disguises to sneakily wiggle into your computer. After that, the worm runs the show. No more host files or social engineering required.

How to protect yourself

Even though worms and viruses are different, you take similar precautions to avoid them.

Avoid opening unfamiliar messages and attachments

Social engineering is powerful and preys on our assumptions and familiarity, but you can fight it by paying more attention to your online interactions. Inspect emails closely. Phishing emails usually have telltale signs they’re scams. Most importantly, never open an email attachment from an unknown source. If you can’t confirm the source, delete the attachment. One moment of satisfying your curiosity isn’t worth the risk.

Avoid non-secure web pages

Non-secure websites don’t encrypt how they talk to your browser like secure ones do. It’s easy to identify websites that are non-secure. They start with HTTP in their URL address. Try to visit only secure sites that start with HTTPS. The ‘s’ stands for ‘secure’. Browser plugins like HTTPS Everywhere can make searching only HTTPS sites easier.

Update your operating systems

Hackers love to find security holes in operating systems like Windows. It’s a game of cat and mouse played with software engineers who constantly test, identify and patch ways of infiltrating their own software. The result of their efforts is the security update. Updating your OS applies those patches as soon as they’re released, increasing your protection level. Set your system to auto-update.

Be picky about your programs

Like operating systems, individual apps on your devices also need updating – and for the same reason. Aside from updating them, you should also decide whether you even need them at all. Remember, viruses need host files and programs for execution and disguise. Decide whether you actually need the app, or if you already have it, how often you use it. The more apps you have, the more updates. The more updates, the more opportunities for a security breach or infection.

A couple of programs you will want to give special attention to are Adobe Flash and Acrobat Reader. Both are popular targets for cyber criminals. If you don’t use them, uninstall them.

Get antivirus protection

The easiest and most effective action you can take to protect yourself from worms and viruses is to get a total antivirus protection plan. Antivirus software can’t be manipulated by social engineering tricks. It never assumes anything. It scans every file you open and every program you run for viruses and worms. Good ones do this in real time.

Every worm and virus discovered gets assigned a ‘signature’, a unique indicator that says “this is a virus!” Antivirus software keeps a list of those signatures and compares them to all of the data coming through your system.

You now understand the differences between worms and viruses, how they spread and where they hide. Be more critical the next time you open an unfamiliar email or visit a familiar website. Following these tips and getting antivirus software is the best way to avoid malware.

Antivirus protection against ransomware

The post Worms vs. Viruses: What’s the difference? appeared first on Panda Security Mediacenter.

Read More

Did Your Childhood Monsters Dwelling Under the Bed Grow to Be Real?

Remember when you were a youngster, and lived in nightly fear of the monsters dwelling under your bed, or those hiding in the closet? That made it an act of foolishness to swing your legs over the side of the bed and expose munch-able ankles to the demons. Even worse would be to risk opening the closet door at night, to provide a portal for their crossover into the human world.
The only way to safely make it through the night was to stay motionless in bed, fully covered by your charmed-against-monsters favorite blanket, and await the safety of morning sunlight.

Krack

The demons of the night have probably long since retreated from your bedroom – but for adult internet users, they have re-emerged from the shadows, in the form of hackers and cyber attackers, still lurking, still waiting for their opportunity. And sadly, this time they are real – lately, the internet has been buzzing with the recently discovered WPA2 vulnerabilities known as KRACK.

Everyone who listens to the news occasionally, or checks their morning news feed before heading off to work, should be aware of some of the spectacular network breaches against major corporations. In fact, one or more of those violations may even have affected you personally, since several of them have resulted in massive amounts of sensitive personal information being hijacked by criminals. But such headline-grabbing attacks are far from the only depredations being carried out these days on the Internet, nor are the big corporations the only targets.

Small businesses the target of cybercriminals

Cybercriminals are starting to realize that attacks against lots of small businesses can be just as lucrative as a single attack against a major player. Ransomware attacks and other forms of malware breaches can yield significant profits when carried out in volume against small businesses, and now hackers have upped the ante to include attacks against individuals, in the form of breaching devices which are tied to the Internet of Things (IoT). It was recently demonstrated that even using an ordinary Wi-Fi connection can expose you to attack by a smart attacker, in physical proximity.

Wi-Fi Protected Access 2 (WPA2)

Wi-Fi Protected Access 2 (WPA2) is the second, and theoretically stronger, incarnation of security protocols for wireless networks, but it was recently shown to have a vulnerability which allows attackers to modify how the protocol works so that that network traffic can be intercepted. Depending on how a specific network is configured, it would have even been possible for malware to be inserted, without the attacker ever owning or disturbing standard password security, thus evading detection.

This capability makes wireless devices, including all those connected to the IoT, vulnerable to Key Reinstallation Attacks (KRACK), which compromise the encryption component of the WPA2 protocol. Without getting into the technical weaknesses which make this possible, you should know that such attacks are likely whenever a cybercriminal is physically positioned close enough to a device on a Wi-Fi network so that the signal can be intercepted and manipulated. What all this means for devices connected to the IoT, is that they would need to have software or firmware updates which close up the vulnerability to KRACK attacks. The affected manufacturers have begun issuing patches to address the problem but remember that you don’t have to only rely on patches – there are other ways to protect yourself.

Are More IoT devices Driving More Cyber Attacks?

The short answer to this is – yes. Cybercriminals are notoriously opportunistic, and the potential ubiquity of IoT devices provides merely endless possibilities for security breaches. Just “listening in” on such network traffic can provide useful, sensitive information about accounts and other data that can be converted into profits.

The monsters under your bed have grown up with you, and they have now moved into the shadows of cyberspace, waiting to nip at your ankles or to have you barge brazenly into their closet stronghold. And unfortunately, this time they are real – make sure you have a chance to fight them off by arming yourself with a protective blanket.

The post Did Your Childhood Monsters Dwelling Under the Bed Grow to Be Real? appeared first on Panda Security Mediacenter.

Read More

Uber cover-up places 57 million people at risk of identity fraud

Ride hailing firm Uber has revealed a major hack last year exposed the personal data of 57 million users. Even worse is the news that Uber’s security chief paid the hackers $100,000 to cover up the incident in the hope of preventing the breach from going public.

The incident was announced by Uber CEO Dara Khosrowshahi who claimed that he had only recently learned about it himself. Two senior managers in charge of IT security where fired shortly afterwards.

A very serious breach

According to the report, two hackers were able to download names, email addresses and mobile phone numbers of 57 million Uber users around the world and the names and driver’s license numbers of 600,000 U.S. drivers. Although credit card numbers and passwords were not included, the stolen details would be enough for cybercriminals to start an identity fraud operation.

Instead of reporting the breach to authorities and services users – as required by US law – Uber decided to pay the hackers to keep quiet. The two individuals involved in the attack were paid $100,000 in return for supplying proof that they had deleted the stolen data.

An ongoing problem

Uber already has a reputation for breaking rules, and for tracking users even after they have closed the app. The sheer volume of valuable personal data held by Uber makes it a very attractive target for hackers, but the company’s attempts to hide their activities increases customer distrust.

Although a data breach is embarrassing and expensive, attempting to cover it up is even more damaging – people simply do not trust the service to handle their personal data safely.

Protecting yourself now

Although Uber claim that login details were not compromised, you should still change your password just in case. Make sure that you create a strong password to further improve security.

And don’t forget, hackers will also try and steal data direct from your mobile phone, not just Uber’s data centre. Protect your smartphone with the free Mobile Security app, blocking the malware that steals passwords, credit card details and other sensitive personal information.

Data Theft Incidents on the Rise

As we informed on a previous post, in the first half of 2017, more data was stolen than in all of 2016.  The 918 security breaches registered by Gemalto’s Breach Level Index led to the theft of almost 2 billion records, which is 164% more than the figures for the whole of last year. For companies to avoid being in that position, the first step is to be aware of the importance of implementing effective security measures and policies.

Download Panda Mobile Security

The post Uber cover-up places 57 million people at risk of identity fraud appeared first on Panda Security Mediacenter.

Read More

Is Roblox Safe for Your Kid?

The internet continues to create conflicts for parents who want to give their children the benefits it provides without exposing them to the dangers it harbors. Online videos games are part of that struggle. Staying up-to-date on safety issues helps parents better negotiate the benefits and costs of online gaming.

Parents want to provide their children with the tools for expanding their imaginations. Once it was the humble Lincoln Log set. Now it’s user-generated, multi-platform, immersive online gaming systems. With games like Roblox, kids now have the power to build any world they can imagine and socialize with other players from around the world.

Roblox touts 64 million active players every month, who log on to “create adventures, play games, roleplay, and learn with friends.”

Children put in hundreds of hours playing games like Roblox, and they’re emotionally connected to their accounts — to a level many adults may not consider. When a child’s account is stolen, they’ve lost more than just their username and password; they’ve given up the worlds they’ve built, the items they collected, the avatars they’ve customized, the friends they’ve made and any future plans for the game. It can be devastating.

Given the power and creativity Roblox provides children, the company takes a proactive stance to protect their players from inappropriate content, online hackers, cyber thieves and other internet dangers. Roblox provides resources like in-game moderators, parental guides and content controls to help parents. However, it’s impossible to monitor the activity of so many players.

Hackers can steal player accounts or infect computers with malware, but knowing the common safety issues will help you keep your devices safe and your child’s imagination on track.

Can you get a virus from Roblox?

It’s impossible to get a virus playing within the Roblox platform because the game doesn’t “permit, or have the functionality, to upload, retrieve, or otherwise disseminate harmful executables or malware via its platform,” says Brian Jaquet, the company’s Senior Public Relations Director.

However, while hackers can’t introduce a virus within the Roblox game, they can find ways to get kids to leave the platform where infection or account theft is possible.

Phishing attacks

Pop-up ads or chat links offering free Robox or custom items can lure children to fake phishing websites designed to infect your computer or steal your child’s Roblox account. It’s similar to how phishing attacks work on YouTube. Roblox hackers entice users away from the game with promises of free gifts or Robux, the platform’s in-game currency, if they click a link within a chat message or pop-up ad.

Malware

While on a malicious website, hackers trick users into downloading an executable program having an .exe extension. Once opened, the program infects the computer with malware designed to steal data, which can include your banking formation and passwords.

Stolen Passwords

Phishing attacks can also steal Roblox accounts while on fake websites. Players are prompted to login with their Roblox username and password with promises of free Robux. Their information is then saved and can be used to steal their password. The image below is from a phishing website.


The Roblox community rules clearly state players are forbidden to “sell, trade or give away Robux, digital goods or game codes except through official channels on the Roblox platform.” Players can buy and sell game items, but only as Builders Club members. Sharing outside programs on the Roblox site is not allowed, but it does happen.

Scams

Hackers can also steal from players while on the Roblox platform. These scams commonly use pop-up ads promising free items, but instead of a new weapon or t-shirt, players get their Robux stolen or accounts hijacked.

Fake maintenance

The so-called “Fake Maintenance Scam” is a phony graphic user interface (GUI) that tells users the site is “undergoing maintenance”. The scam is effective because it tricks players into giving away their login information. Younger or newer players, upset at their game’s interruption, are more likely to sign back in without questioning the GUI’s authenticity.


Here are some maintenance guidelines to help children identify when Roblox is actually undergoing maintenance:

  • An orange banner (see above) will appear on the Roblox website warning you before maintenance begins.
  • When the banner changes to red, you won’t be able to play Roblox until maintenance is finished.
  • Maintenance usually occurs when you’re asleep or at school.
  • Roblox will never ask for your username and password anywhere except the home page.

Botnets

Scammers can use “bots” to make money from Roblox players. Bots are automated programs that perform a specific set of tasks. On Roblox, the most common bot task is to create a fake account and message players, asking them to visit a website to get free Robux.

Hackers released thousands of bots or a “botnet” during the 2017 Group Wall Scam. The botnet was sending thousands of players to a monetized YouTube video to increase its number of views.

How to prevent attacks

Here are some ways to keep your little Roblox players and their devices safe.

Enable two-step verification

Two-step verification adds an extra layer of security to your child’s account by requiring an extra step to prove your identity. Any time your child signs in on a new device, Roblox will require you to enter a six-digit security code. For your child’s account, use a secure email address only you can access. Anyone trying to change the account’s password will need that security code.

Create a strong password

Even without phishing scams and fake GUIs, hackers have ways of guessing your child’s passwords using software. Teach your child that they should never write down their password or share it with anyone except you. Follow password creation guidelines to help them build a strong password that’s easy to remember.

Sign out when on shared devices

If your child plays Roblox on multiple devices, like a friend’s or a school’s computer, remind them sign out of their account when they’re done. It’s easy for others to access accounts when they’re simply left open in a browser.

Check the link before you click

You never want your child going to another website from the Roblox platform. If they do, they’re probably somewhere they shouldn’t be. Help them understand that URLs are an address for websites, like the one where they live. Just like they need to make sure they’re getting off the bus at the right stop, they need to check to make sure they’re on the right web address. For the Roblox website, they can look for the roblox.com address in the browser’s address bar. For example: https://en.help.roblox.com.

Set messaging and chat to “Friends”

Control who can communicate with your child through the account’s privacy settings. In the “Privacy” settings tab, users can control who can chat, message, invite and join them in the game. Restrict contact to “Friends” to keep your kid’s interactions safer. They’ll be less likely to encounter a malware link. However, you will still need to manage who their “Friends” are to keep the group safe.

If your child is part of the Builders Club, they can set their group to “Private” to keep out scammers.

Report Abuse and Scammers

Roblox employs moderators to monitor content, blocking inappropriate ads and warning players of scams. But with the game’s large number of users, player interactions, trading systems and user-generated content, it’s challenging to monitor everything.


Encourage your children to report any inappropriate behavior or scams. Roblox makes it easy for them to report others for a variety of abuses, from cyberbullying to posting offsite links. Tell them to find a grown up — either you or a moderator — if they have a bad feeling.

Free lunches

Use Roblox to teach your kids that there’s no such thing as a free lunch. If something sounds too good to be true, it probably is. If someone is offering free Robux or customized avatar t-shirt they’ve been wanting for weeks, it’s 99.9 percent likely to be a scam. The official Roblox trading system has specific rules to follow for exchanging items.

Download a good antivirus software

Antivirus software will protect your devices from getting infected by viruses or eliminating them if you do. There’s no substitute for vigilance, but downloading an antivirus software can eliminate the stress and worry that comes with the combination of children, the internet and digital devices.

As a parent, the last thing you want is to have your child’s social and creative Roblox experience end up as a bad memory. There’s more at stake than just a video game. Friends, digital worlds and hours of play can be stolen alongside usernames and passwords. Taking a little time to educate your kids about the real world can go a long way in keeping their digital one safe.

The post Is Roblox Safe for Your Kid? appeared first on Panda Security Mediacenter.

Read More