study-reveals-xiaomi-huawei-lenovo-phones-contain-malware-by-default

It’s not just PCs that are at threat of malicious software (malware), smartphones are fast becoming the prime target for malware, but how has this happened?

First of all, what exactly is malware? Essentially, it’s a nasty string of code or a program which enters software with the main aim of stealing data, taking control of your system or flooding your device with irritating ads.

And you only have to look at the rise of the smartphone to understand exactly why it’s such an attractive prospect for installing software. More people now use their smartphone to access the internet than they do their laptop and this has led to the following issues:

  • Even the most advanced PC user does not fully understand smartphone security as it involves different software and operating systems
  • The average smartphone user is not even aware that their phones can be hacked or monitored

However, the latest malware scandal to hit the smartphone world involves three Chinese smartphone manufacturers (Lenovo, Xiaomi and Huawei) actually preloading their phones with malware. Not exactly the most honest strategy for reassuring users that their data is safe, is it?!

Uncovering the Scandal

881665_NpAdvMainFea

Smartphone malware has been a growing concern for some time, so the German security firm G Data decided it was time to asses the landscape.

And their study reported some shocking findings.

Smartphone malware epidemics are now so common that they’re being discovered roughly every 14 seconds. That means by the time you’ve finished reading this article around 15 smartphone malware epidemics will have erupted. This is very troubling news for every smartphone owner who values their security.

Many brands have been implicated in the scandal, but the most prominent and weighty accusations have been leveled at Lenovo, Xiaomi and Huawei.

Who’s to Blame?

Obviously, once a scandal as hot as this lands, the accused are quick to clear their name and the brands affected have claimed that whilst the malware does exist, it has been installed on their phones by third-party middlemen.

Xiaomi has gone on to comment that this will only occur when purchasing their smartphones through unauthorized dealers. Now, whilst this does sound plausible it’s not ringing true with a number of consumers.

Many consumers feel that the brands involved in the scandal are knowingly involved in the scandal and are, in fact, making a quick buck from allowing this malware to be installed on their smartphones. It doesn’t help that Lenovo has recently been implicated in a bloatware scandal with their laptops, so the level of distrust for such large brands is widespread.

However, actually proving that the manufacturers behind the malware install is incredibly difficult. The malware itself actually clings on to other innocent apps, much like a parasite, and even if these apps are installed it then heads straight to the smartphone’s firmware. This makes it very difficult to pinpoint exactly how the malware got on the smartphone.

The Future of Smartphone Malware

android-malware-01

G Data has conceded that they probably haven’t uncovered the full extent of pre-installed smartphone malware, so many other brands and models could be infected before they’re even turned on for the first time.

This is quite concerning for the huge number of smartphone users which seems to be growing larger by the day. Understanding that your smartphone is at risk is therefore essential in this day and age. And avoiding unauthorized dealers should be an absolute given to limit your chances of falling prey to malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Phishing

Do you know how to spot a phishing email? Phishing emails are not only a nuisance, but can also lead to theft. Our guide will show you how to spot them.

The term “phishing” is likened to the word fishing, which sounds almost the same and is used with the same notion to reel in some information such as a username/password or to hook you into taking some action via an unsolicited email. The aim of a phishing email is to “phish” a user by having them fall for the bait without initially realizing it.

Convincing phishing emails work well for the originator without raising too much suspicion to the end user.  So how does one avoid this? First, let’s understand the damage a phishing email can generate before we delve into how to spot one.

What harm can phishing emails cause?

There are two major risks that can result from opening up links or attachments from phishing emails.

  1. Many email authors aim to trick users into believing that they’ve been contacted by a legitimate company that may prompt them to visit a link which can lead to a fake website. This site may be a copy-cat site of a legitimate one, for instance a banking site, complete with a login screen. The spoof site then captures and records login credentials which can be used again by the originator of the dummy site.
  2. The email itself may pretend to pose as the legitimate company, such as a bank, prompting their targets to take action through their link. Usual email wording triggers the user to prompt some action such as “your account is suspended”, “update your information”, or even that an account has had “unauthorized access”. Anything which triggers panic or confusion is enough to get a user to follow through the phishing email’s instruction.

Such scams can lead users to give away their credentials, passwords, and private information, which can be used to steal their identity and money.

Many phishing emails also attempt to infect systems with malware. This is a common entry point for a large majority of infections at companies leading to infecting one’s computer system and network with nasty malware. The worst case scenario includes the malware holding a user’s data hostage in exchange for a ransom.

How to spot phishing scams

Below are usual signs of phishing email to watch out for.

  • Unrecognized sender. This is usually a big giveaway. If you don’t recognize the sender, treat it with suspicion. Even if the recipient appears with the same domain, always question this as clever phishing attacks can use the same company domain to trick users.
  • Unexpected emails. Unless you’re expecting an email from a company i.e. a delivery shipment notification, or a lottery win, treat this with suspicion. If unsure about a delivery shipment, contact the official company – acquiring their contact details through their official website.
  • Prompts to open up attachments. Avoid clicking any links or opening attachments.
  • Odd looking website addresses. Another clue to phishing emails are links in the email having suspicious website addresses, which can redirect you to a dodgy website.
  • Odd looking or out of place emails. If you’re able to look at the sender’s details, see what email address it displays. Most of the time their email domains will not match the company they claim to be from. For instance, an email claiming to be from your bank could have @yahoo.com domain. This is an obvious giveaway!
  • Impersonating institutions and companies. As mentioned earlier, be suspicious of so-called emails posing to be Banks, the IRS, Social Security Office and so forth. They rarely contact users through email. If in doubt, contact them directly and not through any telephone numbers given in the message.
  • Poorly written English and grammar. Many phishing emails contain poorly structured sentences and grammatical mistakes which sound like they’ve been written by a ten year old or a non-native English speaker.

Anatomy of Phishing-1

If ever you’re in doubt, don’t hesitate to notify your IT administrator who can help to block as many phishing emails as possible. Even if some manage to filter through, which does happen, put this guide into practice.

For more ways to secure your business systems and networks, contact your local IT professionals.

Read More


nsa-malware-hard-drives-570

Security firm Kaspersky reveals malicious National Security Agency (NSA) malware hidden in drivers and firmware around the world. Read the summary here.

Kaspersky exposes NSA malware built into hard drives worldwide

Sitting on millions of hard drives across the globe lays a deep rooted NSA malware designed to spy on computer activity, which has also been noted to have done so for over a decade!  The NSA is responsible for gathering electronic intelligence on behalf of the U.S. government.

The majority of brands such as Seagate, Toshiba, Western Digital and many others, have had the tampered firmware built into their hard drives, according to the security software giant Kaspersky.

As many as 30 countries around the globe have the spyware infection implanted on their personal computers. Prime targets have been found to be military and government bodies, banks, energy companies, telecommunication firms and many others.

Most of the targets are from countries such as Afghanistan, Algeria, China, Mali, Mexico, Pakistan, Russia, Syria and Yemen; however it has been picked up in other western countries such as the UK, and parts of Europe.

The party behind all of this has been branded with the name “The equation Group”, who cleverly gained access to the various different firmware’s source code and cracked complex encryption algorithms. They’ve used their highly skilled ability to infect and access very specific targets.

Kaspersky has not named the firm responsible for all the spying operations. It’s believed to be strongly related to the Stuxnet attack which was led by the NSA. Stuxnet was a campaign designed to attack the uranium enrichment facility in Iran.

The Factors behind the Malware’s success

  • The malware, reported as a  dll file, is able to resist computer reformats and hard disk wipes in a ploy to reinfect the host.
  • Ironically, this has impressed Kaspersky Labs in the sense of a piece of hardware having the ability to cause re-infection to a pc. They described it as “ground-breaking technology”.
  • The malware was coded into the hard drive’s firmware, which is the software that allows it (the hardware) to run. For instance, when a computer is switched on it’ll access the firmware to talk to hard drives and other system hardware.
  • In the case of the dll file, a computer will end up getting re-infected as the firmware is needed to use the hard drives.
  • The spy program could work on any hard disk currently sold on the market.

How did it get there in the first place?

NSA-Listens-Shirtmock

It begs the question as to how such malware could have been embedded into the firmware of so many hard drives and to the majority of hard drive companies in the first place?
According to Kaspersky’s director, Costin Raiu, the makers of the spyware must have been able to have had access to the actual source code of each and every infected hard drive. The source code holds the structure, and when in the hands of a third party programmer, this can permit vulnerabilities to be identified and used to harbor malware within it and used for attack.

Raiu continued to add, that’s there’s little chance for the hard drive firmware to be rewritten by just anyone with the use of public information.

Most hard drive companies would not officially disclose whether or not they’ve allowed any such NSA agency officials to access the source code. However Western Digital, Seagate and Micron spokesmen have stated that they have not allowed their source code to be tampered with and take security very seriously.

Despite this, it is still possible for undercover NSA coders to have been employed by any given hard drive manufacturer over a decade ago or disguised as software developers to acquire the source code. It is also likely for hard disk code evaluations to have been requested on behalf of the Pentagon. All are theories of how social engineering could have been part of “the equation”.

This has now made many corporate giants, like Google and others in the US, rethink who could have attacked them back in 2009, which was originally pinned on China.

Evidence exists of hackers having reached the source code from various large American technology and defense corporations, according to reports from investigators.

For more ways to secure your data and systems, contact your local IT professionals.

Read More


ransomware-161113CryptoWall 3.0, a new variant of the Cryptolocker ransom-ware virus is out causing problems to many businesses. Learn how it works and how to prevent it.

Discovered in late February 2015, CryptoWall 3.0 works very much like the previous versions of this virus, however its strategy to infect systems is somewhat different..

How CryptoWall 3.0 works

  • When the infected file containing CryptoWall 3.0 is opened, the malicious program encrypts all files that it finds mapped over the network.
  • Files become encrypted and unreadable.
  • Only the perpetrator can unlock the code to make it readable again.
  • Once it finishes encrypting all files, it asks for a ransom of around $500USD.
  • This amount is expected to be paid in Bitcoin currency, which is a universal currency used around the world.

Point of entry and identification

CryptoWall 3.0 employs social engineering tactics via phishing emails. These come through with attachments disguised as an “incoming fax report” displaying the same domain as the one the user is on creating a false sense of trust by making them believe it is a legitimate document. Once opened, Cryptowall picks up all mapped drives identified from the host machine it infects and encrypts all of the contents on it as well as the data on the mapped drives.

CryptoWall 3.0 uses .chm attachments, which is a type of compressed file used for user manuals within software applications. Since .chm is an extension of HTML, this allows the files to be very interactive with different types of media such as images, hyperlinked table of contents and so forth. It also uses JavaScript to allow the attack to send users to any website on the Internet, which occurs when a user opens up the malicious .chm file.
Once the file is opened, the attack automatically runs its course.

CryptoWall: More than meets the eye

rouge

Ransom Malware bas been evolving since the first wave of Cryptolocker attacks back in September 2013, which had netted the virus writers over $27,000,000 from claiming ransom money within only a few months of the Cryptolocker operation. Attacks are happening all over the world with detections in Europe, the UK, the US and in Australia.
The sophisticated Cryptolocker and CryptoWall attacks also use botnets, which is a wide network of compromised machines, to be the originators of the attack. Aside from speeding up distribution of the virus, it allows anonymity for the virus writers.

How to prevent CryptoWall 3.0

For more ways to stay protected and safeguard your network, contact your local IT professionals.

Read More


microsoft-security-essentials

Microsoft Security Essentials is not as effective as you may think. Here’s a summary of the last two AV testing evaluations carried out by AV-Test.org.

There mare any anti-virus programs available to install, some are free, like Microsoft Security Essentials (MSE) and others, like Trend Micro, Kaspersky and the like are paid with free versions available providing less features such as real time scanning.

Are paid ones any better than free AVs? A better option is to run Malwarebytes. We’ll conclude a little later.

AV-Test Results

AV-Test.org is an is an independent test center based in Germany  where they  carry out tests to evaluate which anti viruses can withstand a variety of malware. This particular test involved approximately 12,327 different malware, along with 153 emulated zero-day attacks, on Windows 7 machines.

Out of the 28 tested AV programs tested, Microsoft fared poorly by failing to protect its own operating system. In fact it came in last compared to all their 27 competitors.  These tests were carried out in December 2014 and they measured usability, performance and protection, which resulted in classifications.

This is not the first time Microsoft came last here.  They’ve also come last in the previous run of tests in 2013. They had gained top marks for MSE usability and were above averaged in performance but scored a big fat zero in the most critical part, to protect against malware!

Microsoft’s Perspective

In defense of Microsoft’s AV-test results, Joe Blackbird, representing Microsoft, wrote in a blog about it. He spoke out against the malware attacks tested by AV-Test, and stated that they’re unlikely to occur in the wild to pose a major risk to users. To support his statement, he mentioned that 94% of the samples carried out in the test were not picked up by MSE and didn’t even end up infecting their systems, hence not posing a serious risk.

Overall, Microsoft has made it clear that the AV-test results in the past does things differently as opposed to prioritizing their protection based on actual real malware threats.

Are paid anti-virus programs any better than the free ones?antivirus

Based on AV-test results, it seems like it’s highly likely. However, not all paid solutions offer the best protection. For instance, McAfee Internet Security is a paid solution and it was not far off from being the worst in protecting from the list of Malware threats. They were next to last on the list, with being only slightly better than MSE.

The highest rated AV from the test results to offer the best protection against malware attacks is Kaspersky, which happens to be a paid solution.

You do not need to necessarily go out and spend money on an AV. However, if you do run MSE, a better option is to run Malwarebytes, which is effective and free.

For more ways to secure your data and systems, contact your local IT professionals.

Read More