Blog Feed
Mobile Banking Trojan Acecard – All You Need to Know About a New Threat
The smartphone has a wide range of functions. Despite its main feature of being a phone, this gadget allows you to listen to the music, read, surf the Internet, pay bills, work with documents, etc. A huge part of personal and business life of our contemporaries is tied to this smart device. Realizing this, the hackers began to concentrate their efforts on creating mobile malware programs. Many of them have already been discovered: Android.Bankosy, Asacub, Facetoken… Yet, we haven’t seen such a powerful and multi-functional mobile banking Trojan as the Acecard. Though, Acecard didn’t become so strong in a moment. The first “harmless” version of this virus appeared in early 2014. At that time, it did not perform any harmful actions. It just infected the smartphones – absolutely inconspicuously for the users. It took one and a half years for the Acecard to turn into a full-fledged threat. After growing in strength in May 2015, Trojan took to serious attacks. Today, it has about 10 types, each of which is strong and dangerous. Acecard actions are not localized in one country. It has already been spotted in Germany, France, Australia, Russia, and Austria. Mobile banking Trojan Acecard can imitate over 50 applications of banks and payment systems, chat rooms (including Viber, WhatsApp, Skype), PayPal and Gmail. Some experts name the Acecard the most serious today’s threat to mobile data protection. And this opinion appeared not without the reason. The mobile banking Trojan Acecard is able to bring a smartphone owner a lot of troubles in many different areas. Its main “specialization” is phishing – the substitution of different sites and services. The range of the websites and apps it can substitute is wide. Over 50 financial applications of banks and payment systems, chat rooms (including Viber, WhatsApp, and Skype), and even such “monsters” as PayPal and Gmail, where data protection has always been considered a strong point. Besides, the virus can steal any information – from the SMS to the credit cards data. It can redirect the calls, “replace” a bunch of applications and even install new ones (for example, cryptowares) on the infected device. The mobile banking Trojan Acecard may also block the window of any application itself and demand a ransom for returning functionality to the smartphone. The virus can steal any information – from the SMS to the credit cards data. It can redirect the calls, “replace” a bunch of applications and even install new ones (for example, cryptowares) on the infected device. Usually, Trojan viruses are sent in the form of phishing emails or spam. Acecard differs even here: it can disguise itself as the important system applications. Not so long ago it put on a mask of the Adobe Flash Player. Regular users who are not IT-specialists didn’t know the production of this player for Android was stopped in 2012 and the hackers took advantage of it. As a result, those who have downloaded the fake Flash Player on the smartphone received a mobile banking Trojan and a player icon on the desktop instead. How to protect yourself against the Acecard If the Acecard has already infected the device, it is difficult to do something with it. The only thing you can do to protect yourself against this mobile banking Trojan is simply to prevent the infection. You...
read moreThe Most Prominent Data Leaks of 2015
In 2015, we faced many ambitious and controversial data leaks. Thus, we can mace a conclusion: hackers are becoming more sophisticated while users are still imprudent and careless. The recollection of the most striking cases of information security breaches can help us to understand the most common ways of data leaks. As well as how to organize our data protection systems to avoid material and reputation losses. Large-scale data leaks The hack of the insurance giant Anthem is an indisputable leader of 2015. The personal data of almost 80 million people has been compromised during this information security breach. The hackers stole the names, addresses, dates of birth, and social security card numbers of the Anthem’s users. Yet, hackers failed to get medical information and credit card numbers. Twitter‘s shares have fallen in price by 18% since the financial activities of the company has been published in open access ahead of time. In monetary terms, the company’s losses amounted to 5 billion dollars. High officials are on the first cast Senior government officials appeared in the most high-profile reports on data leaks. The interest in this category of users is clear. But not always the personal data leakages are caused by the hackers. Here are a few examples: The passport data of almost all (164 of 170) members of the Russian Federation Council were stolen and released. But in this case, not the fact of the data leak but the reaction of the victims is notable. One of the senators said, that it is … unpleasant, but it can be explained in the information age. A brother of the former US President Jeb Bush has published on his website about 300 thousand letters the voters sent him. But by mistake together with the letters, the politicians’ staff has also published the personal data of the authors of these letters, including their social security numbers. Hackers are to blame for the data breach in the United States Office of Personnel Management. They compromised 4 million accounts of the current and former state employees. Since the organization handles the selection of the staff for various ministries and departments, the data leak caused a grave scandal. As it turned out while holding the post of the Secretary of State, Hillary Clinton, the former Secretary of State, President’s wife, and a Presidential candidate (all in one), used an unprotected email account for official correspondence and it was finally hacked. Now, when Mrs. Clinton is running for the presidency, this fact can significantly reduce her chances. The US state officials are obliged to use only a secure official mail to prevent data breaches. It is unlikely that the neglect of the legislation will add awards to the candidate. Indian high-ranking officials from the Ministry of Finance (one of whom was the Deputy Minister) also distinguished themselves in 2015. They have stolen the foreign capital investment plans for the Indian economy and tried to sell them for half a million dollars. But finally, they were seized along with their intermediaries. Why do we pay spies? The protection against the data leaks will not work unless the duty-bound people who own this or that information stop boasting it in social networks. Here, hacks and breaches are of no need: the secrets are divulged for free. South...
read moreTwo-Factor Authentication in Cloud Security
Today, cloud services are incredibly popular both among users who store their personal data there and among the companies that use cloud services for a successful business. We shouldn’t underestimate the importance of the cloud, as a means to store the employees’ personal data and the necessary corporate information, which is available to an employee at any time and at any place. But we shouldn’t forget about cloud security because cloud services are not only convenient but also quite risky. Cloud Security – the main risks Clouds services are real “tidbits” for the hackers since they store large amounts of data. If cloud security solutions turn out to be not enough reliable and the users’ data are compromised, not only the users will suffer, but the providers of the cloud services as well since their reputation will be endangered. Unfortunately, today new and new vulnerabilities are being found in the cloud services. Recently one of the experts in the information security has posted an article on the Virtual-Strategy Magazine website saying he has discovered a shocking fact – a brand new server, hosted on Azure or Amazon Web Services, can be hacked in 30 minutes with the automated attack scripts that are capable of finding the smallest vulnerabilities in the cloud security system. This ultimately makes it possible to further use the server for malicious acts, for example, to spread malware. The attackers are constantly looking for the new ways to hack and use every available resource. Thus, to protect information in the cloud, both providers and users should unite their efforts. Reject simple passwords, regularly correct errors and use multi-factor authentication – a functional and reliable data protection system. Strong authentication as an indispensable element of the cloud security Strong authentication is the multi-factor authentication that uses two or more factors during user authentication in the cloud. When using this authentication method to log in, the user must take two following steps: Enter the login and password (the knowledge factor). Confirm his identity with an OTP (one-time password), generated with the help of an OTP token, a special smartphone application or sent through SMS, Push message or in an e-mail (the ownership factor). To understand the importance of the two-factor authentication to cloud security, let’s imagine the worst course of events. Having hacked an administrator password and gained an access to your server, the fraudster manages any information stored in the cloud in his own discretion. The attacker will probably play hard – change the passwords, publish corporate confidential information on the network, copy user’s personal data, or vice versa delete all the information you need and all the backups. And after all, he can even extort money from you if you want to regain an access to your server. A frightening prospect, isn’t it? We do not know what kind of scenario the hacker may choose. The only clear thing is that there is no limit to attackers’ flight of fancy. Conclusions To protect the users of cloud services from hacking tricks, we must restrict access to the admin panel by IP address, as well as use complex passwords and two- or multi-factor authentication. The owners of the cloud services should also make sure that their clients have an opportunity to implement a reliable system of server protection or...
read moreRansomware Virus Paralyzed the Hospital Work Once Again on Healthcare Information Security
The more computer technologies pervade all areas of human life, the more important the user data protection becomes. Earlier the hackers could only steal your e-mail address to send the spam messages from it. But today the World Wide Web stores much more comprehensive information about all us. You even don’t need to share this information on the Internet for hackers to get it. It is enough to open a bank account, or seek medical help. It is the healthcare information security that recently has been growing concern among cybersecurity experts. After all, as we have already written here, the information from the electronic medical records is enough for the full identity theft. The personal information security in healthcare organizations is still in its infancy. The recent accident with the Hollywood Presbyterian Medical Center confirmed that even large treatment centers can be paralyzed with the hackers attack. In early February, the cyber criminals hacked the Hollywood Presbyterian Medical Center. All the computers were infected with a ransomware virus that blocked their work. The medical data were encrypted, and the computer-based medical equipment ceased operating. The health and life of more than 400 inpatients were under the threat. The administration had to transfer them to other hospitals while the staff had to use the good old piece of paper and a pen to register the information. As it turned out the attack was not even targeted. The security system of the medical center appeared to be so imperfect that it was just an accidental attack. One affected computer quickly spread the virus to the others via a local hospital network. Being quick on the uptake, the owners of the virus demanded a ransom of $3.6 million. After 10 days, the administration decided to pay the extortionists to regain access to the medical records. But, it paid a much smaller sum than the hackers initially wanted: 40 Bitcoins (about 17 thousand dollars). Due to a special danger of this incident, it was investigated not by the local police, but the FBI and a forensics team that specialized in cybercrime. But, according to the recent data, they have failed to track down the fraudsters. This case is not the first example of hacking the medical institutions. Within the same year close to 80 million customers of one of the largest US insurance companies Anthem fell prey to hackers. There were others, less notable, but also unpleasant incidents. What conclusions can be made? The conclusion is obvious – it is time for every medical institution not just to think about strengthening their healthcare information security systems, but to start taking actions. It is quite difficult to get protected from the ransomware viruses. In this case, the only thing that can help is instructing the personnel on the rules of information security in healthcare. But we should not forget about other types of attacks the health centers are exposed to day after day. In 2015, hackers managed to get the data of more than 100 million customers of medical institutions. The number is impressive! Perhaps this would not have happened were the fundamental rules of the healthcare information security followed. One of them is to use two-factor authentication to protect the confidential information. A common belief that it is hard to use such data protection...
read moreHackers Are Adopting Espionage Techniques
A year ago, a prominent hacker group Carbanak became famous for being the first to break into the banking system with the help of the methods previously used only by hackers engaged in cyber espionage for the governments of different countries. Carbanak adapted these techniques to attack financial institutions (in most cases banks). And the security systems of these institutions succumbed under the pressure of new hacking techniques. An important feature of Carbanak attacks is the use of legal software. This minimizes the risk of attack detection by antivirus programs. Besides, it saves time on the development of special hacking software. Carbanak hackers robbed hundreds of financial institutions in 30 countries around the world. They stole millions of dollars. Such strong authentication tools as one-time passwords and PIN-codes, which are used to protect the money and data from being stolen, failed to stop the fraudsters. Hackers used a direct access to the bank systems which make money transactions. And thus, they had no need in OTP passwords. This example was contagious. And not so long ago, two other similar groups have showed up – GCMAN and Metel. Their attacks in the majority of cases aimed at Russian financial institutions. In both cases, the hacking attacks started with the targeted phishing emails deliveries. The phishing emails contained RAR-archives, which penetrated the banking systems after being opened. When the hackers took control over the processing systems of the banks, the further action scenario of the groups was different. In the case of Metel, the main trick was to cancel the transaction after withdrawing cash at ATMs. Thus, the balance on the debit cards of the victims did not change. They discovered the loss of money only when hackers have already curtailed their activities. One these operations gave an opportunity to steal several million rubles. GCMAN worked in a different manner. They used cron for their attacks. Cron software is legal and allows starting the user programs in Unix OS at a specified time. Thus, the hackers used the cron-script to continually withdraw $200 from infected users’ bank accounts. $200 is the limit for anonymous transactions in Russian banks. Later, the hackers transferred money to the encrypted accounts of ‘money mules’. These are the people hired specially for cashing the stolen money. If hackers can overcome such strong bank security systems in such a deft manner, is there any way to stop them? Of course, the cyber-security services can strengthen the security of the servers and databases. They can use the newest software and hardware equipment. But, the experience has proven that these are only temporary measures. As the saying goes “It is easier to pull down than to build.” Sooner or later the hackers will find a way to bypass the most sophisticated technical barriers. Thus, these methods are not enough for reliable protection. Let’s think, how does any hack begin? The fraudsters need to get access to only one computer of an aimed company. And it is quite impossible to do this without a human interference. An employee installs a file, follows a link and opens an attachment with the spyware. Thus, teaching the employees the information security rules is one of the most important data protection measures. It can prevent you or your employees from swallowing the cyber fraudsters’...
read moreTwo-Step Authentication Is Already in Instagram
Few days ago it became known that Instagram starts rolling out two-factor authentication. At first, a beta version of 2FA was tested by a small number of selected users. But now two-step authentication becomes available to everyone. But what is the most surprising about this news is that the popular social network has moved to it so slowly. After all, two-factor authentication has long been an integral part of data protection of all its ‘colleagues’ – Facebook, Twitter, LinkedIn, etc. Why does Instagram need two-step authentication? Instagram has many accounts, which bring their owners a lot of money. Often, the income from these accounts can be compared with a full-fledged business. For many celebrities, it is one of the most important channels of communication with their fans. For many companies, Instagram is one of the key platforms for advertising and looking for potential customers. Imagine how upset Taylor Swift will be if her account with more than 67.9 million followers gets hacked. The accounts with a large number of followers have been hacked more than once. And every time it harmed the owner’s reputation and income. Thus, 2-factor authentication with the help of one-time passwords can be a real way out for those users who have an extreme need for data protection. How does two-factor authentication on Instagram work? At this moment, the OTP (one-time passwords) on Instagram are delivered only via SMS. But, frankly speaking, this way of one-time passwords delivery is a thing of the past. Modern two-step authentication technologies offer a much more convenient and reliable way to confirm the user’s rights to log in. The two-step authentication can be performed either by biometric methods or tokens – one-time password generators. The first method is faster and easier, and the second is much better immune to the influence of random (and non-random) factors. Many people think that tokens are necessarily the separate and expensive devices more suitable for data protection of the bank or office accounts. But there is another kind of tokens that are secure, easy-to-use and free of charge. The best solution for Instagram, where people usually log in from the smartphones, is a software token, which is installed on the same device. Many have heard of Google Authenticator, but it is not the only possible type of the software tokens. Protectimus has created an application that surpasses a software OTP token from Google. We are talking about Protectimus Smart application for Android/iOS smartphones. The benefits of Protectimus Smart OTP token This application, as well as its hardware ‘brothers’, is PIN-protected. So, even if the smartphone is lost or stolen, the thieves won’t be able to use Protectimus Smart for getting access to the account protected with it. The application can be connected with the Android Wear smartwatch. This facilitates and simplifies the process of one-time passwords generation. Thus, two-step authentication becomes more convenient. The company has thought trough even such details as the visual representation of the generated OTP password. Unlike Google Authenticator and most other software tokens the numbers here are divided into short groups that eases their entry. The application allows using different one-time passwords generation algorithms. Time-based (TOTP), event-based (HOTP), and ‘challenge-response’ (OCRA). Of course, the service for sharing pictures is not a banking institution. There is no need for strong authentication...
read moreWhy is healthcare data security so important?
Health is the main value of every person. But we start understanding it only when there is a threat to lose it. The reason for the latter may be not only bad habits or accidents but also viruses. Both common flu, and … computer viruses. Since we started to use electronic medical records healthcare data security became one of the most important aspects of data protection. Let’s find out why. In recent years, the hackers’ interest in the electronic medical records has increased sharply. At the black market, this kind of information is much more valuable than the credit card numbers and bank account passwords. The trend may be surprising, but if you think about it, the reasons are quite obvious. After all, the data in the electronic medical records contain: patients’ names, their dates of birth; addresses (postal and electronic); phone numbers; places of work and positions; IDs, card numbers, medical and social insurance. This information can be used for complete identity theft, rather than just for a one-time bank account hack. Another important reason is a weak patients’ data protection in medical institutions. Both banks and other financial institutions have already created a strong system of data protection. Two-factor authentication has become a ubiquitous standard for banks. The clients of the banks can get access to the information only after entering the OTP (one-time password). But the public health associations, on the contrary, have not paid attention to the health data security measures for a long time and thus became an easy prey for the hackers. How the fraudsters use stolen electronic medical records In addition to the identity theft, which was mentioned above, there are other ways to use the information contained in electronic medical records. Among them, there are three specific ways to use this certain type of information. Receiving medical care at the expense of others. Some treatments can be expensive and, thus, physician services, received by the fraudsters, can damage a victim’s financial well-being. Machinations with medicines. Hackers, who have a good health and don’t need treatment, can get a good income ordering some expensive drugs on behalf of a legitimate medical cardholder with the aim to resale them. Conspiracy with clinic employees. If criminals manage to get in touch with an unscrupulous clinic, an insurance company may be billed for services that have never been rendered, and the money will be divided between the clinic and fraudsters. Why the medical records hacks are dangerous Medical data hacks may result in not only material losses but also endanger the health and lives of people whose information was stolen. After all, fraud actions (receiving of medical services, purchase of medicines) get into the real clinical history of the patient. And, in case the real owner needs urgent help, physicians will be misled by incorrect information, which has no relation to the patient. For example, a person may have an allergic reaction to some drugs, but it won’t be specified in the electronic medical records because of the fraudster’s intervention. We should keep in mind that although you can easily lock and subsequently change bank accounts and cards, it is completely impossible to get back the compromised and disclosed medical data. Healthcare data security tips Despite all the dangers healthcare data security encounters in the age of...
read moreProtectimus New OTP Tokens
The range of Protectimus OTP tokens is expanded with new hardware tokens for one-time passwords generation. Meet – Protectimus TWO and Protectimus SLIM mini. Protectimus TWO is a handy hardware token made in the form of a key fob. It works according to the TOTP algorithm. It is waterproof, and its battery life is up to 5 years. The main distinguishing feature of this token – is the possibility to select the time interval during which the one-time passwords will be valid – 30 or 60 seconds. Protectimus SLIM mini is a miniature modern TOTP token smart-card. This is the token of the new generation. It can be reflashed with the help of the NFC technology. Here you can also adjust the duration of the OTP passwords’ lifetime. With the help of a special application, you can view all the information about this token you need. OTP token Protectimus SLIM mini can be used to during the authentication in Google, Facebook, Twitter, Dropbox, and other popular resources. And its size is equal to half the size of an ordinary credit card, which is very convenient for the end user. On request, the tokens can be made in the colors of the client’s brand and with the client’s logo. For more information about these tokens and their prices, please, visit our website...
read moreComic stories #5
Announcement: 55-year-old woman, the mother of three coders, asks someone not so psycho to teach her Internet. Yesterday, electricity was switched off… I spent two hours without the Internet … I communicated with my family, they turned out to be pretty nice...
read moreInformation Security Trends 2016
Today, the computers and the internet are not only the toys to help people spend their free time. Above all, they are the most important work instruments. Their safety and effectiveness determine business success and prosperity of a large number of people. Thus, it is not surprising that today information security is the matter of interest to many. What are the main information security trends of 2016? What challenges should we cope with in future? What mistakes can be avoided and, most importantly, in what direction to develop further? Hackers hunt not only the big game In the view of the majority of people, the main hackers’ objectives are large multinational corporations and high-level government agencies, such as the Defense or Finance Ministries. In fact, these objects are usually very well protected. Getting into their system requires the highest level of skills. It is much easier and often more profitable for the hackers to pay attention to smaller structures. As a rule, they do not have enough funds to ensure information security. At the same time, the data, stored on their servers, is often not less important. Today hackers are strengthening their attacks on small businesses and, especially, healthcare institutions. If to think about it, you’ll understand that a registration office of the health center in the small town is a more attractive titbit than a bank database with the credit card numbers. The medical record of any person provides almost all the information about a patient. From his exact address and passport data to the same credit card and social security cards numbers. That’s why reliable data protection is necessary not only for financial institutions. In 2015, 3 of the 5 major leaks happened in the healthcare system enterprises. And it seems this trend will continue. The vulnerability of megalopolises A town-dweller depends on the benefits of civilization much stronger than a countryman. If there is a well in the yard, a water pipe accident will not scare a countryman. When the central heating is turned off he can always stoke a fireplace. And if the electricity is cut off – primitive candles are always in reserve. At the same time, life in a huge metropolis can be completely paralyzed with a failure of any part of the life support system. Thus, the cyber-attacks on the computer systems of large infrastructure objects are extremely dangerous and can become an attractive target for fraudsters of all suits. And, it is not about the material losses at all… The importance of the human factor Investing a lot of money into security does not guarantee a complete protection from all kinds of risks. A human factor also requires close attention. In a long-term fight with Trojans and bots the information security experts often forget that today hackers are armed not only with viruses but also with the latest achievements of social engineering. A focus on the software and hardware improvement is destined to failure. It is because not a tricky virus, but a careless clerk can do more harm to the business. And he will do it not on purpose, but out of ignorance. Thus, not only technical staff should be taught the basics of the information security. But also the cleaning personnel, secretaries, managers, etc. It is necessary to bring to the...
read more