Yeah this is unacceptable. A giant company using its position to throw spam and adware at you. Of course they are the ones funding the politicians so they can do whatever they want.
Category Archives: Panda Security
Panda Security
Billion Dollar Sting: A Financial Corporation’s Worst Nightmare
For years cybercriminals have had their focus on money, and most specifically in the financial system. For more than a decade they have been mainly targeting the weakest link in the chain: the final user that uses online banking services. This approach has some benefits for these cybercriminals: poor security in the end user, small money thefts that can go undetected for some time, etc. However it also has some cons: need of money mules, being able to find (infect) a victim that is using one of the targeted banks, avoiding antimalware software, etc.
In other words, they can make a lot of money, but at the same time it will require a lot of effort from their side.
Where is the big money? Financial institutions themselves. There is no discussion about this. However it is hard to break into them, and even more complicated to understand how their specific internal systems work in order to be able to fully compromise them, take the money and leave without leaving a trace. It requires a great investment to gather all the intelligence needed for this kind of heist, it is not easy to perform and it might require several months, if not years, of careful planning. Anyway it is worth it if 1 billion dollars can be stolen in just one hit.
This is basically what happened in February at the Bangladesh Central Bank, where attackers infected their system with malware specifically created for this attack and tried to make fraudulent transfers totaling 951 million dollars. That money was in the account Bangladesh Central Bank had at the Federal Reserve Bank of New York. Gladly most of the transfers could be blocked, and “only” 81 million dollars were stolen. But this was not the only case.
Tien Phong Bank, a Vietnamese bank suffered a similar attack in the last Quarter of 2015. That time cybercriminals also tried to make transfers through SWIFT, although the bank could realize in time and could halt the 1 million dollars transfers already on route. And a few months earlier, in January 2015, a bank from Ecuador –Banco del Austro –was hit in a very similar way, and 9 million dollars were stolen.
What are the similarities among the three cases? Malware was used to perform the attack, and all the money transfers were made using the SWIFT network. SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a cooperative society formed by thousands of financial institutions around the world. Founded in 1973, it provides different services to their members. The secure transfer of money among banks is one of the services offered and processed by the SWIFT network.
The biggest concern was if the SWIFT network, that was believed to be secure, had been compromised. If this was the case the entire financial system could be at risk. It looks like this was not the case and SWIFT has issued a press release where it clearly states this: “the SWIFT network, core messaging services and software have not been compromised.”
However, that depends on the point of view: cybercriminals successfully used the SWIFT network to perpetrate these heists. And they took a similar approach as the one described in the beginning of this article: target the weakest link in the chain. SWIFT provides a safe environment, but at the end of the day, each financial institution has its own internal system that communicates with the SWIFT network. In the same way cybercriminals were targeting final customers with banking Trojans, now instead of going after the SWIFT network, they are going after the banks connected to it. This means that, while we can say that the SWIFT network is safe so far, we can also say that there are potentially thousands of holes that exist, as many as financial institutions connected to them.
How did these attacks happen exactly?
There are still many unknowns, and some of them won’t ever be solved. These criminals have covered their tracks. In fact, the main purpose of one of the malware pieces used in the heist was to delete these tracks. One thing we know for sure: malware was used. How did it enter? For this we have two different options: there was help from an insider, or it was an external attack through Internet. Both seem plausible, even more so after we learned that the security infrastructure at the Bangladesh Central Bank was obviously not good enough.
If we take a deeper look at the Bangladesh incident, it was a highly sophisticated attack targeting specifically the Bangladesh Central Bank, but the way the malware is structured (using an external configuration file, which makes no sense if this was just a one time job) points out that we’ll find new victims. They will go after banks that have flaws / weaknesses in their security model, such as those that do not monitor the execution of software in their network, and so far the information we have on the other attacks confirm this hypothesis.
In their customer communication SWIFT tells all the banks that their first priority should be to ensure that you have all preventative and detective measures in place to secure your environment.
So that’s easy, right? How can we ensure that? Is there anything at all that can be done to completely prevent any new heist?
Criminals will keep trying, and eventually they may succeed. Anyway we know what they are after (money) and what computers they want to target (those connecting to the SWIFT network). Access to the SWIFT network is highly restricted, it can only be performed from certain computers and only certain users are allowed access to them. Those computers have to be highly fortified, and of course we are not just talking about having updated software and use an antimalware solution.
Only pre-approved software should be let executed in those computers. All executed processes have to be monitored in real time, logging everything that happens and looking for abnormal behaviors. It does not matter if the attack comes from the Internet or with the help of an insider. No unauthorized software can be allowed to be executed in those terminals, and the allowed one has to be protected with anti-exploit technologies and monitored in real time in case some abnormal behavior takes place.
Of course, if some person has physical access to a target computer, at some point they could disable any security solution, which is not a problem by itself if you can get an alert about it on the console used by the security team. Is there any better indicator of compromise than someone tampering with the security software installed in a critical system?
How to avoid these cyber-attacks
One of the most frustrating things that victims have to go through is the lack of knowledge of how the incident happened. How did it happen? When did it start? For how long? What did they do once the computers were compromised? Was there any confidential information leak? As an example, in the Bangladesh Central Bank case, three pieces of malware could be recovered after the incident, but that’s what there was left. Attackers probably used many other tools that were deleted and the victim won’t know anything about them.
Knowledge is power: being able to know how a security incident happened will help you fix any security weakness in your environment.
There are only a few solutions that are capable of delivering this level of service, Panda created Adaptive Defense for these type of cases and we already have financial companies, governments, and big corporations in different verticals (health, hotels, insurance, public utilities, etc.) actively using Panda Adaptive Defense. All of them suffer not just the regular cyber-attacks, but really targeted attacks against their assets. We have shown some of them, such as the one targeting a luxury hotel chain a few weeks ago or the one against oil tankers.
Our conclusion after studying these attacks is that If those banks would have had Panda Adaptive Defense in their SWIFT connected terminals, the heist could have been stopped in time.
The post Billion Dollar Sting: A Financial Corporation’s Worst Nightmare appeared first on Panda Security Mediacenter.
Most company training programs leave out important IT security information. Are you at risk?
Workers are the first and the weakest link in the security chain (including your boss), especially if they have not received adequate training to defend themselves against cyber-attackers. Sadly, if malware were to sieve into an employee’s Smartphone or mobile device it could potentially cost a company more than 8,000 euros. This is the beginning of the end, and opens the door for cyber-thieves to steal massive amounts of sensitive information from your company.
There are some basic tips that every company should give their employees to keep their personal data and computers protected against cybercriminals, like: confirming the identity of anyone requesting information, keeping passwords secure, and backing up their computer. Alarmingly, organizations are neglecting to share this security-related knowledge with their employees, as seen in a recent study.
46% of the companies who participated in the study assumed that this type of preparation or formation would be obligatory for all employees. But in fact, only 60% of the companies that have fallen victim to information theft oblige their workers to go through a learning period, which would educate them on internet security and ensure that confidential data will not be compromised.
As shown in a study, less than half of companies assumed that IT security training is obligatory for businesses
Sadly, for the companies who do have “training” programs, there is a lot of important information left out. In fact, many security training periods only educate workers about basic IT procedures. Approximately 43% of the surveyed companies offer a basic course for their employees, and usually they do not address many of the risks that often lead to cyber-attacks.
Phishing and social engineering are two main threats in our cyber-sphere, but only a small fraction (49%) of companies review them in their security courses. In addition, two significant topics that are barely talked about (if they’re talked about at all) at these training programs are: mobile device security (38% of courses include this subject) and Cloud security accounts (29%).
Knowledge is power. It is the greatest barrier against these type of internet-related attacks; the nightmare of a cyber-attack can be easily prevented if employees are taught how to use the internet in a responsible manner. Bots or no bots, when it comes to cyber-security strategies, humans are still a company’s greatest weakness or their greatest strength. Everything depends on the level of training that is available to them.
The post Most company training programs leave out important IT security information. Are you at risk? appeared first on Panda Security Mediacenter.
Comment on Registered the wrong email with paypal? Say goodbye to your money… by benito1130
Very interesting subject, thank you for putting up.
Comment on Registered the wrong email with paypal? Say goodbye to your money… by younghatley62
This website was… how do I say it? Relevant!! Finally I’ve found something which helped me. Appreciate it!
Wearable Technology: You’ll soon be able to project your Smartwatch onto your Wrist
Smart watches and fitness bracelets are joining millions of people on the mission to be healthier and more active. These devices are becoming part of our daily lives, and expanding the functions that we already use on our Smartphones.
According to the consulting firm IDC, in the first quarter of 2016, wearable technology sales have already increased, mostly due to the smart devices that monitor health and exercise. This sales increase has lead to a decrease in cost; the price of these watches, bracelets and other wearables has gone down this year. Now, there is an intelligent accessory for every budget.
With companies like Fitbit, Xiaomi, Garmin, Samsung, and Apple in the lead, this market is said to be one of the most profitable sectors for years to come. In fact, the number of wearable technology users has already doubled in the last two years, according to a study from PwC,
So far, Christmas 2015 has been the biggest expansion period for wearables. But as the sector grows and more options are available on the market, the array of choices could actually hurt the sale of wearables. To add, many users have already become bored of their wearables after using them for only a few months.
We will soon be able to project wearable screens onto human skin
One of the main disadvantages for most wearable technology is the small size of their screens (when they have them), but soon there will be a solution to this problem. There is now technology that allows for wearables to project onto human skin, converting the user’s arm, or any other part of the body, into an extension of the screen. But as always, with new advances in technology there are other limiting factors and in the case of wearables, it is their wavering cyber-security.
Yes, these devices track personal activity data like user movements and heart rhythm, but any personal information that gives cybercriminals insight into our personal lives is interesting data for them to steal. A number of researchers and experts have even warned us of the large number of vulnerabilities that exist in these smart accessories, like the ones in smart watches. This means that if an attacker manages to exploit these devices, there is a large possibility that they could discover a credit card PIN number.
An attacker could use your Smart Watch to find out your credit card PIN number.
Wearables are not as “fit” as we think, in fact, they are weak when it comes to cyber-attacks. Protecting your wearable accessory is just as important as any other device and fortunately, there are specialized security companies, like Panda Security, that will help you protect your wearables and private information that are at risk.
The post Wearable Technology: You’ll soon be able to project your Smartwatch onto your Wrist appeared first on Panda Security Mediacenter.
Comment on Have they hijacked your browser? Here’s how to fix it by Panda Security
Hello Jon,
Sorry about that. We have updated the links with the instructions in English. Have a nice day!
Are you among the 300 million Android users that don’t receive security updates?
One of the best things about Android’s operating system is the variety of options available with dozens of manufacturers from all backgrounds, hundreds of models on the market, prices for all budgets and features for all tastes. However, the same breadth and depth of product and service offerings which makes Android attractive is, at the same time, one of their main disadvantages compared to iOS.
With so many parts of this company involved in its chain of updates, the things Google fixes can take months to reach its many users, if it arrives at all. Android’s features make things a little easier for attackers: the security holes take a long time to be patched-up because these “fixes” have to go through several hands before finally getting to you.
Android’s features makes it a little easier for attackers
The annual Android security report that was published by Google reveals an alarming conclusion: the company recognizes that the monthly updates are not reaching that many terminals, more concretely, that 29.2% who do not have the latest software version, Kit Kat 4.4.4 onwards.
If there are more than 1 billion devices using this green robot, as said by the company itself, then we are almost 300 million people who are unprotected while waiting for patches.
There are almost 300 million that are unprotected while waiting for security updates
This reality tarnishes Google’s efforts to strengthen its standard security during this mobile era. The Mountain View brand claims to have analyzed 400 million devices a day in search of threats through Google Mobile Services. Meanwhile, the program Verify Apps has been able to keep the vast majority of phones and tablets away from malware, or at least to those whose owners who only download Apps from Google Play. Only 0.15% of the apps that were installed last year have a potentially harmful application.
Google did a great job with security improvements in its operating system’s latest version, Marshmallow 6.0, which includes full-disk encryption, an advanced permit system for Apps, fingerprint scanner support and other important developments that, unfortunately, many users are not able to enjoy these features yet.
This Internet giant promises to do everything possible to ensure that manufacturers quickly send these updates to their terminals, but while the system remains vulnerable, Android’s greatest virtue, variety, will continue to be its greatest disadvantage compared to iOS.
The post Are you among the 300 million Android users that don’t receive security updates? appeared first on Panda Security Mediacenter.
Comment on Do you Want to Install WhatsApp on Your PC? New Online Scam Announced on Facebook by sonto
I need to install whatsapp on my phone,plz 😞
Have they hijacked your browser? Here’s how to fix it
We’re sure your browser has been hijacked before. Say you decide to download a program you need from a seemingly reliable website (like Softonic), and you click “install” to begin downloading without really thinking about it. When it finishes downloading, you go back to the browser and you realize that one or more toolbars have appeared or that the home page is no longer Google. The search engine hasn’t changed too much in appearance, but it is not the same one as before.
This is very common and is called browser hijacking. Why has the start-up browser page changed and how can I fix it? A malicious program—or at least an unwanted one—has corrupted your computer. Another example: While installing part of the software, your browser’s options change without your permission. The way it changes varies, but the end result is usually the same: more advertisements.
You have changed the start page or have toolbars that you have not installed voluntarily.
The “kidnapper” is earning money thanks to this practice (which is sometimes harmless but always very bothersome). Depending on the malware that is installed on your machine, it can be more or less difficult to get rid of. Don’t forget to take precautions.
In this case, there is a measure that almost never fails: installing antivirus software and keeping it updated. Good security solutions are able to recognize the malicious programs and prevent them from getting into your computer.
What if it’s too late?
If it is too late and your browser has been kidnapped (ex. it runs slower than usual, displays advertising for unusual sites, you see toolbars that you didn’t install, the home page has changed or your searches are redirected), then you have no other option than to restore the configuration to get everything back to normal.
For the most popular browsers, including Google Chrome, Mozilla Firefox or Internet Explorer, you can restore the configuration using the simple instructions online.
The post Have they hijacked your browser? Here’s how to fix it appeared first on Panda Security Mediacenter.