Don’t let your device catch something more than a Pokémon. Use appropriate security measures, and above all, common sense!
Tag Archives: Panda Security
“Click†without Risk with Panda Safe Web
The latest version of Panda Safe Web offers us new features that are essential for navigating the internet safely. Maximize your web browser now without risking your security!
Five Myths about Mobile Phone Security
Most of us carry a mobile phone with us at all times. It has become an essential part of our lives, both in our personal and professional day-to-day. Nevertheless, there are many false conceptions that accompany the security of our business smartphones and tablets.
Every business should have clear ideas before planning their cybersecurity strategy. Often, we overestimate or underestimate the risks that are associated with these kind of devices. No misunderstandings, no myths, this is what you need to know:
Official app stores are 100% secure
It is a fact that Apple and Google take a lot of precautions and the App Store and Google Play are usually trustworthy sources for downloading applications. Nevertheless, the malicious programs or apps can also creep onto these official sites, and they appear to be harmless but they aren’t. Even if you only install your apps off of these sites, which is recommended, IT security managers should still implement a clear policy and be completely aware of what each employee is executing on the company systems.
Mobile devices have more vulnerabilities
Increasingly, news about security flaws and threats to smartphones and tablets is coming to light. It may seem that mobile devices are predisposed to more vulnerabilities than traditional devices like computers or laptops, but that’s not necessarily true. The truth is, since smartphones are extremely popular, they are the number one goal for cyber attackers. Also, the fact that our phone accompanies us everywhere we go makes them even more interesting targets for cybercriminals.
…but, mobile phones don’t need antivirus software
Although they aren’t inherently more insecure than other devices, these mobile devices have moved into the line of fire because of their extreme popularity and users need dependable IT security solutions. It is a myth that phones don’t need antivirus solutions . There are many benefits to having a good antivirus on your mobile or tablet.
BYOD is incompatible with security
Employees using their personal device at work instead of a company phone doesn’t make them less secure. If they have a good security strategy and control the apps that they install, then it is perfectly fine to combine personal and professional use. Everything depends on the IT security strategy.
You don’t have to worry about “wearables”
Watches, bracelets and other intelligent accessories are beginning to find their place in the business environment and are helping employees complete work more efficiently. Wearable device are too new to be considered and included into an IT security strategy, right? Wrong! Precisely because they are so new, many security measures are flawed and should be compensated for with IT security supervision. These “wearables” could potentially open doors for cyber-attackers instead of doing what they are meant to do: increase work productivity.
The post Five Myths about Mobile Phone Security appeared first on Panda Security Mediacenter.
How the new EU cybersecurity regulations affect businesses
The 28 countries that form the European Union will have a common cybersecurity goal beginning July 6th. The European parliament has approved a new directive in which these countries will have to change their legislation in the next 21 months.
The sectors that are listed (energy, transport, banking) will have to guarantee that they are capable of preventing cyberattacks. Also, if a serious incident related to cybersecurity does occur, the companies will have to inform the national authorities. Suppliers of digital services like Amazon or Google, are all required to facilitate this information.
The EU countries have 21 months to shift this into their legislation
The EU countries should strengthen cooperation in this area by designating one or more national authorities to the cybersecurity workload and strategize how to fight IT threats.
The EU’s approved directive establishes obligations for “basic service operators” (most of all in sectors that are already cited), and each country will have six months to transition their national legislation to the new EU rules.
Each country will have six months to transition their national legislation to the new rules.
Some businesses in the digital economy (e-commerce pages, search engines, cloud services) will also have to adopt measures in order to guarantee their infrastructure security. They will have to notify the authorities of any unusual incidents but micro and small businesses will be exempt from this rule.
We have already seen that this approval has come at a delicate moment in cyber-history. The European Union calculates that the cost of cyberattacks on businesses and citizens can be between 260,000 and 340,000 millions of Euros. According to a survey by Eurobarometro, 85% of internet users are concerned by the increasing risk of cybercrime attacks.
In this context, the goal of this directive is to boost trust between EU countries, sync security in the networks and IT systems, and overall, create an environment where information can be exchanged in order to prevent attacks, or at least communicate if a security incident occurs.
The post How the new EU cybersecurity regulations affect businesses appeared first on Panda Security Mediacenter.
Control Access to Your Mobile Apps This Summer
Smartphones and mobile devices have become the greatest additions to the continuously booming technological industry, and our lives. If we leave our phones at home, we go back for them. We can’t wait for appointments without swiping through photos on our phones, we cook from recipes downloaded onto our tablets, and it is inconceivable to think of going to the gym without plugging-in a set of earbuds, draining our mobile data plans as we stream our favorite songs.
According to an annual mobile marketing study by IAB, 9 out of every 10 internet users have a Smartphone. 43% of users prefer to use their tablets.
It is easier to connect than ever with the outbreak of technological advances and innovations. We don’t have to worry about where we can connect to the internet and when; we can retweet current events, chat on Whatsapp, or even share a photo on Instagram wherever and whenever we want. What we should worry about is this: how can we do this securely?
Don’t let your guard down. Control those apps!
Social media permanently sits in the favorites bar as these sites continue to be the top visited. Just imagine all of the information these social media sites gather…how very frightening it is to think about the amount of information that exists about us online. Sometimes we are conscience of the personal information they take, but most of the time, we aren’t.
It is time to take a step in the right direction. Do you want to have complete control over who can access your apps? Do you want to prevent prying eyes from peeking at your personal information? Secure your privacy with the latest version of Panda Mobile Security with the newest addition to the Panda Mobile Security family, App Lock: Panda’s application control feature.
Do not hesitate! Download it with our summer promotion and test all the benefits at zero cost!
Application control allows you to block access to your apps using a PIN code. You will be able to block access to your private information. With this feature, you can:
Protect your privacy. Block unauthorized access to all of your apps, from messaging services or social networks (email, Facebook, Twitter, Whatsapp, Skype, Instagram, LinkedIn), to bank apps. If you use messaging services like Whatsapp you already know how important encryption is; End-to-end encryption makes sure your messages travel from point-A to point-B and prevents attackers from reading your messages.
App control, limits the little ones from accessing certain apps or games. Knowing that the little ones only use the safest apps is a parent’s biggest priority. With the newest version of Panda Mobile Security, the user can create a PIN to set the Apps they want to block or unblock. In case the user forgets their PIN, they can create a new one on their Panda account.
What are you waiting for? Try this new feature and take advantage of our summer promo. Enjoy your vacation knowing you are protected! Use the activation code and enjoy a 30-day trial of our PRO system for free. Just type in the code: PROMOMS
Secure your apps and have fun in the sun!
The post Control Access to Your Mobile Apps This Summer appeared first on Panda Security Mediacenter.
Tales from Ransomwhere
Last week, Pandalabs received a question about a specific family of ransomware that was using PowerShell, a Microsoft tool that is included in Windows 10 and that has been abused by cybercriminals for some time. We get these questions every now and then, we find those questions amusing as we consider ourselves the best ones stopping ransomware attacks. But to be honest I must admit we do not write that much about it as we should, we don’t share all our findings with the community, which is why we have decided to do it on a regular basis from now on in this “Tales of Ransomwhere” series.
it comes via a phishing email that has a Word document attached
The specific ransomware we were asked about sounded like old news to us, and in fact, our colleagues from Carbon Black wrote about it back in March. The attack flow is easy to follow: it comes via a phishing email that has a Word document attached. Once opened, a macro in the document will run cmd.exe to execute PowerShell, first to download a script from the Internet, and then will run PowerShell again using that downloaded script as input to perform the ransomware tasks.
This Powerware, as named by Carbon Black, is yet another ransomware of the thousands we see. We were blocking it even before we were aware of this particular family (as in 99.99% of the cases, did I already mention we are the best ones in the world stopping ransomware attacks?) although I have to admit that for some security companies this particular family is a bigger challenger than the rest. Why is that? Well, a number of these “Next Generation AVs” or whatever they call themselves, rely a lot on signatures (wait, weren’t they the ones that claim they do not use signatures?!?!) and at the same time their presence is stronger at the perimeter than at the endpoint. And as you can imagine, blocking Word documents at the perimeter is not really convenient. Once they have infected some customers they can add signatures and protect the rest (like blocking IPs where the script is being downloaded from) although the lack of a malware executable being downloaded from the Internet is a nightmare for them.
At the end of the day ransomware is a hell of a business for cybercriminals, and as such they invest a lot of resources into finding new ways to stay undetected by all kind of security solutions, being this Powerware just one example. The general behavior doesn’t change, but there are always subtle changes at least every week. These changes can apply to the ransomware itself (how it performs its actions) or the delivery (using new exploits, changing known exploits, changing the payload of the exploits, etc.)
A good example of new delivery methods is one we have seen recently: after exploiting Internet Explorer, it is executed CMD using the “echo” feature to create a script. Then a number of Windows files are executed in order to perform all actions to avoid detection of suspicious behavior by security solutions. The script is run by wscript, and it downloads a dll, then it uses CMD to run regsvr32, that will execute the dll (using rundll32). In most cases that DLL is a ransomware, so far we have blocked +500 infection attempts using this new trick.
so far we have blocked +500 infection attempts using this new trick
We haven’t looked at the exploit used (we really don’t care a lot as long as we are blocking it) but given the timeframe where this infection attempts have shown up (first on June 27th) it happened when AnglerEK had already disappeared, so probably attackers are using either Neutrino or Magnitude.
Every time we see something new like this, someone ends up publishing information about it a month later, so I am afraid we may have screwed up someone’s research, or at least it won’t look that new. To make up for it I have listed all the MD5s of the DLLs we have captured in the wild in those +500 infection attempts:
00d3a3cb7d003af0f52931f192998508
09fc4f2a6c05b3ab376fb310687099ce
1c0157ee4b861fc5887066dfc73fc3d7
1cda5e5de6518f68bf98dfcca04d1349
1db843ac14739bc2a3c91f652299538c
2c5550778d44df9a888382f32c519fe9
2dcb1a7b095124fa73a1a4bb9c2d5cb6
2f2ca33e04b5ac622a223d63a97192d2
38fb46845c2c135e2ccb41a199adbc2a
3ac5e4ca28f8a29c3d3234a034478766
4cb6c65f56eb4f6ddaebb4efc17a2227
562bf2f632f2662d144aad4dafc8e316
63dafdf41b6ff02267b62678829a44bb
67661eb72256b8f36deac4d9c0937f81
6dbc10dfa1ce3fb2ba8815a6a2fa0688
70e3abaf6175c470b384e7fd66f4ce39
783997157aee40be5674486a90ce09f2
7981aab439e80b89a461d6bf67582401
821b409d6b6838d0e78158b1e57f8e8c
96371a3f192729fd099ff9ba61950d4b
9d3bf048edacf14548a9b899812a2e41
a04081186912355b61f79a35a8f14356
a1aa1180390c98ba8dd72fa87ba43fd4
a68723bcb192e96db984b7c9eba9e2c1
abb71d93b8e0ff93e3d14a1a7b90cfbf
b1ac0c1064d9ca0881fd82f8e50bd3cb
b34f75716613b5c498b818db4881360e
b6e3feed51b61d147b8679bbd19038f4
bbf33b3074c1f3cf43a24d053e071bc5
cba169ffd1b92331cf5b8592c8ebcd6a
d4fee4a9d046e13d15a7fc00eea78222
d634ca7c73614d17d8a56e484a09e3b5
de15828ccbb7d3c81b3d768db2dec419
df92499518c0594a0f59b07fc4da697e
dfd9ea98fb0e998ad5eb72a1a0fd2442
e5c5c1a0077a66315c3a6be79299d835
The post Tales from Ransomwhere appeared first on Panda Security Mediacenter.
Crucial Security Tips for a Stress-Free Vacation
Vacation time is just around the corner. It probably bums you thinking that you’ll need to stay connected during your break (checking emails, going over urgent documents, responding to coworkers…) but the good news is you can probably do it with your toes in the sand!
Disconnecting our minds is, on our minds. With the sun and the sand, it is easy to forget cybercriminals and the problems they bring, but we can’t let our guards down. Cybercriminals never go on vacation. On the contrary, we need to take into account the risks that are especially critical during this part of the year.
What security issues are important during the summertime
These days it is very common to wait for long amounts of time in airports, stations, cafes… but while you’re sipping your coffee, make sure you are careful with public Wi-Fi networks. Only connect to official Wi-Fi networks. Networks that ask you for private information give cybercriminals a Golden opportunity to access your personal data (they can even use this as a way to hijack your device). With public Wi-Fi networks, the risks are high and we must take extreme precautions.
We all enjoy snapping and uploading photos, and giving our friends the opportunity to live vicariously through our vacations while we enjoy a refreshing drink at a beachside restaurant. That is all fun and well as long as you don’t overshare. That information, combined with your public profile, could be very useful for someone who knows where you live, and that your house is empty.
It is not enough to be discreet about what you publish on social media, you also have to take precaution and disconnect the GPS in your mobile devices to prevent one of your favorite applications from betraying you and publicizing your coordinates.
If you decide to take you laptop or smartphone on vacation, don’t forget to make a back-up of everything and leave it at home. Not only can your device be stolen while you are on vacation, but you never know when you may lose it or have an unfortunate accident.
Before a big trip, many people like to download apps that will keep them occupied while they are traveling. Make sure you always download the apps from official stores! Although this is not malware-free guaranteed, Google Play and the Apple Store have security measures that make it quite difficult for malicious programs to be distributed.
Never respond to emails that ask you for bank account information. Although it is common to book hotels or buy plane tickets online, banks should never ask you for your personal information by email. Cyber delinquents use job titles and content in these alarming emails to get the response they want from you: your bank account details.
Your web browser would not alert you with those annoying messages if you were in fact surfing a secure website. Take your time, pay attention, and follow this tip!
When you click shortened links with bit.ly without looking at the website it’s taking you to, you are making a big mistake. The well-known ow.ly from Hootsuite or goo.gl from Google are both very commonly used, but they are much more dangerous than we think, like we have said on previous occasions. This summer, while you are on social media, keep this in mind and only click on secure links.
Take every security measure before you go on your vacation.If you plan on copying or sharing anything from a USB device to a computer, first scan your USB with an antivirus. Danger does not only exist on the net, it can also exist on hardware. A USB stick could be contagious.
Entrusting in a good antivirus, is the best barrier that you could put between your computer and cybercriminals. Remember: everyday 227,000 new threats are detected. We should never let our guard down, not even on vacation.
Have a fun and safe summer break!
The post Crucial Security Tips for a Stress-Free Vacation appeared first on Panda Security Mediacenter.
“Android-specific ransomware and mobile banking Trojans are issued around the worldâ€- Paul Chung
If there is something that stands out from my +17 years in the security field, it is the bright people I’ve met from all over the globe, that protect users from the cyber-attacks threatening us every day. In this new section, I am going to interview people from different parts of the world, who will tell us about their experiences and perspectives in the security environment.
For my first interview, I’d like to present you to Paul Chung. Paul is from South Korea and his Korean name is 정택준. He works at AhnLab as a Security Evangelist in the Next Tech & Strategy Division.
1.- How did you get involved in security?
Actually, I was trying to get out of the computer science field when I was at school. I was confused at the time and I decided to join the Navy for a change. I was assigned CERT in Central Computing Center, where I managed network and security systems. I’ve been fascinated with security since then.
2.- Tell us a bit about your career at AhnLab.
When I was in the Navy, I learned about the network threats, but I was always curious about the file based threats. That is why I joined ASEC (AhnLab Security Emergency Response Center) at AhnLab. I’ve worked as a malware researcher for eight years and now I’m working on preparing our company for the future. I am learning about new technologies which we could adopt and what kind of new infrastructure we need.
3.- South Korea is the country with the highest Internet speed in the world, and among other things it is known for its gamer community. Do you have specific threats targeting gamers in your country?
Korea has a multi-billion dollar game industry, which is fifth in the world, and over 80% of them are online games. Because of the geological location and ‘Korean Wave’ in Asia, a lot of Korean games are distributed to nearby countries. I think that this is tempting for attackers. Not only to target Korean gamers, but everyone has who played that particular game. That is why we see a lot of online game hacks related malwares. Most of the malwares tries to steal the gamer’s credentials and some of the ransomware encrypts game related files and demands money to decrypt it.
Smishing, or SMS phishing, attacks are very popular in Korea.
4.- South Korea is also the country in the world with the highest smartphone ownership. Are there cyber-crime gangs specifically targeting South Korean smartphone users, or do you get the same kind of threats as the rest of the world?
According to one of the researchers (Pew Research Center) in 2015, 88% of Korea’s population owns a smartphone. From my point of view, android-specific ransomware and mobile banking Trojans are issued around the world. In Korea, Smishing (SMS phishing) attacks are very popular and mobile banking Trojans are on the rise.
5.- As a highly developed and technological country, South Korea has already suffered cyberattacks coming from other nations. Some countries have been already created commands that focus on cyber-defense of critical assets for the country, such as the United States Cyber Command. Are there similar initiatives in South Korea?
We do have an Armed Forces Cyber Command which is subordinate to the Ministry of Defense. Also, we have a National Cyber Security Center which is run by National Intelligence Service. Both of them grown large to defend cyber-attacks from the Strategy Cyber Command which is made by Kim Jung-un from the North.
But when it comes to security, one or two organization is not enough. As a security company we also work with our government to defend such an attack.
6.- Currently, what is the most desirable sector for cyber-delinquents? How do you think security in this sector has evolved?
I think what they are most interested in is money. So a lot of malware you see these days are related to ransomware or online banking. I think they are also interested in SCADA and ICS systems. We will see more of these attacks too.
A lot of industries are preparing for the attacks which we have seen already. But there are more to come. I think we need to cooperate with each other more than ever. Not just security companies but also with the government and other related industries. There is a lot of data out there, which we are missing. If we could gather meaningful data and share it, I think we will have a good chance to secure the net.
7.- What do you foresee in the next 5 years? What threats will we have to face? How is the security industry going to be like in the next decade?
This is a hard question for me. Because, who knows what will happen in the future? Though, I might have few things to forecast.
Threats aimed at IoT devices and connected cars will be the trend in the future.
I think we will see more threats on IoT devices and Connected Cars. IoT devices are very vulnerable when it comes to security, like everybody knows. Also, cars are evolving fast. From the Gartner report, in 2020, 250 million cars will be connected to the network. And from BI Intelligence, the market will grow into a 123 billion dollar industry by that time.
As the environment changes, threats will change too. As a security company, we need to carefully look at where the changes are being made and research how we could defend it. But it won’t be done by one man or a company, we all need to work together to figure it out.
Now that we understand how important cybersecurity is for our everyday lives, don’t hesitate any longer! Boost your business with advanced cybersecurity solutions that allow you to manage, control and protect your business’s entire IT park.
The post “Android-specific ransomware and mobile banking Trojans are issued around the world”- Paul Chung appeared first on Panda Security Mediacenter.
Reselling Business and Home User Information
It is important to protect businesses against threats that lurk in the cyberworld. The threats may seem innocent at first, but usually, those are the ones that cause the most damage. Reselling your hard drive, for example, may seem like a simple task, but it could actually open the door for cyber delinquents.
A recent investigation found that, out of 200 hard drives bought off of second-hand websites like eBay or Craigslist, more than 2/3 still contained highly sensitive information from the previous owner. A good amount (11%) stored private data from businesses.
Some of the gems that the investigators were able to rescue from the storage devices included social security number, CVs, corporate emails (9%), CRM records (1%), spreadsheets with projected sales or inventories (5%). Imagine what an ill-intentioned hacker could do with this lot of private information.
Formatting: The Bare Minimum
The scariest part of it all is that most owners believe their hard drives were wiped clean before putting them for sale online. Two out of every five devices (36%) indicated that the content was cleared from the system, by means of the Recycling Bin (which is really just another extra folder) or by the delete button.
The Recycling Bin is really just another extra folder on the computer.
Not one of these elimination techniques are affective enough to completely get rid of all information on hard drives. With the right know-how, it could actually be quite easy to securely and permanently recuperate the previously deleted data. If you format the device multiple times, the information could be completely overwritten. Nevertheless, there is only one way to be completely certain the hard drive’s content has completely disappeared: destroy it.
If you plan on recycling, reusing or reselling your machines, “attempting” to delete their contents is not an option. In the majority of the tested hard drives, the owners did not even take the first step towards security. Only 10% of the investigated hard drives went through an erasure process, such as formatting in various steps.
The post Reselling Business and Home User Information appeared first on Panda Security Mediacenter.
Social Media, Ranked as One of the Top Threats Aimed at Companies
Long ago, the term “goods” referred to necessities like wheat, milk, sugar, and petroleum, but our necessities have changed. Now “goods” can refer to broad band or smartphones or computers or–cybercrime?
As seen in the RSA’s report about the Current State of Cybercrime, experts confirm what we already know: malware and the tools cybercriminals use are evolving. Although malware comes from different places, they have identical capabilities and continue to procreate. The amount of stolen information continues to grow, and cybercriminals are capitalizing on it. The stolen information acquired by cybercriminals has joined the other goods available in our competitive market.
The internet and its on-growing innovations keep us adapting. Next time you buy gourmet-pasta-on-a-Tuesday-and-eat-it-on-a-Wednesday, remember that cybercriminals could be capitalizing on the private information you divulge for such”conveniences”. While you are checking your email, they may be stealing and selling your log-in information for your email accounts, social media sites, and favorite online shops. Even very detailed information like medical histories from hospital patients are highly demanded and can be bought online, in bulk.
Every kind of personal information is online and has diverse buyers and sellers
But cybercriminals aren’t stooping to the deep-dark-web anymore, now they use public and open communication channels, like social media sites, for these illegal sales transactions. In fact, results from the six-month long study show that the RSA discovered more than 500 groups dedicated to fraud on social media, with an estimated 220,000 total members, and more than 60% (133,000 members), found each other on Facebook.
Financial information circulates within these online communities, including credit card information with access codes and authorization numbers, tutorials for how to perform a cyberattack, malware tools, and even zoomed-in conversations that teach users how to move money without being detected.
It is important for businesses to set aside sufficient resources to detect threats, attacks and frauds that now exist on multiple channels (Windows, Android, iOS, Mac, etc.). Since the variants can multiply and tailor themselves to the malware, prevention and protection efforts should also increase.
The post Social Media, Ranked as One of the Top Threats Aimed at Companies appeared first on Panda Security Mediacenter.