I’ll make you an offer you can’t refuse… – NCSC Site

One of the terms we didn’t include in our advent calendar of definitions was ‘malvertising’. This is a term which we felt we could say a little more about, and so we’ve saved it for this blog. Malvertising may seem like a scary topic, but it doesn’t need to be. This blog includes some simple steps to protect your End User Devices and your networks, so you don’t need to be afraid of online adverts.

What is malvertising?

Malvertising, or ‘malicious advertising’, is when an attacker uses online advertising as a delivery method for malicious activity. It’s particularly insidious because it often doesn’t require any user interaction – such as choosing to run downloaded files – to cause problems. You can become a victim of malvertising simply by visiting a popular website. Code within online adverts on the website could install ransomware or other malware.

It’s a popular method because a single malicious advertisement could be distributed to many publishers and onward to many websites – causing widespread attacks against their users. Ad networks allow advertisers to target online advertisements on features like location and device types; attackers can also leverage this to launch targeted malvertising campaigns. In addition, it can be difficult to attribute malicious activity to malvertising.

How malvertising works

To understand how to protect against malicious advertising, it helps to understand how it is delivered. Website owners and mobile application developers, known as publishers, receive payment from advertisers in return for displaying online advertisements. Online advertisements can allow advertisers to run code to display rich media advertisements that incorporate elements like animations, video and scripts. Malicious actors can take advantage of this to deliver malicious content within an online advertisement, without the knowledge of the publisher.

There are different ways for malicious advertisements to be displayed on a publisher’s site:

  • Publishers can use their own servers to deliver online advertisements.
  • Alternatively, publishers can use an ad network. Within ad networks, advertisers can buy the rights to serve an advertisement onto a publisher site.

Whether an attacker compromises a publisher’s server or poses as a legitimate advertiser, the same delivery vector – online advertisements – is used to deliver malicious activity. It is important to note that while publishers are being used in the infection process, they are – like the end user – victims of malvertising. Publishers will suffer reputational damage if their customers get infected from malvertising displayed on their sites.

Embedded malicious code

Malicious advertisements typically do not require any user interaction because they contain embedded code. The user does not need to click on the advertisement as they have malicious code within them. The code can carry out a variety of tasks, such as exploit software vulnerabilities, or silently redirect users to malicious websites that host exploit kits. In this regard, malvertising is like drive-by-downloads, in that software is run on a victim’s computer simply by visiting a malicious website.

Note: Exploit kits are automated toolkits or frameworks designed to scan a victim’s device, find software vulnerabilities and then exploit them in order to deliver a malicious payload.

What is the impact of malvertising?

Numerous high-profile publisher sites have been victims of malvertising campaigns. In March 2016, visitors to various major publishers including aol.com, bbc.com, nfl.com and nytimes.com received malicious advertisements. The malvertising campaign targeted US users and was delivered through multiple ad networks. Shortly afterwards, a similar malvertising campaign targeted visitors to UK websites.

In both campaigns, the malicious advertisement redirected victims to websites hosting the Angler exploit kit. This can lead to malicious activity such as stealing financial information stored on victims’ machines, or installing ransomware whereby victims’ files are encrypted unless payment is made to the attacker.

Ad blocking

Ad blocking is a technology designed to limit (or completely prevent) the display of online advertisements. There are several ad blocking solutions that work in different ways. Some ad blockers are designed to block all advertisements (whether legitimate or malicious), whilst others whitelist ‘trusted’ ad networks. It is worth noting that whitelisted ad networks could still be a source of malicious advertisements. Whilst ad blockers can help prevent malvertising from affecting you, they should not be regarded as a security product.

Protecting your devices and networks

The clear majority of malvertising targets unpatched vulnerabilities in web browsers, plugins, and associated internet-facing software on End User Devices. Prompt patching and updating of this software is the most effective mitigation available. For more information on protecting End User Devices within your organisation, see our EUD guidance.

In addition, Cyber Essentials contains five critical controls which can help to reduce the harm from malvertising. We recommend that all organisations consider these controls, and the recommendations in the 10 steps to cyber security. Wider network security hygiene protections, such as network segregation, web proxying, and least privilege are also useful in minimising the impact of any successful malware infection.

Source: I’ll make you an offer you can’t refuse… – NCSC Site

Putting the cyber in crime: How lower barriers and increased profits have led to a surge in cybercrime.

It seems as if not a day goes past where cybercrime isn’t in the headlines. Whether it is a ransomware attack, a huge data breach, theft of intellectual property, or the unavailability of service, ‘cyber’ is playing an increasingly important role for both enterprises and individuals alike.

Nowadays, nearly all crimes have an element of cyber to them and we’re seeing more ‘traditional’ criminals get into the cybercrime industry. However, this isn’t just bandwagon jumping; there are actually some very good reasons why the world of cyber makes a lot of sense to criminals.

Lowering barriers to entry:Go back ten years or so and ‘hacking’ knowledge was limited to a few select individuals that understood technology. It wasn’t easy to find experts that were willing to be “hackers for hire”, and for those new to the industry, acquiring such skills wasn’t an easy task either. However, in recent years, the barriers to entry have gotten significantly lower due to a few key factors:

  1. Availability of online marketplaces. Online marketplaces have become commonplace and provide a convenient place where hackers for hire can advertise their skills to bidders. These can encompass a broad range of services such as DDoS attacks, botnets, and targeting of individuals or businesses, as well as custom services.
  2. As-a-service. Taking a cue from legitimate businesses, cybercriminals are beginning to remodel their organizations for greater efficiency. This has resulted in the rise of “cybercrime-as-a-service”. For example, Petya & Mischa ransomware-as-a-service (RaaS) was launched in July 2016. This platform encourages distributors to generate high returns by enticing them with the cybercrime equivalent of performance bonuses. If distributors generate less than five bitcoins in each week, then they only earn 25% of the ransom paid. However, if the weekly payment is over 125 bitcoins, then they can potentially keep 85% of it. Through such initiatives, the RaaS business model has proven to be highly lucrative, for both the providers and the distributors, and there’s no sign that the these operations will go away anytime soon.
  3. The rise of cryptocurrency. The third leg of the stool is made up of crypto currencies such as bitcoin, which allow payments to be made anonymously. This allows cybercrime service providers to sell their wares easily, and allows cybercriminals to extort money from their victims more effectively.

Profit and loss: Another aspect contributing to the rise in cybercrime is the increase in potential profits. The cybercrime market is lucrative because of the extent to which things have gone digital. Everything from finance, to healthcare, to national infrastructure is connected in some way or another. On top of this, the introduction of IoT and smart devices has resulted in an explosion of connected devices, each of which presents a potential money-making opportunity for a clever hacker.

The abundance of connected devices gives criminals an advantage because there will always be unsecured, unpatched, or simply insecure targets. Attacks can be individual consumers as they could from attacking large enterprises. By targeting individuals, hackers further lower the bar to entry, as no pre-qualification needs to be done on the target.

 Key takeaways: The growing number of criminals taking advantage of lucrative cyber money-making opportunities will unfortunately only continue to grow. Therefore, it is more important than ever that enterprises and individuals take appropriate steps to protect themselves from cyber-attacks. Here are few tips to bear in mind:

  • User education and awareness is the first, and arguably the most important, line of defence. For example, knowing not to click on suspicious links could prevent a potential infection entirely.
  • Segregating critical systems and assets is also a good defensive measure. If a user does click on a link, having segregated systems will prevent infections from spreading.
  • Have robust detection and response controls in place, which are enhanced by threat intelligence, is also critical so that infections can be detected quickly and remedial action taken immediately to minimize impact.
  • Finally, the importance of backup processes cannot be forgotten or neglected. If the worst does happen, it’s often better to wipe systems and reinstall from a clean, trusted backup than try to fix the mess.

Protect yourself from scammers

Thinking of doing something with your pension pot?

Before you go any further, read these five tips to protect yourself from scammers.

If you think you’ve been scammed – act immediately

If you’ve already signed something you’re now unsure about, contact your pension provider straight away. They may be able to stop a transfer that hasn’t taken place yet. Then call Action Fraud on 0300 123 2040 to report it.

If you have doubts about what to do, ask The Pensions Advisory Service (TPAS) for help. Call them on 0300 123 1047 or visit the TPAS website for free pensions advice and information.

If you’re aged 50 or over and have a defined contribution pension (a pension not based on your final salary), Pension Wise is there to help you investigate your retirement options. Visit the Pension Wise website to find out more.

 Cold called about your pension? Hang up!

Unsolicited phone calls, texts or emails about your pension are nearly always scams. Scammers will often claim they’re from Pension Wise or other government-backed bodies. These organisations would never phone or text to offer a pension review.

 ‘Deals’ to look out for’

Beware of unregulated investments offering ‘guaranteed returns’. These include exotic sounding investments like hotels, vineyards or other overseas ventures, and deals where your money is all in one place – and therefore more at risk. Visit the FCA’s ScamSmart website to see if the deal you’re being offered is a known scam, or has the hallmarks of a scam. Don’t be rushed into making a decision. Scammers will try to pressure you with ‘time limited offers’ or send a courier to your door to wait while you sign documents. Take your time to make all the checks you need – even if this means turning down an ‘amazing deal’.

 Using an adviser? Make sure they’re registered with the FCA

Scammers sometimes pose as financial advisers. Check your adviser is registered on the FCA website and that they’re authorised to give advice on pensions. If you deal with someone who is not regulated you may not be covered by the Financial Ombudsman Service or Financial Services Compensation Scheme if things go wrong. And don’t be taken in by smart websites or brochures – professional-looking marketing materials are not a guarantee of a company’s authenticity.

 Don’t let a friend talk you into an investment – check everything yourself

People have fallen for scams because they’d been recommended by a friend. Do your homework, even if you consider yourself or your friend to be financially savvy. False confidence can lead to getting stung and with a pension, it might be years before you discover you’ve been scammed.

 

Don’t let a friend talk you into an investment – check everything yourself

People have fallen for scams because they’d been recommended by a friend. Do your homework, even if you consider yourself or your friend to be financially savvy. False confidence can lead to getting stung and with a pension, it might be years before you discover you’ve been scammed.

Cyber-threats in university Clearing and how to overcome them -it Security Guru

A Level results are out.  For many, this is a time of celebration as they take up offers for the university or college of their choice.  However, for those who have not received the results they need it can be a stressful time as they enter Clearing, and turn to online search to secure a university or college place to continue their studies.

Cybercriminals are wise to this forthcoming uptick in web traffic, and have been creating higher education phishing sites to trick stressed students into clicking on malware-laden links.  This is not a new scam, and is evidence that cybercriminals are diversifying to rework banking, online shopping and other phishing scams.  Today security researchers at Forcepoint are now warning prospective students across the UK and internationally to beware of these scams.

Carl Leonard, principal security analyst at Forcepoint said: “This activity could come from one-off individual criminal elements speculating for financial gain or as part of an organised gang spreading malware kits or adding to botnets.  Using search analytics criminals can map likely human reactions and rework tried and tested social engineering scams to target vulnerable individuals.  Broadly, if a university or college offer appears too good to be true, it probably is.”

“University students will continue to be targeted by cyber criminals at relevant times of the year.  The scammers will continue to setup fraudulent websites and send convincing emails demanding interaction in order to manipulate a student’s behaviour when they are under the most time pressure.”

As a way of preventing these cyber scams, Forcepoint advises students searching for university and college courses for the autumn to do the following:

  • Type in the URL rather than clicking on links in email or in online adverts
  • Use reputable search engines
  • Be aware of lure lines such as “discounted course fees,” “multiple course places available now,” or the usage of highly respected educational establishment names in promotions
  • Keep internet security up to date on PCs and mobiles
  • Begin your Clearing search via the UCAS website, which contains official links and the latest up-to-date places
  • Reach out to the university or colleges admin secretary office if you have doubts as to the legitimacy of a fee or offer

Wayne Gaish, IT Strategic Development Manager, Petroc said: “Petroc takes cyber security very seriously and in particular for our learners at this crucial time of year. The guidance provided by Forcepoint will help promote a better understanding for our learners in today’s digital world.”

Frank Jeffs, post-graduate researcher and former Head of Advertising at Middlesex University said:

“Scams of this nature have the potential to trick stressed UK-based students, but could also catch out international students who are seeking courses in the UK.  In my experience, scammers use well-known university names such as Oxford or Cambridge and create fake institutions which sound very similar.  Designed to look realistic and offering qualifications at a low price or attempting to capture personal information, this social engineering trick could easily catch out international studients or people who might not have the local knowledge of the official educational establishment names.  Always go via the UCAS website or type in the URL of the university or college you are interested in.”

 

Stop children bingeing on social media during holidays, parents urged | Society | The Guardian

Children’s commissioner says too much time is spent online as she launches ‘five a day’ campaign. Children’s access to Snapchat should be limited, the children’s commissioner says. Photograph: Lucy Nicholson/Reuters.

Source: Stop children bingeing on social media during holidays, parents urged | Society | The Guardian

‘LinkedIn Update’ Phishing Scam Email

If you use LinkedIn, keep an eye out for an email that claims you must click a link to update your account. The email, which has the subject “LinkedIn Update” claims that LinkedIn is updating its “Services Agreement and Privacy.

The message warns that your account will be deactivated if you do not click the link and update your account. However, LinkedIn did not send the email and your account will not be deactivated if you don’t click the link. Instead, the email is a phishing scam that is designed to steal your LinkedIn account login details. If you click the link, you will be taken to a fraudulent website that has been built to emulate the real LinkedIn login page. Once on the fake site, you will be asked to enter your account email address and password to log in. After entering your details, you’ll see a message claiming that you’ve successfully completed the supposed update.

Online criminals can now use the information you provided to hijack your LinkedIn account. Once they have gained access to your account, the criminals can use it to send spam, scam, and malware messages to your LinkedIn contacts in your name.  They may also gather more of your personal information from your account and use it to pose as you and attempt to steal your identity. LinkedIn users are regularly targeted in such phishing scams.

LinkedIn has information about phishing scams and how to report them on its website.

Cyber Safe Warwickshire – Significant Rise In Council Tax Rebate Frauds

Action Fraud are warning that fraudsters may be posing as local council officials or professionals and cold-calling customers stating that they are eligible for a general tax or council tax rebate, with a sharp increase in the number of reports relating to fake council tax refunds in the last few weeks.

Source: Cyber Safe Warwickshire – Significant Rise In Council Tax Rebate Frauds

Which smartphone is the most secure? – NCSC Site

Andy P (EUD Security Research Lead) says: “When talking about end-user device security, one of the questions I hear most often is ‘Which smartphone is the most secure?’ . Now, since Jon’s told us we’re not allowed to say ‘It Depends’, we’d better have a good answer. So here’s what I think.”

‘The most secure platform’ isn’t really a useful metric. It’s an old adage that the most secure computer is the one turned off, disconnected, and locked in a safe. Pretty secure, and not very usable. But it illustrates the point that there’s plenty more to think about than just security when deciding which device you’re going to use to get your job done (or play Minecraft on). Instead, I believe the question we should be asking is ‘Is it secure enough?’.  Once you’ve established which of your potential options are in that category, you can then pick the one that best meets your other requirements, such as cost, features, battery life, availability of your favourite apps and so on.

Source: Which smartphone is the most secure? – NCSC Site

It’s a trap! Marcher banking trojan masquerades as Adobe Flash Player for Android

 

A variant of the Marcher banking trojan is targeting Android users by masquerading as a mobile Adobe Flash Player app.

This version of the malware arrives via popcash[dot]net, an advertising network which is known to serve “popunder” ads that display behind a main browser window so that the user sees them when they try to exit.

The ads drop malware payloads that pose as Adobe Flash Player. If a user clicks on the dropper URL, they see a message warning them that their Flash Player is out of date.

The dropper also loads the malware “Adobe_Flash_2016.apk” onto the user’s device, a program which then guides the user to disable security features and allow app installations from unknown sources.

Successful installation prompts the malware to conceal its icon from the home screen, to register the infected device with its command-and-control (C&C) server, and to send important information about the infected device including a list of installed apps to its server.

Source: It’s a trap! Marcher banking trojan masquerades as Adobe Flash Player for Android

Tackling Tobacco Crime across the Midlands

Over 5.5 million illegal cigarettes and 645 kg of hand rolling tobacco were seized by Warwickshire County Council’s Trading Standards Service and other local Trading Standards within the Central England Trading Standards Authorities (CEnTSA). The cigarettes and tobacco were seized in the last financial year (2016/2017) with a loss to the tax payer of over £2 million. The total retail value of the illegal goods is estimated to be worth more than £2.5 million.

The cigarettes and hand rolling tobacco were often well hidden, in sophisticated concealments using electronic magnets controlled by a switch, in cavity walls and even disguised as BBQ sets. Such hiding places are difficult to detect without the aid of specialist tobacco sniffer dogs.

All offending businesses are subject to a criminal investigation, with some traders already being successfully prosecuted. Some have received financial penalties, others, suspended prison sentences and community orders. In addition, some shops have had their alcohol licences suspended or revoked for dealing with illegal tobacco products.

Warwickshire County Councillor Howard Roberts, Portfolio Holder for Community Safety said:  “Far from being a victimless crime, the illegal tobacco trade is providing a cheap source of cigarettes for children and young people. Whilst all tobacco is harmful, the illegal tobacco market, and in particular the availability of cheap cigarettes, makes it easier for children to start smoking and harder for smokers to quit and remain smoke free. The loss to the tax payer means less money being spent on local communities, schools and the NHS.’’

Bob Charnley, Chairman of CEnTSA said ‘‘More and more people over the past few years have decided enough is enough and are providing information to Trading Standards, to stop local criminals selling and distributing illegal tobacco. Combating illegal tobacco has become an increasing priority for Trading Standards. The illegal tobacco trade has strong links with crime and criminal gangs, including drug dealing, money laundering, people trafficking and even terrorism. Selling illegal tobacco is a crime.”  Mr Charnley added ‘‘retailers are becoming increasingly sophisticated in their approach, adapting their methods in order to avoid detection. Some businesses had gone to great lengths to conceal the illegal tobacco in secret compartments, including BBQ sets, fake floor boards, false walls, ovens and fridges. You may hide it, but we will find it.’’

Illegal tobacco products can usually be easily recognised. They will be very cheap, often less than half the price of legitimate packets and often have foreign writing on them. Anyone being offered cheap tobacco or any other types of illicit goods should report it to Trading Standards by calling the CEnTSA’s confidential fakes hotline on 0300 303 2636.

For more details on NHS Stop Smoking Services in Warwickshire go to www.quit4good.co.uk or phone 0800 085 2917.