Smashing Security podcast #240: 3D printer hijacks, crypto fails, and a tech billionaire’s revenge Graham Cluley Security News
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against.
Google’s Android mobile threat protection, which automatically scans over 100 billion apps every day, was introduced during the Google I/O 2017 in May 2017, with rollout to all Android devices starting in July 2017.
Since then, Google Play Protect has been deployed to billions of devices and is now the built-in malware protection on over 2.5 billion active Android devices.
According to AV-TEST’s results, Google’s mobile threat protection solution ranked last out of 15 Android security apps tested over a span of six months, between January to June 2021.
While always running and scanning every app installed and launched on the device, “the endurance test revealed that this service does not provide particularly good security: every other security app offers better protection than Google Play Protect.”
During this 5-month long endurance test, Google Play Protect detected a little over two-thirds of nearly 20,000 infected apps the testing lab used as part of three rounds of tests.
Each of these testing rounds pitted the security apps against over 3,000 newly-discovered malware samples (up to 24 hours old) and a reference set of more than 3,000 other up to one-month-old samples.
“A total of 5 apps always detected all the attackers 100 percent in the real-time test and in the test with the reference set,” AV-TEST found.
“Finishing in last place, Google Play Protect only detected 68.8 percent in the real-time test and 76.6 percent in the test with the reference set.”
Out of all mobile security apps tested, Bitdefender, G DATA, McAfee, NortonLifeLock, and Trend Micro were the ones that hit a perfect 100% detection rate.
Google Play Protect also mistakenly detected 70 apps as potentially malicious out of almost 10,000 harmless ones installed by AV-TEST from the Play Store and third-party Android app stores.
Given that the Android built-in malware protection solution failed to detect over a third of the 20,000 malware…
The Kremlin has failed to deny that the takedown of Russian-based hacking group ReVil is tied to US President Joe Biden’s pressure on Russian President Vladimir Putin.
Press secretary of the President of the Russian Federation Dmitry Peskov said Wednesday the state doesn’t have any information about REvil’s sudden disappearance from the internet and insisted Russia wants to ‘cooperate’ with the US in taking down cybercriminals.
REvil’s dark web data-leak site and ransom-negotiating portals have both been unreachable since about 1am on Tuesday.
The timing of the takedown raised eyebrows coming just days after Biden demanded Putin took action following a series of devastating ransomware attacks by the Russia-based group on US businesses.
REvil, also known as ‘Ransomware evil’, was responsible for the Memorial Day ransomware attack on the meat processor JBS and the supply-chain attack this month targeting the Miami-based software company Kaseya that crippled well over 1,000 businesses globally.
The Kremlin has failed to deny that the takedown of the websites used by Russian-based hacking group ReVil is tied to US President Joe Biden’s pressure on Russian President Vladimir Putin. Biden and Putin pictured meeting at the Geneva Summit on June 16
When asked Wednesday by reporters if Russia was behind REvil’s takedown from the darknet, Peskov denied having any knowledge of what had happened.
‘I cannot answer your question, because I do not have such information. I do not know which group, where it disappeared from,’ he said, according to Russian News Agency TASS.
He said Russia believes cybercriminals ‘should be punished’ but doubled down that he was not aware if the ransomware gang had been deliberately been targeted by authorities.
‘We believe that [cybercriminals] should be punished,’ he said.
‘On the international level, we believe that we should all cooperate. In this case, Russia and the United States should cooperate in order to suppress such manifestations.
‘As for the particulars about this group, I, unfortunately, with such information I don’t have it, ‘he added.
Peskov said the US and Russia had begun talks on how to work together to tackle cyber crime.
Ransomware attacks don’t just target a business’s single endpoint. They can infect its entire network in seconds if they can penetrate remote management software. On top of the increasing ransomware threat, businesses are producing more data than ever. In fact, according to a StorageCraft Global Research study, 86% of experts believe data volume will increase 10 times or more in the next 5 years.
With increasingly targeted ransomware attacks and an explosion in data creation, it’s clear why businesses must take a more sophisticated approach to data protection. The only thing between your business and data loss or a ransom is a disaster recovery (DR) plan. Ransomware is everywhere, and sooner or later your business will be attacked. When that happens, how will you recover? Recovery starts with a clearly defined plan.
The good news is that although more businesses are succumbing to ransomware, at the same time more businesses are recovering safely. According to our recent webinar, StorageCraft has seen an 8X growth in ransomware restorations since 2017. Businesses that can recover have a plan, execute it, and ultimately prevent data loss.
But remember, a plan should account for protecting data as well as reducing downtime. Although data may be safe with basic data protection measures, many businesses take days—or even weeks—to recover if there’s a significant failure event. According to data from StorageCraft’s recent global study, only 15% of businesses can recover from severe data loss within an hour. When downtime can cost as much as $5,600 every minute, even an hour can be expensive.
Rather than watch dollars slip down the drain, let’s look at how to build a solid plan that prevents data loss and costly downtime.
A disaster recovery plan should…