Spotting and Protecting Against Malware: Adware and Malvertising

June. 12, 2020

3:00-4:00AM PST

The type of malware most commonly on the minds of tech-using individuals around the world is the computer virus, however, there are several variations of malware that can plague your device, network, server, etc. at any given time. Although the average user is highly unlikely to  encounter elite hackers that unleash the utmost technically-advanced malicious attacks, “run-of-the-mill, profit-generating malware, on the other hand, is rampant.“ For this reason, it is imperative to understand the characteristics of numerous kinds of malware so that you might be able to avoid data theft and destruction that might be left in their wake.

What is Adware?

Adware very well may be the variation of malware that the average user is most likely to face. To put it simply, adware is a type of malicious software that illegally slips into a user’s browsers and apps for the purpose of originating phony profits. Adware is quite similar to the pop-up ads of the past. However, while adware is a particular software that operates on a device, pop-ups ads are comprised of rogue web scripts that project ads onto a user’s device. And cyber-scammers have begun to utilize the nature of the widely held advertising revenue model to their advantage. By creating and putting more illegitimate ads onto the Internet, a larger quantity of eyeballs become likely to view such advertisements, which results in greater revenue placed in the pockets of these scammers. Although these ads were often obvious, conspicuous, and clumsy at their inception, most have evolved into more undistinguishable, refined, and stealthy versions of themselves over time.

 

Unfortunately, smartphones have become a near-perfect launching pad for the release of adware. This is due to the fact that scammers can disperse adware-tainted apps via smartphones via third-party app stores available to Android users. Moreover, these cyber-scammers can even leverage highly trusted app stores like the Google Play Store and Apple’s App Store by utilizing them to disseminated apps that are contaminated with adware. In doing so, such apps have the potential to land in the hands of millions of smartphone owners. These apps can distribute disingenuous ads onto these devices which either operate in the background or out in the open for the device owner to see. This is what separates adware from other forms of malware. Without necessitating the carrying out intricate cyber attacks, or even attempting to steal money from device owners, adware sneaks onto a device and causes mere inconvenience or slowed operating speed for the user. In doing so, the scammer behind the adware hopes to accumulate advertising revenue. And more often than not, adware supplies scammers with the greatest opportunity to generate profits. However, it is important to keep in mind that although adware may not pose an immediate danger to users, this type of malware effectively creates opportunities for future malicious activities that can put user data, networks, devices, etc. in jeopardy. Furthermore, it is not impossible for adware and other malicious software to be transmitted as a package deal, foretelling subsequent grave attacks.

Users can make an active effort to avoid adware by exclusively utilizing official app stores and downloading credible applications. Additionally, users should rid their phones of applications that they do not often use, as well as applications that regularly experience glitches or that are ad-heavy. Overall, since adware is the type of malicious software that smartphone users are most likely to run into, users should keep a consistent and vigilant eye out for it.

What is Malvertising?

An incredibly tough problem to address, malvertising is a type of malware that users often find most difficult to wrap their heads around entirely. Malvertising is the propagation of malicious code that lives within online advertisements, waiting for just the right moment to contaminate the device of an unknowing user. Malvertising has found success, in part, due to user’s seemingly unshaken trust in mainstream websites such as Youtube and Reuters. Individuals visiting these sites often do so with peace of mind founded in the credibility associated with such platforms, but malicious actors are taking advantage of this confidence in order to infect user devices, networks, etc. -- sometimes without a single click of a button -- via third-party content that typically goes unnoticed by the user. It isn’t enough to steer clear of sketchy websites because “mainstream, high-trafficked Web sites today outsource the ad content on their pages to a vast array of third-party ad networks, including household names like Google (DoubleClick) to start-up providers and others well under the radar.” When users utilize these mainstream sites, their device -- unbeknownst to most -- is, in fact, making connections with several additional URLs. The main purpose of this is to boost convenience and efficiency on the web, offering features like video files and more in-depth web interactions. However, this effectively opens the doors to malvertising attempts, rendering the credibility of sites almost entirely inconsequential. In fact, malvertising is oftentimes dependent on this credibility, as it makes it easier to attract unsuspecting users to other contaminated domain addresses.

Moreover, malicious attackers leveraging malvertising greatly benefit from their easily maintained anonymity. This is typically due to the fact that the operators of the sites that ultimately serve these harmful advertisements entirely lack visibility of such ads. To top it off, ads rotate from site to site at rapid speeds and can even be purchased with theft credentials and assets, making it increasingly difficult to identify the malicious actor in question. And much of the success of malvertising is thanks to the preexisting nature of the modern advertising industry. The modern ad model only makes it easier for malicious actors to weaponize frequent user behavior, as it enables these cyber attackers to benefit from the profiling and targeting that is already in place -- all while they remain anonymous. And it doesn’t look like malvertising is going to lose its popularity any time soon. Malvertising is an incredibly lucrative form of malicious activity that is bolstered by the credibility and reputation of mainstream sites, and that, unfortunately, cannot be anticipated and is terribly tough to avoid without the mobilization of antivirus tools.

References

Newman, Lily Hay. “Here's the Malware You Should Actually Worry About.” Wired, Conde Nast,

21 July 2019, www.wired.com/story/adware-most-common-malware/.

Rahul Kashyap, Bromium. “Why Malvertising Is Cybercriminals' Latest Sweet Spot.” Wired,

Conde Nast, 7 Aug. 2015,

www.wired.com/insights/2014/11/malvertising-is-cybercriminals-latest-sweet-spot/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Viruses vs Worms

June. 05, 2020

2:00-3:00AM PST

In order to properly thwart malware, it is essential to understand the various classifications of malware that one may encounter at some point. As intrusive software created with the goal of ensuing damage and destruction to a slew of devices, malware comes in numerous forms -- all bringing along their own problems to be addressed in varying degrees. According to PCWorld, a PC plagued by malware might exhibit symptoms that include, but are not limited to a “slower-than-usual performance, a sudden spate of pop-ups, and other anomalous issues.” However, of all of the shapes that malware can take, two are commonly confused for one another: viruses and worms. User data is precious and incredibly valuable. By creating awareness and boosting overall knowledge regarding these two different kinds of malware, we aim to help users to spot them more easily, in turn equipping them to avoid catastrophic data or IT information loss.

What is a Virus?

Although most appearances of malware are commonly assumed to be viruses, this is not an accurate categorization. As technology, and as a result, cybersecurity threat tools, have evolved and advanced, occurrences of computer viruses have become rather sparse. Today, viruses account for a mere 10% of overall malware appearances. A subcategory of malware, a computer virus is a malicious software linked to a file or document, enabling the execution of destructive code that can spread from network to network. It is crucial to note that nearly every virus is enabled as a result of its attachment to an executable file. So, following download, a virus will remain inactive until opened and in operation. In other words, when a user executes such a file, the user -- in effect -- executes the virus themselves. This malicious software is designed with the goal of bringing destruction and interference upon a system’s operations. Consequently, viruses can trigger major, catastrophic data loss and operational complications.

Despite major technological improvements made over the course of the past few decades, a virus is surprisingly still the only type of malware that can infect other files, making them incredibly difficult to eradicate. Follow this spread of infection, the virus can then transfer itself to documents, files, code, etc. located on additional devices via memory-storage devices, online systems, and networks -- often multiplying until data is obliterated or program codes become debilitated entirely. Moreover, viruses can vary greatly in their severity, with damages ranging from benign humor to immediate and total system ruin. And individuals who encounter the later may find their valuable data permanently compromised.

What is a Worm?

Similarly, a worm manifests itself as malicious software that quickly multiplies and disseminates to any, and sometimes all devices operating within the network. Differentiating themselves from viruses, worms are traditionally independent software and do not require a host program in order to circulate. In fact, absolutely no human action is needed for a worm to multiply and disperse across a number of networks, wreaking havoc. Following the infection of a device through a network connection or downloaded file, worms aggressively reproduce and spread. Easily distributing themselves across systems, worms can either take advantage of a vulnerability on a target network or weaponize a form of social engineering in order to deceive users into carrying them out. Furthermore, a worm is able to freely traverse a system by either entering a device via a fragile point or by taking advantage of file or information transport features on a device. 

According to Encyclopedia Britannica, the first worm was released onto the Internet in November 1988 from MIT, by “a computer science student at Cornell University named Robert Morris” who hoped to maintain anonymity as a guest on campus. The birth of the computer worm was rather harmless, aside from forcing nearly 1/10 of the Internet to cease operations briefly. But as time passed and technology continued to flourish, worms became a tool for cybercriminals. And very much like viruses, worms can significantly disrupt a device’s operations, bringing about disastrous levels of data loss. Self-replicating and easily-dispersed, highly evolved worms can leverage other forms of malware, like ransomware, to bring about particularly harsh attacks on their targets. Worms are frequently key elements of cybersecurity attacks, with attackers utilizing their functions to produce zombie computers that become firmly linked in botnets, all with the purpose of dispersing spam or flooding web site with blackmail schemes and other methods of denial-of-service attacks.

How Should Malware Be Addressed?

There is no one surefire method to discern whether or not a device has been plagued with malicious code. As previously mentioned, some infections that may plague devices have the potential to completely obliterate files and ultimately shut down the device. On the other hand, some infections may only mildly impair a device’s typical operations, making it immensely difficult to locate the exact root cause of malware. Individuals are advised to keep an eye out for any abnormal and peculiar device behavior. However, anti-virus software can provide users with alerts of any malicious software that has made its way onto a given device or network. And oftentimes, this anti-virus software may be able to rid a device of malicious actors all on its own. But it is crucial to keep anti-virus software as updated as possible. Cyberattackers are constantly evolving their codes and tactics in an effort to successfully debilitate victim’s devices. Malware can be costly to a user’s wallet, time, and valuable data. Strengthening a device or network’s defenses against malicious code can help to avoid any malware induced damages. Keeping software up to date, regularly changing passwords, installing and enabling a firewall, and following good network security practices are the key to protecting devices against malware in all its forms.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid several kinds of malware is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect against malware while supplying clients with consistent alerts of any cybersecurity vulnerabilities or malicious actors within their network.

References

The Editors of Encyclopaedia Britannica. “Computer Worm.” Encyclopædia Britannica,

Encyclopædia Britannica, Inc., 10 Nov. 2017,

www.britannica.com/technology/computer-worm.

Geier, Eric, and Josh Norem. “How to Remove Malware from Your Windows PC.” PCWorld,

PCWorld, 6 May 2019,

www.pcworld.com/article/243818/how-to-remove-malware-from-your-windows-pc.html.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Spotting and Protecting Against Malware: Trojans and Ransomware

June. 5, 2020

1:00-2:00AM PST

Devices and technology have rapidly evolved over the past several years. Unfortunately, this evolution has brought along with it more opportunities and the elevation of numerous forms of malware. Malware, or malicious software, is a piece of software created for the purpose of device impairment, data theft, and overall network upheaval. Coming in many shapes and sizes, and varying greatly in threat-level, malware often serves as tools for hackers hoping to achieve economic gains -- by either disseminating it themselves or selling it at a hefty cost on the Dark Web. But attaining monetary winnings is far from the only goal of malware; protests, security tests, or the instigation of war between governments are additional motives for malware usage. Two types of malware in particular -- trojans and ransomware -- have recently experienced a spike in popularity within the hacking community. Understanding the functionality of each of these methods of malware, as well as the ways in which they can work together to cause severe damages, will help users to avoid disastrous encounters with them.

What is a Trojan?

A trojan, more formally referred to as a trojan horse, is a type of malicious software or code that appears legitimate and wellfounded but can result in a user’s total loss of control over their device or network. Trojans are especially dangerous, as they are typically devised in order to disrupt, damage, steal, or impose impairment and distress onto a user’s data or network. And “unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.” To put it simply, trojans disguise themselves as genuine files and/or applications in order to dupe users into loading and implementing the malware onto their devices. Once a user successfully installs a trojan onto their device, it is empowered to perform its designed functions and duties.

A user is critical to the success of a trojan. Without a user or host’s execution of a trojan, it is entirely useless. However, once a user executes a trojan -- opening and downloading what they have so innocently assumed to be a legitimate attachment or file, often from a sender impersonating someone the user knows -- the consequently installed malware can spread to other files, wreaking untold havoc on the device. 

The following are some of the most prevalent types of trojans that a user may encounter:

  • A Backdoor Trojan has the ability to produce a “backdoor” to a user’s device, providing attackers with access and control of the device. This type of trojan can enable hackers to download and steal valuable user data, as well as provide an opportunity for additional malware to be uploaded to the device.
  • A Downloader Trojan targets already-infected devices, downloading and installing new, updated versions of malicious software.
  • An Infostealer Trojan seeks to steal precious data from a device plagued with malware.
  • A Mailfinder Trojan aims to steal any or all email addresses that have been amassed on a device.

What is Ransomware?

Ransomware is an additional type of malicious software, designed with the goal of locking and encrypting user data located on a device. This data is only returned to its rightful owner following the payout of a ransom to the attacker. Cases have existed in which users are given a strict deadline to which they must pay a cybercriminal, and failure to do so has the potential to result in the permanent loss of their data. But even giving into the desired payouts of the attacker might not guarantee restored access, as many who deploy ransomware are actually cyberthieves. Ransomware keeps users from their personal files and data -- eliminating access to a user’s photos, documents, and even financial information. While these files still live on the user’s device, the ransomware has encrypted the data, rendering it entirely futile and nonfunctional. 

Regaining access to one’s data following a ransomware attack is far from simple. For this reason, it is crucial to be aware of the various forms of ransomware, as well as how to most successfully approach them. The following are some of the most common and typical variations of ransomware:

  • Crypto malware is especially disastrous, encrypting a user’s folders, files, documents, and hard-drives. 
  • Scareware takes the form of fake software that pretends to be a cleaning tool or anti-virus program. This ransomware typically demands a payout in exchange for fixing nonexistent problems plaguing one’s device. Scareware often has the ability to lock one’s device or flood it with an onslaught of pop-ups.
  • Lockers are a form of ransomware that often plague android users’ operating systems, locking them out, and ultimately preventing the access of any files or applications on the device.
  • Doxware, otherwise known as extortion-ware or leak-ware, threatens to publish sensitive, valuable, and previously private information onto the Internet if a ransom is not paid.

 

It is imperative to note that paying ransoms has the potential to lead users down a slippery slope. Payouts may not guarantee the return of your data, and cybercriminals may even require additional payouts -- extorting users to no end -- all while users never regain access to their valuable data, files, photos, documents, etc.

Avoiding Trojans, Ransomware, and Hybrids of Both

As user data grows increasingly sensitive, a large percentage of users will remain willing to payout ransoms. And consequently, the combination of multiple forms of malware that can perform more functions is growing in popularity. According to Lindsey O’Donnell at ThreatList, “ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019.” For example, commonly utilized banking trojans have empowered hackers to more rapidly deploy ransomware. And so, pinpointing the exact strain of malware has become increasingly difficult, but doing so is also even more crucial than ever in terms of addressing device or network infections. Exhibiting care when dealing with email attachments, regularly backing up files on an external hard-drive, consistently changing passwords, keeping software as up to date as possible, installing and deploying firewalls, utilizing security software, and taking advantage of services provided by “the cloud” are all actions that users can take to ensure the security of their data.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid malware, like trojans and ransomware, is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect clients against. With the support of our highly skilled and experienced team, users are provided with consistent alerts of any cybersecurity threats or malicious actors that may plague their device or network.

References

“Cisco Security Threat and Vulnerability Intelligence.” What Is the Difference: Viruses, Worms,

Trojans, and Bots?, 10 Nov. 2014,

tools.cisco.com/security/center/resources/virus_differences.

O'Donnell, Lindsey. “ThreatList: Ransomware Trojans Picking Up Steam in 2019.” Threatpost

English Global Threatpostcom, 14 June 2019, 

threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Microsoft Open Sources its Coronavirus Threat Data

May. 20, 2020

10:00-10:00AM PST

Cybercriminals have been busy in the last couple of months, using the COVID-19 pandemic to hack people and companies. Microsoft decided to open-source its data about these cyber threats in order to better combat cybercriminals and look for ways to protect vulnerable users. The hope is that by sharing this information, they can get a better view of the techniques hackers are using and help defend better against cyberattacks.

Increases in Attacks

In the three months since the pandemic began, there has been an increase in cyberattacks of 600%, and a majority of these have been claims of coronavirus testing, stimulus packages, notifications from the government, and fake pandemic maps.

Cyberattacks in hospitals increased by about 60 percent from February to March. Many of the attacks on hospitals are ransomware, though the software that hospitals are using has been highly successful at blocking these ransomware attacks.

Major Targets

Fraudsters have been sending emails claiming to be from the World Health Organization (WHO) or the Center for Disease Control (CDC) and claiming they have information about the pandemic. These often have malicious links; some even have attachments that claim they have a list of infected people in your area. Others will ask you for a Bitcoin donation to help support research for the virus or want your contact information to send you what they claim to be exclusive information on COVID-19.

Just a few weeks ago, WHO confirmed that approximately 450 email addresses and passwords for active employees were leaked; other groups working on COVID-19 responses also had thousands of credentials leaks.

One group that has been widely targeted is remote workers. "With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures. We recently uncovered an interesting Skype phishing email that an end-user reported to [Cofense] Phishing Defense Center," Cofense researchers explained. The scammers have been sending out fake videoconferencing notifications aimed at getting access to Zoom and Skype credentials. Hackers have also been infiltrating videoconferences and disrupting meetings.

Spreading Awareness

The software giant has been sharing examples of some of the different phishing emails being used by these hackers on their Twitter in the hope that they can get this information out to more people more quickly.

In a blog post, Microsoft said they have been processing "trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detect, protect, and respond to them across our entire security stack. Today, we take our COVID-19 threat intelligence sharing a step further by making some of our own indicators available publicly for those that are not already protected by our solutions."

Where to Find Indicators

Microsoft released a guidebook for Azure Sentinel Notebooks to help hunt for these attacks, and they assured those with Microsoft Threat Protection that they were protected from the identified threats.

The indicators are available through the Microsoft Graph Security API, in the Azure Sentinel GitHub, and in the MISP feed.

Protecting Yourself

Since Microsoft cannot identify and stop every threat as soon as it appears, you should be prepared to take measures for your own cybersecurity. If you receive an email asking for money for research for the coronavirus, take a moment to scrutinize the message before you click on anything or give them anything. If you receive emails that claim to have pandemic maps or special information about the IRS stimulus checks, it is highly likely the email is a phishing scam.

It is a good policy to not click on anything unless you are 100 percent sure that it is from a source you can trust. If it seems iffy, you can always call the organization the email is supposed to be from to see if they truly sent it to you. Do not download any attachments unless you are sure that it is from who you think it is from; fake attachments often have spyware or malware included that gets to tunnel through your computer once you open that attachment.

The steps are simple if you believe your information has been compromised. First, run a virus scan on your computer, change your passwords from a different device than the one you opened the email in, and contact your bank — if your bank account was jeopardized.

One way to help yourself feel safer when you are checking your email is to contact an email security service to help give you an extra layer of protection when you are checking your email.

 

References

ARSENE, Liviu. “Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic.” Bitdefender Labs, 14 May 2020, labs.bitdefender.com/2020/05/global-ransomware-and-cyberattacks-on-healthcare-spike-during-pandemic/.

Davis, Jessica. “New COVID-19 Phishing Campaigns Target Zoom, Skype User Credentials.” HealthITSecurity, HealthITSecurity, 27 Apr. 2020, healthitsecurity.com/news/new-covid-19-phishing-campaigns-target-zoom-skype-user-credentials.

Dowdell, Sophie. “600% Increase in COVID-19 Related Phishing Attacks.” IT Security Guru, 16 Apr. 2020, www.itsecurityguru.org/2020/04/16/600-increase-in-covid-19-related-phishing-attacks/.

“Open-Sourcing New COVID-19 Threat Intelligence.” Microsoft Security, 14 May 2020, www.microsoft.com/security/blog/2020/05/14/open-sourcing-covid-threat-intelligence/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Wuhan Corona Virus Email Scams Prey Fear and Disruption

March 17, 2020

10:00-11:00AM PST

Wuhan corona virus email scams are proliferating. Fear, confusion, disinformation and disruption are leading symptoms of the Wuhan corona virus. They create an ideal environment for hackers and thieves and represent a real threat to your cyber security,

 

  • People hungry for information and confused by conflicting reports are prone to click on anything that hooks into their anxiety.
  • Distracted by news that hypes fear, people become careless and disregard common sense best practices.
  • Massive numbers of employees are working remotely, creating multiple security vulnerabilities.
  • Since home feels safe, employees working remotely may relax their approach to cyber security.

Hackers are ready to make the most of this opportunity. Here are some of the new corona virus email scams:

Malicious emails from health and news organizations

Malicious news from spoofed organizations are on the rise. Hackers impersonate organizations like the World Health Organization (WHO) and present malicious links that install malware or try to capture financial details, personal information and password credentials. Before open any emails or clicking on their links, think twice and check it out. The WHO website details how to spot WHO impersonations and fakes as does the Center for Disease Control and Prevention (CDC).

Raising money for fraudulent charities

Fake charities seem to pop around every disaster. One fraudulent email scheme purports to raise money to vaccinate children in China—but as of this writing, such a vaccine has yet to be invented.

 

Selling Hoard-able Sold-out Products Like Face Masks and Disinfectant

Emails are making the rounds selling hard-to-find products like face masks, hand sanitizer, and even toilet paper. Click a link, and you’ll end up at a fraudulent e-commerce site that will take your credit card information, send you nothing, and rack up charges.

What to Do: Re-Emphasize Email Security

Now is the time to reinforce security training with employees, particularly those moving to remote working environments. Remind them to be particularly careful about email, explaining how criminals will try to exploit their emotions during this time. Specific advice to offer:

  • Do not click on unsolicited emails, links they contain, or attachments they may offer.
  • Do not offer personal information on any email link. It is better to contact any organization directly.
  • Do not be manipulated by emails that try to build a sense of alarm and demand immediate action.
  • Double check any charity or calls for crowdfunding donations.

Besides warning employees, now is a good time to check your email security protections. Update as appropriate and if you don’t have it, don’t delay. Install quality protections today.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization