Tag Archives: Malware

Panda Security

A phishing attack is launched every thirty seconds: 6 tips to protect yourself

Phishing continues to blight the Internet and is a thorn in the side of companies around the globe. Not only is it one of the most serious problems facing any company with even a minimal activity on the Web, it is also an ever-increasing threat.

phishing-tips- panda- securitySo much so, that a recent study has revealed that in the last year alone there have been more than a million attacks of this nature. This means that on average, a phishing attack is launched every thirty seconds with the aim of defrauding companies and home-users alike. In the case of businesses, the damage inflicted by this onslaught is nothing short of dramatic: the total cost to companies around the world is in excess of 9,000 million dollars, more than 8,000 million euros at today’s exchange rate.

The total cost to companies around the world is in excess of 9,000 million dollars.

Given this situation, in addition to having proper protection, it is more important than ever that companies follow a series of recommendations to prevent falling victim to an attack that could have grave financial consequences. Checking the source of each email you receive and not accessing bank websites from links included in emails are two of the basic precautions you can take to avoid falling into the traps set by cyber-criminals.

What makes these and other similar measures so essential is the dramatic increase in phishing attacks that has taken place over the last year. In the second quarter of 2016 alone, more than half a million unique attacks were identified, that’s a 115 percent increase on the previous quarter. Moreover, the increase with respect to the same period in 2015 is even more alarming: 308 percent.

In the second quarter of the year “Phishing” attacks have been incresing in a 115 %

To counter this situation, it is essential for companies to ensure that their employees are aware that they must only enter confidential data on trusted websites which, as with all secure pages, have an address starting with HTTPS. Phishing attacks are on the rise and they are also evolving. Now, for example, not only are they aimed at identity theft on social networks or taking money from current accounts, they are also being used to steal from e-Wallets.

 

The post A phishing attack is launched every thirty seconds: 6 tips to protect yourself appeared first on Panda Security Mediacenter.

Panda Security

Spotify under fire: Are we entering a new era of malvertising?

pandasecurity-antivirus-spotify

Tips to protect your personal data on online music streaming platforms like Spotify

Malvertising – yet another offspring of the online advertising, has been around since 2008. However, in 2016 we’ve been observing more and more creative ways of hackers trying to compromise your system by injecting malicious or malware-laden advertisements.
They are getting so creative that infected adverts are no longer a threat that comes only from questionable torrent websites.

There are reported cases of malicious codes being able to sneak up into your devices from reputable online advertising networks and webpages. A few days ago even Google acknowledged a fault in their Chrome browser – as reported by Ars Technica, over a two-month span starting in August 2016, a malicious advertising campaign downloaded the Banker.AndroidOS.Svpeng banking trojan on about 318,000 android devices. Even though the malicious installation files were not automatically executed, they have been named names such last-browser-update.apk and WhatsApp.apk – file names that could have been easily mistaken for legitimate ones.

Spotify was recently under fire too – multiple sources such as Engaged confirmed some listeners got not just free music but malicious code too. Some of the confirmed cases state files didn’t even have to be executed in order to cause damage. All three major platforms have been targeted – Linux, Mac and Windows. It is not yet confirmed if the code has been able to affect all three platforms.

How is this happening?

It’s not yet that hard to get unnoticed. All reputable advertising networks have strict guidelines for organizations interested on working with them. However, even though advertisers pass rigorous checks, in some cases advertisers can modify the ads after they have been approved. This is particularly easy when the ads are hosted on their own servers. Therefore, seeing a malicious ad should not surprise you and you will have to be prepared.

How do we stop it?

There is a simple way to not be a victim – remain vigilant. Hackers are after your credit card information, social security number, address and personal information. Just don’t share this information with them! Phishing tactics are getting more and more advanced and you need to stay on top of your game – here’s how;

  • Don’t be afraid to install antivirus software on your device. You don’t drive your car without a car insurance, do you? Why would you leave your cell phone, PC and/or Mac vulnerable to threads without any type of backup? The best way to know if you are being targeted is to have the software that would sound the alarm if there is any suspicious behaviour around your connected devices. Panda’s Internet Security is a must and it comes with 1 month free trial.
  • Remain vigilant – even if you are protected, phishing emails could be so well done and could take you to spoof sites that may look as good as the original ones. Always check the URL you are on and make sure you double and triple check the page location if you are being asked to provide your login details or to reset a password. You may be in the wrong place!
  • Don’t use the same password over and over again – as we reported, millions of passwords have been stolen over the last years that it is very likely your username and password are in someone’s database already. Using the same password is similar to not changing the lock after purchasing a condo, you literally don’t know who else already has a key. Don’t test it, better be safe than sorry!

The post Spotify under fire: Are we entering a new era of malvertising? appeared first on Panda Security Mediacenter.

Panda Security

Companies don’t take proper care of the data they store in the cloud

cloud panda security

That hard disks, pen drives and other physical storage devices are an attractive target for cyber-criminals wanting to steal confidential information from enterprises is something that company managers are well aware of. And, in fact, they try to educate their employees about the need to use those tools properly.

However, the now-popular digital cloud, used by businesses to store increasing amounts of sensitive information, must also be taken into consideration when designing a company’s cyber-security strategy. Moving to the cloud has powerful benefits – cost savings, easy access to files from anywhere, convenience, etc.- yet it also poses some risks that must be identified and controlled.

According to a recent study published by the prestigious Ponemon Institute, the majority of businesses have not or do not know if they inspect their cloud services for malware.

The majority of businesses have not inspected their cloud services for malware.

According to the study, while 49 percent of business applications are now stored in the cloud, fewer than half of them are known, officially sanctioned or approved by the IT Department.

While respondents understand the risk of data breaches, nearly a quarter could not determine if they had been breached, and nearly a third couldn’t determine what types of data were lost in the breach(es). Neither do they know how the breach(es) occurred.

This and similar studies seem to indicate that enterprises rely too much in the security measures adopted by cloud service providers themselves and that, all too often, companies leave the protection of their most valuable secrets and assets almost exclusively in the hands of third parties such as Amazon or Slack.

To resolve this situation, CISPE, a coalition of cloud service providers operating in Europe, has published the sector’s first code of conduct aimed at ensuring data security and confidentiality. Compliant cloud infrastructure providers will be able to identify themselves with a ‘Trust Mark’ that will provide additional security assurance for customers, especially corporate ones.

Nevertheless, despite the measures taken by these Internet giants to ensure the integrity of the information stored on their servers, companies and their employees cannot ignore their own responsibility to keep corporate data and documents secure. Just as they take good care of their hard drives and pen drives, they should also take care of the cloud to prevent their data from ending up in the wrong hands.

The post Companies don’t take proper care of the data they store in the cloud appeared first on Panda Security Mediacenter.

Panda Security

Searching for celebrity news on Google can be dangerous for your computer

celebrites-malware-panda-security

Something as apparently inoffensive as employees keeping up with the lives of ‘celebs’ on the Internet could be far more dangerous than you think for your company’s IT systems. Whether you like it or not, some employees take advantage of dead time (and not-so-dead time) to look for all the latest gossip and news on the Web.

There may not be anything too risky about reading reputable newspapers online to see the latest news or check out your team’s results (although there have been cases of malware-laden ads in online newspapers). However, gossip columns and other celebrity stories have become a serious threat for the security of computers and mobile devices.

Cyber-criminals are well aware of the interest generated by the lives of the stars, which is why they have come up with specific strategies to bait users into downloading malicious programs on their computers when they access this content.

Cyber-criminals are well-aware of the interest generated by the lives of the stars.

The first step that the average user takes when looking for information about celebs is to ask Google. Yet some searches are more risky than others. Some famous people and related events offer more potential for attackers, as was the case recently with Brad Pitt and Angelina Jolie after their separation became public.

New film or music releases are also a popular weapon for criminals whose aim is to infect users’ computers and devices looking for passwords and other confidential information. Whenever a new story breaks, searches related to those involved increase dramatically and it becomes easier to infect users with malware hidden on malicious websites with related stories.

New film or music releases are also a popular weapon for criminals.

In order to minimize the threat, apart from having an efficient policy for controlling the way your employees use your company’s devices, the most effective measure is awareness. Firstly, your company’s workers should learn to distinguish between trusted pages and those that could potentially be used by criminals to infiltrate your systems. They should also avoid any links to illegal downloads, whether direct or via ‘torrent’ (highly in demand when a new film or song is released).

Of course, you can get an additional guarantee of protection against malware that exploits users’ fascination with celebrity news by having a security solution to protect all your devices, such as Panda Security’s corporate solutions.

The post Searching for celebrity news on Google can be dangerous for your computer appeared first on Panda Security Mediacenter.

Hackers News

Warning: Beware of Post-Election Phishing Emails Targeting NGOs and Think Tanks

Just a few hours after Donald Trump won the 2016 US Presidential Election, a hacking group launched a wave of cyber attacks targeting U.S.-based policy think-tanks with a new spear phishing campaign designed to fool victims into installing malware.

The group of nation-state hackers, also known as Cozy Bear, APT29, and CozyDuke, is the one of those involved in the recent data breach of the