Tag Archives: featured1

Panda Security

How to prevent phishing

Leave a comment

How to prevent phishing and keep thieves away from your money

Phishing – a hacking technique using fraudulent emails to trick people into handing over their bank account details – continues to be a major threat to personal security. Because these techniques are so successful, criminal continually refine them, making it harder than ever to avoid them.

Fortunately, there are a few steps you can take to better protect yourself – and they are all quite simple.

1. Don’t click links

Phishing emails are so effective because it is very hard to tell them apart from the real thing – they look just like the emails your bank sends. They are also intended to scare you, suggesting that your account has been compromised and you must act immediately to protect yourself.

No matter how concerned you may be, you should never click the links in an email. Even if you are 100% certain that the message comes from your bank.

Instead, you should type the bank’s address yourself into the browser window to make sure you are visiting the correct website. Once successfully logged in, you will be able to access electronic versions of the messages your bank has sent you – including any alerts. If the message is not repeated here, you can safely assume that the email was fraudulent.

You should also bear in mind that all banks typically send printed letters through the post when there is a serious problem with your account.

2. Get educated

All of the banks provide guidance on what a real email looks like – here’s an example from Lloyds Bank. Take a few minutes to acquaint yourself with the information provided and you’ll save yourself a lot of stress in future.

And just to re-emphasise the importance of never clicking links in an email, here’s what Lloyds has to say;

We never link directly to our Internet Banking log on page, or a page that asks for security or personal details.

3. Protect your PC

Computer security software, like Panda Gold Protection, include tools to identify and block phishing emails before you can be tricked by them. It is absolutely essential that every PC, Mac and Android smartphone you own is protected by some form of security software to stop phishing (and other cyberattack techniques) compromising your devices.

Once installed, don’t forget to carry out a regular scan (once a week is ideal) to check to see whether any malware or viruses have breached your defences. Malware can be just as damaging as a phishing email, monitoring what you do on your computer, and stealing passwords for instance. Running a regular scan will give you a chance to identify and delete these malicious apps before you are too badly compromised.

Don’t panic

Protecting against phishing emails is generally just a case of using your common sense. No matter how scary an email looks, take a second to check your online account yourself. Don’t forget that you can always visit your local branch, or the phone banking service to confirm that everything is ok.

Take the first step towards protecting yourself against phishing emails by downloading a free trial of Panda Security now.

The post How to prevent phishing appeared first on Panda Security Mediacenter.

Panda Security

A New Ransomware Is Testing Our Morality

Leave a comment

A recent indie horror film called It Follows explores an interesting moral grey area. In that film a shape-shifting creature slowly but unstoppably chases a victim. This victim -who faces the inevitable prospect of being worn down and caught- can pass on this curse to someone else by sleeping with them. The question the film poses: Would you sacrifice someone else in order to save yourself?

A recently discovered type of malware is, strikingly, asking internet users the very same question in a real world setting. The context is admittedly far less grandiose –replace shape-shifting monsters with computer hackers- though the name of the new type of malware certainly feels like an allusion to its worthiness as a cyber suspense thriller.

Popcorn Ransomware

Popcorn Time Ransomware, which is named after but unrelated to a bittorrent client, encrypts the contents of your computer or device (using AES-256 encryption) so you cannot access them. Then it gives you a choice; you can pay a ransom, or sell out people you know.

Credit: MalwareHunterTeam
Credit: MalwareHunterTeam

MalwareHunterTeam, who discovered the new ransomware, have reported cases where victims have been given the ability to restore their files for one bitcoin (worth roughly $770 and £610). The second option though, described by its anonymous developers as “the nasty way”, is to send the link on to other people. “If two or more people install this file and pay, we will decrypt your files for free,” the developers say.
If that wasn’t surprising enough, a read of the developers’ information on the ransomware message throws yet another curveball at the infected computer’s owner. The money you are forced to send will, the infectors say, be used as charity.

Yes, you read that right.

The Popcorn Time ransomware developers claim to be computer science students living in war-torn Syria. Due to their horrific circumstances, living with the death of friends and relatives and “with no one helping”, they claim, they are taking things into their own hands. “Be perfectly sure that the money we get goes toward food, medicine and shelter to our people,” they say before actually apologizing for their actions. “We are extremely sorry we are forcing you to pay but that’s the only way we can go on living.” There is, of course, no way to verify this information and it may be completely untrue.

Advice on how to avoid being infected by ransomware varies.

A general rule though is that backing up important files regularly to an external hard drive or cloud storage keeps you one step ahead of any potential attackers. It is also best to download only from reputable sources and be wary of email links that could be part of a phishing attack.

Fear of hackers using our devices to spy on us has long been a fascination in Hollywood. As far back as 1983 the film WarGames explored the realm of computer hacking. Much has changed since then. Hackers have been vilified as well as championed in popular culture; Mr Robot is part of an anti-establishment organization, whilst the popular, hacker founded, Icelandic Pirate Party are making use of a Robin Hood trope to describe their political stance.

The post A New Ransomware Is Testing Our Morality appeared first on Panda Security Mediacenter.

Panda Security

Doxware, the Scary New Evolution of Digital Hijacking

Leave a comment

Ransomware is one of the most frequent forms of cyberattack that a company can face. Through an infected email or by some other means, criminals can lock a computer, encrypt files, or sequester an entire corporate network. The main goal: ransom money, usually in the form of cryptocurrency, in exchange for freeing up the virtually hijacked computer or mobile device.

The FBI calculates that cybercriminals using ransomware have made off with up to $1 billion over the last year. However, many companies have learned how to combat this kind of attack. In addition to having the right protection, it’s possible to avoid paying the ransom by completely erasing the system and recovering it with a backup.

This particular kind of malware has evolved, and cybercriminals have honed their attacks against companies and individuals, making them more profitable. The future of ransomware is already here, and it’s called doxware.

This type of threat starts off in the same way as ransomware: cybercriminals take a company computer hostage and seek a ransom for its safe return. However, the risk is far greater. The cybercriminal threatens to make public the archives, confidential information, and conversations saved on the sequestered device. So, out of fear of having enormous quantities of corporate data put out there for all the world to see, victims will most likely pay the ransom.

It may be the case that this attack is practically a brand new, but some companies have already been infected. And it’s just the beginning. In fact, the malware is expected to continue evolving and cybercriminals will continue to perfect it until it becomes a global threat.

Just as Sony Pictures suffered in late 2014 a chain of cyberattacks followed by the leakage of some of the company’s confidential data, any other company in the world could suffer the same fate. If you’re not adequately protected against all kinds of threats, your devices could be hijacked and their secrets unveiled. Doxware is here, and it doesn’t bode well. Better be prepared.

The post Doxware, the Scary New Evolution of Digital Hijacking appeared first on Panda Security Mediacenter.

Panda Security

How to Hide Information with Ordinary Office Printers

Leave a comment

The printer you have in your office may be less innocent than you thought. Some experts have already shown that they can even become a steganographic tool, the art, well-known in computer security, of hiding information from prying eyes.

A few years ago, the Electronic Frontier Foundation, an organization that defends civil liberties on the internet, reported that some laser printers included a code on the documents they printed that could be viewed with a certain light and a microscope. Manufacturers later had to admit that the US secret services had, apparently, reached an agreement with them so as to identify counterfeiters with that hidden code.

Researchers at the University of Utah have now shown that a conventional inkjet printer such as the one above your desktop can be used to print hidden images invisible to the human eye.

Messages hidden with silver and charcoal

Experts have used a silver and carbon ink to print an image formed by small rods of a millimeter in length and a few hundred microns in width. By varying the proportion of silver and coal, the conductivity of each bar also changes. The human eye is unable to perceive this modification. Using harmless terahertz radiation, which is located in the electromagnetic spectrum between infrared and microwave and is able to traverse opaque objects, the information encoded in the conductivity can be unveiled.

In a study published in the journal of the Optical Society (OSA), researchers demonstrated their new method by hiding QR codes in an image. At first glance, they looked just like an array of identical lines, but, thanks to terahertz radiation, the QR code was discovered. With this method, they have even camouflaged color QR codes.

“Our very easy-to-use method can print complex patterns of rods with varying conductivity,” explained Ajay Nahata, one of the authors of the study. “An added benefit to our technique is that it can be performed very inexpensively.”

Printers used for espionage?

Although they performed this test using relatively simple and small QR codes, they believe the technique could be used to conceal information in more detailed and complex images.

In World War I, the Germans used lemon juice in their letters as invisible ink to escape censorship. Now, the researchers at the University of Utah have shown that there are far more sophisticated ways of hiding information, and there is no need to dig too deep into your pockets to use it.

They also plan to develop inks that need to be heated or exposed to light at a given wavelength to uncover information. Will invisible inks for printers become a new way of hiding confidential information? We may never know.

The post How to Hide Information with Ordinary Office Printers appeared first on Panda Security Mediacenter.

Panda Security

The risks of using personal social media at work

Leave a comment

Many businesses are actively encouraging their employees to use social media at work, hoping that they will become “brand advocates”, talking about the company’s products and services. Employers also hope that their worker’s accounts will help to give the company a “human” face.

But as good as these intentions are, you should carefully consider whether you really want to use your social media accounts at work. Because there are a few potential issues to be aware of.

Increased risk of downloading malware

Social media is a brilliant tool for sharing links, videos and interesting information with your friends online. But not all those links go to good places – quite often those pages will have adware, malware or computer viruses lurking in the background, trying to download themselves onto your computer.

If malware does install itself on your work computer, it could cause serious damage to the rest of the network. The time and costs associated with fixing these issues could seriously hurt your company – and maybe even lose you your job, even if it was an accident.

Possible negative press

There are dozens of examples of situations where someone has made a joke online, but one of their followers has taken offence. The issue quickly escalates, as strangers offer criticisms – and sometimes even threats.

The fall-out from these incidents also affects that person’s employer – some people wrongly assume that the individual and their company are inextricably linked. So the company must act to regain control of the situation – including sacking the employee involved.

Wasting time

With so much interesting information available on Facebook, Twitter, Instagram etc, it is very easy to spend hours catching up on what people are sharing. But if you spend too long on non-work related tasks, you will run into problems getting your actual work done.

When the quality of your work starts to decline, you could be disciplined by your employer – and potentially sacked if things go too far.

Protecting yourself at work

Before you start using your personal social media accounts at work, you should have a conversation with your boss. You should ask how your employer expects you to behave:

  • What kind of malware and content-blocking tools will they deploy to prevent viruses being downloaded accidentally?
  • What protections are in place in the event of a social media disaster? Is there a plan to protect the business and the employees?
  • What constitutes fair use? How much is too much? Can you do whatever you like online, so long as your work is being done?

It is only by establishing these guidelines up front that you can hope to avoid accidentally breaking one of them, risking your job. By being smart, both you and your business avoid trouble and gain the benefits offered by social media.

The post The risks of using personal social media at work appeared first on Panda Security Mediacenter.

Panda Security

Top Cyber Risks of 2017

Leave a comment

Last year is proof that stories about Kim Kardashian and Pikotaro’s PPAP song were not the only things able to break the internet, 2016 was a year full of news about data breaches, stolen sensitive information, hackers extortion and DDoS attacks that in some cases had a significant impact on the lives of many Americans. Phew, it’s all gone, and we are already in 2017!

Hopefully, reputable tech giants such as LinkedIn, Verizon, Google and Microsoft will be a bit more vigilant about keeping our sensitive information safe. Luckily there are anti-virus companies who have our backs even when tech companies’ security fail.

Having anti-virus software is similar to having a second layer of clothes in the winter. You like being prepared, don’t you?

After such a turbulent 2016, we’ve developed a little list of cyber threats to watch out for in 2017.

Cyber threats to watch out for in 2017

Connected devices

Currently, there are billions of connected devices all over the world – the revolution of self-driving cars is just about to kick in too. Drones, doorbells, kitchen appliances, thermostats and health gadgets – all sorts of new technology is now able to be monitored and controlled over the internet. The power of IoT gives us an unparalleled convenience, things we’ve never experienced before, but also poses a grave danger.

The potential threat is no longer about getting your fridge or printer hacked, but cracks in the system of such technology which if penetrated by criminals could cause significant security risks. No one would want a self-driving car or a drone hacked and operated by hackers.

This poses a great concern for our safety. We are expecting a wild 2017 for the consumers out there, as more attacks throughout the year are likely to follow. Currently, it is easier for cyber trouble-makers to create and control an IoT army of devices, than to develop new spyware. We hope to see the security features of IoT devices advance in 2017.

Sophisticated phishing attacks

It’s just the beginning of the New Year, and multiple sources have reported innovative and more sophisticated phishing attacks targeting Gmail accounts in the US. Sources say these phishing attacks can fool even experienced internet users. What is so different about these phishing attaches from the regular ones?

Not much, except for the fact that the design of the landing pages is getting better and better. Another difference worth mentioning is the URL bar. Anti-virus software companies have been preaching for years to always look at the URL bar and never input your login details in websites of whose URLs are not https or/and marked in red color.

In the new case of phishing attacks, the URL bar is in plain text, its’ not green nor red. Apparently, this tends to confuse people so be aware if you don’t want to be in the news as the next victim of a well-executed scam.

State-sponsored espionage

The New Year will surely bring us news of state-sponsored cyber espionage. Mainstream media still finds it hard to accept the legitimacy of the new president of the United States, and the means he used to make it to the chief commander of the free world role. WikiLeaks founder Julian Assange argued that the emails which revealed information about Secretary Hillary Clinton were part of a leak, not a state-sponsored campaign designed to elect Donald Trump. We will most likely never know the full truth but what we are aware is that state sponsored cyber-attacks will become a norm in 2017.

Hacker extortion

Last year a California hospital paid $17,000 in Bitcoin to hackers, a well-known university in the US also became a victim of an attack where cyber criminals installed ransomware on the company’s systems and demanded payment to unlock it. In all known hacker extortion cases, the victim ended up paying up the criminals. The main problem is that not only companies are under threat, but individuals too. There have been reported cases of senior citizens who have been held up by cyber bullies, demanding payments so they can regain access to precious family imagery. Or celebrities ending up paying to stop sensitive photos from being released into the world. Having in mind that most of all known occurrences of cyber extortion have been successful, and the fact that governments tend to lose the battles against it, the occurrences of such incidents are very likely to continue into this year.

Digital fingerprinting, biometric security and health data protection

Digital fingerprinting is getting popular among consumer devices. We saw tens and probably hundreds of them at CES 2017. Currently, all major cell phone manufacturers have it as an option to unlock their phones. Now there are home locks, padlocks, deadbolts and USB sticks that could be unlocked/opened with a simple touch. Even some car manufacturers are integrating the technology into their new car models. Sadly, a Japanese researcher recently came out with a statement that your fingerprints could be stolen when posing for a photo doing the piece sign. Criminals are getting creative, what a surprise! Facial and iris recognition may soon become a norm too so protecting the databases that store this information will become a challenge.

What an amazing time to be alive, the predictions for 2017 are straight out of a sci-fi movie.

However, these issues are now real and protecting our data in all its forms is vital. The convenience the new technology is bringing us opens backdoors for criminals to take advantage. Luckily there are anti-virus specialists such as Panda Security, who make sure your data stays safe and provide you with that extra layer of security that we all need.

The post Top Cyber Risks of 2017 appeared first on Panda Security Mediacenter.

Panda Security

Panda Security to Participate in This Year’s RSA Conference

Leave a comment

This February, from the 13th to the 17th, the XXII Edition of the RSA Conference, the largest event of cyber security in the world, will be held at the San Francisco Moscone Center. Major companies, suppliers and cybersecurity gurus will gather to find solutions to their business concerns and discuss industry trends — an incomparable venue in which Panda Security will be giving advice on cybersecurity strategies.

An extensive list of national and international experts will give an array of lectures and will be present as exhibitors during the five days of the event. Among the list of cybersecurity gurus you will find Luis Corrons, technical director of PandaLabs (@Luis_Corrons), who will share his thoughts with the attendees at the Panda Security booth (4542).

In keeping with this year’s theme, “The Power of Opportunity”, we will talk not only about malware and cybersecurity predictions for 2017, but also the benefits of a strategy that combines big data and machine learning in the security of your business — cutting-edge technology that constitutes a great leap forward in advanced cybersecurity solutions and will be presented over the course of the event.

Did you know that more than 250,000 new threats are detected in our laboratory every day? We will address how to anticipate potential threats with practical examples and real cases that seem like something out of science fiction. Advanced cybersecurity and prevention are, as always,

A powerful panel of experts bringing together more than 45,000 participants and a large number of exhibitions and activities await you at the RSA Conference 2017, an event in which innovation in cybersecurity is the center of attention.

PandaLabs, the Laboratory That Has the Answers to Your Questions

PandaLabs is Panda Security’s anti-malware lab and represents the company’s nerve center in terms of malware. Luis Corrons, its technical director, is one of the experts who will be representing the company at the Panda Security booth.

The countermeasures necessary to protect Panda Security’s customers on a global scale from all types of malicious code are produced in real time and uninterruptedly at the laboratory.

PandaLabs is also responsible for the detailed analysis of all types of malware, in order to improve the protection offered to Panda Security users.

Don’t miss your chance to consult with the experts! Join us and discover the latest technologies and pioneering developments in the industry.

More Information

When: February 13-17, 2017

Tickets: Check the price list here and get your discount by presenting the Panda Exhibition Pass: XE7PANDA (redemption deadline is Thursday, February 16th)

Where: Moscone Center, San Francisco.

Panda Security will be at booth number 4542 (look for us on the map!)

The post Panda Security to Participate in This Year’s RSA Conference appeared first on Panda Security Mediacenter.

Panda Security

Quantum Computers and the Change in Cybersecurity

Leave a comment

The next revolution in computer science already has a name: quantum computing. Computers capable of working with the superposition of ones and zeros (using qubits, which can take both values, unlike bits, which take one or the other) are still a laboratory animal, but research is increasingly approaching the dream of developing a machine with these characteristics capable of revolutionizing everything from medicine to computer security.

The quantum era will usher in a new phase in the eternal race between defenders and attackers of our privacy. Cryptography will be the battlefield in which this war of the future will be fought, the contenders of which are already preparing for a confrontation that could take place in the coming years.

Theoretically, a quantum computer would be able to break most of the current encryption algorithms, especially those based on public keys. A quantum computer can factor at a much higher speed than a conventional one. A brute-force attack (testing all possible passwords at high speed until you get the right one) would be a piece of cake with a machine that boasts these characteristics.

On the other hand, with this paradigm shift in computing will also come the great hope for privacy. Quantum cryptography will make things very difficult for spies and cybercriminals. While current encryption systems are secure because intruders who attempt to access information can only do so by solving complex problems, with quantum cryptography they would have to violate the laws of quantum mechanics, which, as of today, is impossible.

A quantum computer would be able to break most of the current encryption algorithms.

In any case, it is still early to fear or await with enthusiasm the arrival of these algorithms. Quantum computers are neither going to start decoding passwords tomorrow, nor will they be so dangerous when, within a few years, they are finally able to do so. Predictably, the security systems that would be most vulnerable to these machines will no longer be in use when, five years from now at least, they’ve become a more everyday reality.

Until then, and as a special precaution to protect the documents and some of the more confidential conversations of a company, it wouldn’t hurt to follow some tips. The most important thing is to avoid asymmetric key encryptions such as RSA, EIGamal, or one that’s based on the Diffy-Hellman protocol. Quantum computers would be able to solve relatively easily the mathematical problems at the core of their security.

The post Quantum Computers and the Change in Cybersecurity appeared first on Panda Security Mediacenter.

Panda Security

Spora, a Sophisticated New Ransomware, Detected in January

Leave a comment

A few days ago, our colleagues at G-Data published an interesting analysis of Spora, a new ransomware that appeared in January. It had first been spotted by the people at ID Ransomware, and is mainly affecting Russia. A link was published in a forum detailing the analysis results of one of the samples sent by way of spam in VirusTotal. It is an HTA file that none of the engines present there detected, neither Panda Security, nor G-Data, nor any other.

Does this mean that the 53 participants in VirusTotal are unable to detect and block this new threat? Not at all. It means that at the time of the analysis nobody had bothered to write a signature to detect a file that, besides, is actually ephemeral. The important thing is to protect users and prevent them from becoming infected. If there is no other way to accomplish this than by creating signature, there’s not much you can do about it. But at least for some of us this is seems to be completely unnecessary in most cases, as in the present one.

Taking a look at the information in our cloud, we have observed and blocked Spora detections from the first moment, without having to create signatures for it. We can confirm that indeed most of the cases are in Russia, although we have also seen cases in Japan.

These are the different hashes that we’ve seen:

312445d2cca1cf82406af567596b9d8c

acc895318408a212b46bda7ec5944653

c1f37759c607f4448103a24561127f2e

c270cf1f2cfeb96d42ced4eeb26bb936

Always make sure to detect threats well in advance with a good cybersecurity solution such as Panda’s Adaptive Defense 360.

The post Spora, a Sophisticated New Ransomware, Detected in January appeared first on Panda Security Mediacenter.