Tag Archives: News

Panda Security

Online dating scams

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-online-dating-EN-1-440×290.jpg

Does swiping right cost more than $200 million to the USA?

Protection when using dating apps no longer means you have to pop by the pharmacy before you go out on an internet date. UK’s National Fraud Intelligence Bureau (NFIB) recently reported online dating fraud in the UK cost victims a heart-breaking £27 million ($34 million) last year. NFIB states the numbers are not entirely correct as they believe many people are not reporting online dating crimes out of embarrassment. Quartz most likely takes this argument into account as it mentions the losses in 2016 from online dating in the UK estimates at very close to $50 million. Anyway, we will rely on NIB’s data. The UK has a population of 65 million people, and according to the UK’s office for national statistics, about 45 million of them have access to or use the internet.

How is this relevant to us here in the USA?

Having in the scams are happening in a well-developed country such as the United Kingdom we find the results of NFIB’s research utterly shocking. We decided to see how these numbers would compare to cases in the US. According to PerREsearch, today roughly 280 million Americans use the internet or have access to a connected smartphone or a PC.

If we maintain the same ratio, we can quickly conclude that online dating fraud is mostly costing the US population more than $200 million. This is a lot of money, just to put things into perspective $200 million would be the cost of constructing a desalination plant able to provide clean water for the whole county of Ventura. People need to be protected while enjoying the perks that come with online dating. I guess we just solved the drought problem for one of California’s drought-stricken counties.

Is it $200 million dollars?

It most likely is more than that. It’s no secret USA tops the list of the countries most engaged in online dating. We, the Americans might be smarter and not fall for the tricks of hackers, but according to eHarmony, 40% of Americans use online dating sites when compared to just 25% in the UK, who admitted to having at least one dating app installed on their phone or tablet.

Even if we are not as easy to trick as the Brits, online dating scams are most likely affecting us more than our British friends across the pond. We won’t go into further details but the time and money Americans lose on dating sites are serious. Thus, we wouldn’t be surprised if numbers in the US are even higher.

Who are the victims?

Seniors are more prone to fall victim to one of these scams. About 62% of those who fell for the scams were over 40, and a quarter were aged 50-59. So be extra vigilant if you are in this age group. And even if you are not, if it seems too good to be true, it probably isn’t. And unless you are into giving away your personal belongings, money and personal information to complete strangers in exchange for a possibility of a hookup, we advise you to keep yourself protected with antivirus software that may prevent you from getting scammed. We understand that chatting with exotic lads and ladies might be bringing emotions you enjoy, but please remember to remain protected. Don’t be a contributor to the $200 million pot the US is most likely giving away.

How to determine if you are being scammed and what actions you must take?

Yes, you can be a good citizen and help the police catch the lovebird trying to take your vacation money away from you. The number one rule is always to record the incoming phone number should you start receiving calls. This should not be hard as you can find it in your ‘recents’ section on your cell phone. Secondly, try to remember as much as possible about the way your lover-to-be is talking, i.e. accent, or type of words he/she is using. If it doesn’t feel right, hang up and report the user to the fraud department of the dating platform you are using.

Being a good citizen will help dating sites keep their listings as accurate as possible. Never allow access to your personal information, if you have doubts about the person you are meeting or chatting.

Bear in mind those three rules:

  • Do not give your account number to anyone over the phone or the Internet unless you are the caller or if you are 100% sure who they are.
  • Keep in mind that fraudulent activities are often made by non-native people.
  • Using common sense is the best way to avoid a scam.

Panda Security is here to the rescue; we offer the best antivirus protection for all your devices. Next time you swipe right, stop by at www.panda.com and get yourself protected. Then go to the pharmacy and get the additional things you may need to enjoy a safe and happy relationship.

The post Online dating scams appeared first on Panda Security Mediacenter.

Panda Security

Two Step Verification, and How Facebook Plans to Overhaul It

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/facebook-two-step-verification-300×225.jpg

We’ve all been there. You get a new smartphone or computer, and you have to slog through all of your first-time logins by manually typing out usernames, passwords, etc. Sometimes it happens that one of your accounts has a particularly difficult password that you barely even remember creating and – yep, you get locked out of your account. You curse yourself for that distant day when you felt so ambitious about password security and created such a puzzle for your future self. But if you’re among the many who ordinarily aren’t too finicky about security, then you’ll probably have no qualms about recovering access to your account by requesting a password reset email from the company.

However, cases reminiscent of the recent data breach of the century at Yahoo that affected a billion accounts show the need for additional security measures. Attackers would be happy to use passwords and security questions collected from such breaches to access your current accounts. In fact, the password recovery link itself may be compromised.

The alternative standard procedure in these cases is the two step verification: associate a phone number with the account to add an extra layer of security. This option is available on a number of services, including Gmail, Facebook, Twitter, and Instagram. However, Facebook has just announced a new way to recover forgotten passwords safely and without the need of a phone.

Challenging email as the standard

Soon, the social network par excellence will allow third-party web users to recover their passwords through their own service. Internet users will be able to save an encrypted token on Facebook that allows them to retrieve their password on pages like GitHub. This way, if you lose your Github password, you can send the token from your Facebook account, thus proving your identity and regaining access to your GitHub profile.

The company has emphasized that the token’s encryption guarantees user privacy. Facebook can’t read the information stored in it and will not share it with the service you’re using it for without express permission from the user.

At the moment, the service, which has been called Delegated Recovery, is only available on GitHub. It has also been made available to researchers as an open source tool to be scrutinized for vulnerabilities before it is implemented to other websites and platforms.

With this new method, Facebook aims to eliminate the headaches of users who suffer theft or loss of their smartphones and can’t recover their accounts immediately. And while they’re at it, they’ll take the opportunity to offer themselves up as a safer alternative to email when it comes to recovering passwords. “There’s a lot of technical reasons why recovery emails aren’t that secure. Email security doesn’t have the greatest reputation right now. It’s the single point of failure for everything you do online,” said Brad Hill, security engineer at Facebook. Will Facebook succeed in becoming the hub of all of our accounts? Time will tell.

The post Two Step Verification, and How Facebook Plans to Overhaul It appeared first on Panda Security Mediacenter.

Panda Security

4 Cybersecurity Risks We’ll Face With WhatsApp Status

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-whatsapp-status-300×225.jpg

WhatsApp –the Facebook-owned giant that really needs no introduction– is seemingly on a mission for world domination, this time, taking on Snapchat.

The instant messaging company’s new WhatsApp Status feature will allow users to privately share edited photos, videos and GIFs, with their contacts, that will disappear after 24 hours.

It’s not the first Facebook-led Snapchat Stories copycat, but it’s perhaps the most ambitious. WhatsApp, with over a billion users, have really taken on the competition here.

One of the interesting points that Whatsapp have always made sure to emphasize in their blog is the “security by default” principle which will be upheld by Stories.

In the Status feature statement, Jan Koum has said “yes, even your status updates are end-to-end encrypted.

But Is It Really As Safe As They Say?

Hervé Lambert, Retail Global Consumer Operations Manager at Panda Security says that the use of Whatsapp Status is still not risk-free:

After having carried out various studies on the behavior of people on social media, we’ve detected a few potential risks that all users of this new version of WhatsApp Status should recognize.

Your Status Will Be “Public” By Default

The default setting on WhatsApp Status will be set to public. All of your statuses will be visible to any contact you have on your phone. To some, this may entail a real invasion of privacy as most people hand out their phone number much more readily than they accept someone on social media. Think of the amount of work acquaintances or casual contacts that will have access to potentially private posts.

We have to take into consideration that we can’t tell certain details of our private lives to all our contacts. We don’t know what these people could do with this information,” adds Hervé Lambert.

Hackers Can Breach WhatsApp’s Vulnerabilities

WhatsApp certainly prides itself on being a secure app with its end-to-end encryption, and rightly so. However, the fact that it boasts millions of users still makes it a target for hackers who seek to carry out cyber attacks on large amounts of people. For these attackers, it’s a probability game; the more users they try to attack the more likely they will succeed.

Apple’s, iOS Messenger, has recently been exposed by cybersecurity experts. Though the vulnerability in that app is by no means a cause for great concern in itself, it shows that encrypted messaging apps are not impenetrable.

Ransomware

Who are these types of features usually aimed at? It’s possible that Whatsapp Status could be a ploy to encourage less tech-savvy users to cross over to more involving social media, like Facebook itself, after having tried out the new Whatsapp feature for the first time.

However, it’s safe to say that features like Status, Snapchat Stories and Instagram Stories are most popular amongst young kids who enjoy the ability to post weird and wonderful images that won’t be saved on a profile indefinitely.

Unfortunately, young people are also perhaps the most vulnerable to ransomware attacks.

The very fact that the posted statuses are less permanent leads some young people to post photos or videos that are more risqué in nature. Cybercriminals look for this kind of content online to lead vulnerable young people into paying a ransom, or carrying out undesired actions if they don’t want the content shared with the public. Caution is always advised when posting online.

Pirate “Complementary” Apps

When a new feature comes out like Whatsapp Status, there’s usually a huge buzz, and a frenzied search for new functionalities. This is something that cybercriminals try to take advantage of.

It’s important to be weary of new apps claiming to add functionalities to Whatsapp Status. This is specially the case with apps that “promise” they can bypass important functionalities. With apps like Instagram and Facebook, they usually claim they will allow you to see who’s looked at your profile. With Whatsapp Status it would be unsurprising to see some that claim to allow you to still see photos after the 24 hours have passed.

These apps are largely malicious and they draw people in by claiming to be able to bypass an integral functionality of the app. As you try to use the pirate app it could be loading ransomware onto your device. Don’t be drawn in by desires to byspass main functions of an app.

As the new WhatsApp Status feature is rolled out, more possible risks will likely come to the attention of users and cybersecurity experts. Though WhatsApp is a safe app, relatively speaking, it’s important to be careful what you post online and where. It’s not always completely clear who has access to the data.

The post 4 Cybersecurity Risks We’ll Face With WhatsApp Status appeared first on Panda Security Mediacenter.

Panda Security

Smart Cities and Open Data

Leave a comment

With the constant advancement of technology, we are already witnessing the phenomenon of smarter cities.

According to Anthony Mullen, research director at Gartner, the next couple of years will be crucial for smart cities and open data as people will continue to “increasingly use personal technology and social networks to organize their lives, and governments and businesses are growing their investments in technology infrastructure and governance.” Even though the term ‘smart city’ means different things to different people, generally cities are considered ‘smart’ when its citizens are benefiting from open data sources converted into solutions that ease people’s lives. The solutions are developed by government and private companies.

How do smart cities work?

There are all sorts of reporting devices placed around every town, as well as IoT devices, which communicate with each other. The information is then converted into a solution such as the ones that ease traffic or control traffic lights. To some extent, smart cities also rely on people who voluntarily share their data. To experience the benefits of a smart city, you may need to have a subscription or rely on data democracy, i.e. sharing your data with third party grants you access to the solutions they are offering.

Smart city examples

Have you noticed all the people texting or looking at their phones on your last trip to Europe? Yes, people are surely checking their Facebook feeds but what they also do is informing themselves when the next bus or train is going to arrive. Buses and trains are now connected to make public transport more predictable and decrease traffic congestion. London’s TFL, in particular, encourages app developers to integrate the open data that TFL is sharing to help the city circulate better.

The situation is similar in New York – imagine how helpful it would be if we knew when and where there would be parking slots available. Smart city perks are saving time and money to millions of folks every day, and the trend will continue to grow. Research firm Gartner claims that by 2019, fifty percent of citizens in million-people cities will benefit from smart city programs by knowingly sharing their personal data.

How to stay safe in a smart city?

Regular cities are going ‘smart’ because governments are making an effort to make your life easier. It surely helps knowing when your bus is going to arrive, and how to get from point A to point B avoiding traffic saving yourself some time and money. However, all these connected devices and the mass sharing of both usable and unusable data could be dangerous. Hackers are getting creative, and the safety of millions of connected devices has been compromised already.

Panda Antivirus software protects you from sharing more than you have to. In a recent report by a tech giant Hitachi, a staggering 95% of respondents rated the role of technology in ensuring public safety as ‘important’ or ‘very important.’ A smart city wouldn’t be smart if it is not safe.
Panda Security offers various solutions that will help you stay protected and remain smart even when you are not in a smart city. The more protected you are, the better.

The post Smart Cities and Open Data appeared first on Panda Security Mediacenter.

Panda Security

RDPPatcher, the Attack that Sells Access to your Computer at a Low Price

Leave a comment

In recent months, there’s been a significant uptick in PandaLabs reports of malware that is installed using a Remote Desktop Protocol (RDP). Every day, we witness thousands of infection attempts using ransomware, hijacking systems for bitcoin mining, etc., which all have one thing in common: access via RDP after gaining entry with credentials obtained using the brute force method.

There are plenty of useful purposes for an RDP, but unfortunately in the wrong hands it can become a weapon for cybercriminals. We’ve already spoken of a shared history between RDP and ransomware, especially in the corporate environment.

The new attack discovered uses the same technique of entry, but its goal is completely different from those analyzed previously. This time, after infiltrating the system, it focuses on finding Point of Sale Terminals (POS’s) and ATMs. The reason for this is that they are simple terminals to attack anonymously from the Internet, and the economic profit of selling stolen information is high.

RDPPatcher: Selling system access on the black market

In the present case, the brute force attack lasted a little over two months until, in January 2017, they hit upon the correct credentials and gained access to the system. Once the system was compromised, the cybercriminals attempted to infect it with malware. They found their attempts blocked by Adaptive Defense, at which point they modified the malware and tried again, without success. Since Panda’s advanced cybersecurity solution is not based on signatures and does not rely on previous knowledge of malware in order to block it, modifying the malware didn’t change the result.

It’s clear from the malware analysis what the purpose of the attack is. The hashes of the two file are the following:

MD5  d78be752e991ccbec16f11e4fc6b2115

SHA1  4cc9d2c98f22aefab50ee217c1a0d872e93ce541

MD5  950e8614db5c567f66d0900ad09e45ac

SHA1  9355a60dd51cfd02a921444e92e012e25d0a6be

Both were programmed on Delphi and packaged with Aspack. After unpacking them, we found that they were very similar to each other. We analyzed the most recent of them: (950e8614db5c567f66d0900ad09e45ac).

This Trojan, detected as Trj/RDPPatcher.A modifies the Windows records in order to change the type of RDP validation. These are the entries that the system modifies:

HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp /v UserAuthentication /t REG_DWORD /d 1
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp” /v UserAuthentication /t REG_DWORD /d 1

And deletes the following entries if they are present in the system:

“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem” /v legalnoticecaption /f
“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem” /v legalnoticetext /f

Subsequently, it leaves another file (MD5: 78D4E9BA8F641970162260273722C887) in the %TEMP% directory. This file is a version of the application rdpwrap and is run via the runas command with the parameters “-i –s” in order to activate concurrent RDP sessions on the system.

It then proceeds to profile the machine and obtain its information:

  • Username
  • Device name
  • Amount of time the device has been turned on
  • Operating system version
  • Language
  • Virtual maching
  • Memory
  • Processor name
  • Number of processor cores
  • Processor speed
  • Antivirus

It then connects to the control server (C&C server) to access a list of services that measure the speed of connection to the Internet, and later saves the data related to upload and download speed. Next it checks which antivirus is installed on the computer. Contrary to what we are accustomed to seeing in most malware attacks, it does not do this to remove the installed antivirus or to change its behavior. It is simply gathering data.

This is the list that we have extracted from the binary with the processes that it searches:

See Table 1
Once this is done, it begins to search for different types of software to continue profiling the computer. It mainly looks for POS, ATM, and online gambling software. What follows is a small part of the list of software that it searches (in total there are several hundred):

See Table 2

It also combs through browsing history, where another list is contained, categorized by areas of interest:

See Table 3
These chains are searched for in the browser history by the malware itself. They’re used to “label” the computer based on software used and webpages visited.

Once it’s finished with the data gathering from the system, it makes a web petition to the C&C. In order to hide the sending of the information via web traffic from detection systems, it first encrypts it with AES128 using the password “8c@mj}||v*{hGqvYUG”, which is embedded in the sample analyzed. It then codifies it on base64.

Example of the encrypted petition.

The C&C server used for this malware sample is located in Gibraltar:

Conclusion

As we’ve seen, the first thing the attacker seeks to do is to inventory the computer, compiling all types of information (hardware, software, webpages visited, Internet connection speed), and install an application that allows multiple RDP sessions at once. At no point does credentials theft, or any other data theft, occur.

The explanation for this is very simple: the cybercriminals behind these attacks sell access to these computers for a very small fee. Being in possession of so much data from every system allows them to sell access to other groups of cybercriminals specializing in different fields. For example, groups that specialize in the theft of card data can acquire computers with POS software, and so on. Cybercrime has indeed become a profitable racket.

The post RDPPatcher, the Attack that Sells Access to your Computer at a Low Price appeared first on Panda Security Mediacenter.

ESET

UK government to roll out cybersecurity clubs for teens to address skills shortage

Leave a comment

A new government scheme will be rolled out to thousands of 14-18 year olds across the UK, encouraging them to take part in extracurricular cybersecurity clubs.

The post UK government to roll out cybersecurity clubs for teens to address skills shortage appeared first on WeLiveSecurity

Panda Security

The EU’s Plan for Making Sure Robots Don’t Bring Harm to Humans

Leave a comment

 Will robots steal jobs? For many, the answer is yes, they will indeed. A recent study from the World Economic Forum has put a number on the dispute that has been on the table for a while now: between now and 2020, 7.1 million jobs will disappear in advanced countries, and 2.1 million will be created. In other words, 5 million jobs will be lost for good.

Another recent report, this time from the Organization for Economic Cooperation and Development (OECD), has identified Spain, Austria, and Germany as being the countries that will most be affected by the robot revolution. Specifically, what is already being called the “fourth industrial revolution” will cause 12% of workers from these three counties to be substituted by machines, compared with an average of 9% from the OECD’s member countries.

People aren’t freaking out quite yet, but many in Europe are feeling some apprehension about this. That’s the reason why the European Parliament has developed a set of rules to regulate the relationship between robots, citizens, and companies, in a manner that may recall the robotic laws of Isaac Asimov.

This proposal for a legal framework will now have to be debated by the European Commission, who will decide whether or not to regulate the implementation of robots in society to minimize the adverse effects caused by the machines.

Here are the proposed measures.

An Off Switch

As ‘machine learning’ and ‘deep learning’ techniques are advancing by leaps and bounds, the European Parliament wonders what will happen if robots teach themselves more than we bargained for and end up becoming dangerous. Its proposal is that, by law, a deactivation button be installed in all robots in case of emergency.

They Can’t Hurt Humans

Seemingly lifted straight out of Asimov, this measure proposed by the European Parliament would prohibit companies from manufacturing any robot that has the aim of harming human beings. Pretty basic, and probably common sense, yes, but also necessary. If approved, you’d have to take into account ‘killer robots’ designed for war.

No Emotional Bonds

More than a concrete measure, this one could be considered a firm reminder. The European Parliament wants to make it clear to humans that robots have no feelings (at least for now) and that, therefore, they should not allow themselves to be cajoled by apparent emotions that are really only feigned.

Insurance for the Bigger Ones

The manufacturer and the owner of the robot will be held responsible for any damage it may cause, so that the owners of a large (or highly dangerous) automaton must take out an insurance policy (legislation that is similar in nature to laws governing automobile insurance).

Machine Obligations and Rights

The European Parliament’s report defines robots, to the surprise of many, as “electronic people”, and confers them rights and obligations similar to those of humans, which remain to be defined. It could even get to the point that they are held accountable for their actions in the eyes of the law, along with their creator and owner.

We’re All Taxpayers (Even Them)

One of the most controversial measures included in the proposition is that the robots, in order to reduce the social impact of unemployment, may be required to pay social security contributions and pay taxes as if they were human workers. In this way, they would contribute to filling the coffers of pension and health funds.

Basic Universal Income

As many humans are going to find themselves unemployed, the report also mentions the possibility of creating a basic income system that guarantees a minimum living stipend to people, thus easing the transition between an economic model based on human labor and the almost complete automation of work.

The post The EU’s Plan for Making Sure Robots Don’t Bring Harm to Humans appeared first on Panda Security Mediacenter.