Showing posts with label SECURITY & FRAUD. Show all posts
Showing posts with label SECURITY & FRAUD. Show all posts

Beware, Cyber Thieves Target Mobile Phones with Aggressive Malware, Ransomware




NEWS
Beware, Cyber Thieves Target Mobile Phones with Aggressive Malware, Ransomware
Smart device users are advised to devote as much time and money to protect their mobile phones and tablets as they do with their personal computers. A growing number of consumers spend more time using their mobile devices than their personal computers. A number of aggressive malware ...
Google PlusFacebookTwitterFlag as irrelevant
Allot Awarded Best Mobile Security Solution
Allot NetworkSecure (previously named Allot WebSafe Personal), enables Communications Service Providers (CSPs) to offer security as a service to their subscribers, protecting mobile devices from malwareand cyber threats, as well as providing parental controls. The network-based security service is ...
Google PlusFacebookTwitterFlag as irrelevant
Security Experts Shine a Spotlight on Automation, Managed Services at MobileWorld Congress
While he doesn't know the answer, one thing is certain: Hackers are taking their 30 years of finely-honed malware skills and moving their attacks to mobile devices. He pointed to BankBot, a malicious Android app that imitates real banking applications to steal users' login details. Historically, cyberattacks ...
Google PlusFacebookTwitterFlag as irrelevant
IoT, cloud poses new security challenges for organizations: GlobalData
As a result, proactive threat intelligence, mobile malware security, and the growing prevalence of cloud access security broker (CASB) software and DevSecOps are some pre-emptive measures being adopted by enterprises to prevent data thefts, implement enterprise security policies, and provide more ...
Google PlusFacebookTwitterFlag as irrelevant
Research details developments in the IoT, cloud presents new security challenges for enterprises
As a consequence, mobile malware security, proactive threat intelligence and the steeply rising dominance of cloud access security broker (CASB) software and DevSecOps are certain pre-emptive measures being readily implemented by organizations for preventing data theft incidents. They are also ...
Google PlusFacebookTwitterFlag as irrelevant

5 mobile security threats you should take seriously in 2018

IDGNS

Mobile security is at the top of every company's worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is $21,155 
per day, according to a 2016 report by the Ponemon Institute.
While it's easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. That's thanks to both the nature of mobile malware and the inherent protections built into mobile operating systems.
The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing in the coming year:

1. Data leakage

It may sound like a diagnosis from the robot urologist, but data leakage is widely seen as being one of the most worrisome threats to enterprise security as we head into 2018. What makes the issue especially vexing is that it often isn't nefarious by nature; rather, it's a matter of users inadvertently making ill-advised decisions about which apps are able to see and transfer their information.
"The main challenge is how to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users," says Dionisio Zumerle, research director for mobile security at Gartner. He suggests turning to mobile threat defense (MTD) solutions — products like Symantec's Endpoint Protection Mobile, CheckPoint's SandBlast Mobile, and Zimperium's zIPS Protection. Such utilities scan apps for "leaky behavior," Zumerle says, and can automate the blocking of problematic processes.
Of course, even that won't always cover leakage that happens as a result of overt user error — something as simple as transferring company files onto a public cloud storage service, pasting confidential info in the wrong place, or forwarding an email to an unintended recipient. That's a challenge the healthcare industry is currently struggling to overcome: According to specialist insurance provider Beazley, "unintended disclosure" was responsible for a full 41 percent of data breaches reported by healthcare organizations in the first three quarters of 2017 — more than double the next highest cause.
For that type of leakage, data loss prevention (DLP) tools may be the most effective form of protection. Such software is designed explicitly to prevent the exposure of sensitive information, including in accidental scenarios.


2. Social engineering

The tried-and-true tactic of trickery is just as troubling on the mobile front as it is on desktops. Despite the ease with which one would think social engineeringcons could be avoided, they remain astonishingly effective.

A staggering 90 percent of data breaches observed by Verizon's Enterprise Solutions division are the result of phishing, according to the company's 2017 Data Breach Investigations Report. While only 7 percent of users fall for phishing attempts, Verizon says, those gullible guys and gals tend to be repeat offenders: The company estimates that in a typical organization, 15 percent of users who are successfully phished will be phished at least one more time within the same year.
What's more, numerous bits of research suggest users are more vulnerable to phishing from mobile devices than desktops — by as much as three times, according to an IBM study, in part because a phone is where people are most likely to first see a message. "We do see a general rise in mobile susceptibility driven by increases in mobile computing overall [and] the continued growth of BYOD work environments," says John "Lex" Robinson, information security and anti-phishing strategist at PhishMe — a firm that uses real-world simulations to train workers on recognizing and responding to phishing attempts.
Robinson notes that the line between work and personal computing is also continuing to blur. More and more workers are viewing multiple inboxes — connected to a combination of work and personal accounts — together on a smartphone, he notes, and almost everyone conducts some sort of personal business online during the workday. Consequently, the notion of receiving what appears to be a personal email alongside work-related messages doesn't seem at all unusual on the surface, even if it may in fact be a ruse.

3. Wi-Fi interference

A mobile device is only as secure as the network through which it's transmitting data. In an era where we're all constantly connecting to public Wi-Fi networks, that means our info often isn't as secure as we might assume.
Just how significant of a concern is this? According to new research being released by enterprise security firm Wandera this week, corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. Nearly a quarter of devices have connected to open and potentially insecure Wi-Fi networks, and 4 percent of devices have encountered a man-in-the-middle attack — in which someone maliciously intercepts communication between two parties — within the most recent month.
"These days, it's not difficult to encrypt traffic," says Kevin Du, a computer science professor at Syracuse University who specializes in smartphone security. "If you don't have a VPN, you're leaving a lot of doors on your perimeters open."






Selecting the right enterprise-class VPN, however, isn't so easy. As with most security-related considerations, a tradeoff is almost always required. "The delivery of VPNs needs to be smarter with mobile devices, as minimizing the consumption of resources — mainly battery —  is paramount," Gartner's Zumerle points out. An effective VPN should know to activate only when absolutely necessary, he says, not when a user is accessing a news site, for instance, or when a user is working within an app that's known to be trustworthy and secure.


4. Out-of-date devices

Smartphones, tablets and smaller connected devices — commonly known as the internet of things (IoT) — pose a new risk to enterprise security in that unlike traditional work devices, they generally don't come with guarantees of timely and ongoing software updates. This is true particularly on the Android front, where the vast majority of manufacturers are embarrassingly ineffective at keeping their products up to date — both with operating system (OS) updates and the smaller monthly security patches between them — as well as with IoT devices, many of which aren't even designed to get updates in the first place.
"Many of them don't even have a patching mechanism built in, and that's becoming more and more of a threat these days," Du says.
Again, a strong policy goes a long way. There are Android devices that do receive timely and reliable ongoing updates. Until the IoT landscape becomes less of a wild west, it falls upon a company to create its own security net around them.


5. Physical device breaches

Last but not least is something that seems silly but remains a disturbingly realistic threat: A lost or unattended device can be a major security risk, especially if it doesn't have a strong PIN or password and full data encryption.
Consider the following: In a 2016 Ponemon Institute study, 35 percent of professionals indicated their work devices had no mandated measures in place to secure accessible corporate data. Worse yet, nearly half of those surveyed said they had no password, PIN, or biometric security guarding their devices — and about two-thirds said they didn't use encryption. Sixty-eight percent of respondents indicated they sometimes shared passwords across personal and work accounts accessed via their mobile devices.
The take-home message is simple: Leaving the responsibility in users' hands isn't enough. Don't make assumptions; make policies. You'll thank yourself later.




via CSO

how bad guys get malware inside your smartphone



Digital thieves have a playbook for stealing your sensitive data. A software security firm spells it out. 
Avira, a company that provides antivirus and Internet security software, has published a concise but informative 5 step guide to mobile theft explaining the how and why of malware getting inside your mobile device. 
The five-step strategy is pretty simple but effective, according to Avira.
Effective because, one, some malicious software slips by filters at reputable online stores and, two, people are always looking for free stuff, Alexander Vukcevic, head of virus lab for Avira, told Fox News. 
“Users rely on the quality assurance provided by store operators, and many users try to access and deploy popular apps through alternative stores without paying anything,” He said. “This…is used by many malware authors to infect mobile phones.” 
Step 1: The plan. The bad guys identify vulnerabilities then develop exploits. If they don’t have the skills, they hire a bounty hunter on the black market. Bounty hunters sometimes work with exploit brokers. The broker gets paid because organizations will pay to find and stop the hack. 
Step 2: The gear. Infected websites and malicious apps are the gear used to install malware on victims' phones.
Step 3: The inside man. Once downloaded to your phone, the bad guy tries to gain root access to the phone. “If this fails, they generate a fake update notification — clicking on the notification grants them the ability to display ads and download apps at will. Banditos can even change the phone’s IMEI number to increase the number of ads they can display,” according to Avira.
IMEI, which stands for International Mobile Equipment Identity, is a unique number used to identify phones.
Step 4: The heist. They sit back wait until the money starts flowing in.
Step 5: the getaway. The cybercriminals have gotten inside and left malicious code behind. But the malware is often “difficult to dislodge,” says Avira. 
HummingBad -- and its derivatives -- is a good real-world example, according to Avira. The booby-trapped app is incredibly devious because it’s often supported by fake reviews and four-star ratings. 
“These apps can look pretty good. People have found them in the official Google Play store or, more commonly, from the off-market sites,” Avira said. Off-market sites offer, for example, Android apps that may not be available in the Google Play store. The apps on these sites are often free.
However, if users access a malicious app it immediately tries to get root access to the phone, which allows it to do pretty much anything. “If that fails, it tries to get the user to click on a bogus ‘System Update’ notification," according to Avira. 
And it can be very profitable. “Each click, every install on the infected device means more money for the bad guys – an estimated $300,000 monthly,” Avira said, referring to HummingBad.
The fix can be extreme. “To remove this malware, the most common solution is a wipeout for the device owner, as it usually requires a complete reset of the device, wiping out all apps, settings, and saved files,” says Avira.



via FoxNews

New code injection method avoids malware detection on all versions of Windows

Presented at Black Hat Europe, a new fileless code injection technique has been detailed by security researchers Eugene Kogan and Tal Liberman. Dubbed Process Doppelgänging, commonly available antivirus software is unable to detect processes that have been modified to include malicious code.
The process is very similar to a technique called Process Hollowing, but software companies can already detect and mitigate risks from the older attack method. Process Hollowing occurs when memory of a legitimate program is modified and replaced with user-injected data causing the original process to appear to run normally while executing potentially harmful code.
Unlike the outdated hollowing technique, Process Doppelgänging takes advantage of how Windows loads processes into memory. The mechanism that loads programs was originally designed for Windows XP and has changed little since then.
To attempt the exploit, a normal executable is handed to the NTFS transaction and then overwritten by a malicious file. The NTFS transaction is a sandboxed location that returns only a success or failure result preventing partial operations. A piece of memory in the target file is modified. After modification, the NTFS transaction is intentionally failed so that the original file appears to be unmodified. Finally, the Windows process loader is used to invoke the modified section of memory that was never removed.
The following table shows the antivirus software tested by the researchers that is unable to block the exploit discovered.
ProductOperating SystemResult
Windows DefenderWindows 10Success
AVG Internet SecurityWindows 10Success
BitdefenderWindows 10Success
ESET NOD 32Windows 7 SP1Success
Symantec Endpoint ProtectionWindows 7 SP1Success
McAfee VSE 8.8 Patch 6Windows 7 SP1Success
Kaspersky Endpoint Security 10Windows 7 SP1Success
Kasperksy Antivirus 18Windows 7 SP1Success
Symantec Endpoint Protection 14Windows 7 SP1Success
PandaWindows 8.1Success
AvastWindows 8.1Success
It should be noted that Windows 10 Fall Creators Update originally appeared to fix the issue since the duo presenting were unable to perform the exploit on the latest version. When attempting the exploit, a stop error otherwise known as the blue screen of death occurs. Not a desirable effect, but better than ending up with an infected machine.
However, later updates apparently allowed for the exploit to work again even on the latest patches of Windows 10. Due to the nature of the exploit, Microsoft will have its work cut out to update a core feature that helps preserve software compatibility. Antivirus vendors should be able to push out updates to detect and prevent Process Doppelgänging within the coming weeks.


via Techspot

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes