Tag Archive for: trick

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween

/in


Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond

Trick or treat, it is Halloween! The day has come when children knock on your door dressed in scary costumes and ask for a treat. Be ready…or a spooky spell will be cast upon you!

The real danger, however, doesn’t knock on the door. Hackers, imposters and scammers of all ilk are looking for you in all corners of the internet, and all they want is to trick you into giving away your personal data or money.

With Cybersecurity Awareness Month ending on the last day of October, it’s a good time to look at some common ways your personal information could be at risk (not just this Hallow’s eve!) and offer up some sweet treats to help you and your family avoid falling for hackers’ tricks.

Self-defense against scammers’ tricks

Trick #1: Fake websites

vs.

Treat #1: Recognizing phishing attacks

So someone messaged you on Instagram about an amazing Bitcoin deal. Awesome! And is it just as simple as clicking a link? Even better. Or not? Let me guess, it will take you to a site that looks super professional and convincing and there’s a place to enter your credit card details to get started? Yes? Then that’s most certainly a scam. And it becomes even harder to tell right away if a website is real or when it’s a fraudulent version of well-known crypto exchanges.

In order to avoid falling for scams involving fake websites, especially those that request your personal information or banking details, make sure to:

  • Avoid clicking on links in unsolicited messages, doubly if the message came out of the blue and uses a generic salutation.
  • Don’t ever feel rushed into taking an action.
  • Watch out for misspelled domains and once on a website, use common sense to look out for other red flags, such as suspicious grammar mistakes or low-resolution images.
  • Consider manually typing out the website’s address into the browser bar and/or try Google’s  Safe Browsing site status tool or VirusTotal’s URL checker to…

Source…

Cybercrims trick Microsoft into certifying malware | Information Age

/in


Cybercriminals have manipulated a Microsoft security mechanism to bypass Windows security controls, security researchers have said in publishing details of malware that has targeted gamers with credential theft for more than a year.

Named FiveSys by the Bitdefender researchers that discovered it, the new rootkit – malicious software designed to give cybercriminals ‘root’ access with unlimited control of a targeted computer – quietly redirects traffic to specific Internet addresses related to online gaming, allowing them to monitor the activities of targeted users.

The code successfully masked its true functionality well enough that it went undetected by Microsoft’s Windows Hardware Quality Lab (WHQL) quality-assurance process, which requires product developers to test device drivers for compatibility using the Windows Hardware Lab Kit (HLK).

Logs from this testing are then submitted to Microsoft’s Windows Quality Online Services (WQOS), which confirms the software is suitable for use on Windows.

WQOS creates a unique digital signature that enables certified drivers to be installed on a Windows computer using the official Windows Update program – which lends a degree of confidence for end users.

“Digital signatures are a way of establishing trust,” an analysis by Bitdefender’s DracoTeam says, noting that the issuing of a valid certificate “helps the attacker navigate around the operating system’s restrictions on loading third-party modules.”

“Once loaded, the rootkit allows its creators to gain virtually unlimited privileges”.

The use of fraudulently acquired digital signatures isn’t new, but previous attacks usually relied on cybercriminals stealing a third party’s digital certificate and attaching it to their own code to slip under the operating system’s security radar.

Because digital certificates are tied to their original owner, whose details are displayed when the software is being installed, malware signed in this way would be an obvious fake if scrutinised.

However, when FiveSys was being installed, Windows would tell end users that the application was signed by Microsoft – seeming for all intents and purposes to be…

Source…

Cyber Security Today, Aug. 30, 2021 – A new ransomware strain with a trick, a warning for Azure Cosmos administrators and more on the T-Mobile hack

/in


A new ransomware strain with a trick, a warning for Azure Cosmos administrators and more on the T-Mobile hack

Welcome to Cyber Security Today. It’s Monday August 30th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

 

A new strain of ransomware uses a trick to evade detection. According to cybersecurity company Sophos, instead of encrypting all the bytes of a file the LockFile strain only scrambles every 16 bytes of a file. That way the partly encrypted files look similar to the uncompromised original file. As a result, it evades the statistical file analysis some ransomware protection applications perform when comparing files. It’s not the only ransomware strain that does this. But what sets LockFile apart is it encrypts every other 16 bytes of a file. Sophos calls this intermittent encryption. IT security teams need to make sure their defensive software can meet this challenge.

Meanwhile the news site The Record reports the gang behind the Ragnarok ransomware has shut operations and released a free decryption utility that victims can use to get their data back.

Chains of threat actor-controlled computing devices called botnets help attackers distribute malware. According to a news report, one of them has suddenly shut. Those behind the botnet distributing the Phorpiex malware are selling the source code. The bad news is if a threat actor buys the code the botnet can be re-activated.

Organizations with employees using Microsoft’s Azure Cosmos database with the Jupyter Notebook feature enabled need to take certain security precautions. This comes after researchers reported a vulnerability that could allow an attacker to get into accounts. Microsoft says it has fixed the vulnerability. But it also says IT departments have to regenerate the primary security keys for the application. According to the company that discovered the problem, every organization that uses Azure Cosmos DB should assume their data has been exposed. It estimates there are thousands of organizations affected, including some in the Fortune 500. There’s a link to the Microsoft report here.

Has sportswear maker Puma been hacked? That’s the question after an ad on the criminal…

Source…

Try This One Weird Trick Russian Hackers Hate – Krebs on Security

/in


In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.

The Commonwealth of Independent States (CIS) more or less matches the exclusion list on an awful lot of malware coming out of Eastern Europe.

The Twitter thread came up in a discussion on the ransomware attack against Colonial Pipeline, which earlier this month shut down 5,500 miles of fuel pipe for nearly a week, causing fuel station supply shortages throughout the country and driving up prices. The FBI said the attack was the work of DarkSide, a new-ish ransomware-as-a-service offering that says it targets only large corporations.

DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities.

In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.

Possibly feeling the heat from being referenced in President Biden’s Executive Order on cybersecurity this past week, the DarkSide group sought to distance itself from their attack against Colonial Pipeline. In a message posted to its victim shaming blog, DarkSide tried to say it was “apolitical” and that it didn’t wish to participate in geopolitics.

“Our goal is to make…

Source…