Tag Archives: featured1

Malware still generated at a rate of 160,000 new samples a day in Q2 2014

August 29, 2014 007admin Leave a comment

The second quarter of 2014 has seen the creation of 15 million new strains of malware
Trojans are still the most common type of malware, though they are losing ground thanks to the rise of PUPs (Potentially Unwanted Programs)
Smartphones, both Android and iOS, are still under attack
The global infection rate during this period was 36.87%, a significant increase on previous quarters, thanks in part to the increase in PUPs

Panda Security, The Cloud Security Company, has announced the latest findings of the PandaLabs quarterly report for Q2 2014. The main conclusions of the study include the fact that malware is still being created at the record levels reached in the previous quarter: 15 million new samples were generated, at an average rate of 160,000 every day.

While Trojans are still the most common type of malware, accounting for 58.20% of new malware, this figure is significantly lower than the previous quarter (71.85%). This is not so much due to a drop in number of new Trojans, but more to a substantial increase in PUPs (Potentially Unwanted Programs) during this period.

Attacks on mobile devices have continued to gather momentum over this quarter, though this time they have also targeted the Apple iOS in addition to Android. In the case of the latter, the most notable cases have involved fake antivirus apps and ransomware.

There have also been many notable cases of hacking targeting major companies across different sectors, such as eBay, Spotify or Domino’s Pizza,as well as more attacks by the Syrian Electronic Army (SEA). A security flaw -dubbed Heartbleed– in the OpenSSL library used for encrypting communications made the headlines around the world in April.At the same time, Microsoft ceased to offer support for Windows XP, with serious security implications for users of this OS.

PUPs on the rise

While Trojans are still the most prevalent type of malware (58.20% of new threats), they are losing ground thanks to the rise of PUPs (Potentially Unwanted Programs). In fact, in recent months there has been a notable increase in software bundlers, which install PUPs -without the userâ€™s consent- along with the programs that the user really wants to install.

Trojans are followed a long way behind in the ranking by worms (19.68%), adware/spyware (0.39%) and viruses (0.38%).

Trojans the cause of most infections

Trojans, once again, have accounted for more infections (62.8%) than any other type of malware, although this figure is lower than the previous quarter (79.90%). PUPs are in second place with 24.77% of infections, underlining how these techniques are now being used massively. A long way behind came adware/spyware (7.09%), viruses (2.68%) and worms (2.66%).

Infections by country

The global infection rate during the second quarter of 2014 was 36.87%, a significant rise on recent periods, thanks largely to the proliferation of PUPs. Country by country, China once again had the most infections, with a rate of 51.05%,followed by Peru (44.34%) and Turkey (44.12%).

Itâ€™s clear from this ranking that the regions with the highest levels of infections are Asia and Latin America. Spain also has an infection rate above the global average with 37.67%.

On the other hand, Europe is the area with the lowest infection rate, with nine countries ranked among the least infected countries. Sweden (22.13%), Norway (22.26%) and Germany (22.88%) had the lowest rates while Japan, with an infection rate of 24.21%, was the only non-European country in the top ten of this ranking.

The full report is available here.

The post Malware still generated at a rate of 160,000 new samples a day in Q2 2014 appeared first on MediaCenter Panda Security.

Avast

Bad news for SMBs: Targetâ€™s â€œBackoffâ€ malware attack hits 1,000 more businesses

August 28, 2014 007admin Leave a comment

avast! Endpoint Protection can protect your network

U.S. merchants advised to protect themselves against same PoS hack that hit Target and Neiman Marcus last year.

More than 1,000 U.S. businesses have had their systems infected by Backoff, a point-of-sale (PoS) malware that was linked to the remote-access attacks against Target, Michaels, and P.F. Changâ€™s last year and more recently, UPS and Dairy Queen. In the Target breach alone, 40 million credit and debit cards were stolen, along with 70 million records which included the name, address, email address, and phone number of Target shoppers.

The way these breaches occur is laid out in BACKOFF: New Point of Sale Malware, a new U.S. Department of Homeland Security (DHS) report. Investigations reveal that cybercrooks use readily available tools to identify businesses that use remote desktop applications which allow a user to connect to a computer from a remote location. The Target breach began with stolen login credentials from the air-conditioning repairman.

Once the business is identified, the hackers use brute force to break into the login feature of the remote desktop solution. After gaining access to administrator or privileged access accounts, the cybercrooks are then able to deploy the PoS malware and steal consumer payment data. If thatâ€™s not enough, most versions of Backoff have keylogging functionality and can also upload discovered data, update the malware, download/execute further malware, and uninstall the malware.

General steps SMBs and consumers can take to protect themselves

You should use a proper security solution, like avast! Endpoint Protection, to protect your network from hacking tools, malicious modules, and from hackers using exploits as a gateway to insert malware into your network.
Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate.
Change default and staff passwords controlling access to key payment systems and applications. Our blog post, Do you hate updating your passwords whenever thereâ€™s a new hack?, has some tips.
Monitor your credit report for any changes. Youâ€™re entitled to one free report per year from each of the three reporting agencies.

Specific tips to protect your business and customers

Remote Desktop Access

Configure the account lockout settings to lock a user account after a period of time or a specified number of failed login attempts.
Limit the number of users and workstations who can log in using Remote Desktop.
Use firewalls to restrict access to remote desktop listening ports.

Network Security

Review firewall configurations and ensure that only allowed ports, services and Internet protocol (IP) addresses are communicating with your network.
Segregate payment processing networks from other networks.

Cash Register and PoS Security

Implement hardware-based point-to-point encryption. It is recommended that EMV-enabled PIN entry devices or other credit-only accepting devices have Secure Reading and Exchange of Data (SRED) capabilities.
Install Payment Application Data Security Standard-compliant payment applications.
Deploy the latest version of an operating system and ensure it is up to date with security patches, anti-virus software, file integrity monitoring and a host-based intrusion-detection system.

See more mitigation and prevention strategies from DHS.

Learn more about PoS attacks against small and medium-sized business in our blog, Should small and medium-sized businesses be worried about PoS attacks?

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners â€“ check out our business products.

Panda Security

Hackers reveal their secrets on Twitch, the gamersâ€™ streaming platform

August 27, 2014 007admin Leave a comment

Twitch was set up in 2011 as a video streaming platform yet, unlike YouTube, it is mostly videos of games and playthroughs that are broadcast on the channel. Another distinguishing feature is that Twitch doesnâ€™t use any copyright system to establish payments: it operates with voluntary donations to those who provide content and share their experiences with other Internet users.

With a view to complementing its offer with such content, Amazon has invested an incredible US$970 million (735 million euros) in purchasing the company. Google and Yahoo had also bid to take over the company, though in the end it was the online store that managed to take this highly-coveted asset.

This fierce competition over Twitch is not without motive. The channel already had 3.2 million active users in its first month of existence. It now has over 50 million users, each of whom spends an average of 106 minutes watching its content.

The website, founded by the American Justin Kan (also responsible for Justin.tv) was initially set up to broadcast conventional content. However, another of the siteâ€™s founders, Emmett Shear, who had a passion for computer games, decided to change focus go for another type of content.

The platform allows users to take part in the broadcasts and form a community, one of the keys to success on the Web, especially when it comes to online gaming: the channelâ€™s now famous ‘eSports’, are real competitions between gaming professionals.

Given its content, itâ€™s hardly surprising that itâ€™s mainly young people who visit the channel. Over half the users are under 25, although the average age of those taking part in competitions is somewhat higher, around 40 years old. However, all of them are keen Internet users.

So far, so good. But what happens when those who broadcast their online adventures are not just gamers, but also hackers?

George Hotz and Ricky Zhou, two renowned hackers, have started broadcasting the resolution to different challenges, which can last up to five hours. The first of these was largely aimed at overcoming certain levels of Vortex, a game designed for hackers. The challenges are resolved by commands written in code.

In the second challenge, dubbed â€˜The Great CVE Race‘ (CVE stands for Common Vulnerabilities and Exposures), the participants tried to exploit a security hole in the Firefox browser. The CVE database is maintained by MITRE, a US NGO, and contains all the known bugs or vulnerabilities for many software programs.

After selecting the security flaw, the hackers design an exploit: a tool or technique that takes advantage of the software error to prevent the program from running properly or to allow third party access to the service. This can include anything from a computer virus to alterations to the softwareâ€™s code, for example, a set of instructions to run the program in a different way.

Client-side exploits are strategies aimed at vulnerabilities in applications normally used on any operating system, such as a Web browser. The tool is applied to a file that the program has to open, such as an email.

When this modified file is run by the user and there is no antivirus security control, the hacker can access the userâ€™s information. This is exactly what Hotz and Zhoy are showing in their videos: how to create an exploit for Firefox.

If hackers were to follow their instructions, they would learn how to take control of the program or change some aspects of one version of Firefox without the developerâ€™s consent.

Although Twitch doesnâ€™t monitor content and gives free rein to those who broadcast videos, the creation of such tools can even be illegal, as they donâ€™t have the administratorâ€™s authorization and they interfere with the activity of third parties. The platform may have to think about keeping a closer eye on what is published on the site.

The post Hackers reveal their secrets on Twitch, the gamersâ€™ streaming platform appeared first on MediaCenter Panda Security.

Avast

Self-propagating ransomware written in Windows batch hits Russian-speaking countries

August 26, 2014 007admin Leave a comment

Ransomware steals email addresses and passwords; spreads to contacts.

Recently a lot of users in Russian-speaking countries received emails similar to the message below. It says that some changes in an “agreement’ were made and the victim needs to check them before signing the document.

The message has a zip file in an attachment, which contains a downloader in Javascript. The attachment contains a simple downloader which downloads several files to %TEMP% and executes one of them.

The files have .btc attachment, but they are regular executable files.

coherence.btc is GetMail v1.33
spoolsv.btc is Blat v3.2.1
lsass.btc is Email Extractor v1.21
null.btc is gpg executable
day.btc is iconv.dll, library necessary for running gpg executable
tobi.btc isÂ Â Browser Password Dump v2.5
sad.btc is sdelete from Sysinternals
paybtc.bat is a long Windows batch file which starts the malicious process itself and its replication

After downloading all the available tools, it opens a document with the supposed document to review and sign. However, the document contains nonsense characters and a message in English which says, “THIS DOCUMENT WAS CREATED IN NEWER VERSION OF MICROSOFT WORD”.

While the user is looking at the document displayed above, the paybtc.bat payload is already running in the background and performing the following malicious operations:

The payload uses gpg executable to generate a new pair of public and private keys based on genky.btc parameters. This operation creates several files. The most interesting ones are pubring.gpg and secring.gpg.

It then imports a public key hardcoded in the paybtc.bat file. This key is called HckTeam. Secring.gpg is encrypted with the hardcoded public key, and then renamed to KEY.PRIVATE. All remains of the original secring.gpg are securely deleted with sdelete. If anyone wants to get the original secring.gpg key, he/she must own the corresponding private key (HckTeam). However, this key is known only to the attackers.

After that, the ransomware scans through all drives and encrypts all files with certain extensions. The encryption key is a previously-generated public key named cryptpay. The desired file extensions are *.xls *.xlsx *.doc *.docx *.xlsm *.cdr *.slddrw *.dwg *.ai *.svg *.mdb *.1cd *.pdf *.accdb *.zip *.rar *.max *.cd *jpg. After encryption, the files are added to extension “[email protected]“. To decrypt these files back to their original state, it is necessary to know the cryptpay private key, however, this key was encrypted with the HckTeam public key. Only the owner of the HckTeam private key can decrypt it.

After the successful encryption, the ransomware creates several copies (in root directories, etc.) of the text file with a ransom message. The attackers ask the victim to pay 140 EUR. They provide a contact email address ([email protected]) and ask the victim to send two files, UNIQUE.PRIVATE and KEY.PRIVATE.

A list of the paths of all the encrypted files is stored in UNIQUE.BASE file. From this file, the paths without interesting paths are stripped (these paths include the following: windows temp recycle program appdata roaming Temporary Internet com_ Intel Common Resources).
This file is encrypted with the cryptpay public key and stored in UNIQUE.PRIVATE. To decrypt this file, the attackers need the cryptpay private key, which was previously encrypted with HckTeam public key. It means that only the owner of theHckTeam private key can decrypt UNIQUE.PRIVATE.

When we display a list of all the available keys (–list-keys parameter) in our test environment, we can see two public keys; one of them is hardcoded in paybtc.bat file (HckTeam), the second one is recently generated and unique for a particular computer (cryptpay).

Then Browser Password Dump (renamed to ttl.exe) is executed. The stolen website passwords are stored in ttl.pwd file.

The ttl.pwd file is then sent to the attacker with the email address and password hardcoded in the bat file.

Then the ttl.pwd is processed. The ransomware searches for stored passwords to known Russian email service providers. These sites include auth.mail.ru, mail.ru, e.mail.ru, passport.yandex.ru, yandex.ru, mail.yandex.ru. When a user/password combination is found, it is stored for future usage.

The GetMail program is used later to read emails from a user account and extract contacts. The ransomware will spread itself to these contacts.

With the stolen passwords, the virus then runs coherence.exe (renamed GetMail utility), which is a utility to retrieve emails via POP3. The virus only knows the username and password, not the domain, so it takes a few tries to bruteforce all major email providers to find the only missing piece of information. If an email is downloaded while bruteforcing, it confirms two things: 1. The domain the victim uses, and 2. the fact that the password works. Then the virus downloads the last 100 emails, extracts “From” email addresses and runs a simple command to filter out specific addresses, like automatic emails.

Next, ten variants of email are created, each with one custom link.

The links all point to different files, but after unzipping we obtain the original JavaScript downloader.

The virus now has a fake email with a malicious link, addresses to send it to, and the email address and password of the sender. In other words, everything it needs to propagate.

Propagation is achieved using program Blat renamed as spoolsv.btc. The last step of the virus is to remove all temporary files â€“ nothing will everÂ be needed again.

Conclusion:

In the past we regularly got our hands dirty with ransomware which was typically a highly obfuscated executable. This case was quite different. It was interesting mainly because it was written purely in a batch file and relied on many open source and/or freely available third party utilities. Also, self-replication via emails was something we do not usually see.

avast! security products detect this ransomware and protect our users against it. Make sure your friends and family are protected as well. Download avast! Free Antivirus now.

SHAs and Avast’s detections:

Javascript downloader (JS:Downloader-COB)

ee928c934d7e5db0f11996b17617851bf80f1e72dbe24cc6ec6058d82191174b

BAT ransomware (BV:Ransom-E [Trj])

fa54ec3c32f3fb3ea9b986e0cfd2c34f8d1992e55a317a2c15a7c4e1e8ca7bc4

Acknowledgement:

This analysis was jointly accomplished by Jaromir Horejsi and Honza Zika.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us onÂ Facebook,Â TwitterÂ andÂ Google+. Business owners â€“ check out ourÂ business products.

Avast

U.S. schools give an F to 2014-15 IT budget

August 26, 2014 007admin Leave a comment

AVAST Free for Education protects schools while significantly decreasing IT costs for security.

The beginning of the 2014/2015 school year is here. Parents and children are ready after a long summer break, but are schools prepared for the start of the new academic year?

AVAST surveyed more than 900 school IT professionals who participate in the AVAST Free for Education programÂ and found that in terms of technology, schools are not as well equipped as parents expect.

8 out of every 10 schools surveyed by AVAST said they do not feel they have adequate funding to keep up-to-date with technologies
1 out of 5 schools still run Windows XP, and 12% of these schools said they do not intend to upgrade the unsupported operating system

Failing to upgrade to the most up-to-date software not only makes machines vulnerable to attacks, but also hinders the amount of programs that can be used by teachers and students. Keeping up with the most current technology is vital, as it has become ubiquitous in daily life, making it a valuable skill for children to have for the future. Despite technologyâ€™s important place in education,

4 out of 10 schoolâ€™s IT budgets are slashed for the upcoming school year
More than a quarter of schools have a $0 IT budget for this year

Technology in schools is not limited to instruction. Sensitive information about faculty, staff, and students is stored on administrative computers. This information needs to be protected from cybercriminals, which is difficult for schools with little to no IT budget. Schools without adequate protection put local families, faculty, and expensive hardware at risk.

AVAST Free for Education helps schools by providing them with enterprise-grade antivirus protection for free, saving school districts an average of $14,285 a year. The AVAST Free for Education program saves school IT departments money they can spend on software and hardware upgrades or use for supplies and salaries.

AVG

What does the future hold for our privacy?

August 26, 2014 007admin Leave a comment

Nothing is ever certain about our future, but when it comes to privacy, we can take a look at current trends and make some educated guesses as to what we will see tomorrow, next year, or even in 10 yearsâ€™ timeâ€¦

Looking at those trends, itâ€™s clear that no matter how peopleâ€™s privacy is violated and taken away, there will always be new tools to help protect it combat them and most important of all, keep people in control of their own privacy.

Innovation helps both sides of the spectrum and will lead to many games of cat and mouse moving forward into the future. To be more specific though I see two primary areas where privacy will be influenced the most in the future: anonymity and user owned data.

Anonymity

Being anonymous is one of the hardest things to do, if not impossible, in this day and age. With the prevalence of online tracking, government surveillance, and login systems everywhere it is very difficult to keep things to yourself unless you are willing to forgo the online world. While there are many services that start to offer â€œanonymousâ€ services such as Secret and Telegram, there is always something that is connecting your device to the posts you do or the interactions you make. Thatâ€™s why I see a future where pseudo-anonymity is commonplace.

Pseudo-anonymity would allow people to be anonymous to others and possibly to the application they are interacting with, but still be able to put together a profile and have an account. Adopting a pseudo-anonymous system has potential far beyond simple messaging apps and in something like Bitcoin, has the potential to really change the world.

In Bitcoin, everyone has a public address where you can see where Bitcoins are being sent to and from, and follow transactions very publicly, but you canâ€™t actually identify the person that has the addresses unless they specifically tell you. This form of pseudo-anonymity is regarded as a positive step for privacy as it allows for direct audits and transparency of information while still letting individuals control their identifiable data.

Bitcoin is just one example of pseudo-anonymous technology, while even Facebook is taking steps to allow for Facebook login where apps cannot access your identity but rather just verify you are a person. It’s important I think to separate out task of verifying users as real people and learning their identities. That way we can have quality services supported by real users but without them having to sacrifice their privacy. Pseudo-anonymityis a good bridge for these two things.

User Owned Data

Right now as you browse the web there are dozens of companies that are collecting information about what you search for, what pages you visit, what you watch, and more. These companies make inferences about you such as your gender, income bracket, and marital status. They then sell this information to advertisers who will try to serve you with more relevant ads so that you are more inclined to click on them. This is the current status quo but it relies heavily on inferences and guesswork, which means there is a limit to how accurate the information can be.

Currently many companies have tried to bring user control to this aspect of online data collection, but nobody has truly succeeded. To get users to willingly hand over their data to companies, there needs to be a high enough value proposition for the users. Facebook and Google do a great job of this currently by providing free services that we use every day in return for data to be used for advertising. Other companies are still trying to crack the code on what would be valuable enough to these users. Online advertising is still in a high growth phase though and has a strong outlook to expand and grow into the future. Once advertising matures enough, it may become worth enough for other companies to be able to provide proper incentives to users in return for access to their data.

While nobody can predict the future we can help build the future we want to be a part of. The next time you sign up for a site or enter a competition in exchange for your email address and phone number, consider what information you are really giving up, who is getting access to it, and how it will be used. If we want a future where we are all more in control of our privacy we must start to take better care of our data.

If you have any ideas of what would be ideal in your future for privacy, let us know in the comments or drop us a line on our Facebook page at https://www.facebook.com/AVG.

AVG

California Earthquake serves up privacy reminder

August 26, 2014 007admin Leave a comment

This weekendâ€™s earthquake near American Canyon has highlighted the risk of living in the Bay Area and also given us all insight to how people behave in todayâ€™s connected world.

The speed at which tweets started appearing of people sharing their experiences shows that many of us are sleeping with a connected device next to the bed that is the first thing we grab for when awoken in the middle of the night. Now though, our connected devices are no longer relegated to the nightstand, but instead are in bed with us.

After the quake, an interesting story emerged from Jawbone, the manufacturer of a fitness/sleep tracker UP. They have released data on the number of people that were woken by the earthquake based on location and the epicenter. The data is interesting, 93 percent of UP wearers in Napa, Sonoma, Vallejo and Fairfield woke up instantly, while just over half in the areas of San Francisco and Oakland. And 45 percent of those within 15 miles of the epicenter then remained awake for the remainder of the night. The data gives you some indication on the magnitude and effect the earthquake had on people.

While the information is very interesting and offers fascinating insight into human behavior, it does also serve as a gentle reminder that as connect our lives to the Internet, that data takes on a life of its own.

I wonder if the users of fitness/sleep devices are aware that their data could be used for analysis such as this? While the data Jawbone shared was anonymous and pretty much harmless, it does make me think, what else is being collected? What other insights do they have into our daily lives?

Fitness/sleep trackers collect information about the user and most of it is of a very personal nature and includes name, gender, height, weight, date of birth and even what you eat and drink if you are logging this in the app. Now couple this with location data that is being collected and you may even be able to understand where people regularly work out or go to eat..

I use a fitness tracker and as a user I limit the sharing of my data, I have switched off the sharing through social media as I donâ€™t think my friends and family really need to know how many steps I took today. But I do understand that many users bounce off their friends as motivation to do more exercise which is not a bad thing if thatâ€™s the way you get your motivation.

Checking privacy policies

It sounds boring but I would absolutely advise reading the privacy policy of a fitness tracker before purchasing/installing. It cannot hurt to be more informed about what you are agreeing to reveal about yourself and who you are happy to share that information with.

After all its your data, it should be up to you how it gets used.

AVG

Games hit by massive outage: Sony PSN, Blizzard, Riot and more affected

August 26, 2014 007admin Leave a comment

Gamers, you better dig out your good old offline games: some of the most popular online gaming networks are getting attacked by hackers. On Sunday, August 24^th2014, a group which calls themselves the â€œLizard Squadâ€:

They have started attacking Sonyâ€™s PlayStation network (PSN) though which the company sells all of their online games and which serves as a hub for all multiplayer games. The method used: DDoS (Distributed Denial of Service). Sony, being burned in 2011 by a massive hack attack, immediately issued a statement saying that no customer data was stolen this time and that itâ€™s back up since Monday August 25^th.

Riot, Blizzard, Xbox Live affected too

On Monday, however, the group moved on to Blizzard, the makers of World of Warcraft, and Riot Games, the ones behind games like League of Legends and continued to attack other sites. Hereâ€™s the latest:

PSN Network: Is back online, according to their statement on Monday, August 25^th. Lizard attacked PSN for what they perceive to be a lack of PSN customer service: â€œSony, yet another large company, but they aren’t spending the waves of cash they obtain on their customers’ PSN service. End the greed.â€

Blizzard: Battle.net, the online service behind World of Warcraft, seemed to be heavily affected on Sunday, but was in the process of stabilization on Monday. But other than the fact that Battle.net was a target, the group doesnâ€™t seem to offer any reasons for hacking â€“ other than their typical â€œlulzâ€ by asking users to write the groups name on their forehead while playing Hearthstone and Dota 2 on Twitch.

Xbox Live: in addition to the networks above, Microsofts Xbox Live network has been hit, too â€“ users should regularly check the status here:

However, the negative â€œicing on the cakeâ€ came when the group announced that theyâ€™ve seen â€œreports of explosivesâ€ on board an American Airlines flight from Dallas to San Diego carrying Sony Online Entertainment president John Smedley.

American Airlines immediately redirected the plane, which just goes to show how much of an impact this series of DDoS attacks and its publicity just had on people.

Should you be worried?

For now: no! DDoS attacks are not traditional hacking attacks, but rather â€œclogging the Internet toiletâ€ by which a server gets hits with hundreds of thousands of requests. So far, there appears to be no evidence of an actual hacking attack. We will keep you posted, but other than the major inconvenience for gamers, there seems to be no data compromised!

Panda Security

UPS stores attacked in the USA

August 26, 2014 007admin Leave a comment

UPS, the international courier service, may have been the victim of a cyber-attack using a virus detected in 51 of the companyâ€™s US stores.

A company spokesperson confirmed that the attack could have compromised confidential information, including customersâ€™ names, card details and postal and email addresses. The earliest evidence of the presence of this malware at any location is January 20, 2014Â andÂ was eliminated as of August 11, 2014.

The attack has been traced back to the services that give employees remote access to the UPS system. Cyber-criminals exploited this to infect point-of-sale terminals and obtain information massively from the database.

UPS has informed customers of the stores that have been affected by the malware.

Attack on Target

This attack is similar to the one suffered by another US company, Target, which resulted in the theft of over 40 million credit card details.

Point-of-sale terminals are a highly-prized target for cyber-criminals. It’s not a question of chance, sooner or later someone will try to hack your terminals. To ensure protection you need a security solution that covers different aspects of the POS terminal and which can:

Restrict the running of software, only allowing trusted processes to run.
Identify vulnerable applications, warning you of any outdated software.
Enforce the behavior of permitted processes to prevent vulnerability exploits in trusted processes.
Traceability: If an incident occurs, your security solution should provide all the information needed to answer four basic questions: when the attack began; which users have been affected; what data has been accessed and what has happened to it; and how the attackers entered and from where.

These are not all the security measures that can be taken, although these four points at least must be covered.

The post UPS stores attacked in the USA appeared first on MediaCenter Panda Security.

007 Software

Tag Archives: featured1