Posts Tagged: ‘kaspersky lab’

Scam of the day – November 28, 2014 – Hotel Wifi threat

November 28, 2014 Posted by Steven Weisman, Esq.

A targeted threat against high level government and business leaders while staying in upscale hotels was exposed by security company Kaspersky Lab recently.  The attack starts with a breach of the particular hotel’s Wifi network and the installation of malware even before the targeted guest arrives at the hotel.  When the hotel guest connects to the hotel’s Wifi system by logging in using his last name and room number, the hackers are alerted and then send a pop-up alert regarding a necessary software update that needs to be clicked on and downloaded.   The pop-up looks legitimate.  In this particular group of targeted attacks, which Kaspersky has deemed “Darkhotel” the pop-up was for an update to Adobe Flash player, although it could be an update for any other program.  The pop-up of course is phony and when the unwary victim clicks on the link, he downloads malware that enables the hacker to steal information from the victim’s laptop or other device.  In this case, the information sought is for corporate espionage, but others using the same tactic could just as well use the technique to gather personal information for purposes of identity theft.

TIPS

You can never be sure of the security of Wifi whether it is at a coffee shop or a hotel.  A good option is to use a Virtual Private Network (VPN) to get an encrypted communication mode whenever you use Wifi.  It is important to be skeptical of any prompt to click on anything when you are on Wifi or anywhere else for that matter.  Don’t click on links in emails, text messages or pop-ups unless you have confirmed that they are legitimate.  In the case of software updates, it is a simple matter to check with the particular company at its website rather than click on a pop-up if you want to make sure that the update is legitimate.  Even if an update is being offered by the company, you are better off accessing it through their website rather than a pop-up which may be just a counterfeit pop-up sent to you by an identity thief.

Scam of the day – December 19, 2013 – Playstation 4 and Xbox One targeted by hackers

December 18, 2013 Posted by Steven Weisman, Esq.

Computer security company Kaspersky Lab recently disclosed that it had found that hackers have been targeting the new Playstation 4 and Xbox One gaming consoles in large numbers.  However, owners of these two systems are not alone.  According to Kaspersky, there are an estimated  34,000 cyber attacks on gaming systems each day through the world.  The country with the largest number of gaming cyber attacks is Spain wtih Poland a relatively close second.  The hackers are after gamers’ usernames and password which they then sell on the black market.  This also poses a larger problem of identity theft for hacked gamers due to the fact that too many people use the same usernames and passwords for multiple accounts, putting their security in jeopardy if that information falls into the hands of an adept identity thief.

TIPS

As with so many  instances of hacking, the way that hackers gain access to your smartphone, computer, laptop or gaming console is through phishing techniques that lure people into downloading tainted attachments or clicking on infected links.  As I constantly remind you, never click on links or download attachments unless you are absolutely sure that they are legitimate and even if they appear to come in a text or an email from someone you trust, your friend’s smartphone or email account could have been hacked so it appears a message containing a link or an attachment is coming from someone you trust when in fact, it is coming from an identity thief or hacker who has infected the link or attachment with keystroke logging malware that will steal the information from your computer, smartphone or other device and make you a victim of identity theft.

Scam of the day – February 17, 2013 – Facebook hacked – the lesson for us all

February 17, 2013 Posted by Steven Weisman, Esq.

Facebook has announced that its internal computer network has been hacked in what it described as a “sophisticated attack.  According to Facebook, users of Facebook did not have their data compromised – this time.  As I have warned you over and over again, your security is only as good as the security of the weakest place that holds information about you, which is why it is important to limit the information held by companies and others with which you do business to the minimum that they need.  The hacking of Facebook occurred when a Facebook employee went to the website of an app developer with which Facebook does business.  The app developer had unwittingly been hacked through the use of the Java program and when the Facebook employee went to the website of the app developer, the computer virus was passed on to Facebook.  This might be particularly disturbing to some people because Facebook uses, and was using at the time of its security breach, the latest security software programs, which did not protect Facebook from the hacking.  As I have told you previously, unfortunately, the makers of computer security software are always behind the hackers.  It has been estimated that when a new virus is developed only about 5% of security software programs are effective at first.  Generally, the computer security software companies take about a month to catch up with the new viruses.

TIPS

There are a few lessons for us all from this security breach.  According to the computer security company, Kaspersky Lab, Java is a dangerous program constantly exploited by hackers.  According to Kaspersky, Java software was the culprit in about half of all cyber attacks in 2012.  On January 12, 2013 I passed on a warning from the Department of Homeland Security warning people to disable Java due to serious security threats.  Five days later on January 17th I provided you with a link to remedy for that particularly vulnerability.  However, problems with Java continue to occur and some computer security experts suggest that you disable Java and not use it in order  to protect yourself.  I will discuss this in more detail in future Scams of the Day.  The particular problem with Java that led to the hacking of Facebook has been fixed, but it is likely that Java will be attacked again.  Another tip that you must follow is to make sure that your computer security software is constantly updated.  I will provide you with particular warnings and updates, but you should make sure that your security software is always current.  People who do not do so are easy targets for identity thieves.