Blog Feed
Hackers Are Adopting Espionage Techniques
A year ago, a prominent hacker group Carbanak became famous for being the first to break into the banking system with the help of the methods previously used only by hackers engaged in cyber espionage for the governments of different countries. Carbanak adapted these techniques to attack financial institutions (in most cases banks). And the security systems of these institutions succumbed under the pressure of new hacking techniques. An important feature of Carbanak attacks is the use of legal software. This minimizes the risk of attack detection by antivirus programs. Besides, it saves time on the development of special hacking software. Carbanak hackers robbed hundreds of financial institutions in 30 countries around the world. They stole millions of dollars. Such strong authentication tools as one-time passwords and PIN-codes, which are used to protect the money and data from being stolen, failed to stop the fraudsters. Hackers used a direct access to the bank systems which make money transactions. And thus, they had no need in OTP passwords. This example was contagious. And not so long ago, two other similar groups have showed up – GCMAN and Metel. Their attacks in the majority of cases aimed at Russian financial institutions. In both cases, the hacking attacks started with the targeted phishing emails deliveries. The phishing emails contained RAR-archives, which penetrated the banking systems after being opened. When the hackers took control over the processing systems of the banks, the further action scenario of the groups was different. In the case of Metel, the main trick was to cancel the transaction after withdrawing cash at ATMs. Thus, the balance on the debit cards of the victims did not change. They discovered the loss of money only when hackers have already curtailed their activities. One these operations gave an opportunity to steal several million rubles. GCMAN worked in a different manner. They used cron for their attacks. Cron software is legal and allows starting the user programs in Unix OS at a specified time. Thus, the hackers used the cron-script to continually withdraw $200 from infected users’ bank accounts. $200 is the limit for anonymous transactions in Russian banks. Later, the hackers transferred money to the encrypted accounts of ‘money mules’. These are the people hired specially for cashing the stolen money. If hackers can overcome such strong bank security systems in such a deft manner, is there any way to stop them? Of course, the cyber-security services can strengthen the security of the servers and databases. They can use the newest software and hardware equipment. But, the experience has proven that these are only temporary measures. As the saying goes “It is easier to pull down than to build.” Sooner or later the hackers will find a way to bypass the most sophisticated technical barriers. Thus, these methods are not enough for reliable protection. Let’s think, how does any hack begin? The fraudsters need to get access to only one computer of an aimed company. And it is quite impossible to do this without a human interference. An employee installs a file, follows a link and opens an attachment with the spyware. Thus, teaching the employees the information security rules is one of the most important data protection measures. It can prevent you or your employees from swallowing the cyber fraudsters’...
read moreTwo-Step Authentication Is Already in Instagram
Few days ago it became known that Instagram starts rolling out two-factor authentication. At first, a beta version of 2FA was tested by a small number of selected users. But now two-step authentication becomes available to everyone. But what is the most surprising about this news is that the popular social network has moved to it so slowly. After all, two-factor authentication has long been an integral part of data protection of all its ‘colleagues’ – Facebook, Twitter, LinkedIn, etc. Why does Instagram need two-step authentication? Instagram has many accounts, which bring their owners a lot of money. Often, the income from these accounts can be compared with a full-fledged business. For many celebrities, it is one of the most important channels of communication with their fans. For many companies, Instagram is one of the key platforms for advertising and looking for potential customers. Imagine how upset Taylor Swift will be if her account with more than 67.9 million followers gets hacked. The accounts with a large number of followers have been hacked more than once. And every time it harmed the owner’s reputation and income. Thus, 2-factor authentication with the help of one-time passwords can be a real way out for those users who have an extreme need for data protection. How does two-factor authentication on Instagram work? At this moment, the OTP (one-time passwords) on Instagram are delivered only via SMS. But, frankly speaking, this way of one-time passwords delivery is a thing of the past. Modern two-step authentication technologies offer a much more convenient and reliable way to confirm the user’s rights to log in. The two-step authentication can be performed either by biometric methods or tokens – one-time password generators. The first method is faster and easier, and the second is much better immune to the influence of random (and non-random) factors. Many people think that tokens are necessarily the separate and expensive devices more suitable for data protection of the bank or office accounts. But there is another kind of tokens that are secure, easy-to-use and free of charge. The best solution for Instagram, where people usually log in from the smartphones, is a software token, which is installed on the same device. Many have heard of Google Authenticator, but it is not the only possible type of the software tokens. Protectimus has created an application that surpasses a software OTP token from Google. We are talking about Protectimus Smart application for Android/iOS smartphones. The benefits of Protectimus Smart OTP token This application, as well as its hardware ‘brothers’, is PIN-protected. So, even if the smartphone is lost or stolen, the thieves won’t be able to use Protectimus Smart for getting access to the account protected with it. The application can be connected with the Android Wear smartwatch. This facilitates and simplifies the process of one-time passwords generation. Thus, two-step authentication becomes more convenient. The company has thought trough even such details as the visual representation of the generated OTP password. Unlike Google Authenticator and most other software tokens the numbers here are divided into short groups that eases their entry. The application allows using different one-time passwords generation algorithms. Time-based (TOTP), event-based (HOTP), and ‘challenge-response’ (OCRA). Of course, the service for sharing pictures is not a banking institution. There is no need for strong authentication...
read moreWhy is healthcare data security so important?
Health is the main value of every person. But we start understanding it only when there is a threat to lose it. The reason for the latter may be not only bad habits or accidents but also viruses. Both common flu, and … computer viruses. Since we started to use electronic medical records healthcare data security became one of the most important aspects of data protection. Let’s find out why. In recent years, the hackers’ interest in the electronic medical records has increased sharply. At the black market, this kind of information is much more valuable than the credit card numbers and bank account passwords. The trend may be surprising, but if you think about it, the reasons are quite obvious. After all, the data in the electronic medical records contain: patients’ names, their dates of birth; addresses (postal and electronic); phone numbers; places of work and positions; IDs, card numbers, medical and social insurance. This information can be used for complete identity theft, rather than just for a one-time bank account hack. Another important reason is a weak patients’ data protection in medical institutions. Both banks and other financial institutions have already created a strong system of data protection. Two-factor authentication has become a ubiquitous standard for banks. The clients of the banks can get access to the information only after entering the OTP (one-time password). But the public health associations, on the contrary, have not paid attention to the health data security measures for a long time and thus became an easy prey for the hackers. How the fraudsters use stolen electronic medical records In addition to the identity theft, which was mentioned above, there are other ways to use the information contained in electronic medical records. Among them, there are three specific ways to use this certain type of information. Receiving medical care at the expense of others. Some treatments can be expensive and, thus, physician services, received by the fraudsters, can damage a victim’s financial well-being. Machinations with medicines. Hackers, who have a good health and don’t need treatment, can get a good income ordering some expensive drugs on behalf of a legitimate medical cardholder with the aim to resale them. Conspiracy with clinic employees. If criminals manage to get in touch with an unscrupulous clinic, an insurance company may be billed for services that have never been rendered, and the money will be divided between the clinic and fraudsters. Why the medical records hacks are dangerous Medical data hacks may result in not only material losses but also endanger the health and lives of people whose information was stolen. After all, fraud actions (receiving of medical services, purchase of medicines) get into the real clinical history of the patient. And, in case the real owner needs urgent help, physicians will be misled by incorrect information, which has no relation to the patient. For example, a person may have an allergic reaction to some drugs, but it won’t be specified in the electronic medical records because of the fraudster’s intervention. We should keep in mind that although you can easily lock and subsequently change bank accounts and cards, it is completely impossible to get back the compromised and disclosed medical data. Healthcare data security tips Despite all the dangers healthcare data security encounters in the age of...
read moreProtectimus New OTP Tokens
The range of Protectimus OTP tokens is expanded with new hardware tokens for one-time passwords generation. Meet – Protectimus TWO and Protectimus SLIM mini. Protectimus TWO is a handy hardware token made in the form of a key fob. It works according to the TOTP algorithm. It is waterproof, and its battery life is up to 5 years. The main distinguishing feature of this token – is the possibility to select the time interval during which the one-time passwords will be valid – 30 or 60 seconds. Protectimus SLIM mini is a miniature modern TOTP token smart-card. This is the token of the new generation. It can be reflashed with the help of the NFC technology. Here you can also adjust the duration of the OTP passwords’ lifetime. With the help of a special application, you can view all the information about this token you need. OTP token Protectimus SLIM mini can be used to during the authentication in Google, Facebook, Twitter, Dropbox, and other popular resources. And its size is equal to half the size of an ordinary credit card, which is very convenient for the end user. On request, the tokens can be made in the colors of the client’s brand and with the client’s logo. For more information about these tokens and their prices, please, visit our website...
read moreComic stories #5
Announcement: 55-year-old woman, the mother of three coders, asks someone not so psycho to teach her Internet. Yesterday, electricity was switched off… I spent two hours without the Internet … I communicated with my family, they turned out to be pretty nice...
read moreInformation Security Trends 2016
Today, the computers and the internet are not only the toys to help people spend their free time. Above all, they are the most important work instruments. Their safety and effectiveness determine business success and prosperity of a large number of people. Thus, it is not surprising that today information security is the matter of interest to many. What are the main information security trends of 2016? What challenges should we cope with in future? What mistakes can be avoided and, most importantly, in what direction to develop further? Hackers hunt not only the big game In the view of the majority of people, the main hackers’ objectives are large multinational corporations and high-level government agencies, such as the Defense or Finance Ministries. In fact, these objects are usually very well protected. Getting into their system requires the highest level of skills. It is much easier and often more profitable for the hackers to pay attention to smaller structures. As a rule, they do not have enough funds to ensure information security. At the same time, the data, stored on their servers, is often not less important. Today hackers are strengthening their attacks on small businesses and, especially, healthcare institutions. If to think about it, you’ll understand that a registration office of the health center in the small town is a more attractive titbit than a bank database with the credit card numbers. The medical record of any person provides almost all the information about a patient. From his exact address and passport data to the same credit card and social security cards numbers. That’s why reliable data protection is necessary not only for financial institutions. In 2015, 3 of the 5 major leaks happened in the healthcare system enterprises. And it seems this trend will continue. The vulnerability of megalopolises A town-dweller depends on the benefits of civilization much stronger than a countryman. If there is a well in the yard, a water pipe accident will not scare a countryman. When the central heating is turned off he can always stoke a fireplace. And if the electricity is cut off – primitive candles are always in reserve. At the same time, life in a huge metropolis can be completely paralyzed with a failure of any part of the life support system. Thus, the cyber-attacks on the computer systems of large infrastructure objects are extremely dangerous and can become an attractive target for fraudsters of all suits. And, it is not about the material losses at all… The importance of the human factor Investing a lot of money into security does not guarantee a complete protection from all kinds of risks. A human factor also requires close attention. In a long-term fight with Trojans and bots the information security experts often forget that today hackers are armed not only with viruses but also with the latest achievements of social engineering. A focus on the software and hardware improvement is destined to failure. It is because not a tricky virus, but a careless clerk can do more harm to the business. And he will do it not on purpose, but out of ignorance. Thus, not only technical staff should be taught the basics of the information security. But also the cleaning personnel, secretaries, managers, etc. It is necessary to bring to the...
read moreComic stories #4
Three phrases causing panic: It will not hurt. I want to talk to you seriously. Incorrect login or password. Do you want to hide important information on your computer? Place it in the folder named “Read. Me!” or even better “license...
read moreMobile Trojan Virus Android.Bankosy Intercepts One-Time Passwords
We store a lot of important information in the network: personal correspondence, photos, documents. For the most part, these are spiritual values – precious memories and the fruits of hours-long labor. But the Internet also stores rather concrete financial ‘matters’: our money. Today many people use online banking, as it is convenient to transfer funds, to pay for the services, and to control your accounts online. It is no wonder that the fraudsters of all sorts pay special attention to the bank online resources and tirelessly attack them, constantly coming up with something new. Not so long ago, a new version of the mobile trojan called Android.Bankosy was discovered. What is dangerous in the trojan virus Android.Banksy This virus intercepts one-time passwords used in banking applications for two-factor authentication (2FA). A temporary OTP passwords used for the two-step authentication of the user are often sent via the text messages. Earlier, different versions of the banking trojan viruses, with Android.Bankosy being among them, have learned to intercept the authentication code sent this way. In response to this threat, the cyber security specialists have developed and introduced systems that send one-time passwords via voice calls from the bank. It seems that a reliable data protection was ensured. But as it has turned out even an advanced one-time passwords delivery means are not a barrier for hackers. The creators of the mobile trojan virus Android.Bankosy taught it to overcome this new type of protection. The current version of this virus is capable of intercepting calls from the bank server. Moreover, Android.Bankosy can turn off the sound on your phone, and lock the device’s screen if there is a call from the bank number. Thus, the client even won’t find out he received a code, and the fraudsters will carry out further actions on the account on behalf of the client. How to protect data from the banking trojan Android.Bankosy What can a regular user of online banking oppose to the hackers armed with the most modern tools? As is known, the best tools are usually the simplest. But sometimes we either forget or are too lazy to use them. Perhaps, considering them not effective enough. But they work. And work quite reliably. Keep your smartphone secure from viruses. To get the control over the victim’s phone, the trojan virus should, first of all, penetrate in it. This can be done in a standard for all viruses way: as part of a harmless and even useful application. The official stores carefully control their software. The applications they offer are rarely infected with viruses. Thus, we must resist the temptation, and do not download programs from the doubtful websites. This is especially true for the charged software. Do not forget about free cheese in a mousetrap. If you install the virus like the Android.Bankosy on your gadget, you can lose a lot more money than you need to buy the app you liked. Use strong authentication. The example of the virus Android.Bankosy proves that even 2-factor authentication cannot always protect you from the intruders. Indeed, the familiar methods of obtaining OTP passwords via text messages (and even voice calls) are not completely reliable. That happens because modern hackers are able to get into the mobile phone network and transfer the call in the desired...
read moreNew Vulnerability of the LastPass Unveiled
Any active Internet user has many accounts on different websites. And each of them requires a username and password. Since it is impossible to keep everything in your head, a regular user usually writes them on a piece of paper. And puts it somewhere not far from the computer (we have already written why it is not recommended to do so here). An advanced user, in turn, uses password managers to store this information. But, even the best password manager sometimes cannot prevent accounts from being hacked. Let’s recall, for example, how the world community was stirred up by the news about the vulnerability of the KeePass password manager. Recently, another popular password manager LastPass has found itself in the center of the scandalous online chronicles. Moreover, it is not the first failure of the LastPass. It was hacked last summer, and as early as in November 2015 few bugs have been found in it again. This time, the analyst Sean Cassidy created a tool, which he jokingly called the ‘LostPass’. This tool under the guise of the LastPass allows collecting passwords in the automatic phishing attack mode. The essence of the LastPass vulnerability Ironically, a ‘disservice’ is the desire of the software developers to make a communication session between the user and the Internet resource more secure. The thing is that the LastPass requires the user to re-enter the password several times during the session. This is where a loophole for the hackers hides. It turned out that at this moment it is possible to palm off a phishing page for re-authorization. This page looks like the real one with almost no differences in the address. Once the unsuspecting user enters his email and password, all his confidential information stored in LastPass becomes available for fraudsters. The worst thing is that the hackers get not only one password but all the data the password manager stores! So far, the LostPass operates only in the Chrome browser. But Cassidy is working hard to prove that the same tool can be made for the Firefox as well. Of course, the LastPass developers will make changes to the code and patch up the gaps found in the safety of their product. But what should the users do now? While the protection level of password managers isn’t 100% reliable yet. And is there any guarantee that some vulnerabilities won’t pop up in the future? The author of the tools himself recommends using the LastPass app instead of the browser extension. It deprives the hackers of the possibility to use the phishing page. But this method is quite time-consuming and inconvenient. The user needs to copy all passwords from the LastPass web page, and enter them manually. Maybe 2FA (two-factor authentication) can protect users from the new threat? Alas, Cassidy argues that one-time passwords can also be intercepted with the help of his tool. But, apparently, the researcher means the traditional version of 2FA with OTP passwords delivered to the user via text messages or emails. After all, there is nothing to be afraid of if to use the hardware or software tokens. They generate OTP passwords for two-factor authentication offline. Moreover, if the token supports the data signature function CWYS (Confirm What You See), it becomes even more reliable. CWYS function allows taking into account certain...
read moreThe Worst Passwords of 2015
It is not a secret that the Internet users tend to choose weak and unreliable passwords. And even more! People use this weak password in almost all their accounts. And the list of the worst passwords of 2015, which was recently published by SplashData, proves that all the efforts to convince people of the importance of using strong passwords were vain. For several years, the palm belongs to the notorious “123456” and “password”. Such loved by many key sequences as “qwerty”, “12345678“, and “1234567” didn’t lose their ground and even made some progress, becoming more popular. Moreover, there is a new variation – “qwertyuiop“. A popular password containing both letters and numbers “pasword1” was extruded with “passw0rd“, which not a bit more reliable than the first one. It is interesting that the popularity of a new episode of the cult saga “Star Wars” caused the appearance of the new group of popular passwords. The list of 25 worst passwords of 2015 includes such words as “princess“, “solo” and “starwars“. The list of 25 worst passwords of 2015 was formed after the analysis of more than two million passwords that appeared in the public access as a result of various leaks and hacker attacks during the year. The list of all the passwords is presented below. Remember, all these passwords are not secure. Here you can read how to choose a strong password, which will be easy to remember, but difficult for a hacker to guess or to pick up. But any password, whether weak or reliable, should not be the only obstacle to the intruder to your confidential data. Your account should be protected from cracking with two-factor authentication and one-time passwords. Here is an article on the principles of the two-factor authentication work and one-time passwords generation. The worst passwords of...
read more