These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Archive for the ‘Security Tips’ Category

Private Data Potentially Made Public Voluntarily

Friday, July 8th, 2016

It is possible for even an unintended person to view the personal information you post online, whether from a PC or from a mobile device. Sadly there is a high possibility of ladies being targeted, bullied or harassed. A recent shameful incident reported in the news where a man in Delhi has been arrested for harassing ladies in the region with unsavoury messages or phone calls after viewing their WhatsApp profile pictures.

Enhancements in social networking sites and their applications have attracted a huge user base especially amongst youngsters. As we recommended in our previous blog, online users, ladies  in particular, should be vigilant while posting their personal information like photos, contact details, address, etc., in all social networking forums, even applications that simply connect people around.

Women should also be aware that the information shared online stays forever and is free for public viewing. Reiterating, here are few tips to avoid falling prey to such incidents.

  • Tweak privacy settings in applications carefully to prevent strangers from contacting you
    • WhatsApp > Menu Button > Settings > Account > Privacy
  • Avoid posting your personal pictures online such that anybody can view them
  • Never accept strangers to your contact list
  • Avoid sharing your personal information especially photos, phone numbers, address,etc. online

Image courtesy:
stonehousedesigns.com

V.Dhanalakshmi
Senior Threat Researcher, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

K7 @ CARO 2016

Thursday, May 26th, 2016

The CARO Workshop 2016, held in Bucharest, Romania, between May 19-20 featured presentations from notable security vendors and researchers, with a focus on the application of machine learning to security. The keynote speech was by Dr. Ashkan Fardost, who, among other things, talked about connecting reindeer to the internet.

K7’s Gregory Panakkal  and Georgelin Manuel participated in the CARO workshop with their presentation titled “A High-Performance, Low-Cost Approach to Large-Scale Malware Clustering”. Their popular talk suggested a technique to cluster huge numbers of malware files on commodity hardware. This presentation demonstrated clustering 2 million files on a machine with a modest configuration in under 3 minutes. The ideas exhibited were well-received, and attracted considerable attention from researchers who are thirsting for alternatives to distributed computing, which is currently the standard solution for handling large numbers of files.

Image courtesy of 2016.caro.org

Product Engineering Team

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

The Pen is Deadlier than … You Might Think

Thursday, May 19th, 2016

This blog intends to educate the general public about the security risks pertaining to pen drives (aka USB sticks/drives, thumb/removable drives), data storage devices that can store text, images, music, videos, etc., and ways of mitigating the risks.

These devices come in handy when the user wants to transfer data between computers. They’re small in size but can hold large amounts of data. However, the utility and ubiquity of pen drives introduce significant security risks.

Pen drives pose a major security challenge to IT administrators. Some surveys indicate that 70% of businesses have reported loss of data through USB. Being small, pen drives can easily be misplaced or stolen and, if data is not backed up, it can mean loss of hours of hard work.  An even bigger challenge is to prevent infection through already infected USB drives.

The Autoplay feature in Windows is the key route to automatically infect PCs as soon as the infected pen drives are plugged-in. This autoplay feature causes removable media such as pen drives, CDs, etc. to open automatically when they are inserted into a computer.

Hackers and autorun worms use the autoplay feature to run malicious executables from removable drives. USB as an infection vector is not new; many older but infamous families of malware, notably Conficker, Sality and Gamarue use USB as part of their infection vector.

It is to be noted that many computers still have Windows XP, for which Microsoft withdrew support in April 2014, installed. Windows XP is popular among PC users especially in India, and has the autoplay feature enabled by default. Thus they are at greater risk of an autorun infection on their system than users who have updated their computer’s OS to recent versions of the Windows Operating System such as Windows 7. It is interesting to mention that most of these autorun worms originated in Asia.

Pen drives also provide an opportunity for malware to spread to stand-alone computers that are not connected to any network. The person carrying the infected pen drive, knowingly or unknowingly, bridges the air gap between the stand-alone computer and the network. It is of high probability that a pen drive used on one infected system (provided the infection on the system is capable of spreading itself) gets itself infected, thus spreading the infection to healthy computers when simply inserted into them.

Hence we advise users to practice one or more of the following recommendations to overcome the risks associated with using pen drives:

  1. Scan the pen drives for malware after sharing with your friends or family as a precaution against infections. Even if you have an up-to-date, reputable Anti-Virus Security product installed on your computer, your friends and family might not on theirs.
  2. Avoid using pen drives on public computers, e.g. at Internet cafes.
  3. If you have not already done so, install a world-class, up-to-date antivirus product like K7 Total Security.
  4. Use the autoscan feature, if any, in your Anti-Virus product to automatically scan all USB drives as they are connected to the system. Also schedule frequent, automatic scans on your PC to keep it infection-free.
  5. To prevent loss or theft of data, you may block USB devices from being used on your system. K7 Total Security has features to block pen drives and restrict read-write access to USB drives.
  6. Vaccinate your pen drive to ensure that it does not get infected by an Autorun worm even if it is used on an infected machine.

Images courtesy of:
Com.net
Technologymess.com

Rathna Kamakshi
Manager – K7 Support

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Caution: Free WiFi Ahead

Thursday, May 12th, 2016

Continuing our series on cyber security following the two-part blog on digital signing, this is the eighth post which hopes to enlighten users on how to safely tread the open WiFi zones in public areas.

Free WiFi hotspots, which were a luxury some time ago in India, have become the norm nowadays. With the Indian government aiming to take the Internet to last tier cities, towns and villages it is only a matter of time before we are encapsulated in WiFi zones everywhere. This is aimed at bringing the wealth of information available on the internet to the masses. However, the omnipresence of WiFi could attract a great deal of sniffing and eavesdropping.

Open WiFi hotspots, though meant for the greater good, could become the medium for information security mishaps. Any data sent to an unprotected network could easily be monitored using packet or network sniffing applications by a hacker with malintent.

When using an open WiFi hotspot the network traffic between your device and the router is not encrypted, as opposed to using a home WiFi connection which should usually be secured by a passphrase which encrypts the traffic and shields it from eavesdroppers. Hence in an open WiFi connection, any data you send to the router is sent in a visible form and can be snooped upon by using packet or network sniffers. Imagine someone filling out details to an online form; the data submitted could fly across as plain text and can be easily grabbed off the air.

It is advisable to avoid using internet banking and online shopping portals, and communication apps when connected to an open WiFi. Also, it is advisable to turn off network sharing, in the case of laptops, since they could be accessible to people who are connected on the same network, and if the shared resource has no authentication then it would become an easy target for intruders.

A user needn’t explicitly open an app (with a potential security loophole) on his or her mobile device to expose its security hole. Most apps today keep looking for an active internet connection either to push or retrieve notifications thereby exposing its security lapse on an open WiFi connection. It is therefore advisable to restrict background data when on an open WiFi network.

Of course one cannot totally dismiss an open WiFi connection as inherently unsafe. It would be user-practices that make it safe or unsafe. For those who are totally dependant on an open WiFi network, they could choose to use a VPN application thereby securing their communication with the network within a secure channel, and decide to post content only to websites that are signed and secure.

Images were courtesy of:
muraldecal.com
toonclips.com

K7 Threat Control Lab
If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

IoT: What the Future Holds

Thursday, March 17th, 2016

Here is part six of the the blog series on the Internet of Things following on from IoT: How are We Going to Protect Ourselves? that concludes the blog series with a brief idea on how we, as a security company, foresee the future of IoT security.

The problems that an IoT consumer user might face is applicable to enterprises as well, on a large scale. The risks could be even higher in the case of enterprises because the devices in industry, e.g. in a nuclear power facility or water plant, cameras in data centres, medical devices in hospitals, etc., could very well also be part of IoT.

Data from millions of credit cards stolen…, hackers stealing passwords from billions of customers…, cyber-criminals stealing intellectual property from world famous XYZ company… these are the subjects of breaking security news over the last couple of years.

In the future it would be awful to hear news like  “Hackers stole billions of IoT data records”, “Cyber-criminals got access to trillion IoT devices”,  “Almost all the household appliances from XYZ country stopped working after a reported attack from ABC group”, etc. As a security company, we would consider such scenarios as possibilities but we would hate to see them manifest themselves.

The next generation of spam messages are not going to be based on assumption but will be purely and precisely based on the user’s IoT device usage and data, as it is now happening with web search items.

There could be a possibility of a new era of cyber war and cyber terrorism, but at the same time, we would like to welcome you all to the new world of cyber security protection!

http://devicebar.com/wp-content/uploads/2015/05/What-Is-Internet-of-Things-IoT-e1432593113423.png

Remember, the objective of this blog series was not to make users paranoid about IoT or to spread panic. Rather, it was to create and spread awareness on being secure in a more challenging world of IoT! So, by following simple, but important, protection steps, we should be able to protect ourselves better from IoT security dangers.

Here at K7 we have been protecting our customers and their information systems for more than two decades, and we intend to protect even their IoT devices, at home and elsewhere! We would like to witness the ‘Internet of Things’ turning into the ‘Internet of Secure Things’.

Image credits:
devicebar.com

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Don’t Read That Ransomware Spam Script! Seriously Bad Story.

Wednesday, March 9th, 2016

Beware of two aggressive ransomware spam campaigns which have been active for the past few weeks.

The above screenshot of my own spam folder exemplifies the typical theme used by the new ransomware kid on the block, “Locky”, and the latest version of an established ransomware called “TeslaCrypt“.

Although both ransomware spam runs pretend to be an “Invoice”, the next stage of the infection vector for Locky and TeslaCrypt differ significantly from each other. Locky spam mails contain an attachment such as ‘scan_<number>.doc’, whereas the current TeslaCrypt spam contains a ZIP archive wrapping a JavaScript file, e.g. ‘invoice_<random alphanumeric>.js’.

The Locky DOC file contains a password-protected macro VBA script. Please note, since macros can contain malicious code they are disabled by default in Microsoft Word, and should remain so. The objective of the Locky macro script as well as the TeslaCrypt JavaScript is to download and execute the respective ransomware payload EXE.

Typical malicious spam campaigns deliver the payload directly in a ZIP attachment containing an EXE. However such attachments are easier to block at the email gateway level since they are considered “high risk”. It is more difficult to block non-EXE files at the gateway as a matter of policy, hence the Locky and TeslaCrypt attachments are more likely to get past gateway filters onto the local computer. Thereafter, given their script context rendered by standard interpreting applications, the download and execution of the ransomware payload is less likely to be blocked by behavioural protection mechanisms such as HIPS and the firewall.

K7 has robust protection at multiple levels against both ransomware campaigns, however, as always, prevention is much better than cure. In the case of spam, it is best to completely avoid emails from unknown sources, especially those which expect one to open an attachment or click on a link.

Samir Mody
Senior Manager, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed

IoT: How are We Going to Protect Ourselves?

Thursday, February 25th, 2016

Here is the fifth part of the blog series on the Internet of Things following its fourth part on “IoT: What the Bad Guys Could Do with Your Hacked Devices”. This part explains the difficulties in protecting an IoT device and a few security steps to safeguard against the risk at the user’s end.

Unfortunately many things are as yet unclear, and therefore not streamlined, when it comes to IoT security. That is, currently there are no proven security standards available for IoT, unlike other sectors such as health, finance, information technology, etc. which have dedicated security standards.

As a world-class security company, our mission is not only to protect people but also to create awareness about cyber security hazards associated with using state-of-the-art technology.

Interestingly, in a report from the U.S. Federal Trade Commission, the security principles a manufacturer should follow while making an IoT device are well-documented. The important ones are:

  • Security by design
  • Data minimization
  • Notice and choice for unexpected uses

We would like to provide some additional detail. We recommend the following steps to vendors who manufacture IoT devices:

  1. Ensure that the appliance firmware is safe and secure by design, and by implementing known security standards, i.e. vulnerability-free.
  2. Ensure that the application developed to communicate with the appliance is safe and secure by design and by implementation.
  3. Always follow data security standards while storing and transmitting the information – this applies to the information stored on the appliance, stored in the application, and information transmitted from appliance to application and vice versa. Storing the data in an encrypted format would be preferable.
  4. Incorporate third-party security auditors to assess the appliance and the IoT application.
  5. If any security vulnerability in the appliance or application is disclosed, immediately notify the users about it and publish an update or patch as soon as possible.

As an IoT consumer, by following these simple steps, you can be better protected from the possible dangers:

  1. In your purchasing decision, instead of going by feature, always go by necessity. If you do not need to control your appliance remotely, then think twice before opting for a remotely-controlled IoT device. What is the use of controlling your refrigerator remotely if you use this feature only seldom? At least disable the IoT feature if not required.
  2. Ask the vendor about the security features that are available in the appliance, and the nature of the information stored or transmitted by the appliance, and the mode for the same.
  3. Ask the vendor about the security features of the application that controls the appliance, and the nature of information stored or transmitted by the application, and the mode for the same.
  4. Make sure that the mobile device that controls the appliance is secure and running with required security applications.
  5. Always use strong passwords for authentication on both the appliance and the application.
  6. Never share appliance passwords, application passwords and the mobile device that controls these appliances, with anyone.
  7. Update the application (firmware)/appliance/mobile device whenever there is an update available for the corresponding item. The automatic update feature is recommended, if available.
  8. Install and update the security suite software on the mobile device that hosts the IoT applications.

…to part 6: what-the-future-holds

Image credit:
phantomiot.com

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Social Networking

Thursday, February 18th, 2016

Here is the fifth part of the blog series on cyber security, following its fourth part on password management that describes the concept of social networking and  a few tips to follow to have safe networking online.

Social networking is a medium for managing social relations, both personal and professional, using the Internet. Social networking web sites such as Twitter, Facebook, LinkedIn, etc., provide a convenient and efficient online interface for communication with multiple people in a user-friendly manner. People are connected to their friends, family, colleagues, and followers in real-time, even on-the-go using mobile devices. Important events in people’s lives and people’s opinions on any subject seem to be communicated to all only via the social networking medium.

Social networking sites can be used to reach a wide audience very quickly through multiplier effects, e.g. people re-tweeting somebody else’s tweet. Therefore social networking is regularly used to communicate positive content. Sometimes certain content can become so popular amongst the masses that its immediate and far-reaching spread is described as “going viral”.

Unfortunately social networking sites can easily be abused to deliver negative content, intentionally or unintentionally. In addition, social networking sites are time and bandwidth consuming, and help to spread malware, therefore are particularly unwelcome within a work environment.

There are several risks associated with social networking which should be understood and managed effectively:

Users of social networking sites tend to post Personally Identifiable Information (PII) such as bank account and medical information, birthday, phone number, address, etc. online which can be used against them in harmful ways by other users, including professional criminal gangs. This is because information posted online may be accessible publicly. There are examples of burglaries which take place because users are known to be on holiday, leaving their houses empty. Users are advised to:

  • think twice before sharing PII online
  • read the Terms & Conditions of the social networking site carefully to verify what information is considered shareable and with whom
  • consider configuring privacy settings on social networking sites to protect PII better
  • avoid online surveys which extract PII

People in the virtual space of social networking sites cannot have their profiles pre-verified for authenticity so it is possible to create fake profiles which can be used to lure or spy on victims. Children are particularly vulnerable to being stalked by dangerous elements harbouring prurient ideas. In addition cases of use of abusive content to terrorize users are common. These actions are called cyber bullying and trolling, and can take a devastating toll on a person’s mental state. The following security guidelines are recommended:

  • Users should never accept an anonymous friend request.
  • It is important to use Parental Control software such that in K7 Total Security which allows blocking of certain sites or at least enforces restrictions on the time spent on certain sites.

Cyber criminals can spread malware and spam through social networking sites, causing users to expose their computer to infections. The following security guidelines are recommended:

  • Users should never click on the links on anonymous chats
  • Users should never download media files, including images and videos, from unknown sources.
  • Use strong passwords to avoid account hijacking and periodically cross-verify that privacy settings have not been modified.
  • It is important to use world-class, up-to-date Anti-Virus software such as K7 Total Security to protect against malicious files and block phishing and malware website links.

The resource-wasting aspect of social networking sites within an office environment can be prevented by blocking social networking sites locally using K7 Total Security or across managed computers using a central policy deployed by K7 Management Console.

Social networking has even been abused to spread disinformation and propaganda to engender a polarizing effect and mass panic amongst communities, which can be considered a national security threat. This implies that the content on social networking sites needs to be monitored closely and corrective actions taken as per the prevailing laws when security issues arise.

…to part 6: digital signatures

Images courtesy of:

blog.voxox.com
iconarchive.com
adweek.com

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

IoT: What the Bad Guys Could Do with Your Hacked Devices

Thursday, February 11th, 2016

Following the third part “IoT: Your Personal Data May Not be as Private as You Think” of this series on the Internet of Things, here is part four focussing on what could happen when IoT private information (discussed in “IoT: Your World at Somebody Else’s Fingertips?”) falls into the hands of the bad guys or the cybercrime underworld.

Suppose the bad guys have access to your personal data or hack into your IoT appliances (worst-case scenario!), they could:

  1. Demand a ransom, threatening to sell your private health records to any interested party
  2. Hijack your appliances and render them non-operational, unless you pay a ransom “fee”
  3. Monitor your house by controlling your security cameras without your knowledge, thus determining your presence or, in fact, absence. Along with your ‘Going to Paris on vacation’ post on social media, it enables them to plan a robbery more accurately
  4. Sell your eating and food preferences to various food manufacturing companies or retailers or even to restaurants and hotels, just to provide an added advantage in targeted selling
  5. Sell your clothes-washing habits and clothing preferences to various fashion companies or retailers
  6. Use your device as part of a botnet of billions of hacked devices to conduct a Distributed Denial of Service (DDoS) attack against a specific target. It is interesting to note that this type of attack using IoT devices has already happened. The light bulbs at your home could well already be part of a botnet, consuming your power and internet bandwidth simultaneously!

Perhaps somebody with a vendetta against you could even resort to changing your refrigerator’s temperature settings so that your food goes bad.

We have been witnessing for years what bad guys are capable of doing, e.g. security breaches at big organizations and infamous ransomware. The same tactics might apply here too.

One other dangerous scenario is within the context of cyber warfare. During war time an enemy nation could launch a massive cyber attack on IoT devices in another nation, rendering every IoT device dysfunctional resulting in more chaos, damage and potential loss of life. To this effect, IoT appliances may also be prone to cyber attacks by terrorists.

… to part5: How are we going to protect..

Image credit:
www.wired.com/tag/iot

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Passwords – Hashes to Ashes

Thursday, February 4th, 2016

This is the fourth part of the blog series on cyber security, continuing from its third part on Scareware, RogueAV and Ransomware, focussing on the dangers of choosing weak passwords and the consequences of recycling the same password across different online accounts, and a few tips on how to determine a suitably strong password.

In today’s digital age, people’s lives seem to revolve around passwords.  Passwords to online portals play an important role in securing access to a user’s online information, whether financial, professional or personal. Hence, users are perennially advised to always secure their accounts with strong passwords.

Many online portals alert users about inadequate password strength when setting up the login credentials for a user account.  Some online portals may even enforce strong password before the account is set up. Users must consider password depth while deciding on an account’s password to avoid their passwords being hacked easily.

From a security perspective, using the same password for a user’s multiple accounts is dangerous, both for personal accounts as well as in a professional environment.  In this case a hacker need hack only one account to have the credentials to have access to the victim’s other accounts and the sensitive information held therein.

Users should beware the consequences of using weak passwords. Here are a few of the general mistakes which lead to coining weak passwords:

  • Passwords which have been used previously
  • A user’s friend’s or family member’s name or date of birth
  • Favourite food/place name
  • A user’s own name
  • A single word from a dictionary
  • A common name
  • The username reused as the password
  • Keyboard patterns/swipes, etc., e.g. qwerty

Usually hackers try to hack an account by attempting common words as passwords at first, and then with complicated words by combinations. This process, a simple form of “bruteforce attack”, need not be done by hand, but is rather automated using hacking tools. Here is an example to show how much time it would take1 for a hacker to crack a user’s password:

In order to safeguard against these types of attacks, here are few tips on how to choose and maintain a secure password:

  • Use unique passwords for every account, i.e. never repeat passwords across online accounts
  • Use a long, alphanumeric password with punctuation to match the recommended password strength, e.g. Th!sL00ks5trOng:-)
  • Never leave the login session unclosed or to timeout automatically. Logout/Sign-out immediately once the work is done
  • Never share your passwords or any account credentials with others
  • Backup login credentials in different devices/media in encrypted format to avoid data loss in the case of lost/stolen devices
  • Avail of a reputed Password Manager to assist you in managing your passwords

Benefits of using a Password Manager:

  • Password Manager can generate strong passwords
  • It can save your credentials and auto login/fill-in the next time you visit a known site, provided password security is ensured
  • You don’t have to worry about forgetting passwords

Choose a Password Manager that ensures data security by encrypting the passwords.

References:
1. https://howsecureismypassword.net/

… to part 5: Social networking

Image courtesy of:
commoncraft.com

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/