Category Archives: Uncategorized

  • 0

Mobile banking malware Faketoken Evolves

android-malware-image

More than 2,000 Android financial apps are at risk from a modification to mobile banking malware Faketoken which can encrypt user data to extort a ransom from the user. The Trojan is capable of interacting with operating system protection mechanisms. Faketoken is distributed under the guise of various programs and games, often imitating Adobe Flash Player.

Once it has received administrator rights, Faketoken starts requesting the necessary permissions: to access the user’s text messages, files and contacts, to send text messages and make calls. These requests will also be repeatedly displayed until the user agrees to provide access. This allows Faketoken to intercept texts that your bank would send as part of their two-factor authentication safeguards. And that’s how the criminals can gain access to your account and transfer money out of it!

The Trojan will display various phishing messages and If clicked, the Trojan opens a phishing page aimed at stealing passwords from Gmail accounts. It also overlays the original Gmail app with one appearing to have the same purpose. But it’s not just passwords that are targeted by the Trojan. It also overlays the Google Play app with a phishing window aimed at stealing debit and credit card details.

The Trojan has encryption capabilities for both media files (pictures, music, videos) and documents. The Trojan changes the extension of the encrypted files to .cat. Faketoken uses an AES encryption algorithm to encrypt the files, which can be decrypted without paying a ransom.

For more information check the link Kaspersky Lab.

 

 


  • 0

Cyber Attack Preparation Tips & Tricks

Tags :

Category : Uncategorized

cyber-attacks-700x525

The World Wide Web is the new frontier, but unlike unexplored territory on the  distant moons, there’s already a massive crowd of people exposing themselves to its unknown risks. So if you’re a business owner there are steps you can take to reduce your exposure. Cyber threats are primarily effective because many businesses don’t understand how to prepare for them. Here are some suggestions:

  • Know Your Network. Make sure you understand how all the machines in your network communicate. Identify bottlenecks and single points of failure.
  • Have a Disaster Response Plan. Create regular backups of your data and store them offsite on a machine that does not communicate with your primary network. Understand how to restore your system from these backups quickly in the case of an emergency.
  • Educate Your Team. Human ignorance is the vulnerability that most cyber threats take advantage. Make sure your team knows how to spot phishing attacks and avoid suspicious emails and attachments.
  • Have Security Software. Proactive threat detection that uses heuristics allows modern security vendors to identify threats even when they are brand new. Many security suites offer a number of additional features to help protect your network’s integrity or report a detected threat.

Keep your team informed about how to identify possible threats, and keep your system under tight surveillance — the combination of these actions is an effective way to protect your company’s data. But what if you are attacked anyway?

If your security software or your personnel have reported an attack on your network, here’s what to do:

  • Isolate the Threat. Locate the machine where the threat was detected and remove its access to your network. Leaving it connected could allow the threat to move to other machines, which can quickly drive up the work involved to mitigate the scenario.
  • Harden Your Network. Make sure that all devices on your network are using up-to-date software. If a security solution is in place, make sure it’s allowed to receive the latest updates on new threats.
  • Have a Response Plan. Your PR team should have a communications plan ready, particularly if your organization handles sensitive information. You should also have a security firm on hand with forensics experts who can trace the origin of the threat, analyze the extent of the damage to your system and advise you on how to clean your system and avoid similar threats moving forward.
  • Contact Authorities. . Know how to contact your closest Law Enforcement officer and begin an investigation. Collect log files and other diagnostic information from your network if possible, for submission. Doing so might keep this from happening to others.

Communication is key. There are a number of commercially available technologies that let you monitor network resources for signs of an event. Once you notice something, engage the right people inside and outside of your organization quickly to achieve the fastest resolution.Done right, you can avoid the shame many high-profile companies have had to endure


  • 4

Are you one In a million Gooligan victim?

gooligan

A family of malware called ‘Ghost Push,’ a vast collection of ‘Potentially Harmful Apps’ (PHAs) that affect devices running the Android operating system has in the recent month evolved into Gooligan. Gooligan is more aggressive as it roots the device to gain access to highly privileged system running version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop) of Google’s Android operating system.

Once on the device, it downloads a module that enables it to steal the user’s email account and Google’s authentication tokens that provide it password-free access to the user’s Google Photos, Google Play account, files in Google Docs and Google Drive and G Suite.  It also uses your account information to install adware on your device and publish fake ratings and reviews on the Google Play Store, raising the profile of these spam apps. The fraudulent advertising revenue generated by these installed apps can generate up to $320,000 a month for the cyber criminals behind the Gooligan campaign

Check point the cyber security company that discovered this malware say you can check if your account is compromised by accessing the following web site that we created:  https://gooligan.checkpoint.com/.

If your account has been breached, the following steps are required:

  1. A clean installation of an operating system on your mobile device is required (“flashing”).
  2. Change your Google account passwords immediately after this process.

Gooligan spreads when victims download and install an infected app. Cyber criminals are slinging the malware by tricking victims into following malicious links in phishing messages.

 

Walmar Digital

 

 


  • 0

Security Tips for the Holidays

Tags :

Category : Uncategorized

The holiday shopping season has begun. Black Friday, Cyber Monday and the online promotional sales throughout this festive season, costumers are on the hunt for the best deals. This is usually the high season for cyber security breaches when shoppers are hungry for online discounts. Cyber attackers look out for vulnerable consumers and businesses to attack that will get them the largest pay out.

Tactics employed by these criminals include:-

  • PHISING SCAMS: Attackers know that during this time of year many of us are receptive to emails containing the latest sales and discounts, and may be expecting deliveries. The ransomware  Crypto Locker has recently been spread using this trick. Never click links or attachments in unsolicited emails
  • FAKE-OUTS: Fake product giveaways are another holiday tool used by cyber crooks. They especially like to offer the latest “hot” items for the holiday. Phishers try to steal personal information by getting unsuspecting victims to fill out details on “entry forms.”
  • PHONY WEBSITES: Phony websites are another hazard at any time of the year, but they are more prevalent during the holiday season. They might be fake banking sites, false social network sites, or phony online shopping portals. Pay close attention to domain names and URL addresses.
  • MALICIOUS ADS: Ads on legitimate web sites can also fool people. Hackers either buy ad space on real web sites, or they hack online ad systems illegally to inject fake ads. They also are getting very good at search engine optimization (SEO) tricks to get their phony web sites to show up at the top of popular searches. Before clicking ad links or following search results check the domains and URLs very carefully.

Security Tips for Online Shoppers

a.    Avoid doing any proprietary transactions, such as banking, shopping or purchasing, on insecure wireless networks

b.    Use strong passwords, never share them, and use different passwords for multiple web services so that if a cybercriminal hacks one account they can’t gain access to other accounts

c.    Education, awareness, and vigilance are some of the best cyber security tools

d.    Keep your operating systems and software applications updated and patched.

Security Tips for Businesses

i.        Implement a Web Application Firewall, making sure it is maintained and monitored continuously by a security expert.

ii.        Implement a robust Intrusion Prevention Solution (IPS) to defend against cyber threats, including web exploit kit attacks, SQL injection attacks, banking Trojans, etc

iii.     Institute and enforce a centralized plan for keeping your computer applications, operating systems and security software updated. Make sure servers and workstations are fully patched promptly and regularly.

iv.        Do Vulnerability Assessment and Penetration Testing (VAPT) regularly to detect and patch any vulnerability.

v.        Enforce policies that are in line with your security needs.

The fight against cybercrime is challenging, and sharing knowledge about cyber threats and incidents is essential. Just remember to staying vigilant is critically important and will go a long way to ensuring that you avoid cyber threats this season. The best security solution is only as good as the people behind it.

 

Walmar Digital


  • 0

VAPT: A Cyber defence mechanism

Category : Uncategorized

vulnerability_asse

Security is a journey and not a destination. That’s true because when managing the security of a network, we always need to endeavor and stay one step ahead of our opponents – the criminals, malcontents, hackers and spies. They steal data and information without breaking any glass. Keeping data confidential is one core mission of network security. Opponents are always honing their method and techniques each day to exploit network security and access the confidential information.

A cyber security breach can strike at any time, putting your organization at risk. Thus the need to always do Vulnerability Assessment and Penetration Testing (VAPT). Vulnerability Assessment and Penetration Testing (VAPT) is a Systematic analysis of security status of Information systems. With port 80 always open for web access there is always a possibility that a hacker can beat your security systems and have unauthorized access to your systems.

Vulnerability Assessment is the process of systematically scanning an organization’s servers, workstations, devices, operating systems, and other application software to detect and identify vulnerabilities. Identified vulnerabilities could include missing patches, gaps or loopholes in system design, misconfigurations etc. Any exposure of these gaps might result in unauthorized access to confidential data and information and pose a threat to the organization. Vulnerability Assessment utilizes specific tools to identify vulnerabilities and provide remedial measures.

Penetration Testing is the process of launching real world, secure attacks on IT infrastructure and systems to help identify the extent of exposures without causing any harm to existing data and systems. Penetration Testing helps detect possible threats by conducting mock attacks within the enterprise IT framework and helps IT managers identify threats before actual occurrence.

Most Vulnerability Assessment tools test for known system vulnerabilities and chances of producing false positives are high in this case. Penetration Testing addresses the issue of false positives by miming typical attack scenarios and studying system response to them. VAPT Testing tools when deployed together can substantially eliminate the risk of false positives and provide organization specific actionable events without unnecessarily overloading the organization’s human resources.

VAPT is most often overlooked as an integral part of IT security best practices. With 80% of websites vulnerable Cyber criminals are concentrating their efforts on web-based applications (shopping carts, forms, login pages and dynamic content) conducting cyber scams and online fraud. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases. Enterprise IT needs to be aware of known and unknown vulnerabilities and their impact on IT infrastructure and business processes. VAPT solutions not only detect threats, but also offer dynamic remedial measures to mitigate the risks arising out of these threats.

 

Walmar Digital


  • 0

Database Activity Monitoring :Essential to Database Security

networking

Companies need to think through their entire data security strategy which includes attacks on data from inside and outside the organization. Privileged insiders such as database administrators can pose a significant risk to customer and proprietary data if allowed to act unchecked.  A recent survey show database administrators are more reactive than proactive in regards to monitoring their database(s). Many seem to be driven by compliance mandates, rather than taking a proactive approach to intrusion detection and prevention hence the need of database monitoring.

Database Activity Monitoring (DAM) is defined by Gartner as “… tools that can be used to support the ability to identify and report on fraudulent, illegal or other undesirable behavior, with minimal impact on user operations and productivity.” These tools also help in detecting unusual and unauthorized, internal or external activities while still gauging the effectiveness of security tools and policies in place.

Database activity monitoring tools are implemented as standalone configurations or as software modules loaded on the database servers. The monitoring is accomplished through a combination of several methods, including network sniffing, reading of database audit logs and/or system tables and memory scraping. Regardless of the methodology chosen, the data must be correlated in order to detect and get a clear view of what’s going on within the database. These tools can help simplify that correlation and provide the administrator with the ability to detect and prevent attacks, provide forensic evidence when a data breach occurs, and ability to reconstruct data or restore it to a previous state. .

Database Activity Monitoring is an extremely valuable tool for compliance and security in our organizations, it is critical to the emerging practice of information-centric security. Database Activity Monitoring gives insight into our most sensitive systems in a non-intrusive way, and can evolve into a proactive security defense and prevent potential breaches. It’s a tool that can help improve data security and reduce compliance overhead without affecting the business processes.
Walmar Digital

 


  • 2

Data Security Tool

data-records-lost-by-industry-1024x452

What measure is your IT administrator taking to make sure sensitive and critical data for the organization does not leak out the corporate network?

Well data breaches are increasingly becoming a norm as companies are faced with securing a multitude of networks, devices, applications, users, and files used in the course of conducting business. And with the rise of cloud computing, security perimeters are more difficult to define than ever before.

Data loss prevention (DLP) refers to the identification and monitoring of sensitive data to ensure that it’s only accessed by authorized users and that there are safeguards against data leaks. Companies have chosen these data loss prevention tools because of the breadth of their capabilities. With DLP you can configure robust set of policies solution that maps to corporate policies and regulatory requirements, develop escalation workflows and remediation processes. Now that more corporate data is moving to the cloud, the question for companies with data loss prevention tools is how to extend their DLP policies to cloud services. Enterprises need a solution that extends their enterprise DLP policies to the cloud, without requiring them to create redundant policies and escalation workflows.

An effective data loss prevention strategy needs to address such areas as data management solutions, perimeter control, network segmentation and security zones, access control, identity of both users and devices, connectivity and VPN, data encryption, mobile devices, cloud services, content control such as web and email, application management and content inspection, and secure storage.

To avoid the embarrassment, reputation damage and revenue loss, your enterprise must be able to identify, track, and secure all confidential data from multiple points within the organization and in the cloud. The DLP policies, as well as better employee education, should help protect sensitive data not just from hackers and disgruntled employees, but from employees that can sometimes get careless. A well-designed IT security system with a DLP solution will prevent intruders from stealing while it protects trade secrets, company data, and other Intellectual Property.

After all… data is the new currency.

Walmar Digital


  • 1

How vulnerable is your system ?

Tags :

Category : Uncategorized

 

total-2016-data-breach-statistics

 

In the ever changing cyber world I wonder how well prepared are businesses and Organizations in these countries. Each day an exploit is being reported to have affected a new system and the system admin become powerless on fighting it.

 

Just last week on 1st November the Mirai malware which is an open source, denial of service toolkit that hijacks busybox systems (commonly used on IoT devices) attacked Liberia’s Internet infrastructure causing massive downtime.

Ransomware is increasingly becoming a problem in Africa and local companies are not reporting incidents for fear of reputation damage, Statistics in Africa remain vague as organizations are reluctant to reveal the extent to which they have been targeted by ransomware. The impact of ransomware is difficult to calculate, since many organizations opt to simply pay to have their files unlocked – an approach that doesn’t always work.

“Antivirus is Dead “John McAfee and Brian Dye of Symantec have in the recent past been quoted saying that. Malware pose a great threat in that its signature keep on evolving hence making antivirus hard to detect it. We must move from the traditional norm that the antivirus will protect us to a more realistic approach of detect and respond paradigm

Endpoint is now becoming the focus of the cyber world, Whilst a complete security plan still involves technologies like Next generation  IPS, NGFWs and sandboxing, enterprises need to understand this new emphasis on endpoint and why it is vital to a layered defense to our system.

 

Walmar Digital.