Browsing articles in "Internet Security"
Nov 9, 2017
Comments Off on Singles’ Day deal seekers beware

Singles’ Day deal seekers beware

Originally a day set aside for singles in China to be proud of their singlehood, Singles’ Day has been transformed into what is arguably the world’s single largest e-commerce festival, thanks to the involvement of The Alibaba Group. In fact, the Alibaba Group alone reported $17.8 billion in sales; six times higher than what was spent on Black Friday (around $3 billion).

Today, Singles’ Day has evolved into a shopping phenomenon that has gained traction beyond the shores of China, with shoppers across Southeast Asia eagerly awaiting previews, hoping to make a killing on the deals set to land on November 11.

However, also waiting to make a killing are cybercriminals, who see e-commerce festivals and heavy shopping holidays such as Singles’ Day, Black Friday, and Christmas as huge opportunities to dupe unsuspecting deal seekers and steal their hard-earned cash. Traditionally, cybercrime activity tends to pick up during festive periods, especially those that involve increased online shopping.

As we await Singles’ Day, many retailers will be sharing promotional links via email, social media, or mobile. Based on past experience, cybercriminals will also be ready to disseminate their own versions of fake promotional links through these channels. These emails from hackers, known as “phishing emails,” could be so well designed as to accurately mimic an email from legitimate and renowned retailers.

Phishing emails would likely contain links to fake promotions, which, instead of giving shoppers a great deal, would instead link directly to malware or ask users to provide personal details that can be abused for nefarious purposes later.

Taking it one step further, entire web pages built to look like legitimate online shopping sites are often built by cybercriminals to take advantage of shoppers. Sometimes hackers even build random e-commerce sites from scratch. These sites are used to steal personal data and even credit card information. And with many deals being time-based in the form of “flash” deals, shoppers sometimes fail to stop and consider the authenticity of a site before rushing to make a purchase.

A quick guide to safe online shopping during Singles’ Day

To ensure you can celebrate Singles’ Day safely and smoothly, here are some basic guidelines to protect oneself from being a victim on Singles’ Day.

1. Beware of spoofed links

Don’t simply click on a link if you can’t be a hundred percent sure it is indeed from the retailer, even if you know the “sender.” To make sure the link is legit, check the sender’s email header and message context. Display the full email address and reply-to address instead of looking at the sender’s name alone. An additional step you can take is to hover over the link to ensure it directs to a legitimate site. Also, be doubly wary of social media posts and texts that offer deals that are too good to be true.

2. Shop at retail websites directly

Instead of keying in personal details into a coupon link in direct emailers or on social media posts, it is wiser to go directly to a retailer’s main website. If the offers are legitimate, chances are more often than not you would be able to find them on the website itself.

3. Check the validity of retailers’ websites

Choosing to shop directly at a retailer’s website is a great first step, but always remember to ensure you are, in fact, on the right website before beginning to shop. Check the URL of the website. If it ends with a “.net” or has a different name in the URL, there is a good chance the site is not legitimate. Also, make sure the sites include “https” at the beginning of the URL. This indicates your data is encrypted whilst browsing or purchasing. Furthermore, check the website copy. If there are numerous grammatical errors and typos, this might not be the website you’re looking for.

4. Install the latest antivirus software

Aside from laptops, shopping through smartphones and tablets has become commonplace nowadays. Therefore, make sure to have a next-generation antivirus software installed, and preferably one that offers multi-layered protection. While having antivirus solutions installed on desktops is relatively common, many of us are guilty of failing to do the same for our mobile devices.  Maintaining a multi-layered security solution across all devices will help protect you from all sorts of malware such as worms, Trojans, spyware, ransomware, and more.

While consumers should stay alert of potential cyberattacks when shopping online throughout the year, one should pay extra attention during festive shopping periods such as Singles’ Day. Cybercriminals are ramping up their attempts to target hungry shoppers, who are rushing for the limited hours deep discounts. So stay calm and think twice before taking any actions. Don’t just rush for the best deals and forget the basic concepts of Internet safety. If you keep your head, you can protect yourself from being a victim of cybercriminals during Singles’ Day.


Singles' Day Infographic

The post Singles’ Day deal seekers beware appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 9, 2017
Comments Off on Disdain exploit kit and a side of social engineering deliver Neutrino Bot

Disdain exploit kit and a side of social engineering deliver Neutrino Bot

Today we picked up new activity from an exploit kit that was first discovered back in August of this year. The Disdain exploit kit, simply identified by a string of the same name found in its source code, is being distributed again after a short interruption via malvertising chains.

Disdain EK relies on older vulnerabilities that have long been patched and some that do not appear to be working properly. From a traffic to infection point of view, this means that the conversion rates are going to be lower than, say, RIG EK, the other most common exploit kit at the moment.

This may explain why we are seeing Disdain being used as a drive-by download alongside a social engineering attack to increase the likelihood of infections. Case in point, the following site was compromised to serve Disdain EK while also distributing a fake Flash Player update:

What’s interesting is that both payloads (Disdain’s malware drop and the so-called Flash update) are actually the same malicious binary, just delivered by different methods. The former is loaded via an iframe injected into the page which triggers the exploit kit and delivers the payload automatically, while the latter is a regular download that requires user interaction to download and run it.

Disdain’s landing page exploits older Internet Explorer vulnerabilities and attempts to load Flash exploits as well, although in our tests these did not work.

That payload is Neutrino Bot, which we have documented on this blog before when it was served in malicious spam campaigns as well as via the now defunct Neutrino exploit kit. Neutrino Bot, AKA Kasidet , is a multi-purpose piece of malware famous for its information stealing abilities.

In the past few weeks, there have been a few developments in the exploit kit scene beyond the long running RIG exploit kit, where threat actors are attempting new tricks both from an evasion and distribution point of view. Despite this, there remains a lack of innovation in what really matters at the end of the day: the exploits being used to deliver drive-by infections.

While some groups have switched to pure social engineering-based attacks, others are attempting either or both methods at once. In the current threat landscape, the campaigns that have the most success are those that can draw a lot of traffic and use clever techniques to fool users.

Systems that have been patched regularly would not be affected by this exploit kit, but at the same time users should beware of non-legitimate software updates. Many of the so-called “Flash Player” or “Video Player” updates typically push adware and, as we saw recently with the BadRabbit outbreak, even ransomware.

Malwarebytes users are protected from the Disdain exploit kit and Neutrino Bot malware.

The post Disdain exploit kit and a side of social engineering deliver Neutrino Bot appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 9, 2017
Comments Off on Winning the battle against PUPs on your computer and in court

Winning the battle against PUPs on your computer and in court

I know very few people, other than lawyers, that get excited about corporate court cases. But, I want to share with you a recent decision that I believe is cause for every computer user to celebrate.

This week, a United States District Court judge ruled in Malwarebytes’ favor, dismissing a lawsuit brought against us by Enigma Software Group USA LLC (“Enigma”). Essentially, they sued us because we classified two of their software programs as Potentially Unwanted Programs (PUPs).

Sounds mundane, but the reality is that this is not only a critical win for Malwarebytes, but for all security providers who will continue to have legal protection to do what is right for their users. This decision affirms our right to enable users by giving them a choice on what belongs on their machines and what doesn’t.

Those of you that follow this blog know that for years, we have taken an aggressive stance against PUPs. We continue to monitor all known software against Malwarebytes’ PUP criteria to give our users the choice to select which programs you want to keep or remove from your computer. We strongly believe that you should be allowed to make this choice, and we will continue to defend your right to do so.

This company was founded on a real problem I experienced and a dream that everyone at Malwarebytes still affirms: that computer users have a right to choose what’s on their computers. As PUPs became more prevalent and problematic, we began offering protection against them too, a choice that is now backed by the United States District Court.

If you are interested in the brief news release we shared today, it can be found here.

A copy of the US District Court Clerk’s filing (Case 5:17-cv-02915-EJD Document 105) can be found online here.

The post Winning the battle against PUPs on your computer and in court appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 8, 2017
Comments Off on Of scammers and cute puppies

Of scammers and cute puppies

We’ve followed tech support scammers for quite a while at Malwarebytes. They’ve been of particular interest because of their preference for scamming the poor, the elderly, and the developmentally disabled.  But there’s a diverse spectrum of online scams a criminal can profit from, and today we’re going to take a look at one of the more despicable ones: puppy scams.

The basic gist of the scam is that the crook will find photos of beautiful purebred dogs, put them up on Craigslist or a private website, and advertise them for adoption. Once a buyer is found, they’re on the hook for fees including fake vet bills, registration, kennel fees, and transport to the victim’s location. Suffice it to say: there is no dog. Average losses for this scam run from US$800 to $5,000.

Shopping for a fake dog

For our investigation, we started with pomeranianhouse[.]com. Clicking on puppies for sale, we get Paulie, an unbelievably cute dog that looks happy to see us.

This dog is not actually for sale.

The “About us” page has extensive copy on the care and upkeep of these beautiful dogs designed to make your heart melt. But when we reverse image search on Paulie, we get another site entirely:

This site has the same dog:

It includes the same copy, but contains identifying details of the breeder, along with a lengthy diatribe against scammers who steal her photos.

Having confirmed that the first site is a huge scam, we decided to give them a call and see what happens.


Unsurprisingly, instead of a woman from Oklahoma, we get a man with a south Asian accent requesting a Walmart-2-Walmart money transfer. If you’re unfamiliar, Walmart-2-Walmart is a money transfer that allows a recipient to collect funds with an ID and a reference number. Most commonly, scammers will recruit money mules to do the collections as part of a work from home scheme. This particular scammer wanted to take us for $850 for the non-existent dog, but that probably would have gone up over time with assorted “unforeseen” costs.

So what about the perpetrator? is WHOIS protected, with no significant pDNS, but the email they used with us, dydydav849@gmail[.]com, was partially reused on their last scam iteration in July, as seen below on a scam information website:

Once pomeranianhouse[.]com is taken down for fraud, the scammer will most likely set up a new site with fresh stolen pictures in another three months.

How to stay safe

Please do not use unconventional payment methods with people you do not know, or cannot find a reputable history on. Money wire, ACH transfer, and any sort of gift card should all be enormous red flags for “maybe I should not do business with this person.” You can also decrease your chances of getting scammed by buying pets locally from shelters or breeders who allow you to meet the dog first (to make sure it exists). Stay safe, and stay suspicious—no matter how cute the puppy is.

The post Of scammers and cute puppies appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 8, 2017
Comments Off on Phony WhatsApp used Unicode to slip under Google’s radar

Phony WhatsApp used Unicode to slip under Google’s radar

After a troubling week for Google not so long ago, the company is under the spotlight once more for missing another app that, after further investigations by several members of Reddit, was found laden with adware.

This app, which was called “Update WhatsApp Messenger,” used the logo and developer name of the real WhatsApp app—two elements that a user familiar with the app expects to see. However, the developer name for this bogus app had an extra space at the end, so it looked like this:

WhatsApp, Inc.{space}

To aid users in realizing this deception, Redditor Megared17 posted snapshots of a code section belonging to the real WhatsApp and the fake app to compare the two. We have reproduced the shots below for your convenience.

That bit in the box is the percent coding equivalent of a blank space, which translates to U+00A0, the Unicode value of a no-break space. Although this is something our normal eyes may have a difficult time spotting, many decried that Google’s scanner should have quickly picked this up.

Read: Out of character: Homograph attacks explained

Once downloaded and installed, Redditor Dextersgenius pointed out that “Update WhatsApp Messenger” hid from users by “not having a title and having a blank icon,” which he then supplemented with screenshots that we also reproduced below.

From Dextersgenius’s testing, they also pointed to a piece of code that indicated this bogus app appears to access a hardcoded shortened URL that presumably downloads an update APK named whatsapp.apk. Upon closer inspection, however, the URL led to another shortened URL—this time Google’s URL shortener,—that then led to a Google search result for a WhatsApp Messenger APK file.

Essentially, users are told to “Look for the APK file from these search results. It’s got to be in one of them!” No updates are sent to the phones at all, so they’re just left with a PUP app.

“Users need to be more vigilant,” advised Armando Orozco, Lead for the Mobile Protection Team at Malwarebytes. “If they want to update WhatsApp, they need to use the update mechanism in the Play Store app, not a secondary app.”

Apart from reading app reviews for any reports of questionable behavior, it also pays for users to check the link to the developer of the app, which might have helped catch “Update WhatsApp Messenger” and possibly lessen the number of affected devices.

Stay safe!

Other related post(s):

The post Phony WhatsApp used Unicode to slip under Google’s radar appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 7, 2017
Comments Off on Part 2: All rise! Mind these digital crimes and arm your business against them

Part 2: All rise! Mind these digital crimes and arm your business against them

In the first installment of this two-part series, we advised consumers to stay on top of a selection of up-and-coming crimes to significantly lessen the chances of encountering them in the future. For this post, we’re going to look into digital crimes that keeps small businesses and large enterprises on their toes: cloud attacks, attacks over SSL, ATM malware, and RDoS attacks.

It’s important to note that regardless of any digital attack an organization might face, fostering a culture of cybersecurity plays a massive role in arming employees with knowledge of what these attacks are and how they should respond if and when such incidents happen.

Let’s begin!

Cloud attacks

Many are surprised with how quick cloud computing has taken hold. In fact, Internet users who may not have heard about “the cloud” likely have no idea how much they rely on it when they check updates on Facebook, their work mail, or their online bank statement. Indeed, cloud services have made our lives a lot more manageable, to the point that we think everything we need is just within reach of our fingertips, wherever we are in the world.

Unfortunately, online criminals have caught on and started using cloud services as lures to dupe people into handing over their account and personal details. Retrieved credentials—say, for work email—are then used to access the account to gain further access to other repositories the credential owner has rights to, primarily company files stored in other cloud services. And this is just one of the many possibilities that could happen to compromised enterprise accounts.

How to protect your business

  • Take advantage of your cloud provider’s two-factor authentication (2FA) feature. They are used by the majority of cloud vendors today—using it is no longer optional. And that should be great news for any business looking into beefing up their security but only have a vague idea of where to start. Just remember that 2FA comes in various forms.
  • Know who accesses what information stored in the cloud. Not everyone in the company should be able to read or obtain sensitive files. Audit your access list and, if possible, restrict access to more sensitive data to a smaller group of decision makers.
  • Limit access to company resources based on user context. Employees in the office who use the internal network should be able to access files based on privileges assigned to them. Remote workers, on the other hand, should have limited access to company files, or they must go through additional sign-on steps to ensure that the person accessing the data is indeed who they say they are.
  • Encrypt highly sensitive files stored in the cloud. Offsite backups work well, too.
  • Use a cloud vendor that provides encrypted data transfers. (Not all of them offer this.)
  • Toughen up on passwords. Make sure that employee passwords have an acceptable rating of complexity. The system should straight up reject ones that are easily guessed like “admin,” “password,” or “123456.”
  • Regularly update your software to keep exploits at bay.

Attacks over SSL/TLS

Secure Socket Layer (SSL) or Transport Layer Technology (TLS) is a protocol wherein transmissions between a server and a browser are authenticated and encoded. While an increasing number of companies are learning and adopting encryption as part of their security and privacy strategies, using secure communication over the network to hide malicious antics is how threat actors level up the playing field. We’ve seen this in multiple malvertising campaigns in previous years. Malware being sent over an encrypted channel is not new either. Phishers, on the other hand, mainly use SSL as a way to make their campaigns more believable, seeing that more Internet users are clued in on what to look for on a potential phishing page.

Some threat actors use free SSL certificates, while others have breached company sites with them already installed. Regardless, organizations have a big hand to play in stopping the bad guys by securing their websites and also educating their employees on current, more sophisticated criminal tactics.

How to protect your business

  • Keep server OS and other software running on your website up to date.
  • Strengthen the passwords of your website admin accounts.
  • Make sure that text boxes on your website where users can post content to them, such as a search box, comment window, or forum post, are SQL injection- and cross-site scripting (XSS)-proof. You can install tools to prevent scripts not hosted on your server from running on your website. Or you can tinker with the server-side code to make it difficult for the bad guy’s script injection to run even if it were successfully posted to the page.
  • Install a Web Application Firewall. There are niche brands that offer this, with some of them being cloud-based. So do your research and choose a service that fits your company’s needs.
  • If you allow users to upload files—say, a screenshot—to your website, make sure that limitations are explicitly set to prevent users from uploading other file types.
  • Switch to HTTPS. You may also want to consider using SSL inspection.
  • Restrict physical access to your server.
  • Conceal your admin directories. Hackers have been known to scan web servers for conspicuous directories they can focus on gaining access to, such as the admin folder. Choose new names for your administrator folders, and make sure you and your webmasters are the only ones who know them.
  • Back up your website. Always.

ATM malware

Crimes involving ATMs don’t necessarily require physical skimming devices. Sometimes, there’s malware—and a bit of phishing—in there, too. And these two combined form network-based ATM attacks. Europol’s European Cybercrime Centre (EC3) and Trend Micro’s Forward-Looking Threat Research (FTR) Team have circulated a 40-page report, warning banks about the rise of ATM targeting. Based on this report, not only is ATM malware becoming commonplace, it has evolved remarkably through the years.

EC3 and FTR have also revealed that there are two objectives of ATM malware: (1) empty the affected machine from cash, which is called “jackpotting,” and (2) record card data from clients using the affected ATM, effectively acting as a virtual skimming device.

Below is a video shared by Bleeping Computer about the latest ATM malware sold on the Dark Web in action:

How to protect your business

  • The majority of malware that infiltrates a bank’s network starts off as phishing emails. As such, it’s more important than ever for senior managers to focus on running awareness programs and surprise simulations within the organization on a regular basis.
  • To prevent crooks from delivering malware via the ATM’s USB and CD drives, fortify the machine by replacing the default generic locks on the shell to prevent thieves from purchasing generic keys for these locks. Also, make sure that the location where the ATM machine is situated is well-lit and has a security camera in place (that cannot be easily tampered with).
  • Ensure that the communication between the interbank network and the ATMs are encrypted and have integrity controls.
  • Religiously update all software installed on the ATM. Also, whitelist software that are only allowed to run on ATM machines.
  • By default, use two-factor or multi-factor authentication between devices and software.
  • Employ whole disk encryption for hard disks.
  • Secure the ATM BIOS against unauthorized access.

Ransom DDoS (RDoS) attacks 

A distributed denial of service attack, or DDoS, involves the use of hundreds, if not thousands, of electronic devices controlled by a botmaster. These devices are then used to attack an organization by overwhelming their network with garbage traffic, resulting in websites being shut down and clients not being able to access them for an indefinite period. This translates to a significant loss of profit and disruption of productivity. An RDoS attack happens when an organization is threatened with a DDoS attack but fails to deliver or ignores a threat actor’s demands for money, which is usually in the form of cryptocurrencies. According to a Kaspersky report, a majority of threat actors behind these attacks are beginners and not organized hacker groups. Regardless, a DDoS attack is not something any company with an online presence would want to get entangled with.

Although RDoS attacks on enterprises regularly make the news, small businesses shouldn’t be lax as they have more to lose in the event of such attacks. Unfortunately, a vast number of small business are ill-equipped to handle DDoS and RDoS attacks.

How to protect your business

  • Plan ahead. Little can be done once an attack is already taking place. Prevention is critical in this case. Assess the potential DDoS risk, exposure, and severity to the business and come up with mitigation strategies to address them.
  • Monitor bandwidth for spikes on the network. This could mean an oncoming attack or the presence of malware.
  • Have security software in place. Install anti-malware, email and URL filtering, firewall, and other security software to beef up your company’s computer, device, and network protection. Make sure that they are also whitelisted and regularly patched. Some companies even offer DDoS protection.

Regardless of the nature of the business, as long as you have an online presence—if we guess correctly, almost all SMEs have this—securing your assets, which are either stored in the cloud or on-premise, should be an essential part of any business plan. Organizations of all sizes can no longer afford to overlook security and privacy matters regarding how they should handle confidential company and client information, especially with the arrival of GDPR.

On the other hand, users are also responsible for making sure that their electronic devices are protected both from unauthorized physical and electronic access, their sensitive information kept behind digital lock and key, and that the resources and assets they use for work are maintained within acceptable security standards.

The post Part 2: All rise! Mind these digital crimes and arm your business against them appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 7, 2017
Comments Off on A look into the global drive-by cryptocurrency mining phenomenon

A look into the global drive-by cryptocurrency mining phenomenon

An important milestone in the history of cryptomining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a web browser.

JavaScript-based mining is cross-platform compatible and works on all modern browsers. Indeed, just about anybody visiting a particular website can start mining for digital currency with eventual profits going to the owner’s wallet (in the best case scenario). In itself, browser-based cryptomining is not illegal and could be seen as a viable business model to replace traditional ad banners.

To differentiate browser-based mining from other forms of mining, many started to label these instances as JavaScript miners or browser miners. The simplicity of the Coinhive API integration was one of the reasons for its immediate success, but due to several oversights, the technology was almost instantly abused.

However, many web portals started to run the Coinhive API in non-throttled mode, resulting in cases of cryptojacking—utilizing 100 percent of the victims’ CPU to mine for cryptocurrency with no knowledge or consent given by the user.

We decided to call this new phenomenon drive-by mining, due to the way the code is delivered onto unsuspecting users, very much like drive-by downloads. There’s one important caveat, though: There is no malware infection at the end of the chain.

While the harm may seem minimal, this is not the kind of web experience most people would sign up for. To make matters worse, one does not always know if they are mining for the website owner or for criminal gangs that have found a new monetization tool for the hacked sites they control.

In our full reportA look into the global drive-by cryptocurrency mining phenomenon, we review the events that led to this new technology being abused and explore where users involved in cryptomining against their will are located.

To give you an idea of the scope of drive-by mining, Malwarebytes has been blocking the original Coinhive API and related proxies an average of 8 million times per day, which added up to approximately 248 million blocks in a single month.

With their new mandatory opt-in API, Coinhive hopes to restore some legitimacy to the technology and, more importantly, push it as a legal means for site owners to earn revenues without having to worry about ad blockers or blacklists. This could also benefit users who might not mind trading some CPU resources for an ad-free online experience.

Time will tell how criminals react, but in the meantime, drive-by mining continues unabated.

For more information on this latest trend in the cryptocurrency world, please download our report.

The post A look into the global drive-by cryptocurrency mining phenomenon appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 6, 2017
Comments Off on Stay away from the Bitcoin multiplier scam

Stay away from the Bitcoin multiplier scam

It is well known that hot commodities tend to attract scammers and online criminals. The continuous rise of Bitcoin over the past year (valued at over USD $7,188 at the time of writing) is generating frenzy amongst fans of cryptocurrencies as well as those watching from the sidelines.

While the threat of Bitcoin theft from hackers or rogue operators remains high, we also see many scams inspired by the classic Ponzi scheme. Such is the case of the Bitcoin multiplier scheme, where victims are enticed to send some of their Bitcoin to a particular wallet and be given x times the amount they invested.

Multiply your loss

There are a few different ways users are drawn to this scam. One of them is searching online for sites that offer such a service (and you can find many). Some people are even asking the million dollar question: “Is there any genuine Bitcoin multiplier?” which scammers immediately pounce on and use for Search Engine Optimization (SEO) purposes.

Another tactic is to use advertising to redirect users to such sites:

The offer sounds too good to be true and should raise an immediate red flag. Even the “confidence” indicators displayed at the bottom of the page are fake and just for show.

However, the scam artists are using an interesting ploy by first asking the user for their email address and Bitcoin address, suggesting that the service might actually send them something. But the opposite happens. When the user submits their information, they are taken to a different page asking them to send BTC to the perpetrator’s wallet:

This might make some people feel uneasy, but the crooks have an answer for any doubts that might arise. They keep a page with previous payments they have sent, although this information is bogus.

In trying to deconstruct this scam, one question that comes to mind is why such a service would exist in the first place, especially considering that nowhere on the site do they mention any kind of commission for their effort. Well, apparently, these guys are doing it for the altruistic love of technology.

Sadly, many people have fallen for this scam and have never seen their money again. The criminals behind this are setting up temporary websites and keep on resurfacing after they have been taken down.

The best piece of advice we can give you is to stay away from too good to be true promises, especially when it involves something like Bitcoin or other cryptocurrencies. And if you need any more guidance, the answer to the million dollar question is: No, there are no genuine Bitcoin multipliers.

The post Stay away from the Bitcoin multiplier scam appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 6, 2017
Comments Off on A week in security (October 30 – November 5)

A week in security (October 30 – November 5)

Last week on our blog, we told you what to expect at the upcoming Irisscon security conference in Dublin. We gave you a quick introduction into the why and how of analyzing malware based on their API calls. And we issued a warning about some lesser-known cybercrimes. Plus we explained why emerging APAC markets are prime targets for cybercriminals.

We also introduced you to some of the scariest malware monsters that could come knocking on your door for more than just candy. And finally, we explained how cryptocurrencies work and why all the cybercriminals love them.

Other news

Safe surfing, everyone!

The post A week in security (October 30 – November 5) appeared first on Malwarebytes Labs.

Powered by WPeMatico

Nov 6, 2017
Comments Off on Explained: blockchain technology

Explained: blockchain technology

Last week, we talked about what cryptocurrency is and why cybercriminals love it. We mentioned that cryptocurrency was founded on a technology called blockchain, which is a tight system that, when applied correctly, is more secure than most other financial transactions. In this post, we’ll explain the basics of blockchain technology, including its origin, development, and what makes it secure.

Origin of blockchain

One of the prime and most well-known examples of blockchain technology is Bitcoin. In 2008, the founder and spiritual father of Bitcoin (acting under the name of Satoshi Nakamoto) laid the groundwork for blockchain technology when he presented his solution for the “double spending problem” in digital currency. Double spending can be seen as copying and pasting money so you would never run out of it. In the non-digital world, we’d call this counterfeiting.

This countermeasure against double spending is essentially the foundation of our current blockchain technology, a method of record keeping that is essentially a decentralized, distributed, historical database.

looking at a fork

The linchpin of blockchain technology is its decentralization. There is no central authority. Anybody can be a user or participant. This makes the system more open and less vulnerable than traditional ledgers.

Blockchain security

How is the blockchain made secure? Good question! Without making this too complicated, consider a system that only works in one direction. That system calculates the hash value that is the unique answer to a math problem based on the data contained in the block. Every time you feed the system the same data in the block, the hash value will be the same. Every change in the block results in a different hash value.

Take for example adding up the numbers in a long value like 123456789, which will result in 45. Changing the first value will have an effect on the result, but from knowing 45 alone it is impossible to figure out the value we used as input. This is the basically the same idea as blockchain, only the its hashes and input are much more complicated.

So there is no way (short of centuries of bruteforcing) to go in reverse and find the data of the block based on a hash value. This provides miners, or those who maintain the transactions in the blockchain, with a method to check the validity of a transaction without being able to create a block with false information. This is what solves the double spending problem. It makes it impossible to make up a transaction and feed the false information into the blockchain. You can not find the hash that would make that transaction look legitimate.

How new blocks are created

Every so often a new block is created—as a set of transactions recorded over a given period of time. This block contains all the transactions that were made on the blockchain since the previous block was closed. Miners then calculate the hash value of the current block. The first one to get it right gets a reward.

Now the nodes come into play. A node is a machine that is broadcasting all the transactions across the peer-to-peer network that is the base of the blockchain. The nodes check and broadcast the hash of this proposed block until agreement is reached about the new block. Then this block will be accepted as the new starting point for the transactions in the next block. The block is saved in many different places so that no one entity has total control over it.

The transactions we mention do not have to be money transfers, as the blockchain can be used for many other applications. Consider, for example, smart contracts that can be programmed to pay the supplier when a condition has been met, such as the delivery of goods. This moves the trust in the completion of the transaction from an intermediary like a bank or a website to the blockchain.

How mining works on the blockchain

Why would miners bother with appending to the blockchain and verifying new blocks? The “proof of work” method gives rewards to miners for calculating the hashes. So basically they get paid for the energy they put into the work. However, the proof of work method used in Bitcoin and other digital currencies is causing an energy consumption level that could run an entire country.

The number of  processing cycles needed to mine effectively has made CPU mining a thing of the past. Instead, miners moved on to GPU mining and then to ASIC, or application-specific integrated circuit, which is highly specialized and much more effective at what it does.

Although the number of Bitcoin that are given out each day as rewards stays the same over a given period of time, the number of mining farms has taken the number of cycles needed for one Bitcoin through the roof. Imagine huge server farms with racks upon racks of ASICs mining away, and that will give you a good idea of what the professional miners are doing. This is not “Joe at Home” anymore, but serious business. 

One alternative method that is in planning for the Ethereum Project is “proof of stake.” Proof of stake rewards those that have the most invested in the currency or gas (gas is the internal pricing for running a transaction or contract in Ethereum). Some fear this will turn blockchain into “the rich get richer” system, so there may be some new problems to be solved on the horizon.

But if it’s so secure, how come I heard…

Even though the blockchain technology itself is secure, the applications that may be built on or around this technology are not necessarily inheriting its security. So you may have heard of criminals acquiring Bitcoins illegally in various ways, but these crimes usually take place before the cryptocurrency was acquired, for example by having others mine for the threat actor. Or afterwards, for example by stealing wallets or even robbing a Bitcoin exchange.

Extra reading

For more information on blockchain, take a look at this explanation using easy to understand examples: The ultimate 3500-word guide in plain English to understand Blockchain.

A comparison between proof of work and proof of stake can be found here: Proof of Work vs Proof of Stake: Basic Mining Guide

The post Explained: blockchain technology appeared first on Malwarebytes Labs.

Powered by WPeMatico

Location and hours

Txt/Email or CALL NOW to discuss your recovery plan.
Computer repair association logo