Tag Archives: Malware

Did Cyberattack Cause Dali To Hit Baltimore Bridge?!

Did a cyberattack cause the Dali to hit the Francis Scott Key Bridge in Baltimore, causing it to collapse?!

Take a look at the viral claims, and find out what the facts really are!

 

Claim : Cyberattack Caused Dali To Hit Baltimore Bridge!

Right after news broke that the Francis Scott Key Bridge in Baltimore collapsed after being hit by a massive container ship, some people immediately began suggesting there was more to the tragedy than meets the eyes…

Alex Jones : Looks deliberate to me. A cyber-attack is probable. WW3 has already started..

Andrew Tate : This ship was cyber-attacked. Lights go off and it deliberately steers towards the bridge supports. Foreign agents of the USA attack digital infrastructures. Nothing is safe. Black Swan event imminent.

Recommended : Baltimore Bridge Collapse Conspiracies Debunked!

No Evidence Cyberattack Caused Dali To Hit Baltimore Bridge!

This appears to be yet another example of fake news created or promoted by conspiracy theorists and conspiracists, and here are the reasons why…

Fact #1 : Dali Lost Power Before Hitting Baltimore Bridge!

Let me start by simply pointing out that the Dali – a massive container ship, only hit the Francis Scott Key Bridge in Baltimore, after it lost engine power.

The Dali lost power soon after leaving the Port of Baltimore in the middle of the night. Not only were the crew blinded in the dark, none of its electronics worked and there was no propulsion, so they were unable to control the ship.

As the crew tried unsuccessfully to restart its engine, a local pilot onboard the vessel ordered the ship to be steered to port (left), and the anchor to be dropped. While the crew managed to restore electrical power using an emergency generator, they were not able to restart its engines.

With the ship floating adrift, the two local pilots onboard issued a mayday call at 1:30 AM to warn authorities that a collision was imminent, which allowed them to stop traffic from going over the bridge. A Maryland Transportation Authority official was recorded saying at that time:

There’s a ship approaching that has lost their steering. Until you’ve got that under control, we’ve got to stop all traffic.

The video below, which is being shared on WhatsApp, does not accurately reflect the truth – the ship never regained the use of its engines, but it clearly shows when the ship lost power, and when it restored electrical power.

Recommended : Can Canada Social Credit System Freeze Bank Accounts?!

Fact #2 : No Evidence Dali Was Hit By Cyberattack

Despite claims by people with unnamed “inside sources”, there is simply no evidence that the Dali was hit by a cyberattack which steered it right into a bridge in Baltimore.

Built by Hyundai Heavy Industries, the Dali is powered by a single MAN 9-cylinder S90ME-C9.2 crosshead diesel engine. It also has a single 3,000 kW bow thruster for manoeuvring in ports, and four diesel generators for electricity.

While those engines, and controls, may be connected to a SCADA (Supervisory Control and Data Acquisition), they are not connected to the Internet. Even if the Dali’s SCADA system was somehow taken over by malware, the lack of Internet connectivity would make it impossible for any hacker to steer it into the bridge.

An early Cybersecurity and Infrastructure Security Agency (CISA) report appears to rule out an intentional or act of terrorism, finding that the Dali “lost propulsion” as it was leaving port.

The Baltimore Field Office of the Federal Bureau of Investigation (FBI) said in a press statement, that “There is no specific and credible information to suggest any ties to terrorism at this time.

United States Attorney for the District of Maryland Erek L. Barron also dismissed those claims in a public statement, saying “There is no evidence at this time to suggest that today’s collapse of the Francis Scott Key Bridge in Baltimore has any ties to terrorism.

If the Dali was indeed hit by a cyberattack before its crash, there would be evidence of hacking or malware in its SCADA system. However, until such evidence is discovered, anyone who tells out that it was definitely hit by a cyberattack is likely lying to you.

Unsurprisingly, none of those who claimed that a cyberattack caused the Dali to lose power and hit the Francis Scott Key Bridge ever provided a single shred of evidence from behind their keyboards.

Recommended : Did Russia Arrest Rustam Azhiev For Moscow Attack?!

Fact #3 : Ship Loss Of Power Is Common

The loss of power is common in the maritime industry (source) – as many as 600 cases each year according to FuelTrust, although most occur in open water. They are often associated with poorly mixed fuel, or changing from high-sulphur to low-sulphur fuels when entering coastal emission control areas (ECAs).

In fact, shipping experts think “dirty fuel” may be the reason for Dali to lose power before smashing into the Francis Scott Key Bridge (source).

That power loss could have been caused by dirty fuel clogging filters that lead to the ship’s main generator.

While inside a port, as the Dali was before the collision, ships typically run on a relatively light diesel fuel. That also could have been contaminated. Common contaminants include water, dirt and algae. He definitely could have had dirty fuel

– Gerald Scoggins, a veteran chief engineer in the oil and gas industry and the CEO of the Houston company Deepwater Producers

Ian Ralby, the CEO of I.R. Consilium, a maritime and resource security consultancy, also said heavy marine fuel loaded onto ships in port is mixed with what is called cutter stock, and is prone to being loaded with contaminants and is not closely regulated. Such dirty fuel could have “gummed up all of the fuel lines on the ship.”

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Was Brad Pitt Just Found Dead From Suicide?!

Was Brad Pitt just found dead from suicide?! Take a look at the viral claims, and find out what the facts really are!

 

Claim : Brad Pitt Was Just Found Dead From Suicide!

People are sharing YouTube videos and Facebook posts claiming that Brad Pitt just died, or was found dead from suicide, with titles like :

FOX Breaking News: Brad Pitt found dead (Suicide)

R.I.P country actor Brad Pitt passed away last night, fans burst into tears.

Recommended : Did Justin Bieber Just Die In A High Speed Car Crash?!

 

Truth : Brad Pitt Was Not Found Dead From Suicide!

This is yet another example of FAKE NEWS created and propagated by people to generate income from scams, page views and YouTube advertising, and here are the reasons why…

Fact #1 : Brad Pitt Suicide Ad Was FB Malware

Let me start by warning you that the Brad Pitt being found dead from suicide was a malware scam that circulated through a Facebook advertisement.

Those who clicked on it were directed to a scam website which tries to trick users into installing malware, rogue Facebook apps, rogue antivirus scanners, or tricked into divulging personal information through fake surveys.

Some were also asked to allow a fake Fox News app to gain permission to their profiles. Those who bypassed the permission pop-up were directed to a fake story about Brad Pitt’s suicide:

Brad Pitt, 52, a multi-awarded American actor and husband of Angelina Jolie, 41, shot himself in the head at a shooting range on Sunday. He was under significant stress because the couple “were going through a divorce and he had a history of depression”, sources have said.”

After extensive media coverage, Facebook finally issued a warning to advise people not to click on the fake advertisement, and to warn those who did so earlier, to change their account passwords and scan for malware.

Fact #2 : Brad Pitt Is Still Alive

Brad Pitt (born William Bradley Pitt on December 18, 1963) is still alive as of 21 January 2024. In fact, he was just spotted in public several days ago!

Even though Brad Pitt is notoriously a very private person, he was seen entering the Gagosian Gallery with his new girlfriend, Ines de Ramon, on Friday, 19 January 2024.

Wearing a brown leather bomber jacket, Brad Pitt looked very healthy for someone who is supposed to have died!

Recommended : Did Simon Cowell Just Die In A Car Accident?!

That night, Brat Pitt and Ines de Ramon attended an exhibition by his Moneybag director, Bennett Miller. Britney Spears’ ex-husband, Sam Asghari, was also there. He asked Pitt for a selfie, and later went to chat with Pitt’s former in-laws, James Haven and Jon Voight.

As you can clearly see, Brad Pitt is still very much alive… and looking great!

Fact #3 : No Legitimate Media Outlet Reported His Death

These YouTube videos have been circulating for weeks and months, but people don’t seem to notice that no legitimate media has reported Brad Pitt’s death.

Brad Pitt is one of the most famous celebrities in the world. If he only tripped and fell while walking along Hollywood Boulevard, it would have been international news, covered by celebrity blogs and media outlets.

No legitimate media outlet, or even celebrity blog, reported that Brad Pitt was found dead from suicide, or died suddenly from any cause, because it’s simply not true. Why should you believe some small-time or YouTube channel or random Facebook posts?!

Fact #4 : Brad Pitt Funeral Photos Were Edited

I analysed the photos used in these videos, and traced the origin of two examples used in many of these videos.

This photo used to show Brad Pitt’s funeral is actually a photo from the funeral of Fernando Gaitan, the Colombian TV producer and screenwriter who created the telenovela Yo soy Betty, la fea, which has been adapted in multiple countries.

The funeral was held in Bogota, on Thursday, 31 January 2019. Obviously, that was not Brad Pitt’s funeral, as he was very much alive at that time!

The fake news creator merely added a photo of Brad Pitt, and Angelina Jolie holding up his photo.

Recommended : The Sara Lee Car Accident / Death Video Scam!

This photo does not show Brad Pitt’s coffin being carried out during his funeral. It actually shows the coffin of one of the six Philpott children during their funeral in June 2012. They were murdered by their parents, Mick and Mairead Philpott, who set fire to their home.

If you look carefully, you can see that the pallbearers are carrying multiple coffins. Did it not strike you strange that Brad Pitt’s funeral would have more than one coffin???

Also, the coffin looked remarkably small for an adult. That’s because the coffin was for a 10 year-old little girl called Jade. The fake news creator merely tacked on a photo of Brad Pitt to fool you into believing that it was his funeral.

Fact #5 : Brad Pitt Death Hoax Is Driven By Fake Fact Check Too

This Brad Pitt death hoax, ironically, is also being driven by another fake fact check article by MediaMass Project.

News of actor Brad Pitt’s death spread quickly earlier this week causing concern among fans across the world. However the January 2024 report has now been confirmed as a complete hoax and just the latest in a string of fake celebrity death reports. Thankfully, the actor best known for his roles in Fight Club, Legends of the Fall or A River Runs Through It is alive and well.

Their claim of a viral R.I.P. Brad Pitt Facebook page is false. There is no such Facebook page. It is their standard fake fact check spiel for fake celebrity deaths.

The statement from Brad Pitt’s unnamed reps confirming that he is not dead is exactly the same as statements from other celebrities whose reps MediaMass claimed were victims of death hoaxes, like Angelina Jolie, Arnold Schwarzenegger, Barry Gibb, Bruce Willis, Celine Dion, Clint Eastwood, Cristiano Ronaldo, Dolly Parton, Harrison Ford, Justine Bieber, Lionel Messi, Lucy LiuMadonna, Melanie Laurent, Mike Tyson, Morgan Freeman, Oprah Winfrey, Robert Pattinson, Simon Cowell, Sylvester Stallone, Taylor Swift, Toby Keith, Tom Cruise, and Tom Hanks.

He joins the long list of celebrities who have been victimized by this hoax. He’s still alive and well, stop believing what you see on the Internet.

Hidden in the description page for the MediaMass Project is a disclaimer that they are a “satire” website. That’s the usual “cover” for websites peddling fake news.

Regardless of their reasons, anything posted by MediaMass.net must be considered as fake news, until proven otherwise.

Recommended : Did Bruce Willis Get Aphasia From COVID-19 Vaccine?!

Fact #6 : This Is Just Fake Celebrity News

This is yet another example of fake celebrity news created to generate page views and money through advertising, just like these examples:

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Celebrity Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bank Letter QR Code Scam : What You Need To Know!

Are scammers sending bank letters with a QR code that can steal your money?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Bank Letter With QR Code Is A Scam!

People are sharing a photo of a letter from a bank, claiming that the QR code in the letter can steal your money if you scan it with your phone!

Circulating In WhatsApp : If you get a letter from the bank like this and ask to update the book using the QR CODE provided in the letter that was sent, don’t ever scan it, you will lose all your daily savings or old age savings, this is another scammer’s work and method take your money, please spread it to everyone so that siblings, relatives, neighbors & family members are not affected by this kind of scam…

Peng Seong, the one : ⛔️ Another Scam ‼️

Do NOT scan the QR code per the letter even with bank’s letterhead without verifying with the bank

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

Truth : Bank Letter With QR Code Is Not A Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this photo is not new. It first went viral, with a voice message in August 2022, and has subsequently gone viral on and off over the last year or so.

Fact #2 : CIMB Letter Was Genuine

The letter, which was sent by CIMB, is genuine. CIMB even posted a reply to one viral tweet, that the letter was genuine:

FYI, this [letter] is genuinely from our bank. You can refer to the link below for more information: [link no longer available]

[U]ntuk makluman, ia adalah sah dari pihak kami. Anda boleh rujuk pautan di bawah bagi maklumat lanjut: [link no longer available]

Fact #3 : CIMB Letter Was Only Sent To Business Customers

The letter was not meant for consumers, and was only sent to CIMB business customers, to request that they update their company/organisation’s information.

Re: Update on your records to improve your banking experience

We refer to the above mattes and our letter dated 27/06/2022.

We note that you have vet to update your company/organisations information with us.

As part of the Bank’s ongoing process to know our customers better and provide a seamless banking experience, we would like to remind you to return the completed Customer Information Update form to us

This letter appears to be CIMB’s efforts to comply with KYC (Know Your Customer) requirements set out by regulators like Bank Negara Malaysia (BNM).

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #4 : QR Code Leads To CIMB Website

QR codes is a type of barcode, which allows people and companies to share / deliver information, that can include links. QR codes can lead you to malicious websites, but they cannot deliver malware, or hack your computer or smartphone.

The QR code in the CIMB bank letter isn’t malicious. It actually codes for a link to the CIMB website. You can verify it by simply scanning the QR code in that “CIMB scam letter”. You will see that it only leads to http://www.cimb.com.my/bizupdate [which no longer exists]

Ultimately, this viral warning was likely created by well-meaning but clueless Internet “experts” who are apparently not tech-savvy enough to even verify the QR code by simply scanning it!

Fact #5 : Form Was To Be Emailed / Delivered

The CIMB letter asked its business customers to download and fill in a form. However, that form was not to be submitted online.

Rather, the letter specifically asked its business customers to email the completed form to a legitimate CIMB email address, or to physically mail or courier it to the bank itself.

Scan the QR Code below to download the form. Once you have completed the form, please submit by email to cimb_updates@cimb.com or mail/courier to the address below within 21 days from the date of this letter, failing which, the Bank reserves the right to suspend or close the account in accordance with the account terms and conditions.

In a real scam, you will be asked to taken to a fake CIMB bank website, and asked to logged into your bank account. That’s how the scammer gets hold of your bank login credentials.

However, even that scam won’t work without access to your TAC (Transaction Authorisation Code), which is sent to your phone by SMS, or authenticated through the bank’s mobile app.

For certain, scammers cannot log into your bank account by simply gaining your company’s information through a form, unless you actually include your company’s bank account login details!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

PayNow PDF Malware Scam : What You Need To Know!

Is there a new malware scam involving a PayNow PDF?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : WhatsApp Block Button Is A Scam!

People are sharing this warning about a new malware scam involving a PayNow PDF. Take a look!

I just received below the latest and new scams Modus Operandi from my Uncle. Forward to warn and share.
======================

The scammers have changed their modus operandi. They don’t ask you to download the app.
My neighbour told me yesterday that her sister (a cancer patient) wanted a part-time helper to clean her house. Hence, she went to Facebook. I called the number and made the request. The advertiser asked whether she had a Paynow, and she said that she had. He directed her to make the partial payment, and he will send the invoice to confirm. (Note: He did not ask her to download an app, as people are getting alerts). When she received the invoice in the PDF format, she did not suspect any foul play and clicked it. The invoice showed the amount paid and the balance to be paid. After that, she went to sleep. The next morning, her phone could not be switched on.
She used her laptop to check her DBS bank account. Her $20K was gone, and her two fixed deposits of $25K, which had not reached the maturity date, were also gone—the total loss was $ 70K.
When she went to the bank and asked why her fixed deposit was also gone, the receptionist told her that digital banking allows you to transfer the amount back to your account to facilitate withdrawals without going to the bank.
Police told her the malware was embedded in the PDF document.
So folks, beware that the scammers are always changing their modus operandi to con your money $$$! 😡😡😡

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

No Evidence There Is Any PayNow PDF Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of PayNow PDF Scam

First, let me just point out that there is no evidence that anyone was ever scammed by a PayNow PDF invoice.

There has been no actual news report of such a case, never mind multiple cases involving malicious PayNow PDF documents.

Frankly, I don’t know of any PDF malware that can shut down a phone, and transfer money from a bank account, including liquidating fixed deposits!

Fact #2 : PDF Malware Generally Target Computers

PDF documents can contain malware, but malicious PDFs generally target Windows computers. In fact, many aren’t actual PDF documents, but are instead executable files masquerading as PDF files – invoice.pdf.exe, for example.

Malicious PDF documents or executables targeted at Windows computers won’t work on smartphones. The malicious PDF must not only be specifically designed to target smartphones, it must target the right operating system – iOS or Android. A malicious PDF targeting Android won’t work on an Apple iPhone, for instance.

On top of that, many PDF malware actually exploit vulnerabilities in a specific PDF reader – most commonly, the industry-standard Adobe Acrobat Reader. Most smartphones do not have Adobe Acrobat Reader installed, and instead rely on a variety of PDF readers like Samsung Note, OneDrive, Google Drive, Kindle, etc.

Embedded PDF malware that target vulnerabilities in the Adobe Acrobat Reader won’t work with other PDF readers. That’s probably why it’s rare to see PDF malware that target smartphones.

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #3 : PayNow Scams So Far Involve Phishing

Singapore reported 477 cases of PayNow scams in 2021, with 133 more cases in 2022. However, they were not due to PDF malware. Rather, their victims were deceived into giving scammers their digital banking credentials.

In other words, PayNow scams have so far involved phishing attacks, in which victims are tricked into logging into fake websites, or giving up their Internet banking login details by phone.

In one of these scams, victims received phone calls from people pretending to be bank employees. The callers would ask for the victims’ personal details, such as their Internet banking usernames and passwords, under the pretext that the bank needed them to verify transactions in their accounts.

Fact #4 : Singapore Police Warned About Android Malware

It seems likely that the viral warning is based on a misunderstanding of a Singapore Police Force warning about Android malware withdrawing money through PayNow.

Issued on 17 June 2023, the Singaporean police warned that scammers were tricking victims into installing an Android Package Kit (APK) file through WhatsApp and Facebook Messenger. Once installed, the malware allows the scammers to remotely access the victims’ devices, and steal their passwords.

The victims are then directed to fake websites that mimic banks like DBS to key in their banking credentials. The login information obtained through this phishing attack then allows the scammers to withdraw their victims’ money through PayNow.

To be clear – this PayNow scam does NOT involve any PDF. It requires the victim to install an APK file – to gain access of your 2FA (Two-Factor Authentication) device, and provide bank login information through a fake (phishing) website.

This allows the scammers to log into your bank account using the login info you provided, and authenticate all transfers using your mobile phone.

Recommended : Nurse Lost RM380K After Pressing Instagram ‘Like’ Button?!

Fact #5 : Here Are Some Common Cybersecurity Tips

Here are some simple cybersecurity tips to help you avoid getting scammed online:

  • Never install APK files (for Android) from unknown or untrustworthy sources.
  • Never sideload IPA files (for Apple iOS) from unknown or untrustworthy sources.
  • Always check the entire filename, including its file extension:
    – PDF documents should end with .pdf, and not .pdf.apk or .pdf.ipa or .pdf.exe.
    – Word documents should end with .doc or .docx, and not .doc.apk or .doc.ipa or .doc.exe.
  • Never click on any link to go to any bank website. Always type in the link yourself into a web browser, or better still – use the official app issued by the bank.
  • Never give your bank login details to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!
  • Never give your 2FA authentication code / TAC or OTP number to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WhatsApp Block Button Scam : What You Need To Know!

Will clicking on the WhatsApp block button install a malicious app that will hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : WhatsApp Block Button Is A Scam!

People are sharing this advice on a new WhatsApp scam involving the Block button in messages. Take a look!

New Type of Scam in Whatsapp.

Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message.

Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Whatsapp 中的新型诈骗。
不要按消息中的“阻止”按钮,因为当您按下该按钮时,您实际上是在下载此恶意应用程序,而是转到 WhatsApp 设置(右上角的 3 个点)并阻止该消息。
如果您在短信中收到此类消息,请执行相同的操作。

New Type of Scam in Whatsapp. Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message. Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Recommended : Can Mexico Did It Photo Infect Your Phone With Virus?!

 

Truth : WhatsApp Block Button Is New Feature!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of WhatsApp Block Button Scam

First, let me just point out that there is no evidence that anyone was scammed by the WhatsApp block button in messages.

Even if an enterprising hacker / scammer was able to create a message with a fake block button that downloads an APK (Android Package Kit) file, it won’t automatically install that file. You will need to manually install the APK file from the Downloads folder.

Those who know how to do that would be tech-savvy enough to avoid installing APK files from unknown sources. Those who don’t know how to do that would not be able to install the downloaded APK file.

Fact #2 : WhatsApp Block Button Is Part Of New Safety Tools

The truth is – the Block button that you may see in new messages from strangers is not a scam. It also does not download or install any APK file.

The Block button is actually part of the new Safety Tools feature that WhatsApp started introducing in July 2023.

The Safety Tools feature will only appear when you receive a message from an unknown number. You will be given some details about the safety of this new contact – whether you are in common groups, and in some cases – the country of origin.

You are given the option of either blocking this new contact, or adding it to your Contact list. You can also click on the Safety tools link for more details.

Recommended : Can Israel Seismic Wave Card Hack Your Phone?!

Fact #3 : Older Blocking Method Still Exists

The new WhatsApp Safety Tools offer an easy way to quickly block and remove obvious spammers and scammers. However, it may not be readily apparent whether the new contact is genuine, or just a spammer / scammer.

If you start messaging with this new contact – to find out if their identity / purpose, the Safety Tools option will disappear. But don’t worry – you can still block this new contact if you realise that he/she is a spammer / scammer.

  1. Go to the messaging screen for the person you want to block.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select More > Block.
    You can also select More > Report (to report block the scammer)

Alternatively, you can block multiple contacts using this method:

  1. Open WhatsApp, and go to the Chats screen.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select Settings.
  4. Tap on the Privacy option.
  5. Scroll down and tap on Blocked contacts.
  6. Tap on the Add Contacts () icon at the upper right corner.
  7. Search for the contacts you want to remove, and select them.

Now, blocking people does not remove your contact details or profile photo from their phones and devices.

However, they will no longer be able to call you, or send you messages. They will also not be able to see changes to your status updates including when you’re online / last seen, or changes you make to your profile photo.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Mexico Did It Photo : Can It Infect Your Phone With Virus?!

Can the “Mexico Did It” photo infect your phone with a virus in just 5 seconds?!

Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-09-13 : Revised for a new wave
Originally posted @ 2022-11-07

 

Claim : “Mexico Did It” Photo Will Infect Your Phone With A Virus!

The warning about the “Mexico Did It” photo or image that will infect your phone with a virus keeps going… viral on WhatsApp and social media.

There are two versions so far – in English, and in Spanish.

FYI: They are going to publish an image that shows how Covid 19 is cured in Mexico and it is called “Mexico did it”, do not open it because it enters the phone in 5 seconds and it cannot be stopped in any way. It’s a virus. Pass it on to your friends and family. Now they also said it on CNN and BBC. DO NOT OPEN IT

Pass it on

Van a publicar una imagen que muestra como el Covid 19 se cura en Mexico y se llama “Mexico lo hizo” no lo abran porque entra al telefono en 5 segundos y no se puede frenar de ninguna forma. Es un virus. Pasenlo a sus familiares y amigos. Ahora lo dijeron tambien en CNN y BBC

Recommended : Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

 

Truth : There Is No “Mexico Did It” Photo / Virus!

This is just another example of FAKE NEWS circulating on WhatsApp and social media like Facebook and Twitter, and here are the reasons why…

Fact #1 : This Viral Message Has Been Circulating Since 2021

The viral message about the “Mexico Did It” photo or virus has been circulating on Facebook, WhatsApp and Twitter since April 2021.

Fact #2 : This Is A Modified Version Of “Argentina Is Doing It”

This viral message is actually a modified version of an earlier fake message, which claims that a video on WhatsApp called “Argentina is doing it” will hack your phone in 10 seconds.

It just replaces Argentina with Mexico, a video with a photo, and changes it from a 10-second hack into a 5-second virus attack.

Those two fake news are, in turn, probably based on the even older fake claim that hackers are using greeting photos and videos to hack your phone.

Read more : Can Greeting Photos + Videos Hack Your Phone?!

Fact #3 : There Is No “Mexico Did It” Photo / Virus

There is no such thing as a “Mexico Did It” image or photo. Neither is there a virus called “Mexico Did It“.

There is also no known virus that can infect your phone with a virus simply using a photo or image.

Fact #4 : CNN + BBC Never Reported On Such A virus

It’s been over 2.5 years since this fake story first appeared on Facebook, Twitter and WhatsApp, but neither CNN nor BBC has ever reported on a “Mexico Did It” virus.

Fact #5 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #6 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #7 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 5 seconds, as the hoax message claims.

Generally, malware won’t wait a few seconds before it infects your devices. Waiting will only increase the risk of detection.

Unless the malware creator designed it to only infect your phone when you are sleeping (like the early hours of the morning), it pays to execute immediately.

Now that you know the facts, please SHARE this article with your family and friends, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Can the Seismic Wave Card containing photos of the recent earthquake at Morocco hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Morocco Earthquake Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent earthquake at Morocco has gone viral on WhatsApp:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

他们将在WhatsApp上上传一些摩洛哥地震的照片。该文件称为地震波CARD,不要打开或看到它,它会在10秒内破解您的手机,并且无法以任何方式停止。与您的家人和朋友分享信息。
不要打开它。他们还在电视上说过

Recommended : Did Fukushima Just Release Black Radioactive Water?!

 

Truth : There Is No Morocco Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every earthquake that comes along, like these examples show:

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

They are going to upload some photos of the Calvario earthquake on WhatsApp. The file is called CARD Seismic Waves. Do not open them or see them, they hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. Don’t open it. They also said it on TV.

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

This transgression doesn’t end here; they siphon sensitive data and create vulnerabilities in your system’s security framework, providing a gateway for more perilous threats, such as malware and phishing schemes, to invade.

The protracted presence of Seismic Waves Card in your system exponentially escalates the risk of serious compromises, emphasizing the dire necessity for its immediate removal. Recognizing the malicious potential of such unwanted apps is essential in maintaining a secure and safe digital environment. Stay vigilant and prioritize your cybersecurity.

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Wedding Invitation Scam : Don’t Install APK File!

Please watch out for the wedding invitation scam, and find out why you should NEVER install any APK file from strangers!

Find out what’s going on, and warn your family and friends!

 

Wedding Invitation Scam Gone Viral!

A new scam has gone viral on social media in Malaysia – the wedding invitation scam. In this scam, scammers contact their victims on WhatsApp, pretending to send them an APK file as a wedding invitation!

Here is the Malay version of the scam messages, and their English translations.

Dengan rasa kesyukuran, Menjemput Tuan ZAITON OTHMAN Ke Majlis Perkawinan Anak Kami
Sila Klik instal Apk untuk dapatkan kad kahwin digital kami ⬇️⬇️
Sila klik instal nampak kad kahwin digital kami 🙏, agar nak tau Siapa 😀

With gratitude, Inviting Mr. Zaiton Othman to our Son’s Wedding
Please click install Apk to get our digital wedding card ⬇️⬇️
Please click install to see our digital wedding card 🙏, to know who this is 😀

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Wedding Invitation Scam : Don’t Install APK File!

This is yet another example of a Mobile Application Scam, and here are the reasons why…

Fact #1 : APK Is Android Installation File

First, it is important to know that APK files are not used to deliver wedding invitations, or photos and videos.

Short for Android Package Kit, an APK file is used to install software in Android devices. Think of it as the Android equivalent of an EXE installation file for Windows software.

Fact #2 : You Should Never Install APK File, Unless You’re An Expert

APK files, by definition, are merely installation files for Android devices. They can be used for legitimate purposes, as well as nefarious purposes.

However, legitimate Android apps are mostly delivered through proper mobile app platforms like Google Play Store and the HUAWEI App Gallery, where they are often scanned for malware before people are allowed to download and install.

Therefore, you should never download and install an APK file outside of legitimate mobile app platforms, unless you are an expert who needs to “sideload” an APK for a specific reason.

Now, this does not mean that only Android devices are vulnerable. Apple is slated to offer the ability to sideload apps too with iOS 17.

Fact #3 : Scammers Use APK Files To Install Malware

In most, if not all, cases where you receive an APK file from a stranger on WhatsApp, Telegram, through email or social media platforms, it is likely to contain malware.

Scammers use APK files containing malware to gain access to your phone. After you install these malware APK files, scammers can do anything – read your messages, steal your photos and videos, gain access to your TAC / OTP alerts, etc.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #4 : APK File Scam Not Limited To Wedding Invitations

These mobile application scams are not just limited to wedding invitations, or offers to deliver illicit photos and videos. Scammers have also convinced their victims to install these APK malware files to :

  • book cheap temporary maid / cleaning services
  • book cheap air-conditioning services
  • book exclusive restaurants
  • receive special discounts
  • make investment transactions

Fact #5 : Scammers Use Social Engineering + Stolen Data

It is important to remember that scammers will use a combination of social engineering and stolen / purchased data to convince you to install their APK malware.

They may know your name, your MyKad number, your address and your telephone number. They may even know who is in your family, and even have your bank account or credit card details. All that information can be purchased from unscrupulous sources.

In some cases, scammers have taken over social media accounts and used them to trick the account holder’s family and friends into installing such APK malware files.

No matter who tells you to do it – even if they are your family member or friend, NEVER download and install an APK file.

Recommended : Scam Alert : How Fake Job Syndicates Operate!

Fact #6 : Bank Negara Malaysia Warned About Mobile App Scam

Bank Negara Malaysia has long warned consumers about such mobile application scams.

Be wary of clickable hyperlinks that redirects you to a site, or downloads an application to your phone. Banks will no longer send you any clickable hyperlinks via SMS!

Only download applications from your smartphone’s official application platforms (e.g. Google Play Store, [Apple] App Store, Huawei App Gallery).

Fact #7 : PDRM Confirmed This Is A Scam

On Monday, 19 June 2023, PDRM Commercial Crimes Investigation Department (CCID) Director Datuk Seri Ramli Mohamed Yoosuf warned the public about this wedding invitation scam:

This new tactic asks for an individual to open the link prepared to receive the wedding invitation. However, that’s the trick to steal information from the public and to make online transfer. The public are advised to avoid getting caught up in any message from questionable sources.

Please help us FIGHT SCAMMERS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Money | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can hackers use Good Morning greetings to hack you?!

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?!

Find out what is happening, and what the FACTS really are!

Updated @ 2023-04-21 : Updated with a new 2023 version of the hoax
Originally posted @ 2022-11-01

 

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.
Warning from Olga Nikolaevnas lawyer:

Recommended : Can Approve New Participant block WhatsApp hackers?!

 

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Pinduoduo App Contains Persistent Spy Malware!

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

 

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Read more : How To Block Facebook Ads + Pay Scammers!

 

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Read more : Can SIM Swap empty bank accounts without warning?!

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Recommended : Chinese Netizens Explode Over WPS Office Censorship!

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Greeting Photos + Videos Hack Your Phone?!

Can hackers use greeting photos and videos to hack your phone, and steal your data?

Take a look at the viral claim, and find out what the FACTS really are!

 

Claim : Greeting Photos + Videos Can Hack Your Phone!

People keep sharing this warning about greeting photos and videos, which claims that they can hack your phone and steal your data.

It’s a long message, so just skip to the next section for the facts!

Hello Family and friends,

Starting tomorrow, Please do not send network pictures. Look at the following article to understand. I’m going to stop too.

Please delete all photos and videos of Good morning, Evening and other greetings and religious messages as soon as possible. Read the following article carefully and you will understand why.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.

 

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Many of us get spammed with Good Morning, Good Afternoon, Good Evening photos and videos every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really cannot hack your phone. Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Greeting Photos + Videos Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these greeting photos and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Greeting Photos / Videos

There has been no known fraud involving Good Morning or Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For SVCReady Malware In MS Word Documents!

Please watch out for a new malware called SVCReady that is being embedded in Microsoft Word attachments!

Here is what you need to know about the new SVCReady malware!

 

Watch Out For SVCReady Malware In MS Word Documents!

The HP Threat Research just uncovered a new malware called SVCReady, which they first picked up on 22 April 2022 through HP Wolf Security telemetry.

SVCReady is being distributed in phishing emails with Microsoft Word attachments. On opening the infected Word document, an embedded Visual Basic for Applications (VBA) AutoOpen macro is used to run shellcode stored in the properties of the document.

Splitting the macro from the shellcode is a way to evade security software that would normally detect the malicious code.

Document properties containing shellcode, namely a series of nop instructions as represented by 0x90 values. Credit : HP

The SVCReady malware begins by downloading and loading its payload from the web, and connecting to its Command and Control (C2) server.

It then starts gathering and sending information to the C2 server like :

  • username
  • computer name
  • time zone
  • whether the computer is joined to a domain
  • HKEY_LOCAL_MACHINE\HARDWARE|DESCRIPTION\System registry key
  • running processes
  • installed software

The SVCReady malware also connects to its C2 server every 5 minutes to report its status, send information, receive new instructions, or validate the domain.

Currently, the malware appears to only gather and send information. However, that will change as the malware persists in the system, and is capable of receiving both updates and instructions from the C2 server.

In fact, the HP team observed the SVCReady retrieve and load a Readline stealer payload on an infected computer. It’s a sign of things to come.

The HP team believes that the SVCReady malware is still in early development, with an influx of updates adding features like encrypted C2 communications, and detection evasion.

They also found evidence linking SVCReady to past malware documents by the TA551 (Shatak) group from 2019 and 2020.

SVCReady will eventually be used for more nefarious purposes once it is good and ready. Until then, the malware will stay hidden, lurking and waiting for its master’s commands.

 

How To Avoid SVCReady Malware In MS Word Documents?

The HP team discovered that the malware creates a new registry key, which could serve as a signature for security software to detect it : HKEY_CURRENT_USER\Software\Classes\CLSID\{E6D34FFC-AD32-4d6a-934C-D387FA873A19}

But until security software are updated to detect SVCReady, the best way to avoid this malware is simple – do NOT open Word document attached to emails!

If you regularly receive Word documents in your emails, please VERIFY with the sender before opening them.

These phishing emails are designed to look legitimate. So be very careful about what you open!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

INTERPOL : Alarming Rate Of COVID-19 Cyberattacks!

According to INTERPOL, cybercriminals are taking advantage of the COVID-19 pandemic, boosting cyberattacks at an alarming pace.

Learn more about their key findings, and what they are projecting will happen in the near future!

 

COVID-19 Pandemic : New Opportunities For Cyberattacks!

The COVID-19 pandemic has forced organisations and businesses to rapidly deploy remote work systems and networks to support staff working from home

Cybercriminals are taking advantage of these new COVID-19 work-from-home normals, targeting staff of major corporations, governments and critical infrastructure to steal data and generate profits.

Online Scams + Phishing

 Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.

Around two-thirds of member countries which responded to the global cybercrime survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.

Ransomware + DDoS

Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.

In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.

Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organisations.

Data Harvesting Malware

Taking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as “coronavirus” or “COVID”. These fraudulent websites underpin a wide variety of malicious activities including C2 servers, malware deployment and phishing.

From February to March 2020, a 569 per cent growth in malicious registrations, including malware and phishing and a 788 per cent growth in high-risk registrations were detected and reported to INTERPOL by a private sector partner.

Misinformation

An increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.

Nearly 30 per cent of countries which responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware. There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities.

Other cases of misinformation involved scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets. 

 

INTERPOL : Projection Of Future COVID-19 Cyberattacks

Here are INTERPOL’s projection of future COVID-19 cyberattacks :

  • A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
  • Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
  • Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
  • When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Android Wallpaper Malware Explained + Solved!

Ice Universe shared a really interesting problem earlier today – a wallpaper that would set certain Android smartphones into a boot loop. Literally wallpaper malware!

Find out what this wallpaper malware is all about, and how to prevent it from bricking your Android smartphone!

 

Android Wallpaper Malware Explained + Solved Video

For a quick run-down, we prepared this video that explains what the wallpaper does, and how to solve the problem.

 

Android Wallpaper Malware : What Is It?

The wallpaper was first shared by Ice Universe whose friend was affected by it. As you can see, there is really nothing remarkable about it.

If you set it as a wallpaper on a vulnerable Android smartphone, it will force the device to go into a boot loop.

Once that happens, there is nothing more you can do, except to factory reset your smartphonedestroying all of its data.

 

Android Wallpaper Malware : The Cause

Ice Universe paved the way to discovering the cause when he noted that the wallpaper’s colour seemed to changed when he uploaded it to Weibo.

So we looked into the metadata of the wallpaper, and discovered that it has a specific ICC colour profile for Google Skia – E3CADAB7BD3DE5E3436874D2A9DEE126

That ICC colour profile appears to trip the Google Skia graphics engine for certain Android devices, causing them to reboot.

Technically, com.android.systemui.glwallpaper.ImageProcessHelper crashes from an ArrayIndexOutOfBoundsException while trying to load the wallpaper with the embedded colour profile.

And because the wallpaper loads when Android UI loads, it triggers another reboot. Your smartphone is now stuck in a boot loop – it will keep rebooting on loading the wallpaper.

 

Android Wallpaper Malware : The Solution

The solution is surprisingly simple – remove the ICC colour profile. You can do that by using a photo editor (like Photoshop) and simply saving the wallpaper without embedding the colour profile.

Alternatively, you can use an EXIF remover app or software to strip the wallpaper’s metadata. That should strip its colour profile as well. Just make sure you check before you load it into your phone!

The only problem is that stripping the colour profile makes the wallpaper look less vivid.

But the best thing to do is really just avoid the wallpaper altogether. Don’t even download it.

Google really needs to look into how such a bad colour profile in a picture can trip Google Skia and force the phone into a boot loop.

We should consider this a shot across the bow. Not only should we question whether we really “need” that nice wallpaper, we should be more proactive and :

  • offload our data from our smartphones on a regular basis
  • keep constant backups of our smartphone data
  • consider recording our photos and videos to a microSD card

This way, even if another wallpaper or picture malware comes along and bricks your phone, you won’t lose all of your data.

 

Recommended Reading

Go Back To > Mobile Devices | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ransomware Warning : 1 in 3 Attacks Target Business Users!

INTERPOL and Kaspersky are urging organisations to protect their data against ransomware, because 1 in 3 attacks target business users!

 

Ransomware Warning : 1 in 3 Attacks Target Business Users!

Recent Kaspersky research revealed that in 2019, WannaCry is still the most prevalent ransomware circulating, and some 30% of people targeted by ransomware were business users!

  • 30% of ransomware attacks targeted business users
  • Organisations lost, on average, US$1.46 million in costs, fines and repetitional damage in 2019
  • WannaCry attacked 164,433 users in 2019, and accounted for 21% of all ransomware attacks.
  • GrandCrab accounted for 11% of attacks, while Stop accounted for 4%.

WannaCry, arguably the world’s most famous ransomware, reached its peak 3 years ago – on 12 May 2017 – but continues to wreak havoc on unsuspecting victims.

GrandCrab is famous for its ransomware-as-a-service model, rented out to cybercriminals by its developers. Meanwhile, Stop spreads through compromised software and websites, as well as adware.

 

Ransomware : How To Protect Your Business

Here are some tips that Kaspersky is recommending to stay protected against ransomware :

  • Explain to employees how following simple rules can help a company avoid ransomware incidents.
  • Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device).
  • Don’t just rely on a physical backup, but also store your backup in the cloud for greater reliability.
  • Always update your operating system and software to eliminate recent vulnerabilities.
  • Use anti-ransomware software, which will prevent ransomware from exploiting vulnerabilities in software and applications – especially important for customers who continue to use Windows 7.

And if a corporate device is encrypted by ransomware, please remember that the attack is a criminal offence. You should NOT pay the ransom.

Instead, report the ransomware attack to your local law enforcement agency, and find a decryptor that may work for you. Some are available for FREE.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Acronis Cyber Protect : What Does It Offer?

Acronis Cyber Protect claims to be the “world’s first complete cyber protection solution” for businesses and Managed Service Providers (MSPs).

Let’s take a look at what Acronis Cyber Protect offers!

 

Acronis Cyber Protect : What Is It?

Acronis Cyber Protect is a new cyber protection solution, which combines three key features :

  • Backup and Recovery : to allow reliable recovery of data, apps and systems
  • Malware Protection : to defend data with anti-malware and anti-ransomware protection
  • Security Controls : save IT resources with a simplified but comprehensive endpoint management toolkit

 

Acronis Cyber Protect : Business Benefits

This is what Acronis Cyber Protect promises to offer businesses :

Benefit #1 : Data Availability

Create regular, reliable backups of your data automatically and store them securely so they are instantly available whenever needed.

Benefit #2 : Fast Remediation

Restore data to any device – servers, workstations, VMs, and mobile devices – using full reimage, granular restore, or Instant Restore.

Benefit #3 : Downtime Prevention

Avoid the kind of costly system downtime that’s caused by ransomware, configuration errors, unpatched vulnerabilities, or faulty hardware.

Benefit #4 : Lower TCO

Improve performance, internal SLAs, and IT efficiencies so you can focus on important tasks, while simplifying training and maintenance.

Benefit #5 : Streamlined Protection

Eliminate complexity from your operations with one solution that integrates data protection, malware prevention, and security controls.

 

Acronis Cyber Protect : MSP Benefits

This is what Acronis Cyber Protect promises to offer Managed Service Providers (MSPs) :

Benefit #1 : Improved Profitability

Attract new business, upsell existing customers, and improve your ARPU by offering a full range of superior data protection services.

Benefit #2 : Easier SLA Compliance

Ensure that you are meeting your SLA requirements by helping customers avoid downtime and enabling immediate restores when needed.

Benefit #3 : Greater Cost Control

Reduce administrative costs by using one tool for all tasks – backups, onboarding, monitoring, managing, assistance, and reporting.

Benefit #4 : Decreased Churn

Keep your existing customers happy and satisfied so they come back for more – generating greater financial stability for your business.

 

Acronis Cyber Protect : Availability + Promotion

Acronis Cyber Protect has yet to be released, but you can request for Early Access.

Acronis is also offering Cyber Protect at the same cost of Acronis Cyber Backup Cloud for all service providers until July 31, 2020.

 

Recommended Reading

Go Back To >  Software | Cybersecurity | Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

COVID-19 Email Scams + Malware Are Spreading!

As the COVID-19 coronavirus spreads across the world, so are COVID-19 email scams and malware!

Tatyana Shcherbakova tells us what she and her team discovered!

 

Warning : COVID-19 Email Scams Are Spreading!

As the COVID-19 coronavirus spreads, fake information is being created and distributed at a very high rate, confusing people all over the world.

Cybercriminals are taking advantage of the confusion, creating various email scams, with some realistic ones pretending to be from the WHO.

Tatyana Shcherbakova, a senior web content analyst, details how her team looked at the COVID-19 email scams, and came across the realistic ones from WHO…

 

WHO Is Warning You? These Are COVID-19 Email Scams!

At first, we found emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. We also found scam emails with phishing links and malicious attachments.

One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.

Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid a COVID-19 infection.

Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.

This scam looks more realistic than other examples we have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.

In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources.

If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.

This is especially true if the sender suggests clicking on a link and sharing your personal data or opening an attachment.

You should not donate any real money or trust information with promises to help those affected by the virus, even if the email comes from someone who introduces themselves as an employee of a trusted organization.

Finally, double check the email address, as scammers often use free email services or addresses that have no relation to the organization mentioned.

 

Malware Masked As COVID-19 Coronavirus Documents!

They also found malicious files disguised as documents related to the COVID-19 coronavirus. The malicious files were masked under the guise of pdf, mp4 and docx files about the COVID-19 coronavirus.

The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case.

In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file.

This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.

 

COVID-19 Email Scams + Malware : How To Avoid

As governments and businesses are forced by the COVID-19 coronavirus to encourage their employees to work from home, it is critical that they employ these cybersecurity practices to reduce risk of falling for phishing attacks, or malware :

  • Provide a VPN for staff to connect securely to the corporate network
  • All corporate devices – including mobiles and laptops – should be protected with security software
  • The operating system and apps should be updated with the latest patches
  • Restrict the access rights of people connecting to the corporate network
  • Ensure that the staff are aware of the dangers of unsolicited messages

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.

 

Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.

 

Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.

 

Recommended Reading

Go Back To > Computer SystemsHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Malware Alert : How Shopper Takes Over Android Phones!

An Android malware called Shopper is actively taking over smartphones, to post fake reviews on Google Play.. and worse!

Find out what’s going on, and how to prevent your smartphone from being hijacked by Shopper!

 

Shopper : What Does It Do?

Shopper (Trojan-Dropper.AndroidOS.Shopper.a) is an Android trojan that uses the Google Accessibility Service to take over your smartphone.

It is not yet known how users are being infected, but researchers suspect that it may be downloaded through fraudulent ads, or third-party app stores when they try to download legitimate apps.

The malware masks itself as a system application, and uses a system icon called ConfigAPKs to hide itself from the user.

After the user unlocks the screen, the Shopper trojan launches and gathers information about the device, which is then sent to the attacker’s servers.

The attacker’s servers will then send commands to the Shopper trojan to execute one or more of these actions :

  • Check the rights to use the Accessibility Service. If permission is not granted, it will send a phishing request until it gets it
  • Turn off Google Play Protect, a safety check on Google Play Store apps before they’re downloaded
  • Post fake positive app reviews in Google Play, for those apps

  • Open links received from the remote server in an invisible window
  • Download and install advertised apps from Google Play Store
  • Download and install apps from the Apkpure third-party app store
  • Show ads when the smartphone screen is unlocked
  • Create labels to advertised ads in the app menu
  • Replace the labels of your installed apps with labels of advertised websites
  • Use your Google or Facebook account to register on popular shopping and entertainment apps, like AliExpress, Lazada, Zamora, Shein, Joom, Likee and Alibaba

 

Shopper : Who’s Getting Infected?

Right now, Kaspersky researchers say that it is most widespread in Russia (28.46%), following by Brazil (18.70%) and India (14.23%) :

 

Shopper : How To Block It?

To reduce the risk of being infected by Trojan-Dropper.AndroidOS.Shopper.a, take these actions :

  • Do NOT install apps from untrusted sources
  • Block the installation of apps from unknown sources in your smartphone settings
  • Be wary of apps that require the use of the Google Accessibility Service, especially if the app is not meant to offer accessibility features to the disabled
  • Always check application permissions to see what your installed apps are allowed to do
  • Use a reliable mobile security solution

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

NX Technology from The Tech ARP BIOS Guide!

NX Technology

Common Options : Enabled, Disabled

 

NX Technology : A Quick Review

The NX Technology BIOS feature is actually a toggle for the processor’s No Execute feature.

In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

NX Technology : The Full Details

Buffer overflow attacks are a major threat to networked computers. For example, a worm may infect a computer and flood the processor with code, bringing the system down to a halt. The worm will also propagate throughout the network, paralyzing each and every system it infects.

Due to the prevalence of such attacks, AMD added a feature called No Execute page protection, also known as Enhanced Virus Protection (EVP) to the AMD64 processors. This feature is designed to protect the computer against certain buffer overflow attacks.

Processors that come with this feature can restrict memory areas in which application code can be executed. When paired with an operating system that supports the No Execute feature, the processor adds a new attribute bit (the No Execute bit) in the paging structures used for address translation.

If the No Execute bit of a memory page is set to 1, that page can only be used to store data. It will not be used to store executable code. But if the No Execute bit of a memory page is set to 0, that page can be used to store data or executable code.

The processor will henceforth check the No Execute bit whenever it executes code. It will not execute code in a memory page with the No Execute bit set to 1. Any attempt to execute code in such a protected memory page will result in a page-fault exception.

So, if a worm or virus inserts code into the buffer, the processor prevents the code from being executed and the attack fails. This also prevents the worm or virus from propagating to other computers on the network.

The NX technology BIOS feature is actually a toggle for the processor’s No Execute feature. In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

Recommended Reading

Go Back To > Tech ARP BIOS GuideComputer | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Acronis True Image 2020 – Everything You Need To Know!

Acronis True Image 2020 was just released, and it is the first personal data protection solution to automate the 3-2-1 backup rule!

Here is EVERYTHING you need to know about Acronis True Image 2020!

 

Acronis True Image 2020

Acronis True Image 2020 is the first major update since True Image 2018 was released two years ago.

With this release, Acronis believes it has successfully addresses all Five Vectors of Cyber Protection – ensuring the safety, accessibility, privacy, authenticity and security of the user’s data (SAPAS).

Like its predecessor, it combines data backup and recovery capabilities, with anti-malware technology. The new release though boasts more than 100 enhancements. Let’s take a look at some of them…

Dual Protection In True Image 2020

Acronis True Image 2020 is the first personal data protection solution to automate the 3-2-1 backup rule.

It will automatically replicate local backups into the cloud, so you will always have an off-site copy for recovery.

After you completed the first backup, the backup and replication process will henceforth occur simultaneously.

True Image 2020 Tray Notifications Center

Acronis True Image 2020 now pushes messages about your data to your desktop tray, so you can easily monitor the status of your backups.

In addition to alerting you to urgent issues that require your response, it will also send you tips on how to enhance your computer’s protection.

Back Up Only On Selected Wi-Fi Networks

You will now have greater control, including the ability to select which Wi-Fi network to transfer your back-ups.

This allows you to avoid costly metered connections, and insecure public networks that could put your data at risk.

Custom Power Management

You will also have control on when your backups will run while you are on battery power. You can :

[adrotate group=”2″]
  • completely prevent backups whenever you are on battery power,
  • set a minimum power level for backups to run

Mac Power Nap Backups!

Acronis True Image 2020 will support Power Nap backups. Enable it, and your Mac will backup its data during its Power Nap.

In addition, any changes to your Mac’s data during its Power Nap will be captured in those backups too!

 

Acronis True Image 2020 Price + Availability

Acronis True Image 2020 is available in three versions, with immediate effect :

Standard Edition

This is a perpetual license designed for customers who store their data on local drives only.

It does not come with cloud storage or cloud-based features. However, you can make local backups of an unlimited number of mobile devices.

Pricing starts at $49.99 for one computer.

Advanced Edition

This is a one-year subscription that includes 250 GB of Acronis Cloud Storage, and access to all cloud-based features.

You will be able to make both local and cloud backups of an unlimited number of mobile devices.

Pricing starts at $49.99 per year for one computer.

Premium Edition

This is a one-year subscription that includes blockchain-based data certification and electronic signature capabilities, as well as 1 TB of Acronis Cloud Storage.

Pricing starts at $99.99 per year for one computer.

All versions include Acronis Active Protection – an AI-powered anti-malware protection, and covers an unlimited number of mobile devices.

 

Recommended Reading

Go Back To >  Software | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Top Three 2019 Cybersecurity Predictions By Dimension Data

Mark Thomas, VP of Cybersecurity at Dimension Data, recently shared with us his top three cybersecurity predictions for 2019.

  • Increased Benchmarks Will Improve Standards
  • A Strong Future For Predictive Threat Intelligence
  • Cybersecurity Investments Become More Strategic

 

The 2019 Cybersecurity Landscape

Cybercrime currently represents one of the top 10 biggest threats to our globe during 2019 – and it’s showing no sign of ebbing away. The approaches of hackers are increasing in sophistication, the volume of their attacks is intensifying, and successful breaches are causing more damage than ever before.

But as threats and attack types evolve, so too do our methods of defending against them, sparking levels of innovation previously unseen.

And despite the fact that 2018 represented a record year for the number of new business vulnerabilities discovered (a 12.5% upsurge from 2017), the most commonly attacked industries across the globe are also those best-equipped to guard against the latest criminal advances.

But what lessons can we learn from their success? Here are three ways the cybersecurity landscape is going to change over the coming years.

2019 Cybersecurity Prediction #1 : Increased Benchmarks Will Improve Standards

According to NTT Security’s 2019 Global Threat Intelligence Report, the average global cybersecurity maturity rating languishes at 1.45 out of 5 – a score determined by an organisation’s holistic approach to cybersecurity from a strategy, process, metrics and tools perspective.

At first glance, this rating makes for grim reading, but encouragingly, this increase in ‘cybermaturity’ benchmarking is galvanising many forward-thinking companies to make considerable changes in order to ramp up their security posture.

Among those are the two most ‘cybermature’ industries: finance and technology. It should come as no surprise that two such dominant sectors bear the brunt of the cybercrime offensive, each experiencing 17% of all attacks recorded in 2018.

Yet despite enduring this barrage, the finance and tech industries also boast the highest ‘cybermaturity’ rating of any industry, with 1.71 and 1.66 respectively.

It’s from these heightened levels of ‘cyberpreparedness’ that the majority of businesses – regardless of size, sector, or market – can draw some vital lessons from. By benchmarking their maturity, companies are showing a real willingness to inspire positive change; with a greater focus on predictive threat intelligence, more considered and strategic investments, and higher levels of internal and external collaboration representing some of the most critical approaches separating the best-fortified organisations.

Indeed, the finance and technology sectors are the industries most keen to team up with external partners to evolve their long-term strategies and next-generation architectures, unlocking access to trillions of logs and billions of attack records that can be used to shape a more predictive approach to cybersecurity defence.

2019 Cybersecurity Prediction #2 : A Strong Future For Predictive Threat Intelligence

With business vulnerabilities at a record high, the rise of predictive threat intelligence represents one of the most tangible and accessible ways that organisations can immediately bolster their security programmes.

The concept of cybersecurity defence evolving from a reactive to a more predictive model isn’t going to cause shockwaves among IT teams, but with our understanding of AI and machine learning technologies increasing – and attackers’ methods becoming more sophisticated in tandem – its application has never been more pertinent.

In fact, the market for threat intelligence tools is now expected to surge to USD 12.9 billion by 2023, at a growth rate of 19.7% each year.

This prediction, along with news that venture capital firm Insight Partners has splashed out USD 780 million on threat intelligence company Recorded Future, indicates this field is about to go through a sustained period of unprecedented innovation.

One of the secrets to unlocking the potential to predictive threat intelligence lies in the amount of threat information you are able to collect. Security teams need to start digging deeper into the murkier and harder to reach corners of the internet – such as the dark web – to outsmart the bad guys.

With machine learning potentially monitoring billions of logs, patterns can be identified and automated safeguards established so that attacks can be deflected instantly.

And the more granular you can go, the better – it affords security and IT teams with that much-needed structure and context to turn raw data into actionable intelligence.

2019 Cybersecurity Prediction #3 : Cybersecurity Investments Become More Strategic

With almost two-thirds of companies citing a poor understanding of their current risk profile as the primary inhibitor to a better cybersecurity posture, it’s clear that in order to better bolster their barricades, organisations must exercise a more strategic and calculated approach to cybersecurity investment.

The good news is that senior executives are finally prioritising cybersecurity as a critical boardroom concern – but from the lowly 1.45 out of 5 average cybermaturity rating, it’s painfully clear that ambitions are outpacing preparedness. This benchmark needs to change – but where should organisations channel their investment in order to best fortify their defences?

With the cryptocurrency market surging by 51% since the start of 2019, illicit cryptojacking techniques have followed suit, skyrocketing by a staggering 459% last year.

To best prevent, detect, and recover from cryptojacking, organisations should consider introducing egress and ingress filtering restrictions to moderate outbound traffic, denying stratum protocol usage, or segmenting your network environments to make it more difficult for an attacker to penetrate an attack through your entire network.

Segmenting your network environments is a method that can also be applied when defending against web-based attacks, which doubled during 2018 and now account for almost a third of all hostile traffic.

Performing regular vulnerability scans will help you identify issues earlier on during the development cycle, while enforcing secure coding practices will ensure applications remain solid from the moment throughout their design and launch.

Of course, the level of investment in these areas depends on your market and sector, where frequency and volume of attack types can vary greatly – but regardless of industry or location, one key focus cannot be ignored – compliance.

Embedding compliance requirements into your strategy is essential, and with such a wealth of information-sharing and collaborative tools available, there’s no excuse for not keeping pace with the latest regulatory requirements.

Success is achieved when organisations invest proportionately in people, processes, and tools to provide a solid foundation of security and data privacy expertise, across all technology stacks. Benchmarking yourself against industry best practices and control frameworks provides an easy way to measure the return on an organisation’s security investment.

Simply put, you cannot manage what you cannot measure, so it’s critical companies understand their compliance posture and plan ahead so they can achieve their security ambitions.

 

More On The 2019 Cybersecurity Landscape

We had the opportunity to sit down with Mark Thomas, VP of Cybersecurity and other members of Dimension Data (now part of NTT Limited) for a Q&A session on the 2019 NTT Security GTIR and cybersecurity landscape.

You can download the executive guide to the 2019 NTT Security Global Threat Intelligence Report here.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


MegaCortex Ransomware Analysis + Prevention by Sophos!

Sophos just released their analysis of the MegaCortex ransomware whose speed and spread of attack are very worrying! Get the key details about MegaCortex and how to prevent an attack!

 

What Is Megacortex?

MegaCortex is a new ransomware that was rarely seen until it suddenly spiked in volume in May 2019. Similar to infamous ransomware like Ryuk and BitPyamer, it is now spreading rapidly in these countries :

  • US
  • Canada
  • Argentina
  • Italy
  • The Netherlands
  • France
  • Ireland
  • Hong Kong
  • Indonesia
  • Australia

Why Is MegaCortex Dangerous?

Ransomware attacks are usually carried out in 3 ways:

  • Manual attacks
  • Automated attacks
  • Blended attacks

Unlike Ryuk and BitPyamer, MegaCortex is controlled by cybercriminals using more automated tools, and designed to spread infection to many victims at a much faster speed.

 

What Does MegaCortex Demand?

Unlike other ransomware attacks, MegaCortex has no clear ransom demands.

All it does is invite its victims to email the attackers on any of two free email addresses, attaching a file that had been dropped into the victim’s hard disk drive, to request decryption services.

The ransom note includes “a guarantee that your company will never be inconvenienced by us“. On top of that, if the victim pays the ransom, “You will also receive a consultation on how to improve your companies cyber security“.

How sweet of them.

 

How To Protect Against MegaCortex

Sophos recommends the following steps to protect your business from MegaCortex and the threat of ransomware attacks in general :

  • Companies are cautioned to be on the highest alert should they see warning signs about Emotet or Qbot, as there is strong correlation between MegaCortex and the two ransomwares.
  • Place the company Remote Desktop Protocol (RDP) machine behind a Virtual Private Network (VPN)
  • Practice two-factor authentication for systems logins
  • Regular backup of important and current data on an offline storage device
  • Use anti-ransomware software like Sophos Intercept X Advanced.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Secureworks Launches Red Cloak TDR Cybersecurity Service!

Secureworks just launched Red Cloak TDR at Dell Technologies World 2019 in Las Vegas! Here is a primer on the Secureworks Red Cloak TDI cybersecurity service!

 

SecureWorks Launches Red Cloak TDR

At Dell Technologies World 2019, Secureworks, a Dell Technologies subsidiary, unveiled Red Cloak TDR, their software-as-a-service (SaaS) app that allows companies to securely manage their own cybersecurity measures.

Developed with over 20 years of field experience in cybersecurity, Red Cloak TDR offers a new way for companies to detect, investigate and respond to online threats such as malware, ransomware etc. Unlike other cybersecurity services, it is aided by deep learning, and machine learning.

The AI assistance helps it quickly detect new and unknown online threats, while reducing false alarms. It also helps cybersecurity teams focus on the real or high-risk threats.

 

How Secureworks Red Cloak TDR Will Transform Cybersecurity

Cybersecurity threats can go undetected for hundreds of days in the gaps and disconnected layers of security products. This is particularly problematic with apps and services that are not updated on a daily or even hourly basis.

Red Cloak TDR Is Cloud-Native

As a cloud-native application, it can be quickly updated after investigations revel a new threat. In addition, the service includes the following features :

  • Intuitive workflows
  • Automation
  • Chat feature
  • Access to Secureworks’ cybersecurity team and network

Software-as-a-Service

As a software-as-a-service (SaaS) app, there is no hassle of installing on-site hardware or software system version upgrades. All updates, back-ups and tuning will be covered by the Red Cloak TDR app.

The app does not charge by data consumption like some apps, so users are free to process and manage all the security data they need to protect their organisation. The app is also designed to integrate into the organisation’s own control framework.

 

Recommended Reading

Go Back To > Enterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The 2019 Kaspersky ICS CERT Report + Recommendations!

The 2019 Kaspersky ICS CERT Report just revealed that almost half of the Industrial Control System (ICS) computers they protected were attacked in the second half of 2018. This is a wake-up call to industries large and small.

They also shared with us some technical measures that can help companies ward off these cyberattacks.

 

The 2019 Kaspersky ICS CERT Report

The 2019 Kaspersky ICS CERT report is based on the industrial threat landscape the team experienced in H2 2018.

In that period, they noted that almost half of the ICS computers they were protecting were attached in some form.

These attacks could have crippled these industrial facilities if they resulted in an actual breach. That would have caused great material and production losses.

Here is the summary of their report :

  • 47.2% of ICS computers were attacked in 2018, slightly more than the 44% they encountered in 2017.
  • Vietnam was the top country, with 70.90% of their ICS computers attacked
  • Algeria was second, with 69.91%; and Tunisia was third with 64.57% attacked.
  • The least impacted countries were Ireland (11.7%), Switzerland (14.9%), and Denmark (15.2%).

 

Mass-Distributed Malware Is The Greatest Threat

Mass-distributed malware such as phishing emails are the most common way used by hackers to infiltrate industrial companies throughout the Asia Pacific region and the world.

Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails.

However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.

 

Knowledge And Training Are Essential To Combating Malicious Cyber Attacks

According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky Lab,

Our researchers are seeing many carefully crafted phishing emails, sent purportedly by real companies and masked as business correspondence, commercial offers, invitations to tender and so on, which could be very commonly faced by many enterprises in Malaysia.

We recommend all companies to warn their staff of this real threat and to train them to recognize signs of an attack, to not open suspicious files or click on links, and to inform their IT department of any potential incidents,” Yeo said.

H2 2018 saw a decline in ICS infections in Malaysia, 41.1% versus H1 2018 of 50.8%. It is a good sign that users are more aware of the cyber risks, and are becoming careful about it,” Yeo added.

 

How To Safeguard Industrial Computer Systems (ICS)

The 2019 Kaspersky Lab ICS CERT recommends the following measures to protect Industrial Computer Systems (ICS) :

  • Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
  • Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs.
  • Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


2019 Symantec Internet Security Threat Report Highlights!

Symantec held an exclusive briefing on the newly-released 2019 Symantec Internet Security Threat Report. In this article, we will share with you the full briefing video, as well as highlights from that Symantec cybersecurity report!

 

The 2019 Symantec Internet Security Threat Report

The 2019 Symantec Internet Security Threat Report is the 24th volume published so far. Based on data from Symantec’s Global Intelligence Network, the ISTR is designed to give businesses and the public an overview of the cybersecurity threat landscape.

The Symantec Global Intelligence Network, incidentally is the world’s largest civilian cybersecurity threat intelligence network. It records events from 12 million attack sensors across more than 157 countries worldwide, blocking 142 million threats every day.

 

The 2019 Symantec ISTR Briefing Highlights

Briefing us on the 2019 Symantec ISTR was Sherif El-Nabawi, Vice-President of Sales Engineering, Symantec APJ; and David Rajoo, Chief Cybersecurity Architect, Symantec ASEAN.

Diminishing Returns Of Ransomware + Cryptojacking

Ransomware, which encrypts and holds data hostage in return for payment in the form of cryptocurrency, has been hit by declining cryptocurrency values as well as increasing adoption of cloud and mobile computing. This led to a 20% drop in infections.

Cryptojacking, in which malware is used to steal computing power from consumers and enterprises to mine cryptocurrency is similarly hit by the drop in cryptocurrency value. Symantec noted that cryptojacking activity declined by 52% in 2018. Even so, it is still a major problem – they blocked 3.5 million attempts in December 2018 alone!

Formjacking Overtakes Ransomware + Cryptojacking

With diminishing returns from ransomware and cryptojacking, cybercriminals now prefer formjacking.

Formjacking is basically a form of virtual ATM skimming. They basically inject malicious code into an online shopping site to steal shoppers’ payment card details.

According to Symantec, more than 4,800 websites are compromised with formjacking code every month, and they blocked more than 3.7 million formjacking attacks on endpoints in 2018.

Generally, small and medium retailers are most widely compromised, and a third of the attacks happened during the business online shopping period of the year – from November through December.

Cloud Is The New Weak Point

With the greater adoption of cloud computing, the same security mistakes are happening in the cloud… with exponentially greater consequences. In 2018, more than 70 million records were stolen from poorly-configured AWS S3 buckets.

Hardware vulnerabilities like Meltdown, Spectre and Foreshadow also put cloud services at risk of being exploited to gain access to every protected memory space in the compromised server. In a single server, data from hundreds of companies could be stolen by a single exploit.

Living off the Land Attacks On Supply Chain

Supply chain attacks using Living off the Land (LotL) tools have increased by 78% in 2018. For example, the use of malicious PowerShell scripts increased by 1,000 percent last year, with Symantec blocking 115,000 of them each month – less than 1%.

These attacks are hard to defend against, because they use the same tools users and organisations need to function. Identifying and blocking them will require the use of advanced detection methods like analytics and machine learning.

Internet of Things (IoT) Attacks Are Changing

While the volume of attacks of IoT devices remains high and consistent with 2017 levels, their profiles are changing. In addition to routers and wireless cameras, attacks now have access to smart light bulbs and virtual voice assistants.

Smartphones Are The Greatest Spying Devices

According to Symantec, smartphones are the greatest spying devices ever created. Their research show that :

  • 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking,
  • 46% of popular Android apps and 24% of popular iOS apps request permission to access the smartphone camera, and
  • email addresses are shared with 44% of top Android apps and 48% of top iOS apps!

 

Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab is warning of malicious cryptocurrency mining powered by pirated software and content. Learn more about this new online threat!

 

Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!

Kaspersky Lab has warned that the global outbreak in malicious cryptocurrency mining in 2018 has increased by more than 83%5 million users were attacked online in the first three quarters of 2018 compared to 2.7 million users in 2017.

The major driver behind the malicious cryptocurrency mining was the use of unlicensed software and content.

 

Malicious Cryptocurrency Mining

Malicious cryptocurrency mining has prevailed over the main threat of ransomware in recent years. The number of  attacks had increased steadily during the first half of 2018. It peaked in March with about 1.2 million users attacked.

Kaspersky Lab experts have investigated the regulatory landscape and electricity prices in the top 10 countries targeted by crypto miners and main infection vectors for the popular malware families.

The investigation of malware families revealed that they mainly infected devices by duping users into installing pirated software and unlicensed content.

“Our analysis of the economic background of malicious crypto mining and the reasons for its widespread presence in certain regions revealed a clear correlation: the easier it is to distribute unlicensed software, the more incidents of malicious crypto miner activity were detected. In short, an activity not generally perceived as dangerous: the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto mining,” notes Evgeny Lopatin, security expert at Kaspersky Lab.

Other Key Findings From The Report

  • The total number of users who encountered miners rose by more than 83% from 2,726,491 in 2017 to 5,001,414 in 2018
  • The share of miners detected increased from 5% in 2017 to 8% in 2018
  • The share of miners detected from the overall risk tool detections has risen from 9% in 2017 to 17% in 2018
  • The total number of users who encountered mobile miners also grew by over 5 times from 1,986 in 2017 to 10,242 in 2018.

 

Steps To Reduce Risk Of Infection

  • Always update software on all your devices to prevent miners from exploiting vulnerabilities.
  • Use tools that can automatically detect vulnerabilities and download and install patches.
  • For personal devices, use a reliable consumer security solution and remember to keep key features such as System Watcher switched on.
  • Don’t overlook less obvious targets such as queue management systems, POS terminals and even vending machines.
  • Use application control to track malicious activity in legitimate applications.
  • Specialized devices should be in Default Deny mode.
  • Use dedicated security solution such as Kaspersky Endpoint Security for Business
  • To protect the corporate environment, educate your employees and IT teams to keep sensitive data separate and to restrict access.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

First Kaspersky Transparency Center Launched In Zurich!

Kaspersky Lab just launched their first Data Processing and Transparency Center in Zurich. This is part of their Global Transparency Initiative that we covered a while back.

Let’s take a look, and find out what this means for Kaspersky Lab and global cybersecurity!

 

The First Kaspersky Transparency Center

Malicious and suspicious files shared by users of Kaspersky Lab products in Europe will be processed in Kaspersky Lab data processing centers in Zurich, the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative.

The move reflects Kaspersky Lab’s determination to assure the integrity and trustworthiness of its products and the data processing center is accompanied by the opening of the company’s first Transparency Center in Zurich.

The relocation of Kaspersky Lab data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks. It also further proves the trustworthiness of its products, services and internal processes.

 

Threat-Related Data and Malicious Files

From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.

Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. Protection of customers’ data, together with the safety and integrity of infrastructure is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019.

The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.

 

Kaspersky Lab’s First Transparency Center

The opening of Kaspersky Lab’s first Transparency Center in Zurich enables authorized partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities.

Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment.

These developments will be followed by the relocation of data processing for other regions and, in phase two, the move of Kaspersky’s Lab’s software assembly to Zurich.

 

Kaspersky Lab’s Choice of Location in Zurich, Switzerland

Switzerland is a top location in terms of the number of secure internet servers available and is known as an innovative center for data processing and high quality IT infrastructure. A non-EU member in the heart of Europe, Switzerland has established its own data privacy regulation that is guaranteed by the state’s constitution and federal laws. There are strict regulations on processing data requests received from authorities.

“Transparency is becoming the new normal for the IT industry– and for the cybersecurity industry in particular. We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world.

The promises made in our Global Transparency Initiative are coming to fruition, enhancing the resilience and visibility of our products. Through the new Transparency Center also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning – for the company and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard.” Eugene Kaspersky, CEO Kaspersky Lab said.

 

Kaspersky Lab’s Next Big Step

Kaspersky Lab has engaged one of the Big Four professional services firms to conduct an audit of the company’s engineering practices around the creation and distribution of threat detection rule databases. This is done with the goal of independently confirming their accordance with the highest industry security practices.

The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records which are created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for the second quarter 2019 as part of its ongoing efforts to improve the security of its products with the help of a community of security enthusiasts from all over the world.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

84% of New PCs with Pirated Software Infected with Malware!

A recent Microsoft PC test purchase sweep revealed that 84% of new PCs sold in Asia with pirated software were infected with malware. Here are the details of their report…

 

The Microsoft Asia PC Test Purchase Sweep

The Microsoft Asia PC Test Purchase Sweep examined a total of 166 new PCs from 9 markets across Asia – India, Indonesia, Korea, Malaysia, Philippines, Singapore, Taiwan, Thailand and Vietnam.

The PC samples selected were purchased from retailers that offered PCs  at much lower cost and free software bundles to lure customers. In many cases, these retailers also sold pirated software at their store.

 

84% of New PCs with Pirated Software Infected With Malware!

The sweep found that one of the most common practices for vendors installing pirated software on new PCs is to turn off the security features, such as anti-virus software and Windows Defender as doing this allows them to run the hack-tools needed to activate the pirated software.

However, this leaves PCs vulnerable to malware and other cyberthreats, and the buyers of these PCs may not even realize that their PC is not being protected.

The sweep also uncovered that 84%of the new PCs loaded with pirated software were infected with some type of malware, with the most common malware being :

  • Trojans are a type of malware that is employed by cybercriminals to gain remote access and control of devices, allowing them to spy on the users and steal private data. While Trojans typically depend on some form of social engineering to trick users into loading and executing them, bundling them with pirated software makes it easier for cybercriminals to compromise and control PCs.
  • Viruses are another type of malware whichcan cause infected computers to do a variety of things which are not beneficial to the PC owner, such as terminating devices’ security features, sending spam messages, and contacting remote hosts to download additional malware.

These findings are particularly concerning as customers buy PCs that offer special deals which are cheap and come with free software, not realizing the risks they may be exposing themselves to. In most cases, they may not even realize that the security features of their PCs are turned off and may fail to spot suspicious activities on their devices.

Many of these infected PCs’ users are highly susceptible to data loss, including personal documents and sensitive information such as passwords and banking details, as well as identity theft where they lose control of their social media and email accounts. Users might also experience compromised PC performance as malware, running in the background, can slow down devices.

All these factors can lead to consumers and businesses chalking up significant monetary, time and productivity losses as they work to resolve the issues.

 

Key Cyber-Hygiene Practices for Individuals and SMEs

The most fundamental step that users can take to safeguard themselves digitally is to always insist on buying PCs from established retailers and not ones that also sell pirated software, and ensuring they are getting genuine software. Consumers should refer to software vendors’ websites to learn how they can distinguish between genuine and pirated software.

Besides using genuine software, people can also consider and adhere to the following recommendations to better protect themselves:

  • Keep software current with the latest security patches, which are always free.
  • Follow safe Internet practices and do not visit potentially dangerous websites, such as those that offer adult content, illegal downloads, and pirated software, as well as file sharing portals.
  • Avoid using very old software which has reached its end of life and is no longer supported by the software vendor for updates and security patches.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Software | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Exclusive : Tech ARP Interviews Keith Martin Of F-Secure!

F-Secure Regional Director of APAC and Japan, Keith Martin, flew into Singapore to ink a major regional partnership agreement with ACE Pacific Group.

Timothy Shim from Tech Barrista and I had the opportunity to interview Mr. Martin about cybersecurity trends in Asia Pacific and worldwide.

 

Tech ARP Interviews Keith Martin

Keith Martin is the Head of Asia Pacific Corporate Business, F-Secure. Here was our exclusive interview with Mr. Martin after he officially signed the APAC partnership agreement with ACE Pacific Group.

The Cybersecurity Business

Tech ARP : How has your long experience in Japan helped you with F-Secure’s business in Japan?

Keith Martin : Japan is one of the largest market for F-Secure, and we are trying to replicate that (success) in the APAC region.

Tech ARP : Are you still based in Japan?

Keith Martin : Yes, but I have now racked up a lot of frequent flyer miles.

Tech ARP : What are your thoughts on the cybersecurity market in the APJ (Asia Pacific and Japan) region?

Keith Martin : Japan is a large market, but the growth rates are relatively stable. We look at the Asia Pacific region (which includes India, Australia and New Zealand), as the next source of growth for F-Secure.

Tech ARP : What are your plans, and areas of focus, for the APJ region?

Keith Martin : Without question, Singapore is going to be a major focus for F-Secure, as well as Australia and New Zealand. We just signed a major partnership agreement with ACE Pacific, which will be a cornerstone of our strategy in coming years.

Cybersecurity Backdoors

Tech ARP : Chinese and Russian companies have been hit by accusations of cyber espionage and hacking, loose security and/or inserting backdoors into their products. Do you see this as a good opportunity to promote F-Secure’s products, or is this a poison pill for the entire industry?

Keith Martin : I don’t think it’s a poison pill for the entire industry. I have never seen any direct evidence that these go beyond mere accusations, but I understand the need to be cautious. One of the things that F-Secure is proud of is our policy that we will never add a backdoor into our products.

We are willing to walk away from any business if it means adding a backdoor. This is just the way we operate, because Finland has extremely tough privacy laws.

I think it’s absolutely an opportunity for us to differentiate ourselves (from the other cybersecurity companies) with our public pledge never to add backdoors in our software.

Tech ARP : Some countries like China and Russia are demanding access to encryption keys, and in some cases, requiring registration of VPN services. How do those tightening laws affect F-Secure products like Freedome VPN?

Keith Martin : F-Secure is very focused on maintaining the security of our products, so if those are the requirements, we will decline and get out of those markets. We would rather walk away from the potential business, than compromise the security of our products.

Government Interest

Tech Barrista : On the geopolitical implications of malware, do you feel that governments are increasingly more focused on cybersecurity on a national scale?

Keith Martin : For sure. We now see nation states attacking each other. There’s no denying that fact. Look at Stuxnet, that malware (which was targeted at Iran) got released into the wild and suddenly, people have the technology to use it elsewhere for nefarious purposes. I think that any country that does not pay attention to cybersecurity is sticking their heads into the sand.

Tech Barrista : Do you feel that this presents a greater opportunity for F-Secure?

Keith Martin : It represents opportunity, of course, but our mission as a company is to stop the spread of malware and cybersecurity attacks, wherever they happen. It’s a kind of Catch-22 situation, where we wish that nation states would not attack each other, but yes, we have the opportunity to help them protect themselves against such attacks.

Transparency

Tech ARP : What is F-Secure doing to promote and enhance source code transparency? Like opening up transparency centers?

Keith Martin : At this point in time, there are no plans to do so. We have a very good reputation throughout our 30-year history of being straightforward and upfront. I have never seen any accusations against us of malicious activities.

Tech ARP : Does F-Secure allow corporations or countries with concerns to inspect their code?

Keith Martin : I don’t know of any specific situations in Asia Pacific where F-Secure has allowed this. It may have been allowed in other regions, where governments have specific concerns, but I’m not aware of those situations.

Malware Galore!

Tech ARP : Ransomware and phishing attacks are big problems these days. Can you detail how F-Secure can help users prevent or mitigate the risks of ransomware and/or phishing attacks.

Keith Martin : Third-party analysis of our software show that we are actually better at detecting these 0-day attacks than any other companies out there. We pride ourselves in detecting not just the malware we know about, but also the malware we don’t about, using technologies we have been developing over the last 20 years.

We have a multi-layered engine, where we use everything from the basic pattern matching technology, to heuristics, etc. so that if it doesn’t catch the malware on the first layer, it will catch the malware on the second or third or fourth layer.

Tech Barrista : Is malware-as-a-service now common?

Keith Martin : It is becoming more and more common. The entry barrier to launching a malware attack is now much lower due to the ability to outsource the creation of the malware.

Cybersecurity Risks Of IoT Devices

Tech Barrista : With cybercriminals leveraging the Internet of Things and Artificial Intelligence, how much more complex do you see the cybersecurity landscape becoming?

Keith Martin : It’s becoming incredibly complex. Our Chief Research Officer Mikko Hypponen said, “Once you connect something to the Internet, it’s vulnerable“. Billions of devices connected to the Internet become potential attack vectors for cybercriminals.

Most IoT devices don’t have good security. If you can get into one of those devices, you can get into the network through them.

Tech ARP : Does F-Secure have any products to mitigate the risks of poorly-secured IoT devices?

Keith Martin : On the consumer side, we have F-Secure Sense, which protects every device on your network.

 

Keith Martin’s Professional Bio

Keith Martin has been Country Manager for F-Secure Japan for 2 years, before being promoted in February 2018 to oversee the entire Asia Pacific region.

Prior to joining F-Secure in 2015, he spent a decade in the telephony and contact center space, first working for four years in Avaya Japan as Director of Multinational Account Sales, followed by six years serving as Japan Country Manager for Interactive Intelligence, a pioneer in cloud contact center technology.

Before that, Keith also spent three years at internet startup ValueCommerce helping build their web hosting platform business before the company was acquired by Yahoo Japan. He got his start at global IT services provider EDS (now HP), delivering IT services to numerous financial industry accounts.

Go Back To > Cybersecurity | BusinessTech ARP

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!