Posts Tagged ‘ social engineering ’


NSS Labs recently released the results and analysis from its latest Browser Security Comparative Analysis Report, which evaluated the ability of eight leading browsers — Apple Safari, Google Chrome, Kingsoft Liebao, Microsoft Internet Explorer, Mozilla Firefox, Opera, Qihoo 360 Safe Browser, and Sogou Explorer — to block against socially engineered malware (SEM). The use of social engineering to distribute malware continues to account for the bulk of cyber attacks against both consumers and enterprises, thereby making a browser’s ability to protect against these kinds of attacks an important criterion for personal or corporate use.

Microsoft Internet Explorer continues to outperform other browsers. With an average block rate of 99.9 percent, the highest zero-hour block rate, fastest average time to block, and highest consistency of protection over time percentages, Internet Explorer leads in all key test areas.

Google Chrome remained in the top three, but its average block rate fell significantly to 70.7 percent, down from 83.17 percent in the previous test.

Cloud-based endpoint protection (EPP) file scanning provides substantial defenses when integrated with the browser. Kingsoft Liebao browser utilizes the same cloud-based file scanning system used by Kingsoft antivirus and had the second highest overall block rate at 85.1 percent, ahead of Chrome by almost 15 percentage points.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Google’s Safe Browsing API does not provide adequate SEM protection. Apple Safari and Mozilla Firefox both utilize the Google Safe Browsing API and were the two lowest performing browsers in this latest test. Both also saw significant drops of around 6 percent in their average block rates — Safari from 10.15 percent to 4.1 percent and Firefox from 9.92 percent to 4.2 percent.

Chinese browsers tested for the first time prove viable. This year, three browsers from China were included in testing for the first time, and Kingsoft’s Liebao browser jumped ahead of Google Chrome with an overall protection rate of 85.1 percent. Sogou Explorer had the fourth highest average block rate at 60.1 percent.

Commentary: NSS Labs Research Director Randy Abrams
“Selecting a browser with robust socially engineered malware protection is one of the most critical choices consumers and enterprises can make to protect themselves. Microsoft’s SmartScreen Application Reputation technology continues to provide Internet Explorer the most effective protection against socially engineered malware,” said Randy Abrams, Research Director at NSS Labs. “This year NSS added three browsers from China. The Kingsoft Liebao browser displaced Chrome from second place by using a combination of URL filtering with the cloud-based file scanning technology that Kingsoft uses for their antivirus product. Sogou Explorer, another browser from China, was the only other tested browser to exceed 50 percent protection against socially engineered malware. Firefox and Safari failed to achieve five percent effectiveness and leave less technical users at considerable risk.”

NSS Labs recommendations
Learn to identify social engineering attacks in order to maximize protection against SEM and other social engineering attacks.
Use caution when sharing links from friends and other trusted contacts, such as banks. Waiting just one day before clicking on a link can significantly reduce risk.
Enterprises should review current security reports when selecting a browser. Do not assume the browser market is static.

The 12 scams of Christmas

Written by admin
December 5th, 2013

The 12 scams of Christmas
McAfee has released its “12 Scams of Christmas” list, warning shoppers of this season’s biggest threats

With Black Friday and Cyber Monday under our belts, the 2013 holiday shopping season is officially in gear. It’s the time of year for finding great gift bargains, helping people in your community, traveling to visit family and friends, and more. Cyber criminals also love the holidays, and they’re poised with an arsenal of attacks, ready to spoil your holiday cheer.

You’re probably familiar with the song The Twelve Days of Christmas. That’s the song where the person ends up with 12 partridges in 12 pear trees by the time all is said and done, along with some random collection of maids-a-milking, lords-a-leaping, and drummers drumming, among other things. Well, McAfee compiled its own security-themed version called The 12 Scams of Christmas.

Here is a quick rundown of the 12 scams:

  • Not-So-Merry Mobile Apps
  • Holiday Mobile SMS Scams
  • Hot Holiday Gift Scams
  • Seasonal Travel Scams
  • Dangerous E-Seasons Greetings
  • Deceptive Online Games
  • Shipping Notifications Shams
  • Bogus Gift Cards
  • Holiday SMiShing
  • Romance Scams
  • Phony E-Tailers

Most of the scams listed by McAfee are not unique to the holidays per se. There are fake shipping notifications, malicious apps, shady deals, and phishing attacks on any given day. What makes the holidays unique is that there are so many more legitimate emails, text messages, deals, and bargains, and people are so aggressively looking for holiday-related deals, so the opportunity for cyber criminals is exponentially greater.

You can visit the McAfee 12 Scams of Christmas page for more detailed description of each of the scams. All 12 are relevant threats, but the ones that seem to stand out as the biggest risk are those related to great deals on hot gift items, awesome holiday travel bargains, gift card scams, and fake or spoofed holiday charities.

During the holidays, it’s more important than ever to use security best practices, and exercise a healthy dose of common sense. As a rule, if it sounds too good to be true, it probably is. No matter how much you wish it were true, retailers like Best Buy and Walmart are not in the habit of just randomly handing out free gift cards worth hundreds of dollars for the holidays, and you aren’t going to find roundtrip airfare to Europe for $100. Of course, there are a number of legitimate bargains to be found, and that’s what complicates things this time of year.

There are three things IT admins should do to guard company networks and data against these holiday cyber scams. First, double-check your password and security policies to make sure they’re adequate. Second, make sure all platforms and applications are patched, and that your antimalware and other security software are up to date. Most attacks rely on exploiting known vulnerabilities, so this one step can help you identify and block many threats.

Finally, the most important step—make sure users are aware of the increased threat. Remind users to be suspicious by default, and practice safe shopping. Only visit credible, reputable websites, and don’t open email attachments or click on links from unknown sources.

With some common sense and basic security practices, you can avoid most threats, and enjoy the holiday season without becoming a victim of the 12 Scams of Christmas.


 

 

MCTS Certification, MCITP Certification

Best Microsoft MCSE Certification, Microsoft MCSE Training at examkingdom.com

The 5 worst mobile threats of 2012

Written by admin
November 3rd, 2012

New types of mobile malware make headlines every day, but what are the most prevalent threats out there? The team at Nominum decided to find out by analyzing Domain Name System (DNS) data of approximately half a million users from various countries.

Most malware uses the DNS to communicate and our technology processes about 30% of the worlds’ DNS traffic, so we were able to identify the top five mobile-only malware threats.

We defined greatest threat as the most widespread malware that meets a baseline level of risk to the end user — for example, malware that attempts to steal a person’s identity and/or money. What follows is a summary of the current mobile malware landscape and a short description of each malware threat, along with some thoughts on what can be done to protect end users.
But how bad is it, really?

The mobile malware threat is real with a significant number of infections in existence today that are capable of stealing mobile phone users’ identity, and this number is growing everyday. Our research shows that Android remains the top target of malware writers.

Despite that finding, our data was not extensive enough to prove just how prevalent threats were in the U.S. specifically, but recent research has shown that malicious links within text continue to be the biggest concern for mobile device users in the U.S. with 4 in 10 American users likely to click on an unsafe link.

Although Androids topped the list of mobile malware targets, there are still major regional differences in mobile malware prevalence. For instance, “Notcompatible” has a much higher infection rate in Latin America, while “SMSPACEM” and “Netisend” are much more prevalent in the Asia Pacific regions.

These regional differences may be explained by end users’ personal networks. Like a cold or virus in the real world, once someone in a community gets infected with a mobile malware, they are more likely to spread it to others in that community — instead of a sneeze, it is through SMS. As the mobile malware area is less mature than its fixed counterpart, it may take more time for mobile threats to “jump” networks; this will change soon, though, as malware threats get more sophisticated.

Mobile malware writers are leveraging many of the same social engineering techniques (e.g., spreading through end users’ contact lists) and technical capabilities (e.g., rootkits) to spread and make money they’ve used on the Fixed side for years. As the proliferation of smartphones continues and the mobile ad market matures, the incentive of higher profit possibilities will encourage malware writers to write more sophisticated malware.

With multiple mobile operating systems and a vast array of devices, device-based anti-malware software alone isn’t a scalable solution to the problem. The DNS enables a network-based approach for preventing malware that works regardless of what type of device is infected.

The DNS is primarily thought of as a functional technology to navigate the Web, as its original role was to facilitate ease of use of the Internet. DNS eliminates the need to type in long strings of numbers (IP addresses) to access content and translates the numbers into words. Due to its history, DNS has become an often-overlooked layer but it is essential to the network running. As network activity has advanced (think the proliferation of applications, mobile banking, etc.), the DNS layer has evolved into an efficient network infrastructure tool that guides high-performance transactions.

In the case of mobile malware threats, the DNS layer can be analyzed to detect and mitigate suspicious activity. Accordingly, solutions have been invented that enable mobile carriers to layer security applications upon their pre-existing DNS network. These applications can conduct a number of roles from detecting and thwarting hackers’ efforts to alerting users of potentially dangerous mobile websites.

Compared to other solutions, utilizing the DNS layer allows for a faster response time and cost-effective options — both important benefits to a mobile carrier and its subscribers. The DNS’s ability to secure networks should be a part of the modern mobile operator’s security playbook because the mobile malware problem is only going to get worse before it gets better.

Here are the top threats that we’re up against:

* NOTCOMPATIBLE — The worst of all malware created in 2012 is a drive-by Trojan which can infect Android phones via their mobile Web browsers. When a browser’s download is completed, it will ask for user permission to install as depicted below. After infection, the Android phone can work as a proxy. It is widespread and growing every day. [Also see: "For the first time, hacked websites deliver Android malware"]

* SMSPACEM — This is the second-most widespread malware for Android phones in 2012. It will change a phone’s wallpaper and send anti-Christian jokes by SMS to all the user’s contacts. Here is an example: “Looks like Jesus is a no-show, maybe Judaism was on to something Cannot talk right now, the world is about to end Just saw the four horsemen of the apocalypse and man did they have the worst case of road rage Prepare to meet thy maker, make sure to hedge your bet just in case the Muslims were right.”

* LENA — This Android-based malware is capable of taking over a user’s phone without asking permission by using an exploit such as gingerbreak or appearing as a VPN app. Once gaining root access, LENA can start to communicate with its command an control site, download additional components and update installed binaries.

* NETISEND — An information stealer on Android phones, it can retrieve information like IMEI, IMSI, model information and installed applications. After downloading, the malware will ask permission to connect to the Internet and open a backdoor with its C&C domain site.

* BASEBRIDGE — It can get an Android phone root access by exploiting netlink message validation local privilege escalation vulnerability. Once infected, Basebridge can disable installed AV software, download additional malware components and open a backdoor with its C&C site. It will steal IMSI, manufacture and model info. It can also send SMS messages, delete SMS messages from inbox and dial phone numbers.

These five mobile malware threats are just the tip of the iceberg. New types of mobile malware are designed everyday by ill-intentioned individuals, and hardware-based security is just a temporary Band-Aid to defend against sophisticated mobile threats. Staying aware of what is out there and abreast of the latest threats is the first step in protecting yourself, but a joint effort is necessary and carriers will soon need to start arming their networks with security layers for their customers’ sake too.

Nominum is the worldwide leading provider of integrated subscriber, network and security solutions for network operators. Nominum is the provider of the N2 Platform that leverages more than 1 trillion DNS queries daily and enables the rapid development and seamless integration of applications that leverage DNS data. These applications are generated by the Nominum IDEAL ecosystem, an open ecosystem of application providers. The combined value of the N2 Platform and the IDEAL ecosystem provides network operators with the ability to deliver a differentiated subscriber experience with cost efficiency and agility. Nominum is a global organization headquartered in Redwood City, Calif.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com