SECURITY EVANGELIST

Black Friday, Cyber Monday, Christmas shopping – they’re all already under way. And while you’re busy switching between tabs, hitting refresh on your favorite ecommerce website or chasing that item you want in the store, cyber criminals are getting busy as well.

We’ve seen that attackers prepared ahead of time, by integrating Windows 10 and Microsoft Edge support into the Dyreza financial malware, as we’ve seen numerous spam campaigns hitting users all over the world in the past month. These preparations means that cyber criminals are ready to harvest your financial data and use it to empty your bank account. No necessarily now, but in the coming weeks as well.

You’ll see from the news we selected for the Weekly Security Roundup that more evidence of increased cyber criminal activity is all over the media. To make sure you’re not one of the victims, follow the steps in this guide: 17 Online Shopping Security Tips to Protect Your Money.



Security articles of the week



1. Remote working & BYOD go hand in hand – and they’re on the rise

Remote working and BYOD bring many security concerns for companies that are aware of these issues, but they also have benefits for employee productivity and happiness.

The survey of 500 IT decision makers in the UK and Germany found around three in five organisations believe that remote working has increased employee motivation due to greater flexibility (62 percent), and led to increased productivity as employees can work from multiple locations (61 percent).


So how can companies balance these two needs?
The 11-Step Guide to BYOD Security is a good place to start for employees, and companies need to look into creating and implementing security and privacypolicies.

2. Compromised WordPress sites deliver the Angler exploit kit

Angler is the the favorite exploit kit that cyber criminals focused on in Q3 of 2015 and it’s used to launch an array of attacks, so website owners and blog owners need to secure their WordPress platforms the best they can.

Helpful resource: Insider Advice: 12 Cyber Security Tips for Bloggers.

3. Expect financial malware to hit users during the holiday shopping season

UK, US and France residents are the targets of the latest spam campaigns sent out by the Dridex botnet. Just in time for the holiday shopping season, as we’ve mentioned before. That’s more reason to keep a close eye on securing your financial data.

4. Website owners who helped cyber criminals avoid AV detection arrested

Cyber crime is business. Here’s more proof:

The suspect’s website – reFUD.me – provided a number of functions, both free and for charge, which allowed malware developers to scan their illegal files. They would then learn whether or not they could successfully infect victims’ computers by circumventing their malware protection.

If a piece of malware was detected, changes could be made by the developer to make the file Fully UnDetectable. Statistics on the website claim that more than 1.2 million scans have been conducted since February 2015.

So if you were certain that your antivirus was enough to keep you safe from malware, we urge you to reconsider. The guys who got arrested and the cyber criminals they work with aren’t the only ones doing this.

5. How much do you trust your security vendor?

It’s a delicate question to ask, but also a very important one. Privacy and security vendors have an important and increasingly essential task, so a trusting relationship between them and their users is essential. Would you be open to security providers collecting some data that could be used to provide better security or would you rather sacrifice some security for more privacy? Find the poll in the article.

6. The November 2015 list of data breaches and cyber attacks is out

And it doesn’t look good. We wish we could read this title, click the headline and just find an empty page, but we’re far from that ideal. In the meantime, we can only work to get better at what we do and help users become more savvy about securing their own data and devices.

7. How do cyber criminals get victims to enable macros in malicious documents?

You may think that tricks such as sending spam emails and expecting users to download a malicious attachments, to open it, enable macros and then get infected is a scenario that can’t possibly work. But the trust is that it does work. More frequently than you imagine. This article explains some of the social engineering tricks and how attackers get better at manipulation and persuasion.

8. Ransomware creators increase the prices


If it works, why not charge more?
That’s probably what the attackers are thinking.

We stumbled upon a possible new variant spotted as early as November 21st. It went through several iterations starting with a low $50 BitCoin ransom which changed to $100,$200, $300, $400, $500 all the way up to $999.

Oh, but if the victim is from Russia, they’ll let him/her off the hook. Not that difficult to tell where the cyber criminals are from, eh?

9. The hidden costs of cyber attacks

When a data breach or another type of cyber attack happens, people tend to think in the short term and forget about the long term consequences, but that doesn’t mean that the latter don’t exist. This article touches upon what’s beneath the surface, what the rest of the iceberg looks like.

10. Microsoft withdraws Windows 10 November Update

It can happen to the biggest companies, as we’ve seen in the past years. And it happened to Microsoft very recently:

Microsoft has revealed that it removed the November update for Windows 10 after the company found that the new version inadvertently reset users’ privacy settings.

That doesn’t mean that you should ignore updates – please don’t. They help keep your system safe.


Conclusion


Please be especially careful this holiday shopping season. I don’t mean to sound to paranoid, but cyber criminals know that this is the time to strike, because people are busy and become less attentive, because everyone’s buying things online, even people who don’t do that in general and because there are so many vulnerabilities to exploit.

Use adequate protection, keep an eye out of scams and be safe!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP