Industry News Recap: Android Malware Targets Activists

By | March 28th, 2013|Uncategorized|

android_malwareThis week, Kaspersky Lab discovered the first-known targeted attack to use Android malware, which targeted Tibetan activists and other ethnic groups in China. “The malware [used] a combination of e-mail hacking, ‘spear phishing’ and a Trojan built specifically for Android smartphones,” said Ars Technica.

Mashable said that the malware was “sent as an attachment in an email referencing the recent World Uyghur Conference (WUC), where human rights activists from Tibet, China, East Turkestan and Mongolia gathered.” Once installed, the app notifies the server of the successful infection and starts harvesting personal information such as contacts, SMS messages, physical data and other info from the victim’s phone.

InformationWeek reported that Kaspersky Lab researchers had not seen targeted attacks against mobile phones until now but had seen indications that they were in development. Typically, cyber attacks against activist groups have focused on infecting computers rather than smartphones.

With mobile technology constantly evolving, are you concerned about hackers targeting you or your employees through smartphones? Let us know what you think in the comments section below or on Twitter and Facebook. Also, be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: Old School Malware Cyberattack

By | March 1st, 2013|Uncategorized|

adobe_updateThis past week, researchers at Kaspersky Lab and CrySys Lab uncovered a new strain of malware dubbed “MiniDuke.” This form of malware appears to combine old school techniques with more modern options to target government entities and institutions around the world. Hackers targeted dozens of computer systems at government agencies across Europe through a flaw in Adobe Systems software.

PC Mag reported that “it attacks via infected PDFs, which are emailed to specific targets with highly relevant subject lines….Once people opened the infected PDFs, MiniDuke attacked Adobe Reader versions 9, 10, and 11, bypassing its sandbox.

According to InformationWeek, once the attacker sends the malicious PDF documents to victims, the infected PCs use Twitter to install malware that can copy and delete files. “To compromise the victims, the attackers used extremely effective social engineering techniques which involved sending malicious PDF documents to their targets,” according to an overview of MiniDuke published by Kaspersky Lab. “The PDFs were highly relevant and well-crafted content that fabricated human rights seminar information and Ukraine’s foreign policy and NATO membership plans.”

We expect this new strain of “old school” malware to increase, so stay tuned. What do you think about the rise of malware? Let us know in the comments section below or on Twitter and Facebook. Also, be sure to check out our Tumblr page for the latest industry news stories.

Malware Threats to be Aware of in 2013

By | November 29th, 2012|Uncategorized|

As we mentioned in our last blog post, malware is surging. According to McAfee, mobile malware grew two-fold last quarter, and Kaspersky found that there has been rapid growth in the number of malware programs targeting Android devices specifically. Most notably, McAfee says there was a 23% increase in new types of malware last quarter – the fastest growth rate in four years.

New strains of malware means new security concerns, new problems to solve and new solutions to develop. Here are three types of malware that have grown tremendously in 2012 and will see additional growth in the coming year.

Symantec has found at least 16 different variants of ransomware developed by competing malware gangs. This type of malware holds your computer hostage by disabling it and demanding payment as high as $200 to restore the machine, often under the guise of law enforcement. Many victims end up paying the ransom, allowing cybercriminals to extort upwards of $5 million. If you come across ransomware, don’t pay up. Instead, initiate a security scan on your machine to remove the Trojan. We recommend checking out the guide from Decoded Science. 

SMS Trojans
According to Kaspersky, 57% of smartphone malware in 2012 was made up of SMS Trojans. This type of malware infects mobile phones and sends SMS messages to others, automatically charging fees upon the receipt of the messages. Android operating systems have been prime targets for this type of malware. Some strains of SMS Trojans even disguise themselves as popular apps like Angry Birds or Instagram.

This is mobile adware. It makes its way onto mobile devices when users download an infected app. It sends pop-up alerts, changes browser settings and collects personal information from your device. Symantec says that the number of apps infected with madware increased by 210% throughout 2012 and will continue to grow in 2013.


Three Security Trends That Will Shape 2013

By | November 16th, 2012|Uncategorized|

This week Symantec announced their “Top 5 Security Predictions for 2013.” The company listed some interesting trends and the article definitely warrants a read-through.  This list also got us thinking about our own predictions for 2013. Here are a few we see happening: 

Your email address and password will become more valuable to identity thieves. Think your social security number is your most coveted identity asset? Think again. While the monetary value of all data is going down because of an increased amount of data in the black market, emails and passwords have an increasingly higher value to identity thieves. Login credentials can give identity thieves access to an ever-increasing range of valuable (and profitable) websites  – online banking, Amazon, PayPal, eBay. At the end of the day, it is a lot easier to log into someone’s account and take it over than it is to establish a new identity and credit with a stolen social security number. 

Malware will be front and center in 2013. We mostly think of malware as the virus you download when you click on a bad link. Unfortunately, malware is becoming more malicious than this. Two proof points: ransomware and drive-by-malware. With ransomware, a thief takes control of your computer system, blocking access until a “ransom” is paid. With drive-by-malware, you no longer have to click on a link to download a virus – you just have a visit a webpage. We’ll see more of this high-stakes malware in 2013.

It’s not all doom and gloom.  There are some incredible things on the horizon that will help protect against identity theft. As identity theft risks and consequences rise, businesses are starting to take notice and take action. We are going to start seeing some pretty cool technology like voice biometrics and location-based authentication serve as a method of authentication. Companies are also getting better at monitoring for stolen data by alerting consumers before the data can be sold or used by identity thieves. In time, we may not even use email addresses and passwords to log into accounts.

SXSW 2013 Panel Picker – Vote for CSID!

By | August 16th, 2012|Uncategorized|

It’s that time again… to vote for CSID for SXSW 2013!

The 2013 SXSW Interactive Festival will bring together professionals from all over the world, including technology and security enthusiasts, and CSID is excited for the chance to take part. We need your help to keep our panels in the running!

All you have to do is sign up on the SXSW Panel Picker website and vote for CSID’s four panels by August 31st. Check out our panel proposals:

  • Malware Matures: From PC to Catastrophe – It’s a mad, malware-filled world out there. This panel of security and IT experts will look at how malware works, the growth and evolution of malware over the years and what we can expect from it in the future, including the rise of malware on mobile devices.
  • When Hacking Passwords is as Easy as 123456 – Encrypt, hash or salt? This panel will discuss what’s new in password protection from the latest tools hackers have for cracking encryptions to what’s next for user authentication.
  • Your Data is Showing: What’s Next in Protection – Here comes the next wave of identity protection technology, which includes earlier warnings that your information or your business systems may be compromised, minimizing the impact on you and your business. Get a glimpse of the technologies that may be protecting you and your business tomorrow.
  • Uncle Sam May Soon Be Protecting Your Identity – Get insights on how the government and private sectors have partnered together to create the NSTIC (National Strategy for Trusted Identities in Cyberspace) to develop technology standards and policies to protect us online.

Get your vote on! And, once you vote, be sure to share on Facebook and Twitter.

Load More Posts