I’m sure you’ve seen them — emails or messages that sound alarming and ask you to act quickly. We live in a digital world that produces hundreds of messages and alerts every day. It’s often hard to determine the validity of a suspicious message or phishing email. Whether you are an administrator, or an end-user, it can be overwhelming to accurately identify a malicious message. When in doubt, here are some questions you should ask yourself:
Is the message from a legitimate sender?
Do I normally receive messages from this person?
If there’s a link, can I tell where it’s sending me?
Attackers continue to evolve their methods, and they’re highly educated on the defenses they come up against in the wild. They’ll craft messages that do not involve any traditional indicators of compromise, such as domains, IP address, or URL links. They’ll also start their attacks by sending messages as an initial lure to establish trust, before sending an email with altered invoice or one claiming to be a helpless employee attempting to get their payroll fixed.
Phishing is a socially-based attack type, one where the threat actors focus on human behavior. When these attacks target organizations, there are multiple levels of attack at play. One that focuses on behavioral patterns and workflow, and the other centers on the victim’s emotional boundaries, such as targeting their desire to help others. You see this pattern frequently in Business Email Compromise (BEC) attacks.
Below, we’ve placed an example of a lure, which will test the victim to see if there is a means to quickly establish trust. Here, the threat actor is pretending to be the Chief Financial Officer (CFO) of the victim’s organization. If the lure is successful, then the threat actor will progress the attack, and often request sensitive records or wire transfers. Notice that in the email headers, the person pretending to be the CFO is using a Gmail account, one that was likely created just for this attack. The message is brief, stresses importance and urgency, and requests assistance, playing on the victim’s workflow and desire to help an executive or someone with authority.
The example below is a simplified one, to be sure, but the elements are legitimate. Daily, emails like this hit the inboxes of organizations globally, and the attackers only need to locate a single victim to make their efforts payout.
In the FBI / IC3 2021 Internet Crime Report, there were nearly 20,000 Business Email Compromise complaints filed, with an adjusted loss of nearly 2.4 billion dollars. While spoofing the identity of an executive is certainly one way to conduct a BEC attack, the FBI says that threat actors have started leveraging the normality of hybrid-work to target meeting platforms to establish trust and conduct their crimes. When successful, the funds from the fraudulent wire transfers are moved to crypto wallets and the funds dispersed, making recovery harder.
So as an end user what can you do to protect your organization? Be mindful anytime you receive an urgent call to action, especially when the subject involves money. If your workflow means that you regularly receive these types of requests from the specific individual, verify their identity and the validity of the request using another channel of communication, such as in person or via phone. If you do validate their identity via the phone, take care to avoid calling any numbers listed in the email.
Cisco Secure Email helps stop these types of attacks by tracking user relationships and threat techniques. These techniques often include account takeover, spoofing and many more. Using an intent-based approach allows Secure Email to detect and classify business email compromises and other attacks, so administrators are empowered to take a risk-based approach to stopping these threats.
Find out more about how Cisco Secure Email can help keep your organization safe from phishing.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
URSNIF, the malware also known as Gozi that attempts to steal online banking credentials from victims' Windows PCs, is evolving to support extortionware.…
A hospital network in Wisconsin and Illinois fears visitor tracking code on its websites may have transmitted personal information on as many as 3 million patients to Meta, Google, and other third parties.…
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself appeared first on McAfee Blog.
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee® Total Protection, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee® Total Protection.
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.
Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.
Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.
So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.
When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.
“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.
When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.
The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.
Let’s explore the cybersecurity tools on the three major web browsers:
Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.
McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.
When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.
There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.
While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.
Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.
If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.
It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.
Trustpilot is one example of a website that provides reviews of other websites.Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.
You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.
Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.
If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.
Download McAfee WebAdvisor now and stay safe while browsing the web.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome’s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.
Jay Pinho is a developer who is working on a product that tracks company data, including hiring. Pinho has been using LinkedIn to monitor daily employee headcounts at several dozen large organizations, and last week he noticed that two of them had far fewer people claiming to work for them than they did just 24 hours previously.
Pinho’s screenshot below shows the daily count of employees as displayed on Amazon’s LinkedIn homepage. Pinho said his scraper shows that the number of LinkedIn profiles claiming current roles at Amazon fell from roughly 1.25 million to 838,601 in just one day, a 33 percent drop:
The number of LinkedIn profiles claiming current positions at Amazon fell 33 percent overnight. Image: twitter.com/jaypinho
As stated above, the number of LinkedIn profiles that claimed to work at Apple fell by approximately 50 percent on Oct. 10, according to Pinho’s analysis:
Image: twitter.com/jaypinho
Neither Amazon or Apple responded to requests for comment. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. In June, LinkedIn acknowledged it was seeing a rise in fraudulent activity happening on the platform.
KrebsOnSecurity hired Menlo Park, Calif.-based SignalHire to check Pinho’s numbers. SignalHire keeps track of active and former profiles on LinkedIn, and during the Oct 9-11 timeframe SignalHire said it saw somewhat smaller but still unprecedented drops in active profiles tied to Amazon and Apple.
“The drop in the percentage of 7-10 percent [of all profiles], as it happened [during] this time, is not something that happened before,” SignalHire’s Anastacia Brown told KrebsOnSecurity.
Brown said the normal daily variation in profile numbers for these companies is plus or minus one percent.
“That’s definitely the first huge drop that happened throughout the time we’ve collected the profiles,” she said.
In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. A follow-up story on Oct. 5 showed how the phony profile problem has affected virtually all executive roles at corporations, and how these fake profiles are creating an identity crisis for the businesses networking site and the companies that rely on it to hire and screen prospective employees.
A day after that second story ran, KrebsOnSecurity heard from a recruiter who noticed the number of LinkedIn profiles that claimed virtually any role in network security had dropped seven percent overnight. LinkedIn declined to comment about that earlier account purge, saying only that, “We’re constantly working at taking down fake accounts.”
A “swarm” of LinkedIn AI-generated bot accounts flagged by a LinkedIn group administrator recently.
It’s unclear whether LinkedIn is responsible for this latest account purge, or if individually affected companies are starting to take action on their own. The timing, however, argues for the former, as the account purges for Apple and Amazon employees tracked by Pinho appeared to happen within the same 24 hour period.
It’s also unclear who or what is behind the recent proliferation of fake executive profiles on LinkedIn. Cybersecurity firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.
On this point, Pinho said he noticed an account purge in early September that targeted fake profiles tied to jobs at cryptocurrency exchange Binance. Up until Sept. 3, there were 7,846 profiles claiming current executive roles at Binance. The next day, that number stood at 6,102, a 23 percent drop (by some accounts that 6,102 head count is still wildly inflated).
Fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.
Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley, suggested another explanation for the recent glut of phony LinkedIn profiles: Someone may be setting up a mass network of accounts in order to more fully scrape profile information from the entire platform.
“Even with just a standard LinkedIn account, there’s a pretty good amount of profile information just in the default two-hop networks,” Weaver said. “We don’t know the purpose of these bots, but we know creating bots isn’t free and creating hundreds of thousands of bots would require a lot of resources.”
In response to last week’s story about the explosion of phony accounts on LinkedIn, the company said it was exploring new ways to protect members, such as expanding email domain verification. Under such a scheme, LinkedIn users would be able to publicly attest that their profile is accurate by verifying that they can respond to email at the domain associated with their current employer.
LinkedIn claims that its security systems detect and block approximately 96 percent of fake accounts. And despite the recent purges, LinkedIn may be telling the truth, Weaver said.
“There’s no way you can test for that,” he said. “Because technically, it may be that there were actually 100 million bots trying to sign up at LinkedIn as employees at Amazon.”
Weaver said the apparent mass account purge at LinkedIn underscores the size of the bot problem, and could present a “real and material change” for LinkedIn.
“It may mean the statistics they’ve been reporting about usage and active accounts are off by quite a bit,” Weaver said.
APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app
The post Domestic Kitten campaign spying on Iranian citizens with new FurBall malware appeared first on WeLiveSecurity
Sponsored Post Shifting workloads and applications to the cloud is on every forward-thinking CIO's wish list. It is also their worst nightmare. If they get it right, they've helped to transform and modernize their organization's operations and everyone's happy. If they get it wrong, it's a different story, made much worse if a seriously expensive data breach is involved.…
pic-1200
The concept of zero trust is not a new one, and some may even argue that the term is overused. In reality, however, its criticality is growing with each passing day. Why? Because many of today’s attacks begin with the user. According to Verizon’s Data Breach Investigations Report, 82% of breaches involve the human element — whether it’s stolen credentials, phishing, misuse or error.
Additionally, today’s businesses are hyper-connected, meaning that — in addition to your employees — customers, partners and suppliers are all part of your ecosystem. Couple that with hybrid work, IoT, the move to the cloud, and more emboldened attackers, and organizational risk increases exponentially.
Adopting a zero trust model can dramatically reduce this risk by eliminating implicit trust. It has become so crucial, in fact, that several governments including the U.S., UK and Australia have released mandates and guidance for how organizations should deploy zero trust to improve national security.
However, because zero trust is more of a concept than a technology, and so many vendors use the term, organizations struggle with the best way to implement it. At Cisco, we believe you should take a holistic approach to zero trust, starting with what you have and adding on as you identify gaps in your defenses. And while layers of protection are necessary for powerful security, so is ease of use.
Zero trust plays a major role in building security resilience, or the ability to withstand unpredictable threats or changes and emerge stronger. Through zero trust, the identity and security posture of users, devices and applications are continuously checked and verified to prevent network intrusions — and to also limit impact if an unauthorized entity does gain access.
Organizations with high zero trust maturity are twice as likely to achieve business resilience.
– Cisco’s Guide to Zero Trust Maturity
Eliminating trust, however, doesn’t really conjure up images of user-friendly technology. No matter how necessary they are for the business, employees are unlikely to embrace security measures that make their jobs more cumbersome and time-consuming. Instead, they want fast, consistent access to any application no matter where they are or which device they are using.
That’s why Cisco is taking a different approach to zero trust — one that removes friction for the user. For example, with Cisco Secure Access by Duo, organizations can provide those connecting to their network with several quick, easy authentication options. This way, they can put in place multi-factor authentication (MFA) that frustrates attackers, not users.
Cisco Secure Access by Duo is a key pillar of zero trust security, providing industry-leading features for secure access, authentication and device monitoring. Duo is customizable, straightforward to use, and simple to set up. It enables the use of modern authentication methods including biometrics, passwordless and single sign-on (SSO) to help organizations advance zero trust without sacrificing user experience. Duo also provides the flexibility organizations need to enable secure remote access with or without a VPN connection.
During Cisco’s own roll-out of Duo to over 100,000 people, less than 1% of users contacted the help desk for assistance. On an annual basis, Duo is saving Cisco $3.4 million in employee productivity and $500,000 in IT help desk support costs. Furthermore, 86,000 potential compromises are averted by Duo each month.
La-Z-Boy, one of the world’s leading residential furniture producers, also wanted to defend its employees against cybersecurity breaches through MFA and zero trust. It needed a data security solution that worked agnostically, could grow with the company, and that was easy to roll out and implement.
“When COVID first hit and people were sent home to work remotely, we started seeing more hacking activity…” said Craig Vincent, director of IT infrastructure and operations at La-Z-Boy. “We were looking for opportunities to secure our environment with a second factor…. We knew that even post-pandemic we would need a hybrid solution.”
“It was very quick and easy to see where Duo fit into our environment quite well, and worked with any application or legacy app, while deploying quickly.” – Craig Vincent, Director of IT Infrastructure and Operations, La-Z-Boy
Today, Duo helps La-Z-Boy maintain a zero trust framework, stay compliant, and get clear visibility into what is connecting to its network and VPN. Zero trust helps La-Z-Boy secure its organization against threats such as phishing, stolen credentials and out-of-date devices that may be vulnerable to known exploits and malware.
As mentioned, zero trust is a framework, not a single product or technology. For zero trust to be truly effective, it must do four things:
Many technology companies may offer a single component of zero trust, or one aspect of protection, but Cisco’s robust networking and security expertise enables us to provide a holistic zero trust solution. Not only can we support all the steps above, but we can do so across your whole IT ecosystem.
Modern organizations are operating multi-environment ecosystems that include a mix of on-premises and cloud technologies from various vendors. Zero trust solutions should be able to protect across all this infrastructure, no matter which providers are in use. Protections should also extend from the network and cloud to users, devices, applications and data. With Cisco’s extensive security portfolio, operating on multiple clouds and platforms, zero trust controls can be embedded at every layer.
Depending on where you are in your security journey, embedding zero trust at every layer of your infrastructure may sound like a lofty endeavor. That’s why we meet customers where they are on their path to zero trust. Whether your first priority is to meet regulatory requirements, secure hybrid work, protect the cloud, or something else, we have the expertise to help you get started. We provide clear guidance and technologies for zero trust security mapped to established frameworks from organizations like CISA and NIST.
Much of our Cisco Secure portfolio can be used to build a successful zero trust framework, but some examples of what we offer include:
All of our technologies and services are backed by the unparalleled intelligence of Cisco Talos — so you always have up-to-date protection as you build your zero trust architecture. Additionally, our open, integrated security platform — Cisco SecureX — makes it simple to expand and scale your security controls, knowing they will work with your other technologies for more unified defenses.
As Italy’s leading insurance company, Sara Assicurazioni requires complete visibility into its extended network, including a multi-cloud architecture and hybrid workforce. The company has adopted a comprehensive zero trust strategy through Cisco Secure.
“Our decentralized users, endpoints, and cloud-based servers and workloads contribute to a large attack surface,” says Paolo Perrucci, director of information and communications technology architectures and operations at Sara Assicurazioni. “With Cisco, we have the right level of visibility on this surface.”
“The main reason we chose Cisco is that only Cisco can offer a global security solution rather than covering one specific point…. Thanks to Cisco Secure, I’m quite confident that our security posture is now many times better because we are leveraging more scalable, state-of-the-art security solutions.” – Luigi Vassallo, COO & CTO, Sara Assicurazioni
To learn more, explore our zero trust page and sign up for one of our free zero trust workshops.
Watch video: How Cisco implemented zero trust in just five months
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Microsoft has confirmed one of its own misconfigured cloud systems led to customer information being exposed to the internet, though it disputes the extent of the leak.…
The Biden administration is pushing ahead with its drive to add cyber security labeling to consumer Internet of Things (IoT) devices, and may join other nations in adopting the scheme pioneered by Singapore.…
Sponsored Feature The concept behind Confidential Computing isn't new – organisations have been using hardware-assisted technology to encrypt and decrypt data for a while now. But fresh impetus from the Confidential Computing Consortium , new technology, and greater reliance on off prem public clouds to host and process sensitive information is prompting a more widespread re-evaluation of its benefits.…
Updated Australian health insurer Medibank has revealed it's been contacted by a group that claims to have its customers' data and is threatening to distribute it.…
With hot-ticket events firmly back on the agenda, scammers selling fake tickets online have also come out in force
The post Don’t get scammed when buying tickets online appeared first on WeLiveSecurity
This week, the US government's Cybersecurity and Infrastructure Security Agency (CISA) expanded its ever-growing list of vulnerability in industrial control systems (ICS) and critical infrastructure technology.…
New York regulators continue turning the screws on organizations with slapdash computer security.…
Verizon has notified some prepaid customers that their accounts were compromised and their phone numbers potentially hijacked by crooks via SIM swaps.…
Authored by SangRyol Ryu
Cybercriminals are always after illegal advertising revenue. As we have previously reported, we have seen many mobile malwares masquerading as a useful tool or utility, and automatically crawling ads in the background. Recently the McAfee Mobile Research Team has identified new Clicker malware that sneaked into Google Play. In total 16 applications that were previously on Google Play have been confirmed to have the malicious payload with an assumed 20 million installations.
McAfee security researchers notified Google and all of the identified apps are no longer available on Google Play. Users are also protected by Google Play Protect, which blocks these apps on Android. McAfee Mobile Security products detect this threat as Android/Clicker and protect you from malware. For more information, to get fully protected, visit McAfee Mobile Security.
The malicious code was found on useful utility applications like Flashlight (Torch), QR readers, Camara, Unit converters, and Task managers:
Once the application is opened, it downloads its remote configuration by executing an HTTP request. After the configuration is downloaded, it registers the FCM (Firebase Cloud Messaging) listener to receive push messages. At first glance, it seems like well-made android software. However, it is hiding ad fraud features behind, armed with remote configuration and FCM techniques.
Attribute name | Known meaning of the value |
FCMDelay | Initial start hours after first installation |
adButton | Visivility of a button of Advertisement |
adMob | AdMob unit ID |
adMobBanner | AdMob unit ID |
casOn | Whether CAS library works or not |
facebookAd | FaceBook Ad ID |
fbAdRatio | Ratio of FB AD |
googleAdRatio | Ratio of AdMob |
is | Decide BootService to run or not |
urlOpen | to open popup or not when starts PowerService |
popUrl | URL for PowerService |
popUpDelay | Delay time for PowerService |
liveUrl | URL for livecheck service |
pbeKey | Key for making unique string |
playButtonList | URL for other service |
reviewPopupDialog | ‘y’ it shows review dialog |
tickDelay | Delay time for TickService |
tickEnable | Value of TickService enabled |
tickRandomMax | Value of TickService random delay |
tickRandomMin | Value of TickService random delay |
tickType | Set the type of TickService |
updateNotiVersion | Value for showing update activity |
The FCM message has various types of information and that includes which function to call and its parameters. The picture below shows some of FCM message history:
When an FCM message receives and meets some condition, the latent function starts working. Mainly, it is visiting websites which are delivered by FCM message and browsing them successively in the background while mimicking user’s behavior. This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware. In the picture below there is an example of the network traffic generated to get the information required to generate fake clicks and the websites visited without user’s consent or interaction:
So far, we have identified two pieces of code related to this threat. One is “com.click.cas” library which focuses on the automated clicking functionality while “com.liveposting” library works as an agent and runs hidden adware services:
Depending on the version of the applications, some have both libraries working together while other applications only have “com.liveposting” library. The malware is using installation time, random delay and user presence to avoid the users from noticing these malicious acts. The malicious behavior won’t start if the installation time is within an hour and during the time the user is using the device, probably to stay under the radar and avoid being detected right away:
Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behavior is cleverly hidden from detection. Malicious actions such as retrieving crawl URL information via FCM messages start in the background after a certain period of time and are not visible to the user.
McAfee Mobile Security detects and removes malicious applications like this one that may run in the background without user’s knowledge. Also, we recommend having a security software installed and activated so you will be notified of any mobile threats present on your device in a timely manner. Once you remove this and other malicious applications, you can expect an extended battery time and you will notice reduced mobile data usage while ensuring that your sensitive and personal data is protected from this and other types of threats.
liveposting[.]net
sideup[.]co[.]kr
msideup[.]co[.]kr
post-blog[.]com
pangclick[.]com
modooalba[.]net
SHA256 | Package name | Name | Downloaded |
a84d51b9d7ae675c38e260b293498db071b1dfb08400b4f65ae51bcda94b253e | com.hantor.CozyCamera | High-Speed Camera | 10,000,000+ |
00c0164d787db2ad6ff4eeebbc0752fcd773e7bf016ea74886da3eeceaefcf76 | com.james.SmartTaskManager | Smart Task Manager | 5,000,000+ |
b675404c7e835febe7c6c703b238fb23d67e9bd0df1af0d6d2ff5ddf35923fb3 | kr.caramel.flash_plus | Flashlight+ | 1,000,000+ |
65794d45aa5c486029593a2d12580746582b47f0725f2f002f0f9c4fd1faf92c | com.smh.memocalendar | 달력메모장 | 1,000,000+ |
82723816760f762b18179f3c500c70f210bbad712b0a6dfbfba8d0d77753db8d | com.joysoft.wordBook | K-Dictionary | 1,000,000+ |
b252f742b8b7ba2fa7a7aa78206271747bcf046817a553e82bd999dc580beabb | com.kmshack.BusanBus | BusanBus | 1,000,000+ |
a2447364d1338b73a6272ba8028e2524a8f54897ad5495521e4fab9c0fd4df6d | com.candlencom.candleprotest | Flashlight+ | 500,000+ |
a3f484c7aad0c49e50f52d24d3456298e01cd51595c693e0545a7c6c42e460a6 | com.movinapp.quicknote | Quick Note | 500,000+ |
a8a744c6aa9443bd5e00f81a504efad3b76841bbb33c40933c2d72423d5da19c | com.smartwho.SmartCurrencyConverter | Currency Converter | 500,000+ |
809752e24aa08f74fce52368c05b082fe2198a291b4c765669b2266105a33c94 | com.joysoft.barcode | Joycode | 100,000+ |
262ad45c077902d603d88d3f6a44fced9905df501e529adc8f57a1358b454040 | com.joysoft.ezdica | EzDica | 100,000+ |
1caf0f6ca01dd36ba44c9e53879238cb46ebb525cb91f7e6c34275c4490b86d7 | com.schedulezero.instapp | Instagram Profile Downloader | 100,000+ |
78351c605cfd02e1e5066834755d5a57505ce69ca7d5a1995db5f7d5e47c9da1 | com.meek.tingboard | Ez Notes | 100,000+ |
4dd39479dd98124fd126d5abac9d0a751bd942b541b4df40cb70088c3f3d49f8 | com.candlencom.flashlite | 손전등 | 1,000+ |
309db11c2977988a1961f8a8dbfc892cf668d7a4c2b52d45d77862adbb1fd3eb | com.doubleline.calcul | 계산기 | 100+ |
bf1d8ce2deda2e598ee808ded71c3b804704ab6262ab8e2f2e20e6c89c1b3143 | com.dev.imagevault | Flashlight+ | 100+ |
The post New Malicious Clicker found in apps installed by 20M+ users appeared first on McAfee Blog.
It's just as you suspected: your Gen Z and millennial coworkers just aren't taking cybersecurity at work seriously enough. …
Cyber-diplomats from around the world say they want the internet to be safe, secure, and free of interference. Of course, they believe it's the fault of other nations that the internet is not safe, secure or free of interference.…