There are many ways a spammer can infect a device with malware and capture confidential or banking information or sell counterfeit drugs, luxury items or software. A few years ago, spammers would register fictitious email accounts with many different webmail services to send spam messages which would capture private information or make victims partake in affiliate scams. As antispam companies became more proficient in identifying unsolicited messages through email domains and IP addresses, spammers began to use more clever techniques. An example is the so-called snowshoe spamming, in which spammers scatter their messages across a wide range of IPs and domains, in order to blur domain reputation metrics and evade filters. Recent years have seen a rise in snowshoe spam, but while this type of spam fits into a pattern, the way it’s executed may vary from one spam wave to another.Read More
Published on 06/25/15 08:29AM
Published on 06/20/15 08:30AM
Or why using the Command and Control (C&C) server ban lists will not help with security.
If the malware botnet concept is a bit blurry to you, this article will surely clarify things. Without further ado, here are 11 frequently asked questions about malware botnets:Read More
Published on 06/04/15 02:30PM
Mobile is everywhere, no pun intended. At a security conference I attended recently, one of my colleagues humorously quoted Jules Winnfield, played by Samuel L Jackson, from Pulp Fiction by saying “Say mobile again, I dare you, I double dare…”
It’s true: it’s ubiquitous and unavoidable. And for plenty of good reasons. For example, Gartner stated this year that Android alone “surpassed a billion shipments of devices in 2014, and will continue to grow at a double-digit pace in 2015, with a 26 percent increase year over year”. It’s forecasted to surpass the 1.5 billion by 2016.
That type of volume and usage draws a lot of attention – both “good” and “bad” – as it clearly demonstrates a huge and growing market space, with possibly a lot of unexplored business opportunities. When it comes to bad news, it generally travels fast. So when we look at attacks and hacks in the mobile space, there is more than a lot of expectation, at least within certain sectors, to see how this market is and will evolve: who will be the main players, what will be the plays etc.
Published on 05/28/15 10:24AM
Lately, the security threat landscape has been undergoing some changes. No, we’re not talking about new types of malware spreading and ravaging end-users’ computers. We’re talking about a “shift in focus” in cybercriminal activity, influenced heavily by the latest trends in online payments.
If a few years ago, the popular way to make money using malware was creating (and deceiving people into downloading) FakeAVs, now the bad guys are focusing on Ransomware. And there are two main reasons for this focus shift:Read More
Published on 03/04/15 04:00PM
In POS Security: Lessons for Every Business Employing Such Systems we show how important it is for a retailer or any type of business processing credit card payments to fully understand how POS systems work and the security risks.
In this article, we’ll cover POS attack vectors and ways to detect and even prevent them. There are several ways someone may attack a POS, and we’ll analyze them one by one.
Published on 02/20/15 04:00PM
As German luxury car maker BMW releases a security patch for their in-car software, one cannot help but wonder: is IoT security still an afterthought?
A couple of weeks ago, the BMW Group announced a security patch for a vulnerability in their ConnectedDrive system that could put 2.2 million Rolls-Royce, Mini and BMW vehicles at risk. Using a SIM card, the software allows car owners to access and control car navigation functions, internet connected features, windows and doors. Imagine what could have happened if hackers had discovered the flaw before the researchers at the German Automobile Association, ADAC.Read More
Published on 02/12/15 04:00PM
POS security is one term that we’ve been hearing for more than five years now. And its dark connotations only increased in intensity with the recent Target and Home Depot breaches that shook the two retailers to their core. But it’s not only high-profile retailers that should be wary of such attacks. Smaller companies – retail chains, restaurants and other types of business – in the US, Canada, Australia and Russia have had their POS systems breached in recent months.
So regardless of industry or location, if you have a POS system in place, or you’re considering employing one, you may become a target. To prevent this gloomy perspective, it’s recommended you fully understand how POS systems work, what types there are and the risks they present, as well as the basic security questions you need to ask a potential POS vendor when evaluating their solution.Read More
Published on 02/06/15 03:55PM
Are you looking for the right Advanced Persistent Threat (APT) protection provider? If you already have a security solution in place, talk to your current vendor first and get their view on APTs. Also, be sure to ask if they detect advanced malware threats, and whether the solution you license from them is just a “traditional, signature-based antivirus” or it has other features such as generic detection, proactive protection and heuristics.Read More
Published on 01/23/15 03:00PM
2014 will most likely go down in history as the year of major data breaches. Notable companies across various industries had their systems hacked, causing a wake of incalculable damage to their brand and customer loyalty. Some had their customers’ and employees’ personal data compromised, while others had assets exposed to theft and misuse.
According to press reports, the most targeted sector was retail – Home Depot, Target, Neiman Marcus and Michael’s are just a few examples of hacked high-profile retailers. Despite major investments in security, the banking/financial sector was also highly affected by data breaches – the JPMorgan Chase and Korea Credit Bureau hacks are just two cases that made headlines. In contrast, the healthcare sector lags behind in terms of security investments, wide-spread good practices and dedicated IT staff. And the Community Health Services hack showed once again how vulnerable the healthcare industry is to medical data theft.Read More
Published on 01/08/15 03:30PM
As mentioned previously in Detecting Advanced Persistent Threats – myths and realities, the technologies used by some Advanced Persistent Threat (APT) security vendors may not result in a good detection rate. To add to the problem, most companies providing APT protection do not participate in the standard industry detection tests run by reputable companies. These are the main tools that measure the “effectiveness” of a security solution in terms of how well the solution prevents the penetration of modern malware.
Typical excuses are:Read More