Security


Banking Malware Be Aware

Found a very good article from Bank Info Security, about the latest Malware attempting to break into your bank accounts.

The ZLoader malware uses webinjects to steal credentials, passwords and cookies stores in web browsers, and other sensitive information from customers of banks and financial institutions, according to Proofpoint. The malware then lets hackers connect to the infected system through a virtual network computing client, so they can make fraudulent transactions from the users device.

ZLoader Banking Malware Resurfaces

Click here to view original web page at www.bankinfosecurity.com

This kind of nasty backdoors into your banking interfaces is something you should be aware of. As the article outlines this latest campaign uses a Phishing aspect to lure victims. Just don’t click on these things, and for the love of God, do not download Word Documents or PDF documents.

The more insidious part of this is that they are using the COVID-19 Pandemic Relief to leverage more angles to get you to load the malware. If you receive requests for help, do not take them at face value.

In Canada these can be easily hidden in emails claiming to help with:

  • CERB and how to get it
  • Small Business Loans for COVID-19 affected small businesses
  • Black Lives Matter fund raisers, and calls to action

Stay vigilant, and stay secure.


Clean Your Computer

If washing your hands is important, cleaning your computer is also important.

Specifically clean your keyboard (and mouse). Why? Dear God, would you use a knife and fork every day for a year? No? Well your keyboard is just like that, but you handle it MORE! At work? Do people “borrow” your workstation? Holy COW, clean that keyboard weekly!

Best to carry wipes with you if you are going to use communal keyboards and computers. I realize in these days, that might be expensive, hopefully that kind of hoarding will stop soon.

Pandemic and Viruses

Your computer has been exposed to the Digital Pandemic for years, make sure it is secure, and digitally clean as well! Get Anti-Virus software and do backups or you will end up in a Ransomware situation that will leave you unclean!

Don’t get sick from a dirty keyboard!


Importance of Security

My simple site, Canadian Personal Finance, continues to be under attack, daily.

This time, it is our friends in the People’s Republic of China, who seem very interested in Canadian Personal Finance. Luckily I am running Wordfence as the security on my site, but I am also not naive to think that my site is impregnable. Many sites have been hacked in the past while, so I will continue to stay vigilant.

Panama seems quite interested in my site as well?

Some could argue that it might be another external actor, simply mascarading as our Chinese friends, either way, keep your sites safe.

I was told that if you use Cloudflare or similar services you can more easily withstand Denial of Service (DOS) attacks as well.

Remember some other important things to remember especially if you are running wordpress:


Who is Selling Your Personal Info ?

A very good question these day. I continue to have all my information stolen at various data breeches, including Desjardins, Equifax and recently Capital One. To keep myself safe I follow a simple set of rules to at least impede the had folk out there:

  1. Change Passwords often
  2. Run Antivirus and Malware protection programs
  3. Stay away from nasty web sites, that may simply be Phishing front ends

The other way your data ends up out there is by companies selling your data to other companies (for profit and fun). Every time you give out your email address or fill in your “customer profile” you are giving someone a chance to profit from that information. Everyone is selling you, how can you slow this down?

Our friend Preet Banerjee put out a set of useful tweets to figure out who is selling you data:

  1. Gmail ignores anything after a ‘+’ sign in an email address. If your email address is example@gmail.com, sending email to example+test@gmail.com still goes to example@gmail.com
  2. So if you are required to give an email address, and company XYZ asks for it, give them example+xyz@gmail.com.
  3. If you ever get spam addressed to example+xyz@gmail.com, you know it was XYZ company that gave up / sold your info.
  4. This works because you still get email addressed to example+xyz@gmail.com to your example@gmail.com.
  5. You can create an unlimited number of email addresses using this technique. So you can replace “+xyz” with “+anycompanynameyouwant” in that email address you provide them.

Actual Personal Data Tweet

I believe I owe Preet a scotch for this one. Remember he is available as an excellent public speaker too!


More on Ransomware 1

How does Ransomware Work?

As the name implies, ransomware works like a kidnapper, unfortunately it is your data being held captive. It is the worst kind of Malware out there.

Once your computer(s) is infected, the attack can do a few things. Your files are encrypted or converted into a different language for which only the hacker has the decryption key. Often, you won’ t even know you’ve been infected until you try to open a file, which is quite distressing.

Another, more damaging version is what happened with the recent attacks, the ransomware locks the user out of their entire system, and holds their data and system captive.

During the attack, computer screens showed a message demanding $600 in bitcoin in exchange for the decryption key that would unlock the user’s data.

wannacry ransomeware
A Wannacry ransomeware screen

Victims had three days to pay before the fee was doubled.  The hospitals ended up paying about $20,000. The hackers set up a help line to answer questions about paying the ransom (how kind of them).

This attack relies on something called the Wanna Decryptor, also known as WannaCry or WCRY.

These kinds of attacks are really hard to catch, because hackers are always improving, updating and changing them. The Wanna Decryptor being used is evolving.

How Could This Happen?

Plenty of ways. Hackers can get ransomware (malware) on your system if you download an infected piece of software or a PDF. The nasty folk can also use a phishing email to direct you to an infected website.

In the hospital case, hackers sent a zip file attachment in an email. When victims clicked on it, their computers were infected, but the attack didn’t stop there. The ransomware spread through the hospitals’ and businesses’ computer networks.

“Once you get a foothold in the system, other users will start to run those pieces of software,” explained Clifford Neuman , who directs the University of Southern California’s Center for Computer Systems Security.

How to Stop This?

First, back up your hard drive. You should be keeping frequent backups anyway, in case your computer dies or your disk implodes. If your computer gets hacked, you’ ll be able to retrieve your data without paying any ransom.

If you run a business, back up every computer in your office and have a plan for what to do if your system goes down for a while. Be smart about setting up your network (or hire someone who is smart to design it for you), so that most users don’ t have complete access to the system. It would also be a good idea to have an off-site place where you can store backups, in case of fires and such.

These ideas make it harder for a ransomware attack to infect all of your data. Make sure your users understand about the common kinds of attacks. Education could save your bacon in this case.

Avi Rubin, a Johns Hopkins professor who studies computer hacking, has one other piece of advice: If you or your business get attacked, don’t pay.

“You’re funding the bad guys and giving more incentive, ” he said. You also don’t know whether your files will really be restored.

Here is Avi’s Ted Talk about how vulnerable your systems are:


What is Ransomware and How Did I Get it ?

Given the latest ransomware storms on the web, it might be good to make sure we all understand the term and how it works. So what is ransomware and how did I get it?

Wikpedia’s definition of ransomware is:

Ransomware is a type of malicious software that blocks access to data or threatens to publish it until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse.

How does ransomware get on my computer?

Ransomware can appear on your computer via phishing or spam emails containing attachments.  These attachments or links in the content are where the ransomware lives. When the  attachment is clicked, your computer is at risk of becoming infected with a ransomware. Another way ransomware can infect your computer is through compromised websites. You can unknowingly visit an infected website (malicious or legitimate) and it will download  malware to  your computer  without your knowledge. This is why having good anti-virus tools is so important, but even they cannot stop all of the malware out there.

What happens when ransomware is downloaded  to my computer?

If the download succeeds, the ransomware will then have the ability to encrypt files on your computer  effectively locking  your system. As an added insult, a message may appear on your computer instructing you how to “regain access” to your computer. A ransomware attack message may look like:

“Your computer has been infected with a virus. Click here to  resolve the issue.”

“Your computer was used to visit websites with illegal content. To unlock your computer, you must  pay a 1 Bitcoin fine.”

“All files on your computer have been encrypted. Unless you pay this ransom within 72 hours to regain access to your data, your files will be removed.”

Please note that paying the “ransom” to get your data back does not guarantee that the files will be decrypted. Even if the data appears to be decrypted after payment is made, it does not mean that malware infection has been removed. There is no honour among thieves, assume your system and all systems on your network are now infected.

Ransomware

How do I remove ransomware off my computer?

There are software tools available (e.g. Norton Power Eraser and Norton Bootable Recovery Tool, Malwarebytes) that can remove many threats. Some of the more sophisticated threats may be much harder to resolve.

If your files are encrypted, there may be a tool available to unencrypt them depending on the version of  the ransomware  infection. Always check public boards like Reddit to see if there is a solution published for your specific malware.

Always ensure you have clean backups (off line) of your data, so that if you are infected with Ransomware, you can recover without too much hassle.