In June, Kaspersky Lab made sure you were in the know when it came to the latest security news. From tips to keeping your smartphone protected to the breakdown of trending topics, we kept you covered. So if you missed any of our posts, make sure you catch up now with our monthly roundup!
These days, 98% of smartphone malware targets Android, given Apple’s strictly monitored App store. However, Apple’s focus is on mass malware, and not on the possibility of someone spying on you personally. The problem with this comes from the fact that nowadays, “legal” spyware exists, and there are international companies that are officially developing and selling this kind of software, like the Italian firm, HackingTeam, which developed Remote Control System (RCS) software known as Galileo. Kaspersky Lab has monitored RCS infrastructure for some time and encountered Windows malware “implants” from RCS before, but recently, in partnership with Morgan Marquis-Boire from Citizen Lab, new variants of malware were discovered. These new samples are smartphone Trojans that work on both Android and iOS and are capable of performing all kinds of spying that you’d expect from such a tool, including location reporting, taking photos, spying on SMS, WhatsApp and other messengers, stealing contacts and so on. To avoid infection risks, Kaspersky Lab’s experts recommend that you, first of all, don’t jailbreak your iPhone, and secondly constantly update the iOS on your device to the latest version. In addition, running a robust security software on your computer will greatly reduce the risk of getting infected.
Google released a new report that stated more than thirty percent of global Gmail traffic becomes unencrypted at some point in transit between the email sender and its recipient. As a fix, Google developed a tool that will encrypt all data traveling out of its Chrome Browser for any user who has installed its End-to-End extension. As you probably remember, until a few months ago, Google was not encrypting the links between servers in their own data centers. Now when you send an email with Gmail, that email is encrypted from your computer, through your browser, onto Google’s servers, and between and out of Google’s servers. Once your data passes out of Google’s control it is then up to whomever has your data to ensure that it remains encrypted. The aim of this End-to-End new tool is to put simple and easy to use encryption tools in the hands of everyday users. In this way, the user can ensure his or her data is encrypted in transit.
Ransomware has become increasingly convenient for cybercriminals, and a new scheme, similar to CryptoLocker ransomware, is now gaining traction on smartphones. iOS-based devices are blocked with the help of the Apple’s Find My iPhone service, while Android smartphones are dealing with culprits who have coded a mobile version of Cryptolocker, Pletor.a. There are numerous steps you can take to protect both your PC and Smartphone from this scheme though. When it comes to your PC, use the free Kaspersky Lab utility, which scans your system and deletes malware. Also be sure to install a strong Internet security solution and create an online backup copy of your data. For Smartphone safety, install a robust antivirus app from Google Play or another trusted app store like Yandex.Store. You should also disable third-party app installation support, only download apps from trusted sources, and upon installation of those apps, keep an eye on the access rights the app is asking for. Finally, use Google Drive, Dropbox and other cloud storage and backup solutions to backup your photos and other documents.
Following the exposure and takedown of GameOver Zeus (what the FBI are calling ‘the most sophisticated and damaging botnet we have ever encountered’), Senior Security Researcher David Emm explained that the cybercriminals behind the Gameover Zeus attack used two malicious programs – ZeuS and Cryptolocker, which have hundreds of thousands of variants. What makes this case different is that police managed to take over the Command and Control (C&C) server that controls the botnet and temporarily disable it. To combat this attack, Emm recommends backing up data regularly to avoid the need to pay ransom if you do get infected with Cryptolocker.To keep your financial information safe (from Zeus, and from other malware designed to steal your money), just follow these simple rules: don’t click on links you receive from unknown senders, don’t download, open and keep unknown files on your device, don’t use open unsecured (public) Wi-Fi networks for any transactions, double-check webpages before entering any of your credentials or confidential information, work only with websites with the ‘https’ prefix, have up-to-date anti-malware protection installed and use the same protection when using your mobile/tablet device for any transactions.
Although app stores offer what seems like limitless options for games and tools, they are also full of bad apps, ballooning costs, and malicious apps, particularly for Android devices.
Follow these three golden rules to safely enjoy app stores regardless of your operating platform.
- Use community knowledge to assess the reliability of apps. Stay away from brand-new apps, as well as those that have either no reviews or negative reviews. Also avoid apps that haven’t been downloaded before.
- Set up password or biometric protection for every purchase. Apple and Android both offer password protection for purchases from their respective app stores, as well as in-app purchases and both offer some form of biometric protection as well – either native or through an app.
- Limit the number of apps on a device – the more apps you have, the more inefficient navigating and operating your smartphone becomes, not to mention that the more apps you have, the fewer you use.
A bonus Android tip: Because the Android platform has been so beset by malicious apps, Android users should take extra precautions. Be sure to closely check the permissions granted to each app, and avoid apps that clearly take more information than needed. Use a mobile antivirus system – Kaspersky Lab has one it can offer – that checks the safety of new apps and protect your device against the latest mobile malware threats.
Two-factor authentication is a feature offered by a number of online service providers that adds an additional layer of security to the account login process by requiring that a user provide two forms of authentication. The first form – in general – is your password. The second factor can be any number of things, the most popular being the SMS or email code. Two-factor won’t prevent all account hijacks, but it’s a great barrier. So which accounts should have two-factor authentication enabled? The simple rule regarding when and where you should enable two-factor is this: If the service in question offers it and you deem that account valuable, then enable it.