Antivirus Vendors
Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.
The post Win32/Virlock: First Self-Reproducing Ransomware is also a Shape Shifter appeared first on We Live Security.
As 2014 comes to an end, it is time to look ahead to 2015. This year though, rather than give my predictions about emerging technology, my mind is drawn to our behavior and the changing the way we actually interact with technology.
There are three areas in which I foresee the most change during 2015 thanks to increased public interest and acceptance:
The discussion about privacy; my right to be me and own my data has been gaining momentum in the last five years. We are rapidly losing control over our personal data and identities in today’s fast moving digital world. The advertising world collects ever more data to try and predict our needs based on who we are and our behavior. 2014 has shown us that our online identity isn’t safe from advertisers, hackers or even governments.
So the problem of who controls my identity becomes more and more interesting to the actual owners – each and every one of us. . Laws around how to keep and secure data, and restrictions about sharing it are on the way through movements like the Right to Be Forgotten.
In the passing year we have seen lots of solutions focusing on sharing using “Privacy by design” to be the key feature, apps like Snapchat , Whisper, Secret, Tinder, Tumblr, the Silent circle messaging and their Blackphone. These applications are chat, photo sharing and social media where the privacy and trust is built in.
So the market demand for privacy oriented solutions is there and the technology has existed for several years. The missing key ingredient that will drive it into the mass market is how business can make money from privacy. In the next year I expect to see more and more monetization concepts to make money from solutions that provide anonymity and privacy. The market demand is there and the technology is there…
Since the 90’s, the idea of a connected smart home has excited millions. The idea of an electric light that will turn on when you step in the room and you can close with a clap is not new. But it is only in the last year that the idea of Internet of Things has really started to be feasible.
The good news is that electronics are back and so is software. After all it is through software that we interact with devices and makes them seem exciting and new. Over the last 15 years we have tried to create value in software by adopting various business models. From the Freemium model, giving limited functionality and then charge when features are added through the models that monetize through Google Ads and search up to the SaaS models where it is not the software you pay for but a service that comes with it…
In 2014, we saw Fitbit emerge as a leading wearable device, and a big part of this is software that makes it seem very personal to every one of us. It was the same with the GoPRo camera – transferring a simple camera into high end extreme sports filming equipment. In 2015 I expect many devices will evolve to become connected and take on new roles in our digital world. Software will be an important factor in deciding which devices are successful, it’s through software that devices become personal and relatable.
Since the beginning of the internet, search has taken a cardinal place in our interaction with data. First Yahoo and then Google made sure our homepage is a search page.
Microsoft went on and translated this behavior into the application on the PC, and now we have a search box almost in everything and everywhere…
With Adwords technology Google cracked the way to monetize search behavior. The search term that the user enters translated to ads that the user wants at that moment.
Smartphones arrived and quickly become a main vector for search, both of the Internet and of ever growing app stores. Importantly they also heralded the arrival voice recognition technologies and of voice search. But as technology advances there is a quest to predict the search. To analyze requests and behavior so that the information we seek is already there waiting for us. We can see it in action with programs like Google Now that collects information about you from a range of sources and tries to predict what you need, whether it’s directions to work, your flight times that day or what the weather will be like.
But in less obvious move, many successful mobile apps have removed the search field and actually providing people with suggestions or things to discover as a way increasing engagement as well as servicing and increasing the value of apps and services.
There are many examples of this discovery mechanic in online news where services like Outbrain and Tabula offer more content to people who read news, and monetize through pay-per-click
Other examples of discovery replacing search are popular apps like Instagram, Flipboard and Facebook where people are encouraged to roam and discover news, pictures or friends.
Perhaps the best example of this is Tinder where rather than searching for match, the app makes constant suggestions that the user accepts or rejects
I think in 2015 we will see this trend getting stronger and more apps and services will increase the promotion of content to their customers as a way to keep them interested in using the application or service.
Turns out that the Material Girl has had her material stolen, and she’s blaming hackers!
The post Madonna thinks her computer was hacked appeared first on We Live Security.
As the holiday times approach, many of us increase our online shopping. But if the 2014 year taught us anything, it is that online criminals have figured out that hacking into the IT systems of retail stores is an easy way to make money. This year there were no fewer than a dozen major retail stores whose customer data was stolen or whose POS systems (Point of Sale systems… their electronic cash registers) were compromised in order to steal customer credit card numbers.
You’ll recognize most of these retailer brands whose customer databases have been breached this year:
In addition, several major retailers have had their POS systems hacked:
The burden of security ultimately rests on your shoulders. So here are five simple things you can do to protect yourself from holiday shopping hacks:
Search engines will lead you to that perfect present no matter where it is, but if you’ve never seen or heard of the retailer before then think twice before entering your credit card and all your personal information.
Public, unsecured Wi-Fi access points can be very easily tampered with; the person sitting next to you could be sniffing and recording every transmission, using simple algorithms to identify credit card numbers and ID information. Use a secured Wi-Fi and/or a VPN for your shopping. Consider also using a dedicated e-mail address just for shopping.
Credit card companies usually have policies in place to protect users from fraud and limit your personal liability. In addition, many credit card companies offer extended warranties and return policies during holiday shopping season.
Retailers ramp up their e-mail marketing during the holiday season, but e-mails can be easily spoofed by hackers. Instead of automatically following the URL link from an e-mail offer, consider going directly to the retail vendor’s website and then looking for the product you want. Also be aware of phony emails from UPS and other shippers claiming that “your package could not be delivered.” Often these e-mails contain attachments that install spyware and keyloggers.
If haven’t got around to installing that software patch or antivirus security update, now might be a good time to do it. Most hacks prey on the short window of time between when a vulnerability is discovered and when the software vendors patch the hole. If you are not installing the patch, then the hole is still wide open on your computer and you are just asking for trouble.
If you are worried that your personal identity might have been exposed in recent data breach or hack, you can use Avira’s free Identity Safeguard tool to check: it is included free in both Avira Mobile Security for iOS and in Avira Antivirus Security for Android).
Shopping online is actually safer now than it has ever been before, so just take a few precautions and enjoy the holidays!
The post How to Prevent Holiday Shopping Hacks appeared first on Avira Blog.
2014 has been an active year for cybercrime. Let’s start with the most recent and then take a look at some of the other important security events of the year.
We are ending the year with the most publicized and destructive hack of a major global company by another country – now identified as North Korea. The Sony Entertainment attack, still being investigated by the FBI, resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was an attack on privacy due to the theft of a massive amount of personal records, but also essentially blackmail; aiming to silence something that the North Korean government didn’t like – namely the release of The Interview, a movie depicting an assassination attempt on Kim Jong-Un.
Most of the blame for state-sponsored cybercrime in 2014 has been with Russian or Chinese hackers. Whether private or state-sponsored, these hackers have attempted to access secret information from the United States government, military, or large American companies. Recently, Chinese hackers sponsored by the military were indicted for economic espionage by the U.S. Department of Justice.
Large data breachesAlong with the Sony breach, other notable companies that suffered from cybercrime include Home Depot, eBay, Michaels, Staples, Sally Beauty Supply, and others. A significant number of these breaches were begun months or years ago, but were revealed or discovered in 2014.
Nearly 110 million records were stolen from Home Depot; the largest ever breach of a U.S retailer. The cyber-heist included 56 million payment card numbers and 53 million email addresses.
JPMorgan Chase’s data breach impacted nearly 80 million households in the U.S., as well as 7 million small- and medium-sized businesses. Cybercriminals were able to gain access after stealing an employee’s password, reminiscent of the Target breach from 2013. This breach is said to be one of the largest breaches of a financial institution. The FBI is still investigating.
GameOver Zeus, called the most infamous malware ever created, infected millions of Internet users around the world and has stolen millions of dollars by retrieving online banking credentials from the infected systems.
Tinba Trojan banking malware uses a social engineering technique called spearfishing to target its victims. The spam campaign targeted Bank of America, ING Direct, and HSBC customers using scare tactics to get customers to download a Trojan which gathered personal information.
Chinese hackers were at it again, and again, targeting South Korean banking customers with banking malware using a VPN connection. The customers were sent to a look-alike webpage where they were unknowingly handing cybercrooks their banking passwords and login information.
Many of the breaches that occurred in 2014 were because of unpatched security holes in software that hackers took advantage of. The names we heard most often were Adobe Flash Player/Plugin, Apple Quicktime, Oracle Java Runtime, and Adobe Acrobat Reader.
Avast’s selection of security products have a feature called Software Updater which shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.
Numerous new exploitsFlaws in software led to Shellshock and Heartbleed, two names that struck terror in IT administrator’s hearts.
Heartbleed takes advantage of a serious vulnerability in OpenSSL. It allows cybercrooks to steal encryption keys, usernames and passwords, financial data and other sensitive data they have no right to, and leaves no trace of the operation.
Shellshock ended up affecting more than half of the websites on the Internet. Hackers deployed malware on legitimate websites in order to retrieve confidential data from compromised computers.
Another name that made headlines was a group of malware dubbed ransomware, such as CryptoLocker, and its variants Cryptowall, Prison Locker, PowerLocker, and Zerolocker. The most widespread is Cryptolocker, which encrypts data on a computer and demands money from the victim in order to provide the decryption key.
Avast detects and protects its users from CryptoLocker and GameoverZeus. Make sure you back up important files on a regular basis to avoid losing them to ransomware.
Ransomware made its way from desktop to Android during the year, and Avast created a Ransomware Removal app to eliminate Android ransomware and unlocks encrypted files for free.
Mac users were shocked, celebrities mortified, and fans titillated by news of the iCloud hack which lead to the online publication of numerous private photos of Hollywood famous celebrities. The serious cloud breach was launched using brute force methods on targeted iCloud accounts.
The art of deception is a highly successful method for cybercrooks. The weakest link in security is the end-user, and hackers take advantage of us all the time using social engineering schemes.
Phishing
In a phishing or spearphishing attack, hackers use email messages to trick people into providing sensitive information, click on links, or download malware. One of the most famous instances was the Target breach, in which hackers got a network password from a third party vendor that worked for Target, to get into the network and compromise their point-of-sale machines in November 2013.
Social media scams
Social channels, like Facebook, offer a perfect environment for social engineers. They can create buzz, grab users’ interest with shocking content, and encourage people to share the scams themselves. Scams often come in the form of fake video links which lead to surveys and rogue webpages.
The Avast Virus Lab observed increased activity of malware distributed through exploit kits this year. These kits, often for sale on the deep web, allow cybercrooks to develop customized malware threats in order to attack specific targets. Zeus source code was used to develop Gameover, and the Zeus Gameover network was used to download and install Cryptolocker.
Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.
It seems even the humble skateboard isn’t immune to hacking, as The Register reports that the ‘Boosted’ brand of electric skateboards has been hacked by a pair of hackers.
The post Even skateboards can be hacked appeared first on We Live Security.
