Nov 2

Internet Threat Rating: The Most Active Malware in 2021

Ranking of the most common cyber threats in 2021

ESET, a leader in information security, presents a ranking of the most common cyber threats in 2021. In particular, according to ESET telemetry, the tactics of extortion programs have become more aggressive, and the number of attacks by selecting passwords and phishing emails has increased.

In addition, ESET found DevilsTongue spyware targeting activists and journalists, as well as new activity by Gamaredon and APT Dukes in Europe. The latter has spread phishing messages to diplomats, think tanks, and international organizations in at least 12 countries.

Extortion programs

Such threats have often made headlines in recent times, attacking critical infrastructure and large IT vendors. The level of detection of this malware remained stable with several periods of significant growth.

In particular, in the last 4 months, three main waves of the spread of extortion programs have been recorded. These included an attack that shut down Colonial Pipeline, the largest pipeline company in the United States, and an attack on a supply chain using a vulnerability in the Kaseya VSA software.

In both cases, the attackers targeted financial gain, not cyber espionage. In particular, the cybercriminals who attacked Kaseya demanded a ransom of $70 million, which is the highest known to date.

The tactics of extortionist programs have become more aggressive. This led to the involvement of law enforcement agencies, which in turn exposed several groups. However, the same cannot be said of TrickBot, whose number of detected samples has doubled since last year’s disposal.

Threats to information theft

The number of such threats increased by 15.7%. Such growth is quite predictable because, in the age of the Internet, information is a commodity that can easily be monetized by attackers. Among the 10 most common threats in this category were spyware, which took the first 6 places in the list, and backdoors, which took the next 4 steps.

Although banking malware is not in the top ten most common this time, the number of detected samples of this type has also increased.

Threats that spread through e-mail

The number of harmful e-mails also increased during the analyzed period. Among them were mostly phishing and fraudulent reports. E-mail threats peaked in the second half of August 2021, with the most common threat being the DOC/Fraud Trojan. This threat was mainly spread through e-mails in which fraudsters blackmailed recipients with videos of adult content.

The Microsoft brand was most often used in phishing emails. Attackers also often impersonated the DocuSign electronic signature service and the WeTransfer file sharing service, indicating in a letter that they were sending documents to the recipient for download.

Fake payment requests, followed by counterfeit banking communications and delivery of goods, continued to be the most common topic in malicious emails.

At the same time, the topic of COVID-19 was also used in spam emails, and fraudsters pretended to be government agencies and health care organizations to force recipients to share confidential information.

Threats to macOS and iOS

In 2021 the level of threat detection for macOS increased by almost 10%. This is due to an increase in the number of detected Trojans by almost half compared to the previous period. Their activity even outpaced the potentially unwanted programs (PUAs) that previously predominated among the threats to macOS.

The largest number of detected samples fell on the program OSX/Mackeeper PUA, which displays unwanted advertising. It is worth noting that this malware is the first in the ranking of threats to macOS for the second year in a row.

Threats to Android

The activity of such threats increased by almost 33% due to the growing proliferation of spyware, advertising, and banking malware. In particular, the activity of the latter species continued to grow since the beginning of the year, increasing by almost half between May and August.

In addition, the activity of malicious applications for cyberbullying has increased. During the analysis of 86 programs with such functionality, ESET specialists revealed numerous vulnerabilities that could endanger not only the data of the victims but also the spies themselves.

Picture Credit: Pexels

Apr 7

Anti-Phishing Software is as Important as Anti-Virus Software

Anti-Phishing Software is as Important as Anti-Virus Software

Phishing is far from new. The number of phishing attacks is growing every year, and the methods of attackers are improving.

What are phishing attacks?

Phishing attacks are a type of online fraud in which cybercriminals seek to get hold of personal data – logins and passwords of social networks, mailboxes, bank accounts, and bank card numbers.

Types of phishing:

  • Mail. The oldest method of obtaining confidential data is through email campaigns with letters of various contents – from tempting offers to real threats. Using psychological influence, cybercriminals successfully obtain the personal data of users.
  • Online. It appeared much later than the mail one and is a more sophisticated way of extracting information. Since in this case, the attackers use high-quality copies of authoritative sites that require the introduction of confidential data.

That is, the user enters his username and password, or bank card details in the form, without noticing that the address has been spoofed. In this case, the merit of the anti-phishing functions of antivirus software is especially great, since they detect and block such pages even before the user has time to see them.

Also, larger cyberattacks target the devices of employees of large companies to gain control over control systems.

Why you need anti-phishing software?

The need to use anti-phishing anti-virus is due to the statements of various organizations in the field of cybersecurity about the rapid development of phishing in the world.

Of course, in most cases, the goal of cyberattacks was large firms and gaining control over their infrastructure, but the scale of the problem is understandable, and the need to combat Internet fraud is obvious.

For example, compared to 2017, the number of cyberattacks in 2018 increased by 60%.

According to the results of their observations, almost a third of office workers safely open emails from strangers, therefore, become potential victims of phishing.

Internet fraud is rampant and, as practice shows, increasing cyber literacy has not yielded tangible results.

Phishing attacks are literally a key threat to information security.

Therefore, the problem should be solved by using anti-virus software, which provides a high-level protection against phishing attacks.

Effective anti-phishing protection is implemented only in paid versions of antivirus software. Let’s take a look at three of the most popular ones.

Norton

In Norton antivirus, anti-phishing protection works in three directions at once:

  1. Blocking phishing sites. Norton quickly detects and automatically blocks sites that are fraudulently trying to obtain personal information.
  2. Checking links in the social media feed. In addition to sending out luring links by mail, cybercriminals now post them on the pages of the most popular Internet communities. Norton has addressed this issue by checking social media links.
  3. Safely store usernames and passwords and protect your identity. With the use of antivirus, the threat of receiving user data during automatic input is reduced to zero.

Key benefit: Norton’s antivirus protection is available in even the most basic version of Norton Antivirus.

Kaspersky

To assess the effectiveness of Kaspersky Lab products in terms of anti-phishing protection, it is better to look at the test results of the independent organization AV-test, according to which Kaspersky Anti-Virus recognized 100% of phishing links, of which none were false.

  1. Automatic module for checking virtual keyboards and links.
  2. An updated anti-phishing module with a heuristic analysis function that can get detailed information about a suspicious site.
  3. Data collection protection. A special module timely monitors and blocks resources that record usage scenarios.

Antiphishing functions are also available in all versions of Kaspersky anti-virus software, but remember that the basic package is available only to PC users and only for Windows.

Panda

In general, Panda’s antiviruses can boast of both an extended set of user settings and the availability of an anti-phishing module for all packages, even the basic one. The software is available for both PCs and mobile devices running any system.

However, in terms of anti-phishing protection, one drawback should be highlighted: when tested by an independent organization AV-test, it was Panda that showed a relatively slow performance of the anti-phishing module.

Picture Credit: Pexels

comments: 0 » tags: , , , ,
Apr 1

Antivirus Softwares: Meaning, Definition, and Functions

Antivirus Softwares: Meaning, Definition, and Functions

Antivirus software is the most reliable and comprehensive solution for dealing with online threats. To assess their severity, consider the most common types of malware attacks.

Viruses

In wide circles, this term is applied to all malware, but viruses are only those programs that can independently enter a computer and add malicious code, or, in other words, “infect” a file, program, or the entire system. A virus infection can result in a system malfunction due to a violation of the data allocation structure or even complete removal of the operating system.

Trojans

Unlike viruses, they do not infect other programs. Trojans also do not enter a computer on their own – attackers disguise them as useful software that the user himself installs. Trojans do even more harm because, in addition to deleting systems and personal files, they can steal confidential information.

Worms

There are malicious programs that are more dangerous than viruses and Trojans due to their high speed of spread using network resources. By instantly calculating network addresses, worms penetrate other computers, create working folders on system disks, and thus lead to system freezes.

Spyware

This software is used to collect confidential information about a specific user through a total scan of the system and working folders of his computer. Spyware functions on someone else’s PC completely unnoticed, without exerting any visible load on the operating system. In addition to obtaining personal data, spyware is used to remotely control someone else’s computer.

Cryptographers

Their main goal is to penetrate a computer, gain access to personal media files and encrypt them to extort funds for their decryption.

Spam

Is a separate type of malicious attack, which is the mass mailing of financial, political, and campaign letters. Attackers use spam for a variety of purposes – from extorting a large sum of money from the addressee to a banal load on mail servers, which leads to the loss of important data.

There is another common and dangerous type of malware attack that should be considered separately.

Phishing

Phishing attacks are becoming more and more threatening over time, which is associated with:

  • Mail spam-sending forms by mail to fill in personal data.
  • Online phishing – the creation of pages copied from the original sites of social networks, online banking, payment systems.
  • Mobile threats – SMS distribution, similar to mail spam, to extract personal data.

How does antivirus work?

Antivirus is still the only effective anti-malware tool, providing comprehensive threat protection.

To understand how antivirus works, let’s consider the main functions of antivirus software:

  • Real-time threat protection. This is the basic function of all anti-virus programs, which is every-second monitoring of computer activity and timely protection against all incoming threats.
  • Detection of threats. Selective or general scanning is used if the anti-virus is installed on a device that was previously functioning without protection. It is also useful to periodically perform a selective scan of the most vulnerable sectors of the system.
  • Password manager. In fact, it is encrypted file storage for storing logins and passwords.
  • Payment protection. This function is more often present in advanced versions of paid antiviruses and is aimed at preventing money theft during online payment.
  • Antispam. Is a module that filters mail traffic by sending suspicious messages to a separate folder, where media files are blocked when messages are opened to prevent the penetration of worms. Filtering of advertising and campaigning spam is also carried out.
  • Antiphishing. It is a module aimed at timely blocking of copy pages that collect the personal data of users.
  • Parental control. Advanced settings allow you to set the necessary restrictions when a child works at a computer, thereby protecting him from viewing unwanted content and visiting potentially dangerous Internet resources.

Accordingly, the antivirus repels attacks in several directions at once, while it is designed both to eliminate the problem “in fact” and to prevent new attacks.

Picture Credit: Pexels

comments: 0 » tags: , ,
Sep 21

Top 10 Forecasts Threats for Information Cybersecurity

Posted in Security

Top 10 Forecasts Threats for Information Cybersecurity

Attacks on 5G

The move to 5G is predicted to exacerbate threats to the telecom industry as 5G’s architectural features open up opportunities for new types of attacks on carriers’ networks. At the same time, according to Positive Technologies experts, during the transition period, when networks of previous generations will still be used for voice calls and SMS, all the shortcomings of their protection will be relevant for 5G subscribers for a long time.

Deepfake development

With the development of artificial intelligence technologies and neural networks, attackers will be able to create a variety of information fakes – deepfakes, which can be used both to bypass biometric identification and to deceive the public and other purposes.

Supply chain attacks on the rise

The growth of attacks on supply chains was predicted in 2019, and this forecast remains relevant. Typically, attackers inject malware into the legitimate code of software developers, which then spreads to the victims. Trend Micro does not exclude that in 2020 MSSP providers may turn out to be a similar channel of infection for the organizations they serve, being compromised.

The rise of attacks using stolen credentials (Credential stuffing)

According to Chronicle experts, numerous data breaches that took place in 2019 will lead to the active use of this data to carry out attacks. With the increase in the amount of data available, stolen data substitution attacks will become an increasingly viable method of monetizing for attackers.

Attacks on devices and equipment, not windows machines

The focus of cybercriminals is shifting from personal computers to various IoT (Internet of Things) devices, network equipment, cameras, drones, etc. Avast predicts that cybercriminals will add sophisticated protection to malware targeting such devices, making them harder to detect and analyze, similar to how they protect malicious code on Windows. With the growing popularity of smart devices, the surface of IoT attacks will expand.

Growth of attacks on clouds

Active cloud migration creates new security risks. Corporate data stored in cloud services will increasingly become the target of malicious attacks that can be accessed through code injection attacks – deserialization errors, cross-site scripting, and SQL injection, Trend Micro predicts.

Increased complexity of attack methods

Experts unequivocally say that cybercriminals will become smarter and more sophisticated. McAfee is talking about a possible transition of attackers to two-stage campaigns using ransomware. It is also predicted that attackers will output data from infected devices using non-standard methods, for example, via signaling data or via Wi-Fi/4G connections.

RDP attacks

In 2020, a significant increase in all types of attacks against RDP (Remote Desktop Protocol) is expected. Cybercriminals will be able to take advantage of poorly configured servers with RDP or exploit protocol vulnerabilities, depending on what is more profitable for them, according to Avast.

Attacks on critical infrastructure

There will be more attacks on critical infrastructure – experts from Group-IB, Trend Micro and Chronicle agree on this. Industrial espionage, traditional malware or ransomware attacks, supply chain attacks – the options vary. Attacks are expected both on energy enterprises, industrial systems, and life support systems and on government resources.

Development of cyber services for sale

Cyber ​​service schemes for sale will evolve, gain momentum, and take on new forms, say Positive Technologies experts. For example, a scheme may become very popular when some attackers break into the infrastructure of companies and penetrate the internal network, and then sell or lease it to other participants in the shadow market (access as a service model).

Picture Credit: Unsplash

comments: 0 » tags: , ,
Mar 15

Spam Could be Replaced by Malware

Posted in Antivirus, malware, Security

Based on a survey conducted by Barracuda Networks, spam level was down by about 50% in the second half of 2010. However the there was a 55% rapid increase in malicious software.

Barracuda Networks chief research officer Dr Paul Judge said that the shift towards search engines and social networking sites means fraudsters are now focusing on those areas of the internet.

“The research community must continue to build innovative defences and the industry must make efforts to increase the deployment rates of those defences,” Dr Judge added.

Source: http://www.ihotdesk.com/article/800461987/Malware-could-be-replacing-spa Ihotdesk.com

comments: 0 » tags: ,