Weekly Security Roundup #56: It’s Holiday Scam Season
Don’t let the joy of the holiday season make you too optimistic about cyber threats
Black Friday, Cyber Monday, Christmas shopping – they’re all already under way. And while you’re busy switching between tabs, hitting refresh on your favorite ecommerce website or chasing that item you want in the store, cyber criminals are getting busy as well.
We’ve seen that attackers prepared ahead of time, by integrating Windows 10 and Microsoft Edge support into the Dyreza financial malware, as we’ve seen numerous spam campaigns hitting users all over the world in the past month. These preparations means that cyber criminals are ready to harvest your financial data and use it to empty your bank account. No necessarily now, but in the coming weeks as well.
You’ll see from the news we selected for the Weekly Security Roundup that more evidence of increased cyber criminal activity is all over the media. To make sure you’re not one of the victims, follow the steps in this guide: 17 Online Shopping Security Tips to Protect Your Money.
Security articles of the week
Remote working and BYOD bring many security concerns for companies that are aware of these issues, but they also have benefits for employee productivity and happiness.
The survey of 500 IT decision makers in the UK and Germany found around three in five organisations believe that remote working has increased employee motivation due to greater flexibility (62 percent), and led to increased productivity as employees can work from multiple locations (61 percent).
So how can companies balance these two needs? The 11-Step Guide to BYOD Security is a good place to start for employees, and companies need to look into creating and implementing security and privacypolicies.
Angler is the the favorite exploit kit that cyber criminals focused on in Q3 of 2015 and it’s used to launch an array of attacks, so website owners and blog owners need to secure their WordPress platforms the best they can.
Helpful resource: Insider Advice: 12 Cyber Security Tips for Bloggers.
UK, US and France residents are the targets of the latest spam campaigns sent out by the Dridex botnet. Just in time for the holiday shopping season, as we’ve mentioned before. That’s more reason to keep a close eye on securing your financial data.
Cyber crime is business. Here’s more proof:
The suspect’s website – reFUD.me – provided a number of functions, both free and for charge, which allowed malware developers to scan their illegal files. They would then learn whether or not they could successfully infect victims’ computers by circumventing their malware protection.
If a piece of malware was detected, changes could be made by the developer to make the file Fully UnDetectable. Statistics on the website claim that more than 1.2 million scans have been conducted since February 2015.
So if you were certain that your antivirus was enough to keep you safe from malware, we urge you to reconsider. The guys who got arrested and the cyber criminals they work with aren’t the only ones doing this.
It’s a delicate question to ask, but also a very important one. Privacy and security vendors have an important and increasingly essential task, so a trusting relationship between them and their users is essential. Would you be open to security providers collecting some data that could be used to provide better security or would you rather sacrifice some security for more privacy? Find the poll in the article.
And it doesn’t look good. We wish we could read this title, click the headline and just find an empty page, but we’re far from that ideal. In the meantime, we can only work to get better at what we do and help users become more savvy about securing their own data and devices.
You may think that tricks such as sending spam emails and expecting users to download a malicious attachments, to open it, enable macros and then get infected is a scenario that can’t possibly work. But the trust is that it does work. More frequently than you imagine. This article explains some of the social engineering tricks and how attackers get better at manipulation and persuasion.
If it works, why not charge more? That’s probably what the attackers are thinking.
We stumbled upon a possible new variant spotted as early as November 21st. It went through several iterations starting with a low $50 BitCoin ransom which changed to $100,$200, $300, $400, $500 all the way up to $999.
Oh, but if the victim is from Russia, they’ll let him/her off the hook. Not that difficult to tell where the cyber criminals are from, eh?
When a data breach or another type of cyber attack happens, people tend to think in the short term and forget about the long term consequences, but that doesn’t mean that the latter don’t exist. This article touches upon what’s beneath the surface, what the rest of the iceberg looks like.
It can happen to the biggest companies, as we’ve seen in the past years. And it happened to Microsoft very recently:
Microsoft has revealed that it removed the November update for Windows 10 after the company found that the new version inadvertently reset users’ privacy settings.
That doesn’t mean that you should ignore updates – please don’t. They help keep your system safe.
Please be especially careful this holiday shopping season. I don’t mean to sound to paranoid, but cyber criminals know that this is the time to strike, because people are busy and become less attentive, because everyone’s buying things online, even people who don’t do that in general and because there are so many vulnerabilities to exploit.
Use adequate protection, keep an eye out of scams and be safe!