Protect your PC: Ransomware attack increases by two fold in 2017

For various PC problems, we recommend to use this tool.

This tool will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

1. Download now(100% safe download).
2. Click “Start Scan” to find Windows issues that could be causing PC problems.
3. Click “Repair All” to fix all issues (requires upgrade).

Ransomware is undoubtedly getting a lot of attention these days especially after wide spread WannaCry episode. For the uninitiated, the ransomware is a piece of code that encrypts the files on your computer and demands a ransom to give away the decryption code. Yes, we have seen a variety of Ransomware plaguing the machines and invariably organisations and enterprises figure out on the top of the list.

As per a mid-year cyber attack, trends report from security analyst company CheckPoint the percentage of ransomware has doubled in the first half of this year as opposed to 2016. Furthermore, the report finds that 23.5 percent of the organisations were affected by the RoughTed malvertising campaign while 19.7 percent of the organisations were affected by the Fireball malware during the same time frame.

The report further sheds light on how the attackers are devising new methods to exploit Microsoft Office, in fact, we recently reported on how attackers were using PowerPoint files to gain access to the machine. The attackers are also introducing new methods to offload the malware and this will not require the user to open a backdoor for the attackers. The ransomware is also being disguised such that the anti virus/malware protection suite find it difficult to detect.

RECOMMENDED: Click here to fix common PC issues and speed up your system

The report also mentions the cascading effects of “nation-state level malware” which is usually aimed for the masses and it can virtually hunt anyone instead of specified targets. Such attacks can be prevented by using the available solutions like network micro-segmentation, threat emulation and endpoint security. In fact, it is for this very reason that security solutions from company’s like BitDefender include ransomware protection.

The worst part, however, is that the Mobile malware developers are also actively developing malware. They usually use these malicious codes to control any activity on the device and also create a one-stop attack in order to fraud, steal information and also disrupt apps. The graph above represents the percentage of enterprises/organisations that were affected by the malware.

RELATED STORIES YOU NEED TO CHECK OUT:

• Windows 10 virus removal tools to vanquish malware for good
• Protect your PC from ransomware and malware with Windows Defender’s new Controlled Folder Access
• 5 best malware tracker maps to see security attacks happen in real-time

Read more »

Android Fake ID vulnerability grants malicious apps special access to Android resources

The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned.

The high-impact vulnerability has existed in Android since the release of version 2.1 in early 2010, researchers from Bluebox Security said. They dubbed the bug Fake ID, because, like a fraudulent driver's license an underage person might use to sneak into a bar, it grants malicious apps special access to Android resources that are typically off-limits. Google developers have introduced changes that limit some of the damage that malicious apps can do in Android 4.4, but the underlying bug remains unpatched, even in the Android L preview.

The Fake ID vulnerability stems from the failure of Android to verify the validity of cryptographic certificates that accompany each app installed on a device. The OS relies on the credentials when allocating special privileges that allow a handful of apps to bypass Android sandboxing. Under normal conditions, the sandbox prevents programs from accessing data belonging to other apps or to sensitive parts of the OS. Select apps, however, are permitted to break out of the sandbox. Adobe Flash in all but version 4.4, for instance, is permitted to act as a plugin for any other app installed on the phone, presumably to allow it to add animation and graphics support. Similarly, Google Wallet is permitted to access Near Field Communication hardware that processes payment information.

According to Jeff Forristal, CTO of Bluebox Security, Android fails to verify the chain of certificates used to certify an app belongs to this elite class of super privileged programs. As a result, a maliciously developed app can include an invalid certificate claiming it's Flash, Wallet, or any other app hard coded into Android. The OS, in turn, will give the rogue app the same special privileges assigned to the legitimate app without ever taking the time to detect the certificate forgery.

"All it really takes is for an end user to choose to install this fake app, and it's pretty much game over," Forristal told Ars. "The Trojan horse payload will immediately escape the sandbox and start doing whatever evil things it feels like, for instance, stealing personal data."

Other apps that receive special Android privileges include device management extensions from a company known as 3LM. Organizations use such apps to add security enhancements and other special features to large fleets of phones. An app that masqueraded as one of these programs could gain almost unfettered administrative rights on phones that were configured to work with the manager. Forristal hasn't ruled out the existence of other apps that are automatically assigned heightened privileges from Android.

Changes introduced in Android 4.4 limit some of the privileges Android grants to Flash. Still, Forristal said the failure to verify the certificate chain is present in all Android devices since 2.1. That means malicious apps can bypass sandbox restrictions by impersonating Google Wallet, 3LM managers, and any other apps Android is hardcoded to favor. A spokesman for Google issued the following statement:

We appreciate Bluebox responsibly reporting this vulnerability to us; third-party research is one of the ways Android is made stronger for users. After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to AOSP. Google Play and Verify Apps have also been enhanced to protect users from this issue. At this time, we have scanned all applications submitted to Google Play as well as those Google has reviewed from outside of Google Play, and we have seen no evidence of attempted exploitation of this vulnerability.

The statement didn't say exactly what Google did to patch the vulnerability or specify if any Android partners have yet to distribute it to end users. This article will be updated if company representatives elaborate beyond the four sentences above.

As Ars has documented previously, it's not unusual for attackers to sneak malicious apps into theofficial Google Play marketplace. If it's possible for approved apps to contain cryptocurrency miners,remote access trojans, or other hidden functions, there's no obvious reason they can't include cryptographic credentials fraudulently certifying they were spawned by 3LM, Google, Microsoft, or any other developer granted special privileges.

"With this vulnerability, malware has a way to abuse any one of these hardcoded identities that Android implicitly trusts," said Forristal, who plans to divulge additional details at next week's Black Hat security conference. "So malware can use the fake Adobe ID and become a plugin to other apps. Malware can also use the 3LM to control the entire device."

source: arstechnica

Read more »