Connect with us

Featured

How your phone became hostage to ransomware

Published

on

DOROS HADJIZENONOS, Country Manager of Check Point South Africa, explores why mobile ransomware has become the biggest mobile security threat, and how users can guard against it.

Imitation is a quick way to learn, which is why mobile malware is evolving so rapidly – it frequently imitates attack behaviours and trends that were first trialled and proven to work in the PC world.  Mobile ransomware is following this path, with the aim of replicating the success that PC-based ransomware has had in extorting money from individuals and organisations.  So it’s no surprise that the number of mobile ransomware variants detected in Q1 2016 grew 45% compared with Q4 2015.

Like its cousins that target PCs, mobile ransomware has become more complex and malicious in the way it works, too.  The first mobile ransomware types were ‘screen blockers’, which displayed prominent alerts and made normal interaction with the screen impossible – similar to lock-screen PC ransomware.  First seen in 2013, the malware posed as anti-virus software and informed victims their device was infected, demanding they purchased a full version of the software to ‘disinfect’ the device and make it usable again.

In 2014 the first mobile ransomware which encrypts files was detected, again following the success of Windows cryptolocker-style malware.  The most recent mobile ransomware type is the Pin locker, which emerged in 2015.  One example, called PornDroid, pretends to be a porn player, and tricks the user into granting it Admin privileges.  Once it has these, the malware changes users’ Pin codes, locking them out of their devices and displaying a ransom message.  We conducted a detailed investigation into how this type of ransomware worked, and we found one variant had infected tens of thousands of devices, with some victims paying $200 to $500 to unlock their data and regain control of the device.

The device divide

While mobile ransomware currently targets Android devices almost exclusively – largely because iOS devices need to be jailbroken in order to download apps from sources other than Apple’s App Store, making them harder to infect – there has been a case in which iOS users were extorted. In 2015, attackers exploited stolen credentials to log into users’ iCloud accounts and remotely locked their devices, and demand ransoms to release them.  And in March 2016, the first ransomware targeting Apple Macs, KeRanger, was discovered, so we should expect to see ransomware targeting iOS devices soon.

Check your privilege

Currently, mobile ransomware focuses on locking users out of the device, because the mobile operating systems do not allow malware to access all the device’s areas of memory or storage.  However, the privilege escalation exploits referenced earlier point clearly to the next step in ransomware evolution, using techniques to gain ‘root’ privileges on the device which effectively give the criminal complete control of the infected phone or tablet.

Most methods for rooting the device rely on exploiting vulnerabilities either in the OS, the hardware, or individual applications.  Unfortunately, these vulnerabilities are widespread:  over the past 6 months, over half of Android patches released by Google are for securing devices against privilege escalation exploits – so we can expect to see more ransomware targeting these flaws to gain elevated privileges over the next year.

How can I protect my devices?

The most fundamental principle of mobile device security is never to root or jailbreak your phone – in other words, to avoid deliberate privilege escalations that could then leave you open to malicious ones that may harbour ransomware.   A robust security solution should also be applied.  Enterprises should select a mobile device management (MDM) solution – but all MDMs are not equal.  Some are able to identify when a phone has been deliberately rooted by a user, but not when it has been rooted by malware – and some more advanced malware can disguise itself against such inspection.

A more effective approach is to quarantine and inspect any suspicious apps or attachments in the cloud, before downloading them to the device.  This blocks the main vector for privilege escalation, which is from rogue apps.

The mobile threat prevention solution should use a number of components working together to respond to the most common mobile attack vectors. Devices must be continually analyzed to uncover system vulnerabilities and unusual behaviour.  Monitoring configuration and behaviour analysis can help identify root access attempts as outlined above.  And any downloaded apps must be inspected for the unique binary signatures for known malware; they should also be captured and reverse-engineered for code-flow analysis to expose suspicious behaviour.

And don’t overlook simple steps such as regularly backing-up data on your device so that if the worst does happen, you can recover your files without having to pay.

Help! I’ve already been infected

Unfortunately, there may be little you can do, which is why it’s important to perform regular backups of the data stored on your mobile device.  You should certainly avoid paying any ransom, and take your device to a mobile security specialist rather than attempting to decrypt it yourself. But ultimately, when it comes to mobile ransomware, prevention is by far the best protection.

Featured

Now download a bank account

Absa has introduced an end-to-end account opening for new customers, through the Absa Banking App, which can be downloaded from the Android and Apple app stores. This follows the launch of the world first ChatBanking on WhatsApp service.

Published

on

This “download your account” feature enables new customers to Absa, to open a Cheque account, order their card and start transacting on the Absa Banking App, all within minutes, from anywhere and at any time, by downloading it from the App stores.

“Overall, this new capability is not only expected to enhance the customer’s digital experience, but we expect to leverage this in our branches, bringing digital experiences to the branch environment and making it easier for our customers to join and bank with us regardless of where they may be,” says Aupa Monyatsi, Managing Executive for Virtual Channels at Absa Retail & Business Banking.

“With this innovation comes the need to ensure that the security of our customers is at the heart of our digital experience, this is why the digital onboarding experience for this feature includes a high-quality facial matching check with the Department of Home Affairs to verify the customer’s identity, ensuring that we have the most up to date information of our clients. Security is supremely important for us.”

The new version of the Absa Banking App is now available in the Apple and Android App stores, and anyone with a South African ID can become an Absa customer, by following these simple steps:

  1. Download the Absa App
  2. Choose the account you would like to open
  3. Tell us who you are
  4. To keep you safe, we will verify your cell phone number
  5. Take a selfie, and we will do facial matching with the Department of Home Affairs to confirm you are who you say you are
  6. Tell us where you live
  7. Let us know what you do for a living and your income
  8. Click Apply.

 

Continue Reading

Featured

How we use phones to avoid human contact

A recent study by Kaspersky Lab has found that 75% of people pick up their connected device to avoid conversing with another human being.

Published

on

Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much-needed comfort blanket in a variety of social situations when they do not want to interact with others. A recent survey from Kaspersky Lab has confirmed this trend in behaviour after three-quarters of people (75%) admitted they use a device to pretend to be busy when they don’t want to talk to someone else, showing the importance of keeping connected devices protected under all circumstances. 

Imagine you’ve arrived at a bar and you’re waiting for your date. The bar is busy, and people are chatting all around you. What do you do now? Strike up a conversation with someone you don’t know? Grab your phone from your pocket or handbag until your date arrives to keep yourself busy? Why talk to humans or even make eye-contact with someone else when you can stare at your connected device instead?

The truth is, our use of devices is making it much easier to avoid small talk or even be polite to those around us, and new Kaspersky Lab research has found that 72% of people use one when they do not know what to do in a social situation. They are also the ‘go-to’ distraction for people even when they aren’t trying to look busy or avoid someone’s eye. 46% of people admit to using a device just to kill time every day and 44% use it as a daily distraction.

In addition to just being a distraction, devices are also a lifeline to those who would rather not talk directly to another person in day-to-day situations, to complete essential tasks. In fact, nearly a third (31%) of people would prefer to carry out tasks such as ordering a taxi or finding directions to where they need to go via a website and an app, because they find it an easier experience than speaking with another person.

Whether they are helping us avoid direct contact or filling a void in our daily lives, our constant reliance on devices has become a cause for panic when they become unusable. A third (34%) of people worry that they will not be able to entertain themselves if they cannot access a connected device. 12% are even concerned that they won’t be able to pretend to be busy if their device is out of action.

Dmitry Aleshin, VP for Product Marketing, Kaspersky Lab said, “The reliance on connected devices is impacting us in more ways than we could have ever expected. There is no doubt that being connected gives us the freedom to make modern life easier, but devices are also vital to help people get through different and difficult social situations. No matter what your ‘connection crutch’ is, it is essential to make sure your device is online and available when you need it most.”

To ensure your device lifeline is always there and in top health – no matter what the reason or situation – Kaspersky Security Cloud keeps your connection safe and secure:

·         I want to use my device while waiting for a friend – is it secure to access the bar’s Wi-Fi?

With Kaspersky Security Cloud, devices are protected against network threats, even if the user needs to use insecure public Wi-Fi hotspots. This is done through transferring data via an encrypted channel to ensure personal data safety, so users’ devices are protected on any connection.

·         Oh no! I’m bored but my phone’s battery is getting low – what am I going to do?

Users can track their battery level thanks to a countdown of how many minutes are left until their device shuts down in the Kaspersky Security Cloud interface. There is also a wide-range of portable power supplies available to keep device batteries charged while on-the-go.

·         I’ve lost my phone! How will I keep myself entertained now?

Should the unthinkable happen and you lose or have your phone stolen, Kaspersky Security Cloud can track and protect your device from data breaches, for complete peace of mind. Remote lock and locate features ensure your device remains secure until you are reunited.

 

Continue Reading

Trending

Copyright © 2018 World Wide Worx