Archives October 2023

Malvertising Explained: The Hidden Threat in Online Ads

Ads aren’t just about selling the latest gadget or promoting a sale. Some of them have a darker purpose: malvertising. But what is malvertising, and why should you care?

What is Malvertising?

Malvertising, a combination of “malware” and “advertising,” refers to the practice of embedding malicious code within legitimate-looking ads. These ads are distributed across reputable ad networks and displayed on websites you might frequently visit. When a user clicks on the ad or, in some cases, even just loads the webpage displaying it, the malicious code activates, leading to potential harm.

Examples of Malvertising:

  • Drive-by Downloads: Perhaps the most harmful. You visit a website, and the malvertisement automatically downloads malicious software onto your device without your knowledge.
  • Scareware: Ads that deceive users by warning them about nonexistent threats on their device and urging them to download a “solution,” which is, in fact, malware.
  • Phishing: Malvertisements that mimic genuine companies or services, attempting to trick you into providing personal information or login details.
  • Cryptojacking Scripts: Ads that utilize your device’s resources to mine cryptocurrency without your knowledge.

Why is Malvertising Dangerous?

Malvertising poses a significant threat because it can bypass traditional security measures. Since these malicious ads are hosted on legitimate and trusted websites via ad networks, they can often evade standard web filters and blacklists. Plus, since users trust the websites they visit, they’re more likely to interact with these ads without suspicion.

Protecting Yourself from Malvertising:

  • Ad-blockers: Using ad-blockers can prevent many malvertisements from appearing.
  • Regularly Update Software: Ensure your browser, plugins, and operating system are up to date, as many malvertisements exploit known vulnerabilities.
  • Use Antivirus Software: Good antivirus software can detect and block many malicious downloads.
  • Be careful about clicking on ads, especially if they look too good to be true.
  • Keep your software updated, including your web browser, operating system, and antivirus software.
  • Be careful about what information you enter into online forms.
  • Stay Informed: Understanding the threat, as you’re doing now, is half the battle.

If you think you may have clicked on a malicious ad, you should immediately scan your computer for malware. You should also change your passwords for any online accounts that you may have accessed while you were infected with malware.

In summary, while the internet is an incredible resource, it has challenges. Malvertising is challenging, but you can browse safely and confidently with caution and the right tools.

Read more about malvertising at Hacker News and Malwarebytes. In our article, you learn how to detect malware on your machine.

How to Guard Against Info Stealing Malware: Essential Safety Guide

What is Info Stealer Malware?

Info stealer malware is malicious software designed to extract sensitive and valuable information from infected systems. This data can include usernames, passwords, credit card numbers, personal identification numbers (PINs), and other types of private information.

Common targets for info stealers are:

  • Web browsers (to capture browsing history and saved credentials)
  • Email clients
  • FTP clients
  • Instant messaging apps
  • Cryptocurrency wallets

How Does It Work?

  • Delivery: Like other malware, info stealers can be delivered via malicious email attachments, fake software downloads, or compromised websites.
  • Infiltration: Once executed, the malware often runs silently in the background without the user’s knowledge.
  • Data Harvesting: The malware searches and extracts desired information from specific locations, like browser caches or saved password lists.
  • Exfiltration: The collected data is then sent back to a server controlled by the attacker, often encrypted to evade detection.

How to Protect Yourself?

  • Regular Updates: Ensure that all your software, especially your operating system and web browsers, are updated regularly. These updates often contain patches for known vulnerabilities.
  • Install a Reputable Antivirus and Anti-malware: Invest in a good antivirus solution and schedule regular scans.
  • Avoid Suspicious Downloads and Attachments: Be cautious of email attachments from unknown sources and avoid downloading software from unofficial or suspicious websites.
  • Use a Firewall: Enable a firewall to monitor incoming and outgoing traffic and block unauthorized access.
  • Be Wary of Phishing Attempts: Cybercriminals often use phishing emails to distribute info stealers. Recognize the signs of phishing emails, such as generic greetings, spelling mistakes, and questionable URLs.
  • Enable Multi-Factor Authentication (MFA): By using MFA, even if your password is stolen, an attacker would need additional verification to access your account.
  • Regular Backups: Always back up your essential data. In case of any malware infection, having a recent backup allows you to restore your system without paying ransom or losing data.
  • Educate and Train: If you’re running an organization, invest in cybersecurity training for your employees.
  • Use a Password Manager: To protect against some types of info stealers, a password manager can help. These tools generate and store complex passwords, making them harder to steal and crack.

In the ever-evolving cyber threat landscape, info stealer malware is a particularly insidious tool in the hacker’s arsenal. By staying informed and practicing good cybersecurity hygiene, you can significantly reduce the risks of this type of threat.

You should read this article from Malwarebytes on info stealers for more information. Also, our article on how to know if you’ve been infected by malware may help.

Beyond the Vault: The Realities of Password Manager Security

The Double-Edged Sword of Password Managers

As we juggle numerous online accounts in the digital age, remembering a unique password for each becomes increasingly difficult. Enter password managers, the modern solution to the age-old problem of password overload. But are they foolproof?

What are Password Managers?

Password managers are software designed to store and manage your passwords. They encrypt your password database with a master password – the master key to all your online accounts.

Password Managers are a Necessary Evil

Password managers are a great way to keep your online accounts safe by generating and storing strong, unique passwords for each account. However, it’s important to note that no system is perfect, and password managers have been hacked in the past.

One of the most recent high-profile examples of a password manager hack was the LastPass breach in 2022. In this attack, hackers were able to gain access to customers’ encrypted password vaults. While LastPass claims that customers’ passwords were not compromised, the breach was a reminder that even the most popular and trusted password managers can be vulnerable.

Password managers are a valuable tool for improving online security despite the risks. However, it’s important to choose a reputable password manager and take steps to protect your account.

Here are some tips for choosing and using a password manager securely

  • Choose a password manager with a good reputation and a strong security track record.
  • Use a strong master password for your password manager account.
  • Enable multi-factor authentication (MFA) for your password manager account.
  • Keep your password manager software up to date.
  • Be careful about clicking on links in emails or text messages, as these can be phishing attacks designed to steal your password manager credentials.

Bitwarden: A good alternative to LastPass

If you’re looking for a password manager that is both secure and easy to use, I recommend Bitwarden. Bitwarden is a free and open-source password manager that offers a variety of features, including:

  • Strong encryption of your password vault
  • MFA support
  • Two-factor authentication (2FA) support
  • Automatic password generation and fill-in
  • Password sharing with other users
  • Mobile and desktop apps

In Summary

Bitwarden has a good reputation and has not been hacked to date. It is also a good choice for users concerned about privacy, as Bitwarden does not collect any personal information about its users.

Overall, password managers are a valuable tool for improving your online security. However, it’s important to choose a reputable password manager and take steps to protect your account. Bitwarden is a good alternative to LastPass and other popular password managers.

Read more about which password managers have been hacked and an interesting article of ours on drive-by malware attacks.

8 Steps to Boost Facebook Security & Privacy

Securing and hardening your Facebook account and controlling fraudulent game and friend activity involves a combination of privacy settings, activity monitoring, and reporting mechanisms. Here’s an eight-step guide to Facebook Safety.

Basic Security Measures

  • Use a Strong Password: Ensure your password is complex and unique. Don’t reuse passwords from other sites. Use a password manager to create and store your passwords.
  • Enable Two-Factor Authentication (2FA): Go to Settings > Security and Login > Use two-factor authentication.

Control Game and App Permissions

  • Review Game/App Permissions: Go to Settings > Apps and Websites. Review the apps/games you’ve allowed and remove any you don’t recognize or no longer use.
  • Turn Off Game/App Notifications: Navigate to Settings > Notifications > Apps and adjust the settings to your preference.

Friend Activity & Requests

  • Review Friend Requests Carefully: Only accept friend requests from people you know. Scammers often create fake profiles to gain access to information.
  • Normally, if you receive a friend request from someone that you’re already FB friends with, it means their account has been compromised, and you should alert them and, to be safe, unfriend their main account until remediated. There are exceptions to this, such as someone wanting to create a new account for keeping interests and friends separate, like separating your band’s posts from cybersecurity posts in subpages.
  • Limit Who Can Send Friend Requests: Go to Settings > Privacy > Who can send you friend requests? Select Friends of Friends.

Monitor Your Activity Log

  • Regularly review your activity log to identify any unfamiliar activity. Go to your profile and click on Activity Log.

Be Careful about What Information You Share

  • Facebook is a great way to stay connected with friends and family, but be careful about what information you share on the platform. Avoid sharing personal information like your address, phone number, or date of birth. You should also be careful about what photos and videos you share.

Reporting Suspicious Activity

  • Report Fake Accounts: Go to the profile of the account you want to report, click on the … on their cover photo, and select Find support or report profile.
  • Report Game/App Issues: Go to the game or app’s page, click … under the cover photo, and choose Find support or report page. Follow the on-screen instructions.
  • Use the Report Tool: For specific posts, comments, or other content that seems fraudulent or malicious, click on the … in the top right corner of the content and choose the appropriate reporting option.

Shore Up the Human Risk

  • Beware of Phishing Attempts: Don’t click on suspicious links, even from friends. Always verify with them through another channel.
  • Educate Yourself: Periodically, check Facebook’s Help Center and Security Tips page for updates on security best practices.

Additional Hardening

  • Regularly Review Login Locations: In Settings > Security and Login, check Where You’re Logged In and log out of unfamiliar locations.
  • Limit Profile Visibility: In Privacy Settings, adjust who can see your profile info, friends list, and posts to Friends or custom settings to increase privacy.
  • Ensure your computer and mobile devices are running the latest operating systems and security software versions. This will help to protect you from known vulnerabilities that cybercriminals may try to exploit.

By being proactive with these measures, you can significantly reduce the risk of fraudulent activity and ensure a safer Facebook experience. You can read more about this topic on Facebook. Our article on avoiding social engineer attacks may also be of interest.

The Rising Threat of Deepfakes: What You Need to Know

Imagine waking up one day and finding a video of yourself saying or doing something you’ve never done, and you’re absolutely certain of it. That’s the power and threat of “deepfakes.” Let’s break it down.

What Are Deepfakes?

“Deepfakes” is a blend of “deep learning” (a type of machine learning) and “fake.” At its core, a deepfake is a convincing fake video or audio clip produced using advanced artificial intelligence (AI). These clips can make it look and sound like someone is doing or saying something they never did.

Why Are They Dangerous?

  1. Misinformation and Fake News: With the increasing news spread through social media, deepfakes can cause significant harm by distributing false information. For instance, a convincingly edited video of a political leader declaring war could cause panic or real-world confrontations.
  2. Identity Theft and Personal Harm: Personal videos can be manipulated for blackmail or revenge, causing emotional and psychological harm.
  3. Trust Erosion: As deepfakes become more prevalent, our trust in videos and audio as reliable sources of information diminishes. This can create a society where we’re skeptical of everything we see or hear.

How Can You Spot a Deepfake?

While the technology behind deepfakes is improving, there are still some signs you can look for:

  1. Imperfect Lip Syncing: If the words being spoken don’t quite match up with the movement of the lips, it could be a sign.
  2. Strange Lighting or Shadows: Deepfakes might not always get the lighting or shadows just right, so look for inconsistencies.
  3. Blinking: Early deepfakes struggled with simulating natural blinking.
  4. Audio Inconsistencies: The voice might sound slightly off or have unusual background noises.

Fighting Back Against Deepfakes

Thankfully, as the technology to create deepfakes advances, so does the technology to detect them:

  1. Detection Tools: Many companies and researchers are working on AI tools to detect deepfakes by analyzing the nuances humans might miss.
  2. Digital Watermarking: Some suggest using digital watermarks in authentic videos, especially for official broadcasts or critical news segments.
  3. Media Literacy Education: It’s essential to teach people, especially the younger generation, to approach videos with a critical mind and verify information from multiple sources before accepting it as truth.

Conclusion

To summarize, deepfakes’ ability to manipulate reality has brought a new threat dimension in the digital age. As with most technology, it’s a tool that can be used for good and bad. It’s up to society, tech companies, and individuals to remain vigilant, educate themselves, and develop and employ countermeasures. Remember, in this era of technological wonders, seeing isn’t always believing.

Deepfakes have been recognized as a serious threat by government agencies, including the NSA; read more here. You may also benefit from our article on drive-by malware attacks.

Drive-By Malware Attacks: What They Are and How to Protect Yourself

Today, the threats we face are not just physical but also virtual. One such threat, which has increased in recent years, is drive-by malware attack. But what is it, and how can you stay protected?

What is a Drive-By Malware Attack?

A drive-by malware attack is a method cybercriminals use to spread malware without the user’s knowledge. It typically occurs when a user visits a compromised website. Unlike phishing attacks, where victims are tricked into downloading malicious files, in drive-by scenarios, merely visiting a website can trigger an automatic malware download onto the user’s device.

These attacks often exploit vulnerabilities in outdated software or browser plugins.

How Drive-By Malware Attacks Work:

  1. Compromised Websites: Cybercriminals find and exploit vulnerabilities in websites to insert malicious code.
  2. Browser Interaction: When an unsuspecting user visits this compromised site, the malicious code scans their device for software vulnerabilities.
  3. Exploitation: If vulnerabilities are found, the site can then download and install malware onto the user’s device without their knowledge or consent.

Protection Against Drive-By Attacks:

  1. Keep Software Updated: Regularly update your operating system, browsers, and plugins. Cybercriminals often exploit vulnerabilities in outdated software.
  2. Use a Reliable Antivirus: A good antivirus software can detect and block many malware threats, including those from drive-by attacks.
  3. Enable Click-to-Play: This feature, available in many browsers, prevents plugins like Flash or Java from running automatically. Instead, they require manual approval, offering an extra layer of protection.
  4. Regular Backups: Always back up your data. If malware compromises your system, you can restore it to a previous state.
  5. Educate Yourself: Understand the signs of a compromised website. Be wary of sites with excessive pop-ups, unexpected redirects, or other unusual behavior.
  6. Use a VPN: Virtual Private Networks (VPNs) encrypt your data, making it harder for cybercriminals to target you.

To summarize, drive-by malware attacks are silent threats that can compromise systems without active downloads or clicks from the user. However, by keeping software updated, using protective tools, and maintaining a vigilant online presence, you can significantly reduce the risks associated with these cyber-attacks. Remember, in cybersecurity, a proactive approach is always better than a reactive one.

You may find our article on detecting malware on your machine helpful as well as this one by Norton.

Maximizing VM Security: How to Navigate and Neutralize VM Escape and Sprawl

Keeping Virtual Machines Safe: Tackling VM Escape and Sprawl

Virtual machines (VMs) have revolutionized the IT industry, allowing organizations to optimize their infrastructures, achieve efficient resource allocation, and run multiple operating systems on a single physical machine. However, like all technology, VMs come with their own set of security and management challenges. Two of the most notable are VM escape and VM sprawl. This post will delve into these issues and provide strategies to counteract them.

Understanding VM Escape

VM escape is an attack where the malware breaches the virtual machine’s confines and attacks the host system. This can compromise not just one but all VMs running on that host. VM escape isn’t common but can be devastating when it occurs.

  • Strategies to Prevent VM Escape:
  • Patch and Update: Regularly update the hypervisor to patch known vulnerabilities.
  • Least Privilege Principle: Only give necessary permissions to VMs. Overprovisioning can expose VMs to unnecessary risks.
  • Isolate Sensitive VMs: Ensure that critical VMs run on separate hosts from less secure VMs.
  • Network Security: Implement proper firewalls and intrusion detection/prevention systems to monitor and block suspicious activities.

Addressing VM Sprawl

VM sprawl happens when the number of VMs in an environment grows unchecked, leading to inefficient resource use and increased complexity. It often arises from VMs being created quickly without proper lifecycle management.

  • Strategies to Prevent VM Sprawl:
  • Lifecycle Management: Implement a VM lifecycle management strategy. This means having clear policies for creating, using, and eventually decommissioning VMs.
  • Regular Audits: Regularly review and audit your VMs. Check for idle or underutilized VMs and either repurpose or decommission them.
  • Template-Based Provisioning: Use standardized templates for VM creation to ensure consistency and ease of management.
  • Role-Based Access Control (RBAC): Implement RBAC to ensure only authorized individuals can create or modify VMs. This can reduce unplanned or unnecessary VM creation.
  • Educate and Train: Ensure team members understand the implications of VM sprawl and are trained in best practices.

Additional Safety Tips

  • Backup: Always back up your VMs. This ensures data integrity and availability in case of issues.
  • Monitor: Use tools that provide visibility into the health and performance of both VMs and host systems.
  • Network Security: Segment virtual networks, much like you would with physical networks, to limit potential malware spread and lateral movement.
  • Harden VMs: Just like physical systems, ensure VMs are hardened against attacks. This includes disabling unnecessary services, regular patching, and using strong authentication mechanisms.

While VMs offer numerous advantages, they aren’t without challenges. By understanding these challenges and proactively implementing strategies to address them, organizations can maximize the benefits of virtualization while minimizing potential pitfalls. Stay updated on the latest threats and best practices in VM security and management.

Learn more about securing your virtual machines (VMs) from the latest attacks at VMware. You may also find our blog post on pivoting into the cybersecurity field interesting.

Warning: The ‘Unsubscribe’ Trap in Suspicious Emails & How to Avoid It

Unsubscribe Button Photo

Phishing: What Happens When You Click ‘Unsubscribe’

When you click “unsubscribe” in a legitimate email, you intend to stop receiving further communications from the sender. However, if you’re dealing with a phishing email, clicking “unsubscribe” can lead to several unfavorable outcomes, potentially making things worse.

  • Verification of Active Email Address: One of the primary objectives of phishing campaigns is to gather valid, active email addresses. By clicking on the “unsubscribe” link, you tell the attacker that your email address is active and monitored, making it a more valuable target for future scams or spam.
  • Malware Infection: The link might lead to a malicious website that downloads and installs malware onto your device. This malware could be anything from ransomware (which encrypts your files and demands payment for their release) to spyware (which monitors your activities and steals sensitive information).
  • Credential Harvesting: The link could redirect you to a counterfeit webpage that looks like a legitimate site you use (e.g., banking, email, or social media). The goal is to trick you into entering your login credentials, which the attackers can exploit.
  • Drive-By Download Attacks: Some malicious websites are designed to exploit vulnerabilities in your web browser or its plugins. Just by visiting the site, without any further action on your part, malware might be downloaded and installed on your device.
  • Tracking Pixels: By clicking the link, the phisher might also be able to retrieve certain information about your device or location, enhancing their profile of you for further attacks.
  • Further Spam: By interacting with the phishing email, the attackers might categorize you as an “engaged” user. This could result in an increased volume of phishing emails or spam.

Why Clicking “Unsubscribe” Isn’t Helping

Legitimacy Misunderstanding: Many people associate “unsubscribe” links with legitimate emails. Attackers exploit this trust by including such links in phishing emails.

  • False Sense of Security: Clicking “unsubscribe” might lead you to believe you’ve resolved the issue and won’t receive further malicious emails from that sender. In reality, you’ve just signaled your engagement to the attacker.
  • No Regulatory Backing: Phishers operate outside the law, unlike legitimate marketing emails regulated by laws (like the CAN-SPAM Act in the US) that require honoring unsubscribe requests. They are not obligated to stop sending you emails because you clicked “unsubscribe.”

Phishing Protection: How To Protect Yourself

  • Avoid Interacting: If you suspect an email might be a phishing attempt, avoid clicking any links, downloading attachments, or interacting with the email in any way.
  • Verify Directly: If unsure about an email’s legitimacy, contact the company or sender directly using a verified phone number or email address, not any contact details from the suspicious email.
  • Update & Protect: Ensure your operating system, web browsers, and security software are regularly updated to defend against known vulnerabilities.
  • Educate Yourself: Familiarize yourself with common signs of phishing emails, such as generic greetings, poor grammar, urgent or threatening language, and mismatched URLs.

You may be interested in this article and guide on stopping the attack cycle from CISA. Or, our blog post on avoiding the top ten social media scams.

Cyber Criminals Exploit QR Codes in Sophisticated Phishing Attacks

The use of QR codes has skyrocketed, especially with the development of mobile technologies. Our ability to browse the restaurant’s menu and websites, authenticate transactions, and even make payments is made possible by them. They provide a practical link between the real and digital worlds. However, the dark side of the internet has started using QR codes for evil purposes, particularly in phishing and cyberattacks, just like with any other technology.

The Use of QR Codes in Phishing Attacks

The top three business verticals for QR code use are retail and shopping, restaurants & cafes, and healthcare. Attackers substitute phony QR codes that point to phishing websites for real QR codes that might be on fliers, posters, and signs. The users of these websites may then be tricked into installing malware or disclosing personal information.

  • Malicious QR codes for mobile devices might direct users to download risky software or programs that compromise their devices.
  • Deceptive Promotions: Attackers entice users to scan a QR code by promising false discounts or promotions, which starts a destructive operation.

QR Code Safety Guidelines

  1. Verify Before Scanning: Look for any signs of tampering before scanning a QR code, especially in public areas. Avoid scanning if you’re unsure.
  2. Utilize a Secure QR Code Scanner: Several mobile security programs provide built-in QR code scanners to identify dangerous URLs.
  3. After scanning, always double-check the URL before moving on. Suspicious-looking URLs or typos are common on malicious websites.
  4. Avoid Downloading Files: Use extra caution if the QR code asks you to download a file. Downloading files shouldn’t be done unless the source is known to you.
  5. Update the operating system and apps on your device frequently. Routine updates frequently include security fixes that stop malware and phishing efforts.
  6. Use Two-Factor Authentication (2FA): Having 2FA activated can add extra security, even if attackers get some of your information.

The key is to inform and spread awareness. Let your friends and relatives know cyber-criminals are planting fake and dangerous QR codes around. It takes everyone to be on the lookout.

In this digital age, QR codes provide unmatched convenience, but it’s important to use caution when using them. We can enjoy and utilize the advantages of QR codes without being a target of cyber dangers by being aware and using safe practices. Always keep in mind: don’t scan if you’re unsure!

You may enjoy reading about the history of the QR Code; see this article. Our blog post on social media scams may also be helpful.

Passkeys, the authentication wave of the future?

A passkey is a new way to log in to online accounts, services, and apps designed to be faster, easier to use, and more secure than passwords. Passkeys are based on public-key cryptography, the same technology used to secure HTTPS connections and online payments. Ready to go passwordless?

How to Use a Passkey

To use a passkey, you first need to create one. This can be done on your device, such as your phone or computer. Once you have created a passkey, you can log in to any website or app supporting passkeys.

To log in, you must select the passkey for the website or app you want to log in to and then authenticate with your device using a biometric sensor (such as your fingerprint or face) or a PIN.

Benefits of Using a Passkey

Passkeys offer several benefits over passwords, including:

  • Security: Passkeys are more secure than passwords because they are more difficult to hack or steal. Passkeys are also less susceptible to phishing attacks.
  • Convenience: Passkeys are easier to use than passwords because you don’t have to remember or type them in. You can authenticate with your device using a biometric sensor or PIN.
  • Privacy: Passkeys are more private than passwords because they don’t require you to share any personal information with the website or app you’re logging in to.

Future of Passkeys

Passkeys are a new technology that is quickly gaining adoption from major tech companies such as Apple, Google, and Microsoft. Passkeys are expected to become the standard way to log in to online accounts, services, and apps soon.

Benefits of using passkeys for future use

Passkeys offer several benefits for future use, including:

  • Reduced risk of fraud: Passkeys can help to reduce the risk of fraud, such as account takeovers and phishing attacks.
  • Improved user experience: Passkeys can improve the user experience by making it easier and faster to log in to online accounts, services, and apps.
  • Increased security: Passkeys can help improve the internet’s overall security by making it more difficult for attackers to access user accounts.

Overall, passkeys are a promising new technology that has the potential to revolutionize the way we log in to online accounts, services, and apps. Are you ready to go passwordless?

For additional info, read this blog post by Google. You may also be interested in our article about the padlock and HTTPs for secure sites.

Verified by MonsterInsights