Florida Attorney General wants to warn iOS, Android users which apps are foreign-owned

andreasc
-
0
Florida Attorney General wants to warn iOS, Android users which apps are foreign-owned
[ad_1]
Worried about national security risks, Republican Florida Attorney General Ashley Moody proposes that Apple and Google flag apps developed and/or owned by foreign companies. Moody sent letters (via AppleInsider) to Google CEO Sundar Pichai and Apple CEO Tim Cook suggesting that a special icon or designation accompany Android and iOS apps that are created or owned by a company located outside of the states.

Moody’s letter naturally pointed out the one foreign-owned app that many are fearful of, TikTok. The short-form video app is always among the top titles getting installed on Android and iOS devices each year. It is owned by a Chinese company called ByteDance and Moody notes that the app has “been flagged by national security experts as posing a risk to both privacy and user information.”

There are concerns that TikTok can track the keystrokes that users type on its in-app keyboard allowing ByteDance to steal users’ personal information related to the TikTok app. In her letter to Apple and Google, Moody mentions the high-altitude spy balloons from China recently shot out of the skies by the U.S. military. She says that events like that underscore the need to add additional protections to mobile applications.
Florida Attorney General Ashley Moody wants a special designation to alert iOS and Android users about foreign-owned apps - Florida Attorney General wants to warn iOS, Android users which apps are foreign-owned

Florida Attorney General Ashley Moody wants a special designation to alert iOS and Android users about foreign-owned apps

AG Moody writes, “We must ensure that consumers have the information needed to make informed decisions about their data privacy and security. The existing lack of transparency in app stores can create a significant risk for American citizens and could cause their personal information to be exploited by foreign entities of concern.” She added, “Further, it is alarming that out of the top apps in Apple’s App Store [and Google’s Play Store], the top three are China-based, thus equating to hundreds of millions of downloads domestically and billions worldwide.”

States such as Maryland, Texas, South Dakota, and Oklahoma have banned TikTok on government devices and The House of Representatives has ordered the removal of TikTok on phones used by lawmakers and staff. Another incident that scares Moody is the discovery of code from Russian company Pushwoosh that was found in thousands of App Store apps including ones from The Centers for Disease Control and Prevention (CDC), and the U.S. Army.

Moody’s letter added that “Consumers deserve the highest level of transparency when choosing to download an application to their phones. This can be achieved by adding a foreign-owned and/or developed designation to applications related to these countries.”


[ad_2]
Source link

Multilingual skimmer fingerprints ‘secret shoppers’ via Cloudflare endpoint API

andreasc
-
0
Multilingual skimmer fingerprints ‘secret shoppers’ via Cloudflare endpoint API
[ad_1]

Magecart threat actors continue to go after e-commerce sites while also collecting data points from fake customers.

One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. There are different services that exist to vet such things as credit card numbers so that buyers can purchase with confidence.

Criminals are also very aware that anyone and in particular security researchers may want to interfere with their operations. Filling up phishing pages with junk data is a sport of its own, although it may also be counterproductive at times. Using special cards for tracing purposes can also be used by defenders to follow the money.

We recently spotted a Magecart skimmer that collects the current victim’s IP address and browser user-agent in addition to their email, address, phone number and credit card data. Because the victim already filled in their home address, we believe this is a fingerprinting effort much like what is done in traditional malware campaigns.

Skimmer targets various geolocations

The skimmer uses iframes that are loaded if the current page is the checkout and if the browser’s local storage does not include a font item (this is equivalent to using cookies to detect returning visitors).

Figure 1: Skimmer checking for address bar and inserting iframe

The final rendering is identical to official payment platforms and does not give anything away:

Figure 2: Fake payment forms injected by skimmer

Fingerprinting via Cloudflare API

The underlying code will scrape everything from the customer’s contact and payment forms. This is something that is often overlooked when talking about digital skimmers but yet is extremely important. While financial institutions can reissue you a new card in the mail, the information the criminals have collected is equivalent to a data breach and can be reused for other types of fraud later on.

Figure 3: Skimmer data collection and fingerprinting

One thing we noticed that was a little unusual, is code that queries the legitimate Cloudflare endpoint API and parses out the results specifically for two things: the user’s current IP address and browser’s user-agent. A user-agent string might look something like this:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36

From this you can determine the user is running Windows 10 (64 bit version) with Chrome version 110.

Figure 4: Stolen data including IP address and user-agent string

It’s worth noting that this is done after credit card data has already been collected and not before. It is quite common to check the user-agent string upon visiting a web page to determine whether a particular victim fits the target profile or to adapt the content to a mobile or desktop experience.

Since the skimmer already grabbed the shopper’s city, postal code and country it’s unlikely that the IP address would be of much use beyond that. We believe the threat actors are likely collecting IP addresses and user-agent strings for quality checks and monitoring invalid users such as bots and security researchers.

Conclusion

We observe a number credit card skimmers targeting e-commerce platforms such as Magento and WordPress/WooCommerce. Online merchants need to be aware of this threat and take appropriate measures to not only be compliant but also to make it much harder to be compromised in the first place. Since we mentioned Cloudflare in this post, it’s worth noting that the company provides a service to businesses called Page Shield, that helps keep visitors safe through malicious third-party libraries.

We continue to track and report skimming infrastructure in order to protect our users via our Malwarebytes for consumers and businesses, as well as our Browser Guard extension.

Indicators of Compromise

gtag-analytics[.]com

gtag-analytics[.]com/analytics/15798/script.js?key=
gtag-analytics[.]com/analytics/18452/script.js?key=
gtag-analytics[.]com/analytics/25198/script.js?key=
gtag-analytics[.]com/analytics/31826/script.js?key=
gtag-analytics[.]com/analytics/32444/script.js?key=
gtag-analytics[.]com/analytics/34515/script.js?key=
gtag-analytics[.]com/analytics/65526/script.js?key=

gogletags[.]click


[ad_2]
Source link

iPhone 15 Lineup to Reportedly Feature RAM Improvements

andreasc
-
0
iPhone 15 Lineup to Reportedly Feature RAM Improvements
[ad_1]

RAM Improvements

A recent report suggests that the forthcoming iPhone 15 series could feature slight RAM improvements over the current devices. 

Previously, Taiwanese research firm TrendForce claimed that Apple could release the iPhone 15 Pro models with 8GB RAM later this year. That’s a slight bump from the 6GB RAM on the current iPhone 14 Pro lineup. 

The report also noted that the standard iPhone 15 and iPhone 15 Plus would remain at 6GB of RAM. 

Now a new TrendForce press release doubles down on the previous claim. Besides bumping up the forthcoming iPhone 15 Pro’s RAM capacity, the latest report suggests that Apple could also increase the iPhone 15 models’ RAM specification. 

“Apple will bump up the capacity and specifications of the DRAM solutions featured in the next generation of the iPhone that is scheduled for release this year,” says TrendForce. 

So what do the RAM improvements mean for users? 

Effect of iPhone 15’s RAM Improvements on User Experience

The 8GB RAM will result in improved multitasking on the iPhone. Users should now be able to simultaneously run more apps in the background without worrying that the system might shut down. 

Despite not getting a bump in capacity, the iPhone 15 and 15 Plus models could get a specification boost to the faster LPDDR5 RAM. That’s the same spec as last year’s iPhone 14 Pro models. 

Expectedly, combining these RAM improvements with the rumored A17 Bionic chip could result in a significant performance boost over previous generations. This is especially true since Apple hasn’t announced a RAM bump since releasing the iPhone 12 Pro with 6GB RAM. 

Based on previous experiences, Apple should announce the iPhone 15 series later in September. 

Until then, several leaks already indicate slight design changes, such as thicker camera bumps, slimmer bezels, and curved edges. The reports further suggest that the forthcoming iPhone 15 lineup could include a USB Type-C charging port. 


[ad_2]
Source link

ASUS ROG Phone 6/6 Pro: Everything You Need To Know

andreasc
-
0
ASUS ROG Phone 6/6 Pro: Everything You Need To Know
[ad_1]

ASUS officially announced the ROG Phone 6 and ROG Phone 6 Pro on July 5. Introducing the mobile gaming world to the latest superpowered handset. While we have loved the ROG Phone 6 Pro and covered a lot about how the device performs in our review, there’s a lot more to actually know about the phone. So we’ll be covering that information here.

ASUS’s ROG Phone brand has come a long way since the days of the original phone. And although that particular device was among the best for mobile gaming even back then, ASUS has really added some spit and polish to its most recent offering. Quite simply, this is the best ASUS has ever produced and it finally feels like it can be a worthy daily driver for the majority of users.

With all of that said, let’s dive a little more into the phone series. If you’re considering buying one, then it won’t hurt to know more about it.

When do the ROG Phone 6 and ROG Phone 6 Pro launch?

ASUS ROG Phone 6 Pro Review 4

ASUS hasn’t officially launched the phone yet but it did begin pre-orders on July 5, the day of its announcement. ASUS also noted that the device would ship to buyers “a few weeks later” which means it should be shipping out to those who pre-ordered sometime next week or the week after.

Right now the device is only available for pre-order in the UK, Europe, and Taiwan. With no official release time for the US. ASUS did officially launch the ROG Phone 5 in the US though, so its predecessor will eventually make it stateside as well.

It’s just a matter of time. That being said, the device will probably reach US consumers before the end of the year.

Update: September 9, 2022

The ROG Phone 6 and ROG Phone 6 Pro are now available for pre-order in the US via Amazon. They will be available for pre-order through the ASUS Store in the near future.

How much does the phone cost?

This will depend on where you buy it and what model you get. The ROG Phon 6 with 12GB of RAM and 256GB of storage is £899 in the UK and €999 in Europe. The ROG Phone 6 with 16GB of RAM and 512GB of storage increases the price to £999 in the UK and €1,149 in Europe.

And finally, the ROG Phone 6 Pro, which comes with 18GB of RAM and 512GB of storage, is £1,099 in the UK and €1,299 in Europe. As of right now there are no official prices for the US. And there likely won’t be any confirmed US prices until after ASUS officially announces when the US release date is. At which point it will probably open up pre-orders as well.

ASUS also lists an 8GB RAM model of the ROG Phone 6 on its US site, but no prices are listed and it does not seem to offer this model in the UK at all. So configuration availability is definitely subject to region.

Update: September 9, 2022

US pricing for the device starts at $999. This is for the 12GB RAM/256GB storage model. The 16GB RAM/512GB storage model retails for $1,099, and the ROG Phone 6 Pro, which comes with 18GB of RAM and 512GB of storage will retail for $1,299.

How many models of the ROG Phone 6 are there?

There are two models of the device, with a combined total of four configurations. This includes three configurations of the ROG Phone 6, and one configuration of the ROG Phone 6 Pro.

So this year ASUS has decided to cut things down. With the ROG Phone 5, it launched three different models. The 5, 5 Pro, and 5 Ultimate. Then it also ended up launching the 5s and 5s Pro. This year, ASUS has essentially packed everything that would have been in an Ultimate into the 6 Pro, and everything that would have been in a Pro and 5s models into the second configuration of the 6.

In our opinion, this makes everything way easier. And it’s less convoluted for the consumer. Having too many models to choose from just leads to indecision which can lead to no sale. ASUS appears to be trying to make things simpler here.

What are the full specs for the device?

The specs for the most part are the same across all four configurations that ASUS is offering. With the only changes being the amount of RAM, and how much storage you have. The ROG Phone 6 also doesn’t come with an LCD display on the back like the Pro model. And instead uses a customizable RGB pattern like on last year’s ROG Phone 5s. The rest of the specs however are the same. So here’s the breakdown of what you get.

  • Colorways – Phantom Black and Storm White for the ROG Phone 6, and Storm White for the ROG Phone 6 Pro
  • Processor – Snapdragon 8+ Gen 1 Mobile Platform with Adreno 730
  • Memory – 8GB/12GB/16GB for the ROG phone 6, and 18GB for the ROG Phone 6 Pro
  • Storage – 256GB and 512GB for the ROG Phone 6, and 512GB for the ROG Phone 6 Pro
  • Display – 6.78-inch Samsung AMOLED with 2448 x 1080 resolution and Corning Gorilla Glass Victus
  • Refresh rate – 165Hz
  • Rear camera – Main Sensor: Sony IMX766 50MP image sensor – plus 13MP ultrawide sensor and 5MP macro sensor
  • Front camera – 12MP sensor
  • Video – 8K UHD at 24fps, 4K UHD at 30fps and 60fps, 1080p FHD at 30fps and 60fps, 720p HD at 30fps and 60fps
  • Speakers – Dual front-facing stereo speakers with Dirac HD sound
  • SIM – Dual SIM card slots
  • Battery – 6,00mAh high-capacity battery with Quick Charge 5.0 support
  • Sensors – In-display fingerprint sensor, accelerometer, face recognition, e-compass, gyroscope, proximity sensor, ambient-light sensor, ultrasonic sensors for AirTrigger 6 and grip press
  • Power adapter – 65W USB-C power adapter
  • Water resistance – IPX4
  • Weight – 239g
  • Dimensions – 173 x 77 x 10.3 mm

Does the phone have expandable storage?

No. The ROG Phone 6 series does not come with expandable storage. Like many of today’s devices, you get what comes in the phone and that’s it. Luckily, with the ROG Phone 6 and ROG Phone 6 Pro, your options are 256GB or 512GB. Which is quite a lot and most people who would buy this device would probably struggle to use it all up.

That doesn’t mean it’ll be enough for everyone. But for a phone, it’s exceptionally easy to get by with ether of these amounts. Thanks to the advancement of cloud gaming and cloud storage. Which ultimately means you use up less room for storing games, apps, music, movies, photos, videos, documents and more.

Do the ROG Phone 6/6 Pro have any accessories?

ASUS ROG Phone 6 Pro Review 6

The ROG Phone 6 series has a few official accessories, and a relaunch of one accessory from last year. There’s the all-new AeroActive Cooler 6 which comes in the box, as well as a shell case in the box. There’s also an optional shell case, an optional protective case from Devil Case, and an optional tempered glass screen protector.

ASUS also re-released the ROG Kunai 3 gamepad in Storm White to match the new White color of both the ROG Phone 6 and ROG Phone 6 Pro. Lastly, ASUS is launching a new set of true wireless earbuds for the phone that can be transformed into a wired pair, and a phone clip for third-party controllers.

Is The ROG Phone 6 running on Android 12?

Yes. ASUS ships the ROG Phone 6 and ROG Phone 6 Pro with Android 12 out of the box. So there’s no need to update the software to be on the newest version of Android. Which makes sense given that the ROG Phone 5 received the Android 12 update officially well before the 6 and 6 Pro were announced.

Update: February 21, 2023

As of February 21, 2023 ASUS has begun pushing out the update for Android 13 to the ROG Phone 6 and ROG Phone 6 Pro. This means most or all ROG Phone 6 and ROG Phone 6 Pro owners should have Android 13 running on their devices by the end of the week.

Does the phone have good battery life?

ASUS ROG Phone 6 Pro Review 7

The phone has excellent battery life. After all, this isn’t too difficult to achieve when there’s a 6,000mAh high-capacity battery powering your experiences.

In short you can easily get by on two days of use with a single charge. Maybe more. That will naturally change based on how you use the phone. For example, if you sit down for a few hours of gaming with a graphically demanding game like Genshin Impact or Diablo Immortal, then your battery can certainly lose about 50% of its power in that time. Even then that doesn’t matter too much since the phone charges up very rapidly in a short amount of time.

There are some ways you can mitigate the battery drain though. For starters, utilize the phone’s different performance profiles in the Armoury Crate app. There’s X Mode, Dynamic Mode, and Ultra Durable. If you’re looking to conserve battery while still gaming, then set it to dynamic once you’re in your game of choice. You can do this by opening the Game Genie dashboard once the game is loaded up.

Secondly, make sure you tune the game’s graphics down. This will help the game use less power to function optimally. And should result in overall less power draw from the battery. You can also turn off anything that isn’t really necessary to the gaming experience. Like the LCD display and RGB lighting on the back of the phone. And finally, either stick with the speakers for audio or use wired headphones, and turn down the screen brightness as much as you’re willing to tolerate.

Does the ROG Phone 6 have a 3.5mm headphone jack?

Yes. ASUS is still implementing the use of a 3.5mm headphone jack on its latest gaming phones. So if you prefer the wired experience, you can plug in your favorite headset. Or you can try and snag ASUS’s snazzy new true wireless earbuds that come with a wired attachment. This way you can use them wireless for somethings and wired for others.

Does the phone still have AirTriggers?

Absolutely. These are a staple of the ROG Phone series and ASUS likely plans on never getting rid of them. And rightfully so. They’re an easy way to implement extra controls for gamers without having to actually add on physical controls. That being said, there are some differences this year.

The new AirTriggers actually do more than the ones on last year’s ROG Phone 5 series devices. With the AirTriggers 6 offering up to 9 different gestures. However, there are no longer any back ultrasonic triggers on the back like there were on the ROG Phone 5 Ultimate. Instead ASUS seems to have incorporated the functions of those into the AirTriggers on the top.

How is the camera quality?

ASUS ROG Phone 6 Pro Review 3

Chances are if you’re buying a gaming phone, you’re buying it mostly for the gaming prowess. You may be less concerned with how it performs in the picture taking department. But, that doesn’t mean you won’t use the camera at all, right? This is after all likely to be your main phone. Unless you’re a user who has more than one device, and use this strictly for gaming, this will be your only device and thus the only phone camera you have at your disposal.

So you probably want the camera to perform at least decently. We can say that the camera performs admirably. It won’t be the best phone camera on the market, but it will provide you with pretty good pictures in this day and age.

Especially if you’re coming from a phone that’s at least two or three years older. As long as you’re aware that the camera on the ROG Phone 6 and ROG Phone 6 Pro won’t outdo the likes of the Pixel 6 Pro, iPhone 13 Pro Max, and Samsung Galaxy S22 Ultra, then you should be pretty happy with it. Then again, some of this might be subjective and you may find that the camera in your own opinion, is just as good.

Does the ROG Phone 6 stay cool when gaming?

The short answer is yes and no. The phone does stay cool (to a point) during gaming sessions. But it can still get warm to the touch the longer you play and if the game is more graphically demanding. In those cases, ASUS recommends using the AeroActive Cooler 6 that comes with the phone.

Specifically it recommends using this attachment if you plan to play longer than one hour. Temperatures are also lower compared to last year’s ROG Phone 5 series. So all-in-all, the phone can stay cool while you game and ASUS has managed to lower the temps from its previous model. That’s a win in our book. However, just know you need to temper your expectations.

The phone will not be completely cool to the point that you won’t notice the heat being put out by the CPU and GPU. And again it all depends on the game you’re playing. For example, playing a game like Alto’s Odyssey for two or three hours straight isn’t going to increase the phone temperatures too much. So keep that in mind.


[ad_2]
Source link

This might be the first ever AI-generated phishing scam

andreasc
-
0
This might be the first ever AI-generated phishing scam
[ad_1]

AI does a lot of stuff nowadays, and every day, it seems that there’s a new thing that it can do. Well, did you anticipate that it’d be able to scam you? That’s right! A new LinkedIn phishing scam might be the first-ever AI-generated phishing scam.

Obviously, there isn’t some rogue AI out there trying to scam users into giving up their information. The brain behind the scam is very much flesh and blood. Rather, it looks like the materials that make up the scam have been generated using AI.

This could be the first-ever AI-generated phishing scam

According to TechRadar, researchers at SafeGuard Security uncovered this phishing scam recently. It was an ad on the platform that shills a whitepaper for businesses to help them close more deals. The only thing is that the image used to promote it shows the telltale sign of an AI-generated image.

On the bottom right of DALL-E images, there is a succession of colored squares. They’re seen on the bottom of every image generated by the platform. Below, there’s an example.

Dall e image squares

Along with that, there are other red flags that set off the alarms. For starters, the LinkedIn profile was another major tell. The profile was pretty barebones. That should be the first clue that things aren’t on the up and up. Also, it has probably the most generic name for an account, Sales Intelligence.

The profile is empty, and the website link led to a jewelry store on Amazon. That’s an odd website for a profile offering a whitepaper.

When you follow the link in the ad, you’d then put in your personal information (again, another red flag) in exchange for access to the whitepaper. Suffice it to say, there is no whitepaper. Instead, the information that the user gave up will be used for the phishing scam.

If you see an ad for a whitepaper, see an ad with an AI-generated image, or see an account that’s empty, you’ll want to pass it up.


[ad_2]
Source link

HardBit Ransomware Steal Sensitive Data From Victims Before Encrypting

andreasc
-
0
HardBit Ransomware Steal Sensitive Data From Victims Before Encrypting
[ad_1]
HardBit Ransomware

As of October 2022, The HardBit ransomware attack was first detected as a threat extorting cryptocurrency payments to decrypt data from organizations. Recently, version 2.0 of HardBit ransomware has been released by its operators. 

It is believed that the operators of this ransomware are endeavoring to negotiate with the victim’s insurance company to extort the costs of the ransom payment.

Here the threat actors convince the victim to disclose all insurance details, so, the threat actor can assess the victim’s coverage and adjust their demands accordingly. This can result in the insurer paying a larger amount, which benefits the threat actor.

This is a technique called social engineering, where the threat actor uses manipulation to persuade the victim to do something that will benefit the threat actor.

EHA

HardBit 2.0

Currently, the only variant of HardBit available on the market is version 2.0, which was launched in November 2022, and this version has been around since then, as reported by the cybersecurity analysts at Varonis.

HardBit doesn’t have a data leak site like most ransomware operations, which makes it an exception to the rule. The HardBit 2.0 ransomware strain possesses some capabilities that can be used to lower the security levels of victims.

According to the report, As part of its malicious intent, the malware also targets 86 processes for termination. With the help of this, the threat actors gain access to all the sensitive files available and encrypt them.

Data Collected

Here below we have mentioned all the types of data that are collected or gathered by HardBit 2.0:-

  • CPU details
  • Information on disk drives
  • Installed graphics card
  • Network adapter settings
  • IP configuration
  • MAC address
  • System manufacturer
  • Version from the BIOS
  • Victim username
  • Victim computer name
  • Time zone information

Capabilities of the HardBit 2.0

Here below we have mentioned all the key capabilities of the HardBit 2.0 ransomware:-

  • Disable Windows Defender’s tamper protection
  • Disable Windows Defender’s anti-spyware capabilities
  • Disable Windows Defender’s real-time behavioral monitoring
  • Disable Windows Defender’s real-time on-access (file) protection
  • Disable Windows Defender’s real-time process scanning

A fascinating aspect of the encryption phase in the HardBit 2.0 is its unconventional approach to handling encrypted data. Unlike typical strains that create encrypted file copies and delete the original files, HardBit 2.0 opts to open the files and with encrypted data, it overwrites their contents.

Following encryption, the file name is changed to a seemingly arbitrary set of characters, followed by an identifier comprising the hardbit2 file extension and a contact email address.

By employing this particular approach, the retrieval of original files by experts is made considerably more challenging, and the process of encryption is mildly expedited.

HardBit 2.0, similar to other ransomware, does not disclose the ransom amount demanded by the hackers in exchange for the decryption key in the note left on the victim’s system.

The victims are given a 48-hour time frame to reach out to the attacker through a secure, open-source encrypted peer-to-peer messaging application.

To minimize the overall cost, the threat actor advises victims against involving intermediaries and encourages them to directly negotiate with them. 

If companies hold insurance for cyberattacks, the hackers request that they share the insurance amount to facilitate successful communication and provide them with more comprehensive instructions.

In addition, the hackers attempt to persuade the victim that revealing their insurance details would be in their best interest, portraying the insurer as the adversary hindering data recovery.

The attackers claim that sharing the exact insurance amount would enable them to calculate the ransom demand accurately, compelling the insurer to meet their demands.

Ransomware operators’ primary objective is to receive payment, and they will go to great lengths to achieve it, making it difficult to trust their promises or offers. It is essential to be wary of their actions and approach them with caution.

To combat this type of threat effectively and put an end to it, it is imperative to report the incident to law enforcement, maintain a reliable backup strategy, and refuse to pay the ransom.

Also Read: Ransomware Attack Response and Mitigation Checklist

Network Security Checklist – Download Free E-Book


[ad_2]
Source link

The ultimate guide to malware

andreasc
-
0
The ultimate guide to malware
[ad_1]

What is malware?

Malware is a fast-growing, ever-evolving threat to cyber security. In the first six months of 2022, over 2.8 billion malware attacks were reported worldwide. Beyond risks to their network, malware like ransomware can have real, monetary costs for businesses. In 2021, damages of ransomware alone cost US$20bn. This was a 6054 percent increase on the global cost of ransomware in 2015, which was $325mn. This is only predicted to increase, with the damages of ransomware forecasted to reach US$250bn by 2031.

The term ‘malware’ is an abbreviation of ‘malicious software’ and, according to the UK National Cyber Security Center (NCSC), “includes viruses, trojans, worms or any code or content that can damage computer systems, networks or devices”.

As the definition of malware is very broad, this article dives into the various different types of malware exploring what these types of malware do, the effect they can have on a network and how they can be mitigated or prevented. 

Contents: 

  • What is trojan malware?
  • What is worm malware?
  • Using ChatGPT to create malware

What is trojan malware?

Named for the mythical ‘trojan horse’ the Greeks used to enter the city of Troy, trojan malware is malware that masquerades as a safe or innocuous file. Once the file is downloaded, it will then start to execute malicious actions on the endpoint it is downloaded onto.

Trojan malware is used by hackers to steal victim’s bank information and eventually their money. This disruptive threat vector is on the rise, with Kapersky Software reporting that it blocked the launch of at least one type of banking malware on the devices of almost 100,000 (99,989) unique users

Banking trojans can be spread a number of ways, including via phishing links, posing as useful programs (e.g. a multi-use bank management app) or even as apps for the bank themselves.

Once these programs are downloaded by the victim, the hackers are able to run malicious programs on the victim’s device. In some cases, this will allow them to harvest the login information used for their bank account, giving them access to it. In others, it will allow them to steal bank card information via false data collection tables, asking the user to add their card details to a Google Pay account, for example. In more extreme cases, the malware penetrates the device’s network and turns on administrative access, giving hackers complete control over the device.

If hackers gain control of a device, they can read, reroute and delete text messages or calls, meaning that even if the victim has multi-factor authentication (MFA) set up, the hackers can access the one-time passcodes (OTPs) needed to bypass this security strategy. Hackers can then steal data and money from their victims without them being alerted until it is too late. 

As the actions performed by the hackers come from the victim’s device and will pass all security measure, they will seem legitimate. This means that banks may not flag some or all of the transactions made by the malicious actors as suspicious behavior. Even if the bank notices the unusual activity and attempts to alert the victim, the malware allows the malicious actor to reroute any calls or texts from the bank, and the victim will remain unaware until they next check their bank balance.

Emotet banking trojan

Emotet is a trojan banking malware so prevalent and dangerous that the US Cyber Security and Infrastructure Security Agency (CISA), the US Department of Homeland Security (DHS) National Cybersecurity and the US National Communications Integration Center (NCCIC) released a group technical alert regarding it on July 20, 2018.  

The alert warns that Emotet is one of the “most costly and destructive malware affecting [state, local, tribal, and territorial] SLTT governments” due to its ability to rapidly spread throughout networks. Emotet is launched “when a user opens or clicks the malicious download link, PDF or macro-enabled Microsoft Word document” and once in a network, it will download and spread multiple banking trojans. The alert notes that Emotet infections have cost SLTT governments up to US$1mn per infection to mitigate.

Preventing a trojan malware attack

Cyber security expert and Cyber Security Hub contributor Alex Vakulov notes that the nature of trojan malware makes it difficult to remove once a device has been infected. In some cases, the only way to prevent it is to return a device to factory settings. For trojan malware, prevention is key.

“The proliferation of mobile devices has spawned a thriving underground industry for creating banking Trojans,” Vakulov explains. “This has led to a sharp increase in the number of banking Trojans and the likelihood of infection.”

Vakulov says that it is not uncommon for users to download malware from official sources such as Google Play, due to the app-checking technology not being completely foolproof. 

“While mobile security solutions can detect unauthorized app activity, it is the personal decision of each user to install a particular software on their phone,” he adds. 

To prevent trojan malware infections, users should remain vigilant by checking the validity of communications and their senders before clicking any links or downloading any attachments. The use of secure file transfer solutions can act as a preventive measure by ensuring that only files sent using trusted software are opened.

What is worm malware?

Worm malware is a type of malicious program that can self-replicate with the aim of spreading to more devices. Unlike other forms of malware, worms do not need any human or host program to run, meaning it can execute its programming itself once downloaded onto a device.

Worm malware, like many software-based threat vectors, primarily infects devices via the use of infected links and files. Social engineering is often employed to entice victims into clicking links or downloading files. This means the links may be hosted on malicious websites posing as legitimate ones, or may be sent as part of a phishing campaign, where the worm is disguised as a legitimate file type.

By itself, a worm can impact devices in a number of ways, including taking up disk space and even deleting files in order to make more copies of itself. If the worm is equipped with a payload, this can allow the malicious actors to inflict even more damage. 

Cyber security and technology journalist Dave Johnson explained to Business Insider that payloads can allow hackers to “open a backdoor to the PC for hackers or to implant additional malware to steal sensitive information like usernames and passwords, or to use the computer as part of a distributed denial-of-service (DDoS) attack”.

The WannaCry ransomware worm

Ransomware worms combine the self-replicating nature of worms with the destructive potential of ransomware.

WannaCry was a worm-based ransomware attack that took place in May 2017. It specifically targeted computers with a Microsoft Windows operating system by utilizing a flaw that meant the system could be tricked into executing code. While a patch for this flaw was developed, many of the victims of the attack did not update their devices’ software as they were unaware of its importance, meaning they were still vulnerable to the attack.

Once on a device, WannaCry encrypted the device’s data and demanded a Bitcoin payment be made to unencrypt its data. It also attempted to spread both laterally across the device’s network and to random devices via the internet. 


 
An example of the ransom note left by WannaCry. Source: Wikimedia Commons

The European Union Agency for Law Enforcement Cooperation (Europol) estimated that the attack spread across 150 countries and affected more than 300,000 computers. Among those affected by the attack were National Health Service hospitals in England and Scotland, where WannaCry affected up 70,000 devices including computers, theatre equipment, MRI scanners and blood-storage refrigerators. Other victims included government agencies, police departments, medical facilities, telecommunications companies and universities across the world.

Multiple cyber security researchers and organizations launched investigations into WannaCry in an attempt to stop the attack and prevent any further harm. This led to the discovery of a kill switch within its code by British researcher Marcus Hutchins. By registering a web domain for a DNS sinkhole he found in its code, Hutchins was able to stop the attack’s spread. This was because the ransomware was only able to encrypt a device’s files if it could not connect to that domain.

Other solutions were also discovered, including researchers from Boston University and University College London who found that the ransomware could be stopped by recovering the keys used to encrypt the data by using a software system called PayBreak. 

The potential losses from the attack were estimated to reach up to $4bn by cyber risk modelling firm Cyence.

Raspberry Robin malware worm

Raspberry Robin was originally discovered by cyber security company Red Canary in September 2021 after noticing and tracking a cluster of activity caused by the worm.

Raspberry Robin is installed on computers via a compromised USB, which then introduces the worm to the computer’s system. The worm then goes on to read and execute a malicious file stored on a USB drive, which, if successful, downloads, installs and executes a malicious dynamic-link library file (.dll). Finally, the worm repeatedly attempts to execute outbound connections, typically to The Onion Routing (TOR) nodes. TOR nodes can conceal a user’s location from the connection destination.

Red Canary reported that it had seen Raspberry Robin activity in organizations linked to the manufacturing and technology sectors, although the company noted that it was unclear as to whether there was any connection between the companies affected by the malware. 

Discussing the purpose of the Raspberry Robin worm when it was first discovered, Red Canary admitted that it was unsure “how or where Raspberry Robin infects external drives to perpetuate its activity”, although the company suggested that this “occurs offline or otherwise outside of our visibility”.

The organization also said that its “biggest question concerns the operators’ objectives”. This uncertainty is due to a lack of information on later-stage activity, meaning Red Canary are unable to “make inferences on the goal or goals of these campaigns”. The company did say, however, that it hoped the information uncovered on Raspberry Robin will help in wider efforts when detecting and tracking Raspberry Robin activity.

In August 2022, the Raspberry Robin worm was linked by Microsoft to attacks executed by Russian-based hacking group EvilCorp. Researchers tracking activity by EvilCorp discovered that “FakeUpdates malware [was] being delivered via existing Raspberry Robin infections”. 

FakeUpdates malware is a malvertising access broker, a social engineering-based threat vector that poses as a safe link that tricks victims into clicking on it. In the case of FakeUpdates, it poses as a software or browser update. When clicked on, a JavaScript file stored inside a Zip file is downloaded, executed and run on the victim’s computer. This allows bad actors to gain access to a victim’s profile networks.

How to prevent a worm malware attack

As worm malware relies on spreading to devices across a network, if a worm is discovered, the infected device should be taken off the network.

As seen in the WannaCry attack, it is important to update your device’s software regularly to make sure it is patched against any vulnerabilities.  

Other general anti-malware security strategies should also be employed, including having antivirus and antimalware software downloaded. Likewise, any links or files received via email should be carefully considered before opening to avoid worm malware getting onto the device in the first place.

Using ChatGPT to create malware

Research by threat intelligence company Check Point Research has found malicious actors are using OpenAI’s ChatGPT to build malware, dark web sites and other tools to enact cyber attacks. 

While the artificial intelligence (AI)-powered chatbot has put restrictions on its use, including using it to create malware, posts on a dark web hacking forum have revealed that it can still be used to do so. One user alludes to this by saying that “there’s still work around”, while another said “the key to getting it to create what you want is by specifying what the program should do and what steps should be taken, consider it like writing pseudo-code for your comp[uter] sci[ence] class”.  

Screenshot provided by Check Point Research

Using this method, the user said they had been able to create a “python file stealer that searches for common file types” that can self-delete after the files are uploaded or if any errors occur while the program is running, “therefore removing any evidence”.

Fighting ChatGPT malware attacks

While new technology can be used to develop more sophisticated threats, it can also be used in defense against them. Johnathan Jackson, director of sales engineering APJ at BlackBerry Cybersecurity, notes AI has the potential to be both a boon and a curse when it comes to malware. 
 
“One of the key advantages of using AI in cyber security is its ability to analyze vast amounts of data in real time,” Jackson remarks. “As cyber attacks become more severe and sophisticated, and threat actors evolve their tactics, techniques, and procedures (TTP), traditional security measures become obsolete. AI can learn from previous attacks and adapt its defenses, making it more resilient against future threats.”

Jackson notes that AI can also be used to mitigate advanced persistent threats (APTs), which can be highly targeted and often difficult to detect. This allows organizations to identify threats before they cause significant damage. 

Another benefit of AI in cyber security recognized by Jackson is its use to automate repetitive tasks like those in security management. This frees up cyber security professionals to focus more on strategic tasks such as threat hunting and incident response


[ad_2]
Source link

Google Meet officially launches 360-degree backgrounds

andreasc
-
0
Google Meet officially launches 360-degree backgrounds
[ad_1]

Not too long ago, we saw that Google was working on bringing 360-degree backgrounds to Meet. Back then, it was in testing for a select group of users. Now, however, the company has officially launched the feature.

You’ve been able to use a ton of different backgrounds and effects in Google Meet to add flair to your meetings. Sure, you can’t, realistically, have a meeting on a sunny beach, but it’s fun to pretend so.

Those backgrounds would remain static, but what if you want backgrounds that are a bit more immersive? Well, this is where these 360-degree backgrounds on Google Meet come in handy.

Google officially launches 360-degree backgrounds for Meet

So, this feature was in testing for a bit, but the company finally launched it to the public. If you’re using Google Meet on your phone, you’ll be able to use one of two 360-degree backgrounds. As you can imagine, the feature will use your phone’s gyroscope to rotate the backgrounds and make it seem like you’re actually in the locations.

At the moment, you only have the option of a beach and a temple. That might be a little disappointing, as the test videos showed someone using an oasis as a background. Maybe the company will add that one, and others, in future updates.

In other Google news: The Google Pixel Fold might be heavier than the Galaxy Z Fold 4

In a couple of months, we’re expecting to finally see Google’s first foldable phone. It’s being called the Pixel Fold, but earlier rumors pointed to it being called the “Passport”. We got leaks for this device, and they showed a pretty nice-looking phone.

This phone is tipped to be a bit larger than the Galaxy Z Fold 4, and that phone is pretty big itself. That phone weighs 263g. So, The Pixel Fold is tipped to weigh even more than that. We’ll need to wait on more leaks to be sure of the weight.

As for the size, it’s expected to be about 140mm tall and 80mm wide when it’s open. So, this phone looks like it will be pretty hefty.


[ad_2]
Source link

Sonos Era 300 & 100 speakers get detailed ahead of launch

andreasc
-
0
Sonos Era 300 & 100 speakers get detailed ahead of launch
[ad_1]

As the launch of the new Sonos Era 300 and 100 speakers approaches, their details have surfaced. These speakers will make their global debut in a few weeks and feature some improvements. Details on these coming speakers are already available, so prospective buyers will know what to expect.

The price along with the design and some specifications of these speakers have hit the internet. Both speakers will pack some software benefits for the Android and iOS communities. This will be followed by top-notch audio and connectivity features considering their price ranges.

Sonos Era 300 and 100 speakers, improving on performance and design

Marketing images of the coming Sonos Era 300 and 100 speakers have become available. The Era 100 speaker comes with a cylindrical design that is quite similar to the Sonos One speaker. It also comes with a volume slider located at the top of the speaker, along with other control buttons.

The Era 300 speaker, will come with a drum-style design that comes with more drivers than the Era 100 speaker. This speaker is larger than the Era 100 and delivers better audio thanks to its six drivers. With its audio system, the Sonos 300 provides Atmos surround sound for a more immersive experience.

For its controls, the Sonos 300 will come with a similar volume control slider and control buttons. The Sonos 100 will not offer surround sound technology but will offer great audio quality for its price. The two speakers will come with great connectivity features for Android and iOS devices.

According to the available reports, the Era 300 will come with support for spatial audio. But this will be limited to Amazon Music Unlimited, as Sonos is working on getting support for this feature from other streaming services. Possibly, spatial audio support for other streaming services will roll out months after the speakers launch.

These speakers will retail at $250 for the Era 100 and $450 for the Era 300, making them quite affordable. Reports have it that these speakers will launch in March and hit online retail stores after it becomes available. More details about these speakers will be made available after their launch event.


[ad_2]
Source link
1...1,4091,4101,411...1,452Page 1,410 of 1,452