Tag Archives: General

Avast

Internet of Things: What you need to do to protect yourself

Leave a comment

The Internet of Things (IoT) join together physical devices that we use every day with information technology.

Make sure your Internet of Things is secure

We can use devices to monitor our health and fitness, our houses, our environment, and our factories and cities.

Using internet-connected devices expands our ability to control and monitor in the real world.  The IoT is literally changing our lives.

The Internet of Things has the potential to fundamentally shift the way we interact with our surroundings. The ability to monitor and manage objects in the physical world electronically makes it possible to bring data-driven decision making to new realms of human activity – to optimize the performance of systems and processes, save time for people and businesses, and improve quality of life.” ~ McKinsey Global Institute study

The potential economic impact of the IoT is astounding  – as much as $11.1 trillion per year by 2025 for IoT applications, projected by the same study.

But is there a downside?

In many people’s minds, surveillance, privacy issues, and data breaches seem to be someone else’s problem. “Should I be concerned about all of this?,” people who have “nothing to hide” think. Recently, we published how the Internet of Things can be hacked and what issues arise from the fact that we’re almost 100% online and connected.

Nowadays, all this technology passes through very well-known and yet problematic points: Our home network security. When our early version of Avast 2015 was released, we published many articles about Home Network Security. During the past year, we gathered lots of proof and conducted social experiments to show that…

Your security is as strong as your network security

To protect your security and privacy, you must assure that your network and communications are safe. Although this seems like rocket science, some basic – but effective – measures can and should be taken. It’s really not rocket science, so even us common folk can follow the steps below to make sure we’re prepared to a secure our IoT life.

  1. 1. Device protection: Install security software on all your connected devices. Avast is a worldwide leader in providing security for Windows, iOS, and Android devices. They can stop malicious actions and make all the difference when you’re online. Your device protection also depends on its own installed software security, thus, keep all your apps and operational system up-to-date.
  2. 2. Network protection: Not all antivirus software provides for proper network protection. If a cybercrook invades one of your devices –most commonly the router – all your network, devices, and data could be compromised. Avast has unique features to allow you to scan your network and find if there is any open door to hackers. 
  3. 3. Security best practices: There are numerous “best” practices, some of which will save you a lot of headaches. The most important is using different passwords for each online service or site and protecting yourself in open or public Wi-Fi networks.  Avast Passwords to manage all your passwords and Avast SecureLine to safely connect you to Wi-Fi, will give you peace of mind.

Avast premium versions include all the protection you need including Home Network Security. You can download and test them for free from the Avast website.

 

Follow Avast on Facebook, Twitter, YouTube e Google+ where we keep you updated on cybersecurity news every day.

Avast

In 2016, your home will be a target for hackers

Leave a comment

Your home and the devices in it will be a viable target for cybercrooks in 2016.

Back in the good ol’ days of the early 2000s until just a few years ago, all we had to be concerned about was security on our desktop computers and laptop. In the intervening years, mobile devices have become so ubiquitous that hackers have turned their sights on them, especially Android devices.

But starting in 2015, everyone began to realize just how close to home cybersecurity really is. Home networks are the new gateway, and 2016 will be the year that vulnerabilities in the Internet of Things (IoT) and wearable devices combined with weak home router security will lead to personal attacks.

Our internet-connected world will be increasingly difficult to secure

Our internet-connected world will be increasingly difficult to secure

The weak link is your home router

“The security situation with home routers is actually pretty bad,” Ondrej Vlcek, COO of Avast told Fast Company. “Most of the companies do a relatively good job of . . . patching the vulnerabilities, but the problem is that no one updates the firmware in the routers. The user doesn’t at all, and usually the ISP doesn’t either.” He added that we saw the most attacks on routers by far in 2015.

“Right now, attackers are targeting routers en masse,” said Pavel Sramek, an Avast Virus Lab research analyst. “It’s highly probable that they’ll expand their target list to network-attached storage  and “smart” TVs as well, since the security aspect of these devices has been almost completely neglected by their manufacturers so far.”

“Many of the companies and engineers don’t really think about security,” says Vlcek. Data, for example, is often transmitted without any encryption, making it easy to steal or fiddle with.

Since this is the time of year to look forward, I asked several of our Avast Virus Lab research analysts about what to expect in 2016 for home networks, wearable devices, and all the gadgets that make up the Internet of Things.

Router and ethernet cable

2015 was the biggest year for router attacks

Is it easy for hackers to break into home networks and is there enough motivation at this time to go to the trouble?

As it stands now, home networks are still not the easiest way for cybercrooks to hack into people’s lives, our team of experts agreed. “Not the easiest way, but too easy to be comfortable with,” said Sramek.

“As more and more devices are becoming smarter and connected to the net, through the Internet of Things, cybercrooks will have more chances to get into the personal home network,” said Sramak’s colleague in the Virus Lab, Nikolaos Chrysaidos.

The motivation is already there too.

“For years, (PC) viruses were the ultimate goal for the bad guy. The goal was to get their hands on users’ data, like credit card information, or to create botnet networks to allow them to send out spam or to do DDoS (distributed denial of service) attacks,” said Vlcek. In a similar manner, cybercrooks have already started to turn internet-connected home devices into “zombies to collect data.”

“The amount of attacks will rise rapidly in 2016,” said Sramek. “Turning IoT devices into zombies is half of their plan. The other is hijacking the network connections of users with devices that are difficult to attack otherwise, like iPhones.”

How do regular people make their home gateways smarter and more secure?
“As a bare minimum, people need an automated vulnerability scanner on a PC in their network, like Avast’s Home Network Security, to check for the most common issues leading to cyberattacks,” said Sramek.

Since we’re still in early days, can threats for IoT devices be eliminated before it gets out of control?

Just like with PC and mobile security, home users can prevent many attacks by applying safe practices and using existing solutions like Avast’s Home Network Security to understand what the vulnerabilities are.

Jaromir Horejsi adds that in addition to educating users about badly configured and insecure home IoT devices, we could use “more secure web browsers, because Firefox, Chrome, and IE are so easy to hack.” He predicts that cybercrooks will create DDoS malware to infect various IoT devices with weak passwords and it will take a combination of home user’s knowing what they’re up against along with manufacturers and ISPs taking more responsibility for safety to overcome the looming threat.

Do you expect to see an increase in attacks through wearable devices?

“In 2015, we have seen many vulnerabilities in wearables. Those vulnerabilities could be used by attackers to extract stored data and use them in personalized social engineering attacks,” said Chrysaidos.

“Today we are seeing a big shift toward social engineering attacks which are ingenious and sophisticated,” said Vlcek. Social engineering uses techniques to trick people into installing malware or adjusting settings that they don’t fully understand.

The biggest target for 2016 is mobile

Phones and tablets are the data collection points for most wearables and Internet of Things devices, so they are targeted for the data they store or the data that passes through them. Mobile devices – smartphones and tablets – are where people are now, and the bad guys know this.

“Bad guys today realize that most people are moving their computing to mobile,” said Vlcek. “They are catching up by coming up with new techniques that gets the job done even without malware.”

“Phones store a lot of personal information nowadays that can be monetized in underground forums. As valuable data exist in our devices those can be treats, and targets, for the cybercrooks,” said Chrysaidos.

Visit our blog tomorrow to read about the upcoming mobile threats for 2016.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

 

Avast

Mr. Robot was our favorite show of 2015

Leave a comment

Back in May, I pulled my new copy of Entertainment Weekly out of the mailbox and flipped through it quickly, as I usually do before sitting down to read the whole thing. An article about an unusual premier of a new TV show called Mr. Robot caught my eye. The cyberthriller’s pilot episode was set to make its debut online and through alternative viewing services like Xfinity On Demand, iTunes, Amazon Instant Video, XBOX, and Google Play almost a month earlier than its USA Network television debut on June 24.

USA Network's Mr. Robot tops all the 'Best TV show of 2015' lists

Mr. Robot tops all the ‘Best TV show of 2015′ lists

The next Monday morning, I shared the news about the show with my colleagues, and we all vowed to watch the new drama about a cybersecurity expert who joins an underground hacker group, as soon as we could. We hoped it would be a more realistic version of the security issues we face today than CSI: Cyber or any number of Hollywood movies. We even contemplated having a weekly viewing party with Avast Virus Lab researchers and getting their comments live, a la Mystery Science Theater 3000, if the show was good.

A twist in the plot

The very next day after the initial discussion, one of my colleagues, and regular blog writer, Stefanie Smith, received an email from a Mr. Robot production staff member asking if we would be interested in having an Avast antivirus product make an appearance on one of the upcoming episodes. At the time, a few weeks before the pilot episode even aired, this was a difficult call – but our decision to be a part of the show, even for a brief moment, proved to be the right one.

Mr. Robot has consistently been named one of 2015’s best TV shows, and it received Golden Globe nominations for Best Series, Best Actor for Rami Malek, and Best Supporting Actor for Christian Slater.

We didn’t watch it together with the Virus Lab guys, but every week after the show, we got their expert opinions about the hacks depicted on Mr. Robot. Here’s some of our favorite moments from season one:

1.     Avast guest stars on Mr. Robot

Mr_Robot_03The show’s protagonist, Elliot, attempts to hack into a prison’s network, and fellow hacker, Darlene, helps him by uploading an exploit onto USB sticks. She drops the sticks on the ground, and a police officer picks one up and foolishly inserts it into his work PC. The idea was to inject a customized payload to compromise and gain access to the prison’s network – and then BAM! Avast detects the exploit!

2.     Operation Meltdown

@whoisMrRobot

via USA Network

Elliot wants to control the Steel Mountain secure data facility’s climate control system to overheat it, thus melting ECorp’s tape-based backup. He uses a complicated gateway-impersonating MiTM (man in the middle) attack, ‘Raspberry Pi’, to accomplish his goal. He eventually connects Raspberry Pi to Steel Mountain’s heating and cooling systems. This 3xpl0its.wmv plot is reminiscent of the point of entry in the real-world Target attack.

3.     “People make the best exploits”

via USA Network

via USA Network

One of cybercrooks most successful methods is social engineering; psychological techniques used to exploit human weaknesses. Throughout the show’s episodes we saw examples of this technique. Even among the more sophisticated hacks, these are the ones that freaked us out the most.

Hackers want your personal information

Elliot uses a password-cracking tool many times on the show. On one occasion, he wants to hack his therapist’s new boyfriend, Michael. He calls Michael pretending to be from his bank’s fraud department, confirming his address and asking him security questions to verify his account: What is his favorite baseball team? His pet’s name? Using the information he gathered combined with a dictionary brute force attack, which systematically checks all possible passwords until the correct one is found, Elliot hacks Michael’s account.

Hackers want to steal company data

In episode d3bug.mkv, one of Elliot’s colleagues, Ollie, received a music CD from a fake rapper that turns out to have malware on it. The infection that resulted gave ‘The Dark Army’ access to Ollie’s laptop webcam which was used to spy on him and his girlfriend, Angela. The hacker tells Ollie he has photos of Angela, and even Angela’s and her dad’s banking information and social security number. He threatens to blackmail Ollie if he does not spread the malware within his employer, Allsafe’s, systems.

 

4.     Mobile devices are vulnerable

via USA Network

via USA Network

ECorp baddie, Tyrell, uses a backdoor to get into assistant Anwar’s Android device to install an app that could allow remote access. It’s not strictly necessary to root the phone – just gaining physical access to the phone is all he needed. In this episode, Tyrell used an SD card with an application called RooterFrame to gain access, but the actual Android APK is Framaroot.

Elliot needs to remove a hacked server in episode wh1ter0se.m4v, but has to do it by creating an Allsafe service ticket. This request requires his boss, Gideon, to send the ticket, and he uses two-factor authentication to receive a temporary, second code sent to his phone. Elliot asks Darlene to send Gideon’s phone hundreds of MMS files to drain the battery, forcing him to charge it- and leave it in his office unattended. Elliot takes physical possession of the device, gets the security token and logs into Gideon’s account to submit a request to take down the server.

5.     Real-life physical hacks

Elliot picks the bathroom lock. He explains that “the lock-pick is every hacker’s favorite sport. Unlike virtual systems, when you break it you can feel it.”

Avast was the only roadblock that Elliot ran into that he couldn’t beat. You can protect your own PCs, Android devices, and Macs with Avast Antivirus products. Our flagship product, Avast Free Antivirus, was chosen as PCMag’s Editors’ Choice 2016 for the best free antivirus. Visit the Avast website to check out all our security software.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Happy Holidays from Avast!

Leave a comment

Merry Christmas! Happy Holidays! Seasons Greetings!

All of us at Avast raise our glass in a toast to all of you, the global community of people who help us keep cyberspace secure. You motivate us everyday, and we wish you the happiest of holidays and a New Year full of joy, peace, and security. Cheers!

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Top 4 malicious phishing scams to look-out for during the holidays

Leave a comment
Cybercrooks take advantage of the busy holiday season to launch scam campaigns.

Cybercrooks take advantage of the busy holiday season to launch scam campaigns.

Be aware that cybercrooks send “special” offers via fake email campaigns during the holiday season.

The holiday season is a time for decorations, cheerful music, shopping, spending time with loved ones, and unfortunately, for cybercriminals hoping you will fall for phishing scams.

“Cybercriminals use the same tactics they always do, but target people more during the holiday season with “special” offers via fake email campaigns. These fake email campaigns can trick people into downloading malware and/or can trick people into giving attackers their personal information”– Jan Sirmer, senior malware analyst at Avast.

We decided to take a look at a few recent examples of malicious emails, more specifically their email subject lines and the email addresses they were sent from. Our goal was to see how cybercriminals are taking advantage of the holiday season.

Here’s what you should look out for:

  1. The Fake Holiday Offer

Whether it be membership offers or special shopping deals, be cautious of the offers you receive around the holidays by email.  Some of them might be too good to be true and are fake or some may come from trustworthy businesses whose email accounts have been hacked.  Here is an example:

‘CHRISTMAS OFFERS.docx’ From: “Nicole*” <[email protected]*

This could be a tempting offer, especially if your upcoming New Year’s resolution is to lose weight. The original email address belongs to an actual business owner, lending credence to the scam. Unfortunately, cybercriminals understand this and misuse business email addresses, such as this, to send out phishing emails to customers, because they know customers trust the business and there is a better chance they will fall for the scam.

  1. The Fake Shipment Updates

Cybercriminals are also aware how important it is to receive online orders on time, so they spoof package delivery services, using emails with subject lines such as:  ‘Your latest DHL invoice: MSE7396821′ from [email protected] and ‘Reminder: Shipment status change for package # 82274150′ from: “USPS 2015″ [email protected] are being sent.

It is always important to pay attention to the email address the email is being sent from, not just the name attached to the email address. You can also check if the email is real by visiting the shipping site directly from your browser to track your order. If the package or invoice number do not appear in the system, then you know the email is a scam and should delete it.

  1. The “Congratulations you won a gift card!” … Not!

Money can get tight around the holidays, so you may be tempted by scams that offer gift cards or cash. Here are some of the scam emails we have seen offering cash for the holidays:

‘Cash Out for the Holidays’ from “U.S. Bank Consumer Finance Wholesale Mortgage” [email protected]

Incoming email ‘Apple Store Gift Card’ From “Apple AppStore” [email protected]

It is safe to say that washbowlsnm531 probably isn’t an Apple employee…

And here are two classic spam emails we have all probably seen before:

‘You WON best buy gift card 500$’ from Best Buy [email protected]

‘AMAZON e-giftcard 100$’ from “Amazone.it” [email protected] 

  1. The holiday e-card! – from your favorite Cyber Criminal

To move away from the shipping and offer scams for a moment, criminals are also taking advantage of people’s excitement over holiday e-cards. We discovered multiple emails claiming to contain a Hallmark e-card from various “Hallmark” email addresses, but we took a closer look and found that most e-card and online gifting services send out greetings from the sender’s email address, not from the company’s email addresses. Hallmark has been targeted by fraudulent emails, like the ones below, so often in the past that they have a dedicated a support page to address the problem.

Scam Holiday e-cards:

‘You’ve received A Hallmark E-Card!’ from [email protected]

‘You have received A Hallmark E-Card!’ from [email protected]

If you receive an email from Hallmark or another online greeting company or gifting service’s claiming you have received an e-card or gift, do not open it or open any attachments or links. Again, these emails should be sent to you with your friend’s email address and if you are not sure, contact the service directly to confirm the email is safe.

How to protect yourself from the Grinches of the cyberworld

Jan Sirmer, senior malware analyst at Avast, shares some tips on how you can protect yourself from the various phishing scams going around during the holiday season:

“It is vital you have antivirus installed on all of your devices (laptops, android phones). Antivirus software, like Avast, will detect and block phishing attacks before they can affect you. You should also make sure all of the software on your devices are up-to-date. Attackers often exploit vulnerabilities, which can be found in outdated software. Finally, you should always be cautious when opening links or attachments in emails. If anything seems off, double check to make sure the email actually came from a trusted source – better to be safe than sorry!

*Name and email address have been changed to protect the business that was hacked

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

Avast

May the force, but not the malware, be with you!

Leave a comment

Not very long ago, in a galaxy not far away, a group of cybercriminals decided to take advantage of the Star Wars effect to spread malware among the most impatient fans.

sw-fake-pirate

A lot of people cannot wait to see Star Wars: The Force Awakens, and that’s something cybercrooks know. That’s why a lot of links that theoretically allow the download of the new movie of the popular saga appeared. As many of you can imagine, those links do not include the films, the only thing they include is malware! An idea worthy of Darth Vader!

We can see those links in popular download sites, along with a lot of comments from users that warn about the true purpose of the links: To install malware on users’ devices.

SW-sith

Is easy to avoid falling victim of this type of scam; just avoid clicking on suspicious links and install an antivirus, like Avast 2016, and keep it updated.

As master Yoda said: “Patience you must have, my young Padawan”.

The power of the dark side is very tempting, but do not let cravings take over you. May the Force and Avast be with you!

Images via ADSLZone and Starwars.com

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

ESET

Microsoft issues warning after Xbox Live certificate ‘inadvertently’ leaks

Leave a comment

A malicious attacker could in theory use the leaked security certificate to launch a man-in-the-middle attack, intercepting Xbox Live usernames, passwords and even payments made by game players.

The post Microsoft issues warning after Xbox Live certificate ‘inadvertently’ leaks appeared first on We Live Security.

Avast

Digital toy company hack exposes information and risks kids’ privacy

Leave a comment

Internet-connected toys gather data on the user and have weak security compared to other computer products.

vtech-innotab

Data stolen from children today can be used to build profiles that will cause trouble for them in the future

Digital devices and toys like cameras, smartwatches, and tablets may be on your child’s Christmas wish list. But more parents are having second thoughts about placing these items under the tree, because Internet-connected toys gather data on the user and have weak security compared to other computer products.

6 million children’s accounts taken by a hacker

This weakness was made very public during the Black Friday shopping bonanza, when a Hong Kong-based digital toy company called VTech lost databases of more than 6 million children and almost 5 million connected parental accounts to a hacker.

By putting the databases together the hacker was able to retrieve personally identifiable information like children’s names, ages, and genders, and even pictures and chat logs were found. Parents’ names, email addresses, secret questions and answers, IP addresses, encrypted passwords, and mailing addresses were also accessed. Supposedly the breach did not include credit card or financial account information exposure.

The hacker responsible for breaking into the VTech databases told Motherboard that his only intention was to expose the company’s inadequate security practices. There has been no indication or evidence that the data has been put up for sale on hacker forums.

“Profiting from database dumps is not something I do,” the hacker told Lorenzo Franceschi-Bicchierai, a staff writer at VICE Motherboard. “I just want issues made aware of and fixed.”

The company has taken several of its sites and services offline after the breach and hired a security company to improve data security.

Do parents have anything to worry about?

Most parents probably have no idea that their children’s data can be compromised, or that there is even anything to worry about. But the danger with stealing even basic pieces of information from a child, is that cybercrooks can begin early to build profiles, setting up the young child for identity theft or other nefarious activities in the future.

“Nowadays it sometimes happens that sophisticated fraudsters use children’s data later on, when they come of age, and establish a credit record or ‘credit footprint’ without the child even knowing it,” Diarmuid Thoma, from security firm Trustev, told ZDNet after the hack was exposed.

The Identity Project, a website which educates people about identity theft, share some potential real-life consequences when a child’s identity gets stolen.

    1. 1. Young adults could be denied the first credit card they apply for because their credit history will show odd behavior.
    2. 2. Their first medical emergency can have incorrect information, because cybercrooks have used it for medical services.
    3. 3. Their DMV records may be tied to criminal activity, which could complicate their license application.
    4. 4. They will be denied a college loan to pay for school.
    5. 5. They will be denied their first apartment and utilities because their credit check fails.

Should parents stop buying internet-connected toys?

With this type of breach made public, parents will now realize the danger that internet-connected toys at home, and even educational technology used at school, may pose to their children in the future because of the lack of security today.

Refraining from purchasing digital items will actually get harder as the Internet of Things universe expands.

We have already become used to sharing personal information in order to get a better experience, so until children’s online protection improves, parents will have to balance the importance of the information they are willing to give up against the benefits of having it used by a company that provides services (think Google or shopping sites) and factor in the level of risk they are willing to tolerate.

image via http://digisns.com/

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Avast Endpoint Protection and Server Security products now compatible with Windows 10

Leave a comment

Image via PCWorld

No one should have to choose between security and the latest technology. At Avast, it’s important to us that we support our valued business customers and create innovative features that keep businesses secure and ahead of the bad guys.

That being so, Avast is happy to announce that our Avast Endpoint Protection and Server Security products are now fully compatible with Windows 10!

How you can get the compatibility update

To get the latest and greatest functionality of these products, you simply need to run the program update. Then, you’re all set to go! After upgrading to the latest version of your program, you can sit back, relax, and enjoy using our award-winning business solutions together with Windows 10.

Visit our website to learn more about Avast business security solutions and the benefits they can bring to your business.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.