Tag: malware

Expert reveals how you can protect your mobile device from malware 

During the first few months of 2022, mobile malware attacks increased by 500%, with one of the main reasons being because many people aren’t protecting their smartphones. 

Experts at IT support specialists CloudTech24 have revealed the best ways you can go about protecting your mobile device from malware effectively. 

  1. Use mobile anti-malware 

Your mobile phone needs anti-virus and anti-malware software too! Malware can infect smartphones and tablets easily so it’s important to have a reliable anti-malware app installed to your device. 

  1. Don’t download apps from unknown sources 

Only download mobile apps from trusted sources. Do not download outside a main app store. Trusted app stores include places like: 

  • Apple App Store 
  • Google Play 
  • The Microsoft Store 
  • Amazon Appstore 

You also should research the app developer online. Make sure they have a good reputation. Once you download a dangerous app to your phone, it can infect it with malware. That malware can remain behind even if you delete the app later. 

  1. Be wary of SMS phishing, AKA “smishing” 

Spam texts are extremely common nowadays, with the text equivalent of phishing being known as “smishing”. 

Through malicious links in text messages, hackers may ask you to message back to capture personal information, and/or try to gain access to your device. 

Beware of text messages from unknown sources and be on the lookout for texts that don’t make sense. A common text spam is getting a shipping notification when you haven’t ordered anything. 

  1. Remove old apps you don’t use 

Apps these days are often abandoned by the developer, and there are around 2.6 million apps that haven’t received an update in a year or more. Having these old apps on your phone can leave security vulnerabilities which can be exploited by hackers, so it’s important to address them. 

Look through your device for any older apps you aren’t using, and if there’s no reason to keep them around, they can leave your device at risk.  

Also, look at the time of the last update, and if it’s over a year, consider replacing it with an app that’s more current and updated more frequently.

  1. Keep your device updated 

In addition to keeping your apps updated, it’s important to keep your device updated too. Not updating to the latest version of your device’s operating system can also leave your phone with security vulnerabilities, allowing hackers to breach your data. Turn on automatic updates if possible!

Valentine’s Day: experts issue online threats and scams warning

On Valentine’s Day, words like “Valentine,” “chocolate,” and “date” are the perfect camouflage to entice potential victims into clicking on a malicious link, downloading malware, or saying “Yes” to a date with a shady online character. Cybersecurity experts at VPNOverview warn of potential Valentine’s Day scams and how to prevent them.  

Types of Valentine’s Day scams

Seasonally themed online scams are not uncommon. Black Friday, Cyber Monday, and Christmas are notorious for ramping up cyber criminals’ efforts to lure people with money to spend or romantics with a soft heart into their online traps. Valentine’s Day especially makes people more susceptible than usual.

Cyber-related Valentine scams range from:

  • Romance scams
  • Malicious malware to spoofing websites. 

Romance scams 

Valentine’s Day can be exciting, but it can also lead to heartbreak, embarrassment, and financial loss. The Guardian recently revealed Victim Support data indicating a 38% increase in romance fraud victims needing support. Criminals will search dating sites, apps, chat rooms, and other social media networking sites attempting to build relationships to get your personal information or your money.

Once the scammer has established trust with their target, they quickly unveil a “money problem.” Common scam angles – and giveaways – are a sick relative, a medical emergency, a stolen wallet, passport or visa, or a last-minute plane ticket price hike, asking the victim to cough up the money to cover replacement or the unexpected expense.

Unfortunately, most victims of romance scams or catphishing are hesitant to report being taken advantage of due to embarrassment, shame, or humiliation. Nonetheless, it is essential to report online scams to the platform you are using and file a complaint with the relevant authorities in your country of residence.

Valentine’s Day malware

In the lead-up to Valentine’s Day, cybersecurity company Kaspersky analysed malware using the names of over 20 popular dating apps. The keyword “dating” alone revealed 1,963 unique malicious files disguised as legitimate applications. Two-thirds were masked as Tinder, and one-third of the files were linked to Badoo.

“The danger these malicious files present varies from file to file, ranging from Trojans that can download other malware to ones that send expensive SMS messages to adware, making it likely that every ping a user gets is some sort of annoying ad notification rather than a message from a potential date,” Kaspersky explains.

For example, one of the applications that looks like Tinder is, in fact, a banking Trojan that attempts to gain all rights necessary to steal money from the user. Another application declares itself as “Settings” right after installation. Next, it shows a fake error message and disappears, but there is a high likelihood that it will return with unwanted ads a few days later.

How to avoid these scams

Criminals follow money and soft hearts. Fortunately, there are various steps users can take to avoid falling victim to Valentine’s Day online threats and scams:

  • When online, be as anonymous as possible. Avoid sharing personal information, shop as a guest, and use a VPN for extra privacy.
  • Do not install apps from untrusted sources, even if they seem to be actively advertised or “recommended.”
  • Get familiar with the privacy controls on dating websites or dating apps such as Tinder or Grinder.
  • Be aware of what you click on.
  • Take note of giveaways such as email spelling errors or an unfamiliar sender.
  • Type in a website’s URL into your browser window yourself instead of clicking through from a link you’ve received or a message that popped up on social media or in a text message.
  • Choose unique and strong passwords for all of your accounts.
  • Install the latest software, patches, and app updates. They are important to your digital safety and cybersecurity and help protect your data.

University team unveil data set to bolster research into ransomware detection

Newly-published paper details the creation of NapierOne

Cyber security experts at Edinburgh Napier have created a new data set which will support cutting-edge research into ransomware detection.

Ransomware – malware that encrypts files, giving the attacker scope to demand a ransom to restore access – has become a popular and potentially lucrative method of attack for cyber criminals.

However, newly-created NapierOne (www.napierone.com) is now available to help test and evaluate new detection methods, amid concerns that previous data sets used in digital forensics research have become outdated.

The new openly accessible ready-to-use data set will improve consistency by using standard formats allowing earlier studies to be replicated. As such it will improve the pace and direction of research into ransomware, and could help find robust solutions to the threats it poses.

NapierOne’s creators also believe it is generic enough to support many other fields of research that require a varied mix of common files.

Govdocs1

The most well-known publicly available data set used in malware analysis to date has been Govdocs1, now more than a decade old.

It was designed to help reproduce forensic research, but doubts have emerged about how well it reflects current usage, with some increasingly popular file types not being well represented.

And where there have been a lack of useful data sets available to researchers, they have often developed their own and have not distributed them when their work is complete.

In a new paper published in Forensic Science International: Digital Investigation, Edinburgh Napier PhD research student Simon Davies and senior computing academics Professor Bill Buchanan and Associate Professor Rich Macfarlane detail the creation of NapierOne as a complement to Govdocs1. 

Their research identified popular file formats for inclusion as they set about creating a data set containing more than 500,000 unique files distributed between 100 separate data sets and subsets.

The paper describes how specific file types were selected, how examples were sourced and how researchers are able to gain free, unlimited access to the data.

The authors see NapierOne as a starting point for an ongoing project which will grow and develop as other researchers provide additional data sets that can be incorporated into it.

Simon Davies said: “It is hoped that the adoption of the NapierOne data set into the implementation, development and testing lifecycles of new ransomware detection techniques will streamline and accelerate the development of more robust and effective detection techniques, allowing independent researchers to reproduce and validate proposed detection methods quickly.”

Portrait of Rich MacFarlane

Associate Professor Rich Macfarlane said: “Ransomware has been around for many years – encrypting and deleting users’ files and demanding a ransom from the victim. It has become increasingly common and its sophistication has increased significantly, leading to it currently being the biggest cyber security problem globally.

“This work aims to provide a research data set allowing scientific rigour in research towards fighting the ransomware problem. The data set has been created and successfully used in our ransomware detection research.

“Containing over half a million unique files representing real world file types, it is broad and diverse enough to be used in a range of cyber security and forensic research areas.

“We hope the data set will have the same global research impact as the Govdocs1 work.”

Professor Bill Buchanan said: “There are few areas of cyber security that need more of a scientific base than in digital investigations, and thus there exists a need to make sure investigators have appropriate tools that have been verified and properly evaluated. This data set provides a foundation for researchers to prove their new methods, and thus further support innovation in the area.

“The UK is becoming an international leader in the field of safe technology – which involves the development of tools to support digital investigations and threat detection – and this research showcases the development of a strong scientific base.”

Internet virus threat – act now to stay safe

vir4

Internet users have been warned that they have just two weeks to protect themselves against the GameOver Zeus and CryptoLocker viruses being used by criminal gangs to extort millions of pounds, security agencies announced on Monday.

GameOver Zeus was created by Eastern European criminal gangs to locate and capture computer files that give access to banking and financial information, while Cryptolocker encrypts all files on a target’s computer and demands the user pays a ‘ransom’ of around £300 to unlock the data.

Almost 250,000 computers worldwide have been infected with CryptoLocker since it first appeared in April and it has so far been used to extort payments of more than $27m (£16m), according to the FBI.

What can you do to protect your computer from cyber attack?

Well, protecting  your passwords is a good place to start – don’t store unencrypted passwords on your computer in case they are detected by malware viruses. If you must store passwords, use a safe and reliable password manager application like PasswordBox, LastPass 3.0 or KeePass, which back up and shares with your smartphone or tablet computer.

vir3

And Norton Internet Security has issued the following advice:

Both Gameover Zeus and Cryptolocker are malware targeting personal information for financial gain. Gameover Zeus runs software on an infected device, which is used to intercept online banking transactions, defrauding customers and banks.

Cryptolocker is a new form of ransomware which works by encrypting files on the victim hard-drive, then demanding payment for the key to decrypt.

This week the UK National Crime Agency and the FBI, working with Symantec and other partners, were able to significantly disrupt two financial malware operations: Gameover Zeus botnet and Cryptolocker ransomware network.

How to protect yourself:

  • If you receive an e-mail with an attachment – DO NOT open it unless it’s expected. Examples would be invoices for unknown purchases, bank statements (which are never e-mailed)
  • DO NOT click on website links to download files unless you have request them
  • Make sure that the signatures for your anti-virus software are updated to the latest version as this will protect against Gameover Zeus
  • Run regular full scans of your computers and backup your files

It really is worth taking the time to follow these simple steps now to avoid a lot of grief afterwards.

virus