Connect with us

The ambitions of Cybercriminals reached new heights in 2016 according to a report released by Symantec on Wednesday. Symantec has highlighted the unprecedented rise in not just the number of incidents of cybercrime but in the scale of the crimes themselves.

The report highlights the simple flaws that cybercriminals are using in order to achieve their goals. Symantec stated that attackers “frequently used very simple tools and tactics in order to make a big impact”. In a shift away from using zero-day exploits and sophisticated Malware suites, attackers are now opting to “live off the land”. Living off the land involves an attacker utilizing built in Operating system features like Windows Power Shell and Macros . These features can give a cybercriminal remote access to a computer without needing a direct exploit. Instead of relying on expensive tools, attackers now rely on social engineering.

Attackers use innocent language to track users into clicking - Symantic Report 2017

Attackers use innocent language to track users into clicking – Symantic Report 2017

Reliance on social engineering has led to email once again becoming a favored tool with which to commit cybercrime. Email had been used to conduct every kind of attack in 2016. From the targeted attack on the Democrats emails during the US election to spreading ransomware. The report estimates that around  1 in every 131 emails is malicious. The emails generally masquerade as something innocent, making them hard to detect.

Malicious emails often contain ransomware that locks the victims computers up and demands a fee in order to unlock it. Attackers are now demanding an average of $1,077. The number of Ransomware attacks almost tripled in 2016 and emails scams have cost small businesses almost $3 billion dollars, so it really is important to double check emails before opening them.

Cybercrime on the rise 2

    Ransomware is becoming increasingly common and attackers are demanding more money – Symantec report 2017

Cybercriminals have also began to use the inherent weakness of the Internet of Things to conduct their attacks. Most IoT devices are poorly secured, with users either unable to alter the default credentials or neglecting to do so. This allows hackers to get access to a huge number of devices in order to launch devastating Direct Denial of Service attacks. The most high profile of these was Mirai, a botnet composed of poorly secured routers, security cameras and other IoT devices. Several of Mirai’s targets were cloud based services, highlighting a growing vulnerability due to the explosion of cloud based storage.

Cybercrime on the rise

Attackers frequently used default passwords to try break into IoT devices – Symantec report 2017

Financial attacks have also become far more ambitious. Rather than focusing upon stealing your card or bank details, cybercriminals are now going after the banks themselves. In 2016 these attacks reached new heights with the Banswift Group managing to steal $81 million from the Bangladeshi central bank. There are also fears that for the first time nation states like North Korea may now be involved in cyber bank heists. The bank attacks were sophisticated, with the attackers gaining access to the target bank’s SWIFT credentials, allowing them to make fraudulent transactions.

Cybercriminals have not just targeted people’s finances. 2016 marked a big increase in politically motivated attacks. The most notable of which is probably the attack on the Democratic party’s emails during the US elections but there have been many others. A number of disk wiping attacks were used against targets in Ukraine, resulting in major power outages and there were a number of attacks against targets in Saudi Arabia. The rise in disruptive cybercrime coincides with a reduction in activities like economic espionage and intellectual property theft, implying a shift in resources

Cybercrime on the rise

A time line of major targeted attacks in 2016 – Symantec report 2017

Combined with Google’s report earlier this year, it’s clear that 2016 saw a huge rise in Cybercrime and the trend is unlikely to reverse any time soon. That said, there a number of simple steps you can take to protect yourself.

  • Check emails carefully before opening them, phishing attacks rely on users not noticing slight oddities. Look out for strange email addresses like noreply@domainname.com or misspelled organization names.
  • Don’t open attachments from unknown sources.
  • It sounds simple, but change the default password on your router and other devices.
  • Use a trusted VPN service when using online banking, check here for why
  • Backup your data regularly to help protect yourself from any potential ransomware attacks
  • Keep your devices up to date

 

You'll find me wandering around the Science sections mostly, excitedly waving my arms around while jumping up and down about the latest science and tech news. I am also occasionally found in the gaming section, trying to convince everyone else that linux is the future of the computer gaming.

Software

The United States has prohibited the sale of Kaspersky software due to concerns about security risks originating from Russia

blank

Published

on

blank

The United States government declared on Thursday its prohibition of the sale of Kaspersky antivirus within the nation and is urging American users of the software to transition to an alternative provider.

The Bureau of Industry and Security, a division of the Commerce Department, has implemented a unique ban on Kaspersky, claiming that the company, being headquartered in Russia, poses a threat to both U.S. national security and the privacy of its users.

Russia has demonstrated both the ability and the intention to utilize Russian companies, such as Kaspersky, to gather and weaponize the personal data of Americans. “Hence, we are obliged to undertake the course of action that we are currently implementing,” stated U.S. Commerce Secretary Gina Raimondo during a conference call with journalists.

Reuters was the first to report on the ban before it was officially announced. A representative from Kaspersky did not promptly reply to the inquiry for a comment.

Starting on July 20, Kaspersky will face a ban on selling its software to American consumers and businesses. However, the company will still be allowed to offer software and security updates to its current customers until September 29. Subsequently, Raimondo stated that Kaspersky would be prohibited from delivering software updates to customers in the United States.

“This implies that the quality of your software and services will decline.” Raimondo strongly advises finding an alternative to Kaspersky without delay.

Raimondo stated that U.S. consumers who are currently utilizing Kaspersky’s antivirus software are not in breach of any legal regulations.

Raimondo stated that individuals and businesses in the United States who currently use or have previously used Kaspersky products and services are not breaking the law, have not committed any wrongdoing, and will not face any legal consequences. “I strongly urge you to cease using that software and transition to an alternative as soon as possible to safeguard yourself, your data, and your family.”

Raimondo announced that the Department of Homeland Security and the Justice Department will collaborate to notify American consumers. Additionally, the U.S. government will establish a website to provide affected individuals with the necessary information to comprehend the rationale behind our actions and guide them in taking appropriate measures.

According to a high-ranking official from the U.S. Commerce Department, the federal cybersecurity agency CISA will engage in communication efforts with critical infrastructure organizations that rely on Kaspersky software in order to assist them in identifying alternative options. The official further stated that they have no intention of specifying any particular action by Kaspersky that prompted today’s decision. (The Commerce Department asked reporters not to reveal the official’s identity.)

The ban, which was announced on Thursday, represents the most recent intensification in a protracted sequence of measures taken by the U.S. government against Kaspersky, a company based in Moscow.

In September 2017, the Trump administration implemented a prohibition on the utilization of Kaspersky software by U.S. federal agencies due to concerns that the company may be coerced into assisting Russian intelligence agencies. In a previous report, it was disclosed that Russian state-sponsored hackers had illicitly acquired classified U.S. documents that were stored on the personal computer of an intelligence contractor. This breach occurred due to the use of Kaspersky’s antivirus software, making it the first documented case of espionage resulting from the use of this particular company’s software.

The Wall Street Journal reported in April 2023 that the decision to prohibit Kaspersky has been under development since last year.

According to the company itself, Kaspersky has more than 240,000 corporate clients globally and over 400 million individual customers. The senior official refrained from disclosing the exact number of U.S. customers that Kaspersky has. However, the official mentioned that there are a substantial number of customers, including critical infrastructure organizations as well as state and local government entities.

Continue Reading

Android

Google Chrome now has a ‘picture-in-picture’ feature

blank

Published

on

blank

Google is getting ready to make a big change to how its Chrome browser works. This is because new browsers from startups like Arc are making the market more competitive. The company said on Wednesday that it will be adding a new feature called “Minimized Custom Tabs” that will let users tap to switch between a native app and their web content. When you do this, the Custom Tab turns into a small window that floats above the content of the native app.

The new feature is all about using Custom Tabs, which is a feature in Android browsers that lets app developers make their own browser experience right in their app. Users don’t have to open their browser or a WebView, which doesn’t support all of the web platform’s features. Custom tabs let users stay in their app while browsing. Custom tabs can help developers keep users in their apps longer and keep them from leaving and never coming back.

blank

If you make the Custom Tab into a picture-in-picture window, switching to the web view might feel more natural, like you’re still in the native app. People who send their customers to a website to sign up for accounts or subscriptions might also find this change useful, since it makes it easier for users to switch between the website and the native app.

After being shrunk down to the picture-in-picture window, the Custom Tab can be pushed to the side of the screen. Users can tap on a down arrow to bring the page back to the picture-in-picture window when it is full screen.

The new web experience comes at a time when Google is making it easier for Android users to connect to the web. People can find their way to the web with AI-powered features like Circle to Search and other integrations that let them do things like circle or highlight items.

The change is coming to the newest version of Chrome (M124), and developers who already use Chrome’s Custom Tabs will see it automatically. Google says that the change only affects Chrome browsers, but it hopes that other browser makers will add changes like these.

Continue Reading

Apps

Threads finally starts its own program to check facts

blank

Published

on

blank

Meta’s latest social network, Threads, is launching its own fact-checking initiative after leveraging Instagram and Facebook’s networks for a brief period.

Adam Mosseri, the CEO of Instagram, stated that the company has recently implemented a feature that allows fact-checkers to assess and label false content on threads. Nevertheless, Mosseri refrained from providing specific information regarding the exact timing of the program’s implementation and whether it was restricted to certain geographical regions.

The fact-checking partners for Threads—which organizations are affiliated with Meta—are not clearly specified. We have requested additional information from the company and will revise the story accordingly upon receiving a response.

The upcoming U.S. elections appear to be the main driving force behind the decision. India is currently in the midst of its general elections. However, it is improbable that a social network would implement a fact-checking program specifically during an election cycle rather than initiating the project prior to the elections.

In December, Meta announced its intention to implement the fact-checking program on Threads.

“At present, we align the fact-check ratings from Facebook or Instagram with Threads. However, our objective is to empower fact-checking partners to evaluate and assign ratings to misinformation on the application,” Mosseri stated in a post during that period.

Continue Reading

Trending