Qfinity Security

SECURITY | INTERNET

I grouped Internet and Cybersecurity since they are closely related.

Internet issues are common these. In a world that is always connected and more tools are used as online services opposed to software that is installed on your system. Everything from browsing to email requires a functional internet connection

Cybersecurity is critical (INFOSEC) If you do not under the the role of cybersecurity today you are better of not using your computer. Most people think in terms of Viruses and Anti-virus software when this word is mentioned but that absolute and compared to the reality of essentially nothing but a cliffnote

InfoSec (Information Security) is far more important than many think and relates to more than the above. NOT UNDERSTANDING THIS WILL

Have you use the internet falling victim to scams so complex you may not even realize it is but a trap
Have you risk Identity theft
AI is so sophisticated in the wrong hands someone can create a video showing doing something criminal REGARDLESS of you doing anything, even YOU will believe you did it

Many people still believe that scams, malware and loss of income relates to the standard typing mistakes in email and using software to protect them is the order of the day, This however is no longer the case and on the right I will explain all things related to cybersecurity.

CONTACT DETAILS INTRO

While I mention on the right to consult a security expert. Which you should be careful when doing, however, since you really do no want to take any chances with any sort of Malware rather consult a an expect you can trust. Below is my contact details. I make use of Proton Mail.

Proton was born in Switzerland in 2014 when a team of scientists who met at CERN (the European Organization for Nuclear Research) decided to build a better internet where privacy is the default. It is the most secure and privacy focussed email service by far. You may be using GMAIL and well perhaps you should read WHO is using Proton and why. I will add the link to Proton below, however, since people tend use email addresses listed online chaos results, with proton, I can track who is using attempted to scam me.

MY CONTACT DETAILS

Steville Hattingh

info@qf-security.co.za

Phone

+27 66 291 3687

In case you want to verify my creditendials, you can visit either:

Master of Computing

Belgium Campus iTversity

Bachelor of Computing

SAQA

COMMON ISSUES

Generative AI

Sora is a new generative AI technology. Nothing in this video is real. Not the characters, nor the scenes. Nothing in this clip is real. It is all computer generated. Given the ease of use regarding this technology from the actual content to the camera angles, nothing about this is real. At the time of this upload it is still in beta and being tested but the first portion of this clip (the longer solo clip of the first segment can be found online). However to the easy in how the entire video segment is generated is by using the simple prompt (text input) "a stylish woman walks down a Tokyo street filled with warm, glowing, neon and animated city signage. She wears a black leather jacket, a long red dress and black boots." Then you simply wait a short while while OpenAI's Sora is generating the content. This is how simple it is.

Another example of generative AI showing a news anchor which unless you know will be assumed as a real person. This example is newer than the previous example. It shows how these are improving. Like the previous example nothing in this clip is real and this all computer generated.

The danger with Generative AI

Given the ease of use, this technology allows any person to create whatsoever they want without the need of involving anything else but access to this this tool. OpenAI, which is behind the creation of Sora is not the only company providing users with these technologies. All major companies are doing this and some already makes Sora look like something from the past. Some using these types of Generative AI have already used it to make criminals from people and most recently a man was jailed as result of some bad actor who abused this technology. So, as result legislators are not drafting new regulations in attempt to restricted those from misusing these tools for malicious intent.

While there are benefits in using this technology, there are disadvantages with consequences that many are not considering such as

This can be used to spread information that is harmful
Since it is obvious that it will have an impact in terms of jobs. After all, there would be no need to creative artists, presenters, actors and so on would not be needed
Scripting a fake invasion and far worse
When dealing with online support, this could be used in real-time to scam you in vaious ways

Deep Fake videos

This clip shows a Deep Fake video by using Obama as an example. Deep Fake content requires more time and skill to create and you need certain skills which only a few have and the intention of showing this is show how you cannot tell the difference. If someone for example want to start a nuclear war to use an extreme example, it is not hard to imagine how this can be accomplished. Again, if the clip did not mention it was fake nor showed context to support this and if I did not tell you, you would like have believed this to be true.

The example here is far more dangerous as it is not a Deep Fake but AI-generated. It is an AI generated clip using Putin and unlike the other examples above this shows how effective generative AI can be and likewise you can only imagine how this can lead to a fake nuclear threat. The body language, tonality and voice is essentially perfect but again, as good as this is, the technology used is improving on a daily basis and soon you will not know what is true and what is false. There is no need to mention how can be extremely dangerous. Even Putin himself says how well this is done.

The danger with Generative AI

This can be used to spread information that is harmful
Since it is obvious that it will have an impact in terms of jobs. After all, there would be no need to creative artists, presenters, actors and so on would not be needed
Scripting a fake invasion and far worse
When dealing with online support, this case be used in real-time to scam you in vaious ways

The importance of 2FA

The problem with passwords these days is not just how strong your password is. The problem is it does not matter if you might have malware on your computer. Say for example you have a keylogger on your system then what you type is saved within a logfile that is hidden but accessible by those who have access to the malware. Meaning whatever your password is, no matter how strong, if it is your only way to which you protect access to online services you may use such as Gmail.

When you have 2FA Authentication enabled it means that even if the bad actor have access to your access details, they will not be able to log in to your account. So what is 2FA Authentication exactly?

You may be familiar with an OTP (one time pin) which you normally have to enter when you do online banking. You may need to type in your username and password when you access your online banking but when you do a payment or even when you log in you may need to accept a code sent to your email or phone. This is the same concept 2FA authentication is based on. So for example. If you have this setting enabled then you will need to accept it on your phone before you can access the associated service

Modern Authentication Introduction

2FA-Authentication Explained
Multi-factor Authentication Explained

Introduction to two-factor authentication (2FA)

Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. This additional layer of security provides an extra layer of protection against unauthorized access, making it more difficult for attackers to compromise accounts.

How Does 2FA Work?

When a user attempts to access a resource or account, they must provide both factors to verify their identity. This makes it much more difficult for attackers to gain unauthorized access, even if they have obtained the user’s password.

Types of 2FA

SMS-based 2FA: A one-time password is sent to the user’s mobile device via SMS.
Authenticator app-based 2FA: A dedicated app generates a one-time password that is used for authentication.
Biometric-based 2FA: Uses biometric data, such as fingerprints or facial recognition, for authentication.
Token-based 2FA: A physical token generates a one-time password that is used for authentication.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is an electronic authentication method that requires a user to provide two or more verification factors to gain access to a resource, such as an application, online account, or a VPN. This adds an extra layer of security to the traditional username and password authentication process.

How does MFA work?

MFA typically involves the following steps:

Something you know: The user provides a password or PIN.
Something you have: The user provides a physical token, smart card, or a one-time password (OTP) generated by an authenticator app.
Something you are: The user provides a biometric characteristic, such as a fingerprint, facial recognition, or voice recognition.

Malware - From the Annoying to that which can ruin you

I have and will continue to stress the dangers of malware. One of the most potent threats that exist. Since the rise of widespread broadband Internet access, malicious software has more frequently been designed for profit. Since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for illicit purposes

Infected "zombie computers" can be used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion. Further, malware can be used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords

In addition to criminal money-making, malware can be used for sabotage, often for political motives. Stuxnet, for example, was designed to disrupt very specific industrial equipment. These are highly specific and security companies even now dread being questioned about it insofar as why they did not pick it up. See this malicious computer worm was in development at least since 2005 but was first uncovered in 2010. The estimated cost ranges wildly but sources estimate it cost somewhere between $100 million and $200. Reason behind this is because this project is classified still. But even now neither the USA nor Israel admit any involvement yet the purpose behind stuxnet is complex.

Different variants of Stuxnet targeted five Iranian organizations, with the probable target widely suspected to be uranium enrichment infrastructure in Iran and the gist of it was to render these equiptment useless or rather have it damage itself thus prevent enrichment of uranium and eventual Iran did retaliate using the same worm against the USA/Israel. Teh point behind this is to show the danger of malware. So we are NOT talking about something trivial

Below are some of the types of malware I will expand on in the tabs

ADWARE
TROJANS
WORMS
SPYWARE
BOTNETS
RANSOMWARE

Below you will find and exhaustive list on the six major types of malware. The list considers the threat posed by these various types from least to utter disaster. The most important details are explained and a lot of focus was spend on Ransomware. Though there is an overlap between the various types, they are still distinct. How they affect you may be similar. The difference with Ransomware however is waking up one day only to realize you cannot open anything (text, audio, video, images, etc.) and only to discover a RANSOM NOTE in each folder. At this point, there is very little you can do and I went into great detail explaining this.

Adware definition

Adware, also known as advertisement-supported software, generates revenue for its developers by automatically generating adverts on your screen, usually within a web browser. Adware is typically created for computers but can also be found on mobile devices. Some forms of adware are highly manipulative and create an open door for malicious programs.

Adware is software that displays unwanted (and sometimes irritating) pop-up adverts which can appear on your computer or mobile device. Adware typically ends up on a user’s device through one of two ways:

You might install a free computer program or app without necessarily realizing that it contains additional software that contains adware. This allows the app developer to make money but means you could download adware onto your systems without necessarily consenting.
Alternatively, there may be a vulnerability in your software or operating system which hackers exploit to insert malware, including some types of adware, into your system.

How to tell if you have an adware infection

Signs that you may be infected with unwanted adware include:

Computer adware infection signs

An unexpected change in your web browser home page
Web pages that you visit not displaying correctly
Being overwhelmed with pop-up ads — sometimes even if not browsing the internet
Slow device performance
Device crashing
Reduced internet speeds
Redirected internet searches
Random appearance of a new toolbar or browser add-on

Mobile adware infection signs

Your phone is slow
Apps take longer to load
Your battery drains quickly
Your phone has apps you don’t remember downloading
There is unexplained data usage and higher than expected phone bills
There are numerous ad pop-ups

I mention Adware first because they pose less of threat opposed to other types of malware and most of the time the above mentioned is not what leads to data loss or data theft. However, slowing you system down over and extented period of time may harm your CPU which is the brain of your computer and can be costly to replace so best is to get this looked as soon as you notice the above symptoms.

What is a Trojan Horse Virus?

When the horse's belly opened at night it was too late. The Greeks had finally succeeded in capturing the long besieged city of Troy, bringing the Trojan War to an end. Thousands of years later, the myth of the Trojan horse still lives on, albeit today in an unflattering connotation.

For what once stood for a brilliant trick and a masterful feat of engineering is nowadays regarded as a malicious digital pest whose sole aim is to wreak havoc on its victims' computers unnoticed. It does this by reading passwords, recording keyboard strokes or opening the door for further malware that can even take the entire computer hostage. These actions can include:

Deleting data
Blocking data

Modifying data
Copying data

Disrupting the performance of computers or computer networks

Unlike computer viruses and worms, Trojans are not able to self-replicate.

TYPES OF TROJAN

Backdoor Trojans

They are one of the simplest but potentially most dangerous types of Trojan. This is because they can either load all sorts of malware onto your system in their role as a gateway, or at least ensure that your computer is vulnerable to attack. A backdoor is often used to set up botnets. Without your knowledge, your computer becomes part of a zombie network that is used for attacks. Furthermore, backdoors can allow code and commands to be executed on your device or monitor your web traffic.

Exploit

Exploits are programs that contain data or code that take advantage of a vulnerability within an application on your computer.

Rootkit

Rootkits are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected, in order to extend the period in which the programs can run on an infected computer.

Banking Trojans

Banking Trojans are among the most widespread Trojans. Given the increasing acceptance of online banking, as well as the carelessness of some users, this is no wonder – they are a promising method for attackers to get their hands on money quickly. Their goal is to obtain the access credentials to bank accounts. To do this they use phishing techniques, for example by sending the alleged victims to a manipulated page where they are supposed to enter their access credentials. Accordingly, when using online banking you should ensure that you use secure methods for verification, such as only the app of the respective bank, and never enter your access data on a web interface.

DDoS Trojans

Banking Trojans

Distributed denial-of-service (DDoS) attacks continue to haunt the web. In these attacks, a server or network is torpedoed with requests, usually by a botnet. In mid-June 2020, for example, Amazon fended off a record attack on its servers. For over three days, Amazon's web services were targeted with a data throughput of 2.3 terabytes per second. There must be an enormous botnet to achieve that kind of computing power. Botnets consist of zombie computers, so to speak. On the face of it they are running normally, but they are also functioning silently as attackers. The reason for this is a Trojan with a backdoor component that slumbers unnoticed on the computer and, if necessary, is activated by its operator. If a botnet attack or a DDoS attack is successful, websites or even entire networks are no longer accessible.

Fake antivirus Trojans

Fake antivirus Trojans are particularly insidious. Instead of protecting, they get every device into serious trouble. With alleged virus findings, they want to cause panic among unsuspecting users and persuade them to purchase effective protection by paying a fee. But instead of a helpful virus scanner, the user only gets more problems, as their payment data is conveyed to the Trojan originator for further misuse. So if you suddenly get a virus warning in your browser when visiting a website, you should ignore this and only trust your system virus scanner.

Trojan-IM (Instant Messaging)

Trojan-IM programs steal your login data and passwords for instant messaging programs such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager, Skype, etc. One could argue that these messengers are barely in use nowadays. However, even new messenger services are not immune to Trojans. Facebook Messenger, WhatsApp, Telegram or Signal could also become targets of Trojans. As recently as December 2020, a Windows Trojan was commandeered via a Telegram channel. Instant messaging should also be protected against dangerous phishing attacks.

Trojan-Ransom

This type of Trojan can modify data on your computer so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data after you have paid them the ransom money that they demand.

SMS Trojans

They may seem like a relic from another century, yet they are still active and pose a significant threat. SMS Trojans such as the Android malware Faketoken can work in different ways. Faketoken, for example, sends mass SMS messages to expensive international numbers and disguises itself in the system as a standard SMS app. The smartphone owner has to pay the costs for this. Other SMS Trojans establish connections to expensive premium SMS services.

Trojan-Spy

Trojan-Spy programs can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screenshots or getting a list of running applications.

CYBERCRIMINALS WANT TO CAUSE MAXIMUM DAMAGE WITH TROJANS

If surveillance software is used by the state to track and punish criminal offenses, cybercriminals have exactly the opposite in mind. In the latter case, it is all about personal enrichment at the expense of their victims. In doing so, the criminals use different programs, sometimes even entire malware chains. How do they do it? One example may be a backdoor installed unnoticed on the computer via an infected email attachment.

BE CAREFUK WHEN BROWSING THE INTERNET

The Trojans mentioned here are the best-known types. What they all have in common is that they can only get onto the end device with the help of the user. However, if you surf the web carefully, do not open email attachments without thinking, and only obtain programs from secure sources, you should be able to avoid these threats.

For this reason it recommended to use the proper protection software. Each person have different devices and different ways in how they use the internet as such consult an expert to to make sure you have the proper protectiion that is suited for your needs.

Introduction to Computer Worms

Worms spread on computer networks via network resources. Unlike Net-Worms, a user must launch a Worm in order for it to be activated. This kind of worm searches remote computer networks and copies itself to directories that are read/write accessible (if it finds any).

Furthermore, these worms either use built-in operating system functions to search for accessible network directories and/or they randomly search for computers on the Internet, connect to them, and attempt to gain full access to the disks of these computers.

The main characteristic used to determine whether or not a program is classified as a separate behaviour within the Viruses and Worms subclass is how the program propagates (i.e. how the malicious program spreads copies of itself via local or network resources.) Most known worms are spread as files sent as email attachments, via a link to a web or FTP resource, via a link sent in an ICQ or IRC message, via P2P file sharing networks etc.

Viruses and worms

Most known worms are spread as files sent as email attachments, via a link to a web or FTP resource, via a link sent in an ICQ or IRC message, via P2P file sharing networks etc. Some worms spread as network packets; these directly penetrate the computer memory, and the worm code is then activated. Worms use the following techniques to penetrate remote computers and launch copies of themselves: social engineering (for example, an email message suggesting the user opens an attached file), exploiting network configuration errors (such as copying to a fully accessible disk), and exploiting loopholes in operating system and application security.

How do computer worms work?

Computer worms often rely on vulnerabilities in networking protocols, such as File Transfer Protocol, to propagate.

After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive:

to remain active on an infected system for as long as possible and spread to as many other vulnerable systems as possible.

For example, the WannaCry ransomware worm exploited a vulnerability in the first version of the Windows Server Message Block (SMBv1) resource sharing protocol. Once active on a newly infected computer, the WannaCry malware initiates a network search for new potential victims: systems that respond to SMBv1 requests made by the worm. The worm then continues to propagate within a network through these clients. Malicious attackers can disguise a worm as a nonthreatening resource -- such as a work file or link, which a user clicks on or downloads -- that's only later revealed as a worm. Worms can contain malicious attachments, or payloads, that can delete files or let bad actors remotely control users' computers.

WHAT TYPE OF COMPUTER WORMS EXIST

There are several types of malicious computer worms:

Email worms

Email worms work by creating and sending outbound messages to all the addresses in a user's contact list. The messages include a malicious executable file that infects the new system when the recipient opens it.

Successful email worms usually employ social engineering and phishing techniques to encourage users to open the attached file.

File-sharing worms

File-sharing worms copy themselves into shared folders and spread through peer-to-peer file-sharing networks. Worm authors often disguise these malicious programs as media files.

Stuxnet, one of the most notorious computer worms to date, consists of two components: a worm to propagate malware through USB devices infected with the host file, and malware that targets supervisory control and data acquisition systems.

File-sharing worms often target industrial environments, including power utilities, water supply services and sewage plants.

Cryptoworms

Cryptoworms work by encrypting data on the victim's system.

Perpetrators can use this type of worm in ransomware attacks, where they follow up with the victim and demand payment in exchange for a key to decrypt the files.

Internet worms

Some computer worms specifically target popular websites with poor security.

If they can infect the site, they can infect a computer accessing the site. From there, internet worms spread to other devices that the infected computer connects to through the internet and private network connections.

Instant messaging worms

Like email worms, instant messaging worms are masked by attachments or links, which the worm continues to spread to the infected user's contact list. The only difference is that instead of arriving in an email, it comes as an instant message on a chat service.

If the worm hasn't had time to replicate itself onto the computer, the user can change their password on the chat service account to prevent its spread.

COMPUTER WORM EXAMPLES

Worms have existed since the beginning of the internet. Several notable cases spread so far that they caused major network and business disruptions.

The Morris worm

The Morris worm was released in 1988 and is widely considered the first computer worm. However, it is better characterized as the first worm to propagate widely on the then-nascent internet.

The Morris worm was the work of Robert Tappan Morris Jr., a Cornell graduate student who was reportedly attempting to enumerate all the systems connected to the internet precursor network, ARPANET.

Targeting vulnerabilities in several different Unix programs, the Morris worm was capable of infecting a system more than once, making it difficult to eradicate before it produced a denial-of-service condition on the infected host. The worm affected as many as 10% of the 60,000 systems believed to be connected to ARPANET.

Stuxnet

Stuxnet, first identified in 2010, spreads through file-sharing services.

Security researchers determined that U.S. and Israeli intelligence agencies created the worm to interfere with Iranian nuclear weapons production.

Stuxnet was introduced via USB drives and took advantage of flaws in the Windows operating system to spread, ultimately causing nuclear centrifuges to malfunction.

I mentioned Stuxnet in the main introduction. Combine that with this. To understand how a 'computer code' can lead to an existential crisis. It sounds like something from some sci-fi movie but in reality it is not. In fact you might have this specific malware on your system as we speak but since your computer in this only acts to distribute the malware it goes undetected. I mention it is classified but you can find loads of information on the Internet regarding Stuxnet

The ILOVEYOU worm

One of the most damaging computer worms ever was the ILOVEYOU worm. It was launched in 2000 and propagated malware through email attachments that appeared to be text files, scripts run in instant messaging chat sessions and executables renamed with the names of common system files.

LOVEYOU primarily spread when targeted victims opened an email attachment, and the malware re-sent itself to all the victim's contacts in Microsoft Outlook.

The malware reportedly affected as many as 45 million users after it was released on May 4, 2000, spreading so rapidly that some enterprises, including Ford Motor Company, were forced to shut down their email services temporarily. The worm caused billions of dollars in damages.

WannaCry

WannaCry ransomware uses a worm to infect Windows computers and encrypt files on PC hard drives. It began spreading in May 2017 and affected hundreds of thousands of computers in up to 150 countries worldwide. Targets included large corporations such as FedEx, banks and hospitals.

Once the worm locked a PC's files, hackers contacted the owner demanding payment for a key to decrypt the files. However, even after payment, only a few victims were given the key.

Security researchers connected the hack to the Lazarus Group, a nation-state group affiliated with North Korea. While WannaCry caused a significant financial loss for targeted victims, security researcher Marcus Hutchins halted its spread after discovering a kill switch that prevented it from propagating further.

THE BOTTOM-LINE

I use these examples for a reason. Malware is NOT to be confused with a computer virus. Standard protection WILL NOT be sufficient

How to detect a computer worm

Signs that indicate a worm might be present include the following symptoms:

computer performance issues over time, or limited computing bandwidth with no apparent explanation;
the system freezing or crashing unexpectedly;
unusual system behavior, including programs that execute or terminate without user interaction;

unusual sounds, images or messages;
the sudden appearance of unfamiliar files or icons, or the unexpected disappearance of files or icons;
warning messages from the operating system or antivirus software; and
email messages sent to contacts that the user didn't send.

How to prevent computer worm infections

Good cybersecurity hygiene is essential to protect systems from computer worms. The following measures can help prevent the threat of computer worm infections:

Install operating system updates and software patches.
Use firewalls to protect systems from malicious software.
Use antivirus software to prevent malicious software from running.

Never click on attachments or links in emails or other messaging applications that might expose systems to malicious software.
Use encryption to protect sensitive data stored on computers, servers and mobile devices.

CONSULT AN EXPERT

As with all threats of this variety I WILL INSIST that the user consult an expert, this is beyond the scope of most normal IT support and also remember they are not liable for anything that happens resulting from a malware-based attack.

For this reason it recommended to use the proper protection software. Each person have different devices and different ways in how they use the internet as such consult an expert to to make sure you have the proper protectiion that is suited for your needs.

Spyware Definition

Spyware is malicious software that enters a user’s computer, gathers data from the device and user, and sends it to third parties without their consent. A commonly accepted spyware definition is a strand of malware designed to access and damage a device without the user’s consent.

Spyware collects personal and sensitive information that it sends to advertisers, data collection firms, or malicious actors for a profit. Attackers use it to track, steal, and sell user data, such as internet usage, credit card, and bank account details, or steal user credentials to spoof their identities.

Spyware is one of the most commonly used cyberattack methods that can be difficult for users and businesses to identify and can do serious harm to networks. It also leaves businesses vulnerable to data breaches and data misuse, often affects device and network performance, and slows down user activity.

HOW SPYWARE TARGETS DEVICES

Most spyware targets Windows computers and laptops, but attackers are increasingly targeting other forms of devices.

Apple device spyware:

Malware targeting Apple devices, particularly its Mac computers, has increased rapidly in the last few years.

Mac spyware is similar in behavior to those targeting Windows operating systems but are typically password-stealing or backdoor types of spyware.

They frequently see the attacker attempt attacks such as keylogging, password phishing, remote code execution, and screen captures.

Mobile spyware:

Spyware targeting mobile devices steals data such as call logs, browser history, contact lists, photos, and short message service (SMS) messages.

Certain types will log user keystrokes, record using the device’s microphone, take photos, and track location using Global Positioning System (GPS) trackers.

Others take control of devices through commands sent from SMS messages, data transfers, and remote servers. Hackers can also use mobile spyware to breach an organization through mobile device vulnerabilities, which may not be detected by the security team.

How Spyware Attacks Your System

Attackers carefully disguise spyware to infiltrate and infect devices without being discovered. They do this by obscuring the malicious files within regular downloads and websites, which encourages users to open them, often without realizing it.

The malware will sit alongside trusted programs and websites through code vulnerabilities or in custom-made fraudulent applications and websites.

One common method for delivering spyware is bundleware. This is a bundle of software packages that attaches itself to other programs that a user downloaded or installed. As a result, it will install without the user knowing about it.

Problems caused by spyware

The effects of spyware are wide-ranging. Some could go unseen, with users not knowing they have been affected for months or even years. Others might just cause an inconvenience that users may not realize is the result of being hacked. Some forms of spyware are capable of causing reputational and financial damage.

Common problems that spyware can result in include:

Data theft: One of the most common problems caused by spyware is data theft. Spyware is used to steal users’ personal data, which can then be sold to third-party organizations, malicious actors, or hacking groups.
Identity fraud: If spyware harvests enough data, then it can be used for identity fraud. This sees the attacker amass data like browsing history, login credentials for email accounts, online banking, social networks, and other websites to spoof or imitate the user’s identity.
Device damage: Some spyware will be poorly designed, which ends up having a negative effect on the computer it attaches itself to. This can end up draining system performance and eating up huge amounts of internet bandwidth, memory, and processing power. Even worse, spyware can cause operating systems to crash, disable internet security software, and make computers overheat, which can cause permanent damage to the computer.
Browsing disruption: Some spyware can take control of the user’s search engine to serve up harmful, fraudulent, or unwanted websites. They can also change homepages and alter computer settings, as well as repeatedly push pop-up ads.

Common problems that spyware can result in include:

Flaws in operating systems: Attackers can exploit flaws in mobile operating systems that are typically opened up by holes in updates.
Malicious applications: These typically lurk within legitimate applications that users download from websites rather than app stores.
Unsecured free Wi-Fi networks: Wi-Fi networks in public places like airports and cafes are often free and simple to sign in to, which makes them a serious security risk. Attackers can use these networks to spy on what connected users are doing.

How do I get spyware?

Spyware can increasingly affect any device, from computers and laptops to mobile phones and tablets. Devices that run Windows operating systems are typically the most susceptible to an attack, but cyber criminals are increasingly devising methods that afflict Apple and mobile devices.

Some of the most prominent causes of spyware infiltrating a device or system include:

Misleading marketing: Spyware authors will often disguise their malicious software as a legitimate tool, such as a hard disk cleaner, download manager, or new web browser.
Phishing or spoofing: Phishing occurs when an attacker encourages a recipient to click on a malicious link or attachment in an email, then steals their credentials. They often use spoofed websites that appear to be a legitimate site that steal users’ passwords and personal information.
Security vulnerabilities: Attackers often target code and hardware vulnerabilities to gain unauthorized access to devices and systems and plant their spyware.
Software bundles: Bundleware sees users unknowingly install spyware within a bundle of software they believe to be legitimate.
Trojans: A Trojan is a type of malware that pretends to be another piece of software. Cyber criminals use Trojans as a method for delivering malware strains, such as spyware, cryptojackers, and viruses, onto devices.

How to Tell if You Have Spyware

Despite spyware being designed to go undetected, there are several telltale signs that could be indicators of a device being infiltrated. These include:

Negative hardware performance, such as:
Negative hardware performance, such as:

Note that these symptoms are also indicative of the presence of other malware, not just spyware, so it is important to dig deeper into issues and scan devices to discover the root of the problem.

THE BOTTOM-LINE

AVOID free software claiming to be removal tools. Often these developers only use this tactic to get malware on your system. As with all other recommendations, consult a security expert

How Botnet Works?

Botnets are built to grow, automate, and speed up a hacker’s ability to carry out larger attacks.

One person or even a small team of hackers can only carry out so many actions on their local devices. But, at little cost and a bit of time invested, they can acquire tons of additional machines to leverage for more efficient operations.

Zombie computers, or bots, refer to each malware-infected user device that’s been taken over for use in the botnet. These devices operate mindlessly under commands designed by the bot herder.

Basic stages of building a botnet can be simplified into a few steps:

Prep and Expose — hacker exploits a vulnerability to expose users to malware.
Infect — user devices are infected with malware that can take control of their device.
Activate — hackers mobilize infected devices to carry out attacks.

Stage 1 exposure starts with hackers finding a vulnerability...

...in a website, application, or human behavior. The goal is to set the user up for being unknowingly exposed to a malware infection. You’ll commonly see hackers exploit security issues in software or websites or deliver the malware through emails and other online messages.

In stage 2, the user gets infected with the botnet malware...

...upon taking an action that compromises their device. Many of these methods either involve users being persuaded via social engineering to download a special Trojan virus. Other attackers may be more aggressive by using a drive-by download upon visiting an infected site. Regardless of the delivery method, cybercriminals ultimately breach the security of several users’ computers.

Once the hacker is ready, stage 3 initiates by taking control of each computer.

The attacker organizes all of the infected machines into a network of “bots” that they can remotely manage. Often, the cybercriminal will seek to infect and control thousands, tens of thousands, or even millions of computers. The cybercriminal can then act as the boss of a large “zombie network” — i.e. a fully assembled and active botnet.

You’re probably still are asking, “what does a botnet do?” Once infected, a zombie computer allows access to admin-level operations, such as:

Reading and writing system data
Gathering the user’s personal data
Sending files and other data
Monitoring the user’s activities
Searching for vulnerabilities in other devices
Installing and running any applications

What is Botnet Controllable?

Candidates for botnet recruitment can be any device that can access an internet connection.

Many devices we use today have some form of computer within them — even ones you might not consider. Nearly any computer-based internet device is vulnerable to a botnet meaning the threat is growing constantly. To protect yourself, take note of some common devices that are hijacked into botnets:

Traditional computers like desktops and laptops that run on Windows OS or macOS have long been popular targets for botnet construction.

Mobile devices have become another target as more people continue to use them. Smartphones and tablets have notably been included in botnet attacks of the past.

Internet infrastructure hardware used to enable, and support internet connections may also be co-opted into botnets. Network routers and web servers are known to be targets.

Internet of Things (IoT) devices include any connected devices that share data between each other via the internet. Alongside computers and mobile devices, examples might include:

Smart home devices (thermometers, security cameras, televisions, speakers, etc.)
In-vehicle infotainment (IVI)
Wearable devices (smartwatches, fitness trackers, etc.)

Collectively, all these devices can be corrupted to create massive botnets. The technology market has become oversaturated with low-cost, low-security devices, leaving you particularly vulnerable as a user. Without anti-virus malware, bot herders can infect your devices unnoticed.

How Do Hackers Control a Botnet?

Issuing commands is a vital part of controlling a botnet. However, anonymity is just as important to the attacker. As such, botnets are operated via remote programming.

Command-and-control (C&C) is the server source of all botnet instruction and leadership. This is the bot herder's main server, and each of the zombie computers gets commands from it.

Each botnet can be led by commands either directly or indirectly in the following models:

Centralized client-server models
Decentralized peer-to-peer (P2P) models

Centralized models are driven by one bot herder server. A variation on this model may insert additional servers tasked as sub-herders, or “proxies.” However, all commands trickle down from the bot herder in both centralized and proxy-based hierarchies. Either structure leaves the bot herder open to being discovered, which makes these dated methods less than ideal.

Decentralized models embed the instruction responsibilities across all the zombie computers. As long as the bot herder can contact any one of the zombie computers, they can spread the commands to the others. The peer-to-peer structure further obscures the identity of the bot herder party. With clear advantages over older centralized models, P2P is more common today.

What Are Botnets Used For?

Botnet creators always have something to gain, whether for money or personal satisfaction.

Financial theft — by extorting or directly stealing money
Information theft — for access to sensitive or confidential accounts
Sabotage of services — by taking services and websites offline, etc.
Cryptocurrency scams — using users’ processing power to mine for cryptocurrency
Selling access to other criminals — to permit further scams on unsuspecting users

Most of the motives for building a botnet are similar to those of other cybercrimes. In many cases, these attackers either want to steal something valuable or cause trouble for others.

In some cases, cybercriminals will establish and sell access to a large network of zombie machines. The buyers are usually other cybercriminals that pay either on a rental basis or as an outright sale. For example, spammers may rent or buy a network to operate a large-scale spam campaign.

Despite the many potential benefits for a hacker, some people create botnets just because they can. Regardless of motive, botnets end up being used for all types of attacks both on the botnet-controlled users and other people.

Types of Botnet Attacks

While botnets can be an attack in themselves, they are an ideal tool to execute secondary scams and cybercrimes on a massive scale. Common botnet schemes include some of the following:

Distributed Denial-of-Service (DDoS) is an attack based on overloading a server with web traffic to crash it. Zombie computers are tasked with swarming websites and other online services, resulting in them being taken down for some time.

Phishingschemes imitate trusted people and organizations for tricking them out of their valuable information. Typically, this involves a large-scale spam campaign meant to steal user account information like banking logins or email credentials.

Brute force attacks run programs designed to breach web accounts by force. Dictionary attacks and credential stuffing are used to exploit weak user passwords and access their data.

Ransomware - The monster you want to avoid

You get the bad, the ugly and then you get Ransomware. Whereas with many of the other malware types, ransomware is exactly as the name implies. Bad actors have one thing and one thing only in mind. INSURING YOUR PAY. Normally on most security sites (such as those creating AV software) will not admit that UNLESS they have a decryptor, there is nothing they can do to help you.

To many of these Ransomware groups it is about their reputation. Some DO NOT negotiate the price, you either pay up or suffer the consequences as mentioned below.

Below is a video which give you both the basics of what Ransomware is about and also shows you how the best of the best are not able to help these people other than to attempt to lower the asking price.

In this video, you’re about to witness a real ransomware negotiation with one of the most ruthless and prolific black hat hacker groups in the world - ALPHV aka BlackCat.

With the help of Ryan Montgomery (0day), one of the world leading ethical hackers, this show you what I mean in terms of the dangers regarding ransomware. The only way 0day was able to get the data back was via negotiating the price for the decryption kit. If you watch this you will realize how extremely dangerous this is and you will be sweating bullets for about 55 minutes.

IF you watch the video you will come accross a part (~20m into the video) where this BlackCat group knows who Ryan is listen to their reply when he wants to lower the price. Of course the voice-over is for dramatic effect since this is text based and some people are hearing impaired. Regardless it is based on an actual event. This is NOT a mock/skid/parody.

ALPHV aka BlackCat is infamous. They have comprised systems of companies that make millions a day with some of the best protect but it only requires ONE weakness, ONE vulnerability and they are in. They WILL POST your private and confidential data online if you do not pay. Imagine if you have clients, since they depend on you for safety regarding their private data and this will also be posted.

If will give more information below, but there is a reason I am linking THIS YouTube video. It is to put YOU in a situation like this to understand why this malware is so extremely dangerous. I frequently deal with clients who have been compromized and MANY of the times they need to either let it be (meaning let them share whatever they will share) and the client will then start from scratch or you simply cannot get hold of the ransomware group involved. DO NOT MISTAKE THIS FOR SOMETHING TRIVIAL.

Below is yet another video from Trilogy Media which is similar to the above but it expands on how authorities are involved, what the 'dark web' is, how they post your information and how it looks like. It goes into extended detail. If you are still not sure why RANSOMWARE is so extremely dangerous, after watching this you will.

From eerie uncharted territories to digital ghosts lurking in the shadows, every click brought us closer to digital danger. If you thought our last journey was intense, you haven't seen anything yet.

What is ransomware?

Ransomware is a type of malware (malicious software) used by cybercriminals. If a computer or network has been infected with ransomware, the ransomware blocksaccess to the system or encrypts its data. Cybercriminals demand ransom money from their victims in exchange for releasing the data.

In order to protect against ransomware infection, a watchful eye and security software are recommended. Victims of malware attacks have three options after an infection: they can either pay the ransom, try to remove the malware, or restart the device.

Attack vectors frequently used by extortion Trojans include the Remote Desktop Protocol, phishing emails, and software vulnerabilities. A ransomware attack can therefore target both individuals and companies.

Ransomware can be deployed in several ways. According to the 2020 Malware Report, 83% of security professionals consider phishing emails to be the most dangerous attack vector.

In fact, according to the Verizon Data Breach Investigations Report, 94% of malware deliveries are completed through a phishing email of some type. Other potential entry points are email attachments, users visiting malicious or compromised websites, and exploit kits.

Identifying ransomware – a basic distinction must be made

In particular, two types of ransomware are very popular:

Locker ransomware

This type of malware blocks basic computer functions. For example, you may be denied access to the desktop, while the mouse and keyboard are partially disabled. This allows you to continue to interact with the window containing the ransom demand in order to make the payment. Apart from that, the computer is inoperable. But there is good news: Locker malware doesn't usually target critical files; it generally just wants to lock you out. Complete destruction of your data is therefore unlikely.

Crypto ransomware

The aim of crypto ransomware is to encrypt your important data, such as documents, pictures and videos, but not to interfere with basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom demand: "If you don't pay the ransom by the deadline, all your files will be deleted." and due to the number of users who are unaware of the need for backups in the cloud or on external physical storage devices, crypto ransomware can have a devastating impact. Consequently, many victims pay the ransom simply to get their files back.

Well-known examples that will help you identify the dangers posed by ransomware:

Locky

Locky is ransomware that was first used for an attack in 2016 by a group of organized hackers. Locky encrypted more than 160 file types and was spread by means of fake emails with infected attachments. Users fell for the email trick and installed the ransomware on their computers. This method of spreading is called phishing, and is a form of what is known as social engineering. Locky ransomware targets file types that are often used by designers, developers, engineers and testers.

WannaCry

WannaCry was a ransomware attack that spread to over 150 countries in 2017. It was designed to exploit a security vulnerability in Windows that was created by the NSA and leaked by the Shadow Brokers hacker group. WannaCry affected 230,000 computers worldwide. The attack hit one-third of all NHS hospitals in the UK, causing estimated damages of 92 million pounds. Users were locked out and a ransom payable in Bitcoin was demanded. The attack exposed the issue of outdated systems, because the hacker exploited an operating system vulnerability for which a patch had long existed at the time of the attack. The worldwide financial damage caused by WannaCry was approximately US$4 billion.

Bad Rabbit

Bad Rabbit was a ransomware attack from 2017 that spread via so-called drive-by attacks. Insecure websites were used to carry out the attacks. In a drive-by ransomware attack, a user visits a real website, unaware that it has been compromised by hackers. For most drive-by attacks, all that is required is for a user to call up a page that has been compromised in this way. In this case, however, running an installer that contained disguised malware led to the infection. This is called a malware dropper. Bad Rabbit asked the user to run a fake Adobe Flash installation, thereby infecting the computer with malware.

Ryuk

Ryuk is an encryption Trojan that spread in August 2018 and disabled the recovery function of Windows operating systems. This made it impossible to restore the encrypted data without an external backup. Ryuk also encrypted network hard disks. The impact was huge, and many of the US organizations that were targeted paid the ransom sums demanded. The total damage is estimated at over $640,000.

Shade/Troldesh

The Shade or Troldesh ransomware attack took place in 2015 and spread via spam emails containing infected links or file attachments. Interestingly, the Troldesh attackers communicated directly with their victims via email. Victims with whom they had built up a "good relationship" received discounts. However, this kind of behavior is an exception rather than the rule.

Jigsaw

Jigsaw is a ransomware attack that began in 2016. The attack got its name from an image it displayed of the well-known puppet from the Saw movie franchise. With each additional hour the ransom remained unpaid, Jigsaw ransomware deleted more files. The use of the horror movie image caused additional stress among users.

CryptoLocker

CryptoLocker is ransomware that was first spotted in 2007 and spread via infected email attachments. The ransomware searched for important data on infected computers and encrypted it. An estimated 500,000 computers were affected. Law enforcement agencies and security companies eventually managed to seize control of a worldwide network of hijacked home computers that were used to spread CryptoLocker. This allowed the agencies and companies to intercept the data being sent over the network without the criminals noticing. Ultimately, this resulted in an online portal being set up where victims could obtain a key to unlock their data. This allowed their data to be released without the need to pay a ransom to the criminals.

Petya

Petya (not to be confused with ExPetr) is a ransomware attack that occurred in 2016 and was resurrected as GoldenEye in 2017. Instead of encrypting certain files, this malicious ransomware encrypted the victim's entire hard disk. This was done by encrypting the Master File Table (MFT), which made it impossible to access files on the hard disk. Petya ransomware spread to corporate HR departments via a fake application that contained an infected Dropbox link.

Another variant of Petya is Petya 2.0, which differs in some key aspects. In terms of how the attack is carried out, however, both are equally fatal for the device.

GoldenEye

The resurrection of Petya as GoldenEye resulted in a worldwide ransomware infection in 2017. GoldenEye, known as WannaCry's "deadly sibling," hit more than 2,000 targets – including prominent oil producers in Russia and several banks. In an alarming turn of events, GoldenEye forced the personnel of the Chernobyl nuclear power plant to manually check the radiation level there, after they were locked out of their Windows computers.

GandCrab

GandCrab is unsavory ransomware that threatened to disclose the porn habits of its victims. It claimed that it had hacked the victim's webcam and demanded a ransom. If the ransom wasn't paid, embarrassing footage of the victim would be published online. After its first appearance in 2018, GandCrab ransomware continued to develop in various versions. As part of the "No More Ransom" initiative, security providers and police agencies developed a ransomware decryption tool to help victims recover their sensitive data from GandCrab.

Ransomware attacks

As already mentioned, ransomware finds its targets in all walks of life. Usually, the ransom demanded is between $100 and $200. However, some corporate attacks demand much more – especially if the attacker knows that the data being blocked represents a significant financial loss for the company being attacked. Cybercriminals can therefore make huge sums of money using these methods. In the two examples below, the cyberattack victim is, or was, more significant than the type of ransomware used.

Conclusion

Ransomware attacks have many different appearances and come in all shapes and sizes. The attack vector is an important factor for the types of ransomware used. In order to estimate the size and extent of the attack, it is necessary to always consider what is at stake or what data could be deleted or published. Regardless of the type of ransomware, backing up data in advance and proper employment of security software can significantly reduce the intensity of an attack.

Case Studies

WordPress ransomware

WordPress ransomware, as the name suggests, targets WordPress website files. The victim is extorted for ransom money, as is typical of ransomware. The more in-demand the WordPress site, the more likely it is to be attacked by cybercriminals using ransomware.

The Wolverine case

Wolverine Solutions Group (a healthcare supplier) was the victim of a ransomware attack in September 2018. The malware encrypted a large number of the company's files, making it impossible for many employees to open them. Fortunately, forensics experts were able to decrypt and restore the data on October 3. However, a lot of patient data was compromised in the attack. Names, addresses, medical data and other personal information could have fallen into the hands of cybercriminals.

Protection against ransomware – how to prevent an infection

Never click on unsafe links: Avoid clicking on links in spam messages or on unknown websites. If you click on malicious links, an automatic download could be started, which could lead to your computer being infected.
Avoid disclosing personal information: If you receive a call, text message, or email from an untrusted source requesting personal information, do not reply. Cybercriminals who are planning a ransomware attack might try to collect personal information in advance, which is then used to tailor phishing messages specifically to you. If in any doubt as to whether the message is legitimate, contact the sender directly.
Do not open suspicious email attachments: Ransomware can also find its way to your device through email attachments. Avoid opening any dubious-looking attachments. To make sure the email is trustworthy, pay close attention to the sender and check that the address is correct. Never open attachments that prompt you to run macros to view them. If the attachment is infected, opening it will run a malicious macro that gives malware control of your computer.
Never use unknown USB sticks: Never connect USB sticks or other storage media to your computer if you do not know where they came from. Cybercriminals may have infected the storage medium and placed it in a public place to entice somebody into using it.
Keep your programs and operating system up to date: Regularly updating programs and operating systems helps to protect you from malware. When performing updates, make sure you benefit from the latest security patches. This makes it harder for cybercriminals to exploit vulnerabilities in your programs.
Use only known download sources: To minimize the risk of downloading ransomware, never download software or media files from unknown sites. Rely on verified and trustworthy sites for downloads. Websites of this kind can be recognized by the trust seals. Make sure that the browser address bar of the page you are visiting uses "https" instead of "http". A shield or lock symbol in the address bar can also indicate that the page is secure. Also exercise caution when downloading anything to your mobile device. You can trust the Google Play Store or the Apple App Store, depending on your device.
Use VPN services on public Wi-Fi networks: Conscientious use of public Wi-Fi networks is a sensible protective measure against ransomware. When using a public Wi-Fi network, your computer is more vulnerable to attacks. To stay protected, avoid using public Wi-Fi for sensitive transactions or use a secure VPN service.

Remember these are just some measures you need to take on an ongoing basis. These are not optional either. Whether you are at work in a corporate environment or if you are using your own personal devices. I need information on what you should expect from your employer or any of the above contact me.

Anti-ransomware software – what are the benefits?

In addition to these infection-prevention measures, it is also essential to use appropriate software to protect against ransomware. For example, using virus scanners and content filters on your mail servers is a smart way to prevent ransomware. These programs reduce the risk of spam with malicious attachments or infected links reaching your mailbox.

There are many solutions but you need to consult a security expert to get what is proper for you. This is not something you simply choose based on reviews or because it is working for someone you know. Also, once upon a time Norton was a WELL-KNOWN brand, but that completely changed but people might choose it because they are known. NO, this is something you have to consider seriously. For example, ever heard of Gaurd.io? Likely not but it is ONE OF THE best solutions out there.

Email validation Tools

As mentioned on this page, email is often used by scammers and hackers to gain access to your data. Below are a list of online tools to allow you to check if an email is valid or not. The tools below will will grow and change according to technicques used by scammers and hackers. The intent is to give you some basic information that can be of immediate benefit but also what security experts need especially if you are dealing with remote support.