Macs are not safe from Bears

in

Bear fancy pattern Mac users have long had an unwarranted level of confidence about their immunity to malware and hackers. Palo Alto Networks’ recently discovered some Mac malware in the wild, which I hope will make us Mac users pay more attention to security. The malware, which targets mostly the aerospace industry, appears to be from an APT group they call “Fancy Bear”.

The malware is a trojan executable designed to look and act like a PDF file. It is being used in highly targeted attacks where the apparent content of the file is something that the recipient was expecting to receive.

These kinds of attacks typically start with the nation state level APT attackers and quickly make their way down to the street level cybercriminals. Everyone on every platform needs to pay attention to their security and take proper precautions.

Security lessons from Pokemon Go - Catch them all!

in ,

IMG_0810 When anything big happens on the Internet, the criminals and snoops are not far behind. This time the event is Pokemon Go and there are all kinds of different threats developing in its wake from malware to tracking to physical danger. I you are not familiar with this game yet just look around next time you step outside, it is everywhere.

Criminals have jumped quickly on the piecemeal global rollout of the game. Players unwilling to wait for the official release in their countries have been looking for the game on unofficial app stores. A version with the Android trojan DroidJack has been seen which allows the attacker to take complete control of the victim’s phone and access any files or information. The vast majority of users should absolutely avoid any third party app stores. Only get your software from known and reputable sources and don’t do anything to bypass the phone’s security. The best practice is to stick with the app store that came with your phone.

Even the official version of the game raises some troubling privacy concerns. By design the application tracks you when you are using it, and you are strongly encouraged to be using it all the time. This is hardly the only application tracking you, but the privacy policy on the game is not great. Also, it is likely to be disproportionately tracking children. Always think about who has access to your information and how it can be used for and against you. The tracking data might be ok in the hands of the current company but if it is sold or stolen, you might be less happy with the people who have it.

Conventional muggers have also discovered the power of Pokemon Go to lure their victims. In the game players need to search out fixed locations called Poke Stops and Gyms. Criminals can add capabilities to these virtual constructs to make them even more interesting and attractive. If the location is dark and somewhat hidden it becomes the perfect location for an ambush. The divide between virtual and physical keeps getting narrower. Physical attacks are launched from cyberspace and cyber attacks can start with physical device access. We can’t just focus on the digital risks of tools and attacks, but must also consider how it could impact us in the the analog world.

Finally, this game is causing people to walk into the street, down dark alleys, and into rough neighborhoods without paying attention or taking appropriate care. Like distracted driving, this is another example of our immersion in the electronic realm causing us to neglect the basics of staying safe in the here and now.

I find it fascinating that one program, and a game at that, can have so many and varied security implications. Now, I am off to catch me some Pokemon, I think there are some down my driveway!

PRISM fears being used by scammers

in , ,

In a new attack, some websites have been set up to show visitors a slash page that says the vicim's computer has been blocked because is has been used to access illegal pornographic content. The user is then presented a link to pay an instant "fine" of $300 to the scammers.

This is a new variant of "ransomware". The most common of which is "fake AV". A fake anti-virus website or software will claim to scan your computer for free, then charge you to remove malware that it has "detected".

Details and screenshots here.

The Privacy Blog Podcast – Ep. 5: The Dark Alleys of the Internet & The High Stakes of Corporate Anonymity

in , , , , , ,

Welcome to the February edition of The Privacy Blog Podcast. In this episode, I’ll discuss a topic that caught me by surprise in the recent weeks – the dark alleys of the Internet aren’t as scary as we once thought. According to Cisco’s Annual Security Report, the most common, trusted websites we visit everyday have the highest overall incidents of web malware encounters. For example, Cisco reports that online advertisements are 182 times more likely to infect you with malware than porn sites. Secondly, I’ll be talking about corporate anonymity issues, where the stakes are often extremely high due to real dollar-losses corporations could face. A few examples I’ll hit on are: competitive pricing research, search engine only pages for spoofing search results, trademark infringement, and research and development activities.

Hope you enjoy the episode. Please leave feedback and questions in the comments section of this post.

Dark alleys of the Internet not actually the dangerous parts.

in ,

For years I have been telling people to be especially careful when they venture into the dark back alleys of the Internet. My thinking was that these more "wild west" areas would be home to most of the malware and other attacks.

Dark Reading analyzes a Cisco report which says that online shopping sites and search engines are over 20 times more likely to deliver malware than counterfeit software sites. Advertisers are 182 times more dangerous than pornography sites.

So, I guess I need to change my tune. Be careful when you are going about your daily business, and have fun in those dark alleys!