TweakTown NewsRefine News by Category:
The CoinValut ransomware victimizes businesses, encrypting critical work files - but there is an added twist with this particular piece of software. The criminals provide one free decrypt, providing access to a file, trying to provide additional faith in victims.
CoinVault uses 256-bit AES encryption, and the decryption keys are stored on remote servers - and Windows files cannot be recovered unless the bitcoin payment is submitted to cybercriminals. Victims are ordered to pay 0.5 bitcoins, around $200 at current market prices, with the price increasing every 24 hours.
Ransomware attacks typically rely on employees falling prey to social engineering techniques, designed to trick users into clicking suspicious links or downloading unknown files.
The future of passwords could be under pressure if Intel-owned McAfee can develop new biometric authentication technology that can be supported. The average user has around 18 passwords, so using some type of biometrics would be able to help reduce that chaos.
"Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again," said Kirk Skaugen, Intel SVP and GM of the PC Client Group.
Despite passwords being under threat to be eliminated - for several years now - it still remains the most common security procedure for email, online banking, and other user accounts. However, passwords paired with other security procedures prove to be significantly more secure, though consumers are still waiting to learn more before abandoning all of their passwords.
Since 2013, there have been more than 25 successful cyberattacks against US government networks, and many federal agencies still haven't prioritized cybersecurity efforts. As China, Russia, Iran, and other foreign governments continue to launch attacks, IT experts believe governments should make a bigger effort to boost network protocols.
Internal inspectors have found numerous security vulnerabilities in different government agencies, and the US federal government still is lackadaisical in improving security. It's ironic that the Obama Administration has streamlined malware creation - and cyberwarfare development to attack foreign rivals - but has been slow to improve its own security.
"It would be wrong to suspect that the federal government is any better at this than the private sector," said Paul Rosenzweig, visiting fellow at the Heritage Foundation and former Department of Homeland Security (DHS) policy aide.
Sony Pictures Entertainment was forced to warn employees not to access corporate networks or check their email, because the company is under cyberattack and being blackmailed to prevent "secrets" from being released. It's unknown what information, if any, the hackers were able to steal from the Sony network.
An image that says SPE was "Hacked by #GOP" was published on the company's computers - and issued the following message: "Warning: We've already warned you, and this is just the beginning... We have obtained all your internal data including secrets and top secrets."
"Sony deserves praise for going offline while they figure out what is happening rather than allow further damage," said Hemanshu Nigam, Internet cybersecurity expert. "Hackers are always-on the hunt for holes in a network, which can happen when a system isn't updated properly or a feature change is made. It is critical for companies to conduct self-hacking exercises on a continuous basis to find and patch these vulnerabilities before the hackers find them."
The 2014 Christmas shopping season will see a 4.1 percent increase in sales, up to $616.9 billion, and cybercriminals will be busy trying to find new ways to target retailers and shoppers. Since many smartphone and tablet owners don't bother anti-malware software, while some don't even password-protect their devices, there is an effort to hijack mobile technologies.
"Cybercriminals follow the flow of money, and this Thanksgiving, a very high number of transactions will take place through mobile channels," said Alisdair Faulkner, ThreatMetrix chief products officer. "Unfortunately, it can be difficult for retailers to use IP geo-location data to ensure mobile transactions are authentic. Instead, retailers should try to leverage trust intelligence networks to recognize customers with good mobile purchasing history, and complement this with finer grained authentication intelligence available with a native mobile application."
However, a more realistic approach will involve cybercriminals compromising retailers - especially as more consumers keep debit and credit card data stored with their favorite stores - as network security is still often overlooked.
The sophisticated Regin stealth malware, which has been in operation since at least 2008, was likely created by the US and UK governments to spy on other governments and businesses. Specifically, the NSA and GCHQ most likely spearheaded the project, with the malware's first target against the European Union (EU).
"Having analyzed this malware and look at the [previously published] Snowden documents," said Ronald Prins, security expert. "I'm convinced Regin is used by British and American intelligence services."
Russia was the most heavily infected nation, racking up 28 percent of Regin's wrath, while 24 percent was in Saudi Arabia, Ireland (9 percent), Belgium (5 percent), and Austria (5 percent) rounded out the list of most infected nations.
At a time when cybercrime has been pushed into mainstream media due to a large number of data breaches in 2014, victims of identity theft suffer from a financial and emotional toll that is potentially devastating. When a significant data breach occurs, consumers need to be increasingly vigilant of their bank accounts and personal information, to ensure they don't become a potential identity theft or fraud victim.
"When something is an ever-present part of your life, it can lead to feelings of depression," said Eva Velasquez, President and CEO of the Identity Theft Resource Center (ITRC). "You feel that there's no way out and no end to it. We've heard from victims who actually compare this to having a disease where they feel that their identity theft issues are in remission, but they're never fully cured."
Identity theft victims suffer from emotional and behavioral effects, according to a recent ITRC survey, with 70 percent of victims saying they are worried about personal financial security. Around 50 percent felt helplessness and betrayal, while 65 percent were angry.
Smartphone and tablet owners are facing an increased security threat, as criminals target their devices, with one in six global smartphone owners suffering a cyberattack. Even with the increased number of threats faced, many devices still don't have any type of anti-virus and anti-malware software installed. A tremendous amount of data is now being kept on mobile devices, especially as users log into mobile banking and email accounts, and malware is being designed to target this data.
"The rapid rise in demand for online banking and retail combined with very little security on devices has created a massive opportunity for cybercriminals leaving many people and businesses extremely vulnerable," said Ori Eisen, 41st Parameter founder.
At the very least, consumers should install some form of anti-malware protection on their smartphone or tablet. Ensuring these products are also password-protected is an important step to help keep out some criminals, along with being careful on clicking suspicious links and downloading apps from unknown sources.
As companies and governments struggle to reduce the threat of cybercrime, it seems the criminals behind these attacks are only becoming even more organized. The threats have evolved from 1990s and 2000s, while groups realized the revenue they would be able to generate from their activities. Trying to identify and arrest criminals launching attacks over the Internet remains extremely difficult, with multiple governments potentially involved in a single investigation, cybersecurity researchers warn.
"One of the biggest challenges is to figure out who has jurisdiction," said Larry Bridwell, a global security specialist, in a recent interview with ConsumerAffairs. "A US consumer might have their credit card stolen from a server in Canada, controlled by a hacker in Eastern Europe."
The Chinese and Russian governments are largely blamed for funding state-sponsored groups, but the actual criminals involved can be found around the world - the United States, Eastern Europe, South America and Asia are popular locations for large amounts of cybercriminals.
Numerous data breaches throughout 2014 forced American consumers to be more vigilant and proactive of their own personal accounts. As shoppers head online and into local stores to purchase Christmas gifts, more security experts are providing a friendly reminder to look after their own financial safety.
A recent survey found 55 percent of shoppers will head to a local store or mall to purchase items, while 36 percent will be searching for and purchasing gifts online. Specifically, 55 percent of consumers will use their credit cards, and 24 percent will use debit cards, checks, mobile payments, and other forms of payments to make purchases.
"Unfortunately, the threat of fraud is a reality, but it doesn't mean you're helpless," said Phil Hatfield, Capital One Vice President of Fraud. "Ensuring that you're monitoring your accounts and getting alerts to make you aware of unauthorized activity are simple steps and things you should do year-round and especially during the hectic holiday shopping season."