This month is National Cyber Security Awareness Month. Each week within October will take on adifferent theme, with this week's being 'Mobile'. So, with that in mind, we thought we'd prepare some tips to help keep your smartphone safe.
Top 5 threat protection best practices
Trend Micro predicts that there may be as many as a million Android malware threats by the end of the 2014. What's going on here? Make no mistake about it, there are REAL ANDROID MALWARE PROBLEMS. (Credit: Juniper Networks) Part of it is that Android is being targeted because it's extremely popular. The research company Canalys found that Android is running on 59.5 percent of all smart mobile devices that were shipped in the first quarter of 2013.
YES, YOUR SMARTPHONE CAMERA CAN BE USED TO SPY ON YOU...
Yes, smartphone cameras can be used to spy on you - if you're not careful. A researcher claims to have written an Android app that takes photos and videos using a smartphone camera, even while the screen is turned off - a pretty handy tool for a spy or a creepy stalker.
Free Security Scans - Find threats your antivirus missed
Malware is complex, seemingly everywhere and is often difficult to stop. It knows how to find your data,even on your mobile device and Mac. You can't ignore your the safety of your devices any longer: you need to recognize and stop these threats before they do MORE harm.
MALWARE ATTACKS ON ANDROID DEVICES SEE 600% INCREASE IN 2013 / 2014
Malware targeting the Android platform is exploding, with a 600 percent increase in just the past 12 months. That statistic is among the findings of a new study--Mobile Security Threat Report--unveiled last week at the Mobile World Congress in Barcelona, Spain.
There are 2 primary methods to hack passwords: Brute Force and Password Guessing. Of the 2, believe it or not, it is easier to guess someone’s password than to try every combination of letters, numbers and symbols. In a brute force attack, password attempts would progress from: a, b, c; to aa, ab, ac; to aaa, aab, aac; and so on.
The core question is not, “Can my password be hacked?”, but rather “How long would it take?”. That’s where password entropy comes into play for our (the user’s) benefit. Loosely defined, entropy is disorder. Since a brute force attack is a very orderly attack, the more disorder you have in your password = better.
Numbers Game With 5 lower case characters, an online attack would get your password right in an average of 1 hour, 21 minutes. However, by introducing say a capital letter, a number, and a special character, that time rises to around 1.5 months.
With 7 lower case characters, a brute force attack would consume ~3.2 months, but if you introduce those other random characters, it rockets up to an average of 11 centuries! Taking it even further, at 8 characters the online crack time goes to 1,000 centuries which is effectively long enough to be considered near impossible under current computing capabilities.
That said, if the hacker is able to do an offline, or massive cracking array scenario, the password can again be deduced in a matter of hours. As such, even though the typical minimum / safe password length is 8 characters, what you use as your password matters even more.
Simplicity Opens the Door Every attempt to get your password will begin with guessing. According to a released “hack file” of 5 million passwords, we know what the most common passwords are, so hackers will start there.
As we bring more and more smart devices into our homes, we potentially open ourselves up to a variety of new risks with devices opening back doors into networks or falling prey to botnets.
German antivirus company Avira is launching a new approach to home security which needs no new infrastructure on the domestic network and no configuration done by the user.
SafeThings sits within the home router and works with cloud-based machine learning. Avira licenses the product to router manufacturers and internet service providers, enabling them to protect networks from misuse and to deliver value-added IoT security services directly to end users.
"At Avira, we have been at the forefront of Artificial Intelligence innovation for a decade, being the first vendor within the security industry to identify how to apply AI to our field and to do it," says Travis Witteveen, CEO of Avira. "We have a wealth of experience in protecting both the privacy of end-users and the security of their traditional devices. Today we stand alone in the cyber security industry with the introduction of Avira SafeThings, an innovative router app and behavioral threat intelligence platform that secures all IoT devices in the home. We've designed SafeThings to effectively solve the IoT vulnerabilities without being too invasive, expensive, or complicated for the end user -- and we've done this in a way that provides additional benefits for the internet service providers and router manufacturers."
SafeThings is made up of a number of modules, Protection Cloud builds category and individual device profiles to create device management and rule definitions and automatically protect the device functionality. By analyzing metadata on gateway traffic, no invasive deep packet inspections are needed.
The Sentinel module is a software agent positioned at the gateway to each smart home, embedded in the firmware on the router, Sentinel fingerprints IoT devices and collects packet header metadata for AI analysis. After communicating with Protection Cloud, Sentinel enforces protection and communication rules.
A web-based user interface shows users in real time what each IoT device in their network is doing and enables them to see and modify firewall policies and device rules. There's also a Data Forefront API service that lets service providers and OEMs access and control SafeThings functionality, for example to drill down into specific details and control rules and actions to be taken in case of a compromised device.
It also allows for custom plugins to let SafeThings clients offer their end users additional security apps via a branded secure app store. These integrated services such as VPN or parental controls would operate at router level with management in the cloud.
"We see SafeThings as a 'B2B2C' product, providing consumers with the security and privacy protection they need while delivering it to them via the internet service providers and router manufacturers. As an embedded software solution, SafeThings is imminently flexible according to each client’s technical and marketing needs,” adds Witteveen.
Sometimes the best thing to say about a wireless router in your house is that once it's set it, you forget it exists. As long as the devices that need the Wi-Fi connection can get on and function, that's all that matters, right?
Maybe, but we also live in the age of leaks, wiki and otherwise. If you're worried about the security of your home and by extension your personal data—especially from hackers who could casually sit in a car outside and get access to your systems—then you need to put a padlock on that wireless. You may also want to prevent others from using your network, and freeloaders alike.
So what do you do? Follow these tips and you'll be well ahead of most home Wi-Fi users. Nothing will make you 1,000 percent safe against a truly dedicated hack. Crafty social engineering schemes are tough to beat. But don't make it easy on them; protect yourself with these steps.
Time-Tested Wi-Fi (and All Around) Security
Change Your Router Admin Username and PasswordEvery router comes with a generic username and password—if they come with a password at all. You need it the first time you access the router. After that, change them both. Immediately. The generic usernames are a matter of public record for just about every router in existence; not changing them makes it incredibly easy for someone who gets physical access to your router to mess with the settings.
If you forget the new username/password, you should probably stick to pencil and paper, but you can reset a router to its factory settings to get in with the original admin generic info.
Change the Network NameThe service set identifier (SSID) is the name that's broadcast from your Wi-Fi to the outside world so people can find the network. While you probably want to make the SSID public, using the generic network name/SSID generally gives it away. For example, routers from Linksys usually say "Linksys" in the name; some list the maker and model number ("NetgearR6700"). That makes it easier for others to ID your router type. Give your network a more personalized moniker.
It's annoying, but rotating the SSID(s) on the network means that even if someone had previous access—like a noisy neighbor—you can boot them off with regular changes. It's usually a moot point if you have encryption in place, but just because you're paranoid doesn't mean they're not out to use your bandwidth. (Just remember, if you change the SSID and don't broadcast the SSID, it's on you to remember the new name all the time and reconnect ALL your devices—computers, phones, tablets, game consoles, talking robots, cameras, smart home devices, etc.
Activate EncryptionThis is the ultimate Wi-Fi no-brainer; no router in the last 10 years has come without encryption. It's the single most important thing you must do to lock down your wireless network. Navigate to your router's settings (here's how) and look for security options. Each router brand will likely differ; if you're stumped, head to your router maker's support site.
Once there, turn on WPA2 Personal (it may show as WPA2-PSK); if that's not an option use WPA Personal (but if you can't get WPA2, be smart: go get a modern router). Set the encryption type to AES (avoid TKIP if that's an option). You'll need to enter a password, also known as a network key, for the encrypted Wi-Fi.
This is NOT the same password you used for the router—this is what you enter on every single device when you connect via Wi-Fi. So make it a long nonsense word or phrase no one can guess, yet something easy enough to type into every weird device you've got that uses wireless. Using a mix of upper- and lowercase letters, numbers, and special characters to make it truly strong, but you have to balance that with ease and memorability.
Double Up on Firewalls The router has a firewall built in that should protect your internal network against outside attacks. Activate it if it's not automatic. It might say SPI (stateful packet inspection) or NAT (network address translation), but either way, turn it on as an extra layer of protection.
For full-bore protection—like making sure your own software doesn't send stuff out over the network or Internet without your permission—install a firewall software on your PC as well. Our top choice: Check Point ZoneAlarm PRO Firewall 2017; there a free version and a $40 pro version, which has extras like phishing and antivirus protection. At the very least, turn on the firewall that comes with Windows 8 and 10.
Turn Off Guest NetworksIt's nice and convenient to provide guests with a network that doesn't have an encryption password, but what if you can't trust them? Or the neighbors? Or the people parked out front? If they're close enough to be on your Wi-Fi, they should be close enough to you that you'd give them the password. (Remember—you can always change your Wi-Fi encryption password later.)
Use a VPN
A virtual private network (VPN) connection makes a tunnel between your device and the Internet through a third-party server—it can help mask your identity or make it look like you're in another country, preventing snoops from seeing your Internet traffic. Some even block ads. A VPN is a smart bet for all Internet users, even if you're not on Wi-Fi. As some say, you need a VPN or you're screwed. Check our list of the Best VPN services.
Update Router FirmwareJust like with your operating system and browsers and other software, people find security holes in routers all the time to exploit. When the router manufacturers know about these exploits, they plug the holes by issuing new software for the router, called firmware. Go into your router settings every month or so and do a quick check to see if you need an update, then run their upgrade. New firmware may also come with new features for the router, so it's a win-win.
If you're feeling particularly techie—and have the right kind of router that supports it—you can upgrade to custom third-party firmware like Tomato, DD-WRT or OpenWrt. These programs completely erase the manufacturer's firmware on the router but can provide a slew of new features or even better speedscompared to the original firmware. Don't take this step unless you're feeling pretty secure in your networking knowledge.
Turn Off WPSWi-Fi Protected Setup, or WPS, is the function by which devices can be easily paired with the router even when encryption is turned because you push a button on the router and the device in question. Voila, they're talking. It's not that hard to crack, and means anyone with quick physical access to your router can instantly pair their equipment with it. Unless your router is locked away tight, this is a potential opening to the network you may not have considered.
'Debunked' Options
Many security recommendations floating around the Web don't pass muster with experts. That's because people with the right equipment—such wireless analyzer software like Kismet or mega-tools like the Pwnie Express Pwn Pro—aren't going to let the following tips stop them. I include them for completion's sake because, while they can be a pain in the ass to implement or follow up with, a truly paranoid person who doesn't yet think the NSA is after them may want to consider their options. So, while these are far from foolproof, they can't hurt if you're worried.
Don't Broadcast the Network Name
This makes it harder, but not impossible, for friends and family to get on the Wi-Fi; that means it makes it a lot harder for non-friends to get online. In the router settings for the SSID, check for a "visibility status" or "enable SSID broadcast" and turn it off. In the future, when someone wants to get on the Wi-Fi, you'll have to tell them the SSID to type in—so make that network name something simple enough to remember and type. (Anyone with a wireless sniffer, however, can pick the SSID out of the air in very little time. The SSID is not so much as invisible as it is camouflaged.)
Disable DHCPThe Dynamic Host Control Configuration Protocol (DHCP) server in your router is what IP addresses are assigned to each device on the network. For example, if the router has an IP of 192.168.0.1, your router may have a DCHP range of 192.168.0.100 to 192.168.0.125—that's 26 possible IP addresses it would allow on the network. You can limit the range so (in theory) the DHCP wouldn't allow more than a certain number of devices—but with everything from appliances to watches using Wi-Fi, that's hard to justify.
For security, you could also just disable DHCP entirely. That means you have to go into each device—even the appliances and watches—and assign it an IP address that fits with your router. (And all this on top of just signing into the encrypted Wi-Fi as it is.) If that sounds daunting, it can be for the layman. Again, keep in mind, anyone one with the right Wi-Fi hacking tools and a good guess on your router's IP address range can probably get on the network even if you do disable the DHCP server.
Filter on MAC Addresses
Every single device that connects to a network has a media access control (MAC) address that serves as a unique ID. Some with multiple network options—say 2.4GHz Wi-Fi, and 5GHz Wi-Fi, and Ethernet—will have a MAC address for each type. You can go into your router settings and physically type in the MAC address of only the devices you want to allow on the network. You can also find the "Access Control" section of your router to see a list of devices already connected, then select only those you want to allow or block. If you see items without a name, check its listed MAC addresses against your known products—MAC addresses are typically printed right on the device. Anything that doesn't match up may be an interloper. Or it might just be something you forgot about—there is a lot of Wi-Fi out there.
Turn Down the Broadcast Power
Got a fantastic Wi-Fi signal that reaches outdoors, to areas you don't even roam? That's giving the neighbors and passers-by easy access. You can, with most routers, turn down the Transmit Power Control a bit, say to 75 percent, to make it harder. Naturally, all the interlopers need is a better antenna on their side to get by this, but why make it easy on them? via pcmag
Google’s Play Store has become home to some of the over a thousand malicious apps, known as ‘SonicSpy’, which have been deployed since February.
Of the large number of spyware apps, believed to have come out of Iraq, at least three versions of the malware have appeared in the Play Store in the last six months, according to mobile security company Lookout.
The malicious app most recently found on the Play Store was called Soniac – which was marketed as a customised version of cloud-based instant messaging service Telegram. However, it contained capabilities to silently record audio, takes photos, make outbound calls, send text messages to specific numbers, and retrieve information such as call logs, contacts and information about wi-fi access points. The app has since been removed by Google.
Two other samples of SonicSpy on the Play Store were called Hulk Messenger and Troy Chat – though both are no longer live. It is not clear, however, if Google stepped in and removed the apps, or if they were removed by the people behind the spyware to avoid detection.
Despite the Play Store being seemingly clear of SonicSpy, Lookout warns that we are unlikely to have seen the back of the family of malicious apps.
“The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future,” said Michael Flossman, security research services tech lead at Lookout.
Not so long ago, there was one and only way to protect the precious data riding around in your laptop: Connect an external drive (or, if you were really fancy, a network drive), then perform a complete system backup.
But is that really necessary anymore? It's time to inject some modern thinking into the old notions of PC backups. Here's what you should know:
It's all about the data
Think about what you're really trying to preserve in a backup. It's the data, right? Family photos, financial records, school papers, work documents -- stuff like that.
OK, but what about software? What about the operating system? A full-system backup lets you preserve these items in addition to your data, the idea being to let you restore everything in one fell swoop should disaster strike.
But, remember: What you really care about is the data.
Not all software needs to be backed up...
In the old days, when you bought software on CDs or even floppy disks, a full-system backup was logical, if only to avoid having to manually reinstall all those programs. Thanks to slow-loading media and comparatively slow PCs, that could be a long, torturous process.
But think about the software you use today. Some of it is probably web-based, meaning there's nothing to reinstall -- you just sign back into your, say, Google Docs account. As for local apps like CCleaner, Evernote, iTunes, Steam (and Steam games) and your antivirus software, you can quickly and easily re-download and reinstall them. (Even certain data is easily replaceable, like the PDF instruction manual you downloaded for your printer. Why bother backing that up?)
So make a little inventory list of the software you're using and see if there's anything that actually needs to be backed up. There might be exceptions, like commercial programs that give you only a one-time download option (video editor CyberLink PowerDirector comes to mind). Those downloads, if you have any, should definitely get backed up along with your other data.
...and neither does Windows (sort of)
Assuming you're running Windows 10 ($139.95 at Amazon.com), it's definitely a good idea to make a one-time backup of the OS in case you need it later. You can do this by running Microsoft's media-creation tool, which will put a copy of the OS onto a flash drive (5GB or larger).
Ah, but will you need it later? If you're having software-related issues with your PC (malwareinfestation, everyday Windows wonkiness), you can use Windows' Recovery tool to get a factory-fresh reset -- no external media required. But if you have to, say, replace a defunct hard drive, now you'll want that flash drive so you can reinstall Windows.
The dirty little secret of full-system backups
OK, but if that's the case, doesn't a full-system backup make more sense so you can do a full-system restoration? I'll argue no, for these reasons:
Full-system backups take time, even if you're just making incremental ones.
Full-system backups require large-capacity external drives, which cost money. You also need backup software. There are freeware options, but do you really want to trust your entire hard drive to a free program?
A full-system restore doesn't afford the benefits of a fresh Windows install; instead, you end up with all the same stray Registry keys and fragmented files that were dragging down the system before.
Full-system restores are notoriously inconsistent. In my experience, they just flat-out don't work sometimes. Contrast that with a fresh install of Windows, reinstalling your software and then restoring your data: Not much can go wrong with that.
Solution: Back up just your data
We've come full circle. These days, a full-system backup is of questionable value. That's because the only thing that really matters is your data -- and think about where that data lives.
On your hard drive, yes, but also in the cloud? All you need is a service like Amazon Drive, iCloud Drive, Google Drive or Microsoft OneDrive -- anything that automatically syncs your files to online storage.
Meanwhile, are there even photos on your PC anymore? If you're like many users, you take pictures with your phone, and that phone copies everything to the cloud. Likewise, are you still using your PC to manage a music collection? If you subscribe to the likes of Apple Music or Spotify, there's nothing you need to back up; all your songs and playlists live on those services.
Obviously there are exceptions, like if you have a large video library. Those files consume a lot of space, meaning cloud backup may not be practical. But I suspect many users just want to preserve office documents, tax records and the like, in which case a small amount of cloud storage easily gets the job done.
The big caveat
Many cloud services suffer from one considerable flaw: They won't protect you against ransomware and other forms of malware. The problem is that files corrupted on your PC will quickly get corrupted in the cloud as well, as part of the automated syncing process.
You can overcome that problem by keeping malware off your PC in the first place. But many security experts note that the best way to protect yourself is to make regular local backups of your data. (Just your data, mind you.) And here's the key: Make sure your backup includes older versions of your files. Because as with online backups, it's all too easy for infected files to overwrite clean ones, leaving your backup in the same condition as your hard drive.
Some backup services (including Carbonite, Dropbox and Google Drive) support versioning as well, though Google's implementation allows you to access only one file at a time -- just about useless if you have hundreds or even thousands of files to restore. And OneDrive keeps older versions only of Office files.
What are your thoughts on modern-day PC backups? Do you think archiving data alone is enough? Share your thoughts in the comments!
But new analysis of malware used in the more recent attack suggests it may be more sophisticated and dangerous than previously believed.
Researchers who examined the malicious code say it's a modular toolkit composed of multiple components that have the ability to launch automated assaults against industrial control systems managing the electric grid.
The toolkit doesn't exploit software vulnerabilities to do its dirty tricks—the way most malware does—but instead relies on exploiting four communication protocols or standards that are used with industrial control systems in Europe, the Middle East, and Asia, according to the researchers. This means the attackers could use the same toolkit to target systems in these regions, and may already have done so.
"There's a ton of functionality in this that was never used in Ukraine," says Robert M. Lee, co-founder of Dragos, a critical infrastructure security company that examined the code. "This suggests it was being prepared for use at multiple sites."
With a little tweaking, Lee says the same toolkit would also work against parts of the grid in the US.
The malicious toolkit, which is being called Industroyer by the Slovakian antivirus firm ESET and CrashOverride by Lee and his firm, includes two backdoors, which the attackers use to gain persistence on systems (the second one is designed to regain access if the first backdoor is detected or disabled); a wiper component for erasing critical system files to render grid operator stations inoperable; and a port scanner to map infected networks during the reconnaissance stage.
Researchers with ESET say Industroyer/CrashOverride is the biggest threat to industrial control systems since Stuxnet, the worm that damaged centrifuges used in Iran's nuclear program back in 2009. But Lee downplays this, saying although the toolkit is a big deal, it's designed to disrupt equipment and service, not destroy equipment the way Stuxnet did.
There have only been four malware attacks found in the wild that target industrial control systems: Stuxnet, Black Energy2, Havex and now Industroyer/CrashOverride. BlackEnergy and Havex were designed for espionage; but only Stuxnet and Industroyer/CrashOverride were designed solely for sabotage.
The distinction is important because determining the intent of malware is often difficult to do but has important implications for how an intrusion might be viewed under the international laws of war where espionage is not considered a use of force but sabotage is.
"Anyone who finds this [on their system] can assume the intention is attack," says Lee. "There is no function in this malware that you could use for espionage. So there is zero reason to position this anywhere where you weren't going to attack."
Lee says the malware itself isn't very sophisticated—it has a lot of the same functionality found in other malware attacks. What makes it sophisticated is the extensive knowledge the authors have about industrial control system protocols.
"With this [logic bomb] function, you could be looking at a day or two of outages fairly easily."
The heart of the malware are the four ICS-specific modules that operate in conjunction with one another to exploit four protocols known as IEC 101, IEC 104, IEC 61850, and OLE for Process Control Data Access (OPC DA).
"What's sophisticated is knowing what protocols to use and in what order," Lee says. "These protocols provide an ability to map out the industrial equipment inside the environment and send commands to [substations] to impact circuit breakers."
The malware has to be custom-built for each target using a configuration that is specific to that site, so an attacker couldn't turn it into a worm to attack just any system it encounters. But Lee says this doesn't mean attackers couldn't target multiple sites simultaneously. The toolkit has logic bomb functionality, which means attackers could infect multiple systems to launch a simultaneous attack against them.
"A smart adversary could take on portions of a grid and substations, similar to what we saw in 2015, for a couple hours," he says. "But with this [logic bomb] function, you could be looking at a day or two of outages fairly easily. I don't think you could go above that—this wouldn't cause cascading failures."
Even so, "you're obviously talking about a complete psychological impact on your human populace that you would not want," he notes.
The 2016 attack on Ukraine's power grid, which struck December 17 at a substation outside the capital city Kiev, was believed to be a test for refining attacks on critical infrastructure around the world.
Once the attackers installed their backdoor, they stole system and administrator account credentials, which allowed them to move through the network undetected. They sat on the network conducting reconnaissance for months, scanning network traffic and studying the daily behavior of administrators so they could mimic their activity.
The malicious toolkit that was used in the attack contained a December 17, 2016 timestamp that activated the protocol components to launch their attack. Lee says the toolkit had the ability to launch a continuous assault on the circuit breakers so that each time operators would try to regain control in order to re-close the breakers, the malware would open them again.
"As operators tried to take control, it goes into an infinite loop," Lee says.
At this point the wiper module would also get activated and delete system files on operator machine to crash them and prevent them from rebooting. The only way operators could then restore power was to physically switch to manual operation mode at the substation.
The attack in 2015 was tied specifically to the model of equipment used at each of the three distribution plants; the attackers had to study the specific equipment those used at the plants and design their attack to target them. But there's no equipment component to this newer attack.
"It is directly applicable to every site in Europe, most of the Middle East and most of Asia," he says. The US uses a different communication protocol known as DNP3 (Distributed Network Protocol 3), but this doesn't make it immune to the same kind of assault.
"The way this framework is built, it would be very easy to [switch] in a DNP3 module […] and you'd be able to replay this against portions of the US grid," he says.
Lee says detecting an attack using the Industroyer/CrashOverrride framework would not be too difficult to do. Because the four modules using the communication protocols operate in a very distinct pattern, administrators could configure their security tools to watch for this.
Many people assume that their router will keep them safe from hackers. It couldn't be further from the truth. There are a few things that routers offer, but they aren't enough.
Port blocking isn't enough because hackers can get in through other ports.
Unless you have an enterprise level router, the hardware is too weak to do much. 90% of people just have the router their ISP provides. It just doesn't have enough horsepower to do any meaningful analysis of traffic or any intelligent threat detection.
Routers have static security measures that are outdated the moment they leave the factory. Hackers are constantly updating their tactics. This is why CUJO has security features that are intelligent and adapt to new threats. CUJO is constantly learning and updating every second.
To use an analogy, your typical router protects you as much as having a nice white picket fence around your house. Don't have a false sense of security, get a guard dog like CUJO :)
“Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche.
Description
Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct other malicious activity, such as launching denial-of-service (DoS) attacks or distributing malware variants to other victims’ computers.
In addition, Avalanche infrastructure was used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise.
Avalanche used fast-flux DNS, a technique to hide the criminal servers, behind a constantly changing network of compromised systems acting as proxies.
The following malware families were hosted on the infrastructure:
Avalanche was also used as a fast flux botnet which provides communication infrastructure for other botnets, including the following:
TeslaCrypt
Nymaim
Corebot
GetTiny
Matsnu
Rovnix
Urlzone
QakBot (aka Qbot, PinkSlip Bot)
Impact
A system infected with Avalanche-associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware had the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may have allowed criminals unauthorized remote access to the infected computer. Infected systems could have been used to conduct distributed denial-of-service (DDoS) attacks.
Solution
Users are advised to take the following actions to remediate malware infections associated with Avalanche:
Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though parts of Avalanche are designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of an Avalanche malware, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
Avoid clicking links in email – Attackers have become very skilled at making phishing emails look legitimate. Users should ensure the link is legitimate by typing the link into a new browser (see Avoiding Social Engineering and Phishing Attacks for more information).
Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool. A non-exhaustive list of examples is provided below. The U.S. Government does not endorse or support any particular product or vendor.
3:11 PM
Google’s Play Store has become home to some of the over a thousand malicious apps, known as ‘SonicSpy’, which have been deployed since February.
