Category : Uncategorised
Businesses are at risk of being targeted by the latest cyber scams affecting Apple, Android, Adobe Flash, Windows 10 and email users.
In a report issued by the UK’s national fraud and internet crime reporting centre, the most recent threats are outlined along with preventative measures and solutions, as suggested by Action Fraud.
First of the outlined threats is an Apple OS X hack, attackers have been taking advantage of a new bug known as DYLD, installing malware and adware on Macs without the need for a password or administrative permissions. Currently a patch is being created to fix this and Action Fraud recommends keeping a look out for OS X updates.
Apple has also fallen victim to its first firmware worm known as Thunderstrike 2 (firmware is the control programme for a device). After being downloaded onto a computer (via phishing emails, malicious websites etc.) the worm infects accessories connected via Thunderbolt connection.
It then targets and lives in the firmware of a device and can evade a whole system reboot. To combat this, ensure all updates are enabled and avoid using untrusted Thunderbolt devices in your Mac.
The second is a vulnerability that has been detected in Android OS. It causes a device to constantly reboot itself when triggered by an app or a specially crafted website. The trigger prompts the user to play a media file (.MKV) via the media server plugin, which is then exploited causing the device to be stuck in reboot cycle.
To counteract this, the device needs to be rebooted in Safe Mode by holding the power button down and pressing the PowerOff option, until you see the pop-up box asking you to restart in Safe Mode.
A patch for this should be released soon and Google has classified this only as a low level vulnerability.
The Third scam involves fake Windows 10 upgrade emails being sent out as part of a new spam campaign which, once opened, infects victims with ransomware. The email comes from email@example.com and the attachment is named”Win10Installer.zip”.
To avoid becoming victim to the upgrade scam, Action Fraud suggests regularly backing up your files to an external hard drive that is disconnected from your computer when not in use. Avoid downloading any attachments claiming to be Windows 10 upgrades and only download the new OS from either the Microsoft website or the update icon at the bottom corner of the screen.
The fourth scam is a vulnerability reportedly affecting Adobe Flash. This had originally been patched by Adobe on the 14th July, but is now back. A group of hackers have bought ads across Yahoo’s sports, news and finance sites and they are now exploiting Adobe Flash extensively in a Yahoo “malvertising” campaign.
When a computer – in this case one running Windows, visits a Yahoo site, it downloads malware code.
From there, the malware hunts for an out-of-date version of Adobe Flash, which is then used to commandeer the computer – either holding it for ransom until the hackers are paid off, or discreetly directing its browser to websites that paid the hackers for traffic.
So far this is reported to have claimed at least 950,000 victims worldwide with an unprecedented success rate. Ensure Adobe Flash player is updated regularly and enable the “ask to activate” feature.
Lastly, a Distributed Denial of Service (DDoS) attack has been reported to the Internet Crime Complaint Centre, following an increased number of complaints from businesses reporting extortion campaigns via e-mail.
In a typical scenario, the victim business receives an e-mail threatening a (DDoS) attack to its website, unless it pays a ransom.
Action Fraud recommends refraining from opening unknown emails and reporting any emails to: www.actionfraud.police.uk.
Article courtesy of Gloucester Punchline
With ESET, you will never have to choose between security and performance.
Defend your network with antivirus, antispyware and antispam protection. Protect against the known and unknown: small update packets keep ESET up to date with the latest threats and our advanced heuristics are proven to detect unknown threats in-the-wild. With our cloud-powered scanning technology and powerful antispam solution, you needn’t sacrifice time or energy keeping your systems secure.
Monitor your networks security status and enable customised notifications to inform you of designated events or critical thresholds being reached. Prevent overloading your network connections with load-balance execution of tasks. Improved update options allow you to choose how and when you update your ESET products. Conserve company bandwidth and block access to non-work websites with our Data Access Control module. Defend against breaches with our two-way firewall, with a full learning mode to intelligently block threats without producing false positives and slowing workflow.
Keep employees effective and focused by blocking access to non-work sites on a machine by machine basis or companywide. Extend the lifespan of your hardware and keep them running smoother for longer with our very low system footprint and small update packages. Our extensive reporting functionality keeps your IT admins abreast of the latest goings on in your network, allowing them to react quickly and efficiently to any problems.
Remote Administrator included for free allows you to manage a handful or thousands of endpoints from a single system.
Reports, Logs and Notifications keep your admins in the loop.
Update Management perverse network speed and stability whilst updating and ensure a consistent level of security.
Data Access Control protects against unauthorised USD, CD’s and other hardware devices that could carry threats.
Network Speed and Stability maintain a high level of speed and stability at all times with a low system footprint and small update packages.
Employee Effectiveness block unwanted or distracting websites, as well as pop-ups during presentations.
Endpoint Protection defends against viruses, Trojans, spam and any other digital threat you might encounter.
© 1992 – 2015 ESET, spol. s r.o. – All rights reserved. Trademarks used therein are trademarks or registered trademarks of ESET, spol. s r.o.
or ESET North America. All other names and brands are registered trademarks of their respective companies.