Malware Threats

What is Social Engineering?

Social engineering is the psychological manipulation of people in the hopes of gaining access to confidential information or systems. It is a form of confidence trick for the purpose of information gathering, fraud, or system access. The attacks used in social engineering can be used to steal employees’ confidential information or data, and the most common type of social engineering happens over either phone or email. Other examples of social engineering attacks include criminals posing as service workers or technicians, so they go unnoticed when access the physical site of a business. Social Engineering Principles The main methods that cyber criminals use to perpetrate social engineering have existed for a long time. They are based on fundamental psychological principles about human behavior – attackers use these principles to gain access to sensitive data or information. Reciprocity: People tend to return a favor. For example, if an attacker is in some way generous or thoughtful, the victim may feel compelled to provide special access or otherwise bend critical rules. Commitment: When someone commits, either orally or in writing, to do something, they become more willing to honor their commitment because they then take it as a personal responsibility to fulfill. For example, on auction sites, people will get trapped into bidding higher than they may have initially intended because they wish to ‘win’ the item in question, regardless of how much the item is actually worth. Social proof: People will do things that they see other people are doing. For example, a software product endorsed by a celebrity will have a greater sense of value to people, regardless of its quality, because of the endorsement. Authority: People will tend to obey authority figures, even if they are asked to perform objectionable acts. In a social engineering attack, this may lead an employee of a targeted organization to provide information to a caller pretending to be a law enforcement official. Liking: People are easily persuaded by other people that they like. Simply being pleasant and friendly is often enough to allow special access to an attacker. Main Forms of Social Engineering Cybercriminals use social engineering to effectively administer a number of cyber attacks: Phishing: A technique of obtaining private information through manipulative means. Typically, the phisher will send an email that appears to come from a legitimate business requesting authentication of information and warning the victim of complications should it not be provided. That threat leads the victim to reveal sensitive information. Water holing: A targeted social engineering strategy that capitalizes on the trust users have in websites they regularly visit. The victim feels safe doing things they would not do in a different situation. The attacker then readies a trap for the victim at the trusted location. Quid pro quo: An attacker contacts random people at a company, claiming to be calling for a legitimate reason. This person will eventually find someone with a real problem, who is grateful for the proactive help. They will then attempt to get sensitive information from the victim while assisting with their problem. Social Engineering Defenses There are a number of defenses available to companies that will help protect against major social engineering attempts on their employees: Establishing a standard trust framework: Establishing a strong framework of trust on an employee/personnel level by training personnel on how sensitive information should be handled. Scrutinizing information: Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems. Following Security Protocols: Establishing security protocols, policies, and procedures for handling sensitive information. Training Employees: Training employees in security protocols relevant to their position. Periodic Testing: Developing a framework is important, but it is just as important that the employees are tested to make sure that they are absorbing the information. Running tests to see how employees react to controlled social engineering experiments can help adjust training and discussions in the right direction. Why Social Engineering is Important   The human systems set up around technology are consistently the weakest link in the security chain. Attention to detail when establishing training and security infrastructure can help to protect businesses from cyber attacks and their related fallout.
Read more

Phishing attacks

What is a phishing attack Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft. Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data. An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering. Phishing attack examples The following illustrates a common phishing scam attempt: A spoofed email ostensibly from myuniversity.edu is mass-distributed to as many faculty members as possible. The email claims that the user’s password is about to expire. Instructions are given to go to myuniversity.edu/renewal to renew their password within 24 hours. Several things can occur by clicking the link. For example: The user is redirected to myuniversity.edurenewal.com, a bogus page appearing exactly like the real renewal page, where both new and existing passwords are requested. The attacker, monitoring the page, hijacks the original password to gain access to secured areas on the university network. The user is sent to the actual password renewal page. However, while being redirected, a malicious script activates in the background to hijack the user’s session cookie. This results in a reflected XSS attack, giving the perpetrator privileged access to the university network. Phishing techniques Email phishing scams Email phishing is a numbers game. An attacker sending out thousands of fraudulent messages can net significant information and sums of money, even if only a small percentage of recipients fall for the scam. As seen above, there are some techniques attackers use to increase their success rates. For one, they will go to great lengths in designing phishing messages to mimic actual emails from a spoofed organization. Using the same phrasing, typefaces, logos, and signatures makes the messages appear legitimate. In addition, attackers will usually try to push users into action by creating a sense of urgency. For example, as previously shown, an email could threaten account expiration and place the recipient on a timer. Applying such pressure causes the user to be less diligent and more prone to error. Lastly, links inside messages resemble their legitimate counterparts, but typically have a misspelled domain name or extra subdomains. In the above example, the myuniversity.edu/renewal URL was changed to myuniversity.edurenewal.com. Similarities between the two addresses offer the impression of a secure link, making the recipient less aware that an attack is taking place. Spear phishing Spear phishing targets a specific person or enterprise, as opposed to random application users. It’s a more in-depth version of phishing that requires special knowledge about an organization, including its power structure. An attack might play out as follows: A perpetrator researches names of employees within an organization’s marketing department and gains access to the latest project invoices. Posing as the marketing director, the attacker emails a departmental project manager (PM) using a subject line that reads, Updated invoice for Q3 campaigns. The text, style, and included logo duplicate the organization’s standard email template. A link in the email redirects to a password-protected internal document, which is in actuality a spoofed version of a stolen invoice. The PM is requested to log in to view the document. The attacker steals his credentials, gaining full access to sensitive areas within the organization’s network. By providing an attacker with valid login credentials, spear phishing is an effective method for executing the first stage of an APT. How to prevent phishing Phishing attack protection requires steps be taken by both users and enterprises. For users, vigilance is key. A spoofed message often contains subtle mistakes that expose its true identity. These can include spelling mistakes or changes to domain names, as seen in the earlier URL example. Users should also stop and think about why they’re even receiving such an email. For enterprises, a number of steps can be taken to mitigate both phishing and spear phishing attacks: Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having two things: something they know, such as a password and user name, and something they have, such as their smartphones. Even when employees are compromised, 2FA prevents the use of their compromised credentials, since these alone are insufficient to gain entry. In addition to using 2FA, organizations should enforce strict password management policies. For example, employees should be required to frequently change their passwords and to not be allowed to reuse a password for multiple applications. Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links. Phishing protection from Imperva Imperva offers a combination of access management and web application security solutions to counter phishing attempts: Imperva Login Protect lets you deploy 2FA protection for URL addresses in your website or web application. This includes addresses having URL parameters or AJAX pages, where 2FA protection is normally harder to implement. The solution can be deployed in seconds with just a few clicks of a mouse. It doesn’t require any hardware or software installation and enables easy management of user roles and privileges directly from your Imperva dashboard. Working within the cloud, Imperva Web Application Firewall (WAF) blocks malicious requests at the edge of
Read more

Google Webmaster Tools for Malware Removal

How to use Google Webmaster Tools for Malware  In this documentation, we can check how to use Google webmaster tools (Google Search Console) for malware removal & review. Malware is a malicious code or software which may tends to redirect unsuspecting users away from a compromised site to a website that might host a phishing page. There are several types of malwares and nowadays many are suffering from malware attacks. We can safely remove this malware attack by following the Google recommendations. Once Google detects that your site is hacked, it’ll show the warning page as shown below. If your site has been hacked, please do the following Google recommendation. 1) Quarantine the site. 2) Diagnose the issue. 3) Clean up the site. 4) Ask Google to review.     Quarantine the site The important action which you have to do once Google detects that your site has been hacked is to take your site down. So we can prevent hackers from abusing the system. Next important step is to contact InterServer Support Team and ask them to take some prevention method to safe other sites they hosted. Also make sure to change all accounts and users passwords.   Diagnose the issue Once you have completed the action to prevent the site from infecting, then identify the reason why your site has been hacked. You can do the following steps. a) Scan your site. You can use any scanning method and check the detected malware codes. b) Visit the Google Safe Browsing diagnostics page to get information about what Google’s automatic scanners have found. You can use the following link. http://www.google.com/safebrowsing/diagnostic?site=www.yoursite.com c) Check the malware page in search console to lists the sample URLs from the site has been identified as containing infected codes. d) Use the URL removal tool to request removal of infected pages. e) Check the antiphishing.org recommendation on dealing with infected sites.   Clean up the site Next step is to clean up the spam contented, newly added pages, suspicious codes identified by scanners. Also you can delete all site contents if you have the good backups and restore the site using that backup.   Request Google to Review Once you have completely cleaned your sites, you can request Google to review the site. Google will check your site and will remove the warning label within 24 hours if no malware found. Please note that you should inform Google that you are aware of the issue and have taken necessary actions to prevent this. Then Google puts your site on priority list, so that it should be scanned within 24 hours.
Read more

Coronavirus Scams: Phishing Websites & Emails Target Unsuspecting Users

As COVID-19 fears grow, hundreds of Coronavirus-themed domains are being used to spread malware and steal information Amongst growing fears of this global pandemic, Coronavirus scams and malicious websites are on the rise. The latest news from the Health Sector Cyber-security Coordination Center (HC3), a new malicious website is circulating on the internet that targets unsuspecting users. True to their selfish nature, cyber-criminals are taking advantage of public panic about the global Corona-virus pandemic for their own selfish goals. Now, of course, this concept is nothing new. Cyber-criminals are always looking for the next best thing to take advantage of. But that doesn’t mean that it isn’t a serious issue that you can simply ignore. So, what is this new phishing website and why should you be concerned about it? And what are some of the other Corona-virus scam tactics that cyber-criminals are using to take advantage of the global pandemic? Let’s hash it out. Cyber-criminals Create Corona-virus Tracker Map to Spread Info-Stealing Malware When something’s wrong, people frequently turn to the internet to get the latest information. Cyber-criminals know this and are creating fraudulent websites that impersonate real, reputable authorities. Their latest tactic? Live tracker websites. In truly low-life fashion, some schmuck decided to create a phishing website, corona-virus-map[dot]com (and, no, please don’t type that into your browser), that appears to be a legitimate COVID-19 live tracking map for the virus. In this case, HC3 reports that the cyber-criminals were impersonating John’s Hopkins University, a world-renowned health institution, to infect website visitors with the AZORult trojan. This program exfiltrates a wealth of sensitive data that can be sold on the dark web or used to commit cybercrimes, including cryptocurrency theft. Here’s a screenshot from the official HC3 notification about the phishing scam site: In general, Corona-virus themed cyber attacks and phishing websites are becoming a lot more common as news about the virus continuously blasts from virtually every media outlet. Check Point, a cyber-security firm, recently reported on their blog that CNN alone hosts more than 1,200 articles. According to the same blog post: “Since January 2020, based on Check Point Threat Intelligence, there have been over 4,000 corona-virus related domains registered globally. Out of these websites, 3% were found to be malicious and an additional 5% are suspicious. Corona-virus related domains are 50% more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s day.” In addition to users finding the website organically through web searches, the website was circulated via a variety of other tactics, including: malicious links and attachments in emails social engineering, and online advertising. This newly discovered threat follows on the heels of other cyber scams, including other Coronavirus-themed malware and phishing emails. Coronavirus-Themed Phishing Emails Are on the Rise Another way that cyber-criminals are taking advantage of a bad situation is by launching Coronavirus-themed email phishing campaigns. In a February notification, the HC3 reported that carefully crafted phishing emails are sent to entice users to open attachments or to click on links that contain malware that’s frequently used to target healthcare organizations and their IT systems. According to the HC3: “Victims who interact with malicious links or attachments may expose their systems, networks, and valuable information. These exposures allow an attacker to use infected systems as a platform to launch additional attacks.” In these campaigns, cybercriminals impersonate a variety of organizations, including the U.S. Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO), and a Japanese disability welfare service provider. But Coronavirus scams don’t stop where the digital world ends — criminals are impersonating federal authorities in face-to-face scams as well. According to Check Point, one particularly widespread phishing campaign targeted more than 10% of all organizations in Italy! The email contained an Ostap Trojan-Downloader disguised as a Microsoft Word document. This down-loader is commonly used as to install TrickBot, a banking trojan that’s steals sensitive information via man-in-the-middle (MitM) attacks, or spreads other types of malware across networks. Here’s a screenshot from Check Point’s blog post: The email translates to read the following in English: “Due to the number of cases of corona-virus infection that have been documented in your area, the World Health Organization has prepared a document that includes all the necessary precautions against corona-virus infection. We strongly recommend that you read the document attached to this message. We strongly recommend that you read the document attached to this message. With best regards, Dr. Penelope Marchetti (World Health Organization – Italy)” Although the email didn’t come from an official WHO email address or domain, people who are ignorant of cyber-security threats — or who are caught in a moment of unawareness — could find themselves the victims of a data breach. Background on the Corona-virus and Why It Makes an Effective Scam Method Obviously, we’re not global health experts, but here is some basic information about COVID-19: The Coronavirus Disease 2019 (also known as COVID-19) is something that’s captured the world’s attention — and for good reason. Wordometers.info reports that the virus has infected individuals in 125 countries and territories globally in additional to cruise ships. The Washington Post reports that there have been more than 100,000 cases of the disease reported since late 2019 when the outbreak started, and “several thousand people have died” (although the true number of Corona-virus cases is thought to be “fall above official tally.”) As the Washington Post reports: “Corona-viruses range from the common cold virus to more serious diseases that can infect humans and animals, including severe acute respiratory syndrome (SARS) and Middle East respiratory syndrome (MERS).” But here’s the takeaway we want you to focus on: Even in the grimmest of circumstances, when governments worldwide are trying to slow the spread of the virus among their populations, cyber-criminals aren’t taking a break. In fact, they’re ramping up their efforts, using the global health crisis as an opportunity to steal information from unsuspecting individuals who are trying to stay informed. To you, hackers, we have one thing to say: You suck. Seriously.
Read more

USB Flash Drive Malware

USB Malware USB drives have been around for over 20 years, offering users a convenient method to store and move files between computers that aren’t digitally connected to each other. Cyber threat actors have routinely abused this capability with the most famous example being the ‘world’s first digital weapon,’ the Stuxnet worm first discovered back in 2010, which used USB devices to attack the network of an Iranian nuclear facility. In 2017, a Kaspersky Lab data study revealed that every year around one in four USB users across the globe are affected by a ‘local’ cyber incident. This can refer to breaches that result from viruses that are present on the user’s computer or are introduced by infected removable media. How Do USB Devices Get Infected with Malware? It’s possible to come across both unintentional and intentional infection. The Stuxnet worm is an example of the latter, where someone uploads malicious code onto the drive with the intention of filtering the code into the targeted network. Unintentional infection might occur when someone plugs an unprotected USB into a poorly safeguarded system in an internet cafe, airport or anywhere with poor public endpoint security (which is about 70% of places). You may detect the virus sometime after you’ve plugged the device into your machine, but there’s no telling what damage may have already been done. How to Defeat USB Drive Malware: Software Security Write Protectors – If your USB drive doesn’t include a hardware switch for write protection, then you should be using a software write protector, such as USB Write Protect 2.0. A software write protector will effectively prevent any data from being deleted as well as protect the device from malware being written onto your drive. USB Anti-Virus – If you have write protection enabled, there is still a possibility of contracting a virus when you go to transfer files, so it makes sense to use a decent USB anti-virus such as ClamWin. Encryption – If you’re looking to protect your privacy by securing your data, you could install an encryption program like VeraCrypt or BitLocker to Windows for password protection on your USB device. This means that even if someone has access to your device, it will make it much harder for them to retrieve sensitive information or hide malicious files inside your existing files and folders. Protect Your Host Device – If your device is unintentionally infected, you probably won’t know about it immediately. The best thing to do is to protect yourself from the outset by installing software that will inform you if your removable device is infected with malicious malware. USB Firewall will protect your computer from third-party programmes introduced from a USB device by running in the background and informing you of suspicious activity. Self-Destruct Flash drives, such as Ironkey, will ‘self-destruct’ if the password is entered incorrectly too many times. There are also some flash drives which are configured to delete files after a certain period. Hardware Encryption – If you need to transfer serious data onto a flash drive, you could opt for a flash drive with 128-bit AES hardware encryption. Hardware encryption is often considered a better option than software encryption since it doesn’t carry the same risk of getting hacked.
Read more

What is Malware?

Malware The term malware is a contraction of malicious software. Put simply, malware is any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess. Viruses, Trojans, spyware, and ransomware are among the different kinds of malware. Malware is often created by teams of hackers: usually, they’re just looking to make money, either by spreading the malware themselves or selling it to the highest bidder on the Dark Web. However, there can be other reasons for creating malware too — it can be used as a tool for protest, a way to test security, or even as weapons of war between governments.
Read more
Cart

No products in the cart.