October Monthly Roundup

November 3, 2014

Kaspersky Lab was busy this October bringing you breaking security news stories, and other relevant reads. From infected ATMs and Android 5.0’s new crypto system, to cyber-mercenaries and cryptoware protection, we covered it all. If you missed any of our October posts, fear not! This quick summation of our most popular posts will get you up to speed!


Android 5.0 Data Better Protected with New Crypto System

Law enforcement agencies are not exactly happy with Google and Apple these days. User content, stored in the latest iterations of the iOS and Android operating systems, is encrypted in such a way that neither company has the capacity to decrypt the locally stored information. This means that even with a warrant, they’ll have no sure-fire way of compelling users to decrypt locally stored data. However, privacy and security advocates are heralding the new disk-encryption schemes, which seem to equip consumers with real mobile data-security. Some will see these moves as reckless; others will see them as obvious reactions to an environment where it’s become entirely too easy for the government to collect prosecutorial information with little to no oversight. Google is now touting their new by-default encryption that is part of the new Android Lollipop, also known simply as “Android 5.0″ or “Android L.” In this new system the password or PIN plus some built-in, possibly hardware-based credential, will derive the decryption key. Thus, brute-forcing a password may still be possible, but it won’t decrypt encrypted disk space.

In other words, the most popular mobile operating system in the world finally becomes more secure. 

How to Remember Strong, Unique Passwords

How is it 2014 and we’re still stuck memorizing ever-longer lists of passwords like it’s 1999?  If we’re going to rely on an ancient authenticator for future technology, then we might as well come up with a solid way to remember our passwords. This is exactly what our friends at Carnegie Mellon University’s computer science department have done. Unfortunately, it turns out that remembering long lists of complicated passwords requires us to do something that no one likes: study. In this study, participants were prompted with a scene and person pair, and were made to perform a rehearsal routine to recall the action and the object at a set number of spaced intervals over a period of 100 or so days. To learn the results that shocked researchers, read the rest of the article! Ultimately, we learned that it’s easier to remember fewer passwords. Which is probably why nearly everyone uses the same password across multiple accounts, despite knowing that password sharing is a bad idea. But there is also good news —you can improve your passwords using the relatively easy mnemonic technique described here.

Legal malware and cyber-mercenaries

Think about this: the more we entrust our everyday routines to computers, the more attractive they become for those that love digging into others’ secrets—bad guys and good guys alike; hacking and espionage are hardly crimes for the secret service, but instead are a part of their everyday work. A key trend in today’s world of cybercriminal business is the legalization of cybercrime, which is positioned differently in the infosec market. Kaspersky Lab’s experience proves that privately developed legal malware could potentially end up not only in the ‘good’ hands of secret service, but also in the hands of very pragmatic third parties.  So is it dangerous? Significantly. Malware like this is created for those with a very generous budget. It is at a very advanced level that has nothing to do with teenage misbehaviors or petty criminals trying to steal a hundred bucks from your credit card. The developers of legal malware use a great deal of advanced technologies in their products that can fool a virus analyst and prevent him from looking under the hood. Despite all this, practices do prove that such technologies do have their limitations: there is no magic allowing one to break stealthily into any system but, rather, it is a sample of a usual malware. 

Infected ATMs gave away millions of dollars

Hackers don’t take money out of the ATM like you and me: they don’t need cards, PIN codes or bank accounts to get money. In reality, all they need is an ATM with some cash in it and a special piece of software. At the request of a financial institution, our colleagues from the Global Research and Analysis Team (GReAT) performed a forensic investigation into a cyber-criminal attack that targeted multiple ATMs in Eastern Europe. They discovered that by using a trojan called Tyupkin, hackers can withdraw an unlimited amount of banknotes simply by entering a special code into the pin pad. Tyupkin infects the PC inside of an ATM and forces it to dispense banknotes when prompted by the special code. Criminals were somehow able to physically access the ATMs so that they could install the malware. The Trojan had a number of advanced abilities making an attackers job quite simple.  Thankfully, right now hackers can only infect certain ATM models, but the variety of hackable ATMs will grow unless banks and ATM manufacturers increase the physical, and software, protections of these machines. 

Prioritizing the Protection of Primary Webmail Accounts

Think about this: whenever you set up nearly any online account, you’re prompted to enter a primary webmail account. This primary email account also acts as the place where you can recover online accounts if they become hijacked or if you forget your password. In this way, your primary email account is more sensitive than your PayPal or your banking account, because if the email account is compromised, so too are the financial accounts! A criminal in control of your webmail account can gather some serious intel about what other accounts you use online, and compromise those as well. This is why we constantly and relentlessly remind you to use strong passwords and enable two-factor authentication and all other available security controls for accounts of importance. As if that wasn’t bad enough, your hacked accounts affect the lives of all of your contacts. When and if your account is hacked, attackers will use it as a tool to attack the accounts of your friends, family and digital acquaintances. Thankfully, a strong antivirus solution will protect you against email-borne attacks containing malware. Kaspersky security products also contain anti-phishing technologies that will detect phishing websites and warn you about them. Long story short: you need to start handling that primary email address in the same way you handle your online banking account, or perhaps even more carefully since it is your most precious online account. 

Tip of the week: How to protect yourself from cryptoware

Cryptoware is one of the fastest growing types of malware that targets end-users. These viruses are created for the mass blackmailing of ordinary people. So how does it work in real life? Kind of like this: “Dear Chairman, dear Vice Chairman, dear members of the board, let me present to you the annual report which we have been preparing throughout the past two months… Oops… Just a moment, we are having some technical issues…” It would seem as though a cryptovirus has hindered your presentation. A cryptovirus is a malicious program that blocks access to some files on your computer and demands a ransom for their decryption. We recommend that you protect valuable files before your computer gets infected. Installing Kaspersky Internet Security and adjusting the settings will help protect you from the latest threats. Learn how to do this by reading the full article!