Tag Archives: News

Panda Security

The cost of cybercrime is multiplying

The damaging effects of cybercrime are bound not only to a matter of bad image and corporate reputation, but they also cause significant economic losses to companies and individuals who suffer from this type of incident. In fact, this figure is increasing, according to a report recently released by the information technology consultant Juniper Research, which puts the accent on the increasing professionalization of hacktivism and cyber crooks in general, and on the fact that the financial targets that the evil-doers are set in the digital world are increasingly ambitious.

dinero cibercrimen

In particular, in this study “The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation” the analysts estimated at $ 2.1 trillion the cost of data breaches globally by 2019, no more and no less than four times more than what is estimated it will cost this year 2015. The increasing digitization of the end users and companies’ assets is one of the elements that is causing being attacked has an increasingly greater economic cost.

More attacks but where?

Interestingly, according to the report, although more and more threats occur through mobile devices (the platform Android, owned by Google, is the most widespread on the market and is in this sense the most attacked. Cyber-attacks are also expected through the so called Internet of things, a concept which refers to the large number of objects connected to the network in the near future (from cars to appliances and many sensors, etc.), it is true that the vast majority of security breaches will occur in existing IT and network infrastructures.

As James Moar an analyst at Juniper Research explained: “Currently, we aren’t seeing much dangerous mobile or IoT malware because it’s not profitable”. According to the expert the kind of threats we will see on these devices will be the popular ransomware, a technique that locks down the victims’ devices until they pay a ransom to recover their systems and information.

Even so, we should emphasize that other consulting firms such as IDC consider that we must be vigilant with regard to security breaches produced through the Internet of Things. A recent study by the analysis firm pointed out that, in 2016, nine of every ten technological networks will have suffered a security breach relating precisely to the connected objects.

In terms of the geographical location where the security breaches will take place as predicted by the experts from Juniper, North America is the area coming off worse; in fact, it will suffer 60% of the incidents expected to occur this year 2015. Facing the coming years it will go, however, giving way to other countries which are beginning to emerge with greater wealth and digitization of their societies and economies, and which will also begin to suffer more security attacks of this type.

Another fact to keep in mind: the consultant firm predicts that the average cost of a data breach in 2020 will be over $ 150 million since there will be more and more connected business infrastructure. According to the Spanish National Cryptologic Centre (CCN) 2013 data, cybercrime moves in the world about $ 575.000 million, i.e. an average country’s GDP and more than what drug trafficking produces across the globe. In Spain, according to the same source, around 200.000 incidents occur daily although most of them with a very low intensity.

Cybercrime actors and hacktivists go pro

Another of the highlights of the report is that, according to Juniper, cybercrime is becoming more and more professional. Moreover, already last year the first cybercrime products appeared on the market (yes, software for creating malware). A trend in recent years was that hackers only penetrated the computer systems for the recognition of having accomplished their computer deed, but now they have given way to real cyber-criminals and extortionists.

On the other hand, hacktivists, i.e. those individuals who use illegal or legally ambiguous digital tools to achieve political goals or of another type (web site defacement, redirecting, denial of service attacks, data theft, web site parodies, virtual solutions, virtual sabotages, software development, etc.) will act less during the coming years, according to the consultant, but they will be more significant and better organized through social networks.

The post The cost of cybercrime is multiplying appeared first on MediaCenter Panda Security.

AVG

Securing a Heterogeneous Internet of Things

Analyst firm IDC predicts that the number of Internet of Things (IoT) devices—from home appliances to commercial applications such as door locks and sensors—will grow into a $7.1 trillion market by 2020, compared to $1.9 trillion in 2013.

This rapidly growing market is giving rise to a land grab of sorts: companies are vying to build the one IoT platform that will link all devices, and by linking them make them “smarter” as they communicate with one another.

So it may come as no surprise that at its developer conference last week, Google announced Brillo, a new Android-based operating system (OS) for the Internet of Things. The connected OS promises to use as little as 32 or 64 MB of RAM to run, making it power-efficient and light enough for “things” such as light bulbs, keys or door locks.

By offering a familiar, widely used (Android) OS as the basis for its IoT platform, Google is offering a solution that is already familiar to developers worldwide. However, by offering yet another OS for Things, it also compounds the fragmentation of the space. There are a wide array of vendors and consortiums now offering operating systems, connectivity platforms and discovery protocols.

With each vendor and approach come security threats and attack vectors. These threat surfaces are multiplied by the connectivity and discovery protocols and by the routing of data. There is a trend to route data from each device to the cloud, even when, intuitively, this should not be necessary. This enables device manufacturers to utilize hardware, services and data business models. It is not a trend that is likely to slow down by itself.

Securing this spider web of technology and data is a challenge and a necessity. When a smart lock knows when people are home, or when your security camera sees where you put your valuables, they contain very valuable information for criminals. Less obviously, but just as worrisome, is the aggregate data about you that travels the airwaves in your home and beyond.

Brillo, being built on the mature Android platform, has the advantage of being hardened for security over time, and the disadvantage that nefarious players already know its ins and outs. Other, less widely deployed platforms will go through their own maturity evolution as developers and hackers dig through them.

Because of the vast number of suppliers of Things, and the wide variance of the platforms and protocols, a full security solution is unlikely to come from one of these players. The answer to the IoT security dilemma will more likely come via third-party security companies who’ll play a major role in providing secure, safe digital environments for users across connected devices.

To keep the Internet of Things from devolving into the Internet of Threats or the “Illusion of Trust,” the industry needs to shore up standards on privacy and security. Today, the IoT is still evolving rapidly, and its standards and regulations are just being developed. We’re at a moment in time that’s similar to the birth of the World Wide Web 25 years ago. This time, however, we can build a hyper-connected world based on safety and trust and the principles of protection and privacy—literally, we can build security into the foundation of the IoT infrastructure.

One of the fathers of the modern Web, Vince Cert, once said he regrets not building more security into the architecture of the Internet. It was difficult at the time to anticipate the level of cybercrime, cyberwarfare and cyberespionage that would emerge. The promise of the IoT is exciting, with many business and consumer applications, including the connected car and the connected home. But for our vision to come to fruition, let’s learn the lesson of our predecessors and design the IoT and its devices by prioritizing privacy and security as central features.

An area we are passionate about is what we call the “law of least data.” This encapsulates the desire for data to be routed as directly between agents as possible. Two devices in your home should not have to send data to the cloud – even if they are from two different vendors – when they are talking to each other. Your next generation smartwatch should not have to talk to the cloud in order to read data out of your pacemaker. Of course some setup, or discovery metadata, may be required upon installation, but thereafter data should be kept personal whenever possible.

By agreeing on some defining principles, such as the law of least data, we can build a better Internet of Things.

AVG

AVG begins bug bounty program

For AVG, helping to keep our 200 million users safe online isn’t just a question of reacting to threats as and when they appear. Instead, our security is built on a foundation of deliberate, pre-emptive action in order to keep their data and identity safe.

One way to be proactive is through a bug bounty program, which offers rewards to researchers that legally find and responsibly disclose vulnerabilities. By safely identifying and fixing vulnerabilities before attackers discover them, bug bounty programs help make software and websites more secure.

This extra security is one of the reasons I’m pleased to share that AVG has started a bug bounty program on Bugcrowd. Bugcrowd gives AVG the opportunity to have a well-established and respected community review its PC security products. This proactive approach to the security of our software will give our more than 200 million active users even more peace of mind and protection.

By starting a bug bounty program, AVG joins other companies like Google, Microsoft, Facebook and Apple taking that extra step to secure its users.

Microsoft Bug Bounty

How can you get involved?

The AVG bug bounty at Bugcrowd is currently focused on two of our PC based security products, AVG AntiVirus FREE 2015 and AVG Internet Security 2015.

If you think you’ve got what it takes to become a bug bounty hunter, you can see all the technical details here on AVG’s bug bounty page at Bugcrowd.

AVG

Are you using a password that’s a decade old?

In the study by Telesign, web users had on average six passwords protecting 24 online accounts, another cause for concern. Using old or weak passwords across multiple sites can leave people vulnerable to attack.

Using the same password on multiple sites is one of the biggest mistakes that people can make in terms of Internet security. If a password for one account gets compromised then it can start a chain reaction that leaves other online accounts vulnerable to attack. With high profile data breaches regularly in the news, this is not as farfetched as it may sound.

Good password practice

There are three basic steps that we can all follow to help keep our online accounts safe:

Use a strong password

Creating a strong and memorable password doesn’t have to be difficult, we’ve outlined three easy steps in our password guide.

In the meantime, here are four common password mistakes to avoid.

Video

Password Mistakes to Avoid

 

Use a different password for each account

Here to explain why it’s always a good idea to use site-specific passwords, here is AVG Security Awareness Director Michael McKinnon:

Video

Use A Different Password for Each Site

 

Use Two-Factor authentication

Lastly, I suggest using two-factor authentication whenever it’s available. Two-factor authentication means that your password alone isn’t enough to access an account. Instead you’ll need a code sent to your phone or generated by an app to validate your identity.

Watch the video below to learn more:

Video

What is Two-Factor Authentication

AVG

Garage door hacked in under 10 seconds using only a child’s toy?

A famous football coach once said, “If you’re not getting better, you’re getting worse” and ironically this statement applies to your own security as well.  If you’re not keeping up-to-date with the latest security, then it’s probably getting worse because the threats just keep getting better.

This simple fact has been proven again by a researcher who demonstrates how he can hack most garage doors using nothing more than a modified electronic toy. Researcher Samy Kamkar has published his findings and a video explaining how he was able to hack a number of fixed-code garage door openers in under 10 seconds.

 

Not only is this a case of how old technology can be outdated by modern devices, but in this example the cause is a child’s toy that even today has already been discontinued by its manufacturer and is considered a throwaway item by some.  Recycling hackers unite.

There’s no doubt that hardware-hacking gadgets are starting to become more popular such as mobile phone jammers and issues with keyless entry systems on cars.

Luckily, for those of us fortunate enough to have a garage door, Samy has chosen not to reveal the inner-workings of his research, so that criminals can’t benefit.  But, let’s face it, the cat is out of the bag on this one, and the clock is now ticking.

Samy has also recorded a video explaining how to can protect yourself from attacks like these.

Video

Protecting against OpenSesame

 

Most of the tips involve learning about the technology in everyday objects such as garage doors. Once you know how the tech works, you can understand how it can be vulnerable to various attack types.

Until next time, stay safe out there.

 

Panda Security

WhatsApp Trendy Blue, the program which signs you up to a premium rate. Watch out!

One more, there have been so many, we’ve lost track! WhatsApp Trendy Blue is the last hoax to deceive the users of this instant messaging application.

whatsapp trendy blue

WhatsApp Trendy Blue, the new “version” that promises new options to customize the users’ WhatsApp. In fact, it is only subscribing the user to a premium rate service, which it is not exactly cheap.

From Movistar, a Spanish telephone company, they warn that for the program to work, it asks the user to invite at least 10 contacts, who will receive a message recommending them to sign up for this fraudulent website.

So please, don’t fall for these traps, only trust the versions offered by the official stores!

The post WhatsApp Trendy Blue, the program which signs you up to a premium rate. Watch out! appeared first on MediaCenter Panda Security.

AVG

US blames China for massive data breach

The OPM is responsible for human resources for the federal government which means they are the collectors and holders of personal data on all federal employees.

Law enforcement sources close to the breach stated that a “foreign entity or government”  possibly Chinese was believed to be behind the attack, according to an article published in The Guardian.

It should be noted that the Chinese government stated that it was ‘not responsible’ and this conclusion was ‘counterproductive’.

The OPM carries out background checks on employees and holds data dating back to 1985. A successful attacker could gain access to records of past and present employees, with data that could even refer to retired employees and what they are doing now.

Regardless of whether you believe the continual finger pointing by one government at another, there are real people that are effected and protecting them and their identity should be the priority.

Alarmingly, an official said to Reuters that “Access to data from OPM’s computers, such as birth dates, Social Security numbers and bank information, could help hackers test potential passwords to other sites, including those with information about weapons systems”.

 

How to stay safe

While those of us who do not work for the government won’t have been affected by this breach, what can we do to protect ourselves identity theft?

  • Ensure your online accounts are not using the email address and a password that could be guessed from personal information, if you are then change the password.
  • Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
  • Spammers may send emails that look like they are coming from valid sources. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact the sending organization directly to ensure it’s an official communication.
  • Avoid using the same email address or identity across multiple online accounts. For example, have a primarily email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.
  • Avoid Cold Calls: If you don’t know the person calling then do not hand over payment or personal details. If in doubt, hang up and call the organization directly to establish you are talking to legitimate operators.
  • Set privacy Settings: Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.
  • Destroy documents: Make sure you shred documents before disposing of them as they can contain a lot of personal information.
  • Check statements and correspondence: Receipts for transactions that you don’t recognize could show up in your mail.
  • Use strong passwords and two factor authentication: See my previous blog post on this, complex passwords can be remembered simply!
  • Check that sites are secure: When you are sending personal data online, check that the site is secure – there should be a padlock in the address or status bar or the address should have a ‘https’ at the start. The ‘s’ stands for secure.
  • Updated security software: Always have updated antivirus software as it will block access to many phishing sites that will ask you for your personal data.

 

Also consider enlisting an identity monitoring service, commercial companies that have been breached often offer this reactively to the victims. Understanding where or if your identity is being abused in real time will give you the ability to manage issues as they happen.

AVG

Three reasons to be excited about: Windows 10

Cortana

Voice recognition has been a major area of development across the industry in the last few years and Microsoft look to continue that momentum with further integration of its voice activated assistant Cortana.

In Windows 10, Cortana will be your go to assistant for finding files and information both on your device and online. The smart technology also allows you to use real language to find what you are looking for or complete tasks.

In this demo video, Cortana is asked to “call Mikey” and understands that it needs to open Skype, search Mikey in the contacts list and place the call. Pretty neat.

Video

Cortana in Windows 10

 

It’s not hard to imagine how this implementation of Cortana edges us closer to an interactive, responsive and voice activated operating system that intelligently understands our needs.

 

Project Spartan browser

For those of us not quite ready to make the leap to a voice activated web experience, there is still plenty to be excited about, not least the Project Spartan Browser.

Project Spartan is a brand new browser been built from the ground up with speed and performance in mind. Optimized for the rich media environment of the modern web,  the new browser could very well be a must have for surf addicts.

Check out this video from The Verge.

Video

Project Spartan

 

Universal Windows Apps

One of the most exciting pieces of news is that Microsoft have unveiled ‘Windows Universal apps’. The idea being that any app purchased through the store will work across every Windows 10 device, from phone, to tablet and PC.

Windows 10

This is not only incredibly convenient for users, it also helps greatly from a security point of view. The centralized app stores operated by Google and Apple for their mobile devices have made a huge difference to the amount of pirated and malicious software available.

The traditional, PC, software market was essentially a free for all with no authority acting as quality control. The shift towards one central app store, will help Microsoft to curb the malware so often distributed online.

 

AVG

Could hackers use your GoPro to spy on you?

It turns out that baby monitors are not the only weak point in our digitally connected homes. Earlier this week, security researchers Pen Test Partners warned that Internet enabled GoPro Cameras were vulnerable to hijacking.

As reported on the BBC, the researchers gained access to a GoPro Hero4 camera, even though it appeared off, and could see and hear through the device, as well as delete videos stored on it.

According to the report, the attacker could “wake” the device, turn off its recording lights, and then video-stream what the device could see to his own mobile phone.”

According to a GoPro statement, the issue is not an issue of security but rather of poor password choices by their users. “We follow the industry-standard security protocol called WPA2-PSK (pre-shared key) mode…. We require our customers to create a password 8-16 characters in length; it’s their choice to decide how complex they want it to be.”

Clearly, this is a potentially harmful risk to privacy and security, so the first and most important thing that you should do if concerned by this attack is create strong passwords.

The following infographic has three simple steps that you can take to help create a strong password that will help keep your devices and personal data safe.