Information Technology

This is that time of year when people are busy looking for gifts for friends and family. Socks.After shave.Chocolates.How about giving someone a gift that will keep them and their data safe?That’s a gift that will keep giving throughout 2022 and beyond.So, how do you give someone added security, without breaking the bank?

Give an Yubico Yubikey security key.So, what is a YubiKey?A YubiKey is the ultimate line of defense against having your online accounts taken over. And with prices starting at $45, it’s one of those indispensable gadgets for the 21st century.A hardware authentication device made by Yubico, it’s used to secure access to online accounts, computers, and networks. The Yubikey 5 Series look like small USB flash drives and come in a range of different connectors — USB-A, USB-C, and USB-C and Lightning combo. There are versions that also include support for NFC.It offers two-factor authentication (also known as multi-factor authentication or two-step verification) for hundreds of online services, from Facebook, Google, and Twitter, to more specific services such as Coinbase, Salesforce, and Login.gov. Your YubiKey can also be used to secure password storage services such as Bitwarden , Password Safe , and LastPass.And the great think is that if someone already has one, you’ve got them a backup key (which I highly recommend having).There are two models of YubiKey that I highly recommend.

First is the YubiKey 5 NFC. This not only features a USB-A r USB-C connector (depending on the version you buy), but it also has built-in NFC capability, making it a great choice for laptops, desktops, iPhone, and Android devices.

This YubiKey features a USB-C connector on one end and a Lightning connector on the other. It’s the perfect for iPhone/iPad/Mac users as it covers it all.Perfect for those who don’t need NFC capability. More

Most Brazilian professionals working remotely believe they are responsible for the integrity and security of corporate data, according to a global study on consumer security attitudes. The 2021 Unisys Security Index reveals that two-thirds of Brazilians working remotely stated they are primarily responsible for keeping their employers’ data secure. Of the respondents who believe they are primarily responsible for the integrity of corporate data, 41% also place that responsibility on application providers. Only 21% of those polled hold their employers accountable for data security.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The results suggest that most Brazilians have a high degree of responsibility in relation to the corporate data they work with, according to Alexis Aguirre, director at Unisys Cybersecurity for Latin America. On the other hand, Aguirre noted corporate attitudes contrast with the lack of knowledge among the population about the various types of digital security fraud. “It is clear that in addition to investing in technology, it is essential to train people, as users are generally the gateway through which cybercriminals focus their actions, especially using social engineering techniques,” Aguirre adds. The Unisys study polled 11,000 consumers across 11 countries, including 1,000 Brazilian participants. The research has also covered the lack of awareness about security issues among Brazilians, with the minority of respondents stating they are aware of crimes such as SIM jacking and SMS phishing.On the other hand, separate research has found that Brazilians are concerned about the security of their data. A study carried out by Datafolha institute on behalf of Mastercard has found that fear of cyber attacks is high among Brazilian users, with 73% of respondents reported having suffered some kind of digital threat, such as receiving fake messages from companies and stolen passwords. Fostering a data protection culture in Brazil is one of the main initial objectives of the National Data Protection Authority (ANPD), a body set up in 2020. As part of efforts to raise awareness on the issue among the general public, ANPD launched a a data protection guide in September detailing how data holders can protect their data and listing steps that should be taken in case of incidents related to cybersecurity. More

Although you want to grab the best deals this holiday weekend, remember that this is the perfect time for scammers to take advantage of you online.

Phishing emails — claiming to be from a store, bank, credit card company, etc. — will entice you to click links that go to copies of legitimate websites. From there, they will try to extract your passwords or credit card information. As your inbox fills up with Black Friday and Cyber Monday deals, remember that not all is as it seems. Lamar Bailey, director of security research and development at Tripwire, warns, “Not all of the emails will be legit, as attackers will take valid emails and change the links to point you to malicious sites that may look like the real things.”Sam Curry, Chief Security Officer at Cybereason, advises that people with balances on multiple credit cards might “receive an email pretending to be from the credit card company saying their account is overdue and is subject to being shut down unless they make a minimum monthly payment. The unsuspecting consumer gives away their credit card information and other personable identifiable information.”Javvad Malik, security advocate at AlienVault (now AT&T Cybersecurity), confirms this, advising you to “regularly monitor your credit, debit, and ATM card activity for fraudulent transactions and immediately report anything suspicious.”Phishing scams are also rife this weekend. Curry warns against opening “any attachments or [clicking] on links appearing to be from trusted vendors” and advises going to the trusted website from your web browser instead. He also notes that ransomware attacks, which allow hackers to make money from you if ransomware hits your computer, are prevalent during the holiday season. In short, do not click on links from unsolicited emails warns Paul Bischoff, privacy advocate at Comparitech. He insists that you should always check that you have a “valid HTTPS before entering any information into a website.”

Other scams occur when you buy something and the item does not arrive. Bischoff notes that the scammer will claim “there is some problem with Amazon or Ebay’s payment system.”

“They will try to contact you and extract payment through some other means,” says Bischoff. “Don’t interact with merchants outside of the marketplace’s official channels.” Also make sure you do not fall victim to porch pirates like a third of Americans do.If you are keen to shop online, make sure that your experience does not come at the cost of your security warns Todd Peterson, IAM specialist at One Identity. He explains, “Having non-essential websites store [your] passwords or credit card details or using the same password across all online stores is ill-advised.”One particular industry to cautiously shop from? Gaming. Beware of fake game codes or large discount from game companies says Jack Baylor, Security Threat Researcher at Cylance. “People often put up fake game codes claiming large discounts compared to buying directly from the game manufacturer or the likes of reputable markets such as Steam, Microsoft Store (Xbox1), or PlayStation Store (PS4),” he says. “Often consumers are left out of pocket with nothing more than a nonsense string of letters and numbers to show for it.”How can you reduce security risks when you shop online?Be wary of clicking email links or downloading anything — no matter how great the holiday sale appears to be. Always go directly to the vendor’s website and type the web address into your browser instead of clicking email links.Check that the vendor’s site is legitimate; look our for typos and grammatical errors in the URL and on the site.Use a different password for every website you purchase from.Disable pop-up ads on your browser.Enable multi-factor authentication or opt in to extra security measures provided by your bank/credit card company. If it takes multiple steps to purchase something when you shop, it will be more difficult for hackers to compromise your account.Check all of your online receipts and correlate them with your credit card statement. You need to know exactly what is being added to your card purchases.Check incoming calls from numbers you do not recognize online to see whether the call is from a genuine vendor, and block the number if you the caller makes you uncomfortable.To protect your incoming packages, use a locked drop box or install a home security camera or a video doorbell.If you are cautious and enable as much security as possible, you are far less likely to be compromised. Then you can rest assured that your holiday shopping does not end in security nightmares and costly mistakes. More

Security researchers have discovered new remote access trojan (RAT) malware that has created an unusual new way of hiding on servers.As first reported on BleepingComputer, this new malware, dubbed CronRAT, hides in scheduled tasks on Linux servers by being set for execution on February 31, a date that doesn’t exist. 

ZDNet Recommends

Discovered and named by e-commerce security specialist Sansec, CronRAT is part of a growing trend in Linux server-focused Magecart malware. CronRAT is used to enable server-side Magecart data theft.SEE: A winning strategy for cybersecurity (ZDNet special report)The security company describes the malware as “sophisticated” and it remains undetected by most antivirus vendors. Sansec had to rewrite its detection engine to spot the malware after receiving samples of it to discover how it works. The name CronRAT is a reference to the Linux cron tool that allows admins to create scheduled jobs on a Linux system to occur on a specific time of day or a regular day of the week.   “CronRAT’s main feat is hiding in the calendar subsystem of Linux servers (“cron”) on a nonexistant day. This way, it will not attract attention from server administrators. And many security products do not scan the Linux cron system,” explain Sansec in a blogpost. 

The malware drops a “sophisticated Bash program that features self-destruction, timing modulation and a custom binary protocol to communicate with a foreign control server,” says Sansec. Magecart card skimmers are a problem that’s not going away any time soon as e-commerce continues to play a vital role in shopping during the ongoing pandemic. Ahead of Black Friday, the National Cyber Security Centre (NCSC) warned it had found 4,151 retailers that had been compromised by hackers targeting bugs in checkout pages over the past 18 months. Most of the attacks targeted bugs in popular e-commerce platform Magento. The FBI last year issued a similar warning about Magecart attackers targeting a Magento plugin. More

Hackers have already created malware in a bid to exploit an elevation of privilege vulnerability in Microsoft’s Windows Installer.Microsoft released a patch for CVE-2021-41379, an elevation of privilege flaw in the Windows Installer component for enterprise application deployment. It had an “important” rating and a severity score of just 5.5 out of 10. 

Windows 11

It wasn’t actively being exploited at the time, but it is now, according to Cisco’s Talos malware researchers. And Cisco reports that the bug can be exploited even on systems with the November patch to give an attacker administrator-level privileges. SEE: Windows 11 FAQ: Our upgrade guide and everything else you need to knowThis, however, contradicts Microsoft’s assessment that an attacker would only be able to delete targeted files on a system and would not gain privileges to view or modify file contents.”This vulnerability allows an attacker with a limited user account to elevate their privileges to become an administrator,” explains Jaeson Schultz at Cisco Talos. “This vulnerability affects every version of Microsoft Windows, including fully patched Windows 11 and Server 2022. Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability.”

Abdelhamid Naceri, the researcher who reported CVE-2021-41379 to Microsoft, tested patched systems and on November 22 published proof-of-concept exploit code on GitHub, which shows that it works despite Microsoft’s fixes. It also works on Server versions of affected Windows, including Windows Server 2022. “The code Naceri released leverages the discretionary access control list (DACL) for Microsoft Edge Elevation Service to replace any executable file on the system with an MSI file, allowing an attacker to run code as an administrator,” writes Cisco’s Shultz.SEE: Dark web crooks are now teaching courses on how to build botnetsHe adds that this “functional proof-of-concept exploit code will certainly drive additional abuse of this vulnerability.” Naceri says there is no workaround for this bug other than another patch from Microsoft. “Due to the complexity of this vulnerability, any attempt to patch the binary directly will break Windows Installer. So you’d better wait and see how/if Microsoft will screw the patch up again,” Naceri said. Microsoft is yet to acknowledge Naceri’s new proof of concept and has not yet said whether it will issue a patch for it.  More

Online criminals are deploying cryptocurrency miners within just 22 seconds of compromising misconfigured cloud instances running on Google Cloud Platform (GCP).Cryptocurrency mining is by far the main malicious activity conducted by attackers after taking advantage of misconfigured instances hosted on GCP, making up 86% of all actions carried out after compromise. And in many cases, the attackers move extremely quickly after compromising an instance and installing cryptomining malware to free-ride off others’ CPU and GPU resources to turn a profit for themselves. 

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

“Analysis of the systems used to perform unauthorized cryptocurrency mining, where timeline information was available, revealed that in 58% of situations the cryptocurrency mining software was downloaded to the system within 22 seconds of being compromised,” Google says in its first Cloud Threat Intelligence report.SEE: Cloud security in 2021: A business guide to essential tools and best practicesAnother striking trend was how quickly attackers are finding and compromising unsecured, internet-facing instances. The shortest time a compromise took place was 30 minutes after those instances were deployed. In 40% of cases, the time-to-compromise was under eight hours. Security firm Palo Alto Networks similarly found that 80% of 320 internet-facing ‘honeypot’ instances hosted in the cloud — and designed to attract attackers — were compromised within 24 hours. 

As Google’s report highlights, crypto-mining malware is a problem for users on GCP who don’t take steps to protect their cloud instances. “While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse. The public Internet-facing Cloud instances were open to scanning and brute force attacks,” Google notes. SEE: Dark web crooks are now teaching courses on how to build botnetsInternet-facing GCP instances were a significant target for attackers. Just under half of compromised instances were carried by attackers gaining access to instances with either no password or a weak password for user accounts or API connections, which meant these instances could be easily scanned and brute forced.”This suggests that the public IP address space is routinely scanned for vulnerable cloud instances. It will not be a matter of if a vulnerable Cloud instance is detected, but rather when,” Google said.Additionally, 26% of compromised instances were due to vulnerabilities in third-party software being used by the owner.”Many successful attacks are due to poor hygiene and a lack of basic control implementation,” said Bob Mechler, director at Google Cloud’s office of the CISO.The report is a wrap up of observations over the last year by Google Threat Analysis Group (TAG), Google Cloud Security and Trust Center, and Google Cloud Threat Intelligence for Chronicle, Trust and Safety. More

Cyber criminals are using a new JavaScript downloader to distribute eight different kinds of remote access Trojan (RAT) malware and information-stealing malware in order to gain backdoor control of infected Windows systems, as well as steal usernames, passwords and other sensitive data. 

The downloader has been detailed by cybersecurity researchers at HP Wolf Security, who’ve called it RATDispenser.  The initial entry point for attacks is a phishing email that claims to contain a text file about a product order. Clicking the malicious file will run the process for installing RATDispenser malware. In order to avoid detection, the initial JavaScript download is obfuscated with the aid of long strings of code to help hide the malicious intent.SEE: A winning strategy for cybersecurity (ZDNet special report)Once installed, RATDispenser is used to distribute a range of different malware, including trojans, keyloggers and information stealers, all designed to steal sensitive data from the user. The most frequently distributed malware downloads are STRRAT and WSHRAT, which account for four in five of the analysed samples. But other forms of malware RATDispenser have been distributed, including invasive information stealers such as Adwind, Formbook, Remcos, Panda Stealer, GuLoader and Ratty.Some of these trojans, like Panda Stealer, are relatively new, having only been discovered this year, while others, such as WSHRAT, have been active for many years. 

At the time the research was published, RATDispender was only detected by one in 10 available anti-virus engines. “It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,” said Patrick Schlapfer, malware analyst at HP.  “RATs and keyloggers pose a silent threat, helping attackers to gain backdoor access to infected computers and steal credentials from business accounts or even cryptocurrency wallets. From here, cyber criminals can siphon off sensitive data, escalate their access, and in some cases sell this access on to ransomware groups,” he added.  In order to protect users from attacks by RATDispenser and the malware it drops, researchers recommend that network administrators audit which email attachment file types are allowed by their email gateway and blocking execuatables that aren’t needed – such as JavaScript or VBScript.MORE ON CYBERSECURITY More

With Thanksgiving underway and Black Friday sales about to arrive, the FBI has warned consumers to be wary of online-shopping scams and phishing attackers using big brands to steal online credentials. The FBI is expecting a rise in complaints and losses during the 2021 holiday season “due to rumors of merchandise shortages and the ongoing pandemic”, it says in a public service announcement. 

Black Friday Deals

Global supply chain problems have affected everything from online fashion sales to smartphones, games consoles and the auto industry. Sony earlier this month cut its PlayStation 5 production outlook due to component shortages and the games console remains hard to buy in many parts of the world. SEE: A winning strategy for cybersecurity (ZDNet special report)During the 2020 holiday season, the FBI received 17,000 complaints over goods that weren’t delivered, resulting in losses over $53 million. In particular, the FBI warns consumers to be cautious of deals that are too good to be true in email, on websites, in social media posts, and in ads on social media. It highlights the risk of online surveys that aim to steal personal information or debit and credit card details. For those purchasing a new pet this holiday season, the FBI recommends meeting the animal and owner in a video chat before buying to reduce the chances of being scammed by sellers of a non-existent pet. 

The FBI recommends consumers to only purchases from HTTPS websites and to beware of online retailers who use, for example, a free email account instead of an address with the company’s domain. Also, consumers should pay for items using a credit card dedicated for online purchases, checking statement activity, and never saving payment information in online accounts. Never use public Wi-Fi to make a purchase, and look up reviews about the online seller and check with the Better Business Bureau to see if they’re legitimate. Victims of fraud can report incidents to the FBI’s www.ic3.gov website. Another risk for consumers this holiday season are various online techniques and tools that scammers use to harvest account credentials of brand-name companies. The FBI issued another PSA warning of “recent spear phishing email campaigns” targeting consumers. One of the key goals of scammers is to bypass two-factor authentication (2FA). At risk are consumers of big brands in technology, banking, shipping, and retail industries.SEE: Dark web crooks are now teaching courses on how to build botnetsThe spear-phishing campaigns aimed at bypassing 2FA target accounts where consumers have used their email address as their user ID. “Once detected, the consumer is redirected to an email scampage of the same email domain to steal their email account login and password information,” the FBI warns.  “When cyber criminals gain access to a consumer’s online and email accounts, cyber criminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and setup before the account owner is notified and aware,” the FBI notes. Credential scam pages are moving to an ‘as-a-service’ model, where criminals sell their scam pages to others, the FBI warns. Among important piece of advice from the FBI: “Do not store important documents or information in your email account (e.g., digital currency private keys, documents with your social security number, or photocopies of a driver’s license).” Also, it urges users to enable 2FA.  More