New parental control app monitors children’s online activities 0 761

New parental control app

Global Security software provider ESET has unveiled a new tool to help parents monitor what their children are doing online. The ESET Parental Control for Android app provides provides age and category-based filters and will restrict children’s access to inappropriate web content.

The application also comes with an ‘Application Guard & Time Management’ function that will also help parents regulate the amount of time their children spend on gaming and internet browsing. It also comes with a ‘Child Locator’ service which can be used to track their child’s location.

Speaking during this announcement, ESET East Africa Area Manager, Mr. Bruce Donovan said that children are increasing accessing the internet from mobile devices as opposed to computers increasing the need for parents to manage what their children do with their tablets and smartphones.

“We conducted a study that showed 88 percent of parents are worried about what their children can access online. Out of these, 71 percent mentioned their children had in the past forwarded personal details to strangers; while 61 percent highlighted excessive amounts of time spent on devices,”  Mr. Donovan said.

Despite parental fears and the move by the Communication Authority through the Child Online Protection Campaign, only few of parents have installed a parental control app to help manage their children’s online experiences, the survey revealed.

The company says the ESET Parental Control for Android app safeguards children on smartphone devices by giving them protection and user experience, without limiting performance. Designed to help parents protect their children against internet threats and inappropriate web pages, the app boasts a wealth of child protection features and a friendly user interface.

“Even as we offer protection, it is important that the application creates and builds a respectful relations between parents and children who use their own smartphones or tablets,” Mr. Donovan added.  It enables them to be sure that children of all ages can enjoy the wealth of information and entertainment available online without the fear of online threats.

The app contains an added option for children to ask their parents for special permission to access certain apps or web content, or ask for extra gaming or browsing time. ESET Parental Control for Android is available from the Google Play Store, at the my.eset.com portal or via ESET’s partners.

“It is always best to first teach your child the correct way to use the internet then make them aware of the risks and dangers that can result from misuse, making it clear that parental control tools are installed for their own safety,” concluded Mr. Donovan.

Other additional features of the ESET Parental Control app include  the ‘Parental message’ which is allows the parents to read SMSes sent to the child and the ‘Reports for Parents’ which sends regular emailed to parents on their children’s internet usage.

Next Article

Hacking and targeted cyber-attacks as a result of anti-competitive practices in business 0 93

Targeted Attacks

In ongoing consultations with clients, large companies named targeted attacks and hacking as two of their biggest security challenges since they can seriously impact the continuity of business activities in an organization.

Attackers have many means to infiltrate companies. However, many attacks, don’t require a very high level of technological sophistication. Instead, techniques like targeted social engineering, i.e. spear phishing, or the use of known vulnerabilities for which, patches may have been issued but businesses have not yet deployed, can lead to damaged reputation, revenue and data breaches.

On the other hand, high levels of sophistication can also be utilized as is in the case of a Zero Day attack.  Chief among these was Stuxnet, a recorded attack where malicious code successfully deployed four zero-day vulnerabilities to impede a uranium enrichment program in Iran, and which, according to media, was a state-sponsored attack.

There are many reasons why organizations become repeat targets. Their bank accounts contain more resources than those of an average person or small business and they also have considerable amounts of interesting data that can be monetized. Attacks targeting companies can also be used as a form of competition. Most often, this concerns data hunting, i.e. obtaining interesting information or intellectual property. These attacks can be accompanied by blackmail. For example, a client database is stolen from a company and is later approached by the perpetrators and asked, “what they are going to do about their loss”.

Different ways to monetize attacks bring different consequences

Organizations often find it difficult to admit they have been breached by these types of attacks. Consequently, this may give other companies the false impression that such attacks happen only occasionally. A typical example of targeted attacks, common in recent years, are DDoS as a Service – attacks, which are sponsored by one company to attack the website of another, with the effect of disrupting business and directing customers away from the targeted company and (possibly) towards the attacker’s “employer”. These are criminal tactics, and the attackers know very well which business areas to target for maximum gain.

There are of course other approaches. Take the example of the British National Health Service, which has become a frequent target of ransomware attacks. Digitization of health services has resulted in a situation where the malicious encryption of medical data may lead to a halt in medical interventions and surgeries. Under such conditions, targeted organizations are often more inclined to pay a ransom for the “hijacked” patient data.

In Kenya attackers have been known to target their attacks to banks and financial institutions, with figures of Ksh400 million being reported stolen from an unnamed local bank and Ksh29 million from National Bank of Kenya in 2018 alone.

Innovative approaches to old tricks

In many rural areas worldwide, one quick glance at powerlines will reveal how easy it is to make illegal connections to the power grid. As of late, cyberattackers have followed a similar model, focusing their resources on illegally mining various cryptocurrencies, which have proven to be highly popular in the public’s imagination.

A more complex example was a targeted attack meant to infect StatCounter, which provides a service  very similar to Google Analytics and uses a special script legitimately placed on websites to obtain data about website visitors. In this case, attackers successfully breached StatCounter and subsequently gained access to the service’s end users by injecting JavaScript code in all websites that use Stat Counter’s service.

The problem came to light when visitors navigated to the now compromised websites which contained the infected scrip, and who’s devices then began covertly mining bitcoins for the attackers. During the second stage, the attackers proceeded to steal bitcoins directly from infected devices when they attempted to access a popular cryptocurrency exchange. To get an idea of the scale of such an operation, StatCounter can be found on more than two million websites.

Such an attack means that system resources of infected devices at the company legitimately using the service are additionally tasked to mine. This may not concern only computers, but also mobile devices and especially servers. The subsequent cryptomining accelerates wear and tear on devices and also increases electricity bills. In addition, we should not forget that malicious cryptomining code is usually capable of uploading other types of malicious script onto the network.

Investigations may take months and are looking for a needle in a haystack

When a large company falls victim to such an attack, it is necessary to carry out a complicated investigation of what happened and how the company has been affected. Research shows that it takes about 150-200 days for companies to find out they’ve been infected. Further investigation regarding the method by which the company was infected and where the malicious code originated may take even longer.

Facing such substantial risks, large companies should leverage solutions like ESET Dynamic Threat Defense to detect new, never before seen threats.

To find out more about ESET Dynamic Threat Defense or to request a free in-house cyber security training session for your organisation, please sign up below.

Ransomware Protection Crucial to Enterprise 0 281

Ransomware

Ransomware is by far the biggest threat among Enterprises.  So what is Ransomware? It is a malicious code that blocks or encrypts the contents of a device and demands a ransom to restore access to the data.

According to research done by ESET,  Companies named ransomware their number one concern.

In response to customer needs and concerns, ESET integrated Ransomware Shield into its security solutions. ESET has long been providing its customers with very good behavior-based malware detection and also with Host-based Intrusion Prevention System (HIPS) that allows users to set custom rules for the protection against ransomware. However, should something slip past the 11 other security layers, Ransomware Shield will be automatically activated.

While ransomware infection often starts with clicking a suspicious link or a fictitious invoice, ESET found that email remains the most common distribution method.

To combat these scenarios, enter ESET Dynamic Threat Defense (EDTD). EDTD provides another layer of security for ESET products like Mail Security and Endpoint products. It utilizes a cloud-based sandboxing technology and multiple machine learning models to detect new, never before seen type of threats. In result, attachments that were classified as malicious are stripped off the email and the recipient gets information about the detection.

To learn more about how ESET can protect your business, and to book a FREE in house Cybersecurity Training Session for your employees, please sign up below.

Free Training