Mobile Ransomware Has Mushroomed

2016.07.11 01

The number of mobile ransomware victims across the globe has increased fourfold compared to a year ago, suggests a Kaspersky Lab report released last week.

Kaspersky software protected 136,532 users targeted by ransomware from April 2015 to March 2016 — up from 35,413 in the year-ago period, the company said.

“The growth curve may be less than that seen for PC ransomware, but it is still significant enough to confirm a worrying trend,” the report notes.

It identifies several factors contributing to the growth of ransomware in general:

  • First, people are willing to pay the ransoms.
  • Second, the value of the information stored on digital devices is so high now that paying a ransom to recover it is more cost-effective than not paying the ransom.
  • Third, law enforcement is having difficulty responding to the problem.
  • Fourth, new payment tools make it easier for extortionists to collect ransoms.

Mobile Ransomware Has Mushroomed

Study: Third-Party Apps Pose Risks for Enterprises

2016.06.23 01

Since mobile computing put an end to the good old days when IT departments had absolute control over software deployed in the enterprise, there’s been a rise in employees’ use of third-party applications — a rise that poses security risks to corporate environments.

That is one of the findings in a report CloudLock released last week.

The number of third-party apps connected to corporate environments increased by 30 fold over the last two years, the firm reported, from 5,500 to 150,000 apps.

CloudLock ranked more than a quarter of the apps found in business environments (27 percent) as “high risk,” which means they were more likely than other apps to open pathways into an organization for cybercriminals.

Study: Third-Party Apps Pose Risks for Enterprises

You Can Only Disable Defender In Windows 10 Home By Installing Another Antivirus

2016.06.17 01

Windows Defender isn’t the best antivirus software (even Microsoft admits its first-party solutions aren’t ideal), but it’s enabled by default on Windows 10 Home. In fact, the only way to disable it is to install something else.

In a strange turn of events, Microsoft has made its Windows Defender feature a permanent fixture of Windows 10. You can temporarily disable it, as you see in the screenshot above, but you can’t turn it off permanently. If it stays off for too long, Windows will turn it back on.

The one caveat to this rule, as pointed out by tips site MakeUseOf, is to install third-party antivirus software.

You Can Only Disable Defender In Windows 10 Home By Installing Another Antivirus

Twitter Users Snared in Dark Web’s Brisk Password Trade

2016.06.13 02

Data stolen from more than 32 million Twitter users has been offered for sale on the dark web for 10 bitcoin, or around US$5,800, LeakedSource reported Wednesday. LeakedSource has added the account and email information to its searchable repository of compromised credentials.

The data set came from someone called “Tessa88@exploit.im,” who has been connected to other large collections of compromised data, including the credentials for 425 million MySpace accounts. The Twitter information consists of 32,888,300 records, LeakedSource said, with each record containing such information as email addresses, usernames and passwords.

The information likely came from compromised user systems rather than from a breach of Twitter’s systems, according to LeakedSource.

The hackers were able to infect tens of millions of users’ systems with malware that collected saved username and password information from browsers like Chrome and Firefox, the firm explained.

Twitter Users Snared in Dark Web’s Brisk Password Trade

Microsoft Tightens Screws on Terrorists Posting Online

2016.05.31 02

Microsoft last week announced plans to crack down on terrorist content, perhaps in response to the Obama administration’s intense effort to get Silicon Valley’s help in preventing organizations like ISIS from using social media as a recruiting and fundraising tool.

Microsoft has amended its terms of use to prohibit the posting of terrorist content on its various platforms, extending the existing prohibition on hate speech and advocacy of violence against others. The company categorized terrorist content as material posted by or in support of any organizations in the Consolidated United National Security Council Sanctions list, which includes groups the UN Security Council considers terrorist organizations.

The prohibition specifically deals with content that depicts graphic violence, encourages violent action, endorses a terrorist group or its acts, or encourages people to join such groups, according to Microsoft.

Microsoft Tightens Screws on Terrorists Posting Online

Google’s Abacus May Count Out Passwords

2016.05.31 01

By the end of the year, Android devs will be able to use a trust API from Google’s Project Abacus in their apps, Google ATAP Director Dan Kaufman suggested at last week’s I/O conference.

The API, which will run in the background continually, is aimed at doing away with passwords.

It will use a smartphone’s sensors to check users’ current locations, typing patterns and voice patterns, as well as for facial recognition. It will create a cumulative trust score that will authenticate users so they can unlock their devices or sign into applications.

Google’s Abacus May Count Out Passwords

Flaw Puts a Billion Wireless Mice at Risk

2016.05.23 02

Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories — especially untethered rodents — also can create new threats for those who use them.

One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice. With US$15 worth of off-the-shelf hardware and a few lines of simple code, a wireless mouse can be turned into a hacker’s portal for all kinds of mischief.

Mousejack — the name Bastille, which discovered the flaw last year, gave to the vulnerability — impacts more than a billion wireless mice worldwide, the company’s chief revenue officer, Ivan O’Sullivan, said.

One of Bastille’s engineers, Marc Newlin, discovered the vulnerability in non-Bluetooth wireless mice. The flaw in the mice is related to how the devices handle encryption.

“When evaluating these devices, it became apparent that they do not implement encryption in a correct way and make it possible to bypass encryption in certain situations,” he told TechNewsWorld.

Speed Typing

That allows an attacker to forge and transmit wireless packets to the USB dongle of a target’s mouse and use that to inject keystrokes into that target’s computer.

“Taking advantage of that, an attacker from 225 meters away [246 yards] can type on a target’s computer,” Newlin said.

Typing is a relative term here. The keystrokes sent to the dongle could be automated, which means a hacker could type as fast as 1,000 words a minute.

“You could very quickly execute an attack,” Newlin said. “You could bring up a command window, type some commands, download some malware, and close the window all in a matter of seconds.”

“If a victim’s attention is elsewhere for a short period of time, an attack can be executed without their knowledge,” he added.

Flaw Puts a Billion Wireless Mice at Risk

New Attack Technique Hides Spread of RATs in Asia

2016.04.27 01SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn’t touch the victim’s computer disk in an unencrypted state.

Attackers remain hidden from antivirus technologies and next-generation technologies that focus only on file-based threats, according to SentinelOne.

The samples analyzed also can detect the presence of a virtual machine, preventing them from being analyzed in a network sandbox.

Remote access Trojans, or RATs, aren’t new but the technique is, said Joseph Landry, senior security researcher at SentinelOne.

“We expect to see an increase in fileless-based attacks that execute in memory to avoid detection,” he told TechNewsWorld.

New Attack Technique Hides Spread of RATs in Asia