Archive for April, 2020

VPNs are mainstream, which is good news

Virtual private networks (VPNs) have been growing in popularity for the last three years, a notable trend revealed in a collaborative report [PDF] by Top10VPN and GlobalWebIndex. This year is no different.

When a majority of the world’s internet users are in isolation due to the COVID-19 global pandemic, the increase in VPN usage is likely and expected, especially with so many people moving regular work from offices to their very homes. VPNs are best used in this time when employees cannot be physically within office premises to securely connect and access sensitive files, local apps, and other internal resources they need to do their job.

A jump in work-from-home employees isn’t the only reason why VPNs nowadays are in high demand. If anything, its steady growth was suddenly sped up by the effects of the current pandemic, introducing a historical spike in usage while internet users are thrust to a “new normal” when it comes to living life closer to family and away from colleagues, extended family, friends, and strangers.

However, there are other factors at play when it comes to motivations for using VPNs. The report entitled “The Global VPN Usage Report 2020” sheds a light on these and more. Let’s take a look.

Current VPN usage trend

Why use VPNs?

More than 30 percent of internet users are now using VPNs, with the heaviest users being in Asia and the Middle East & Africa regions. Specifically, Indonesia and India—61 percent and 45 percent, respectively—have the biggest number of VPN users compared to other countries. If you may recall, the Indonesian government have made attempts to filter content their citizens see online, especially on social media platforms like Facebook, Twitter, and Reddit. The use of certain communication channels, such as WhatsApp, were also restricted.

Both the Middle East & Africa (MEA) and the Asia Pacific (APAC) regions are heavy users of VPN. (Courtesy of Top10VPN and GlobalWebIndex)

It’s not unusual to say that some VPN growth actually stems from attempts to enact censorship over a population. Note that while VPN usage is high in areas where government repression is heaviest, these are also the countries where the use of VPN is legal.

Perhaps surprisingly, countries in democratic countries like Australia (69 percent) and the Netherlands (76 percent) have seen a notable market growth over a three-year period.

“In 2017, the Netherlands introduced a law that gave the intelligence services the right to wiretap online communications around suspects on a large scale and store the data for a period of 3 years,” explains Pieter Arntz, malware intelligence researcher for Malwarebytes, regarding this trend, “For that reason, the law was called the “Sleepwet” (or dragnet law). Amnesty International and local privacy advocates made objections against the scale and the long retention period. Since the introduction, we have seen a big rise in the use of VPN’s in the Netherlands.”

A data retention law coming into effect that year in Australia is the likely trigger for citizens to start using VPNs.

The report also outlines other reasons why people use VPNs.

The paradigm has shifted. VPN users typically claim they want to access entertainment content—currently ranking as the 6th top reason—that they otherwise cannot normally access. (Courtesy of Top10VPN and GlobalWebIndex)

In some countries, government surveillance isn’t a massive concern. What makes their citizens opt to use VPNs is to hide their browsing activities from potential snoopers, of which might be their ISP, advertisers, or threat actors.

Who uses VPNs?

For every 10 internet user, 3 use VPNs, according to the report.

Below is a global profile of who uses VPNs based on demographic data collected for this study. A VPN user is typically:

  • Male (36 percent, compared to 26 percent female)
  • Young (average of 37 percent between Gen Y and Gen Z users, compared to only an average of 21 percent for Gen X and Baby Boomers) *
  • More educated (average of 37 percent between college/university students and post-graduate users, compared to users who are schooling at the age of 18 and below)
  • Mobile users (64 percent, compared to 62 percent of PC/laptop users)

*Older generations are notably catching up, though.

Heavy users in the APAC and MEA regions are young users who are “more urban and more affluent, relative to the rest of the population”. They are also more comfortable with digital tools.

What’s in a user’s VPN wish list?

Most users (72 percent) in the US and UK are using free VPNs compared to those who opted to pay (36 percent). For payers, the most common reason for this is to avoid the sharing of their information with third parties (54 percent).

When looking for a VPN, users prefer those with reliable connection (54 percent), that are easy to use (54 percent), quick (54 percent), has privacy/logging policies (43 percent), and reasonably priced (42 percent).

What attitudes or behaviors do VPN users have?

VPN users are more likely to be consistent with how they protect their online privacy than someone who doesn’t use a VPN. This means they use other measures like deleting browser cookies and using browsers that promote private browsing.

It also came out that internet users are at least aware that protecting their privacy online is important but don’t know how. Even those deemed privacy-conscious are mostly not using VPNs.

When it comes to frequency in use, users in the US and UK tend to use VPNs every day for their daily browsing activities, not just for more private browsing. Younger users in these regions also claim that they see VPNs, primarily, as a privacy tool.

The road to safer surfing

It’s always interesting to take note of trends, motivations, and even buying behavior. However, there are other points in the report that merit some highlights. For one, many users associate VPNs with the word “secure”, although as with all things occasionally this isn’t the case. This is particularly true for mobile devices.

When it comes to finding “the one” VPN for you, it is therefore no longer enough to just take other people’s word for it. It is more crucial than ever for users to go hands on and experience the products themselves. It is also important that users do a little investigative work about the company behind the software or service they were eyeing to try out. And when you do, please remember: Ask the right questions.

Good luck!

The post VPNs are mainstream, which is good news appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

Switching from a “Just in Time” delivery system should include planning ahead

As it becomes clear that some things will never again be the same after the global coronavirus pandemic, it is time to prepare for the future. The cybersecurity implications of upcoming changes will be most noticeable in organizations that rely on security models like the software defined perimeter.

The software defined perimeter is a model closely related to the zero trust framework, in which users must authenticate themselves first before accessing any company-sensitive documents or on-site information. Connectivity in the software defined perimeter is based on the premise that each device and identity must be verified before being granted access to the network.

Below, we explore why unexpected demand spikes may force organizations to reconsider their “Just in Time” delivery networks. But remember, a switch from one system brings questions about any new one.

Just in time delivery

As an example of the changes we can expect, let’s assume that after the coronavirus pandemic, some organizations will transition away from the Just In Time (JIT) delivery system they used when their supply lines began diminishing.

Just In Time delivery systems provide goods as orders come in, allowing for a lean, at-need production process with little to no surplus. But as we’ve recently seen, these types of systems are vulnerable to sudden peaks in demand, as depleting supply chains have already hit several industries, with the most poignant victim being healthcare. Hospitals, clinics, and medical centers around the world have quickly run of masks, hand sanitizer, and ventilators in the months since COVID-19 struck.

Many stores, both brick-and-mortar and web shops, have already faced the same problem. Soon after China applied its regional quarantine, global supply chains took a hit, with some businesses impacted sooner than others. It makes a big difference whether your goods come per container or air freight in terms of how soon your line could dry up.

How we need a constant stream of goods

To western economies, a continuous flow of goods and components is of the utmost importance. We regard transport and logistics as vital infrastructure for compelling reasons. Many of our factories depend on components made on the other side of the globe, and consumers recently learned just how many of their daily products originate from Asia. It’s not just electronics, toys, and clothing being made elsewhere, but also a lot of car parts, tools, and condoms.

One way to solve this problem for the next lock-down (which is a possibility, depending on how local governments decide to “open up” their economies) is to decentralize the origin of products that we can’t afford to miss. But by market standards, goods are often produced wherever labor is cheapest, and spreading production would increase price. In some cases, consumers might be willing to pay a higher price for locally produced goods. In other cases, trade restrictions could drive up the price for goods produced abroad. In both cases, the supply lines would get shorter and gain stronger defenses to interruption.

Just in Time inventory management saves money by minimizing the necessary amount of storage room and by limiting goods going to waste because they go over the expiration date. What you need to realize is that you are not solving this problem, you are just moving it to your logistics partner, who may be better equipped to handle it as they probably do it for many others. And in turn they rely on other shipping and production companies to keep their stocks at a level which allows them to satisfy the needs of their customers.

Now that organizations have learned that a broken link in the supply chain can have drastic results for those at the end of the line, the question is whether this system can be used for every type of good, or whether we need to prioritize between essential goods and those we can afford to miss for a while.

Different software

Switching to another inventory system requires another type of software. Where JIT inventory management may be as simple as sending out an order to the logistics partner—whether it’s yours or the one of your supplier is not really relevant—keeping your own inventory requires a different approach. Countless goods have expiration dates, and not just food and drugs. Some other products also lose their usefulness over time. Others may even lose their value, or the cost to produce them may drop rapidly compared to other products.

Different software comes with a bunch of question, mainly related to security:

  • Who needs access?
  • What will be the permissions of the software itself?
  • How are we going to manage (remote) accessibility?
  • Do we anticipate any compliance issues?
  • How did the software perform during security testing?
  • What will be the procedure during transition?
  • How will this influence my software defined perimeter?

Most of the time, simple stock-keeping software should be less complicated than Just-In-Time inventory management, so it may be a good time to rethink some of the settings you have chosen while you were still using JIT. Even when you end up using a mix of both systems (as many organizations do) the time of change is typically a good time to reconsider choices made in the past. Nobody may have reviewed them because they simply worked. But that doesn’t necessarily mean that they were the optimal choices.

Most of the questions above speak for themselves but will need to be answered on a case by case basis.


Recommended reading: Explained: the strengths and weaknesses of the Zero Trust model


Software defined perimeter

As you may have expected, the software defined perimeter is a security model which is often used in combination with cloud-based software or when remote access to on-premise applications is needed. The software defined perimeter finds its base in the Zero Trust model and divides network access into small segments by establishing direct connections between users and the resources they access.

Logic dictates that when you switch from JIT to a more local inventory this will impact the software defined perimeter. In the JIT system you can expect outbound connections to be established that control the flow of needed goods into the organization. In a system based on local storage, you may see more requests from remote workers to check up on the state of the inventory.

If you this type of change will not affect your organization, there are many other changes that might be caused or ramped up by this crisis. So, it might be beneficial to try and plan ahead. A prepared organization doesn’t get caught by surprise.

Stay safe!

The post Switching from a “Just in Time” delivery system should include planning ahead appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

Threat actors release Troldesh decryption keys

A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this statement last Sunday:

“We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the end of 2019. Now we made a decision to put the last point in this story and to publish all the decryption keys we have (over 750 thousands at all). We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools. All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed. We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data.”

Are these the real Troldesh decryption keys?

Yes. Since the statement and the keys were published the keys have been verified as our friends at Kaspersky have confirmed the validity of the keys and are working on a decryption tool. That tool will be added to the No More Ransom project.  The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Dutch police, Europol’s European Cybercrime Centre, Kaspersky and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

In the past, a few decryption tools for some of the Troldesh variants have already been published on the “No More Ransom” website. We will update this post when the Kaspersky decryptor is released and would like to warn against following the instructions on GitHub unless you are a very skilled user. The few extra days of waiting shouldn’t hurt that much and a failed attempt may render the files completely useless.

When is it useful to use the Troldesh decryption tool?

Before you go off and run this expected tool on your victimized computer as soon as it comes out, check if your encrypted files have one of these extensions:

  • xtbl
  • ytbl
  • breaking_bad
  • heisenberg
  • better_call_saul
  • los_pollos
  • da_vinci_code
  • magic_software_syndicate
  • windows10
  • windows8
  • no_more_ransom
  • tyson
  • crypted000007
  • crypted000078
  • rsa3072
  • decrypt_it
  • dexter
  • miami_california

If the file extensions from your affected system(s) do not match one on the list above, then your files are outside of the scope of this decryption tool. If you do find a match you should wait for the decryption tool to be published.

Why would this gang publish the Troldesh decryption keys?

The reason for all this is unknown and
subject to speculation. We can imagine a few different reasons. From not very
likely to credible.

  • Maybe their conscience caught up with them. After all they do apologize to the victims. But these are only the victims that didn’t pay or were unable to recover their files despite paying the ransom.
  • The Shade team may suspect that someone has breached their key vault and they were forced or decided on their own accord to publish the keys for that reason. But we have seen no claims to support that possibility.
  • The profitability of the ransomware had reached its limit. Ransom.Troldesh has been around since 2014 and we saw a steep detection spike once the threat actors ventured outside of Russian targets in February of 2019. But after that initial spike the number of detections gradually faded out. It was still active and generating money though.
Ransom.Troldesh detections over time
Number of Malwarebytes detections of Ransom.Troldesh from July 2018 till April 2020
  • The development of this ransomware
    has reached its technical limit and the team will focus on a new software
    project. The team stated to have stopped distribution in the end of 2019, but
    failed to let on what they are currently working on.

What we know

All we know for sure is that the keys have
been verified and a decryption tool is in the works. All the rest are
speculations based on a statement made on GitHub by an account by the name of “shade-team”
that joined GitHub on April 25th, just prior to the statement.

Victims can keep their eyes peeled for the
release of the decryption tool. We’ll keep you posted.

Stay safe!

The post Threat actors release Troldesh decryption keys appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

Cloud data protection: how to secure what you store in the cloud

The cloud has become the standard for data storage. Just a few years ago, individuals and businesses pondered whether or not they should move to the cloud. This is now a question of the past. Today, the question isn’t whether to adopt cloud storage but rather how.

Despite its rapid pace of adoption, there are some lingering concerns around cloud storage. Perhaps the most persistent issue is the matter of cloud data security. With as much critical data as there is stored on the cloud, and with a “nebulous” grasp on exactly how it’s stored and who has access, how can people be sure it’s safe?

Growing cloud usage

Cloud usage has exploded in recent years. Five years ago, global cloud traffic was at 3,851 exabytes, a number which has since skyrocketed to more than 16,000 exabytes. As the functionality and connectivity of the Internet grows, cloud traffic will likely increase with it.

People store a vast amount of information on the cloud. It’s not just businesses hosting IT operations or client data on these platforms anymore. Individuals use services like OneDrive, Google Drive, Dropbox, and iCloud to store everything from tax documents to family photos.

With all this data so easily accessible on the cloud, privacy and data protection become more prevalent concerns. Where exactly is the data going and who can see it? If someone can access all of their documents, pictures and contacts instantly from their phone, can hackers just as easily obtain this information? There are more than 1 billion cloud users today who, if they don’t already know, should be asking themselves these questions and learning how to keep their cloud data private and secure.

Securing cloud data

Cloud storage may seem like a security threat at first glance, but it can offer superior security over other methods for businesses. So, what about individuals? By taking the right steps towards careful cloud usage, people can be sure their data is safe.

Keep local backups

The
first step in cloud data protection is locally backing up data. Storing things
on the cloud offers greater convenience and utility, making it an ideal primary
option, but it’s essential to back up important files. Having backups on a
local storage device like a flash drive or server ensures files are safe in the
event of a breach.

Use the cloud judiciously

Users
should be mindful of what kinds of data they store on the cloud. As secure as
modern cloud storage is, there’s no such thing as being too careful. Most files
are fine to keep anywhere, but sensitive information like bank info or Social
Security numbers are best left offline.

Use encryption

Encryption is one of the most helpful methods of securing any digitally stored data. By encrypting files before uploading them to the cloud, users can ensure that the files are safe even from their cloud provider. Some providers offer varying levels of encryption services, but third-party software provides another layer of protection.

Read the terms of service

Most
people skip over the terms of service, but this can be a security risk. If
someone agrees to terms they didn’t read, they could legally give their cloud
service provider more rights over their data than they realize. It can seem
like a tedious task, but reading user agreements highlights what a company can
and can’t do with data on their platforms.

Use good password hygiene

One of the simplest ways to bolster cloud data security is by using a strong password. Hackers can crack 90 percent of passwords in a matter of seconds because the vast majority of people prefer easy-to-remember passwords over strong ones, and a disappointing number of people choose passwords like “123456” or “password” to protect their online info.

The advice here is simple: Create a unique, long password that includes special characters, numbers, and letters. On top of that, change your password every few months to better improve your security. Do not share your password via email or text, and do not use easily identifiable information in your password, like your birthdate or address.

Multi-factor
authentication further secures the login process. Most cloud providers should
have the option to turn on two-step verification so that users need more than
just a password to access their data. This function ensures that even if a
hacker cracks the password, they still can’t get into the server.

Protect yourself from cyberthreats

Antivirus programs are an essential part of all computer-based functions, including cloud storage. Some forms of malware like keyloggers can give hackers entry into protected systems without users realizing it. By using a cloud provider with built-in antivirus software, third-party antivirus software or both, users can ensure they’re safe from these threats.

Common security mistakes

Quite often, the most significant threat to cloud data protection is improper use. In the corporate sphere, more than 40 percent of data breaches are the result of employee errors. No matter how many safety features a system has, user mistakes can always jeopardize security.

One
of the most common cloud security mistakes is poor password handling. People
use weak or repeated passwords, don’t change them or even list passwords on
unsecured online documents, putting their information at risk. Users can avoid
this by using strong passwords and changing them periodically.

Data
breaches are not as substantial a problem if there is no sensitive data at
risk. To avoid essential or private information from leaking or being stolen,
the most secure practice is to store these somewhere other than the cloud.
People should use cloud storage for things they need to access frequently, but
not for things like credit card numbers.

Finally, many people also fall victim to phishing or pharming scams. Users can easily avoid these by never clicking suspicious links or giving out personal information to an unknown source.

With
robust security measures and a healthy dose of general internet safety
guidelines, cloud storage can be as secure as any other option on the market.

The post Cloud data protection: how to secure what you store in the cloud appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

Lock and Code S1Ep5: Mythbusting and understanding VPNs with JP Taggart

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to JP Taggart, senior security researcher at Malwarebytes, about VPNs—debunking their myths, explaining their actual capabilities, and providing some advice on what makes a strong VPN.

Tune in for all this and more on the latest episode of Lock and Code, with host David Ruiz.

You can also find us on the Apple iTunes store, on Google Play Music, plus whatever preferred podcast platform you use.

We cover our own research on:

Plus other cybersecurity news:

  • What a deal: details of 267 Million Facebook users for 500 Euros. (Source: Medium.com)
  • Smart IoT home hubs are vulnerable to remote code execution attacks. (Source: ZDNet)
  • Automated bots are increasingly scraping data and attempting logins. (Source: DarkReading)
  • A new Android trojan targets banking customers with overlay attacks. (Source: ThreatPost)
  • Severe vulnerability in OpenSSL allows DoS attacks. (Source: SecurityWeek)
  • Vivaldi adds built-in tracker and ad blocker to latest browser version. (Source: TechSpot)

Stay safe, everyone!

The post Lock and Code S1Ep5: Mythbusting and understanding VPNs with JP Taggart appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →
Page 1 of 5 12345