Category Archives: Panda Security

Panda Security

Panda Security

POS and Credit Cards: In the Line of Fire with “PunkeyPOS”

pandasecurity-punkeypos-principal.png

PandaLabs, Panda Security’s anti-malware laboratory, has been working on an in-depth investigation since May related to Point of Sale terminals (POS) in restaurants across the United States. A new malware sample was discovered during this investigation called PunkeyPOS, a malware variant that is able to access credit card data. PandaLabs left this information at the disposal of American law enforcement so they can take the appropriate actions. Let’s see what this is and how it operates.

How can they steal your card without touching your wallet?

PunkeyPOS runs seamlessly in all Windows operating systems. The cyber-criminal’s plan is to install the malware in POS terminals in order to steal sensitive information such as account numbers, magnetic strip contents (tracks) from bank cards, etc.

PunkeyPOS seems simple:

It installs a keylogger that is responsible for monitoring keystrokes, then it installs a RAM-scraper that is responsible for reading the memory of all processes running on the system.

Based on the information it captures, the malware performs a series of controls to determine what is valid and what isn’t. Regarding the keystrokes, PunkeyPOS ignores all information other than credit card data. It is mostly interested in tracks1/2 from the process memory that is obtained from RAM-scraping. The POS terminals read this information from the bank cards’ magnetic strips and then can use this data to clone the cards at a later time.

Once the relevant information has been obtained, it is encrypted and forwarded to a remote web server which is also the command and control (C&C) server. In order to avoid the detection of the card information in case somebody is scanning the network traffic, it is encrypted before it is sent using the AES algorithm.

The command and control (C&C) server address can be easily obtained based on this malware sample through reverse engineering or analyzing their communications. This is the main page of the control panel; it requires a username and password to get access:

pandasecurity-punkeypos-1

Follow the Trail to the Digital Pickpocketers

The cyber-criminals behind this attack haven’t been very careful. Since the server was not configured correctly, PandaLabs was able to access it without credentials.

Because of their neglect, PandaLabs was able to see where PunkeyPOS sends the stolen information. In addition to being in front of a panel that is used to access the stolen data, from this panel cybercriminals can reinfect or update current clients (POS bots).

pandasecurity-punkeypos-2

The version of the analyzed PunkeyPOS sample is hardcoded: “2016-04-01”. If we compare this sample with older versions, some from 2014, we can barely see any difference in the way it operates (in the References section of this article you can find links that will go further into detail about how it works.)

PandaLabs has been able to gain access to the control panel of PunkeyPOS, and has geolocated around 200 Point of Sale terminals that were compromised by this specific malware variant. We can see that virtually all the victims are in the United States:

pandasecurity-punkeypos-3

Taking into account how easy it is to sell this information on the black market, and how convenient it is to compromise these POS terminals anonymously through the internet, we are certain that cyber-criminals will be increasingly drawn to these terminals.

Protect your devices proactively from these types of attacks with an advanced cyber-security solution like Adaptive Defense. Real-time control of all inappropriate user operations is in your hands.

References:

http://krebsonsecurity.com/2016/06/slicing-into-a-point-of-sale-botnet/

https://www.trustwave.com/Resources/SpiderLabs-Blog/New-POS-Malware-Emerges—Punkey/

 

The post POS and Credit Cards: In the Line of Fire with “PunkeyPOS” appeared first on Panda Security Mediacenter.

Panda Security

Antivirus For Mac: Is It Really Necessary?

pandasecurity-mac-antivirus

The last few days have been intense for Apple fans. Last week, Apple’s Worldwide Developers Conference took place, where they presented the company’s new hardware and software. The “bitten apple” went into depth about their new operating systems for iPhone, Mac, Apple Watch and Apple TV but… what about security-related updates?

Following the horrible San Bernardino attack from last December, a controversial topic stemmed regarding the attacker’s iPhone. Apple’s case against the FBI initiated a dispute between user privacy and government access to personal data.

Meanwhile, other giants in the sector, like Facebook and Google, showed their support for Apple by promising to implement more effective encryption tools in the future. WhatsApp was the first to use end-to-end encryption.

Now Tim Cook presents a new file system called APFS, the Apple File System, which incorporates a new encryption system that gives developers multiple options like leave something unencrypted, encrypt it with a unique password, or encrypt it with multiple passwords. The Apple File System is already available online for developers and the new version will leave HFS system and improve security and data encryption.

Why is my Mac vulnerable to advanced threats?

Despite efforts of large security companies, the truth is that no operating system is 100% reliable. Apple computers are not the Macintosh systems that we once knew. Years ago, they had a safety-guarenteed reputation, with a different and solid operating system than others. At that time, hackers targeted computers with Windows operating systems, however, as Apple’s popularity has grown, so have the malicious-code-making hackers. Mac OS X is no longer impregnable and needs mac antivirus software.

In the recent PandaLabs’ Q1 report, experts discussed the latest threats directed specifically towards Apple operating systems. One example of this is the highly powerful ransomware based on Encoder, called KeRanger, which managed to infect Apple users at the beginning of 2016. We all remember the major Trojan attacker flashback and Browlock, also known as the Police Virus or Shellshock. All of the previously mentioned examples confirm that attacks on Mac OS X are growing.

While it is true that the number of threats in the Mac’s operating system are lower than other platforms (such as Windows) we must be aware of the importance of an effective antivirus for Mac in order to fully enjoy our Apple computers. Enough excuses, let’s start preventing viruses!

The post Antivirus For Mac: Is It Really Necessary? appeared first on Panda Security Mediacenter.

Panda Security

If You Add Extras to Your Web Browser = Extra Danger for You

pandasecurity-browser-1

Web browsers are full of dangerous options that nobody uses. Most computers come with pre-loaded web browsers like Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari, but these default web browsers are not configured for secure web browsing.

Anytime users are surfing the web, there can be a “variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer”, as stated on the US-Cert website.

What may seem like a cool option for your Web Browser, could actually be a gateway for cyber-attackers that goes unseen to the average computer user. Sometimes “less is more”, and when it comes to computer security, the less entry-points a cyber-criminal has, the less we have to worry about defending ourselves.

There needs to be a complex balance between having freedom to use new technology functionalities, like web browser options, while at the same time, keeping the door shut to cyber-criminals.

But why download options if they are pointless? 83% of the latest browser functionalities are completely unnecessary, as revealed in a study from the University of Illinois. In fact, only 1% of the 10,000 most popular web pages use these features in some way, many of which do not even prove that they are useful.

83% of the latest browser functionalities are completely unnecessary.

A good example of this are the Ambient Light Events (ALS) that are designed so that websites perform differently depending on the levels of light that surround the device, and adapt the computer brightness to it. Although it sounds helpful, only 14 of the 10,000 websites that were cited in the study implement this and very few users are even aware that it exists.

 

pandasecurity-browser-2

 

Iframes is another story. It has become a very popular HTML element that is used in many different types of websites; interactive spaces on a web page allow users to insert part of another page onto their website (this is known as embedding). At least half of the most popular websites use this technology, and yet it is blocked 77% of the time due to security reasons. In 2013, hackers seeded Internet searches with malicious iframe code, leading to iframe overlay attacks on many prominent networks.” The majority of social networks have stopped using this program.

 

Something else that has caught our attention is vibrate API, which enables websites to manage features on devices… if they decided to use them. Today, only 1 out of the 10,000 most popular websites does this, but still, the features remain available, not only for legitimate developers but also for potential attackers who could use it for their own benefit, for example to spy your conversations (like they did here).

 

A cybercriminal could use the vibration of your Smartphone to spy your conversations

 

The difficult balance of taking advantage of available options while maintaining security seems is difficult to have, at least in regard to the browsers. To be protected, users better have a good anti-virus that is capable of stopping assailants if they get through these online-cracks.

The post If You Add Extras to Your Web Browser = Extra Danger for You appeared first on Panda Security Mediacenter.

Panda Security

Cybersecurity: An Opportunity For Digital Transformation

pandasecurity-digital-transformation-1

Although it is not a buzzword quite yet, the reality is, digital transformation is already impacting our professional and personal lives. Not a day passes without the media telling us what “it” is, why “it” is necessary, while bombarding us with examples of companies that are immersed in “it”.

It’s a fact that our lives are becoming more digital. We buy, we work, we store information, and we even communicate with other people through media and digital platforms. Just as we protect our analogue lives, we must protect our online lives.

pandasecurity-digital-transformation-2

Security plays a key role as a facilitator for Digital Transformation. 64% of managers recognize that cybersecurity is one of the pillars of this transformation, and not without reason.

There are two ways we can see this challenge: as a threat or as an opportunity. To approach Digital Transformation as if it is a threat is exaggerated….apocalyptic. We don’t want to downplay these threats… of course they are real, they really are! But fortunately, everyday there are more and better tools to protect businesses and their digital lives.

The cyber-security industry offers a plethora of services and products that are cheap, accessible and effective, and as a result, users are going to be better protected during their Digital Transformation. The cloud has been a great facilitator by implementing this change, protecting all kinds of businesses, regardless of size and sector.

And the same happens with cyber-security in the framework of digital transformation. 43% of executives consider security as the first challenge to address when implementing digital transformation. After all, we cannot really be digital without being protected. Knowing how to take on these changes in a positive way is, without a doubt, a competitive advantage for any organization.

And how do we protect ourselves?

While the technology that positively impacts us grows, so does malware and cyber-threats. These developing threats have a high human component and adapt to the various changes and stoppers that the cyber-security industry has put into action to fight them.

Therefore, in order to fight these threats, human response is absolutely necessary. As humans, we have a great ability: we are adaptable (yes, although we are talking about digital transformation we must remember that we are people). Fortunately there are cyber-security solutions for your business that support last generation technology and are capable of combining adaptability and human component, while allowing you to achieve an extremely high level of security.

Whether we like it or not, digital transformation is creating a new era… changing how we do things, how we live … and we are already fully immersed into it. We have a great opportunity to be more effective, efficient, fast and agile. The technology is there. Let’s take the bull by the horns and learn to protect ourselves like we already do in our analogue life. We will not regret it.

The post Cybersecurity: An Opportunity For Digital Transformation appeared first on Panda Security Mediacenter.

Panda Security

That no-good-Tinder-match wants to steal your money!

pandasecurity-tinder-botsMillions of people have been virtually stood-up by a potential partner that swiped left on the dating service, Tinder. To swipe left or swipe right—a decision made in an instant—is love in the times of the Smartphone…or so we think.

 

There is something that we didn’t take into account while using Tinder to find our future soulmates: many of our matches, and potential hook-ups, are actually robots that want to take us for all we’re worth. And unfortunately, these scammers are getting better and better at what they do.

 

Once they have established contact with their victim, the scammers use Tinder’s chat service to message their victim a link that will lead them outside of the app, usually to a premium service that takes users to a payment area (or any area where they may have to submit credit card credentials).

 

A seemingly less-dangerous variant of this scam encourages the victim to download some type of software, so that the bot’s creator can pocket some change for every visitor they deceive. In the worst cases, the download will contain a malicious code that might infect the victim’s phone.

Your “match” will lead you to a premium service area where you will have to pass through a payment page.

 

How can I detect them?

 

You will be able to recognize these scammers by the type of actions they attempt to carry out, like asking you to exit the app to an external private chat, tempt you with a better “glimpse of them” by asking you to pay for “their” videos or photos, or even try to play a game with you to see if you can beat them. They might attempt the classic “Nigerian Prince” illusion, and ask for a money transfer so they can buy a ticket to come see you, since they are so far away.

You can recognize these robots by the appealing yet limited phrases they use

 

You can also recognize the Tinder bots by their profile photos. The scammers use photos of models and actors from the internet, sometimes from pornographic pages, to attract their victims. If the procedure is automated, the language used will be very limited…whatever you say, the response will be similar. If you find anything like this, be suspicious!

The post That no-good-Tinder-match wants to steal your money! appeared first on Panda Security Mediacenter.

Panda Security

Project Abacus: The End Of All Passwords

pandasecurity-abacusGoogle wants to kill passwords. They have developed Project Abacus, a system that aims to make passwords obsolete and secure your devices ten times more than a fingerprint sensor. So what’s the downside? This new privacy system comes at the expense of knowing absolutely everything about the smartphone’s owner. Its new security system is also… a creepy one.

To get rid of unlock patterns, passwords, or fingerprint readers on smartphones, Google has proposed a “trustworthy score” that will be calculated using your personal mobile devices, and deciding whether or not the terminal should be unblocked.

To obtain this score, the smartphone will use all of the user’s information: movement habits, typing speed, location and even biometric data, like voice or facial recognition. In summary, by using the combination of this information, the smartphone will know if the person attempting to unlock it is its owner.

To achieve what it aims to do, Google must constantly keep track of our smartphone use. Your employees will be spied on 24/7 from their personal devices while Project Abacus makes their digital life more secure and comfortable. With Project Abacus, all of your personal information is in Google’s hands.

When Your Apps Spy On You…

The search-site’s plan does not only happen to use this system to unlock Android devices, but it goes far beyond that: the company has announced that it will launch an API so that developers can use Project Abacus as an identification method in third-party applications. The days are numbered for stored passwords and two-step verification. Not only will Google have access to employee information, but any company that uses Project Abacus will be able to use it as a security system.

The problem with Project Abacus is not only the fact that Google and other businesses would have access to the data collected from the phones, but they could also spy on us in real-time. Passwords would no longer be the objective for cyber-attacks. The new goal for cyber-criminals would be to obtain the huge amounts of personal information that would be available about your company and its employees.

Google is taking measures that could be a good compliment to a computer security system, but it is important to remember that they are also increasing the likelihood of a cyber-attack by accessing so much personal data from users. Cyber-criminals are constantly reinventing themselves and putting your at risk, so it is essential to protect your company with the most advanced cyber-security solutions.

The post Project Abacus: The End Of All Passwords appeared first on Panda Security Mediacenter.

Panda Security

The Most Effective Tools to Keep Your PC Malware-free

pandasecurity-panda-cloud-cleaner

Malware creation continues to break records on an international level, as proven with the data from Q1 of 2016. Experts are identifying new malware samples every day that endanger the internet security on all of our devices.

Our day-to-day lives are effected, if not immersed, in unprecedented technological changes. As the world continues to become more digital, our personal and work environments continue to be susceptible to the +227,000 new threats that lurk on the internet.   Although our online habits continue to change and reflect these developments, we must remember that technology also opens the door for extremely aggressive cyber-attackers who are financially motivated. But, if we take preventative and adequate security measures, we will be able to protect ourselves from financial harm.

Panda Security would like to accompany our users in their digital transformation by offering solutions for a wide variety of devices and for different budgets; let’s work together to prevent, detect, and remove any kind of malware that is trying to sneak into your computer (and your bank account). Taking care of our computers’ “health” is the best way to save money… don’t wait until it’s too late! Tools like our Panda Cloud Cleaner are the best for working against cyber-crime.

In a recent test comparison, Panda Cloud Cleaner has proven to be one of the best free anti-virus tools in the market. Among the number of solutions tested and analyzed, Panda Cloud Cleaner was rated as outstanding in analysis modes (it is both fast and complete), and was able to eliminate all malware without having to install another anti-virus tool.

pandasecurity-table-cloud-cleaner

As you can see, Panda Security’s solution is rated as one of the most effective solutions for detecting and disinfecting malware.

Businesses maximize their profits by taking advantage of the newest technology and latest products that are lighter, more efficient, and easy-to-use. One of the tools you can add to this is the newly designed Panda Cloud Cleaner, with new ways to detect, disinfect, inform, and protect from the start. Panda’s top priority is to keep users safe and maximize security in all aspects of our digital lives.

The post The Most Effective Tools to Keep Your PC Malware-free appeared first on Panda Security Mediacenter.

Panda Security

Do Your Employees Download Pirated Software? How To Prevent It:

pandasecurity-software-1There are many popular programs that might be available on a user’s home computer, but that are not available at their workplace. A popular image editing program like Photoshop, or Microsoft Office, might be too expensive for a small or medium-sized company that could opt out for more affordable, or even free, software solutions.

However, some employees are unwilling to conform to using these less popular tools, and often, they try to install pirated versions on their computer at work (that are unauthorized on their company computers). The consequence of downloading pirated versions goes far beyond the obvious legal repercussions, which can be very serious for companies. Pirated software is one of biggest entry doors for malware to enter companies.

Pirated software is one of biggest entry doors for malware to enter companies.

To prevent employees from using unlicensed software, which has the potential to compromise your company’s computers, it is essential to establish a proper software management policy (SAM).

pandasecurity-software-2

First of all, businesses should maintain an updated inventory of all active software (i.e., a list of all licensed programs and the workers who use them). Overall, this will serve to detect the programs that are necessary for employees’ work, and which ones should resign.

It is also important to control the detailed information associated with these licensed programs: when the program was bought, when it needs to be renewed, if there are any updates or patches that have not been downloaded yet; this will prioritize our resources so we are able to control budgets and facilitate decision making.

Businesses should maintain an updated inventory of all active software in order to better manage budgets and facilitate decision making.

It is also important to educate and sensitize workers about good practices in relation to software. Unfortunately, on many occasions the company technical departments are unaware of the programs that their colleagues are installing without permission. In fact, around 30% of employees use tools that their bosses don’t know about.

The problem is bigger than it may seem. In 2015, according to a study by the Business Software Alliance (BSA), 39% of software installed on computers worldwide are unlicensed. Those companies using unlicensed software programs are basically drilling holes for cybercriminals, giving them a way to enter their systems and allowing them to endanger their company with malware.

Downloading pirated software increases the likelihood of having a cyber-attack. It is important that you protect your business with advanced cyber-security solutions, like Adaptive Defense 360.

The post Do Your Employees Download Pirated Software? How To Prevent It: appeared first on Panda Security Mediacenter.

Panda Security

Comment on How to Recover a Stolen Smartphone by Tony

Hi,

Have to say this actually does work really well and used it first hand. I lost my phone (well left it at the checkout in the supermarket) and had received via emails a picture of the person trying to unlock it. I had reported it to the police who did try valiantly to locate and identify the person with my handset, they had some hot leads but alas nothing. Even though I’d lost it, it’s classified as stolen by the person who had it…never knew that.

After 6 weeks i posted on facebook the details of the phone, where i’d last had it, the geo-location and picture of the person.

I got my phone back within 48hrs.

BOOM, nice one Panda :) (and thank you to social media and those who shared the post)

Panda Security

Good-bye Before H-Allo: Experts Don’t Approve of Google’s New Messaging App

Allo_FOTO1

During their annual developer event, Google I/O, the superior search engine introduced the public to Duo and Allo, which have been …. In the market of instant messaging apps, compared alongside its rivals of WhatsApp and Facebook Messenger.

Google’s main dish, Allo, has raised the bar of virtual assistants and bots, which are going to revolutionize the way we interact online. The tool will learn how to talk-the-talk—it will be able to capable of human interaction without having to pinch their brain or move a finger.

 

Allo will protect messages using end-to-end encryption

 

If, for example, you are invited to go out to dinner, the app will not only suggest a phrase to help you accept the invitation, but that will also book the restaurant for you, if you want it to, AND the restaurant chosen will be in-line with your preferences. According to Google, Allo will do all of this without compromising our privacy and security. As with WhatsApp, Allo will include end-to-end encryption to protect our messages.

So what is the problem? The chat encryption… which has become an extremely controversial topic. The security measure in the app will not be enabled by default, it will only work after we have activated incognito mode.

Thai Duong is one of the Google engineers responsible for the chat’s development. He wrote about this on his blog, but soon after, he deleted the paragraph. He wrote, “if the incognito mode with end-to-end encryption and disappearing messages is so useful, why not use it by default in Allo?” Many of us are wondering the same thing, which is precisely the reason Duong decided to remove the post, which would have made him into a voice for change or activism.

“Google’s decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe”, said the ex-analyst on Twitter, bringing to the light the NSA’s dirty laundry. “Avoid it for now”, he warned his followers.

 

Another privacy-defender, Christopher Soghoian, has also decided to voice his opinion against the decision that was taken by “Google’s legal teams and company” in order to avoid “upsetting the government”.

The post Good-bye Before H-Allo: Experts Don’t Approve of Google’s New Messaging App appeared first on Panda Security Mediacenter.