Friday, March 26, 2021

8 Tips for A Successful Phishing Simulation | Antivirus Software

With a phishing simulation, you can sensitize employees to IT security over the long term. Find out what to look out for to ensure the learning success of the participants.

Why Phishing Simulations?


Cyber ​​attacks, particularly successful phishing attacks, have increased dramatically in recent years. The BKA and Bitkom report unanimously in current reports on the threat situation in cyberspace. According to Avanan's Global Phish Report 2019, a quarter of these phishing emails made it through Microsoft's sophisticated filters and ended up in the users' inboxes. Technical filters alone are no longer sufficient to reliably protect against cyber threats. The attackers invest time and resources in circumventing filter solutions, for example by changing the vectors used. Many attacks are also aimed specifically at users and use psychological tricks, to manipulate the victim for criminal purposes through social engineering.


Phishing Simulation | Antivirus Software


Companies are particularly at risk because criminals hope to be able to steal particularly large sums of money here. Phishing attacks are particularly common in times of crisis when employees are unsettled and companies are already weakened. During the corona crisis, for example, new phishing tactics that cybercriminals use to exploit general uncertainty have been observed again and again. Not least because of this, you should act early and include the human factor in your IT security strategy - for example through awareness training. Various compliance frameworks such as ISO 27001 or the GDPR, also require continuous training of employees in IT security issues - in the case of ISO 27001 also a form of simulated social engineering attacks.

From Pure Phishing Tests to Awareness Building: Tips for A Sustainable Phishing Simulation


Phishing simulations are proven tools to provide the necessary in these circumstances safety awareness of employees to increase the modern way. If carried out correctly and systematically, they can sustainably reduce the click and interaction rates with phishing emails and thus protect companies from fatal (financial) damage.

However, there are some stumbling blocks to clear out of the way so that a simulation can achieve the desired effect. Particularly important: Do not design the simulation as a pure phishing test that puts employees and their knowledge to the test and denounces incorrect behavior (see above. "Blaming"). Instead, you should plan and communicate the simulation from the outset as a learning-oriented awareness measure. The following methods have Proven Effective:

1. Technical Preparation

Before you start your phishing simulation, it must be prepared from a technical point of view. For example, you should create a whitelist and make the appropriate settings. Only then will the simulated phishing emails actually make it into the mailboxes of the participants. It is worthwhile to consult with the respective provider to clarify all technical details.

2. Announcement

Do you unexpectedly receive a simulated phishing email and fall for it? This can be frustrating and demotivating for participants at times. You should therefore announce the phishing simulation to all employees in advance so that they are not taken by surprise by the measure.

3. Anonymity

In the Anglo-Saxon world, phishing simulations were often used as test tools in the past to check which employees did not know how to handle security risks. In some cases, personal consequences were even drawn. A phishing simulation should not serve to test knowledge, but to build awareness. Make the phishing simulation anonymous so that the participants do not feel controlled or even have to fear personal warnings.

4. Customization

In everyday life, too, more and more carefully personalized phishing e-mails, so-called spear-phishing e-mails are sent, which are enriched with the victims' personal data. With the phishing simulation, you can also have the content adapted to your organization, such as the approach, the design, or even the content. In this way, the participants are sensitized to such attacks in a realistic manner.

Protect your privacy from spear-phishing e-mail, install today Protegent Antivirus Software

5. Provision of Learning Content

Phishing simulations should primarily be a means of learning. Accordingly, you should not just send these out in isolation, but ensure that they are accompanied by appropriate explanatory content. Only in this way do the participants know what to look out for in the future after clicking on a simulated e-mail.

6. Establishment of A Reporting Chain

Who do I contact if I suspect a phishing attack? Participants should be able to answer this question at any time. Before starting the simulation, make sure that the relevant processes have been clarified with all those involved so that they can react quickly if the worst comes to the worst.

7. Continuity and Randomization

So that you can measure the success of your simulation accordingly, phishing emails should be sent continuously and randomly. In this way, the participants are also continuously made aware of IT security risks and the learning effect is sustained.

8. Feedback to The Recipients

Give regular feedback to the participants and answer any questions. This emphasizes once again the learning orientation of the simulation and allows employees to share their personal experiences. This also encourages and motivates. 

Create Awareness with A learning-oriented Phishing Simulation


In addition to information campaigns about cybersecurity and employee training, for example in the form of digital and interactive learning platforms, phishing simulations are particularly useful for continuous awareness building in companies. Because here employees are made aware of cyber risks directly at the property. You can find detailed information on the best practices presented in the white paper “Best Practices Phishing Simulations”, which deals with the planning and implementation of successful phishing simulations and employee training. In addition to current studies and statistics, SoSafe's empirical values ​​from phishing simulations in companies of various industries and sizes will be consulted in the discussion.

A Dangerous Android Backdoor Is Spreading Through Google Play | Antivirus

Security specialist discovered a new backdoor on Google Play executes commands from cybercriminals and enables them to remotely control infected Android devices and spy on users.

Under the name Android.Backdoor.736.origin, the malware spreads as an OpenGL plug-in, which supposedly checks the version of the OpenGL ES graphical user interface and downloads updates.


Dangerous Android Backdoor Is Spreading | Antivirus


When running Android.Backdoor.736.origin, it will request access to several important system permissions that allow it to collect sensitive data and work with the file system. Also, it tries to gain access to the display of screen forms through the interface of other apps.

The malicious app has a button to check for updates to the OpenGL ES GUI. After the button is clicked, the Trojan mimics the process of looking for new versions of OpenGL ES, but in fact, it does not search.

Once the victim closes the app window, Android.Backdoor.736.origin removes the icon from the list of apps in the main menu and creates a shortcut. The malware wants to make it more difficult for the user to remove the Trojan later because it is not affected by removing the link.

Android.Backdoor.736.origin is constantly active in the background and can not only be started via the icon or the shortcut but also automatically when the system is started and at the command of cybercriminals via Firebase Cloud Messaging. The main functions of the Trojan are an encrypted auxiliary file that is stored in a directory with other program resources. This auxiliary file is decrypted and loaded into the main memory each time Android.Backdoor.736.origin is started.

The malware maintains a connection to several servers from which it receives commands from cybercriminals and to which it also forwards collected data. Cyber ​​criminals can also control the Trojan through the Firebase cloud messaging service.

Android.Backdoor.736.origin is able to perform the following actions:

·         Transferring contact information from the phone book to the server;
·         Transferring information to the server via SMS (the version of the Trojan being examined does not have the necessary permissions to do this);
·         Transmission of information about telephone calls to the server;
·         Transmitting data about the device location to the server;
·         Download and run apk or dex files using the DexClassLoader class;
·         Transferring information about installed apps to the server;
·         Download and run executable files;
·         Download files from the server;
·         Transferring a defined file to the server;
·         Transferring information about files in the specified directory or about files on the memory card to the server;
·         Running a shell command;
·         Start of defined activities;
·         Download and install an Android app;
·         View certain notifications;
·         Request the authorization specified in the command;
·         Submitting to the server a list of permissions granted to the trojan;
·         Lock the device to sleep.

The Trojan encrypts all data sent to the server using the AES algorithm. Each request is protected by a key that is generated based on the current time. The server response is also encoded with the same key.

Android.Backdoor.736.origin is capable of installing apps in several ways:

·         automatically if the system has root access (using the shell command);
·         via the system package manager (only for system software);
·         via a standard dialog where the user should agree to the installation.

So the pest is dangerous. It is not only used for cyber espionage but can also be used for phishing campaigns, as it can display windows and notifications with any content. It can also download and install other malicious apps and run random code. For example, Android.Backdoor.736.origin can download an exploit and execute it to gain root privileges. Afterward, he has his hands free and can carry out any actions in the Android system without the consent of the user.

Specialists have notified Google of the trojan it found. At the time this news was published, the Trojan had been removed from the Google Play store.

Android.Backdoor.736.origin and components of the malware are successfully located by Protegent Antivirus for Android. Therefore, the malware does not pose a threat to Protegent users.

Google Chrome Users Are at Risk of Malicious Notifications | Free Antivirus

Virus analysts discovered Android.FakeApp.174, which uploads suspicious websites to the Google Chrome browser. Google Chrome users are registered for push notifications without their consent. These are sent even when the browser is closed. You could also believe that they are real. Such notifications not only disrupt work with Android devices but can also lead to the theft of money and confidential data.

Web push technology enables websites to send notifications to the user with the consent of the user, even if a website is not open in the browser. This feature is useful and convenient when dealing with harmless content. For example, you can find out about new posts on social networks in this way. News outlets can also notify their subscribers of new posts. However, the technology is being misused by cybercriminals and unscrupulous advertisers to distribute advertisements and fraudulent notifications from hacked or malicious websites.

These notifications are supported in browsers on both PCs and laptops and mobile devices. Typically, if the victim clicks on a link or banner ad, they end up on a dubious website. Android.FakeApp.174 is one of the first Trojans to help cybercriminals to increase the number of visitors to these pages and to generate such notifications for smartphone and tablet users.

Android.FakeApp.174 is distributed under the guise of a well-known app. Two such modifications of the Trojan were discovered by our virus analysts on Google Play in early June. After contacting Google, the malware was removed. Nonetheless, the app was downloaded by over 1,100 users.

Malicious Notifications 2| Free Antivirus


 

When it starts, the Trojan downloads a website in the Google Chrome browser, the address of which is specified in the settings of a malicious app. This page redirects the user to the pages of various partner programs. You will then be asked to allow the receipt of notifications on each of these pages. To convince the victim of this, some kind of check is carried out (e.g. that the user is not a robot) or a hint is given as to which button to click. This should generate more subscriptions. Examples of such requests are shown in the following screenshots:   

After the subscription is activated, these websites start sending the user numerous notifications about the questionable content. They are received even if the browser is closed and the Trojan has already been deleted. The content can be anything, including false notifications about the receipt of cash bonuses or transfers, new messages on social networks, advertising horoscopes, casinos, goods and services, and even «news».

Many of them look like real notifications from real online services. For example, they have the logo of a bank, a dating website, a news agency, or a social network. Android device owners can receive dozens of such spam messages every day.

Although these notifications also contain the address of the relevant website, they can be overlooked by an ignorant user. Examples of fraudulent notifications are as follows:   

   

If you click on such a notification, you will be redirected to the website with questionable content. This can include advertising for casinos and different apps on Google Play, discount, and voucher offer as well as fake online surveys and competitions, which vary depending on the location of the user. Examples of such websites are as follows:

Malicious Notifications 1 | Free Antivirus

   

Many of these websites are involved in known fraudulent programs. Cyber ​​criminals are also able to launch an attack at any time to steal sensitive data. A potential victim can click on a fake notification, go to a phishing site and provide their name, login, password, email address, credit card number, or other sensitive information.

Find the best free antivirus to protect your device from cybercriminals

Malware analysts believe that cybercriminals will continue to actively use this method to promote dubious services. Android users should therefore carefully check websites for suspicious requests and unwanted notifications when they visit websites. If for any reason, you have subscribed to unsolicited spam notifications, you should do the following:

·         Go to «Settings» => «Website Settings» => «Notifications» in Google Chrome.

·         Find the relevant website in the list, click on it and select "Reset permissions" or "Delete".

Dr.Web products for Android finds and deletes all known modifications of Android.FakeApp.174. Therefore, the Trojan does not pose a threat to our users.

Wednesday, March 24, 2021

Forms of Different Viruses & Antivirus Software

What Is Antivirus software?

An antivirus is a program with which it is possible to protect a computer against most viruses, worms, Trojans, among other invaders that are unwanted and that have been designed to infect computers.

They are characterized by being advanced programs that are not exclusively dedicated to detecting viruses, but rather take on the task of blocking them, disinfecting files that have been modified and preventing new infections.


Viruses & Antivirus Software


Antivirus Software Classification

·         Preventive Antivirus Software - They are characterized by being in charge of warning before an infection occurs. In general, this is a type of antivirus software that is present in the computer's memory, monitoring each of the actions and functions of the system.
 
·         Antivirus Software Identifiers - These are those whose objective is to identify programs that can infect the computer and therefore affect the system. On the other hand, they also track specific code sequences that may be linked to viruses.
 
·         Decontamination Antivirus Software - They are similar to identifier antivirus software, but in this case, their specialty lies in decontaminating a system that has already been infected, due to the action of malicious programs. In this case, the main objective is for an operating system to be as it was at startup.

Forms of Computer Viruses

There are many types of computer viruses that can be identified today, so it is important to know them, to improve the defense of the devices:

 

1.    Worm or Computer Worm - It is a type of malware that is characterized by staying in the memory of the computer and that is duplicated in it without the user intervening in the process. They typically consume a lot of bandwidth or system memory.
 
2.    Trojan Horse - It is a class of computer virus that hides in a legitimate program, so that when it is executed it begins to damage the computer. To a large extent it affects the security of the PC so that it is completely defenseless and in turn capture information that is sent to other sites, such as passwords.
 
3.    Logic or Time Bombs - They are characterized by being activated once a specific event occurs. You can think of a combination of certain keys or a particular date. In case the fact does not happen, the virus will simply remain hidden.
 
4.    Hoax - They do not have the ability to reproduce on their own and the truth is that they are not true viruses. In reality, they are messages with content that is not true and that ends up encouraging the user to forward the information to the contacts. Normally, these fake viruses seek to overload the flow of information through emails and networks.
 
5.    Link - They are viruses that modify the addresses through which the computer is accessed through which it resides. In that sense, they make it impossible to locate the files that have been stored.
 
6.    Overwriting - They are computer viruses that cause the loss of the content of the files they attack. This happens because it overwrites the previous one.
 
7.    Resident - It is a virus that remains in memory and waits for the user to run a file or programs to infect it.
 
8.    Boot Sector Viruses - They lodge in the hard drive's boot sector, a crucial part of the disk that is needed for the computer to boot from the hard drive.
 
9.    Macro Viruses - They infect files using applications or programs that contain macros, such as Microsoft's office suite. Due to their characteristics, they can automate a series of operations so that they are executed as if they were a single action.
 
10.  Polymorphic Viruses - They are viruses that are encrypted or modified in a different way through algorithms and encryption keys once they manage to infect the system.
 
11.  Fat Virus - The fat file allocation table is a part of the hard disk that is used to store the information about the location of the files, the space that cannot be used, and the space available. They prevent access to certain sections of the disk.
 
12.  Web Scripting Virus - Complex code for creating interesting content is included on some websites. This type of code is sometimes exploited so that computer viruses cause undesirable actions for the user.
 
13.  Browser Hijacker - These are viruses that spread in many different ways, such as a voluntary download. If the browser is infected, the user will be automatically redirected to certain sites.
 
14.  Email Virus - It spreads through emails, once the recipient opens them.
 
15.  Companion Virus - It is a virus that infects files directly and in turn to
 
16.   Resident Types (viruses). As for accessing the computer, they can accompany other existing files.
 
17.  Multipartite Virus - It is a virus that can spread in various ways. Among its actions, depending on the operating system will be adjusted. They almost always hide within memory without infecting the hard drive.

What Are The Limitations Of Antivirus Software?

·         Do not avoid spam - In some cases they offer online protection, but the truth is that they are not entirely effective.
 
·         They do not prevent direct attacks - In case a person with advanced knowledge until the own computer, they are not in a position to be a defense.
 
·         They do not prevent criminal activities - Nor are they software capable of this work.

Hacker Attack on Solar Winds Affects up To 18,000 Customers | Antivirus Software

This emerges from a mandatory stock exchange report. In it, SolarWinds also allows Office 365 accounts to be compromised. The security provider Cybereason describes the processing of the incident as the world's largest forensic investigation.


Hacker Attack on Solar Winds | Antivirus Software


SolarWinds in an official stock exchange announcement further details about the hacker attack published that allowed the attacks allegedly Russian hackers on US government departments and the security vendor FireEye. The software provider also assumes that the backers acted with the support of a nation-state. Also, the Orion software manipulated by the cyberspies is said to have reached fewer than 18,000 SolarWinds customers.


The company has a total of 300,000 customers. Of these, however, only 33,000 are said to use the Orion platform to monitor and manage their IT environment. Up to 18,000 customers affected installed one of the software versions 2019.4 to 2020.2.1, infected with malware by the hackers, between March and June 2020.


Nevertheless, all 33,000 users of the Orion software were informed on Sunday. Also, SolarWinds announced again that it will provide a patch on Tuesday that will remove the malicious code from all customers' systems.


In addition, detailed analyzes from Microsoft, FireEye and the US cybersecurity authority CISA have been available to those affected since Sunday to be able to track down and eliminate a possible infection with the malware known as a sunburst. However, it is still unclear how the hackers managed to break into SolarWinds' systems to add malicious code to the Orion software.


However, SolarWinds also admitted in its listing that the company's Office 365 accounts had been compromised. It is still being investigated whether customer data was also stolen. However, SolarWinds did not discover this attack itself - it only became aware of this through Microsoft.


The attack on SolarWinds is likely to be one of the most serious hacker attacks of 2020 - after all, the perpetrators also fell into the hands of FireEye security tools that were developed to detect vulnerabilities in company networks. According to Forbes, US authorities such as Cyber ​​Command, the Department of Defense, the Department of Homeland Security, and the FBI are also customers of SolarWinds. However, it is not known whether these authorities also use the Orion software.




“As early as March, Russian hackers belonging to the Cozy Bear group smuggled malware into the Solar Winds IT management platform and waited months to detonate it. So far we know that the Department of Homeland Security, the US Treasury Department and the US Department of Commerce have been hacked. As do many of the Fortune 500 companies in the world, including many UK companies. What happens when the world's largest forensic investigation continues and affects more than 20,000 companies? ”Commented Sam Curry, Cybereason's chief security officer. “In general, this is not the time for security professionals to panic. A practical and measured reaction is advisable. "


Protect Microsoft Windows PC from the hacker by installing antivirus software.

Tuesday, March 23, 2021

Cryptolocker: When The Nightmare Starts, It's Too Late | Free Antivirus

Everyone has heard or read about cybercrime. But many companies and private individuals only really deal with the issue after the damage has already been done. If "Cryptolocker" is then mentioned, those affected will not forget the term anytime soon. Because it is a widespread malware used to blackmail people or companies. It falls into the group of so-called ransomware (ransomware is the English word for ransom).


Cryptolocker


Simple Principle
A cryptolocker is infiltrated into a computer system unnoticed, for example via a link in an e-mail, using a manipulated website, or on a USB stick. Files on the infected computer and connected network drives are then encrypted. When this process is finished, the files are unusable. A message will appear on the computer prompting

the victim will transfer a certain amount in Bitcoins to the (of course anonymous) attackers. Only then will the data be decrypted again. It may be that, despite payment, nothing happens. But it is more the exception than the rule. Cybercriminals who use Cryptolocker have an interest in ensuring that ransom money will continue to be paid in the future. Should word get around that this is not worthwhile, the willingness to pay would decrease.

High Risk
Malicious software such as Cryptolocker is constantly being developed. Today it can read passwords up to the most critical account fully automatically and use them for the attack. There is therefore a risk that after an attack, not only will the data be unusable, but the entire system will have to be rebuilt. The direct (but also indirect) damage of such an attack is immense. For start-ups or SMEs, it can reach dimensions that threaten the very existence of the company.

Correct Procedure
If you are affected by an attack, it is important to act quickly but nevertheless prudently. Disconnect the computer from the network and then try to find out:

·         Which system is affected?

·         What did you observe?

·         When did the event occur or was it first noticed?

·         Which device was the malware installed on first?

Make a note of what you were able to find and then contact the service desk of first frame networkers ag immediately.

Checklist -  this is how you can protect yourself

Our information security experts will help you identify and weigh up cyber risks. Here is an overview of some important protective measures:

·         Identify business-critical data and protect it with organizational and technical measures.

·         Back up your data regularly. Follow the 3-2-1 rule: There should be at least 3 copies of your data on 2 different media. 1 backup copy should be in an external storage location.

·         Carry out maintenance: Operating systems and all applications installed on the computers should be updated monthly, log files should be checked for abnormalities and the data backup should be checked for recoverability.

·         Train your users and check their behavior in handling e-mails, for example with our phishing service or through training with our experts.

·         Always use the latest virus protection like Protegent Free Antivirus with Crypto-Guard.

·         Use a firewall to segment your network into several areas. In this way, you can at least contain the spread of an attack.

·         Use administrator accounts only where absolutely necessary. And check the authorizations of the users regularly.

What Is a ListentoYouTube Virus and How to Remove This?

On the off chance that you were searching for an approach to convert YouTube videos to MP3, you may have discovered the ListentoYouTube viru...