Some smart phones are coming with some extra, hidden functions already built in. Not only will you get a high-resolution screen, multi-megapixel camera, and all the latest software…you could also have malware lurking inside the phone’s hardware. According to SC Magazine, some new phones from China can be compromised remotely by thieves. Read the whole article, but here is a key paragraph that should cause concern:
Among the spyware apps that G Data discovered being used for nefarious purposes out of the box was one pretending to be the Google Drive app but actually identified by researchers as Android.Monitor.Gsyn.B which contains no functionality other than the ability to monitor and steal a wide range of data without the user knowing. It can, they say, listen in to telephone conversations, copy contacts, ask for location data, record audio with the microphone, disable AV software and read the device browser history. All highly useful resources for a would-be data thief.
Pre-installed malware on smart phones is yet another front in the fight between cyber thieves and innocent users. Even if you do everything right (i.e., software updates) and are careful how you use your phone, it may be compromised from the outset. The only advice I have on this is to work with your mobile phone provider to ensure that any known hardware vulnerabilities are addressed so you don’t get compromised.
There is an under-reported story that the mainstream media has largely ignored. In a nutshell, the computers in the White House were attacked by the Russians which caused a shutdown for over a week. This is big news but Official Washington isn’t saying much about it because it would cast the Obama Administration in a bad light. However, this event has bigger implications than any damage sustained by an increasingly marginalized, lame-duck President.
In real life I work in the Information Technologies field. Most of my recent experience has been in the finance and defense sectors, meaning that security and information integrity are VERY important. Recently, my current employer shared some cyber security tips that I thought were worth repeating.
I’ve said it for years now the DHS agrees with me, don’t use Internet Explorer!
Image courtesy of Ironpaper
Even with the best preparation, a Trojan Horse virus can still get through your defenses.
Classic Trojan Horse
A few days ago I read this article in Wired about embedded vulnerabilities in technology appliances.
If you see this window appear on your computer, you’re going to have a bad day.
CryptoLocker is a malicious program that surreptitiously encrypts files on computers that use Microsoft Windows operating systems (ex. XP, Vista, Windows 7, and Windows 8). The software will also encrypt any shared drives connected to the infected computer including network drives, USB drives, external hard drives, and even cloud storage shares. After these files are encrypted, the a pop-up will appear and state the the victim has a certain number of days or hours to pay a ransom to unlock the files. The ransom will be payable with Bitcoin or other internet payment mechanisms. Beware though, there is no guarantee that the decryption key will be sent after the ransom is paid…
In short, this is serious stuff!
The US Computer Emergency Readiness Team (US-CERT) and Department of Homeland Security (DHS) have reported a spike in the number of CryptoLocker infections on both personal and business computers over the last week. It appears to spread through official-looking UPS and FedEx tracking number emails. Here is what they recommend to prevent and mitigate an infection:
How to prevent it:
The US-CERT recommends users and administrators take the following preventative measures to protect their computer networks from a CryptoLocker infection:
- Do not follow unsolicited web links in email messages or submit any information to webpages in links
- Use caution when opening email attachments
- Maintain up-to-date anti-virus software
- Perform regular backups of all systems to limit the impact of data and/or system loss
- Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity
- Secure open-share drives by only allowing connections from authorized users
- Keep your operating system and software up-to-date with the latest patches
- Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams
- Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks
- Follow safe practices when browsing the web. For further reading on Safe Browsing habits, see Good Security Habits and Safeguarding Your Data.
How to Mitigate it:
US-CERT suggests the following possible mitigation steps that users and administrators can implement, if you believe your computer has been infected with CryptoLocker malware:
- Immediately disconnect the infected system from wireless or wired networks. This may prevent the malware from further encrypting any more files on the network.
- Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.
- If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.
The US CERT and DHS encourage anyone who has been infected to not pay the ransom. Instead report it to the FBI at the Internet Crime Complaint Center
Be careful when you are on the internet and reading email. Cybercrime is a big problem and more attacks like this are going to happen in the future. Being prepared to handle a technological crisis is an important part of your overall plan. Take some time to click on the links in this post to learn more about how you can become more aware and informed. More than any other tool, your mind is the one you need to use the most when danger lurks.