Ransomware the next big threat to data 0 314

Ransomware ESET East Africa

You wake up with bloodshot eyes after banging on your keyboard in the wee hours of the night to beat the deadline for a grand project. But on powering your computer the following morning, suddenly a red banner flashes on your screen coaxing you pay Ksh50,000; you are warned that failure to do so, your treasure trove of data is lost forever.

Welcome to the world of Ransomware and it is just beginning. That is ominous warning experts have given both private and public sector organisations in Kenya pointing to an imminent rise in Cyberattacks in the form of Ransomware.

The underground criminal world has devised a way to lock your data and get you to part with a tidy ransom for it. Ransomwares viruses are often disguised as innocuous emails, links or pop-ups, thereby easily hoodwinking gullible users to grant access to their system for infiltration and eventual takeover for ransom. “Anyone is vulnerable”, says Bruce Donovan, Regional Manager for ESET East Africa, a security solutions firm.

There are now multiple ransomware viruses floating around the internet. Though they typically operate like Trojan horses, infecting your computer without you knowing, only in this instance, the bugs aren’t corrupting your files, they are encrypting them.

For law enforcements agencies, governments, small and large enterprises among others, lack of access to critical data can be disastrous in terms of the loss of sensitive important information, the interference with regular operations, financial losses suffered for data restoration, and possible reputational crisis.

The TeslaCrypt ransomware has been in widespread among cybercriminals since it was launched last year. But in an unforeseen turn of events, criminals behind the ransomware released the master decryption key for TeslaCrypt. Security vendor ESET has used that key to develop a decryptor tool for TeslaCrypt and recently made free to public.

However, this does signal the end of Ransomware, criminals are increasing accessing new and more effective Ransomware. According ESET East Africa, “It is important to note that ransomware remains one of the most prevalent forms of internet threats and prevention is essential to keep users safe. Therefore, users should keep their operating system and software updated, use a reliable security solution with multiple layers of protection, and regularly backup all important and valuable data at an offline location.”

Donovan explains that just like with many maladies plaguing human kind, prevention is often the best medicine to tackle the threat of Ransom Attacks. “This calls for continuous and earnest education of ICT services consumers”, he says.

Cybercrime remains a lucrative enterprise. To keep ahead of their game, criminal gangs invest a lot of time in research and development to contrive new forms of attacks, with Ransomware becoming their favourite pass time.

This is particularly so, in this age of social media where through Social engineering techniques, criminals are able to evolve faster than the markets. Social engineering refers to the psychological manipulation of people into performing actions or divulging confidential information.

And herein lies the dilemma, as the East African region forges ahead economically, and continues to attract new investments and interest from global companies, hackers are following the money.

This calls for added vigilance by private sector organisations and governments and who are more likely to fall victims of a ransom attack. Critical is to be aware of the vulnerability in the first place, since many attacks are disguised as legitimate links and prompts.

“In our experience we have found that very few organizations invest in testing out risk scenarios as well as back up and disaster management and recovery solutions – the best tool available in response to ransomware threats, other than data encryption technologies,” says Mr. Donovan.

Previous ArticleNext Article

ESET’s guide makes it possible to peek into FinFisher 0 462

FinFisher, also known as FinSpy, has a history of being used in surveillance campaigns, both against legitimate targets and against political opposition in countries with oppressive regimes. Despite that, the latest thorough analyses dealt with samples from as long ago as 2010. Since then, the FinFisher spyware received strong anti-analysis measures; apparently, this is also the reason why the more recent reports about FinFisher don’t go into much technical detail. In one of the reports, a reputable security company even admitted that due to strong obfuscation, it was not possible to extract the C&C servers.

Having discovered a wave of surveillance campaigns in several countries in summer 2017, ESET researchers dug deep into the samples of FinFisher. To be able to start a thorough analysis of how these recent samples work, they first had to break through all FinFisher’s protective layers.

To help malware analysts and security researchers overcome FinFisher’s advanced anti-disassembly obfuscation and virtualization features, ESET researchers have framed some clever tricks into a whitepaper, “ESET’s guide to deobfuscating and devirtualizing FinFisher”.

“The company behind FinFisher has built a multimillion-dollar business around this spyware – so it comes as no surprise that they put a much bigger effort into hiding and obfuscation than most common cybercriminals. Our aim is to help our peers analyze FinFisher and thus protect internet users from this threat,” comments Filip Kafka, ESET malware analyst who leads the analysis of FinFisher.

Filip Kafka expects the FinFisher creators to improve their protections to make FinFisher hard to analyze again. “With their huge resources, there is no doubt FinFisher will receive even better anti-analysis features. However, I expect their additional measures to cost more to implement while being easier to crack for us the next time around,” comments Filip Kafka.

ESET’s analysis into FinFisher is ongoing. In the first stage, ESET researchers focused on the infection vector used in the mentioned campaigns. They strongly believe internet service providers have played the key role in infecting the victims with FinFisher. Filip Kafka’s presentations of these findings along with a brief overview of FinFisher’s anti-analysis capabilities raised a lot of interest at the Virus Bulletin Conference as well as the AVAR conference.

Coming to terms with cyber security nightmare 0 414

Teddy Njoroge

Last year internet security companies made forecasts about possible cyber-threats to really worry about this year. This we followed with measures that companies and individuals needed to take to ensure a cyber-safe 2018. Paramount among these was the need for proactive use of protective software tools as well as sensitisation and training of users about these threats.

True to predictions, 2018 started with a scenario hardly anyone could have foreseen. Two serious design vulnerabilities in Computer Central Processing Units (CPUs) were exposed that could enable cyber-criminals to steal sensitive or private information such as passwords, documents and photos among other data from unsecured devices.

The “Meltdown and Spectre” CPU vulnerabilities point to a much larger underlying issue. Software bugs and hardware bugs are more common than not, but these once identified can be fixed fairly easily with either a software patch or firmware update for hardware issues.

However, as it turns out this is not possible with these two vulnerabilities as they are caused by a design flaw in the hardware architecture, only fixable by replacing the actual hardware. And that is where the problems begin.

CPUs of affected manufacturers such as AMD, ARM, Intel, among others appear in a lot of Internet of Things (IoT) devices and which are scattered all over the globe.

According to ARM, they are already “securing” a trillion (1,000,000,000,000) devices. Granted, not all ARM CPUs are affected, but if even 0.1 per cent of them are, it still means a billion (1,000,000,000) affected devices.

Due to the huge costs involved, it is not feasible to replace all these faulty CPUs. In reality people will keep their existing devices until end of their life cycles, for years even.

Deployed for countless and diverse applications in the households or offices, once operational many owners have most likely forgotten that they have them and which inherently leaves a giant gap for cybercriminals to exploit.

Any Wi-Fi-controlled device such as refrigerator, digital picture frames, Smart TVs, DVRs and PVRs etc., potentially provides opportunity for sensitive data to be lost. For example, a compromised Wi-Fi password for any of these can make it possible for anyone to hack your home or office network thus giving automatic access to any other connected platform such as emails, social media pages and even shared cloud or archive platforms.

Even though to get access to your IoT device, a would be attacker needs to have compromised the internet network already, or even the applications running on the device, we know that cyber-criminals just like a pack of wolves will not relent after smelling blood.

As a warning, when you are buying a new IoT device, ensure to check which CPU it is running on, and if that CPU is affected by these vulnerabilities.