Monthly Archives: December 2015

Panda Security

Beware of the hackers hiding behind fake LinkedIn profiles

linkedin

There has been news lately highlighting a trend in hackers using LinkedIn, the popular social media platform for professionals looking to connect with like-minded individuals, to dupe unwitting victims. This includes the creation of fake profiles with the aim of stealing personal information. The fake profiles pose as recruiters and quickly begin to add contacts in the field of their chosen victim. Once they have what appears to be a reputable profile, they then add their victim as a contact having gained their trust as they usually have lots of common contacts in the related sector.

The text that is used for the fake profiles is usually copy and pasted directly from other sources, usually genuine profiles. The accompanying profile photo, which is generally of a woman, is also taken from other professional profiles or, in some cases, a stock photo. It is also revealed that they use keywords such as “reservoir engineer”, “exploration manager” and “cargo securement training” which are likely to help them to attract visibility through the site’s built-in search engine. The majority of the terms relate to the logistics, information security and oil and gas industries.

Boasting over 400 million users worldwide, LinkedIn is seen as a way for professionals to create circles of similar workers in their sector with the aim of using the platform as a form of self-promotion, doing away with the traditional methods of job hunting. It has also become a valuable tool for businesses, who are able to head hunt top talent as well as posting content relating to their company.

In response to the fears of its many users, LinkedIn said: “We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered. We have a number of measures in place to confirm authenticity of profiles and remove those that are fake. We encourage members to utilize our Help Center to report inaccurate profiles and specific profile content to LinkedIn.”

Some advice for users who may be concerned that they are at risk include doing a reverse image search by dragging and dropping the profile picture into Google Images and seeing what it brings up. You can also copy and paste the job information in Google to reveal whether it has been taken from somewhere else.

Seeing as this isn’t the first time that there have been concerns over fake profiles and spamming on LinkedIn, it might be worth your while to do a quick bit of research before you accept a new contact. As always, it pays to be careful with information that you share online as it can save you many potential problems in the future.

The post Beware of the hackers hiding behind fake LinkedIn profiles appeared first on MediaCenter Panda Security.

AVG

Making the case for channel-delivered cybersecurity

For our AVG partners and distributors these findings may not come as a surprise, but it presents another opportunity for the channel to help fill these security gaps with value-added solutions, best practices and excellent customer service.

According to the topline results of the survey, 36% of global organizations lack confidence in their ability to detect sophisticated cyber attacks. Linked to this, 36% don’t have a threat intelligence program, and 18% don’t have identity and access management programs – little wonder then that 69% thought that their IT security budgets should be increased by half.

Protection from cyber attack should be a priority for all businesses and as the EY data has shown, many organizations could benefit from the guidance of the channel. AVG partners, including A+ Computers and Services, DB Computer Solutions, MCC Computers Ltd., SortMyPC and many more, are already addressing the gaps using AVG Business products.

Channelnomics editor Jessica Meek also highlighted findings from the EY survey in her recent article, again, emphasizing the opportunity for the channel to help IT professionals prioritize security, provide solutions and services, and also act as trusted advisors on industry developments.

A few key stats to note:

  • 88% of respondents did not believe their information security infrastructure fully meets their organization’s needs
  • 57% said that the information security function suffers from a lack of available talent
  • 47% said they don’t have a security operation center
  • 54% said they lacked a dedicated function to focus on the impact of emerging technologies

AVG Business products like AVG Managed Workplace and AVG CloudCare are great examples of how our partners are using end-to-end solutions to help resolve security issues, staffing and infrastructure challenge for their clients.

AVG CloudCare offers a modern approach to security with streamlined access to advanced features through one centralized pane of glass. Ease of deployment, through one click installation and activation, helps our partners become more agile. The product can be used for managing services, proactive monitoring, content filtering, cloud backup, daily reporting, providing secure sign-on and more, essentially helping our partners act as outsourced IT departments for their clients.

AVG Managed Workplace also offers powerful automation to help partners proactively manage and monitor clients’ networks.  Deployment and update of security tools are easily handled by automation helping to ensure a strong security posture at all times. With premium remote control integrated at no additional cost to the remote monitoring and management platform, partners gain cost savings as well as reporting tools to streamline billing and prove client ROI.

These flexible and powerful AVG solutions empower businesses to address security issues and run more effectively and efficiently. That’s powerful reassurance to give your clients.

Avast

6 ways to protect your credit cards this holiday shopping season

Protect your credit cards from theft and fraud with these simple tips.

At this time of the year, your credit cards see a lot of action – online and at the stores. Credit card fraud takes place every day, but in the holiday shopping season you need to be extra diligent to keep cybercooks from getting hold of your cards and card numbers. Here are six easy tips that even the least tech-savvy among us can follow.

Christmas shopping online

Make it tough for cybercrooks to steal your credit card number

Keep a record of your cards

Some people scan their cards and save the copies on their laptop, others write all the numbers down and keep them in a safe place. Whatever method you choose, keep a record of your account numbers, their expiration dates and the phone number to report fraud.

Watch your accounts closely

When online shopping, it’s safer to use a credit card than a debit card. Credit cards come with consumer protections against fraud that debit cards do not have. Check your account regularly during the season for any strange charges and report the activity as soon as you can. Many companies have toll-free numbers and 24 hour service if you lose your card.

Another good practice is to use a single credit card for your online purchases. It’s easier to manage the account, as well as your holiday gift spending budget, without lots of other miscellaneous charges cluttering the statement.

Don’t use a public computer for shopping

Many web sites use cookies to save information that you input. On a public computer, you could accidentally leave your information accessible to the next user. Hackers could also install keylogger software that records your keystrokes, giving them access to usernames, passwords, and card numbers.

Avoid free Wi-Fi hotspots

It’s tempting to use a store’s free Wi-Fi to do price comparisons when you are out shopping. But you risk losing your personal information to hackers if you log on to an unprotected Wi-Fi. Our Avast research team recently set up some fake Wi-Fi hotspots to see how many people would connect and what kind of information they could collect. In only 7 hours, 264 people connected to the fake Wi-Fi network end generated 512,000 data packets. It’s just too easy for a hacker to have access to your data.

You can safely use a public Wi-Fi hotspot if you first connect to a VPN (Virtual Private Network). Avast SecureLine VPN is an easy way to hide all your online activities from prying eyes. You simply launch the VPN and it will connect to a nearby server and encrypt all data flowing in or out making it invisible to anyone outside.

Beware of phishing attempts

Email phishing attacks increase during the holiday season. Sophisticated cybercrooks design their emails to look like they come from legitimate companies. For example, you may receive a fake email from an online retailer or a shipping company such as UPS, DHL, or FedEx alerting you that your order did not process or cannot be delivered. A typical scenario is that they ask you to follow a link to a website where you can re enter your credit card information.

Do not click links in emails. You run the risk of malware infection, or voluntarily giving your card number to a crook. Instead, go directly to the website or call their customer service department.

Make sure the shopping site is trustworthy

Well known websites like Amazon or or large retailers are most likely safe. But the small, unknown websites could be riskier.

If you use Avast SafePrice extension in your browser, then you can trust the safety and integrity of the online shop, as well as getting the lowest price. Learn more about the extension in Can shopping extensions help you find the best prices?

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

US-CERT

TA15-337A: Dorkbot

Original release date: December 03, 2015

Systems Affected

Microsoft Windows

Overview

Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and Microsoft, is releasing this Technical Alert to provide further information about Dorkbot.

Description

Dorkbot-infected systems are used by cyber criminals to steal sensitive information (such as user account credentials), launch denial-of-service (DoS) attacks, disable security protection, and distribute several malware variants to victims’ computers. Dorkbot is commonly spread via malicious links sent through social networks instant message programs or through infected USB devices.

In addition, Dorkbot’s backdoor functionality allows a remote attacker to exploit infected system. According to Microsoft’s analysis, a remote attacker may be able to:

  • Download and run a file from a specified URL;
  • Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
  • Block or redirect certain domains and websites (e.g., security sites).

Impact

A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users’ credentials for online services, including banking services.

Solution

Users are advised to take the following actions to remediate Dorkbot infections:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though Dorkbot is designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of Dorkbot, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
  • Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
  • Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
  • Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (see example below) to help remove Dorkbot from their systems.
  • Disable Autorun­ – Dorkbot tries to use the Windows Autorun function to propagate via removable drives (e.g., USB flash drive). You can disable Autorun to stop the threat from spreading.

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx

The above example does not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

References

Revision History

  • December 3, 2015: Initial Publication

This product is provided subject to this Notification and this Privacy & Use policy.