Category Archives: Panda Security

Panda Security

Panda Security

Careful! Phishing Targeting Google Play Android Developers!

We have detected a phishing campaign targeting Android developers who are publishing their creations in Google Play, Android’s official app store. The from field in the email comes from “Play Developer Support”, with the subject “Update your Account Informations”, as you can see in the following screenshot:

phishing developers

If you click in the link provided, you are redirected to a web site that looks like Google, although obviously it isn’t:

phishing gmail

Phishing attacks are designed to steal credentials and users’ identity, that’s why they are extremely popular targeting financial entities and all kind of payment platforms’ customers. This case, however, it is different in the sense that they are not looking to syphon the victims account, the want those credentials because they can use them to spread malware through Google Play.

The most worrisome thing is how easy it would be to automate all the process for criminals. You just need to:

Phishing attacks are designed to steal credentials and users’ identity, that’s why they are extremely popular targeting financial entities and all kind of payment platforms’ customers. This case, however, it is different in the sense that they are not looking to syphon the victims account, the want those credentials because they can use them to spread malware through Google Play.

The most worrisome thing is how easy it would be to automate all the process for criminals. You just need to:

  • Build a crawler (there are a number of open source projects to help out in this task) to download information of all apps published in Google Play.
  • Parse that information to obtain developers’ email addresses.
  • Sent out a personalized phishing campaign, even the phishing page could be personalized for the specific developer so the “conversion rate” is better.
  • As the attacker has the information from the apps published by each developer, it could be built an alert system to warn him each time a developer with a popular (millions of downloads) app has fallen in the trap.

From here, one of the easier (and unsophisticated) attacks would be to publish malicious apps using that account. Imagine that someone gets to steal the developer credentials of Candy Crush and publish Candy Crush 2 on the developer behalf…

If the attackers were skilled enough, and find a way to modify the current app of the developer without using the private key (this one cannot be obtained with the stolen credentials), they could publish an updated version of any app. In the example above, imagine that the attackers create an update of Candy Crush with a hidden Trojan in it: hundreds of millions of users would download and install it without ever suspecting they are being compromised.

The post Careful! Phishing Targeting Google Play Android Developers! appeared first on MediaCenter Panda Security.

Panda Security

Do you accept app permissions without reading them? You should be more careful!

A smartphone is nothing without its apps. Looking around the apps store is something we do quite frequently, either by necessity or to see what’s new or which game is most popular. And probably, while you are there browsing you end up downloading one or two.

That’s when Android users have to accept certain permissions of their new application. Apple users approve these permits the first time they use the app or certain features.

Applications request access to certain data and features of your device. As expected, maps apps ask for permission to use GPS and locate your device. However, most applications ask for more permissions than they should, which means that we are taking a few risks just by accepting them.

broken smartphone

One of the most shocking examples is the flashlight apps. For using them you don’t need to sing in and they are free. However, when installing the app we have to accept permissions which have nothing to do with the app’s purpose, as knowing their location thanks to GPS data, taking pictures, recording audio or even reading our text messages.

App Permissions – Read before accepting

Facing that avalanche of totally unnecessary permissions, the best thing users can do before installing an application is to look closely at what information the app wants to access.

Most of these times, these permissions do not respond to a real need for the application to function, but serve to create an advertising environment that adapts the location and the user’s interests. Hence a flashlight wants access to GPS or a QR code reader asks permission to view your browsing history and your web markers.

The users take several risks when they systematically accept these permissions. On the one hand, they are letting developers to know their location or their Internet habits, and the final destination of this information is not clear at all.

But the situation may be much more serious if there is a security breach in the application’s meat that allows cybercriminals to access your smartphone through these permissions.

So, giving full access to Internet could result in cybercriminals taking advantage of the connectivity to download malware to your device or to steal passwords transmitted through Wi-Fi.

However, security breaches and cybercriminals are not the only risks that a user may face when approving the requested permissions. In fact, they are not even the most common. The major risk is users handing over their data to apps development companies, and these companies end up sending their users’ private information to analysis or advertising companies.

These permissions can also lead, in the case of downloading malicious applications, to scams related with calling services and premium messages, which do not provide any service for the user but charge exorbitant prices for each message.

Finally, when you download and install an application, the best thing you can do is to stop and analyze if the permissions required are necessary and, especially, if the developer can be trusted.

Checking this before approving permissions willy-nilly can avoid any surprises, or at least, our data falling into anybody’s hands.

The post Do you accept app permissions without reading them? You should be more careful! appeared first on MediaCenter Panda Security.

Panda Security

Cryptolocker in Companies – Interview with Juan Santesmases

Cryptolocker is the threat that everyone is talking about. It affects both home users and companies though, in many cases, companies are more exposed due to the large amount of confidential information they handle.

Juan Santesmases, Vice President Product Management & Business Development at Panda Security, explains what Cryptolocker is and how companies can deal with it.

Juan Santesmases

Cryptolocker has been the talk of the town in IT security circles over the last few weeks… What makes it different from the rest of threats that companies face?

Cryptolocker is a type of targeted attack, and like all targeted attacks, it requires great sophistication and, consequently, a great investment from the cybercriminals who launch it. The damage caused by this targeted attack is not very different from that caused by other attacks suffered by companies every day. The big difference is that, in this case, the target company is aware of the attack because the malware itself notifies it to the infected user, who knows from the start how much it will be to retrieve the stolen information. Hence its great popularity among cyber-criminals.

However, there are many other targeted attacks equally or even more harmful than CryptoLocker which in many cases go unnoticed by companies and end users. Especially if they involve theft of vital business information, such as customer data, product development plans, or sensitive personal information such as banking details. Even if detected, these attacks are often not publicized due to the impact they may have on a company’s reputation. We have seen attacks like these suffered by Sony, Google, Amazon, Target, and many other companies.

What do cybercriminals want with this type of attack?

Cryptolocker is a type of malware known as ransomware. This particular kind of malicious software is designed to hijack the victim’s data and demand a ransom for it. The high volume of this “market”, which has every characteristic of a traditional market, with its supply and demand, makes it very profitable for criminals, who invest large sums of money to develop this type of threat.

Is there any way to identify it?

It is really difficult. Generally speaking, companies are very unprotected against this type of attack, hence its high rate of infection and the echo it receives in the media. This vulnerability is due to the fact that traditional detection mechanisms, such as email or Web filtering systems and antivirus solutions, are simply not effective enough.

To a greater or lesser extent, traditional detection mechanisms are based on comparing software, URLs, or email signatures with known patterns of previously detected and classified threats. However, with an average of more than 200,000 new malware samples put in circulation every day, this type of strategy has become obsolete. Despite the investments made by security vendors to improve the efficiency of their traditional protection mechanisms and reduce reaction times, they continue to be just that: reactive mechanisms. In the end it becomes a race between criminals and security vendors that we do not always get to win.

That’s why we need a whole new approach to protection. Something Panda realized seven years ago, and has culminated in the development of Panda Adaptive Defense, our persistent threat protection system that is able to stop Cryptolocker and, more importantly, its variants.

What differentiates Adaptive Defense from other solutions?

First, Adaptive Defense is a service rather than a solution. Adaptive Defense evaluates and classifies all applications running on customers’ endpoints, based on the analysis of more than two thousand actions that each application can perform. This process takes place largely automatically in our Big Data Environment, and is complemented with the manual analyses carried out by our security experts at PandaLabs.

The continuous classification and monitoring of all applications has allowed us to not only identify and categorize malware, but also goodware and its vulnerabilities. Our database contains more than 1.2 billion goodware applications. Thus, while a traditional antivirus solution blocks known malware and assumes that any other application is benign, with the risk that that entails, Adaptive Defense only allows the execution of applications cataloged as goodware.

It could be argued that there are already whitelisting tools with a similar approach. However Adaptive Defense goes beyond traditional whitelisting, doing all the classification work automatically and transparently to the company’s system administrator.

Finally, as it is installed on the endpoint, Adaptive Defense provides full visibility into all applications installed on the device, notifying security administrators of any threat detected and allowing them to take remediation actions against them.

Targeted attacks, advanced persistent threats, Cryptolocker… No one can doubt that companies are in the crosshairs of cybercriminals.

As I said before, cybercrime has become a very profitable business for criminals. The resources and tools available to criminals are so important that no company, regardless of its size, is out of their reach. In Spain, all of the companies in which we have deployed our solution, regardless of their size or the safety measures in place, had endpoints whose security had been compromised to a greater or lesser extent. In fact, according to INCIBE (Spain’s Cybersecurity Agency), the economic impact of cybercrime in Spain during 2014 amounted to €14 billion for businesses.

Our mission as IT security vendors goes beyond developing more effective products and services, we must raise awareness and help businesses implement adequate protection strategies.

VISIT ADAPTIVE DEFENSE

The post Cryptolocker in Companies – Interview with Juan Santesmases appeared first on MediaCenter Panda Security.

Panda Security

Panda Security continues to expand internationally through organic growth and innovation as it celebrates its 25th anniversary #Panda25years

Panda Security has reason to celebrate. Today the multinational developer of security solutions designed to protect the digital lives of individuals and organizations alike  is celebrating  25 years in the vanguard of IT security, not just in its native Spain, but all around the globe. Panda Security, with a direct presence in more than 80 countries and products distributed in around 200, has announced that Italy and Denmark are set to join its network of subsidiaries, as two important markets for the company’s European business. With these latest additions, the company now has 16 subsidiaries:  Austria, Belgium, Brazil, Canada, Denmark, Finland, France, Germany, Holland, Italy, Mexico, Portugal, Spain, Sweden, United Kingdom, and the U.S.A.

This internationalization process, which represents one of the pillars of the company’s four-year strategic plan, is further bolstered by the consolidation of its presence in markets where it is already strong, -Western Europe, the USA, Latin America-, for example with the recent inclusion of Panama in its ‘Country Partner’ model.

Moreover, in the coming months, Panda’s international expansion plan will also see it strengthen its position in emerging markets such as China, Russia and India.

New strategy for the 25th anniversary

In the year of its 25th anniversary the company has adopted a new corporate identity that reflects Panda’s commitment to simplifying the apparently complex, through the concept of ‘Simplexity’. This concept underpins the company’s effort to provide new and improved solutions to safeguard users’ digital lives.

“Our mission is to offer users a simple, fast and effective solution, which is always the product of our innovation. Throughout these 25 years, Panda has never ceased to innovate and to be in the vanguard of technology. We are positioned as visionaries with the implementation of technologies like Cloud Computing or Big Data Analytics which were totally disruptive some years ago. Now we are looking ahead to another 25 years with energy and enthusiasm, and with the certainty that we have all the resources we need to continue leading the way”, explains Diego Navarrete, CEO of Panda Security.

25th anniversary

Diego Navarrete, CEO of Panda Security

The company is set to embark on a four-year strategic plan, centered on internationalization, on maintaining the pace of growth –both of sales and product portfolio–, and on driving forward new technologies and strategic alliances that respond to market trends such as the Internet of things, Big Data, Cloud Computing or mobility.

To celebrate its 25th anniversary, Panda Security has prepared an infographic outlining the major milestones from the company’s history, which you can download here.

 

The post Panda Security continues to expand internationally through organic growth and innovation as it celebrates its 25th anniversary #Panda25years appeared first on MediaCenter Panda Security.

Panda Security

25 years of security and innovation

It’s Panda’s Birthday. But this 2015 is not an ordinary anniversary. Tomorrow, June 25th, we turn 25, no more, no less!

Panda was born in 1990, which was also the date of the World Wide Web development, what a coincidence, right? It has been 25 years in which we had time to do many things but, at the same time, time has flied! 25 years researching, developing, analyzing and protecting our customers, both corporate and home users, against all Internet threats.

Despite all we could tell you here, it wouldn’t be enough! So, we think the best thing that we can do is to give you an overview of our 25 years of history with images. Thank you so much to all of you who have been part of it! :)

panda software

 

CeBIT 2001

CeBIT 2001

 

Bilbao Offices

Bilbao Offices, 2001

 

cebit, 2002

CEBIT, 2002

 

Cebit

CEBIT, 2003

 

PandaLabs

9 years ago… PandaLabs (2006)

 

panda - one step ahead

 

1st security blogger summit

1st Security Blogger Summit, 2009

 

panda-tres cantos

Old Offices in Tres Cantos (Madrid)

 

panda - the cloud security company

 

panda booth

Panda Booth at SIMO. 2007

 

open-windows

Open Windows Premiere. Madrid. 2014

 

news conference

Introducing Panda Security 2015 to the Media

 

Panda Security logo

 

Panda Kick Off

Panda Kick Off. Bilbao. 2015

 

simplexity

We’re Simplexity!

 

Congratulations and let’s enjoy another 25 years together! :)

 

birthday cake

The post 25 years of security and innovation appeared first on MediaCenter Panda Security.

Panda Security

Apple reinforces security with iOS 9 and OS X El Capitan

Apple

Moscone Center in San Francisco (California), the same convention center where Google or Intel hold their events, welcomed around 5,000 developers between June 8th and 12th. All attended Apple’s annual Worldwide Developers Conference (WWDC).

Cupertino’s company officials revealed some of the features of the brand’s new operating systems, which are already available in their beta version. IPhones and iPads will update to iOS 9 and Mac computers to OS X 10.11 El Capitan, named after a vertical rock formation in Yosemite National Park (California).

In addition to the changes aimed to improve the user experience, in both new versions many of the innovations have to do with security. An aspect in which Apple has insisted over the past years.

One of the most obvious changes affect passwords. To increase the level of protection, the devices running iOS 9 after the update will require six digits passwords, instead of the standard four-digit one. However, you will be able to choose from several options: you can use a custom alphanumeric code, a custom numeric code or, as it was so far, a four-digit numeric code.

Apple ID

For those who decide to join the new format, this new passcode will make it more difficult for cybercriminals who want to take control over your phone or tablet. It allows over a million different combinations, significantly more than the 10,000 allowed by the current authentication method.

On the other hand, developers will have the best tools to guarantee the security of applications in their hands. With them, they will be able to connect their apps to the Internet via virtual private networks (VPN), a technology that allows a device to send and receive data in a public network with, in theory, as much security as if it was private.

Another important innovation is related to the Secure Socket Layer (SSL), which includes the protocols that encrypt communications over the internet. iOS 9 allows users to configure their system so that all internet connections made by their applications use HTTPS, a secure data transfer protocol.

In addition, Cupertino’s team ensure that the protocols will be updated constantly to avoid security vulnerabilities.

Safari has also improved its security measures. On the one hand, the extensions will have a certificate from Apple. Developers can distribute extensions with their own signature, but the apps will not be updated by themselves.

On the other hand, this new version includes extensions to block content (‘Content Blocking Safari extensions’), a way of preventing the execution of cookies, pop-ups, automated videos and other web content.

Despite the rumors for iOS 9 that suggested it would be ‘rootless’, which means it would not be possible to gain access to root directories, this feature does not exist in the beta versions. It is true that Apple has changed the administrators’ privileges in OS X El Capitan, so they cannot modify any of the options of the critical system files. The measure prevents the installation of some types of malware, and its persistence. There are also those who think that it will serve, rather than to protect the security, to avoid that users apply the dreaded ‘jailbreak’ to Apple’s devices.

The post Apple reinforces security with iOS 9 and OS X El Capitan appeared first on MediaCenter Panda Security.

Panda Security

Panda Security reached again 100% protection rate in AV-Comparatives’ tests

Panda Cloud Antivirus has achieved a 100% of malware detection rate, according to the last results published by AV-Comparatives in their montly report “Real-World Protection Tests”.

malware detection

The best news is that we have accomplished these results for two months in a row, Panda Cloud Antivirus’ efficiency and effectiveness is indisputable. This is an example of our capacity to improve and grow as a company.

Here you can get the complete report file, and the dynamic chart from the AV-Comparatives web.

The post Panda Security reached again 100% protection rate in AV-Comparatives’ tests appeared first on MediaCenter Panda Security.

Panda Security

Security in Windows 10: an app guardian, biometrics and the end of passwords

windows 10

The date approaches. The next version of Microsoft’s operating system will be released on July 29 as a free upgrade for all users of Windows 7 and 8/8.1. Although, the corporate sector will have to wait a little longer: Windows Enterprise next edition will come later, but it will also be available through 2015.

The ‘back-to-school’ campaign and its traditional increase of computers sales, is the setting chosen by Redmond to deploy their new and expected product, a software that four million users have already tried in its ‘beta’ phase thanks to the Windows Insider Program. It is an unfinished product, with many details to sand, but it already allows to outline the general lines of the new operating system.

Beyond Cortana’s integration (the virtual assistant from Microsoft that gives Apple’s well-known Siri a run for his money) or the debut of Edge (the successor of the illustrious browser Internet Explorer), some new features of Windows 10 are especially interesting when it comes to security.

On the one hand, what we have already told you: Windows virtual store will include Android and Apple apps, which must exceed strict controls in order to add them to the Windows ecosystem. On the other hand, the catalogue of protection measures increases. These are the three most relevant:

Device Guard

It is responsible for monitoring the applications access to Microsoft. Basically, it will stop all programs that are not signed by their creators and Windows Store, and will only allow to run those which prove to be trusted.

“To help protect users from malware, when an app is executed, Windows makes a determination on whether that app is trustworthy, and notifies the user if it is not”, explained Chris Hallum, Microsoft security expert.

In addition, this decision making will take place in isolation, in a different environment, so that the machine will be protected from malicious applications even if an attacker has managed to compromise the rest or other part of the system.

windows desktop

Windows Hello

That biometrics is the identification’s future, it is something that already everyone is aware of, and Microsoft is not going to be an exception. While Google announced that its upcoming mobile operating system, Android M, will be compatible with iris and fingerprint readers, the company ran by Satya Nadella is preparing Windows next version to welcome these authentication systems.

We will have to say goodbye to passwords, of course, but only if the manufacturers get their act together. So, home users and employees of a company will be able to prove their identity thanks to biometrics and computers will have to incorporate scanners capable of reading this information. At the moment, all machines equipped with Intel RealSense 3D camera will be compatible with facial recognition, which allows the user to start the system without introducing any key or to unlock Passport without a PIN, among other things.

windows

Passport

This is the second nail that Windows 10 has hammered in the coffin of old passwords. First, you must unlock it, proving that the person using the device is in fact the owner thanks to a PIN or to the above mentioned biometric information collected by Windows Hello. Then, Microsoft’s digital passport will allow you to navigate inside and outside the operating system without having to enter a ‘password’ every time you go through customs.

Applications, social networking, e-commerce sites… Almost everything that today asks you for a password, tomorrow will know you’re the one who wants to enter… and not an impostor with ill intentions. Thanks to this new security measure.

The post Security in Windows 10: an app guardian, biometrics and the end of passwords appeared first on MediaCenter Panda Security.

Panda Security

The cost of cybercrime is multiplying

The damaging effects of cybercrime are bound not only to a matter of bad image and corporate reputation, but they also cause significant economic losses to companies and individuals who suffer from this type of incident. In fact, this figure is increasing, according to a report recently released by the information technology consultant Juniper Research, which puts the accent on the increasing professionalization of hacktivism and cyber crooks in general, and on the fact that the financial targets that the evil-doers are set in the digital world are increasingly ambitious.

dinero cibercrimen

In particular, in this study “The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation” the analysts estimated at $ 2.1 trillion the cost of data breaches globally by 2019, no more and no less than four times more than what is estimated it will cost this year 2015. The increasing digitization of the end users and companies’ assets is one of the elements that is causing being attacked has an increasingly greater economic cost.

More attacks but where?

Interestingly, according to the report, although more and more threats occur through mobile devices (the platform Android, owned by Google, is the most widespread on the market and is in this sense the most attacked. Cyber-attacks are also expected through the so called Internet of things, a concept which refers to the large number of objects connected to the network in the near future (from cars to appliances and many sensors, etc.), it is true that the vast majority of security breaches will occur in existing IT and network infrastructures.

As James Moar an analyst at Juniper Research explained: “Currently, we aren’t seeing much dangerous mobile or IoT malware because it’s not profitable”. According to the expert the kind of threats we will see on these devices will be the popular ransomware, a technique that locks down the victims’ devices until they pay a ransom to recover their systems and information.

Even so, we should emphasize that other consulting firms such as IDC consider that we must be vigilant with regard to security breaches produced through the Internet of Things. A recent study by the analysis firm pointed out that, in 2016, nine of every ten technological networks will have suffered a security breach relating precisely to the connected objects.

In terms of the geographical location where the security breaches will take place as predicted by the experts from Juniper, North America is the area coming off worse; in fact, it will suffer 60% of the incidents expected to occur this year 2015. Facing the coming years it will go, however, giving way to other countries which are beginning to emerge with greater wealth and digitization of their societies and economies, and which will also begin to suffer more security attacks of this type.

Another fact to keep in mind: the consultant firm predicts that the average cost of a data breach in 2020 will be over $ 150 million since there will be more and more connected business infrastructure. According to the Spanish National Cryptologic Centre (CCN) 2013 data, cybercrime moves in the world about $ 575.000 million, i.e. an average country’s GDP and more than what drug trafficking produces across the globe. In Spain, according to the same source, around 200.000 incidents occur daily although most of them with a very low intensity.

Cybercrime actors and hacktivists go pro

Another of the highlights of the report is that, according to Juniper, cybercrime is becoming more and more professional. Moreover, already last year the first cybercrime products appeared on the market (yes, software for creating malware). A trend in recent years was that hackers only penetrated the computer systems for the recognition of having accomplished their computer deed, but now they have given way to real cyber-criminals and extortionists.

On the other hand, hacktivists, i.e. those individuals who use illegal or legally ambiguous digital tools to achieve political goals or of another type (web site defacement, redirecting, denial of service attacks, data theft, web site parodies, virtual solutions, virtual sabotages, software development, etc.) will act less during the coming years, according to the consultant, but they will be more significant and better organized through social networks.

The post The cost of cybercrime is multiplying appeared first on MediaCenter Panda Security.

Panda Security

Need help fixing the iOS text message bug causing iPhone crashing/reboot?

iphone

Something as simple as an SMS has threaten Apple and its iPhones. A security flaw has been found in Cupertino’s Smartphone, it is one of those text messages which gives the user a nasty surprise: when you receive it, your iPhone reboots.

The SMS that causes the device’s failure is not an ordinary text message. Therefore, it is virtually impossible that users receive this SMS by accident. The bug is a text string with symbols and Arabic characters in a specific sequence, which causes iMessage to collapse and the iPhone to reboot.

Just like you have seen in the video, it is not necessary that the user access the messaging application. As soon as you receive it, the device reboots. If that wasn’t enough, once the iPhone is back on, it is not possible to access the messaging application to eliminate the malicious conversation: it is blocked.

In addition, the SMS has not only highlighted the existence of a vulnerability in iPhones, but it also caused iPads, Macs and even the brand-new Apple Watch to crash too.

The company has already announced that they are aware of the vulnerability and that they will solve it through a future iOS update.

sms iphone

Are we still in danger?

Meanwhile, the controversial SMS continues to cause chaos on Apple devices. Putting an end to its effects is not easy, but fortunately, there are some fixes available to re-open the Messages app:

  • Ask the person who sent you the malicious SMS to send you another text message so the conversation continues, cancelling the effects of the first. Once received a second message, the user can access the conversation list and eliminate it.
  • Ask Siri. This is the solution proposed by Apple, but this time you will be the one paying for the SMS as you will be the one sending it. After receiving the damn message and seeing how the device reboots, the user could ask Siri to “read unread messages”. Siri won’t be able to read the SMS and will ask you if you want to reply. In that moment, you will be able to dictate a message to Siri, so the last strand of the conversation is not the one that causes the system’s failure. This way you will be able to access the conversations lists and delete the thread.
  • Send a picture via the Photos app, which will allow you to access the message history and then delete the conversation, at last.

All this taking into account that the character strand that causes the failure in the system is not a usual message. If you receive it, it is because your prankster friend or someone else wants to give you a hard time. So, until Apple launches the next iOS update we will need these tricks to fix this problem.

The post Need help fixing the iOS text message bug causing iPhone crashing/reboot? appeared first on MediaCenter Panda Security.