IT NEWS

Navigating the world of endpoint security is challenging, with numerous vendors stoking “Fear, Uncertainty, and Doubt” (FUD) and making bold claims that are difficult to verify. In times like these, the honest opinions of real users are invaluable for busy IT teams.

Enter G2, an industry-leading peer-to-peer review site. Each quarter, G2 releases reports highlighting the products with the highest customer satisfaction and strongest market presence.

In the G2 Summer 2023 Grid Reports, Malwarebytes earned 19 “Leader” badges across five endpoint security categories (Antivirus, EDR, Endpoint Management, Endpoint protection platforms, Endpoint protection suites). We also received awards for the #1 spot in Endpoint Protection and the Easiest Setup for EDR, among many others.

Let’s take a closer look at how organizations evaluated solutions and what they said about using Malwarebytes.

#1 Endpoint Protection: Highest Rated for Results, Relationship, and More

Malwarebytes Endpoint Protection (EP), the essential foundation of our EDR and MDR offerings, won dozens of awards based on receiving the highest customer satisfaction score across a range of areas, including “Best Results,” “Best Support,” “Most Implementable,” and more.

Dashboard for Nebula, the cloud-hosted security platform for EP and EDR

For example, Malwarebytes EP won the “Best Results” badge (highest overall Results score) by having the highest combination of estimated ROI, meets requirements, and likelihood to recommend scores. What some of our customers had to say:

“Malwarebytes is easy to install and configure. It integrates with Windows 10 and runs silently in the background. Infection rate of Malware has dropped dramatically. If I run across a machine that has Malware, installing it cleans it up almost 100% of the time.”

Chris S.

“Malwarebytes was able to detect and block a virus that our previous AV was not able to. Wish we had moved to this product sooner.”

Robert S.

“I consider myself faithful to this software because Malwarebytes has taken me out of problems that other antivirus programs have not been able to solve. It is not a very heavy software and can run in the background without even noticing it thanks to the updates.”

Verónica M.

Customers also praised Malwarebytes for its friendly staff and exceptional support, for which we won the “Best Relationship” badge by having the highest combination of “Likely to Recommend,” “Ease of business,” and “Quality of Support” ratings.

Here’s what some of our customers had to say:

“The support team started us off on the right track by getting us up and running in no time. Any questions I had before and after setup were answered quickly and thoroughly.”

Gary P.

“Highly recommended, and their support team is the best you can ask for!”

Rifaat K.

Easiest To Use EDR

Our EDR solution, paired with our Vulnerability and Patch Management (VPM) modules, delivers an impressive return on investment by quickly enhancing your organization’s security posture. Malwarebytes EDR is designed to be both efficient and cost-effective, allowing your team to see the benefits of your investment immediately.

By focusing on ease of use, quick implementation, and powerful security features without requiring an IT security army, Malwarebytes ensures that your organization is maximizing resources and receiving the best ROI in the industry.

Malwarebytes had the best estimated ROI (payback period in months) in the enterprise Endpoint Management category, which evaluate products that help users keep track of devices in a system and ensure their software is secure and up to date.

“The best part about Malwarebytes is the set it and forget it. It has saved us so much time on deployment and remediation that it pays for itself in no time at all.”

Ron M.

“It keeps our working environment much more secure than our previous solution. Much easier to manage in real time. This thing is a money saver and pays for itself.”

Tyson B.

Most Implementable EDR: Seamless Setup and User-Friendly Experience

On the Enterprise Implementation Index for Endpoint Detection & Response (EDR) Malwarebytes EDR clutched the #1 spot. With a seamless setup process, your team can spend more time focusing on what matters most: protecting your organization from cyber threats. Here’s how we won:

• Malwarebytes EDR has an Implementation Score several points higher than the industry average.
• Ease of Setup: Malwarebytes EDR scores several points higher than the industry average in ease of setup.
• Average User Adoption: Malwarebytes EDR scores several points higher than the industry average in user adoption rate. 

“The Nebula console is one of the most user-friendly interfaces we’ve come across. We can’t recommend it enough.”

Justin N.

“Malwarebytes makes it simple to deploy. Additionally, the user interface has minimal impact on the end-user, so its win-win. Support are happy to help when you do hit the occasional bump and the portal is easy to use and very responsive.”

John K.

“If you are purchasing Malwarebytes, then you have made the correct choice. You will quickly see how easy it is to implement, and how great their support is.”

Mauro B.

“Very easy to install and deploy, setup, and configure – for instance – a 5 machine setup would take roughly ~10 mins from start to finish.”

Verified User

“Easy to use and implement, along with great support and support tools at your disposal, along with courses to help you become more familiar with the inner workings.”

Doug C.

Two options to easily begin deployment with your endpoint users in Nebula

Experience Malwarebytes for Business: Award-winning ROI, user-friendly, and effective threat defense

Malwarebytes provides IT staff with award-winning business solutions, offering unmatched threat protection, a lightning-fast return on investment, and a smooth, speedy implementation.

Try Malwarebytes EDR today and join the ranks of those who have already discovered the amazing results, support, ROI, and more of our exceptional endpoint security solutions.

UPGRADE TO ENTERPRISE-GRADE PROTECTION

Chinese-made surveillance cameras find themselves in a spot of controversy, after a BBC investigation uncovered flaws in devices during several brand tests.

Surveillance and webcam vulnerabilities are common, and we’ve covered them many times on our blog. What’s interesting with this story is that its being presented as some sort of potential threat to national security and infrastructure. From just one of the comments provided to the BBC:

“We’ve all seen the Italian Job in our youth, where you bring the whole of Turin to a halt through the traffic light system. Well, that might have been fiction then, it wouldn’t be now.”

All very dramatic, but we’ve yet to see The Italian Job play out in real life. Even so, many devices manufactured by one firm, Hikvision, are used by many local councils across the UK. They’re also used to monitor Government buildings. If a device is vulnerable, it’s definitely worth trying to figure out the scale of the problem. With this in mind, what kind of numbers are we talking about?

According to the BBC, a large-scale freedom of information campaign set in motion by Big Brother Watch tried to find out. No fewer than 4,510 Freedom of Information requests were filed with various public bodies between August 2021 and January 2022. 1,289 responses came back, with 806 of those confirming the use of Hikvision or, another brand mentioned by the BBC, Dahua cameras. Of the 806, 227 local councils and 15 police forces use Hikvision, with 35 local councils making use of Dahua.

That’s certainly a lot of cameras. What risk was discovered?

The BBC asked experts to try and compromise a Hikvision camera under test conditions, though specifics are hard to come by. Is “a test network with no firewall and little protection” an accurate reflection of a local council or Government network? Is it fair to assume the manufacturer would be at fault for organisations not applying updates and patches dating back 6 years?

I ask this, because the results with the tested (six year old) camera found a vulnerability from 2017. The testers claim the flaw as “a back door that Hikvision built into its own products”, with somewhere in the region of 100,000 cameras online “still vulnerable” to this issue. Which means that a lot of organisations actually are failing to update their devices.

Having compromised the camera and gaining access to visuals, testers now established if they could access the Dahua cameras by forcing their way into the software controlling them. Once again, they were able to do it and this time gained access to the camera’s microphone.

In both cases, vendors claimed to have patched both of these vulnerabilities soon after the issues came to light. In fact, Hikvision released an open letter to those responsible for the investigation. It reads:

To claim that this stunt has uncovered a security breach or an intentional backdoor in June 2023 is farcical. It sensationalises a problem that was already fixed to universally recognised CVE standards. Furthermore, this test has not been conducted on a typical network, but rather an unsecured one. This test simply cannot be characterised as representative of ‘the cameras lining our streets today’, which would be much better defended than the camera in this so-called ‘test’ the BBC have run.

It goes on:

Hikvision’s conduct with regards to this vulnerability has followed all internationally accepted standards of best practice. When made aware of the vulnerability in March 2017, Hikvision patched it in less than one week. The vulnerability – and Hikvision’s patch – were subject to further scrutiny in the US with the then-Chairman of the US House of Representatives Small Business Committee noting in a public hearing that Hikvision’s work with the US Department of Homeland Security on this vulnerability meant that any continuing issues resulting from unpatched equipment would lie with ‘small businesses that do not engage with the government or the DHS regularly’.

Going further, the Deputy Assistant Secretary for the US Department of Homeland Security Office of Cybersecurity and Communications said they ‘worked with the company’ to resolve the problem and that ‘standard practice was followed’. 

All in all, this one is a bit of a mess and likely won’t be untangled soon. Whether your own devices are brand new or a few years old, they’ll typically prompt you to perform an update. Whether you think years old devices should be taken offline for safety reasons, or that organisations are solely responsible for their security, one thing is for certain: You can feel much more reassured that your own devices are safe by hitting that update button as soon as you possibly can.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they don’t just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on goes out of its way to track you, tie you to clicks, associations, and more. More adverts, tailored to your theoretical interests, then start to follow you around across other sites. Sometimes, it’s not very sophisticated: Ever searched for the one and only quarter height stepladder you’ll ever buy in your life? Congratulations, every advert is a stepladder.

Sadly, dozens of stepladder adverts are far from your only concern. We’re going to explain why running an ad blocker is a good thing for your digital health, and highlight all of the ways things can go wrong with ads enabled.

Adverts are the biggest of business, with billions of ad impressions per month. Individual companies can rack up billions of impressions just for their own ads, before you try and figure out overall tallies. Disney and Amazon had a total of 40bn impressions between them in the first quarter of 2020, and Google is pretty much powered by advertising:

Google is an attention merchant that – in 2022 – generated over $224 billion (almost 80% of revenues) from ads (Google Search, YouTube Ads, and Network sites.

If you want some idea of the scale of advertising you’re subjected to on a daily basis, things are only moving up. Recent research by Lunio claims that, on average, people might have seen between 500 and 1,000 ads a day in the 1970s. By 2007, when adware vendors dropping ad-spewing installers was common and ad affiliate networks in meltdown was a daily occurrence, it was estimated at 5,000. By 2021, it was an average of 6,000 to 10,000 per day.

You have adverts and pop ups on your phone. You have advertising on your video game console dashboard. There’s another batch of stepladder adverts on your desktop. Your IoT home hub either plays an occasional ad or is plugged into some other service you use to buy things from.

Your television? Well, it might be one of the upcoming models where the TV is free in return for built in adverts constantly playing on a smaller screen. This is probably as good a place as any to remind you to always read the small print, however:

today in privacy policies pic.twitter.com/83QI7l7iFu

— shoshana wodinsky (she/her) ? (@swodinsky) May 16, 2023

Some of the most common types of advertising you’ll encounter include:

• Pay per click (PPC). Advertisers pay publishers every time an advert is clicked.
• Affiliate marketing. With this form of marketing, the creator of a product avoids taking up the marketing slack. Instead, it is essentially outsourced to others in the form of unique affiliate links or clickthroughs offered by apps or programs. If a sale is made, the affiliate earns commission money. There may be additional incentives on offer depending on the product.
• Mobile ads. These are hugely popular in “free” games, where ads may be served by the app itself, or through a network being used by the app. The links may also lead to additional phone installations.

You’ll bump into others, but these are the three main areas of advertising which you’ll probably experience on a daily basis. They’re also a potential goldmine for scammers.

PPC is one of the oldest forms of advertising. Bogus ad clicking tools that artificially inflate revenue have been around forever, to various degrees of sophistication. Basic forms of malware are programmed to autoclick ads detected on websites. Other enterprising individuals concoct ways of manually clicking ads in ways which would not look suspicious to the advertisers.

Affiliate advertising is where much of the ad network chaos takes place. Back in the adware vendor days, rogue ad campaigns using malware, exploits, or fake products to make adware cash would be shut down after much outrage. The adware vendor would make a lot of noise about “rogue affiliates”, and claim it wasn’t their fault. Everything would go back to this same routine the day after and adware vendors would pretend they were somehow free of blame in all of this. Sometimes they would be sued into the ground and abandon the adware life, and other times the evidence of dubious antics were on display for all to see.

Even now, in the case of rogue advertising involving malware (malvertising) there’s often an affiliate component to the “your PC is now compromised” pipeline. You’ll encounter it in many ways:

• Rogue sponsored adverts which sit above organic results in services like Google and Yahoo! search engines. These links may imitate brands or other services to entice you to click
• Fake adverts embedded on websites. These also mimic popular brands to drive clicks
• Compromised websites which may look like a familiar service, but every link offered up is potentially harmful to your PC

The ads in search engine results which look as though they resolve to legitimate sites like Amazon can also be harmful. This is as a result of advertisers being able to display a brand’s official URL within the ad snippet, even when an ad URL has nothing to do with the brand. From here you could be sent to a phishing page, a fake tech support site, or worse. Below you can see an example of a supposedly genuine sponsored ad which actually leads to a fake Amazon login.

Exploits are often a key component of malvertising attacks, and without the right protection on board you may realise too late that something has gone badly wrong.

On top of all this, we have the previously mentioned tracking going on under the hood. Web beacons are used to monitor activity on a website. Tracking cookies shared by multiple services constantly build up a picture of what you’ve done. So-called “shadow profiles” are used to track the activity of people who don’t even use a particular service.

Finally, we have the issue of speed. Lots of ads, tracking, and page elements being served up from different points of origin can all contribute to slowing down your browsing. You’ve almost certainly experienced the “thrill” of a website serving up the ads before the content at some point. This often happens because the ads are served from dedicated content delivery networks (CDNs). Their purpose is to get the ad in front of you as fast as possible, which can mean ads are the first thing you see. While your connection is (probably) a lot better now than it was five years ago, this can still cause issues in some cases…and who wants adverts to be the first thing they see on a page anyway?

As you may have gathered, it’s the marketing Wild West out there. It’s also worth noting that sites such as YouTube are now experimenting with detecting ad blockers, and disallowing users to view videos until their ad blocker is turned off.

So what can we do about it?

• Pick the right browser for your needs. Increasingly, browsers offer more options to specify a level of tracking and advertising that you’re comfortable with. Back in 2020, Safari started blocking third party tracking cookies by default. Firefox has gone down the path of individual cookie jars, called “Total Cookie Protection”, which prevents tracking across websites. Elsewhere, Google is still delaying the sunsetting of third party tracking cookies.
• Extend your options. On the subject of browsers, most will allow you to install extensions to increase your blocking capabilities. Some browsers like Opera include their own ad blocker by default which can be enabled in two clicks. You can also try Malwarebytes Browser Guard, which filters out ads and scams as well as blocking trackers that spy on you.
• Beware shady blockers. You’ll sometimes see fake blockers riding on the coat tails of legitimate products. You may also run into websites or services which claim to dodge ad blocker detection, but serve up spam or surveys. Always do some research on anything you plan to install. Reviews and store rankings can help with this.
• Tackle the scripts. It’s not “just” ads on the surface level. You also need to consider the tracking scripts, cookies, and everything else happening invisibly. Ensure your setup allows for taking care of third party ad tracking.
• Things will break. A note of caution: Blocking scripts or other functionality can break some websites. You’ll need to customise your settings in these situations. Some products integrate ads into the actual structure of a product, so removing or blocking will break the product. Tablet games where you’re granted a new life by watching an ad, for example. There may not be much you can do when this happens. Use the product as is, or cut your losses and move on.

Malwarebytes protects against annoying ads and scams while blocking trackers that spy on you.

TRY NOW

In 2020, we reported on how law enforcement managed to compromise a secure communications system set up by and for criminals.

Now, Europol has published a progress report showing the enormous impact the infiltration of the encrypted communications tool EncroChat made.

EncroChat, a company based in the Netherlands, advertised its services as safer than safe, stating that no messages were saved on its servers, which were located “offshore.” However, Dutch law enforcement figured out the EncroChat servers were located in France and got to work, hoping to catch criminals in the act. And they did.

The EncroChat system was well organized and had gained a lot of trusting users over the years. Criminals felt secure enough to chat freely about everything: Names of customers, drug deliveries, and even assassinations. And their trust was understandable, given what EncroChat promised to offer:

• Phones were dual boot, so users could alternatively start the Android operating system and their phones would look like a normal, old-fashioned model
• The phones had a “wipe all” button that would delete all the stored conversations in case of an arrest or other emergency
• No messages were stored on servers so they could not be seized and decrypted later
• The service used OTR which is a cryptographic protocol that provides both authentication and end-to-end encryption for instant messaging. This protocol ensures that session keys will not be compromised even if the private key of the server is compromised. Even when a server is seized, the conversations cannot be decrypted or lead back to the participants

EncroChat users paid hefty fees for this service— thousands of dollars per year, per device. The exorbitant fees may explain why the majority of the EncroChat clientele could be found on the wrong side of the law. Other parties that might have a vested interest in keeping their chat messages secret include government parties, journalists, security professionals, or lawyers. However, there are cheaper, if somewhat less sophisticated, alternatives for legitimate secret-keeping that law enforcement does not target.

According to Europol, most EncroChat users were either members of organized crime, or performed drug trafficking. The rest engaged in money laundering, assassinations, and firearms trafficking.

EncroChat users divided by crime area, courtesy of Europol

Three years later the harvest of the operation stands at:

• 6,558 suspects arrested, including 197 high value targets  
• 7,134 years of imprisonment of convicted criminals up to now
• EUR 739.7 million in cash seized
• EUR 154.1 million frozen in assets or bank accounts
• 30.5 million pills of chemical drugs seized
• 103.5 tonnes of cocaine seized
• 163.4 tonnes of cannabis seized
• 3.3 tonnes of heroin seized
• 971 vehicles seized
• 271 estates or homes seized
• 923 weapons seized, as well as 21,750 rounds of ammunition and 68 explosives
• 83 boats and 40 planes seized

All this was possible thanks to the analysis of 115 million conversations between the roughly 60,000 users of the EncroChat platform.

Similar operations like the one against Sky ECC, and a fake secure chat service set up by the Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP) called AN0M, have shown that despite being unable to break secure encryption, law enforcement agencies have found ways to eavesdrop on the criminals that feel safe using them.

We don’t just report on encryption—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

Seven months after ChatGPT burst into our lives, it seems the lustre of the chatbot-that’s-going-to-change-everything is starting to fade. A new survey by Malwarebytes exposes deep reservations about ChatGPT, with optimism in startlingly short supply. Of the respondents familiar with ChatGPT:

• 81% were concerned about possible security and safety risks.
• 63% don’t trust the information it produces.
• 51% would like to see work on it paused so regulations can catch up.

The concerns expressed in the survey mirror the trajectory of the news about ChatGPT since its introduction in November 2022.

ChatGPT is a type of Artificial Intelligence (AI) developed by the organization OpenAI. Trained on vast amounts of text data, it can generate human-like responses to prompts or questions. And just in case you don’t know what that means, you should know that the last sentence you read was written by ChatGPT as part of a response to a request to “Describe ChatGPT in a single paragraph.” This is the whole text it generated:

ChatGPT is a powerful language model developed by OpenAI, based on the GPT-3.5 architecture. Trained on vast amounts of text data, it can generate human-like responses to prompts or questions. With its deep learning capabilities, ChatGPT understands context and produces coherent and contextually relevant text. It can assist with various tasks such as answering questions, providing explanations, and offering suggestions. Although it’s not a human and lacks real-time awareness, ChatGPT’s ability to generate text across multiple languages makes it a versatile tool, albeit one that should be cross-verified with reliable sources for accuracy.

When people explored its capabilities in the days and weeks after its launch, it seemed almost miraculous—a wonder tool that could do everything from creating computer programs and replacing search engines, to writing students’ essays and penning punk rock songs. Its release kick-started a race to disrupt everything with AI, and integrate ChatGPT-like interfaces into every conceivable tech product.

But those that know the hype cycle know that the Peak of Inflated Expectations is quickly followed by the Trough of Disillusionment. Predictably, ChatGPT’s rapid ascent was met by an equally rapid backlash as its shortcomings became apparent.

Chief among them is ChatGPT’s propensity to “hallucinate”, the euphemism that data scientists give to untruths created by machine learning models. Perhaps the best example of just how consequential hallucinations can be is Mata v. Avianca, Inc, a court case in which a lawyer found himself in serious hot water after citing numerous non-existent legal cases hallucinated by ChatGPT when he used it as a research tool.

Against that backdrop, Malwarebytes decided to poll its vast pool of newsletter subscribers to see how they felt about ChatGPT, six months after its launch.

Despite all the hype and hooplah surrounding it, only 35% of our tech-savvy respondents agreed with the statement “I am familiar with ChatGPT,” significantly less than the 50% that disagreed.

Those who claimed to be familiar with ChatGPT did not have a rosy outlook. This is what they told us.

Not accurate or trustworthy

The first issue for ChatGPT is that our respondents don’t trust that it’s accurate or trustworthy. Only 12% agreed with the statement “The information produced by ChatGPT is accurate,” while 55% disagreed, a huge discrepancy.

The responses were similarly bleak for the statement “I trust the information produced by ChatGPT,” with only 10% agreeing and a huge 63% disagreeing.

A risk to security and safety

Not only was ChatGPT seen as untrustworthy, it was also perceived as a negative influence on safety and security, with few seeing it as a tool that will improve safety, and an overwhelming majority seeing it as a source of risk.

51% disagreed with the statement “ChatGPT and other AI tools will improve Internet safety,” dwarfing the tiny percentage that see it as a positive for safety.

Worse still, an extraordinary 81% were concerned about the possible security and/or safety risks.

They aren’t alone. In March a raft of tech luminaries signed a letter that said “We call on all AI labs to immediately pause for at least 6 months the training of AI systems more powerful than GPT-4.” The letter pulled no punches on the “profound risks” posed by “AI systems with human-competitive intelligence”:

Should we let machines flood our information channels with propaganda and untruth? Should we automate away all the jobs, including the fulfilling ones? Should we develop nonhuman minds that might eventually outnumber, outsmart, obsolete and replace us? Should we risk loss of control of our civilization?

The letter calls for the pause to be used to “jointly develop and implement a set of shared safety protocols for advanced AI design and development that are rigorously audited and overseen by independent outside experts.”

We put the idea to our respondents and 52% of those familiar with ChatGPT agreed, while less than half that number disagreed.

Conclusion

Our survey showed that an overwhelming number of respondents familiar with ChatGPT were concerned about the risks it poses to security and safety. They also don’t trust the information it produces, and would like to see a pause in development so that regulation can catch up. What remains to be seen is whether this is simply a singular moment of anxiety or a trend that will persist.

An AI revolution has been gathering pace for a very long time, and many specific, narrow applications have been enormously successful without stirring this kind of mistrust. For example, at Malwarebytes, Machine Learning and AI have been used for years to help improve efficiency, to identify malware, and improve the overall performance of many technologies.

ChatGPT is a different beast though. It is a generalized AI tool that could help or supplant humans across a broad range of knowledge work, from coding and composing songs to making malware and spreading misinformation.

The uncertainty around how ChatGPT will change our lives, and whether it will take our jobs, is compounded by the mysterious way in which it works. It is an unknown quantity to everyone, even its creators. Machine learning models like ChatGPT are “black boxes” with emergent properties that appear suddenly and unexpectedly as the amount of computing power used to create them increases.

Real world emergent properties have included the ability to perform arithmetic, take college-level exams, and identify the intended meaning of words. The ability to perform these tasks could not be predicted from smaller models, and today’s models cannot be used to predict what the next generation of larger models will be capable of.

That leaves us facing a very uncertain future, both individually and collectively. The continuum of view points held by serious commentators ranges—quite literally—from those who think AI is an existential risk to those who think it will save the world. Given the stakes, the caution of our respondents is no surprise.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users.

The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on commercial privacy issues on a European level. After the General Data Protection Regulation (GDPR) came into force on May 25, 2018, commercial privacy violations can now be enforced on a European level, which allows for much more effective procedures and strategic litigation.

The complaint targets BICS, TeleSign, and Proximus. BICS is a Belgium-based communications service that enables phone calls, roaming, and data flows between different communications networks and services all over the world (500 mobile operators in more than 200 countries). Instead of having direct agreements with each other, hundreds of mobile phone providers can connect their networks through the interconnection service of BICS.

TeleSign is a US-based company that provides Application Programming Interfaces (APIs) that deliver user verification, digital identity, and omnichannel communications, to help other brands with secure onboarding, maintain account integrity, prevent fraud, and streamline omnichannel engagement. Among its customers are Ubisoft, ByteDance (TikTok), Skype, and Salesforce. 

Proximus is the Belgium based parent company of both BICS and TeleSign.

The problem

When processing phone customer data, BICS gets detailed information like the regularity of completed calls, call duration, long-term inactivity, range activity, and successful incoming traffic. And it receives these data for about half of the worldwide mobile phone users.

In 2022, Belgian newspaper Le Soir published an article about BICS sharing these data with TeleSign. Based on these data, TeleSign gave every mobile phone user a “trust score” between 0 and 300 points. This trust score helps their customers decide whether to allow users to sign up to a platform or, for example, require an SMS verification first.

According to Telesign’s website, it verifies over five billion unique phone numbers a month, representing half of the world’s mobile users, and provides critical insight into the remaining billions.

The data BICS shares includes information such as the type of technology used to make calls or texts, the frequency of activity, and the duration of calls.

nyob co-founder Max Schrems said:

“Your phone provider likely forwards data to BICS who then forwards it to TeleSign. TeleSign generates a ‘trust score’ about you and sells phone data to third parties like Microsoft, Salesforce or TikTok  – without anyone being informed or giving consent.”

While GDPR allows for sharing data for the purposes of taking appropriate, proportionate, preventive and curative measure and in order to detect fraud and malicious use of networks and services, nyob feels that this is not the case here.

From Max Schrems:

“The responses received by BICS and TeleSign suggest that this business model is not complying with EU privacy laws. We have therefore filed a complaint with the Belgian Data Protection Authority, who is competent for Proximus,  BICS and TeleSign.”

The lawsuit could end up to be very costly. The Belgian Data Protection Authority (DPA) can issue a fine up to 4% of the global turnover of Proximus, which is roughly $250 million.

EU citizens that want to know whether TeleSign has data on them, and has assigned them a score like the complainants, nyob has developed a template that you can use to send an access request to TeleSign. Companies holding data about you have the obligation under GDPR to tell you not just whether they process information about you, but also where they received the data, for which purpose they use it, and with whom they shared it.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Major software company SAP is putting the pieces of a story involving missing SSD disks back together.

Four SSD disks are alleged to have gone on an adventure last November, making their way out of a Walldorf, Germany, datacenter with one of them ending up on eBay. An investigation revealed that despite the disks being located in a building referred to as a “secure location”, it was anything but for the disks in question.

According to The Register’s sources, the disks were transported to an “unsecured building” somewhere in the HQ complex. Eventually, the disks were taken without permission. Some time later, an SAP employee saw one of the missing disks on eBay and purchased it, identifying it as one of their own.

It seems highly unlikely that the individual in question bought a random SSD disk on eBay and it randomly turned out to be one of the missing disks. This was presumably part of a “hope it turns up somewhere” investigation and they managed to hit the jackpot.

The Register says that the disk contained “personal records” of 100 or so SAP employees though there is no word as to what specifically was on there. At the time of writing, the three other disks remain unaccounted for. We don’t know what’s on them but considering the content of the recovered disk, but SAP seems to think no customer data has been lost:

SAP takes data security very seriously. Please understand that while we don’t comment on internal investigations, we can confirm we currently have no evidence suggesting that confidential customer data or PII has been taken from the company via these disks or otherwise.

The Register claims that this is the fifth incident along these lines affecting European datacenters in a two year time frame. That’s probably not surprising, lots of bits and pieces go missing from workplaces all the time. And it’s not necessarily done deliberately or as an act of theft. Sometimes people wander into accidents, and that’s how you end up with all of those “USB stick left on the bus” stories. Sadly, the end result is often the same: Data exposure and confidential information going public.

How to keep your removable devices in the right place

• Inventory management. Keeping a close eye on what you have can be tricky, but it’s essential to make sure assets don’t go wandering off. As Chron puts it, identification, number, location, and description will go a long way tied to a few spreadsheets or even dedicated software. Regular audits will ensure nothing is missing. Employees should have a set number of days to return items when leaving the business. Laptops should have remote location tracking which can’t be turned off.
• Encrypt your drives. Encrypting your drive essentially scrambles all of the data in a way which means that anyone picking it up will have a hard time accessing the contents. Without a password or some other way to verify that accessing the drive is allowed, no data will be forthcoming. Many off-the-shelf drives come with encryption built in and ready to set up. Others will automatically wipe all data if the password is entered incorrectly too many times. You can even encrypt USB flash drives, and if your main drives don’t come with encryption, plenty of third-party options exist to take up the security reigns.
• Hard to move hardware. It’s unlikely someone will walk out the door with a PC workstation, but you should think about everything plugged into it. Cables and peripherals can all be secured or even locked into the device. Some locking kits will allow you to secure multiple peripherals with one carbon steel cable. Others will block USB ports and prevent access without making lots of obvious damage to the device.
• Secure that space. Sensitive data areas may require CCTV, and scannable employee cards allowed for use in specific locations. Add printing funds to cards, deploy locks on your printer tray, and restrict access to paper used for billing and expense claims. You may not have considered your printer as a rogue element of your office, but in the right hands it could be.
• On the road observations. As TechRadar notes, items can be stolen from employees when travelling. Don’t leave work items in your car, and consider using bags for laptops which don’t look like expensive laptop bag carriers. If you’re in a cafe, don’t leave your devices unattended. There are many locks designed for laptops which can help secure a device when in public.
• When all else fails, browse the for sale sites. On the off chance that a piece of equipment has gone missing, it’s time to check out eBay and similar portals. You probably won’t find it listed as “[Company Name] Missing hard drive”, but you may get good results if you search for specific makes and models of hardware.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Ransomware is like that stubborn cold that you thought you kicked, but creeps back up determined to run amok again. The question is what medicine is available to kick this nasty infection for good.

In this post, we’ll break down the idea of ransomware reinfection and share a real-life episode where Malwarebytes Managed Detection and Response (MDR) mitigated a resilient ransomware reinfection from the Royal ransomware gang.

What is ransomware reinfection?

Imagine this scenario: You’ve recently battled a vicious ransomware attack, finally restoring your systems to their normal functionality. You breathe a sigh of relief, secure in the knowledge that your data is safe and operations are running smoothly.

Alas, it’s not the end of the story.

The ransomware attack you just countered was actually just the final act of a long-drawn series of malicious activities. In other words, many ransomware attacks aren’t the start of the problem; they’re often the result of an unresolved network compromise.

The true culprit is how the threat actor is gaining access to begin with. Once inside, they steal login credentials, deploy malware, or establish a backdoor—a secret gateway into the network that can be exploited later. This is like them leaving a hidden door unlocked for future visits.

Even after successfully mitigating the immediate ransomware attack, these hidden doors may remain unnoticed, enabling the attackers to infiltrate your network stealthily once more. This is the essence of ransomware reinfection.

Having clarified the terminology, let’s delve into a real-world instance of a ransomware reinfection in action.

Initial Ransomware Attack – November 23, 2022

Prior to their engagement with Malwarebytes, our customer experienced a ransomware attack on their AWS environment. They chose not to pay the ransom.

The subsequent countermeasure involved a complete system rebuild from backup to recover their operations.

Onboarding with Malwarebytes MDR and Detection of Reinfection – December 9, 2022

In response to the initial compromise, the customer onboarded with our Managed Detection and Response (MDR) service and Endpoint Detection and Response (EDR) product. Immediately after installing the EDR on the endpoint, detections for additional ransomware were identified.

Our MDR analyst spotted file detections linked to the previous ransomware attack, attempted outbound communications to a known malicious site (a Cobalt Strike C2 server), and remote inbound RDP connection attempts. The MDR analyst promptly contacted the customer, recommending to block the C2 server and the source of the RDP connections, which the customer promptly implemented.

New Threat Emerges – December 11, 2022

Only two days later, a new set of remote host RDP connection attempts were detected. Again, the MDR team advised the customer to block the connection source to prevent further infiltration.

Critical Incident and Response – December 13, 2022

A new wave of local host file detections indicated a return of the previously encountered ransomware. An unencountered persistent mechanism was also identified, suggesting that the threat was not completely eliminated. As part of our response, we raised a critical incident to the customer, carried out an extensive threat hunt, and identified two compromised domain admin accounts, a domain controller (DC), and an SQL server.

A Potentially Unwanted Modification (PUM) detection of a disabled Windows system restore setting.

The customers’ C:Program Files directory showed peculiar files like ‘desktop.ici.royal.w’, ‘PackageManagement’, ‘README.TXT’, and ‘Uninstall Information’.

This new detection, “Ransomware.Royal”, suggests that the attackers were either still present in the network or had gained access again.

Our MDR team promptly reached out to the customer’s Security team and initiated a strategic consultation via a Zoom call. Detailed insights were shared on the Indicators of Compromise (IoCs) encountered, and we advised the customer to change the passwords of the affected domain admin accounts.

In response, the customer implemented an enterprise-wide password change and blocked the newly identified C2 server. Additionally, the decision was made to rebuild the compromised DC.

Lessons from the Incident

This episode underscores the relentless threat of ransomware reinfection in today’s threat landscape, as well as the critical role that 24x7x365 diligence of trained cybersecurity experts, swift responses, and collaborative efforts play in cyber defense.

Without having a similar level of expertise in-house, the reality is that many organizations will see reinfections that could lead to catastrophic results.

In this case, our customer had assumed full recovery from the initial ransomware attack, and if not for the MDR service, they may never had realized that the attack was still ongoing. Fortunately, the collaborative efforts of Malwarebytes MDR, EDR, and the customer successfully mitigated the threat and safeguarded the customer’s digital space.

For more information of our EDR and MDR products and services, please visit https://try.malwarebytes.com/mdr-consultation-new/

Read more:

• How to choose an MDR vendor: 6 questions to ask

• Is an outsourced SOC worth it? Looking at the ROI of MDR

• 3 ways MDR can drive business growth for MSPs

• Cyber threat hunting for SMBs: How MDR can help

Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer.

The game installers route offers some very distinct advantages to the cybercriminals:

• The games are very popular and downloads are highly sought after, which increases the chances of people downloading them
• Game installers are large files which means they can’t be uploaded to most online malware scanners
• The game install finishes, so the user trusts the installer did what it promised to do and the extras get ignored
• The targeted systems are high performance machines suitable for playing games. Which means they can be expected to be useful in the intended mining activity

The researchers looked at a trojanized version of a Super Mario game installer which came as an NSIS installer. NSIS (Nullsoft Scriptable Install System) is a professional open source system to create Windows installers. In this case it was used to combine three executable files, one of which was the legitimate Super Mario Forever game.

But while the victim is going through the steps of the installation wizard for their game, in the background two secretly dropped files are executed by the same installer.

1. An XMR (Monero) miner which operates stealthily in the background to mine cryptocurrency for the cybercriminal without authorization and while using system resources in amounts that could be harmful
2. SupremeBot, a mining client which also downloads a file from a Command & Control (C2) server. In this case an information-stealer identified as the Umbral Stealer

The SupremeBot malware uses some techniques to stay under the radar. First it creates a copy of itself called Super-Mario-Bros.exe and drops that in a randomly named subfolder of the ProgramData folder. It also creates a new scheduled task that runs every 15 minutes to run that copy. When that persistence is set up it kills the process and deletes the original file.

The new copy sends the victim system’s CPU and GPU versions as identifiers to a C2 server to verify if the client is registered. If not, the new client is added and receives XMRig CPU and GPU mining configuration details from the C2 server.

When all that is set up it downloads a Themida packed file. Upon execution, this file unpacks itself and loads the Umbral Stealer into the process memory. The Umbral Stealer is a Windows-based information stealer, which is available on GitHub as an open-source project. It uses Discord webhooks to send collected data to the cybercriminal.

The collected data is obtained from the affected system by:

• Capturing screenshots
• Retrieving browser passwords and cookies
• Capturing webcam images
• Obtaining telegram session files and discord tokens
• Acquiring Roblox cookies and Minecraft session files
• Collecting files associated with cryptocurrency wallets

Advice

To prevent falling victim, here are some guidelines:

• Only download from trusted sources
• Monitor your system for high CPU usage and other performance issues
• Use an updated and real-time anti-malware protection

C2 servers:

silentlegion[.]duckdns[.]org

shadowlegion[.]duckdns[.]org

Malwarebytes EDR and MDR remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Before we get into the tips: a caveat. We know many seniors who are digitally more up to date than people 20 years younger, but for those who aren’t, this guide is for you.

If you’re offended by the word seniors in the title, feel free to replace it with “computer illiterate people.” And keep in mind that this piece was written by a 60-year old who happens to be the “computer guy” among his family and friends. 

With the world’s increasing digitalization, even those that are not a big fan of computers are compelled to use them for various urgent reasons. Seniors in a digital world can be overwhelmed by all the new technology. And just when you think you’ve caught up, something new’s been invented. 

In security terms, it can feel like there’s a lot to do in order to keep your data and devices secure. Multiple passwords, reading through EULAs, website cookie notifications, and more. All of this can contribute to a serious case of security fatigue.

Many of today’s most dangerous threats are delivered through social engineering, i.e., by tricking users into giving up their data, or downloading malware from an infected email attachment. Therefore, knowing more about what not to click on and what not to download can keep a good portion of threats out the door.

So, with that in mind, here are 9 basic security tips for seniors:

1. Do not click on links asking to fill out your personal information. Banks and other financial institutions will not send emails with links, especially if those links are asking you to update your personal information. If a website promises you something in return for filling out your personal data, they are likely phishing. In return for your data, you will probably get lots more annoying emails, possibly an infection, and no gift.
2. Don’t fall for too-good-to-be-true schemes. If you get offered a service, product, or game for free, and it’s unclear how the producers of the service or item are making money, don’t take it. Chances are, you will pay in other ways, such as sitting through overly-obnoxious ads, paying for in-game or in-product purchases, or being bombarded with marketing emails or otherwise awful user experiences.
3. Don’t believe pop-ups and phone calls saying your computer is infected. Unsolicited phone calls and websites that do this are known as tech support scams. The only programs that can tell if you have an infection are security platforms that either come built into your device or antimalware software that you’ve personally purchased or downloaded. Think about it: Microsoft does not monitor billions of computers just to call you as soon as it notices a virus on yours.
4. Don’t download programs that call themselves system optimizers. We consider these types of software, including driver updaters and registry cleaners, potentially unwanted programs. Why? They do nothing helpful—instead, they often take over browser home pages, redirect to strange landing pages, add unnecessary toolbars, and even serve up a bunch of popup ads. While not technically dangerous themselves, they’re unneeded and could let other nasties in through the door.
5. Disable web push notifications. These are almost never useful to the user, they can be easily spoofed, and they are regularly used for social engineering and obtrusive advertising purposes.
6. Keep your browser up-to-date. Major browsers such as Firefox, Safari, and Chrome all have their own strengths and weaknesses, so it’s a matter of personal preference which one you use. However, browsers regularly have vulnerabilities and any updates should be applied as soon as possible. Remember: You must restart your browser in order for updates to take effect.
7. Look for HTTPS and the padlock sign. Just because there is a padlock next to the address bar doesn’t mean the site is safe, but it does mean all the traffic between your computer and the website is encrypted. That means that if someone tried to snoop on what you were sending the website, they’d get nowhere because the data would be scrambled.
8. Use multi-factor authentication wherever you can. You can set this up on most sites and usually involves you entering a code from either an app or a text message, after you’ve entered your password. Bonus points for healthcare or banking organizations with logins that use passkeys, a hardware key, or behavioral biometrics.
9. Use a password manager. They help you create and remember safe passwords and they won’t automatically put your passwords into fake sites, which helps you tell if something is a phishing site. This step might require some time and help from someone more technical, but it makes things much safer in the long run.

We don’t just write about threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.