Spotting and Protecting Against Malware: Adware and Malvertising

June. 12, 2020

3:00-4:00AM PST

The type of malware most commonly on the minds of tech-using individuals around the world is the computer virus, however, there are several variations of malware that can plague your device, network, server, etc. at any given time. Although the average user is highly unlikely to  encounter elite hackers that unleash the utmost technically-advanced malicious attacks, “run-of-the-mill, profit-generating malware, on the other hand, is rampant.“ For this reason, it is imperative to understand the characteristics of numerous kinds of malware so that you might be able to avoid data theft and destruction that might be left in their wake.

What is Adware?

Adware very well may be the variation of malware that the average user is most likely to face. To put it simply, adware is a type of malicious software that illegally slips into a user’s browsers and apps for the purpose of originating phony profits. Adware is quite similar to the pop-up ads of the past. However, while adware is a particular software that operates on a device, pop-ups ads are comprised of rogue web scripts that project ads onto a user’s device. And cyber-scammers have begun to utilize the nature of the widely held advertising revenue model to their advantage. By creating and putting more illegitimate ads onto the Internet, a larger quantity of eyeballs become likely to view such advertisements, which results in greater revenue placed in the pockets of these scammers. Although these ads were often obvious, conspicuous, and clumsy at their inception, most have evolved into more undistinguishable, refined, and stealthy versions of themselves over time.

 

Unfortunately, smartphones have become a near-perfect launching pad for the release of adware. This is due to the fact that scammers can disperse adware-tainted apps via smartphones via third-party app stores available to Android users. Moreover, these cyber-scammers can even leverage highly trusted app stores like the Google Play Store and Apple’s App Store by utilizing them to disseminated apps that are contaminated with adware. In doing so, such apps have the potential to land in the hands of millions of smartphone owners. These apps can distribute disingenuous ads onto these devices which either operate in the background or out in the open for the device owner to see. This is what separates adware from other forms of malware. Without necessitating the carrying out intricate cyber attacks, or even attempting to steal money from device owners, adware sneaks onto a device and causes mere inconvenience or slowed operating speed for the user. In doing so, the scammer behind the adware hopes to accumulate advertising revenue. And more often than not, adware supplies scammers with the greatest opportunity to generate profits. However, it is important to keep in mind that although adware may not pose an immediate danger to users, this type of malware effectively creates opportunities for future malicious activities that can put user data, networks, devices, etc. in jeopardy. Furthermore, it is not impossible for adware and other malicious software to be transmitted as a package deal, foretelling subsequent grave attacks.

Users can make an active effort to avoid adware by exclusively utilizing official app stores and downloading credible applications. Additionally, users should rid their phones of applications that they do not often use, as well as applications that regularly experience glitches or that are ad-heavy. Overall, since adware is the type of malicious software that smartphone users are most likely to run into, users should keep a consistent and vigilant eye out for it.

What is Malvertising?

An incredibly tough problem to address, malvertising is a type of malware that users often find most difficult to wrap their heads around entirely. Malvertising is the propagation of malicious code that lives within online advertisements, waiting for just the right moment to contaminate the device of an unknowing user. Malvertising has found success, in part, due to user’s seemingly unshaken trust in mainstream websites such as Youtube and Reuters. Individuals visiting these sites often do so with peace of mind founded in the credibility associated with such platforms, but malicious actors are taking advantage of this confidence in order to infect user devices, networks, etc. -- sometimes without a single click of a button -- via third-party content that typically goes unnoticed by the user. It isn’t enough to steer clear of sketchy websites because “mainstream, high-trafficked Web sites today outsource the ad content on their pages to a vast array of third-party ad networks, including household names like Google (DoubleClick) to start-up providers and others well under the radar.” When users utilize these mainstream sites, their device -- unbeknownst to most -- is, in fact, making connections with several additional URLs. The main purpose of this is to boost convenience and efficiency on the web, offering features like video files and more in-depth web interactions. However, this effectively opens the doors to malvertising attempts, rendering the credibility of sites almost entirely inconsequential. In fact, malvertising is oftentimes dependent on this credibility, as it makes it easier to attract unsuspecting users to other contaminated domain addresses.

Moreover, malicious attackers leveraging malvertising greatly benefit from their easily maintained anonymity. This is typically due to the fact that the operators of the sites that ultimately serve these harmful advertisements entirely lack visibility of such ads. To top it off, ads rotate from site to site at rapid speeds and can even be purchased with theft credentials and assets, making it increasingly difficult to identify the malicious actor in question. And much of the success of malvertising is thanks to the preexisting nature of the modern advertising industry. The modern ad model only makes it easier for malicious actors to weaponize frequent user behavior, as it enables these cyber attackers to benefit from the profiling and targeting that is already in place -- all while they remain anonymous. And it doesn’t look like malvertising is going to lose its popularity any time soon. Malvertising is an incredibly lucrative form of malicious activity that is bolstered by the credibility and reputation of mainstream sites, and that, unfortunately, cannot be anticipated and is terribly tough to avoid without the mobilization of antivirus tools.

References

Newman, Lily Hay. “Here's the Malware You Should Actually Worry About.” Wired, Conde Nast,

21 July 2019, www.wired.com/story/adware-most-common-malware/.

Rahul Kashyap, Bromium. “Why Malvertising Is Cybercriminals' Latest Sweet Spot.” Wired,

Conde Nast, 7 Aug. 2015,

www.wired.com/insights/2014/11/malvertising-is-cybercriminals-latest-sweet-spot/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Viruses vs Worms

June. 05, 2020

2:00-3:00AM PST

In order to properly thwart malware, it is essential to understand the various classifications of malware that one may encounter at some point. As intrusive software created with the goal of ensuing damage and destruction to a slew of devices, malware comes in numerous forms -- all bringing along their own problems to be addressed in varying degrees. According to PCWorld, a PC plagued by malware might exhibit symptoms that include, but are not limited to a “slower-than-usual performance, a sudden spate of pop-ups, and other anomalous issues.” However, of all of the shapes that malware can take, two are commonly confused for one another: viruses and worms. User data is precious and incredibly valuable. By creating awareness and boosting overall knowledge regarding these two different kinds of malware, we aim to help users to spot them more easily, in turn equipping them to avoid catastrophic data or IT information loss.

What is a Virus?

Although most appearances of malware are commonly assumed to be viruses, this is not an accurate categorization. As technology, and as a result, cybersecurity threat tools, have evolved and advanced, occurrences of computer viruses have become rather sparse. Today, viruses account for a mere 10% of overall malware appearances. A subcategory of malware, a computer virus is a malicious software linked to a file or document, enabling the execution of destructive code that can spread from network to network. It is crucial to note that nearly every virus is enabled as a result of its attachment to an executable file. So, following download, a virus will remain inactive until opened and in operation. In other words, when a user executes such a file, the user -- in effect -- executes the virus themselves. This malicious software is designed with the goal of bringing destruction and interference upon a system’s operations. Consequently, viruses can trigger major, catastrophic data loss and operational complications.

Despite major technological improvements made over the course of the past few decades, a virus is surprisingly still the only type of malware that can infect other files, making them incredibly difficult to eradicate. Follow this spread of infection, the virus can then transfer itself to documents, files, code, etc. located on additional devices via memory-storage devices, online systems, and networks -- often multiplying until data is obliterated or program codes become debilitated entirely. Moreover, viruses can vary greatly in their severity, with damages ranging from benign humor to immediate and total system ruin. And individuals who encounter the later may find their valuable data permanently compromised.

What is a Worm?

Similarly, a worm manifests itself as malicious software that quickly multiplies and disseminates to any, and sometimes all devices operating within the network. Differentiating themselves from viruses, worms are traditionally independent software and do not require a host program in order to circulate. In fact, absolutely no human action is needed for a worm to multiply and disperse across a number of networks, wreaking havoc. Following the infection of a device through a network connection or downloaded file, worms aggressively reproduce and spread. Easily distributing themselves across systems, worms can either take advantage of a vulnerability on a target network or weaponize a form of social engineering in order to deceive users into carrying them out. Furthermore, a worm is able to freely traverse a system by either entering a device via a fragile point or by taking advantage of file or information transport features on a device. 

According to Encyclopedia Britannica, the first worm was released onto the Internet in November 1988 from MIT, by “a computer science student at Cornell University named Robert Morris” who hoped to maintain anonymity as a guest on campus. The birth of the computer worm was rather harmless, aside from forcing nearly 1/10 of the Internet to cease operations briefly. But as time passed and technology continued to flourish, worms became a tool for cybercriminals. And very much like viruses, worms can significantly disrupt a device’s operations, bringing about disastrous levels of data loss. Self-replicating and easily-dispersed, highly evolved worms can leverage other forms of malware, like ransomware, to bring about particularly harsh attacks on their targets. Worms are frequently key elements of cybersecurity attacks, with attackers utilizing their functions to produce zombie computers that become firmly linked in botnets, all with the purpose of dispersing spam or flooding web site with blackmail schemes and other methods of denial-of-service attacks.

How Should Malware Be Addressed?

There is no one surefire method to discern whether or not a device has been plagued with malicious code. As previously mentioned, some infections that may plague devices have the potential to completely obliterate files and ultimately shut down the device. On the other hand, some infections may only mildly impair a device’s typical operations, making it immensely difficult to locate the exact root cause of malware. Individuals are advised to keep an eye out for any abnormal and peculiar device behavior. However, anti-virus software can provide users with alerts of any malicious software that has made its way onto a given device or network. And oftentimes, this anti-virus software may be able to rid a device of malicious actors all on its own. But it is crucial to keep anti-virus software as updated as possible. Cyberattackers are constantly evolving their codes and tactics in an effort to successfully debilitate victim’s devices. Malware can be costly to a user’s wallet, time, and valuable data. Strengthening a device or network’s defenses against malicious code can help to avoid any malware induced damages. Keeping software up to date, regularly changing passwords, installing and enabling a firewall, and following good network security practices are the key to protecting devices against malware in all its forms.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid several kinds of malware is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect against malware while supplying clients with consistent alerts of any cybersecurity vulnerabilities or malicious actors within their network.

References

The Editors of Encyclopaedia Britannica. “Computer Worm.” Encyclopædia Britannica,

Encyclopædia Britannica, Inc., 10 Nov. 2017,

www.britannica.com/technology/computer-worm.

Geier, Eric, and Josh Norem. “How to Remove Malware from Your Windows PC.” PCWorld,

PCWorld, 6 May 2019,

www.pcworld.com/article/243818/how-to-remove-malware-from-your-windows-pc.html.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Expensive—and Preventable—Data Breach Hits Altice

March 11, 2020

10:00-11:00AM PST

Another major company has announced that it has fallen victim to a major data breach. Alarmingly, it was internet service, phone and cable provider Altice USA that was the data breach target through an attack executed via an extremely common malicious email technique.

Criminals used a phishing email that was sent to an Altice employee in Long Island, New York. When the employee clicked on a link, it gave thieves access that enabled them to download the Social Security numbers, birth dates and other personal information of all 12,000 current employees, as well as a number of former employees and customers across the 21 states it serves.

Data Breaches through Phishing Emails

What makes this data breach alarming is that phishing email attacks—like the one that was usedto initiate this break in and theft—are exceedingly common. The average U.S. employee gets 16 malicious emails a month. Without training and software that protects email, it is only a matter of time before one of those emails wreaks havoc.

Suchdata breach attacks are exceedingly costly:

  • Altice had to hire a computer forensics company to figure out what happened and determine the extent of the damage.
  • It has paid to train employees on how to better recognize a malicious email and what to do with suspect email.
  • The company must cover the cost of credit monitoring services for everyone compromised.
  • As a New York company, Altice is subject to the new SHIELD Act [link to this article on your site]that imposes fines and other legal obligations.

And it doesn’t stop there. Add in the damage to the brand, and you have a major loss; one that was extremely preventable.

Phishing Email Data Breaches Are Preventable

Phishing email attacks that initiate data breaches are indeed preventable. Solutions are available that scan inbound email traffic in real-time. These solutions compare incoming emails against black listed entities, scrape and analyze the emails for malicious links and attachments, quarantine suspected emails, and then detonate them in protected spaces not connected to networks where they can do no harm. The most sophisticated systems use machine learning to enhance threat detection.

Because phishing, spoofing, malware, and other threats require human participation, the best systems provide warnings as to the presence and nature of threats. Training on how to recognize and respond to malicious email attacks is a vital part of protecting systems, data, employees and customers.

Also Protect What You Send

Criminals are looking to break into the emails you send, too. Your outgoing email traffic is equally at risk for data breaches as the email your company sends. Solutions that encrypt outgoing mail, even on mobile devices, provide a needed layer of security.

As we were wrapping up this article late this afternoon, it was announced that Altice is now the subject of a class action lawsuit.  The suit filed today is likely the first of manyfor Altice following this data breach. Unfortunately for Altice, the costs keep mounting—all from a data breach initiated through email that was preventable with a small investment in software and training.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Avoid Phishing Scams: Google and Facebook Were Victims

April 30, 2019

10:00-11:00AM PST

It appears that being duped by online phishing scams happens to the best of us.

 

Between 2013 - 2015, Google and Facebook were scammed for more than a combined $120 million by 50-year-old, Evaldas Rimasauskas of Lithuania. In March, Rimasauskas pled guilty to one count of wire fraud against the two industry giants, admitting to hatching a scheme (with the help of unnamed conspirators) to pose as Quanta Computer, a laptop manufacturer based out of Taiwan.

The Scam

 

Allegedly, Rimasauskas registered and incorporated a fake business in Latvia under the name Quanta Computer, a company that regularly conducts business with both Google and Facebook. Then, he developed an infrastructure through which phishing emails were sent to Quanta’s business partners at Google and Facebook, requesting that they send their payments for services rendered by Quanta to bank accounts in Latvia and Cypress that Rimasauskas operated.

These fraudulent emails that contained false invoices, contracts, and letters with forged signatures of actual Quanta executives, were convincing enough to fool the powers that be at Google and Facebook to the tune of $23 million and $98 million, respectively. Lost millions that can never be recovered.

It wasn’t until a couple of years after conducting the lucrative phishing scam that Rimasauskas was caught. He was arrested by local Lithuanian authorities in March of 2017, and extradited to the United States a month later. Rimasauskas’s trial is slated for this coming July, at which point he could face a prison sentence of up to 30 years.

The Outcome

 

Rimasauskas’s phishing scam serves as proof that if a 50-year-old man operating a phony business from his laptop halfway across the world can fleece two of the world’s most tech-savvy corporations out of more than a combined $120 million, it truly can happen to anyone.

As unusual as the circumstances in this case may seem, it’s far from being an isolated incident. Just last year, online retail mogul, Amazon was scammed out of millions of dollars by normal civilians on two separate occasions!  

Federal investigators claim that the criminal practice of defrauding businesses using phishing emails has become increasingly common in recent years. In 2017, the FBI reported that the defrauding of businesses by way of fraudulent emails had netted over $3 billion in losses since 2013.

How to Protect Your Business

 

Once upon a time, phishing attempts were easy to spot and could be identified with a mere glance. But the rapid rise of successful phishing schemes in recent years serves as evidence that online criminals are getting better at crafting fraudulent emails. Even the most sophisticated businesses are finding phishing schemes to be more difficult to identify.

Luckily, there are some telltale signs that an incoming email has been sent as part of a phishing scam.

Watch Out For Spelling and Grammar

 

With phishing attempts, the adage “if it looks like a dog and sounds like a dog, it probably is one” certainly rings true. Phishing scam emails are commonly flooded with spelling and grammatical errors.  

Tread carefully when receiving an email with unusually poor spelling. And if in doubt, contact the sender to confirm that they did in fact attempt to send you the email--especially when it’s an email asking you to do something with your bank account or execute some type of monetary transaction.

Apply the same logic when checking the sender’s address of an email that causes you to raise an eyebrow. Oftentimes, phishing scammers can replicate the domain name and even the logo of a major corporation. The good news is they can’t replicate the exact email address. Therefore, keep an eye out for email addresses that appear to be off by a few letters or numbers.

Watch Out For Emails With Urgent Messages

 

Another common trick utilized in phishing scam is to grab your attention by imbuing emails with a sense of urgency. The most common examples of this includes false claims that an account has been hacked, threats that incriminating material is obtained, or offers for a time-sensitive promotion.  

When receiving such an email, especially one that makes you feel like you, your bank account, or your reputation is somehow in danger, it’s a natural reaction to accept it as fact and click on any link the email instructs you to do so.  

Take a deep breath. Most emails featuring urgent messages should be examined closely. Make sure to read through email carefully before clicking any links and/or attachments.

Employ Email Security

 

The most effective way to avoid phishing scams is to utilize an email security service like Trustifi. Trustifi is a SaaS platform that works to encrypt, protect, and ensure the delivery of each email. Trustifi also authenticates incoming emails and alerts the user when an email is identified as suspicious and most likely fraudulent. Good email security services will monitor all incoming and outgoing mail, not only protecting your email communication, but also enhancing the effectiveness of your process as a whole.

 

The reality is—with scammers being able to hide behind their keyboards—everyone needs an email security service.

Sources:

1) “Man Pleads Guilty to Scamming Google and Facebook for over $120 Million” by MarkSerrels https://www.cnet.com/news/man-pleads-guilty-to-scamming-facebook-and-google-for-over-120-million/?ftag=COS-05-10-aaa0a&linkId=65222483&fbclid=IwAR0xJRS3lUPkVWCFL138ZKvSr_a4Hpiut9lBK3W2dFveLd4-pLcso6zX1eI

2) “How This Scammer Used Phishing Emails to Steal Over $100 Million from Google and Facebook” by Tom Huddleston Jr. https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html  

3) “How to Protect Your Business from Phishing Scams” by Sam Woodhamshttps://www.cpomagazine.com/cyber-security/how-to-protect-your-business-from-phishing-scams/

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization