Category Archives: AVG

AVG

AVG

“Sad new!!!!!!!!!!!!!!!!!! Please Help”

The subject line is very irresistible. And the email came from a friend of mine, that only I hear from every 10 months or so whenever she is in town. So imagine my concern when I saw the following message:

Am so sorry that i didn’t inform you about my trip. I’m writing this with tears in my eyes. I came down here to Odessa Ukraine for a short vacation unfortunately i was mugged at the park of the hotel where i stayed. all cash, credit card and cell were stolen off me but luckily for me i still have my passports with me.

I ‘ve been to the embassy and the Police here but they’re not helping issues at all and my flight leaves in less than hours from now but having problems settling the hotel bills. the hotel manager won’t let us leave until i settle the bills, I’m freaked out at the moment.

I could hear my friend’s voice in the body of the email. She is also a world traveler with a deep interest in Central and Eastern Europe, and is definitely one to pop over to Odessa for a long weekend to see the famed Potemkin Steps or visit the city as part of a larger trek around The Black Sea. The poor punctuation and strange spacing confused me. Then again, she was panicked and under intense time pressure.

In other words, I was hooked. So I replied.

The email long tail finds the weak minds

Using various communications channels to finagle money or information from someone has a long and varied history. Many of the scams rely on the promise of easy returns. The Nigerian Prince is a case in point. The scam is similar to the 19th Century Spanish Prisoner scenario, but has usually relied mainly on mail, faxes, and email as part of a multistage setup that targets people with enough money to supposedly help smuggle millions of dollars out of an African country, often Nigeria (hence the name). Those that take the bait and pay the (fake) transfer fees are promised exponential returns on their investments that never emerge. There are scores of variations on the scam. For instance, a long-lost relative leaves a person a pile of money; to get the inheritance, the person needs to pay all the legal fees. But in general, most of these scams rely on greed to hook interest.

By contrast, “stranded friend” phishing attacks take advantage of a reader’s good will. We all want to help people we know and like. I certainly do. In my case, the conmen had used malware (probably a Trojan) to hack my friend’s email account and access her contacts. The message I received was addressed to around two dozen people. It’s unclear whether the hackers created their shortlist of targets using the communications history between my friend and her contacts or their geographic locations, but it seems likely given that other scams employ similar tactics. For example, hacked mailing lists from charitable organizations allow bad guys to set up fake charities and target the people most likely to donate based on past activity.

And email is cheap and easy. By stealing or buying stolen databases, scammers can obtain access to hundreds of thousands of addresses. With a bit of segmentation, they put the odds in their favor that someone will bite on their hooks.

Failed the friendship version of the Turing Test

In my case, my fake friend replied that I should wire several thousand dollars to a Western Union in Odessa. Before agreeing, I asked her to name a mutual acquaintance who had once joined us for dinner. Of course she could not. So I then called my friend’s fixed line (in another country) and left a voicemail alerting her that her email account may have been compromised.

Now I like to believe I’m smart enough to not fall for such scams. But criminals have access to the same analytics as governments and major corporations. They’ve also been practicing their trade for decades (sometimes centuries), so have tremendous insight into how best to influence even the strongest of minds. To stay sharp, there are several things you can do:

  1. Know what phishing is. Awareness is a huge step towards prevention. Knowing that the scammers are out there and masquerading as trusted contacts goes a long way to spotting them.
  2. Know what they’re after. Any email requests (or social media for that matter) asking for money should be immediately suspect. So too requests asking for personal data or account names and passwords.
  3. Watch for the signs. In addition to requests for money or hints that money may be needed, watch for poor spelling, bad grammar, and other oddities of speech. Check the email address itself – it may look like the supposed sender’s, but check for missing characters or additional characters added in. Pretty much all banks and most government and commercial organizations never ask for personal information, login information, or money via email; so if this information is part of the request, be very suspicious.
  4. Never click, copy, paste, or forward. For any email even remotely suspicious, do not click on anything, do not copy text and paste it into another email or document, and do not forward. To document the email (for alerting your friend or a company), the best approach is to take a screen shot.
  5. Don’t reply. Yes, I did, even though I saw the signs. But your reply tells the conmen that you pay attention to and open such emails. The bad guys will note this, and quite possibly save your email for another, more tempting scam later on.

The steps above may not be foolproof. But they can help ensure the adoption of a security mindset.

AVG

Your money or your data!

The scene unfolds like a cyber thriller. You fire up your PC and a message appears saying your files have been encrypted. Your screen looks like it’s from the FBI. Sometimes it identifies itself as malware. Sometimes it’s a plain-text message. When you click around in your PC (assuming you still can), you find that your photos and text files are indeed unavailable.

The screen also asks for money. To get the key to unencrypt your files, you must pay, usually in some form of untraceable currency, such as bitcoin. In most cases, there’s a firm deadline when payment must be made. If you miss it, the fees shoot up. At some point, your files are permanently encrypted.

Welcome to the world of ransomware.

While this form of malware can slip into devices in any number of ways, phishing is probably the most common vehicle. Basically, bad guys send innocent-looking emails that ask recipients to click on a link or download an attachment. (Phishing is also used to ask for money directly. A tiny piece of software infects the machine and goes about encrypting files before demanding cash. Sometimes the message pops up automatically. Sometimes there’s a time delay or a switch that lets hackers turn it on when it’s convenient to them.

And sometimes attacks are big and bold. Two assaults on major hospitals in the US, for instance, used multipronged ransomware infiltration to shutdown key networks and records. But experts largely agree that most attacks are on individuals. Mass emailing allows criminals to take advantage of long-tail effects and the fact that many people would rather just pay a few hundred (or thousand) dollars to have their data – which many consider their life – returned to them rather than fight back through various law enforcement channels.

Data hostage taking is on the rise

Given the efficacy of ransomware, the number of attacks is set to grow. In its annual Threat Landscape report, published in January 2016, the European Union Agency for Network and Information Security (ENISA) characterizes 2015 as “the year of ransomware”. According to the study, the number of reported incidences nearly doubled in 2015 compared to 2014, with aggressive phishing campaigns a hallmark of many attacks. Targets tended to be in North America and Western Europe, as residents are perceived to have the money to pay.

ENISA also notes that 2015 was a year of innovation in ransomware development and deployment. The number of new ransomware types quadrupled in the first half of the year alone. Criminals have set up service centers, allowing the non-technical to buy crimeware-as-a-service, further expanding the reach of ransomware. And stealthier delivery methods are still being developed.

Do I know you? Did I ask for this?

Phishing is still the most common delivery method. Which is convenient, in a way, as there are some practical steps you can take to avoid getting scammed. Probably the most important is to maintain an online “stranger danger” mindset. If an email looks even the slightest bit suspicious, don’t open it. If it’s from someone you don’t know, don’t open it. If it says you’ve won the lottery, are being watched by some security agency, asks about an order (you did not make), or promises rewards in some other way, don’t open it. (Similar phishing attacks also appear on Facebook.)

For emails you’ve opened, if they include links or attachments you weren’t expecting or didn’t ask for, don’t click or download. If you feel that you must do either, reply to the sender (if you know them), and ask if they did indeed send you something. If you do not know the sender – delete the email.

And of course, you should build a fortress around your device. This is where AVG can help. We provide antivirus, link scanners, attachment and download checkers, enhanced firewalls, spam blockers, and file encryption to help keep your photos, videos, files, contacts, and devices safer. If you haven’t done so already, give us a try on your PC or Android phone.

AVG

Top Facebook scams you need to know about

Have you seen the “Most Used Words” quiz on Facebook? Chances are you probably have – because it shockingly accumulated close to 20 million shares in just a few days. It also gained access to the personal data of over 16 million users.

With this kind of virality, it’s little wonder a 2016 report from Cisco found that Facebook scams are the most common online attack method used by cybercriminals. With 1.6 billion users, the social media site serves as a cost-effective way of spreading scams on a large scale quickly and relatively easily.

To help you stay ahead of the bad guys, we’ve assembled a list of the top types of (often overlapping) scams to look out for on Facebook:

Sensational news stories

These have clickbait headlines to tempt you into clicking without first verifying the news. The problem is that they can lead to websites with viruses, ransomware, and other forms of malicious content and advertising. But the good news is that Facebook has made a lot of progress in preventing these kinds of posts from appearing in your News Feed.

Hidden content

An extension of clickbait headlines are sites that require you to enter details before certain content will be “revealed”. For instance, before a juicy celebrity video shows or the answer to a self-assessment quiz displays, you must enter an email address or agree to terms and conditions. This is simply a sneaky way for scammers to capture your information.

Like farming

This occurs when a page is set up by scammers with the purpose of artificially accumulating likes. This is so they can use the large number of likes to distribute additional scams or sell the page on the black market for profit (pages like these are highly valuable to unethical marketers). So think twice when you see one of those adorable cat memes – the source could be a scammer who’s hoping it’ll go viral for their benefit.

Quizzes that promise a prize or gift voucher

If something sounds too good to be true, it usually is. These kinds of quizzes are designed to phish for your personal details or have you fill in surveys that the scammers get paid for you to complete! You definitely won’t win a free business class air ticket or $100 grocery voucher.

Dodgy apps

Some third-party Facebook applications require you to grant unnecessary permissions, including access to your name, profile picture, list of friends, history of posts, and the devices you use. The terms and conditions you accept could even enable a scammer to sell your data or post directly to your timeline. “See who’s viewing your profile” is a classic example of an app created specifically for this (while Linkedin provides such functionality, Facebook currently doesn’t).

Questionable private messages

These are likely to include social engineering schemes, such as offers to work from home. They may even claim you’ve “won” a lottery; then ask for a small advanced fee so you can claim your prize. Hint: your prize will never be delivered!

So what can you do to protect yourself? 

Take note of the Facebook scams we’ve mentioned above, and always:

  • Be vigilant when it comes to entering any form of personal information online
  • Don’t share clickbaiting stories, memes, or videos
  • Install apps only from trusted developers that don’t ask for a stack of unnecessary permissions
  • Watch for strange posts and pages from friends – avoid clicking on them and then let your friend know that it’s likely a scam
  • Don’t respond to messages from people you don’t know, especially when they include offers that sound too good to be true

AVG

When a Metaphor means more than an implied comparison

You are going to want to ​think twice before clicking on that LOLCat. A new proof of concept security vulnerability, dubbed Metaphor, could affect hundreds of millions of Android users.

NorthBit, an Israeli based software research company, has created an exploit in the same software library that the Stagefright vulnerability took advantage of. You may remember that last July 950 million Android devices were put at risk by Stagefright, in which it used an MMS (multimedia messaging service) software weakness that put Android customers at the mercy of hackers who could take complete control of their phone.

Metaphor, was demonstrated by NorthBit by sending an email message with a link to cat photos. The victim clicks the link to view the adorable and hilarious cat photos but unknowingly, in the background the malware is delivered.  This exploit is a hole that allows a hacker to gain access.  This access could be used to deliver malware that could potentially take control of key operations of your phone.  In this particular example, the exploit is not instant – the user does need to engage with the content on this page for the exploit to be successful.

NorthBit’s research paper detailing the findings is not malicious, it’s for demonstrative purposes only. However, there is enough information provided that a professional hacker could use it to create their own fully working exploit and as you see in the video, to take control of some of the operations of your phone.

Since the original vulnerability was disclosed last year, Google released a number of patches that resolved Stagefright; but as we can see with this new disclosure, the media software still offers hackers a route to exploit devices.

The Metaphor exploit affects devices that are using Android Operating Systems: 5.1, 5.0, 4.0, down to 2.2 with some devices more vulnerable than others.

If you have an Android phone, what should you keep in mind?

  • Be cautious of clicking on links from senders you do not recognize: In the example with the cat photos, the victim is opening the MMS it based on emotion around the content. If you don’t recognize it then don’t open it (no matter how cute or grumpy the cat is)!

And remember, the content could be targeted to something that you might be interested in, for me this would be motorbikes.

  • Always download and accept the updates to the operating system: While many phones do this by default some older versions do not. Keep in mind that patching your phone today may not fix this issue but it could fix other issues, so it’s always a good idea to run the updates.
  • Ask Questions: If you are unsure whether there are updates or how to download them a simple internet search should help. If you’re still unsure then contact your carrier.

 

Follow AVG on Twitter @AVGFree

Follow me on Twitter @TonyatAVG

 

 

AVG

We Want to Embrace the IoT But Can We Trust It?

We are in the midst of a rapid technology evolution. We’re only four months into 2016 and already we’ve seen two major industry shows dominated by the Internet of Things (IoT).

In January, at CES, the connected home stole the spotlight – highlights included a Family Hub fridge, a Wi-Fi water leak detector and an AR-equipped robot vacuum.

The trend continued at MWC where a smart air conditioner, 4G-enabled security camera, and smart shoes were on display. If these two major events are any indication, the horizon shows a hyper-connected future.  But what are the trust issues at hand?

AVG collaborated with the organization, MEF, on its global survey to take a look at consumers’ concerns around the future of IoT. According to the MEF survey findings, people are enthusiastic about a connected future – when asked about their concerns around IoT, only 1 in 10 said there would be no tangible benefits.  Yet, as the network of IoT devices grows, so too do consumers’ concerns about what this increased connectivity and data sharing means for security.

As a security company, it is our responsibility to recognize and unpack such concerns so we can use that insight to address fears and vanquish threats down the road.

The MEF study, which surveyed over 5,000 mobile users in eight markets, examined consumer perceptions about the future of a connected world. The findings are significant, and indicate tremendous worry about a world of inter-connectivity:

  • 60% said they worry about a world of connected things.
  • Privacy (62%) and security (54%) are seen as the biggest threats worldwide.
  • One third of respondents in all 8 countries don’t want to share personal information but know they must if they want to use an app (up to 41% from 33% in 2015).
  • Home security raises the most concern among connected devices and applications.

MEF’s research shows a consistent decline in consumer trust, which continues to dip as the war on privacy wages on, leaving consumers to decide what data tradeoffs are worthwhile.

If we, as an industry, don’t address these trust issues, consumers may disengage since they will no longer be willing to sacrifice their privacy for greater connectivity. Considering that 62% of consumers already name privacy as their top concern when it comes to the IoT, that tipping point is likely to arrive sooner than we expect.

In order to respond to consumer concerns and stop the erosion of trust, the industry has to act. And when we do, it is vital that we don’t let our desire to get products to this burgeoning market quickly trump the need for responsible and secure design. Security cannot become an afterthought as we innovate toward connectivity.

If we care about our consumers and about the potential and longevity of IoT, we need to make ‘security by design’ a fundamental approach, regardless of device.

AVG

Revolutionize Your Business with AVG Managed Workplace

This year, we’ve put a laser focus on simplifying managed services to see how we can help our AVG partners fulfill their service contracts in an efficient and profitable way.

Seeing is believing.  And that’s why we let our early adopter partners be the judge of our newest release, Managed Workplace 10. They were impressed, we hope you will agree.

It’s time to step away from your 30+ checklist of onboarding items – we’re about to tell you how you can align your SLAs with your service delivery models and get your onboarding process down to a few simple clicks.

AVG Business has just launched Managed Workplace 10. This is our new, simplified service delivery platform that allows MSPs to standardize the configuration and onboarding of multiple customer sites.  We’ve designed the platform to align with the way MSPs do business. You can now standardize service delivery, quickly configure and onboard clients, reduce manual configuration, eliminate errors, drive efficiencies and more.

Managed Workplace 10 is a completely new platform that changes the way that an RMM helps drive profitability for your business.  Our partners will now have access to an RMM solution that gives them a centrally planned and automated way to cover those checkboxes and implement services, upgrades or changes, in a simple, applied way.

Here are a few highlights:

  • Fast, simplified deployment: With an onboarding process of only five clicks, you can get new customer sites up and running in under 30 minutes. You’ll also be able to deliver standardized service offerings right out of the box. Easily turn on or off services as required or create new services for client sites. Without missed steps or manual processes.
  • Service delivery model: Easily choose the mix of services that match your clients’ needs, uptime and budget. We’ve taken the industry’s three familiar reactive, proactive and fixed fee service models, added our key Managed Workplace features, and integrated these directly into our services platform.
  • Action-based dashboard: Add new services in minutes, deliver enhanced service levels and increase sales through our new single pane of glass, action-based services dashboard.

 

Managed Workplace 10 is the latest proof point to our mission to simplify the experience of securing businesses and deliver security products that meet our partners’ needs.

Sign up today and join the Managed Workplace revolution!

AVG

Onboard in 5 clicks, not 50 steps

Most managed service providers (MSPs) follow a similar process for onboarding new customers for managed services.  This typically starts with understanding your customer’s true business needs and then reflecting those needs and the required services into your service delivery platform.

Sounds like a straightforward approach, yet the reality is often not so easy or quick. Customers have unique needs based on the nature of their organization and current IT infrastructure. This can transform onboarding into a complicated, multi-step process.

For example, how much of a priority is the stability and uptime of one group of devices versus another group or what security precautions need to be put in place to protect your customers? How will the answers to these questions and others effect which aspects of the remote monitoring and management (RMM) solution you turn on and which you leave off?

Today’s RMM solutions are extremely powerful, but all too often it is that power that breeds complexity. This requires MSPs to commit a lot of time to configuring, tweaking, twisting and covering the necessary checkboxes at exactly the right stage.

One MSP recently told me that he has a 35-40 item checklist to complete in order to onboard a customer and begin delivering services. Managed services platforms are meant to simplify your lives and make it easy to deliver service to your customers – 40 steps toward implementation isn’t a simplified experience.

With so many checkboxes and onboarding steps, one moment’s distraction is all it takes for a step to be missed and suddenly your RMM solution isn’t fulfilling the necessary criteria. Complicating this, as the IT provider, you are still on the hook with the customer to deliver the services you committed to initially. And now you need to rely on manual processes to satisfy those needs. This starts an endless cycle of firefighting as customers’ IT needs grow and more and more manual processes pile up.

We have a plan to change this.

Next month, AVG Business will release a next generation RMM platform focused on a new service delivery model that allows you to standardize the configuration and onboarding of multiple customer sites. This will dramatically minimize the implementation steps required for the customer onboarding process as well as achieve a standardized service delivery model.

For the first time, the channel will have access to an innovative RMM solution that will give them a centrally planned and automated mechanism to cover those checkboxes and implement services, upgrades or changes in simple, applied way.

This type of centralized automation delivers amazing benefits. Imagine the ability to deliver unique service offerings within one standardized service delivery platform. Your clients will gain a scalable solution to address their security challenges. You will gain the tools to retain new clients, onboard those clients quickly and grow your revenue.

Tune in next month to find out more about the new platform and how you can add it to your security product portfolio.

AVG

Introducing the New AVG Partner Certification Program

AVG has seen the role of our channel partners evolve from being “solutions providers” to “trusted advisors.” We believe this is a critical transition that our partners must make; and one that requires the ability to make “consultative sales.”

To do that, partners need to be able to put any product or service recommendation into a broader business context while demonstrating measurable ROI.

It also requires more in-depth knowledge of their product portfolio than ever before.

Partners have told us they need a fast, efficient, and systematic approach to knowledge acquisition and skills development – coupled with ongoing support on multiple levels. They want to be able to ramp-up quickly on AVG products and technologies, clearly understand our product value propositions and how to position these with customers.

Our answer to this need is the AVG Partner Certification Program (PCP) – a certification program that rewards each partner for developing their knowledge.

The PCP has three tiers: Select, Premier, and Elite. Each tier provides additional benefits based on the number of individuals who achieve certification. For example, Elite level requires the certification of 3 Engineers and 3 Sales professionals.

Certification is achieved through on-demand Technical and Sales Training.

Partners who pass all course assessments of our Fundamentals training become an AVG Certified Technical Associate or AVG Sales Associate.

This program is an important element of our strategy to help partners sell, cross sell and upsell our product portfolio and continue activating and retaining new partners.

Please visit our AVG Partner Portal today.

AVG

AVG Strengthens Channel with Product Enhancements, New Partners and Certification Program

AMSTERDAM — March 22, 2016 — AVG® Technologies N.V. (NYSE: AVG), the online security company™ providing leading software and services to secure devices, data and people, announced today key drivers to accelerate value for AVG channel partners and support small and medium business customers’ security needs. The company has optimized its AVG Business portfolio with new cloud security updates, added channel partners to enhance its partner ecosystem, and will be launching a partner certification program.

“We are transforming our AVG channel program to increase channel partner value,” said Fred Gerritse, GM, AVG Business. “Our partners need to effectively respond to their business customers’ security needs, while continuing to grow their own operations.  We are putting new initiatives in place that will address these needs and help enable partners to become more experienced in AVG business security solutions and to work more simply and efficiently with us in the process.”

New AVG CloudCare security features
The company is integrating key AVG Antivirus 2016 features with its AVG CloudCare product, for advanced endpoint security protection. The new features include a faster scanning engine; cloud-based, real-time outbreak detection and proactive artificial intelligence detection capabilities; and access to advanced policy settings. AVG CloudCare enables partners to access a range of security services through one platform and centralized dashboard, with the ability to manage and monitor services automatically.

New channel partners
AVG has signed new channel partners this year and also strengthened its AVG Business distribution channels to increase flexibility and revenue opportunities for distributors and partners. CMS Distribution, the largest UK and Ireland independent, value-added distributor, has joined AVG’s channel partner program as a new UK distributor. Serving 3,000 partners, including the top UK VARs, CMS Distribution brings the go-to-market track record to sell the full AVG Business portfolio, including AVG AntiVirus and Internet Security Business Edition, AVG CloudCare, and its remote monitoring and management (RMM) platform, AVG Managed Workplace®.

New partner certification program
AVG Business partners and distributors will soon have access, through a new partner certification program, to business, marketing and technical training to elevate AVG product expertise and simplify end customer onboarding and implementation. To meet these goals, the program will deliver an efficient, systematic approach to product and technical training, including a phased certification program that rewards partners for developing knowledge and achieving specific revenue milestones.

AVG’s Partner Certification Program and AVG CloudCare enhancements will be available in April. For more information, visit http://www.avg.com/service-provider-solutions.

 

About AVG Technologies N.V. (NYSE: AVG)
AVG is the leading provider of software services to secure devices, data and people. AVG’s award-winning consumer portfolio includes internet security, performance optimization, location services, data controls and insights, and privacy and identity protection, for mobile devices and desktops. The AVG Business portfolio, delivered through a global partner network, provides cloud security and remote monitoring and management (RMM) solutions that protect small and medium businesses around the world. For more information visit www.avg.com.

 

Press contacts

Zoe Kine, AVG Technologies
+1 415 694 3654
[email protected]

Tony Mays, AVG Technologies
+44 7852 776936
[email protected]

Rachel Starr, Inner Circle Labs
+1 415 684 9560
[email protected]

 

AVG

APH improves margins, drives revenue with AVG Business solutions

One of the things I enjoy about my role is receiving feedback from our AVG partners. A recent example is APH in the UK.

The team at APH was ready to take a more modern and proactive approach to their operations. But one challenge was the ability to expand their customer base – 110+ small-and-medium businesses operating in the distribution, manufacturing, engineering and services sectors – with the same APH staff of 15.  The team had to be able to close the loop on the better management and delivery of a complete managed services solution.

AVG Managed Workplace and its integrated Premium Remote Control, plus the quality of the technical and sales support from AVG Business, convinced APH to migrate its entire base of managed service clients from a standard antivirus product to the full-service AVG Business solutions platform.

Chris Carter, the Technical Infrastructure Consultant at APH, explains how APH’s move to AVG CloudCare and AVG Managed Workplace is a win for their clients and for them: “AVG AntiVirus picks up more threats than other products we were using, plus the AVG Business stack gives us wider, proactive control over the complete infrastructure at our client sites.”

As a trusted technology partner, we provide the support our partners need to confidently build relationships with their clients.  Chris is being supported by his AVG partner account manager who “wants to know where we’re trying to take our company and is helping us decide which services and features of the AVG Business stack can strengthen our customers’ infrastructure while creating profitable, long-term revenue streams for us.” 

Having completed the first phase of the AVG Business rollout, APH is now able to pre-empt client system faults as it takes advantage of AVG’s single pane of glass view, its automatic network discovery and monitoring, remote management and network audit reports.

And next, the remote, automation and reporting capabilities of the AVG Business solutions will allow the APH team to better schedule PC maintenance, coordinate patch management and control the rollout of Windows updates.

As Chris explains, APH has made the decision to “cover the cost of client installations because within a year we’ll be supporting only one product. We have higher profits from the new licences because the margin difference between where we were and where we are now with AVG Business is significant.”

Chris also says the detailed reporting within AVG Managed Workplace “will allow us to see what’s happening with all assets on every customer site and give us the opportunity to upsell services.”

Where are they headed as an AVG channel partner? There are no limits.