TweakTown NewsRefine News by Category:
The Bennington Area Chamber of Commerce recently suffered a major annoyance after needing to spend $5,000 to upgrade PCs, servers and HDDs that were crippled by the Cryptolocker ransomware.
The chamber wanted to pay the ransom but suffered a power failure, losing the connection with the Cryptolocker cybercriminals.
"We had to replace our entire computer system because of it," said Joann Erenhouse, Bennington Area Chamber of Commerce director, in a statement to local media. "Right now we are just about up and running."
Similar to other forms of malware, users are the first line of defense, but tend to be too fast to read emails and open attachments from unknown sources.
Cryptolocker is an especially tricky piece of ransomware, with infected users typically forced to pay the ransom - or restore from what hopefully was a recent backup. Almost 40 percent of affected companies choose to pay the ransom, which is typically pay $500-$750 - or face having files permanently encrypted.
In a double whammy, the Fareit Trojan targeting Microsoft Windows PCs also has been found to spread the Cribit ransomware, as security researchers transition to defend against sophisticated cyber threats.
There are two versions of Cribit in the wild - one version encrypts files on the infected PC and shows an English ransom, while the other version has messages also available in Chinese, French, Arabic and Spanish, researchers note.
"After all, cybercriminals are after one goal: to get a person's money," said Christopher Budd, Trend Micro threat communications manager, in a statement to SC Magazine. "Returning/decrypting a victim's files won't certainly be a priority or major concern for these people. Additionally, paying the ransom may encourage and help expand the operations of cybercriminals."
Cybercriminals are gladly enjoying the use of sophisticated malware to compromise devices, in an effort to steal information - and now to demand monetary payments for releasing a computer from malicious and disruptive software.
The Ethiopian national government is using foreign technology to compromise PCs and phones of political opponents, according to a recent study released by the Human Rights Watch (HWR). Not surprisingly, government officials disregarded the security report, saying it's just a smear campaign, with growing concern of government oppression.
The hardware used to carry out cyber surveillance originally stemmed from China, Italy, Germany, and the United Kingdom, the report states. To make matters worse, all phone and Internet access within the country's borders are provided through a single company, which is state-owned.
"Repressive measures aimed at restricting freedom of expression and association, as well as access to information, have increased since the controversial 2005 elections," the report states. "These measures include the harassment, arbitrary detention, and prosecution of opposition leaders, journalists, and activists."
The report also makes independent recommendations to the Ethiopian government, international companies operating in the African country, foreign national governments, and the World Bank.
Security company Avast Software today launched its GrimeFighter PC cleanup tool, designed to help boost PC performance.
GrimeFighter boots into Linux to better detect and remove problems that aren't as easily noticeable with Microsoft Windows running. The software is a standalone product available now, with the Avast website offering a free scan.
"Most PC-cleanup utilities don't really improve performance - some actually slow down PCs," said Vince Steckler, Avast CEO, in a press statement. "Since they run in Windows, they are unlikely to find problems with files and registry entries that are locked, protected, or otherwise hidden. Ironically those are the ones most often robbing users of performance and stability. With avast! GrimeFighter, we didn't want to introduce another me-too product - we wanted to eliminate the problem of slow PCs."
There are a handful of legitimate and free PC optimization tools - but AVAST is a well-known, reputable company - and GrimeFighter's ability to build a cloud-based threat intelligence database further improves dependability.
In a growing effort to defend against cyberattacks, global alliances between nations with same political influences are carving out curious battle lines.
"It is true that allies need to share military intelligence to counter threats posed by North Korea in light of its nuclear test and missile launches,"said Kim Min-seok, South Korea defense ministry spokesperson, during a preference conference. "Although working-level officials had considered the memorandum of understanding as one idea, the move is currently not under way as the situation is not yet ripe for that."
North Korea also has a blossoming cyberattack program, focusing mostly on targeting South Korea and Japan.
Both South Korea and Japan face growing political tensions from China and North Korea - and while most of the attention is rightfully on physical military force - all four countries must defend against cyberattacks from foreign sources.
The recent Google Android bug discovered by security researcher Ibrahim Balic reveals a common technique could compromise the popular OS due to memory corruption - resulting in the device crashing.
In extreme cases, it appears memory code corruption vulnerability could be boosted and lead to arbitrary code execution, with users at risk of operating a rooted device.
"Although it's true that this vulnerability is capable of crashing Android mobile devices, it's important to point out that at this time there are no known instances or infections of this particular vulnerability 'in the wild,'" said Ryan Smith, Mojave Networks Lead Threat Engineer, in a statement. "Mobile malware distributors are typically motivated by money and information, and are therefore unlikely to use their established distribution channels to disseminate malware an app that simply crashes the device and doesn't gain them anything."
Even so, it's frightening the large amount of malware targeted towards Android devices - and security experts recommend using anti-malware and anti-virus software at the very least.
The leader of the Appbucket group, which was responsible for trafficking pirated Google Android apps, has pleaded guilty to one count of conspiring to commit criminal copyright infringement.
Nicholas Anthony Narbone from Florida pleaded guilty, while co-conspirator Thomas Allen Dye from Florida pleaded guilty earlier this month. Both Narbone and Dye will be sentenced in July, while two others have court dates scheduled for April.
"These men trampled on the intellectual property rights of others when they and other members of the Appbucket Group distributed more than one million copies of pirated apps," said David O'Neil, Justice Department attorney general, in a statement. "These mark the first convictions secured by the Justice Department against those who illegally distribute counterfeit mobile apps."
The group shared more than 1 million copies of pirated apps worth more than $700,000 before being shut down.
The steady popularity of smartphones and tablets has led to a rush to steal apps - and either distribute them freely - or offer them for sale.
Companies need to be aware of so-called "password fatigue" and create easier-to-use password-protected system access, as employees are in a rush to get work done, according to a study released by the National Institute of Standards and Technology (NIST).
Employees are more inclined to remember a single password, even if it's longer and more complex, as opposed to needing multiple passwords for each account. This behavior could lead to potential security issues, so password managers or some other type of authentication could be utilized instead.
"'Password fatigue' is, in fact, a very common problem," the study states. Expecting users to simply adapt to an excessive authentication workload is not realistic. But from the user's perspective, what is excessive? In any case, if our participants' coping and avoidance strategies are any indication, the ways in which users adapt may not be desirable from an organizational perspective. Rather than trying to force users to adapt to authentication, organizations, security experts, developers, and engineers must find ways to make authentication adapt to users - in other words, to make it more usable."
Microsoft Windows XP remains an extremely popular and well-liked operating system, but the security benefits alone of Windows 7 and 8/8.1 haven't been enough to get users to migrate. However, Microsoft and security experts are strongly urging both users and companies to upgrade, or potentially face harmful cyberattacks.
Pure Hacking has a few tips regarding XP: Disable what users don't need on the OS, replace XP with Windows 7, segregate legacy installations, and implement application whitelisting control.
"Across Australia there are tens of thousands of machines still running Windows XP - just think POS terminals, let alone all those SMBs," said Gordon Maddern, Pure Hacking CTO, in a statement. "Anyone still on XP will be wide open to attack. All new vulnerabilities - and countless numbers of these are likely - will no longer be fixed by Microsoft. I cannot stress enough, it's time to migrate, migrate, migrate."
In reality, SMBs and corporations should have created a migration plan long ago - and should be well underway with the migration plan - but it's become evident that many companies will instead try to scramble to stay in compliance.
As the Microsoft end of support for the aging Windows XP operating system quickly approaches, security researchers believe the banking industry faces a serious risk of compromised ATMs, according to Symantec.
The Backdoor.Ploutus.B malware variant, an upgraded version of sophisticated malware that proved effective in 2013, allows cybercriminals to force ATMs to dispense cash.
The criminals simply send an SMS to a compromised ATM, walk up, and collect the stolen cash - using a network packet monitor (NPM) and other tools to properly infect the ATM.
"As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number '5449610000583686' at a specific offset within the packet in order to process the whole package of data," said Daniel Regalado, Symantec security researcher, in a blog post. "Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus."