Category Archives: (J) Security Focus

Best USA People Search Tool | Background Check

We really wanted to provide the BEST solution to our readers for this problem and we  did some extensive research and reverse engineering. After a loot of research and looking around we found the BEST solution of this problem for the people of tha USA Its the BEST USA people Search Tool. Its absolutely FREE to try and gives almost any information you want regarding the person for his / her background verification.

The name of the tool is EVERIFY.

find people for free usa | Find people by phone number

find people for free usa | Find people by phone number

The features of this tool include (but are not limited to) some of the best features you can think of :-

a) People Check – If you are looking for someone in the USA with any detail about the person. You can find the COMPLETE information about the person by looking for the person. In this tool you can :-

  • Search for person by Phone numbers
  • Search for person by Email addresses
  • Search for person by Address history
  • Search for person by DOB
  • Search for person by Relatives and associates

b) Social Media Check – Find all the information about any person from any social networking website including the complete list of his :-

  • Photos
  • Videos
  • Blogs
  • Professional interests
  • Social Networking Profiles
  • Archives and publications
  • And other!

c) Background Check – In case you get a spam email or even think of working with a legitimate person, doing a background check of the person is always a good idea. You can verify the complete information about the person based upon what he mentioned and what’s officially in the record by matching it against the following :-

  • Court Records
  • Marriage/Divorce Records
  • Birth Records
  • Death Records
  • Property Records
  • Asset Information

d) Criminal Check – If the above information was not enough, you can even go for the Criminal Record check of the person. The following information can be looked up about the person under criminal records :-

  • Arrest & convictions
  • Felonies & misdemeanor
  • Sex offenders
  • Mug shots
  • Criminal driving infractions
  • Court and probation records
  • And more

I have personally tested this tool and I loved it. I tried searching a person by phone number, name email and it automatically gave me all the related information about the person.

One think that could be improved about this tool is that currently its available only for the people of USA but we will find such valuable and useful resources for other countries as well and share the same for you guys to use.

I am sure many people will LOVE this tool and might start using it on regular basis. Some of our big corporate clients have been using this tool since long for the verification of the candidates they hire from the USA and save thousands of dollars annually in the actual verification. I myself use if for verification before we deal with any client overseas.

find people for free usa | Find people by phone number

find people for free usa | Find people by phone number

So next time you want to deal with any person from the USA and feel like doing their background checks, remember to use everify and get confident about your search before taking a step forward.

Removing ransomware From Your System – Save Your Data

With  nasty malware like Locky  making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware is so difficult.

You can remove many ransomware viruses without losing your files, but with some variants that isn’t the case. In the past I’ve discussed general steps for removing malware and viruses, but you need to apply some specific tips and tricks for ransomware. The process varies and depends on the type of invader. Some procedures involve a simple virus scan, while others require offline scans and advanced recovery of your files. I categorize ransomware into three varieties: scareware, lock-screen viruses, and the really nasty stuff.

Scareware

fakeav example

An example of a fake antivirus app.

The simplest type of ransomware, aka scareware, consists of bogus antivirus or clean-up tools that claim they’ve detected umpteen issues, and demand that you pay in order to fix them. Some specimens of this variety of ransomware may allow you to use your PC but bombard you with alerts and pop-ups, while others might prevent you from running any programs at all. Typically these invaders are the easiest type of ransomware to remove.

Lock-screen viruses

kovter ransomware

The Kovter ransomware locks down your computer, displaying a fake notice claiming to be from several government authorities.

Next is the ransomware variety I call lock-screen viruses, which don’t allow you to use your PC in any way. They display a full-size window after Windows starts up—usually with an FBI or Department of Justice logo—saying that you violated the law and that you must pay a fine.

The really nasty stuff

locky ransomware

McAfee

A ransomware program called Locky has quickly become one of the most common types of malware seen in spam.

Encrypting malware—such as Locky—is the worst variant, because it encrypts and locks your personal files until you pay up. But even if you haven’t backed up your files, you may have a chance to recover your data

Removing ransomware

Before you can free your hostage PC, you have to eliminate the hostage taker.

If you have the simplest kind of ransomware, such as a fake antivirus program or a bogus clean-up tool, you can usually remove it by following the steps in my previous malware removal guide. This procedure includes entering Windows’ Safe Mode and running an on-demand virus scanner such as Malwarebytes.

If the ransomware prevents you from entering Windows or running programs, as lock-screen viruses typically do, you can try to use System Restore to roll Windows back in time. Doing so doesn’t affect your personal files, but it does return system files and programs to the state they were in at a certain time. The System Restore feature must be enabled beforehand; Windows enables it by default.

windows7 advanced boot options

Eric Geier/IDG

You can usually bring up the Advanced Boot Options of Windows 7 by pressing F8 during booting.

To start the restoration process using System Restore, follow these steps depending on your OS version:

Windows 7

  1. Shut down your PC and locate the F8 key on your PC’s keyboard.
  2. Turn the PC on, and as soon as you see anything on the screen, press the F8 key repeatedly. This action should bring up the Advanced Boot Options menu.
  3. Select Repair Your Computer and press Enter.
  4. You’ll likely have to log on as a user. Select your Windows account name and enter your password. (If you don’t have a password set, leave that blank.)
  5. Once logged on, click System Restore.

Windows 8, 8.1, or 10

windows10 recoveryEric Geier/IDG
You can get to the recovery options of Windows 8, 8.1, and 10 by holding shift when rebooting from the Windows login screen.

  1. If your PC boots to the Windows login screen, hold the Shift key, click the power icon, and select Restart.
  2. It should reboot to the recovery screens.
  3. Select Troubleshoot > Advanced Options > System Restore.

If you can’t get into the recovery screens, you can use the Windows installation media (disc or USB drive) for your particular version/edition to access the recovery tools. You’d boot up to that install media, but click Repair your computer on the main menu before proceeding with the installation. Alternatively, you can create a Windows System Repair Disc on another PC running the same Windows version, and then boot to that disc on the infected PC to reach the same recovery tools. We’ve previously discussed this process for Windows 7, Windows 8, and Windows 10.

If System Restore doesn’t help and you still can’t get into Windows to remove the ransomware, try running a virus scanner from a bootable disc or USB drive; some people refer to this approach as an offline virus scan. My favorite bootable scanner is from Bitdefender, but more are available: AvastAVGAvira, KasperskyNorton, and Sophos all offer antivirus boot-disk software.

bitdefender rescue cd

Eric Geier/IDG

Bitdefender’s antivirus boot disk in action.

If you still have no luck after trying Safe Mode and an on-demand scanner, performing a System Restore, and running an offline virus scanner, your last resort is likely to perform a full restore or clean re-install of Windows. Most ransomware isn’t that tenacious, however.

show hidden files windows7Eric Geier/IDG
Showing hidden files in Windows 7 takes a couple of clicks.

Recovering hidden and encrypted files

With that out of the way, it’s time to repair the damage. If you’re lucky, your PC was infected by malware that didn’t encrypt your data. If it appears you’re missing stuff though, the malware may have merely hid your icons, shortcuts, and files. It usually does this by making the files “hidden.” Here’s how to check, depending on your OS version:

Windows 7

  1. Open Computer.
  2. Press the Alt key and select Tools.
  3. Click Folder Options and select the View tab.
  4. Select Show hidden files, folders, and drives, and then click OK.

Windows 8, 8.1, and 10

  1. Open a File Explorer window.
  2. Select the View tab on the top pane.
  3. Check Hidden items.
show hidden files win10

Eric Geier/IDG

Showing hidden files in Windows 8 and after is a cinch.

If your data reappears after you elect to show hidden files, that’s great—it means there’s an easy fix for your woes. Open Computer or File Explorer, navigate to C:\Users\, and open the folder of your Windows account name. Then right-click each folder that’s hidden, open Properties, uncheck the Hidden attribute, and click OK. Boom! Done.

If you still can’t find your data, and your files really have been malware-encrypted, you’re in trouble. Usually it isn’t possible to just decrypt or unlock your hostage files, because the decryption key is typically stored on the cybercriminal’s server. Some victimized users have reported that some pieces of malware will keep their promise, decrypting and returning your files once you pay, but I don’t recommend paying.

This is why we constantly tell you to back up your PC on a regular basis.

If you previously set and created backups, scan them for viruses on another PC (one that is not infected) if at all possible. If all of your important files are backed up, you can proceed in removing the malware and then simply restoring your backed-up files.

If you don’t have a backup system in place, you might be able to recover some files from Shadow Volume Copies—if the malware hasn’t deleted them. Shadow Volume Copies is part of Windows’ System Restore feature. Either right-click on the files or folders you want to restore and open Properties to view the Previous Versions list, or use a program called Shadow Explorer to browse the snapshots.

But don’t rely on that. Start backing up your PC today, and do it regularly.

Preventing ransomware and malware infections

Avoiding ransomware is much the same as avoiding other types of other malware.

Always run a good antivirus utility and keep Windows and browser-related components (Java, Adobe, and the like) updated. Keep your browser clean of junk toolbars and add-ons to prevent adware invasions that could lead to malware infections. Always, always be wary of unexpected email attachments and spam.

And just to beat this dead horse one more time: Always have a good backup system in place, just in case your PC does become infected and you can’t recover your files. Yes, it’s that important.

DNS Protocol Attacks: How Can They Be Avoided?

Domain Name Server, or DNS for short, is a convention that is for the most part centered around interpreting the supposed human format nomenclature of a webpage (the domain name), into the Internet address (IP address) and is frequently referred to as the Internet phonebook. For illustration, when you need to go to www.fossfluff.com (example) utilizing a program, your program will naturally play out a DNS ask for to its DNS server to make an interpretation of www.fossfluff.com (example) into its IP address – 12.34.45.67 (illustrative). The program will then utilize this IP delivery to get the necessary reaction from www.fossfluff.com. Every firm or ISP has its own particular DNS server that assists its patrons. The DNS server is accordingly premeditated into any associated appliance so it can perform DNS analyses, customarily utilizing DHCP.

DNS attacks are daily affairs. When DNS Security is compromised, a complete list of anomalies can occur. However, broken-in DNS servers are often used by aggressors in one among a large number of techniques. The first object an attacker can pursue is to readdress all incoming circulation to a server of their premeditation. This qualifies them to take-off further outbreaks, or accumulate traffic journals that contain sensitive information. There are various kinds of DNS attacks like the zero-day poisoning, cache poisoning, DDoS attacks and DoS attacks. The wide usage of DNS on the Internet also led to a wide usage of DNS as an attack vector.

Once in a while a new DNS attack vector is discovered and it gathers popularity at the expense of another vector, yet the DNS-related attacks more often than not have a spot of honor in the hall of fame. Even if the DNS is quite vigorous, it was premeditated for utility, not safety, and the types of DNS attacks in use currently are plentiful and pretty multifarious, taking lessons from the improvement of the communication back and forth between clients and servers. Apart from the commonly mentioned, DNS amplification and fast flux DNS attacks DNS attack are other types of attacks which may sour your day based on the severity of attacks and the tenacity of the hackers.

Battling against these sorts of assaults frequently incorporate solid passwords, and IP-based ACLs (worthy customer records). Moreover, a strong preparing program that collaborates with social designing will likewise be compelling. The initial step perceives the significance of definitive DNS in our Internet network trust demonstrate. All of the forces of power and assets on the planet can be set into securing a webserver, yet in the event that an assailant can assault the definitive server and point the DNS records at an alternate IP address, to whatever remains of the world, it is nonetheless going to be apparent that you have been beaten at your own game.

Deal with your DNS servers safely. With regards to your definitive servers, you have to choose whether to host them yourself or have them facilitated at a specialist organization or domain logger. Nobody thinks about your security as much as you do, so it is okay to be facilitating and overseeing your setup yourself – in the event that you have the right stuff to do as such. In the event that you don’t have those abilities, then obviously it is ideal to get another person to do it for you. It’s a matter of ability, as well as of scale in light of the fact that numerous associations need DNS servers in three or four places the world over.

The first and foremost thing to be achieved is familiarization. You must know the enemy to fight it. Hence, the onset of tech-savvy warfare calls for acclimatizing your wits with the terminology and mechanisms of the DNS warfare theatre. Proposed techniques to anticipate or alleviate the effect of DNS intensification assaults incorporate rate constraining, blocking either particular DNS servers or all open recursive transfer servers and fixing DNS server security when all is said and done.

In this way, with a little knowledge and some wisdom, DNS attacks can be thwarted and a peaceful cyberspace is consolidated.

What is Typosquatting ?

Sometimes misspelling in the address bar of a URL of a popular website takes us to a similar looking but different website altogether. Most of the cases these similar looking websites are controlled by hackers, who exploit this for illegitimate purposes. This is called Typosquatting.
Typosquatting is a type of cybersquatting, where an attacker uses an internet domain name with the intent of illegitimate profit from the goodwill of a trademark belonging to someone else. Most of the cases Typosquatting is done by the attackers with the intent of spreading malware, get revenue from website traffic or phishing.
Typosquatted URL’s
Study says, mainly five types of URL’s are used for Typosquatting :
  • Foreign language spelling of a popular website
  • Common misspelling or typing error of a popular website, e.g. goggle.com
  • A differently phrased domain name, e.g. apples.com
  • A different top level domain, e.g. amazon.org
  • Abuse of Country Code Top Level Domain, e.g. Google.cm
A user is more likely to wrongly type these types of URL’s in the address bar and the typosquatters exploit that.

Why is Typosquatting done

There are several reasons for which attackers do Typosquatting. To name a few :
  • To earn revenue from website traffic visited by the visitors with miss-typed URL.
  • To redirect the typo-traffic to the competitor of the actual website.
  • To try to sell the typosquatted domain to the actual website and earn money illegitimately.
  • To redirect the typo-traffic to the actual website, but through the affiliate program, and thus illegitimately earning revenue from the brand-owner’s affiliate program.
  • To steal sensitive data from the visitors. Sometimes the attackers makes a website looking very much similar to the actual website. As a result, if a visitor visiting the website provides his name, credit card numbers etc by mistake, the information gets stolen.
  • Sometimes, these fake websites are used in phishing.
  • With a drive-by-download, malware can be installed in a computer by just visiting the website, though the user does not click or initiate installation of any software from the website. Sometimes, these fake websites are used to spread malware.
  • To expose users to internet pornography.
From 2006 to 2008, a typosquatted domain of Google called Goggle.com was used to spread malware and even rogue anti-malware.
Defenses
One possible defense of Typosquatting may be to buy variants of domain names that can be used by typosquatters. For example the following variants of domain names can be considered :
  • Replacement of letter ‘O’ with number ‘0’
  • Domain names with missing dot (.) between www and the actual domain name. For example, wwwexample.com
  • Singular and plural versions of domain names.
  • Hyphenated and non-hyphenated versions of domain names.
  • Domains with other domain extensions like .net, .org, .com etc.
There are also a number of tools available which can suggest variants of domains that can be typosquatted. One such tool can be found here .
Also, there are a number of tools available to detect Typosquatting. One such example may be Microsoft Strider. One can use the tools for mitigating the risks.

 

There are more ways to scam people in internet than ever before. You need to be aware of all these scams and stay educated and use your common sense.

You Cannot Take Your Picture Back From the Internet

Here are the biggest dangers of posting photos online

1. You lose control over your images

As soon as pictures of your kids appear online, anyone may view them, copy, save, tag or spread them – and you will never get to know. Besides, most of the people skip reading terms and conditions of social media sites like Facebook. Well, having read attentively enough you can find a clause that states that you give up all copyrights, ownership and your consent of any media you share on the platform. This means that popular sites like Facebook are not obliged to ask your consent and may use any content you put on their platform in any way they want.

2. You can’t take a photo back from the Internet

pictures of your kids

Source: popsugar.com

Once your photo is uploaded to the Web, you can’t take it back. Any images, as well as any messages, will stay in the worldwide network forever, stored on the servers. If you delete them from the timeline on your FB profile or the message history on Whatsapp, they still won’t disappear from the Internet.

Even changing picture privacy settings in your profile to keep all photos available only for the people on your friends list doesn’t guarantee that someone won’t see it else. Even your friends or relatives may appear to be a “weak link,” having saved a photo or a video of your kid and passing it on through other resources.

Moreover, if you change your mind and delete a photo quickly from your timeline, it can already be viewed and saved by someone.

3. Digital kidnapping

A growing crime called ‘digital kidnapping’ means that individuals or companies steal children’s photos without their parents’ permission and repost these images across the Internet for advertising purposes, frauds or things even worse.

4. Collecting data and targeted advertising

Things you post online have valuable information for data collectors and advertisers. They collect data about you to show targeted advertising to you as their potential customer. As a person who posts photos of a kid, you might be interested in kids toys or clothes – and voila! – you see dozens of related ads on your screen.

Moreover, any time you take your child’s images and post pictures online it leaves his/her digital footprints. Social networking sites like Facebook collect information about your kid and form their identity in the worldwide web years before children decide to sign up for a network.

5. Avoid sharing important information about your kid

By giving too many details, you may as well reveal vital information about your children to online fraudsters and predators. Therefore:

  • Turn off GPS tags when posting images of your child in order not to show places where he/she spends much time;
  • Try not to post too many photos concerning your kid’s hobbies – sports groups, extracurricular activities, etc.;
  • Do not post pictures of any documents containing official information about your child;
  • Some experts even advise using a nickname instead of your kid’s real name in any posts online.

6. Don’t post half-naked photos of your children

post pictures online

Source: news.yahoo.com

Avoid showing up online photos where your little ones are half-naked (at the seaside, etc.) no matter how cute and innocent these images seem to be. You never know who and with what purposes may look through them.

7. Think of possible consequences before sharing photos of your children without their consent

Statistics say that:

  • Over 1/3 of admissions officers of academic institutions learn more about prospective students on Facebook and Google+. In over 35% of such checks, the discovered information had negatively impacted prospective students’ applications.
  • Recruiters in 75% of companies examine applicants’ online reputation. 84% of recruiters think that online reputation impacts hireability.

Obviously, any information that creates your kid’s online identity – even childhood photos – may potentially compromise not only his/her school life but also education and career in future. Moreover, photos that often seem to be cute and funny to parents may appear to be embarrassing for the kids, especially in their teen years, sometimes even with their peers mocking and making fun.

In some cases, children can even sue their parents for posting their childhood photos online without their consent, and therefore violating their right to a personal life, just like an 18-year-old girl Rami from Austria did. Cases of children suing their parents have happened across the US and other countries.

For the same reasons, you’d better always ask the consent of other parents whose children are in the same photo with your child before posting such an image online.

The good thing you can do is involve your children in the process as they grow. Always let them decide which of their photos are OK to share online and which are not.

Make sure you don’t overshare online and monitor what your kids post, too!

Android Devices Phoning Home To China

One of the phones seems to be Blu R1 HD, which is ‘Currently unavailable’ on Amazon.com and customers that bought it have received security update e-mails.

Security researchers have uncovered a secret backdoor in Android phones that sends almost all personally identifiable information to servers based in China.

The firmware is managed by Shanghai Adups Technology, and according to the company, is contained on over 700 million phones worldwide, including phones available in the United States.

Adups says that the firmware provides companies with data for customer support, but an analysis by Kryptowire revealed that the software sends the full bodies of text messages, contact lists, call history with full telephone numbers, and unique device identifiers including the International Mobile Subscriber Identity and the International Mobile Station Equipment Identity.

Or, in other words, everything that you would need to keep someone under surveillance.

Although Shanghai Adups is not affiliated with the Chinese government, the discovery of the firmware is being taken very seriously by US government officials: not least because the firmware does not disclose what it is doing and the firmware – spyware – comes pre-installed on new phones.

It looks like the CIA/FBI/Homeland will be looking into this as it could potentially be framed as a Nation state attack (even though it’s most likely not) – it’s just some unethical businessman. Also the fact that Kryptowire was established by DARPA (Defense Advanced Research Projects Agency) and Homeland – so yeah.

 

On its website, Adups says its firmware is used by 400 mobile operators, semiconductor vendors, and device manufacturers, covering everything from smartphones to wearables to cars and televisions.

The company has admitted that the specific software under examination was written following a request by a Chinese manufacturer, but has refused to name the company.

Phones with the firmware are available for purchase online in the US, including through major retailers like Amazon and BestBuy. Kryptowire said it only discovered its existence by accident when one of its researchers bought a phone to travel with and noticed some irregular network traffic when he turned it on.

Adups has not published a list of the phones its software is included in, although it is known to provide its software to the two large Chinese phone manufacturers Huawei and ZTE. Google has apparently told the company to also remove its software from any Android phones that run its app store, Google Play.

As mentioned in the first sentence, this is not surprising, it’s happened before and it will happen again. China is not best known for it’s ethical business practises or its respect for user privacy and sensitive data handling.

So be careful what you buy, and perhaps spend a few bucks more for something you can trust.

 

How your connected home or office is a gift for hackers, criminals, and cyber spies

techrepublic-iot-security-holes-webcam.jpg
Who is on the other side of the webcam — and what do they want?

Image: Ken Seet, © Ken Seet/Corbis

Internet-connected fridges which order your food, virtual assistants which react to your every voice command, and applications which allow you to remotely control almost every aspect of your home: today’s technologies increasingly make The Jetsons look like a prophetic message about the future.

That cartoon offers an idealised view at the world of tomorrow and didn’t anticipate some of the problems a space-age society might face: George Jetson was never locked out because the home got hacked, and Rosie the Robot was never out of service after being infected by ransomware.

Installing the latest technology can provide you with many conveniences, but it also opens up additional entry points for attackers, especially as more and more everyday devices become connected to the internet — and are more and more capable of storing and recording information on almost every event in your life.

“Phones, since they’re such a personal extension of your lives, have a lot more security mechanisms than your television, but there’s not much difference between your television and your phone,” says Dan Wiley, head of incident response at Check Point Software.

“[Your television] may not be mobile, but my God, can you imagine what the television would say about you if the camera was on? About what you’re watching, or what you’re saying? There’s a hell of a lot of information you could gleam off someone in that way.”

The idea of your television spying on you might sound far-fetched, but it isn’t: manufacturers and advertisers already monitoring viewers and collecting data about them.

“The more technology we bring into our lives, the more opportunities we create for cybercriminals,” says James Lyne, global head of security research at Sophos. “The baby monitor might not be interesting to a cybercriminal, but the fact that the baby monitor is connected to the network where you do your internet banking is.”

Internet-connected devices which have poor security — or no security at all — can provide multiple avenues for hackers to gain access to your network for malicious activity.

 

“People don’t necessarily think about the invasiveness of these devices. People think about malware as going after credit cards, but as we build-in GPS, cameras, and microphones to connect devices which help manage our shopping… cybercriminals will find new and creative ways to monetize it. It’s what they do best,” says Lyne.

The reason they haven’t already done so, he says, is “because it’s taken them time to find ways these devices could benefit their political or monetary goals”.

For example, although our homes are full of cameras, it still takes effort for hackers to make money out of those images.

“It won’t be a [situation] where everyone’s microphone or video camera is turned on, but if there’s something that’s going on that [criminals are] particularly interested in, then there’s absolutely reason to go after this kit.”

Like any form of cybercrime, hacking a bigger target, even if it means playing a long game, can prove to be much more lucrative. So if internet-connected devices like CCTV cameras, video conferencing systems, and phones enable outsiders easy access to a network, what’s to stop hackers conducting corporate espionage against a significant target?

We had a case where we went into a law firm in London to do a trial with them, and found that someone outside of their business had been live streaming audio and video from the boardroom — and it had been going on for a fortnight before being detected,” says Dave Palmer, director of technology at Darktrace.

And the number of potential attack vectors is only going to grow as more and more devices, such as Amazon Echo and Google Home, watch and listen in to our lives. People are enthusiastically bringing these into their homes and workplaces, but aren’t considering — or worse, are unaware of — the implications of what information a device which is always listening could hear and transfer to another party, be it the product manufacturers, government, or criminals.

“The funny thing is we’re just accepting it and letting it in. If you look at Amazon Echo or Google Home, the amount of information they’re already gleaning about your habits and thought processes is pretty incredible,” says Check Point Software’s Wiley.

Like every other activity, be it malicious or not, technology and internet connectivity are making the ability to spy on people far easier than it ever has been. This is true not just for the likes of the NSA and GCHQ, but for anyone who can remotely break into the infrastructure of one of these ever more pervasive devices.

“[George Orwell’s] book 1984 has taught us a lot. I’m not sure how far away we are from that sort of reality, but it doesn’t feel like it’s too far away,” Wiley says.

There’s still time to build security into internet-connected devices — but it must happen soon, or hackers will gain an advantage over us.

“The whole IoT industry mustn’t underestimate that they will be in [cybercriminals’] sights and that they haven’t been so far by virtue more of lack of interest, not that it isn’t possible. Wouldn’t we rather as an industry learn all those lessons while they’re still toys before they’re in the wall and you can’t rip them out?”

Tab Napping

Tabnapping

Tabnapping is a type of phishing scam that fraudsters use to get people’s personal information.

Tabnapping targets people who keep multiple tabs open in their browser, often for long periods of time. The fraudsters then use JavaScript to change the contents and label of an open, but not active, tab to resemble the log-in screen of a bank, email provider or online shopping store.

When a user clicks back onto the tab to find the fake log-in screen, they assume that they have been logged out and re-enter their user information and password to log back in. When they enter these details, the personal information provided is sent straight to the fraudsters.

Fraudsters can then use this personal information to commit fraud.

The url in the browser’s address bar is not necessarily altered by tabnappers, so checking the url is the legitimate url of the service provider is not a sufficient precautionary measure.

The fraudsters may even put an additional message on the fake log-in screen, saying that the session has timed out and the user needs to re-enter their log-in details. This is a message that appears on legitimate websites, particularly on banks, increasing the likelihood that the user thinks the log-in screen is trustworthy.

How can tabnapping be prevented?

  • Ensure anti-virus and anti-spyware software is up-to-date on your computer and make sure your browser’s filter is switched-on and up-to-date. These measures should block malicious sites and legitimate sites that are infected with a phishing attack code.
  • If you’re unsure about whether or not a log-in screen is legitimate, close the tab down, open a new one and type in the legitimate url of the website you want to log-in to.
  • Follow identity theft crime prevention advice to stay alert to unrecognisable transactions in your name.

Why ransomware is exploding, and how your company can protect itself

cybsercurity-ransomware.jpg
Image: kaptnali, Getty Images/iStockphoto

Ransomware represents a growing threat for the enterprise, as 40 percent of businesses worldwide were attacked with their data held ransom in the past year.

This particular brand of malware is not new: The first recorded case of ransomware, known as the AIDS trojan, appeared in 1989. The attack is relatively easy to deploy and cash in on, said Michael Canavan, vice president of presales systems engineering at Kaspersky Lab.

In the past, cybercriminals targeted a wide range of consumers, and would ask for around $300 to release their personal photos and information. Between April 2015 and March 2016, more than 718,500 users were hit with encryption ransomware — an increase of 550 percent compared to the same period in 2014-2015, according to Kaspersky Lab research.

“The way it’s going, we don’t see any indication that the growth rate is slowing,” Canavan said.

Once businesses started getting infected, hackers realized payoffs could get higher, Canavan said. “Business targets are at a higher premium because they have a bigger resource pool and more capabilities in terms of data — it’s not just photos of your kids, it’s patient files in hospitals and financial records in banking organizations,” Canavan said. “Asking for a couple hundred bucks might not justify the value of the data encrypted.”

Ransom costs are rising along with the attacks: The average ransom amount for 2015 was about $680 — nearly twice that for 2014, according to a Symantec report. It will likely double again in 2016, said Kevin Haley, Symantec’s director of security response.

The majority of ransomware attacks are not targeted toward one particular end user or business — rather, they cast a wide net via a phishing email, and then infect a user’s home or work device, Haley said. Still, about 43 percent of spear phishing attacks (malware hidden in messages that appear to be from a trustworthy source) include ransomware targeted at small businesses in 2015, up from 34 percent in 2014, another Symantec report found.

Ransomware is a phishing email telling the user they have an invoice that requires payment, Haley said. Another common way is to infect a website, or redirect one website to another hosting the malware.

Haley expects to see more targeted attacks against businesses over the next year, and for other devices to come into play. Strikes on computers and smartphones are the norm, but they could also occur on any IoT device, from smart TVs to refrigerators to watches.

“Ransomware is real, and it’s going to affect your organization,” Haley said. “Most of the steps to protect yourself are not unique — in the end, protecting yourself against ransomware will protect you against other security issues as well.”

Best practices for your company

IT leaders should continuously seek out innovative technologies to add to their customized, layered defense, said James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology. “Look at where your valuable data is, who is trying to exploit it, and what vulnerabilities are there in protecting it,” he added.

To prevent a ransomware attack on your company, experts say IT leaders should do the following:

  • Use a layered security approach, with all endpoints protected, as well as protection at the mail server and gateway. “If you can stop these things from ever showing up in an end user’s mailbox, you’re ahead of the game,” Haley said.
  • Educate your employees. “The human element is always going to be the weakest element,” Scott said. “The organization’s infosec team has to continuously update their education for other staff with relevant threats.”
  • Run risk analyses, and patch vulnerabilities, especially on browsers, browser plugins, and operating systems. “Infosec teams should be savvy enough to continuously pen test the organization to hunt for vulnerabilities,” Scott said. “It’s important that they do that with the same vigor as the adversary would.”
  • Build a comprehensive backup solution, and backup often. “If your files get encrypted, you don’t have to pay the ransom–you just restore the files,” Haley said. Most businesses back up, but some have not tested whether or not these backups work in an emergency.
  • Track behavior analytics to detect abnormalities among users.
  • Limit access to file shares to only those who absolutely need access.

Some organizations are using AI products to predict threats, Scott added. “A year ago, the technology to detect and respond to threats was what everyone was talking about,” he said. “Now, it’s detect, respond, and predict.”

Eliminate Ransomware Infections from your PC using these free tools

Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.

Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.

Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.

It is estimated that ransomware attacks cost more than $1 billion per year.

The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands’ police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections — and how to prevent themselves becoming infected in the future.

Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.

However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.

 

The No More Ransom Project offers a quick way to find out what sort of ransomware is on your PC using this step-by-step guide. Alternatively, the Malware Hunter Team runs the ID Ransomware online service which can also be used to identify infections.

Below, in alphabetical order, you can find a range of tools and software made available by researchers to scour your PC clean of the most common types of infection.