" cyber-crime "

pattern_unlock

New Android Ransomware Changes Lock Screen PIN

Dubbed Android/Lockerpin.A, the new trojan app tricks users into granting it device administrator privileges. To achieve this it mimics a patch installation window on top of an activation notice. When victims click on the continue button, they actually grant the malicious app rights that allow it to make changes to the Android settings. Lockerpin the sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.

(more…)

oil-tanker

Panda Security Uncovers Ongoing Attack Against Oil Tankers

Panda Security has released “Operation Oil Tanker: The Phantom Menace”, a groundbreaking report that details a malicious and largely unknown targeted attack on oil tankers.

First discovered by Panda Security in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers.Despite having been comprised by this cyber-attack, which Panda has dubbed “The Phantom Menace”, none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.

“The Phantom Menace” is one of the most unique attacks that PandaLabs has ever discovered. No antivirus engine was able to detect it when first triggered, primarily because the attackers used legitimate tools in conjunction with a number of self-made scripts to bypass any warnings that traditional AV software would detect. It was only discovered when a secretary opened a nonspecific attachment to an email – a type of file that Panda Security would later identify among ten different companies in the oil and gas maritime transportation sector.

(more…)

Protect Yourself against the Growing Cyber-Crime Black Market

Global IT Vendor Panda Security has launched a campaign against the ever growing world of cyber-crime. The campaign aims to educate both businesses and home users about the dangers of cyber-crime, and the ways in which becoming a victim of its growth may be avoided.

“Cyber-crime preys on unsuspecting users”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “That’s why these campaigns are so important-they provide very necessary and useful information that may help many individuals and businesses avoid becoming victims.”

Trojans: The Tools of the Trade

The year 2003 saw the creation of the first banker Trojan. Since then, Trojans have become one of the most common types of malware, accounting for 71% of all threats, because they are the best tool for hackers and organisations involved in identity and detail theft. Every day, increasingly sophisticated variants emerge, designed to evade the security measures put in place by banks, online stores, pay platforms, etc. The reason for this rapid growth is clearly profit based.

How the Cyber-crime Black Market Works

Online mafias are highly organised and strategic with regards to their operations and deployment. Not only do they seem like real companies, they operate across the globe, throwing their nets wide.

The cyber-crime black market works in a two step process. Step one involves the creation of malware and it distribution to potential victims. The heads of the criminal organisations hire hackers and programmers to create malware like Trojans, bots and spam. This malware is then usually spread through email and social media sites like Facebook, YouTube, MySpace and Twitter. Once a victim has been caught in the trap, their confidential information is stolen and then stored for sale on a server.

In step two, the confidential data is sold on underground sites. The black market offers confidential personal data from as little as $2 but it can reach prices exceeding $700. Often, money is stolen directly from victims’ bank accounts. In this case, money mules are used to forward the stolen funds in exchange for commission. Sometimes these mules do not know that they are moving funds illegally until they are caught and used as scapegoats in the event of arrests being made. Finally, the stolen funds are transferred into the hands of the gang leaders through services like Western Union.

Panda’s Security Advice

While the spread of cyber-crime is increasing, there are a few precautions one can take to stave off becoming a victim.

Precautions such as memorising your passwords, instead of saving them on your PC can minimise your risk. Users are also advised to never give away personal information telephonically or on the internet if the company or website is unknown.

Closing all your browser sessions and working with just one at a time can also decrease your chance of being lured into a fake website.

Lastly, if you get any suspicious messages from the bank, an online store or a payment platform, contact the customer relations department from the company it was supposedly sent from. If this suspicious activity persists, or if you notice any unusual account transactions, do not hesitate to inform your bank.

“Cyber-crime is a scary reality but those who take the time to inform themselves and then take the necessary precautions advised on the mini-site should remain safe”, concludes Matthews.

The mini-site also includes a link to scan your personal or business PC for infections and is available at: http://cybercrime.pandasecurity.com/blackmarket/index.php

For more information about Panda, visit http://www.pandasecurity.com/.

Follow Panda SA on Facebook and Twitter

Top 10 Internet Security Threats and Trends for 2011

–      “Hacktivism” and cyber war: making the headlines in 2011

–      The growth rate of new malware is set to slow down

–      Social engineering and the use of social media to spread encrypted malware

–      More malware for Mac and for 64-bit systems, as well as zero-day exploits

Global IT vendor Panda Security has forecast that there will be few radical innovations in cyber-crime during 2011. “Hacktivism” and cyber-war; more profit-oriented malware, social media, social engineering and malicious codes with the ability to adapt to avoid detection will be the main protagonists in 2011. There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and new zero-day exploits.

Luis Corrons, Technical Director of PandaLabs explains: “Once again we have dusted off the crystal ball and this is a summary of what we reckon will be the ten major security trends during 2011”:

  1. Malware creation. Panda has seen a significant growth in the amount of malware in 2010, a constant theme over the last few years. This year, more than 20 million new strains have been created, more than in 2009. At present, Panda’s Collective Intelligence database stores a total of over 60 million classified threats. The actual rate of growth year-on-year however, appears to have peaked: some years ago it was over 100%. In 2010 it was 50%. We will have to wait and see what happens in 2011.
  2. Cyber war. Stuxnet and the Wikileaks cables suggesting the involvement of the Chinese government in the cyber-attacks on Google and other targets have marked a turning point in the history of these conflicts. In cyber-wars, as with other real-world conflicts today, there are no ranks of uniformed troops making it easy to distinguish between one side and another. This is like guerrilla warfare, where it is impossible to discern who is launching the attack or from where. The only thing it is possible to ascertain is the objective. Attacks such as these, albeit more or less sophisticated, are still ongoing, and will no doubt increase during 2011, although many of them will go unnoticed by the general public.
  3. Cyber-protests. Undoubtedly the major new issue in 2010. Cyber-protests, or hacktivism, are all the rage. This new movement was initiated by the Anonymous group and Operation Payback, targeting firstly organizations trying to close the net on Internet piracy, and later in support of Julian Assange, editor-in-chief of Wikileaks. Even users with limited technical know-how can join in the distributed denial of service attacks (DDoS) or spam campaigns. Despite hasty attempts in many countries to pass legislation to counter this type of activity, effectively by criminalizing it, we believe that in 2011 there will be yet more cyber-protests, organized by this group or others that will begin to emerge.
  4. Social engineering. Panda has seen the continued use of social engineering to infect unwary users. In particular, cyber-criminals have found social media sites to be their perfect working environment, as users are even more trusting than with other types of tools, such as email. Throughout 2010 Panda has witnessed various attacks that have used the two most popular social networks – Facebook and Twitter- as a launch pad. In 2011 we fully expect that not only will hackers continue to use these media, but that they will also be used more for distributed attacks. Moreover, BlackHat SEO attacks (indexing and positioning of fake websites in search engines) will also be widely employed throughout 2011, as always, taking advantage of hot topics to reach as many users as possible.
  5. Windows 7 influencing malware development. As we mentioned last year, it will take at least two years before we start to see the proliferation of threats designed specifically for Windows 7. In 2010 we have begun to see a shift in this direction, and we imagine that in 2011 we will continue to see new cases of malware targeting users of this new operating system.
  6. Cell phones. The eternal question: When will malware for cell phones really take off? It would seem that in 2011 there will be new attacks, but still not on a massive scale. Most of the existing threats target devices with Symbian, an operating system which is now on the wane. Of the emerging systems, Panda predicts that the number of threats for Android will increase considerably throughout the year, becoming the number one target for cyber-crooks.
  7. Tablets? The overwhelming dominance of iPad in this terrain will start to be challenged by new competitors entering the market. Nevertheless, save the odd proof-of-concept or experimental attack, we don’t believe that tablet PCs will become a major consideration for the criminal fraternity in 2007.
  8. Mac. Malware for Mac exists, and will continue to exist. And as the market share continues to grow, so the number of threats will grow accordingly. The biggest concern is the number of security holes affecting the Apple operating system. Let’s hope they get ‘patching’ as soon as possible, as hackers are well aware of the possibilities that such vulnerabilities offer for propagating malware.
  9. HTML5. What could come to replace Flash, HTML5, is the perfect target for many types of criminals. The fact it can be run by browsers without any plug-ins makes it even more attractive to find a security hole that can be exploited to attack users regardless of which browser they use. We will see the first attacks in the coming months.
  10. Highly dynamic and encrypted threats. This is something we have already seen over the last two years, and we fully expect this to increase in 2011. There is nothing new about profit-motivated malware, the use of social engineering or silent threats designed to operate without victims realizing. Yet in our anti-malware laboratory we are receiving more and more encrypted, stealth threats designed to connect to a server and update themselves before security companies can detect them. There are also more threats that target specific users, particularly companies, as information stolen from businesses will fetch a higher price on the black market.

“The overall picture is not improving” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “It is true that in 2010 we have seen several major arrests that have hit hard in the world of cyber-crime. Yet this is sadly insufficient when we consider the scale of what we are fighting against. Profits from this black market amount to thousands of millions of dollars, and many criminals operate with impunity thanks to the anonymity of the Internet and numerous legal loopholes”, he concludes.

For more information about Panda, visit http://www.pandasecurity.com/.

Follow us on Twitter: PandaSecurityZA and Facebook: Panda Security South Africa

10 tell-tale signs of PC infection

  • Does your computer talk to you? Can’t use the Internet? Have your files disappeared? You might be infected…

Users are often advised to use an antivirus to check if their systems are infected, but with the current cyber-crime scenario, this is simply not enough.

“It takes a least a basic grasp of security issues to work out if a computer is infected, and many first-time users have little or no idea” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “However, while many of today’s threats are specifically designed to go undetected, there are still some tell-tale signs if a system has been compromised.”

Global IT vendor Panda Security has produced a simple guide to the 10 most common symptoms of infection, to help users identify if their systems are at risk:

1. My computer speaks to me: There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection etc. This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus also known as “rogueware”.

2. My computer is running extremely slowly: This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.

3. Applications won’t start: How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. This could be another type of problem, but it’s a symptom that tells you that something is wrong.

4. I cannot connect to the Internet or it runs very slowly: Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it impossible to use the Internet.

5. When I connect to the Internet, all types of windows open or the browser displays pages I have not requested: This is certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation. 

6. Where have my files gone? Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information and to move documents from one place to another. If you find yourself in this situation, get help as quickly as possible.

 7. My antivirus has disappeared, my firewall is disabled: Another typical characteristic of many threats is that they disable security systems (antivirus, firewall, etc.) installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.

 8. My computer is speaking a strange language: If the language of certain applications changes, the screen appears back-to-front or strange insects start ‘eating’ the desktop; it is likely that you have an infected system.

 9. Library files for running games, programs, etc. have disappeared from my computer: Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.

10. My computer has gone mad… literally: If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own, your system is probably compromised by malware.

Panda advises all users, who have identified with one or more of the scenarios above, to look for alternative security applications to the one (if any) they have installed. Users don’t need to uninstall their existing application; but can simply use a free, online antivirus such as Panda ActiveScan. Alternatively, they can install an antivirus that is compatible with other engines, such as Panda Cloud Antivirus, which is also free.

“Getting a second opinion on the health of your PC could save your data, your privacy and in many cases, your money”, concludes Matthews.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.