Ransomware are malicious code designed to block access to a computer system, executes a crypto-virology attack that adversely affects files until a sum of money is remunerated. They act like a hostage kidnapper, makes you pay a ransom cash towards freeing the system back. The average ransom demanded today is about 500$ to 1000$. Most ransomware either restrict the application access of the legitimate user or are of encrypting type. Ransomware hackers demand payment mostly is the form of bitcoins, ensuring anonymity.
Malvertising or Malicious advertising is a technique which uses ads to spread malware. Instead of tricking users to visit malicious website, malvertising uses advertising networks to distribute malware in trustworthy websites. The distributed malware can be a spyware, ransomware, anything that can benefit the attacker.
Malware + Advertising (Malvertising) acts as a carrier for cyber criminals to open up a covert channel to launch an attack on the system. It always targets popular websites, where the traffic is high because these high trafficked websites often outsource the advertising space to ad sellers (ad networks). Advertisers bid for ad space in popular websites and the ad sellers serves the winners in bidding process with the space.
Malware is short for Malicious softWare, which is designed to damage or even disrupt the computer. The array of malware ranges from spyware to key loggers; some are for financial malware and includes ransomware. Protection against Malware is ‘anti-malware’ products in the simplistic terms, and there we have it. Not much of an article though is it!! So let’s dig deeper into the subject mobile malware prevention.
Vendors such as Sophos, Trend, MacAfee, Symantec or Kaspersky give deeper ways into the prevention. Equally, the ‘User’ must use common sense and it’s down to ‘ownership’ of the problem.
To precise, in 2015 Kaspersky identified the following:
Kidnapping for money is something common in various parts of the world today. In Cyber Security too, we are facing this in the form of Ransomware, a new way of kidnapping and some people call this as Digital kidnapping. Here the Cyber criminals kidnap our valuable data and hold them as a hostage. Think about a situation where an organization’s entire system is held as hostage by an outside party and are unwilling to release it until a ransom is paid. Not only valuable data, in this IoT era where we use Smart TV’s, smart watches, smart fridges, and we already witnessed car hacks, a cyber criminal can hack those and ask ransom to get it back. Imagine a situation where you are driving a car and a criminal gets your vehicle control and asks for ransom to give you back the vehicle control. Day by day, we are hearing a lot of ransomware stories, most of them targeting health care organizations.
The recent Malware attacks on banks, financial institutions, and payment processors are a validation of the increasing technical expertise of cyber-criminals and their ability to cause significant damage while orchestrating remotely. From mobile malware to banking Trojans, and point-of-sale (POS) and retail breaches, the threat landscape continues to evolve. According to anti-malware product vendors, the average time to resolve a malware attack ranges from 18-26 days, resulting huge business down-time. In addition, the average cost of cleanup, cost of investigation, increased manifold. The two reasons for this pathetic situation are:
These days we hear lot about Advanced Persistent Threat (APT) mitigation techniques and the solutions that could protect us from Zero Day Attacks. Last couple of years the main focus was on Sandboxing solutions. We normally place firewall, IPS/IDS, HIPS, Antivirus solutions as a part of Defence in Depth principle. The limitation in this is most IPS/IDS, HIPS or Antivirus solutions detect and block known malwares as most of them are signature based security solutions. If they don’t have a corresponding signature, then the attack will go unnoticed and will result in exploiting vulnerabilities. I always believe in a principle – Prevention is better than cure.
Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.
Mobile devices are the least of your worries in a mobile network: Windows PCs are responsible for 80% of all malware infections on today's mobile infrastructure, new data shows.
Alcatel-Lucent's Motive Security Labs this week published its findings from the first half of 2015, showing that the overall infection rate for mobile devices had declined from 0.68% to 0.50% from January to April of this year. Then it spiked to 0.75% in late June, thanks in part to the main source of malware on a mobile network -- Windows PCs tethered to mobile WiFi devices, hotspots, and smartphones getting hit mainly with malicious adware.
As per Researchers from Dr. Web an antivirus firm, a malware is designed to infect point-of-sale (PoS) terminals and capable of intercepting GET and POST requests sent from Web browsers on infected machines.The Trojan can modify the registry branch in charge with autorun on the infected PoS terminals, it can also check the device’s RAM for credit card information,steal data from the Microsoft Mail application, as well as FTP login credentials.
Also Dr.Web explains that the commands supported by the Trojan include CMD (forward the command to the interpreter - cmd.exe), UPDATE, FIND (search for documents using a mask), DDoS (mount an HTTP Flood attack), and rate (set a time interval for communication with the command and control server).This Trojan borrows code from previously discovered Dexter malware that targets PoS terminals, while its architecture looks similar to that of Neutrino, though it is rather a downsized version of the latter.