Tag Archives: Kaspersky Labs

Kaspersky Lab: Financial Cyberthreats In Asia Pacific

Kaspersky Lab: Financial Cyberthreats In Asia Pacific

19 October 2016 – One of the key topics of Kaspersky Lab’s Cyber Security Weekend for Asia Pacific Countries that took place recently in Indonesia was financial cybersecurity. The company’s experts and guests discussed financial cyberthreats that are currently on the rise globally and starting to penetrate the APAC region.

 

Kaspersky Lab Warns about Financial Cyberthreats in Asia Pacific

“Financial threats vary, from online fraud and banking Trojans that affect PCs, tablets and smartphones, to attacks on financial organizations, ATMs and even point-of-sale terminals. Analyzing our statistics, we see that as the financial sector in Asia-Pacific countries is developing fast, cybercriminals are increasingly looking for ways they can profit from it. Since a lot of organizations and individuals often forget about security when adopting new technologies, we believe it’s important to remind them about cybersecurity principles that will help them stay safe,” said Vitaly Kamluk, Kaspersky Lab’s Director of Global Research & Analysis Team in APAC.

The Consumer Security Risks Survey 2016, conducted by B2B International and Kaspersky Lab, showed that 67% of respondents in APAC countries are worried about online banking fraud and 63% said they often worry about their vulnerability when making financial transactions online. 62% stated they would use online payments more often if they had reliable protection for financial transactions. Consumer concerns about financial security are well-founded; 5% of consumers globally have lost money online as a result of scams or fraud, with the average sum lost reaching $476.

“Spam, phishing and banking Trojans are among the most widespread financial threats. So users should be attentive to fake web pages, unexpected e-mails asking to provide financial information, and secure their mobile devices if transactions are made from them. While organizations should also regularly check their IT infrastructure and especially computers from which financial transactions are made,” explains Vitaly Kamluk.

Banking Trojans remain one of the most dangerous online threats. They are often propagated via compromised or fraudulent websites and spam emails and, after infecting users, steal personal information such as bank account details, passwords, or payment card details.

According to Kaspersky Security Network data, in the third quarter of 2016 compared to the same period of 2015 the number of banking Trojans increased in the Philippines (by 24%), India (by 31%), China (by 43%) and Vietnam (by 104%). Vietnam and India were the countries with the largest number of victims. Other countries saw decrease in the number of victims, one of the reasons for which might be the effect of the raised awareness of users, new government initiatives or even a geographical preference defined by the criminals behind banking Trojan malware campaigns.

 

Advice to Individuals

  • Regularly check your computer for malware – you can use free tools such as Kaspersky Security Scan, but it is better to install a permanent security solution on all devices from which you arrange financial transactions or access personal accounts.

Use only legal software and keep it updated.

  • Make sure you use strong and regularly renewed passwords.
    Avoid clicking on links in unexpected messages from people or organizations.
    Be cautious at all times when visiting websites: if something looks even slightly suspicious, it probably is.

 

Advice to Businesses

[adrotate banner=”4″]
  • Report suspected attacks to the bank or police.
  • Use proven security solutions.
  • Make sure your software, especially for banking and IT security, is up to date.
  • Educate your employees.
  • Apply strict IT security policies.

Banks are advised to use specialized security solutions, such as Kaspersky Fraud Prevention that helps reduce the fraud risks for online and mobile financial transactions among their users. As a preventive measure it is also important to draw on the expertise of IT specialists, bringing in external experts and their intelligence data when needed.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Labs: Pokémon Go Malware In Google Play

15 September 2016Kaspersky Lab experts have discovered a new Pokémon Go malware on the Google Play store: “Guide for  Pokémon Go”. This Trojan is capable of seizing root access rights on Android smartphones and using that to install/uninstall apps and display unsolicited ads. The app has been downloaded more than 500,000 times, with at least 6,000 successful infections. Kaspersky Lab has reported the Trojan to Google and the app has been removed from Google Play.

 

Pokémon Go Malware Found In Google Play

The global phenomenon of Pokémon Go has resulted in a growing number of related apps and, inevitably, increased interest from the cybercriminal community. Kaspersky Lab’s analysis of the “Guide for Pokémon Go” Trojan has uncovered malicious code that downloads rooting malware, securing access to the core Android OS for the purposes of app installation and removal as well as the display of advertising.

The Pokémon Go malware includes some interesting features that help it to bypass detection. For example, it doesn’t start as soon as the victim launches the app. Instead, it waits for the user to install or uninstall another app, and then checks to see whether that app runs on a real device or on a virtual machine. If it’s dealing with a device, the Trojan will wait a further two hours before starting its malicious activity.

Even then, infection is not guaranteed. After connecting with its command server and uploading details of the infected device, including country, language, device model and OS version, the Trojan will wait for a response. Only if it hears back will it proceed with further requests and the downloading, installation and implementation of additional malware modules.

This approach means that the control server can stop the attack from proceeding if it wants to – skipping those users it does not wish to target, or those which it suspects are a sandbox/virtual machine, for example. This provides an additional layer of protection for the malware.

Once rooting rights have been enabled, the Trojan will install its modules into the device’s system folders, silently installing and uninstalling other apps and displaying unsolicited ads to the user.

Kaspersky Lab analysis shows that at least one other version of the malicious Pokémon Guide app was available through Google Play in July 2016. Further, researchers have tracked back at least nine other apps infected with the same Trojan and available on Google Play Store at different times since December 2015.

 

Over 6,000 Successful Infections And Counting

Their data suggests that there have been just over 6,000 successful infections to date, including in Russia, India and Indonesia. However, since the Pokémon Go malware is oriented towards English-speaking users, people in such geographies, and more, are also likely to have been hit.

[adrotate banner=”4″]

“In the online world, wherever the consumers go, the cybercriminals will be quick to follow. Pokémon Go is no exception. Victims of this Trojan may, at least at first, not even notice the increase in annoying and disruptive advertising, but the long term implications of infection could be far more sinister.

If you’ve been hit, then someone else is inside your phone and has control over the OS and everything you do and store on it. Even though the app has now been removed from the store, there’s up to half a million people out there vulnerable to infection – and we hope this announcement will alert them to the need to take action,” said Roman Unuchek, Senior Malware Analyst, Kaspersky Lab.

People concerned that they may be infected with the Pokémon Go malware should scan their device with mobile antivirus. If they are infected, there are tools available to help them remove the rooting malware, which can be a complex process.

In addition, Kaspersky Lab advises users to always check that apps have been created by a reputable developer, to keep their OS and application software up-to-date, and not to download anything that looks at all suspicious or whose source cannot be verified.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky : Cyberbullying Affect Child Health & Socialization

July 29, 2016 – According to the study Growing Up Online – Connected Kids, conducted by Kaspersky Lab and iconKids & Youth, cyberbullying is a far more dangerous threat to children than many parents think. The consequences for the majority of young victims of online harassment include serious problems with health and socialization.

Cyberbullying

Cyberbullying is intentional intimidation, persecution or abuse that children and teenagers may encounter on the internet. Interestingly, children aged 8-16 are more wary of this threat than their parents are. According to the study, 13% of children and 21% of parents consider it harmless. At the same time, 16% of the children surveyed are more afraid of being bullied online than offline, while half (50%) are equally afraid of both real-life and virtual bullying.

Parents should not downplay the dangers of cyberbullying. Despite the fact that the study found only 4% of children admitted to being bullied online (compared to 12% in real life), in 7 out of 10 cases the consequences were traumatic.

Bullying on the Internet seriously affected their emotional well-being: parents of 37% of the victims reported lower self-esteem, 30% saw a deterioration in their performance at school, and 28% cited depression. In addition, 25% of parents stated that cyberbullying had disrupted their child’s sleep patterns and caused nightmares (21%). Another 26% of parents noticed that their child had started avoiding contact with other children, and 20% discovered their child had anorexia.

[adrotate banner=”5″]

Just as worrying are the statistics showing that 20% of children witnessed others being bullied online, and in 7% of cases even participated in it. The survey shows that children often hide incidents of cyberbullying from their parents, making the task of protecting them even more complicated, though, fortunately, not impossible.

Andrei Mochola, Head of Consumer Business at Kaspersky Lab, comments: “In an effort to protect our children from danger, we mustn’t forget that they not only live in the real world but also in the virtual world, which is just as real to them. On the Internet, children socialize, learn new things, have fun and, unfortunately, encounter unpleasant situations. Cyberbullying is one of the most dangerous things that can confront a child on the Internet, because it can have a negative impact on their psyche and cause problems for the rest of their lives. The best solution in this case is to talk to your child and to use parental control software that can alert you to any suspicious changes to their social network page.”

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky : Internet Source of Family Conflict & Disconnect

Petaling Jaya, 15 July 2016 – The way we live our digital lives at home is having a big impact on our family relationships, according to new research from Kaspersky Lab and iconKids & Youth. With people spending ever more time online, a fifth of parents and children say that the Internet and connected devices can be a cause of family conflict.

The research, which surveyed over 3,700 families in seven countries, provides an insight into how the digital world is disrupting traditional family dynamics. Whereas in the past parents were the first port of call for children seeking answers to questions or advice, one-in-four (23%) of the parents surveyed say that their kids now prefer to go online rather than talk to them.

The research also found that almost half (42%) of parents are not friends with their children on social networks, and one-in-five (18%) says this is because their children would find it embarrassing. All in all, a fifth of parents (21%) and children (22%) say that the Internet can cause family tension. Most concerning of all, one-in-three parents (31%) believe the Internet isolates them from their children.

The family conflict may be exacerbated by the fact that the devices used to go online are often shared. Two-thirds of the families surveyed said they share a family computer. As result, a third of parents (31%) complain that their child has broken something on a connected device or infected it with a virus while online (30%) and a quarter (24%) has had to pay for something their child had ordered or downloaded. Similarly, 13% of kids accuse parents of breaking a device and 16% complain that their parents had accidentally deleted some of their data.

[adrotate banner=”5″]

Andrei Mochola, Head of Consumer Business at Kaspersky Lab said: “It is only natural that using – and misusing – each other’s connected devices can become a cause of conflict for families. However, as we spend more and more time online, family dynamics are also changing. It is important that families maintain an ongoing dialogue about how to spot and respond to potential dangers, with parents and children together agreeing on the basic rules on how they can best navigate the digital world. It is also important to be serious about protection. We recommend installing an integrated home Internet security solution on all devices in the home. This should be enhanced with Parental Control software, which can block access to inappropriate sites or apps and prevent sensitive data from being shared or deleted.”

Janice Richardson, Senior Advisor at European Schoolnet, adds: “Although Internet becomes a source of conflict in some families, a recent study by the Joint Research Center of the European Commission interestingly underlines an emerging trend, with siblings and extended family members taking on a much bigger role in children’s online activities. Unsurprisingly, children are instinctively turning to the person they perceive to be able to fix technical issues, advise on sites and security tools and provide more objective responses to delicate queries. This underlines the importance of parents and guardians developing their own technical competence and building trusting relationships with their children whilst also establishing basic rules on Internet and device usage to avoid conflicts. At the same time, software and social media providers, too, should seek to develop more ‘family-friendly’ tools.”

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Dropping Elephant Cyber-Espionage Group Exposed

Petaling Jaya, 8 July 2016 – In February 2016, following an alert from a partner, Kaspersky Lab’s Global Research and Analysis Team began an investigation. It quickly became clear that a threat actor, likely operating from India, was undertaking aggressive cyber-espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs. Having only old exploits and unremarkable tools in their arsenal, the actor also tried its luck in attacking high profile targets including some Western entities.

 

Dropping Elephant

The modus operandi of “Dropping Elephant” (also known as “Chinastrats”) could hardly be called sophisticated. The attackers rely heavily on social engineering and low-budget malware tools and exploits. However, this approach seems to be effective, which makes this actor a dangerous one. From November 2015 to June 2016, the actor profiled hundreds to thousands of targets all around the world. On top of this, within the first couple of months of the operation they managed to steal documents from at least a few dozen selected victims.

Tools: simple, yet effective

  • For initial target profiling, Dropping Elephant mass-mails a number of email addresses it has collected on the basis of their relevance to its goals. The spear-phishing emails sent by the attackers contain references to remote content – it is not embedded in the email itself, but downloaded from an external source. The email has no malicious payload, except a simple “ping” request that is sent to the attackers’ server if the target opens the email. This automatically sends a message which contains some basic information about the recipient: IP address, type of browser and both the device used and its location.
  • After using this simple method to filter out the most valuable targets, the attackers proceed with another, more targeted spear-phishing email. This is either a Word document with CVE-2012-0158 exploit, or PowerPoint slides with an exploit for the CVE-2014-6352 vulnerability in Microsoft Office. Both exploits are public and have been known for a long time, but are still effective.
  • Some victims are targeted by a watering hole attack: they receive a link to a website disguised as a political news portal, focused on China’s external affairs.

The majority of links on this website lead to additional content in the form of a PPS (PowerPoint Slides document) with a malicious payload inside.

Even though the vulnerabilities used in the attacks were patched by Microsoft, the attackers can still rely on a social engineering trick to compromise their targets if they ignore multiple security warnings displayed and agree to enable dangerous features of the document. The content of the malicious PPS is based on carefully chosen, genuine news articles featuring widely discussed geopolitical topics, which makes the document look more trustworthy and likely to be opened. This leads many users to become infected.

  • After the successful exploitation of the vulnerability, a range of malicious tools are installed on the victim’s machine.
  • These tools then collect and send attackers the following types of data: Word documents, Excel spreadsheets, PowerPoint presentations, PDF files, login credentials saved in the browser.

In addition to social engineering attacks and exploits for old vulnerabilities, one of the Dropping Elephant backdoors uses a C&C communication method borrowed from other threat actors: it hides the real location of the C&C server in the form of the comments to articles on legitimate public websites. This technique has previously been observed, albeit with a far more complex execution, in operations conducted by Miniduke and other threat actors. This is done in order to make investigation of the attack more complicated.

Geographical preferences

Based on the target profile created by the Kaspersky Lab researchers, Dropping Elephant is focused on two main types of organization and individuals: Chinese-based government and diplomatic entities and any individuals connected to them, as well as partners of these organizations in other countries.

In total, Kaspersky Lab experts were able to identify several hundred targets worldwide, most of which are located in China, while others were from or related to Pakistan, Sri-Lanka, Uruguay, Bangladesh, Taiwan, Australia, USA and some other countries.

Artifacts

There are indicators pointing to the fact that this actor operated from India however, at the same time, there is no solid proof to that a nation-state might be involved in this operation.

The analysis of activity reveals that the attackers probably operated in the time zone of either UTC+5 or UTC+6. Interestingly enough, since May 2016, Kaspersky Lab researchers have spotted a new activity pattern for the group in a new geographical area that includes Pacific Standard Time zone, corresponding – among others – to West Coast working hours in the US. This is likely to be the result of increased headcount in the Dropping Elephant team.

Despite using such simple and affordable tools and exploits, the team seem capable of retrieving valuable intelligence information, which could be the reason why the group expanded in May 2016. The expansion also suggests that it is not going to end its operations anytime soon. Organizations and individuals that match this actor’s target profile should be especially cautious. The good news is that this group hasn’t yet been spotted using really sophisticated, hard-to-detect tools. This means that their activity is relatively easy to identify. This can of course change at any time,» – said Vitaly Kamluk, Head of Research Center in APAC, GReAT, Kaspersky Lab.

[adrotate banner=”5″]

Kaspersky Lab is open to working with CERTs and law enforcement agencies of affected countries to notify the owners and mitigate the threat.

In order to protect yourself and your organization from cyber-espionage groups like Dropping Elephant, Kaspersky Lab security experts advise taking the following measures:

  • Follow the basic rules of Internet security: don’t open attachments in emails received from unknown senders and regularly update the software on your PC;
  • Use a proven security solution capable of fighting the most sophisticated cyberthreats;
  • Remember that what looks like a legitimate document could be the first stage of a targeted attack against your company. In large organizations, use proven anti targeted-attack solutions capable of spotting dangerous anomalies in the corporate networks before the malware is installed and the data is stolen;
  • The best way to keep your protection up to date is to track the evolution of targeted attack actors. Use threat intelligence services to ensure you’re aware of what new techniques attackers implement and what protection measures could make these techniques ineffective.

Kaspersky Lab solutions detect and neutralize the Dropping Elephant malware as Exploit.Win32.CVE-2012-0158;

  • Exploit.MSWord.CVE-2014-1761;
  • Trojan-Downloader.Win32.Genome;
  • HEUR:Trojan.Win32.Generic.
  • Trojan.Win32.Agent.ijfx
  • Trojan-Ransom.Win32.PolyRansom.bel
  • Trojan.Win32.Autoit.fdp

Kaspersky Lab also detects the exploits used in the documents.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky Tips On Beating Hackers During Euro 2016

June 13, 2016 – On Friday, 10 June, thousands of companies across Europe and the rest of the world are likely to discover they have more remote workers than they did the day before, as the Euro 2016 football tournament gets underway. Fans trying to keep on top of work using mobile devices while surrounded by crowds of strangers, insecure public Wi-Fi networks and the distraction of a match will be immensely vulnerable to cyberthreats. Fortunately, there are a few simple steps that they and their employers can take to stay safe.

The Euro 2016 football tournament, hosted by France, brings together 24 teams for 51 matches. Millions of fans will be watching the games in stadiums, bars and at public screenings. Employers have been urged to let staff work more flexibly or from home so they can watch key national games, but some employees may take matters into their own hands, working from mobile devices while watching a game with fellow supporters. The IT security risks of such behaviour are immense. Neither employers nor employees may be fully aware of or prepared for just how vulnerable they are about to become.

To help everyone keep important business data safe, regardless of where they are, Kaspersky Lab has drawn up a short essential guide:

 

10 Things Remote-Working Fans Can Learn From The Players On The Pitch

1. Take responsibility for your own performance

A recent Kaspersky Lab study into ransomware found that less than 4% of adults in the US[i] would mind if work documents on their device were lost through cybercrime, while 77% would panic if they lost financial info. Indifference doesn’t lead to secure behaviour. If you are planning to work on the move, you need to feel responsible for the safety of the business information you handle.

2. Everyone is watching you

Logging into a device where anyone can look over your shoulder and make a note of your passwordor the work you’re doing – so-called ‘visual hacking’ – makes it easy for others to break into your device or steal information. Keep your data to yourself.

3. Keep your eye on the ball

Phishing and ransomware emails look increasingly convincing and can even appear to come from a colleague. If the message is unexpected, contact the sender directly, and never click on an attachment or a link in an email from someone you don’t know.

4. Don’t reveal your game plan

Don’t transmit anything unless you know it’s encrypted. With WhatsApp and Apple’s iMessage service now encrypting communications end-to-end as standard, email is rapidly becoming the most vulnerable form of business communications[ii]. Use the most secure channel you have access to.

5. Beware Man-in-the-Middle attacks

Using a free, public Wi-Fi network to stay in touch with work is extremely high-risk. An attacker can easily insert themselves into the network and spy on or intercept all your communications. They can do the same between an email and your business server[iii]. End-to-end encryption prevents this – so if you don’t have it, don’t email till you’re somewhere secure or use a VPN (virtual private network).

[adrotate banner=”5″]

6. Prepare for the worst

Employers unprepared for the sudden increase in remote working may not have the most appropriate security installed on work devices, let alone employees’ personal devices. If it’s too late to get this installed, then at the very least don’t leave home without the most up-to-date version of device software installed. Mobile devices are not immune to cyberattack: in 2015, Kaspersky Lab prevented nearly three million attempts to infect mobile devices[iv] with a Trojan.

7. The referee can make mistakes

Websites, network service providers, operating systems etc. do their best to provide protection or alerts: such as the new malware and phishing website warnings introduced by Bing[v]. However, the baddies are increasingly cunning and if there’s a point of weakness, they’ll find it. Confine your remote work to things that are not business critical or sensitive.

8. But don’t blame the referee for all mistakes

Sometimes things go wrong; devices get broken, lost or stolen, or affected by malware or ransomware. The best thing to do is to come clean and let your IT department know immediately so they can take appropriate steps, such as blocking or remote-wiping the device, or isolating the malware before the infection takes hold.

9. Don’t make victory easy for the other side

Cybercriminals generally prefer the path of least resistance. Solid security, security updates, a hard-to-crack password, the use of the latest software, a business VPN and encrypted communications all make it harder for an outsider to gain access to your device and business information.

10. But don’t expect to win without trying

Kaspersky Lab has found that only around half (53%) of consumers make use of the security features that come with their device[vi]. To stay ahead of the hackers, you need to get to grips with these security essentials. It’s about focus and commitment, supported by the right equipment. Just like football.

“Euro 2016 should be a celebration of football for fans the world over to enjoy. Sadly, occasions where people are more relaxed about device and data security can quickly become a happy hunting ground for hackers. Cybercriminals won’t hesitate to pounce on an under-protected football supporter trying to work remotely. A few basic precautions before, during and after the match will help employers and their workforce to stay safe – leaving them free to enjoy the glorious spectacle of sport,” said David Emm, Principal Security Researcher, Kaspersky Lab.

[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Malicious Spam Emails Spike In Q1 2016

16 May 2016 – The latest Kaspersky Lab Spam and Phishing Report has discovered that although the quantity of spam emails has been decreasing, they have become more criminalized. At the same time, the level of malicious mailshots has dramatically increased – Kaspersky Lab products prevented 22,890,956 attempts to infect users via emails with malicious attachments in March 2016, twice the number of attempts reported in February 2016.

Since 2012 the level of spam in email traffic has constantly been decreasing. However, the quantity of emails with malicious attachments has increased significantly – in Q1 2016 it was 3.3 times higher than during the same period in 2015. There was also a growing amount of ransomware reported throughout the quarter. This is often propagated through emails with infected attachments – for example Word documents. The main actor on this field in Q1 was the ransomware Trojan Locky, which has been actively distributed via emails in different languages and has targeted at least 114 countries. Locky emails have contained fake information from financial institutions that have deceived users and forced them to open the harmful attachment.

Kaspersky Lab’s findings suggest that spam is becoming more popular for fraudsters to target Internet users, because web browsing is becoming safer. Almost all popular web-browser developers have now implemented security and anti-phishing protection tools, making it harder for cybercriminals to propagate their malware through infected web pages.

According to Kaspersky Lab’s Q1 report on spam and phishing the main findings for the quarter were:

  • In Q1 2016 Kaspersky Lab registered 56.3% of spam in email flow. This is 2.9 percent lower compared to the same period in 2015, when it equaled 59.2%.
  • The largest amount of spam was sent in January (59.6% in overall email traffic). This is explained by the end of the holiday season, when the flow of normal, non-spam, emails is usually low.
  • The USA retained its position as the biggest source of spam, sending 12.43% of unwanted emails. The share of the USA in this rating is slightly decreasing in comparison to Q1 2015, when it was 14.5%.
  • Other large sources of spam included Vietnam (second place with 10.3%) and India (6.16%). This is compared to the same period in 2015, when the second and third places were held by Russia (7.3%) and Ukraine (5.6%). Russia moved to seventh place this quarter with 4.9%.
  • 81.9% of spam emails in Q1 2016 were very small size – up to 2 KB, a 2.8 percentage point increase in comparison to the same quarter in 2015. For spammers, smaller emails are easier to handle in mass mailings.
  • Germany was the country most targeted by malicious mailshots, with a total share of 18.9% of Kaspersky Lab product users in the country targeted this way. Germany was followed by China (9.43%) and Brazil took third place (7.35%). For the same period in 2015, the top three countries were Great Britain (7.8%), Brazil (7.4%) and the USA (7.2%).
[adrotate banner=”5″]

 

Terrorism became the main topic of spam emails in Q1.

During this quarter fraudsters tried to lure users into opening malicious files, gaining their attention with emails about terrorism, a subject which is always in the news. To prevent terrorist attacks many countries have strengthened their security measures and this has therefore become a popular topic for spam emails.

Some spam fraudsters tried to convince recipients that the file attached to their spam email contained a new mobile application, which, after installation, could detect an explosive terrorist device. The email emphasized that the US Department of Defense had discovered this technology and that it was sufficiently simple and accessible. The attachment usually contained an executive file, which was detected as Trojan-Dropper.Win32.Dapato, malware that can steal personal user information, organize DDoS-attacks and install other malicious software.

Well-known Nigerian spammers also used terrorist topics in their emails. According to the Kaspersky Lab report, the quantity of these emails has increased considerably. These spammers previously preferred to send long emails with a detailed story, and links to news to make it more convincing. However, they are now only sending short messages with no detail, asking the recipients to get in touch.

“Unfortunately we are seeing our previous predictions about the criminalization of spam coming true. Fraudsters are using diverse methods to attract user attention, and to make them drop their guard. Spammers are employing a diversity of languages, social engineering methods, different types of malicious attachments, as well as the partial personalization of email text to look more convincing. The fake messages often imitate notifications from well-known organizations and services. This is raising spam to a new dangerous level.” – warns Daria Gudkova, Spam Analysis Expert, Kaspersky Lab.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab’s Secure Your Ferrari Experience Contest

PETALING JAYA, April 8, 2016 – Roar into the Singapore Grand Prix F1 with an experience worth USD19,500 when you buy any specially marked Kaspersky Internet Security 2016 or Kaspersky Anti-Virus 2016 at retail, from now until May 31st , 2016.

 

Win Singapore Night Race Hospitality Passes!

Kaspersky Anti-Virus 2016 and Kaspersky Internet Security 2016 were developed specfically to protect what matters most to users: their privacy, data, identity, money and the device itself. The solution includes updated technologies ensuring that users are protected whatever they do on their devices online and whichever platforms they choose: Windows, OS X or Android.

There will be one winner from each of the participating countries. Each winner will receive 2016 Singapore hospitality passes to witness the adrenaline-pumping race. The experience also includes return flights and three-night accommodation for the winner and his or her companion.

This luxurious experience is made available to one lucky Kaspersky Anti-Virus 2016 and Kaspersky Internet Security 2016 purchaser from Malaysia. To increase your chances of winning, ensure that all your devices, and the devices of your loved ones, co-workers, and neighbors, and more receive Kaspersky Lab’s award-winning world-class protection.

 

How To Secure Your Ferrari Experience

To stand a chance to win, participants will need to adopt secured cyber practices by purchasing Kaspersky Internet Security 2016 or Kaspersky Anti-Virus 2016 at any authorized retail dealers nationwide.

Enter the product license code, and you’re off to answer an online quiz of five multiple-choice questions, and you can see the results immediately upon completion. One license code entitles you to one entry, and the multiple choice questions may not be the same each time.

“The ‘Secure Your Ferrari Experience Competition’ is our way of bringing our partnership with Ferrari to the next level of engagement, and giving our users an unforgettable Formula One experience for choosing the right protection to secure their devices! So send in your entries now!” said Sylvia Ng, Acting General Manager, SEA, Kaspersky Lab.

Kaspersky Lab first partnered with Scuderia Ferrari back in 2010. Since the 2012 F1 racing season, the Kaspersky Lab logo has been prominently featured on the car nose cones and sides, and on the drivers’ overalls and team uniforms.

From its iconic Maranello factory complex, all the way to the chequered flag, Ferrari’s IT systems have been protected by bespoke Kaspersky Lab security solutions since 2013.

Specially marked Kaspersky Anti-Virus 2016 and Kaspersky Internet Security 2016 are now available at Digital Mall (Petaling Jaya), Lowyat Plaza (Kuala Lumpur), Harvey Norman (Klang Valley) and all authorised IT stores nationwide.

[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Finds Security Weaknesses in Clinic IT

25 March 2016 – A Kaspersky Lab Global Research & Analysis Team (GReAT) expert has conducted real field research at one private clinic in an attempt to explore its security weaknesses and how to address them. Vulnerabilities were found in medical devices that opened a door for cybercriminals to access the personal data of patients, as well as their physical well-being.

A modern clinic is a complicated system. It has sophisticated medical devices that comprise fully functional computers with an operating system and applications installed on them. Doctors rely on computers, and all information is stored in a digital format. In addition, all healthcare technologies are connected to the Internet.

So, it comes as no surprise that both medical devices and hospital IT infrastructure have previously been targeted by hackers. The most recent examples of such incidents are ransomware attacks against hospitals in the US and Canada. But a massive malicious attack is only one way in which criminals could exploit the IT infrastructure of a modern hospital.

 

Clinics store personal information about their patients. They also own and use very expensive, hard to fix and replace equipment, which makes them a potentially valuable target for extortion and data theft.

The outcome of a successful cyberattack against a medical organization could differ in detail but will always be dangerous. It could involve the following:

  • The felonious use of personal patient data: the resale of information to third parties or demanding the clinic pay a ransom to get back sensitive information about patients;
  • The intentional falsification of patient results or diagnoses;
  • Medical equipment damage may cause both physical damage to patients and huge financial losses to a clinic;
  • Negative impact on the reputation of a clinic.

 

Exposure to the Internet

The first thing that a Kaspersky Lab expert decided to explore, while conducting this research, was to understand how many medical devices around the globe are now connected to the Internet. Modern medical devices are fully-functional computers with an operating system and most of these have a communication channel to the Internet. By hacking them, criminals could interfere with their functionality.

A quick look over the Shodan search engine for Internet-connected devices showed hundreds of devices – from MRI scanners, to cardiology equipment, radioactive medical equipment and other related devices are registered there. This discovery leads to worrisome conclusions – some of these devices still work on old operational systems such as Windows XP, with unpatched vulnerabilities, and some even use default passwords that can be easily found in public manuals.

Using these vulnerabilities criminals could access a device interface and potentially affect the way it works.

 

Inside clinic’s local network

The above mentioned scenario was one of the ways in which cybercriminals could get access to the clinic’s critical infrastructure. But the most obvious and logical way is to try to attack its local network. And here we go: during the research a vulnerability was found in the clinic’s Wi-Fi connection. Through a weak communications protocol access to the local network was gained.

Exploring the local clinic’s network, the Kaspersky Lab expert found some medical equipment that was previously found on Shodan. This time however, to get access to the equipment one didn’t need any password at all – because the local network was a trusted network for medical equipment applications and users. This is how a cybercriminal can gain access to a medical device.

Further exploring the network, the Kaspersky Lab expert discovered a new vulnerability in a medical device application. A command shell was implemented in the user’s interface that could give cybercriminals access to personal patient information, including their clinical history and information about medical analysis, as well as their addresses and ID details. Moreover, through this vulnerability the whole device controlled with this application could be compromised. For example, among these devices could be MRI scanners, cardiology equipment, radioactive and surgical equipment.

Firstly, criminals could alter the way the device works and cause physical damage to the patients. Secondly, criminals could damage the device itself at immense cost to the hospital.

“Clinics are no longer only doctors and medical equipment, but IT services too. The work of a clinic’s internal security services affects the safety of patient data and the functionality of its devices. Medical software and equipment engineers put a lot of effort into creating a useful medical device that will save and protect human life, but they sometimes completely forget about protecting it from unauthorized external access. When it comes to new technologies, safety issues should be addressed at the first stage of the research and development (R&D) process.

IT security companies could help at this stage to address safety issues”, mentions Sergey Lozhkin, senior researcher at Kaspersky Lab’s GReAT.

[adrotate banner=”5″]

Kaspersky Lab experts recommend implementing the following measures to protect clinics from unauthorized access:

  • Use strong passwords to protect all external connection points;
  • Update IT security policies, develop on time patch management and vulnerability assessments;
  • Protect medical equipment applications in the local network with passwords in case of an unauthorized access to the trusted area;
  • Protect infrastructure from threats like malware and hacking attacks with a reliable security solution;
  • Backup critical information regularly and keep a backup copy offline.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Steam Stealer Targets Thousands Of Gamer Accounts

15 March 2016 – In an industry worth over an estimated hundred billion US dollars, gaming is not just big business for developers and manufacturers, but for cybercriminals too. Steam Stealer is a constantly evolving breed of malware that is responsible for hijacking the user accounts of the popular gaming platform, Steam.

The malware’s goal is to steal online gaming items and user account credentials, and then resell them on the black market. It is distributed to cybercriminals under a malware-as-a-service business model with an extremely low entry price of up to $30 USD.


Steam is one of the most popular entertainment multi-OS distribution platforms. Owned by Valve, it has over 100 million registered users and several thousand games available for download worldwide. Its popularity makes it a large and attractive target for fraudster groups, who can sell Steam user credentials for $15 USD on the black market. According to recently published official Steam data, 77,000 Steam accounts are hijacked and pillaged every month.

According to Kaspersky Lab researcher Santiago Pontiroli and his independent research colleague Bart P., a new breed of malware known as Steam Stealer is the prime suspect in the pilfering of numerous user accounts from Valve’s flagship platform. The duo believes the malware was originally developed by Russian-speaking cybercriminals; they have found many language traces in several underground malware forums to suggest this.
Steam Stealer works in a malware-as-a-service business model: it is available for sale in different versions, with distinct features, free upgrades, user manuals, custom advice for distribution, and more.

When it comes to these types of malicious campaigns the usual starting price for “solutions” is in the range of $500 USD. However, Steam Stealers have a ludicrously low price, being commonly sold for no more than $30 USD. This makes the malware highly attractive for wannabe cybercriminals all around the world.

The propagation of Steam Stealers is mainly, but not solely, done either via fake cloned websites distributing the malware, or through a social engineering approach, where the victim is targeted with direct messages.
Once the malware is in the user’s system it steals the entire set of Steam configuration files. Once this is done it locates the specific Steam KeyValue file that contains user credentials, as well as the information that maintains a user’s session. When cybercriminals have obtained this information, they can control the user’s account.

Stealing gamer accounts was once a resource-light way for script kiddies to make a quick profit, by selling them on underground forums. Now however, criminals have realized the true market value of these accounts. The opportunities now lie in stealing and selling user gaming items that may be worth thousands of dollars. Organized cybercriminals simply don’t want to leave that money on the table.

[adrotate banner=”4″]Kaspersky Lab experts have discovered nearly 1200 samples of different Steam Stealer maleware that have been attacking tens of thousands of users around the world, especially in Russia and other Eastern European countries, where Steam’s platform is extremely popular.

“The gaming community has become a highly desirable target for cybercriminals. There has been a clear evolution in the techniques used for infection and propagation, as well as the growing complexity of the malware itself, which has led to an increase in this type of activity. With gaming consoles adding more powerful components and the Internet of Things on our doorstep, this scenario looks like one that will continue to play out and become more complex. At Kaspersky Lab, we hope that our research will develop into an ongoing investigation, bringing a much-needed balance to the gaming ecosystem. Security should not be something developers think about afterwards but at an early stage of the game development process. We believe that cross-industry cooperation can help to improve this situation,” comments Santiago Pontiroli, Global Research & Analysis Team, Kaspersky Lab.

Kaspersky Lab products detects Steam Stealer trojan groups as : Trojan.Downloader.Msil.Steamilik; Trojan.Msil.Steamilik; Trojan-psw.Msil.Steam amongst others. Targets of these trojans are largely spread around the globe with Russia, the US, Europe (France and Germany), India and Brazil, leading the way.

To stay safe, users need an up-to-date security solution so they can enjoy their favourite games without the fear of being exploited. Most security products have a “gaming mode”, so that users can enjoy their games without getting any notifications until the end of their session. In a bid to help its own users stay safe, Steam also offers several security measures to protect accounts and increase the difficulty for hijacking mechanisms.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky Internet Security For Android Now Smartwatch-Ready

9 March 2016, Kaspersky Lab unveils a new version of Kaspersky Internet Security for Android that, in addition to offering improved performance speed and protection quality, includes an option for managing protection via Android Wear devices.

In 2015 alone, Kaspersky Lab registered nearly 17 million attacks by malicious mobile software. These included programs designed for surveillance, extortion, stealing money and other criminal activities.

Kaspersky Internet Security for Android provides protection from these kinds of threats. To make it even more user-friendly and accessible, Kaspersky Lab has released an update that includes control via Android Wear smart watches.

A user’s smartwatch can now display notifications from Kaspersky Internet Security for Android, installed on a paired smartphone or tablet. This could include, for example, notifications about a threat detected on the device. A user can also remotely issue commands to the product via a watch by pressing keys on the screen or via voice control. These commands can activate an audible alarm to find a lost phone, run a scan for Android malware and update anti-virus databases.

In addition, the new version of the security solution is now compatible with Android 6.0, which provides effective protection against online threats to even more owners of Android devices.

“Statistics show that Android continues to be the second most attacked platform after Microsoft Windows, which is why owners of Android-based devices are strongly recommended to use security solutions. At the same time, the Internet of Things market is rapidly developing, attracting more and more users. This means that security solution vendors need to make it possible for customers to use the IoT in combination with their protection solutions,” says Alexey Chikov, Product Manager at Kaspersky Lab.

[adrotate banner=”5″]

 

Kaspersky Internet Security For Android Availability

The new Kaspersky Internet Security for Android is now available from Google Play, on the Kaspersky Lab site, and as part of Kaspersky Internet Security – Multi-Device, and Kaspersky Total Security – Multi-Device. In 2015, Kaspersky Lab was awarded the Top Developer prize from Google for its innovative approach and high quality products.

In addition to protection against malicious software and websites, the solution includes tools to remotely control a device if it lost or stolen, to filter out unwanted calls and messages, and to hide personal data from prying eyes. The product can also be controlled remotely via the My Kaspersky portal, for example, to activate the Anti-Theft function, to enable or disable the Privacy Protection function or to update anti-virus databases.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Kaspersky Discovers Triada – A Mobile Trojan

4 March 2016 – Kaspersky Lab experts have detected Triada, a new Trojan targeting Android devices that can be compared to Windows-based malware in terms of its complexity. It is stealthy, modular, persistent and written by very professional cybercriminals.

Devices running the Android 4.4.4 and earlier versions of the Android OS are at greatest risk.

According to the recent Kaspersky Lab research on Mobile Virusology, nearly half of the top 20 Trojans in 2015 were malicious programs with the ability to gain super-user access rights. Super-user privileges give cybercriminals the rights to install applications on the phone without the user’s knowledge.

This type of malware propagates through applications that users download/install from untrusted sources. These apps can sometimes be found in the official Google Play app store, masquerading as a game or entertainment application. They can also be installed during an update of existing popular applications and, and are occasionally pre-installed on the mobile device. Those at greatest risk include devices running 4.4.4. and earlier versions of the Android OS.

There are 11 known mobile Trojan families that use root privileges. Three of them – Ztorg, Gorpo and Leech – act in cooperation with each other. Devices infected with these Trojans usually organize themselves into a network, creating a sort of advertising botnet that threat actors can use to install different kinds of adware. But that’s not all…

Shortly after rooting on the device, the above-mentioned Trojans download and install a backdoor. This then downloads and activates two modules that have the ability to download, install and launch applications.

The application loader and its installation modules refer to different types of Trojans, but all of them have been added to our antivirus databases under a common name – Triada.

 

Getting Into The Parental Android Process

A distinguishing feature of this malware is the use of Zygote – the parent of the application process on an Android device – that contains system libraries and frameworks used by every application installed on the device. In other words, it’s a demon whose purpose is to launch Android applications.

[adrotate banner=”4″]This is a standard app process that works for every newly installed application. It means that as soon as the Trojan gets into the system, it becomes part of the app process and will be pre-installed into any application launching on the device and can even change the logic of the application’s operations.

This is the first time technology like this has been seen in the wild. Prior to this a Trojan using Zygote was only known of as a proof-of-concept.

The stealth capabilities of this malware are very advanced. After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using antimalware solutions. Triada operates silently, meaning that all malicious activities are hidden both from the user and from other applications.

The complexity of the Triada Trojan’s functionality proves the fact that very professional cybercriminals, with a deep understanding of the targeted mobile platform, are behind this malware.

 

Triada’s Business Model

The Triada Trojan can modify outgoing SMS messages sent by other applications. This is now a major functionality of the malware. When a user is making in-app purchases via SMS for Android games, fraudsters are likely to modify the outgoing SMS so that they receive the money instead of the game developers.

“The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats. They are the first widespread malware with the potential to escalate their privileges on most devices. The majority of users attacked by the Trojans were located in Russia, India and Ukraine as well as APAC countries. It is hard to underestimate the threat of a malicious application gaining root access to a device.

Their main threat, as the example of Triada shows, is in the fact that they provide access to the device for much more advanced and dangerous malicious applications. They also have a well-thought-out architecture developed by cybercriminals who have deep knowledge of the target mobile platform,” said Nikita Buchka. Junior Malware Analyst, Kaspersky Lab.

As it is nearly impossible to uninstall this malware from a device, users face two options to get rid of it. This first is to “root” their device and delete the malicious applications manually. The second option is to jailbreak the Android system on the device.

 

Kaspersky Lab Products Detect Triada Trojan Components As :

  • Trojan-Downloader.AndroidOS.Triada.a
  • Trojan-SMS.AndroidOS.Triada.a
  • Trojan-Banker.AndroidOS.Triada.a
  • Backdoor.AndroidOS.Triada.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!