VPNFilter Malware attacks Linksys, Netgear, TP-Link, Asus, D-Link and more

Linksys, Netgear, TP-Link, Asus, D-Link, Ubiquiti are vendors whose routers have been found targeted by malware called VPNFilter. This is a story that initially broke in May 2018, but more routers have been found to be affected since.

Researchers at Cisco Talos report that VPNFilter allows attackers to listen on traffic and steal website credentials; as well as remotely brick the user's router. Initially, at least 500 thousand routers were estimated to be infected; but the list of devices known to be targeted has since increased and is currently shown on the screen.



If your router is affected, Anti-Virus4U,com recommends you to reboot it, and work with your router manufacturer to check if the device is up to date. If your router is issued by your Internet Service Provider, we recommend you to contact support to check if your device is affected.

Read More

Blockchain Technology Hacking and Cybercrime Risks

Bitcoins and blockchains are quickly becoming a dominant player in large-scale finances. Bitcoin as a substitute for money has opened up innovative ways to trade multiple options. It has gained much public awareness and is accepted by an increasing number of merchants globally. Now the main question arises whether they could be hacked or not? In the past, there was uncertainty about the hacking of Bitcoins and blockchain due to their secure crypto nature. Nowadays, everything runs online with the assistance of highly-developed computers. This has led to many hijacking incidents, and the computers have emerged to be the main targets for the hackers. On account of this, the crypto-currencies, Bitcoins, and blockchain have also been targeted by the cyber-criminals. The most recent figures reveal that hundreds of millions of dollars have been stolen by the thieves till date. The volume of the people cheated so far is huge, and even no day passes where is some news pertaining to cryptocurrency hacking. Here are some of the points that explain some of the hacking incidents related to Bitcoin and blockchain:

1. Bitcoin miner malware 
The process of generating Bitcoins involves huge consumption of electricity, since it cools the mine computers specifically engaged for this purpose. In order to save more from electricity consumption charges, many Bitcoins miners utilize the resources accessible at their company’s premises. Another method adopted by them involves the spreading of malware comprising of Bitcoin-mining. Nowadays, a botnet representing a network of infected computers is used by the malware to mine Bitcoins fraudulently. As a result, the victims are losing hundreds of millions of their hard-earned money.

 2. Hijacked online value stores 
The value of crypto-currencies is stored online in the files stores or wallets. Since, these wallets are accessible online; they can be stolen or compromised just like any other store of value functioning on a computer. The worst situation occurs when the users fail to remember their passwords or PIN, or misplace the computer’s hard drive holding the value store details. In this event, the value store turns out to be perpetually inaccessible. The same problem can be caused by the ransomware. In case, you are holding a bank account, you can access your account by using another computer, and your value remains unharmed. However, the cryptocurrency wallets have a different story to tell. These online wallets can be hijacked on another computer easily. Most financial experts suggest that the best way to protect your cryptocurrency value is to keep it in an offline wallet. As a result, the malware or hackers will not be able to access your value wallets. If you are using an online wallet, it can be best protected with multi-factor verification.

3. Crypto-currency Trojans 
The Crypto-currency Trojans sit at your computer and wait for getting the format of a crypto-currency account number. As soon as, it finds an account number, it replaces that account in which you are moving value with their account number. If you fail to notice this, you will be unable to stop it, just the once you hit the send button.

4. Disadvantages of Crypto Implementation 
In any crypto implementation, the main point to consider is the cryptologic algorithm that is being utilized. In case, if you make an arrangement for any cryptographic solution, the worst sufferers from vulnerability are the blockchain. The deficiency of a secure private key for Bitcoin mining can result in bringing the whole system down. Even though, this is not apparently noticeable, but, it is recommended that earlier than you get involved in a blockchain project or utilizing a crypto-currency; make sure that the programmers are using SDL (secure development lifecycle) processes to curtail bugs. As reported in most of the hacking incidents, cyber-criminals fraudulently hack the crypto-currency software in order to steal value. Any coding mistake committed by the hackers during this fraudulent practice can corrupt everybody’s cryptocurrency wallet sooner than any recovery. Even if the thieves are not successful in stealing money, yet, everybody can get cheated or troubled.

5. Cryptotext and cheating attacks
The qualities of a good crypto make sure that the ensuing cryptotext is not noticeable to anybody. The cyber-criminals would not be able to work out the original nature of cryptotext. On the other hand, in blockchain technology, the block formats are simple to figure out. In every block, there are instances when same letters, numbers, and characters exist in the same place. On account of this easy figuration, the crypto-attackers get an opportunity to steal the partial image of unencrypted text in every crypto- protected block. In addition, every block is a function of the preceding block. As a result, the entire protection of the basic encryption code gets weakened. Ultimately, the hackers get an opportunity to carry out their nefarious activities.

6. SHA-256 and Bitcoin security 
SHA-25 is similar likes its precedent SHA-1, but one doubts whether it would be able to offer the same level of security as in the past. Most security experts observe that SHA-256 is not of much concern regarding Bitcoin and blockchain. The most significant thing is that the world’s powerful financial as well as HTTPS transactions are provided highest protection by SHA-256. In the event, if somebody makes an attempt to break it down, the biggest thing to worry is the security of Bitcoins and blockchain. In case, if you are planning to make a blockchain or crypto-currency, you can utilize “crypto-agility,” which, in other terms, is the ability to substitute codes and maintain the basic program.

7. Hacking of centralized websites
At the moment, one of the most common threats that surround Bitcoins as well as blockchain project is the hacking of the centralized website controlling them. Only last week, there was a major setback to Bitcoins values, when the cyber-criminals fraudulently took over $70 million in Bitcoins. On the similar pattern, many crypto-currency sites managing more than hundreds of millions of dollars were hacked by stealers. These incidents have resulted in the downside value of Bitcoins.

The best way recommended is to store your cryptocurrency value in an offline location. There are many instances in which criminals ran away with millions of corrupt money. Therefore, you have to remain very careful while doing business with a crypto-currency web site. Make sure that particular site is fully protected and reliable. No organization is going to safeguard your interest in the event, in case, any mishappening occurs.

Read More

Rise in Global Cybercrime New Reported by McAfee

Rise in Global Cybercrime, Hits $600 Billion Annually, as Reported 

The sudden rise in cybercrime has amounted to $600 billion worldwide, as reported by different agencies. This is mainly due to the high-profile techniques used by hackers and multiplication of criminal marketplaces, including cryptocurrency mining malware.

As reported by McAfee, the Center for Strategic and International Studies discovered that approximately one-fourth of the total cost of cybercrime in 2017 was because of the stealing of intellectual property. Furthermore, the cyber attacks by ransomware are increasing at a very fast speed. The financial institutions in Iran, North Korea, and Russia are the main targets of cyber criminals, while China has been reported to the most active in cyber spying.

The criminals accountable for attacks in cyberspace are utilizing advanced technologies, together with artificial intelligence and encryption. At these illegal activities get unnoticed or hidden as these cyber criminals utilize Bitcoins and cryptocurrency mining malware.

The chief technology officer for McAfee, Steve Grobman, while speaking in a news conference in Washington, disclosed that they are seriously observing the hackers taking advantage of the cutting-edge technology, along with innovative techniques. No doubt, these latest technologies can offer great value when utilized rightfully for other purposes, but, the cyber criminals are adopting them for hiding their information and sources of attacks.

Also, as per the McAfee-CSIS report, the cybercrime costs were increasing more from $445 billion, as anticipated in 2014. The CSIS vice president James Lewis hopes that this amount would knock down, but there is nothing insight as per the developments observed. Moreover, the dominance of a whole 'dark web' phenomenon has generated a safe room for criminals to operate. Subsequently, there has been a sudden increase in cyber criminal activities. The dark web marketplaces also allocate criminals and hackers to sell their tools or services which can be utilized for attacks, in addition to the selling of stolen credit card numbers. Another aspect of these illegal criminal activities is that geopolitical risks of cybercrime hold a major role in cyber attacks.

According to Lewis, Russia is the leader in cybercrime, and tantamount to major criminal activities followed by better skills of its hacker community and its non-adherence to western law enforcement. The second country in this vicinity is North Korea. This nation funds its government with the utilization of cryptocurrency theft. On the similar ground, there has been a spurt in cybercrime in Brazil, India and Vietnam.

The study also revealed that both the governments and the cybercrime community often maintain a close relation. For instance, in a huge attack against US-based Yahoo, one of the cybercriminals worked at the command of Russian intelligence services to carry out the malicious activities. Also, the stolen data was utilized for credit card fraud and spam activities.

The main aim of this study was to collect data pertaining to all of the criminal activities by hackers responsible for the loss of confidential business data, online fraud, stolen credit card misuse, cyber insurance, and fraudulent operation toward publicly traded companies. However, the study did not consider evaluating the cost of all malicious activities on the internet.

The above-mentioned global research report was released after the White House stated that the cyber attacks in the United States amounted to costs between $57 billion and $109 billion, and warned of more harm to the broader economy in future.

Read More

Tesla Kubernetes Servers Hacked

Tesla Kubernetes Servers Hacked, Infected with Cryptocurrency Miner Malware 

As detected by the Cloud security firm RedLock, Tesla internal cloud servers were hacked by unscrupulous elements and cryptocurrency miner malware was found installed on the company’s servers utilized by their engineers. This incident was reported to have taken place last year, when hackers got a fraudulent access to Tesla's Kubernetes server. This is an open-source application which is utilized by many companies to handle API and server infrastructure set up on cloud hosting providers.

The experts from RedLock revealed that the Kubernetes server’s pod that stored login details for one of Tesla's AWS cloud infrastructure was breached by the hackers. The server’s AWS buckets stores sensitive data such as telemetry, and but a spokesperson for Tesla Motors reiterated in an email to Bleeping Computer that the data was from their internally-used engineering test cars. Moreover, there was no proof that hackers stole any data, but they did made an effort and did install a mining application that was accountable for the wide computational resources of Tesla's internal servers to fraudulently mine the Monero cryptocurrency.

Tesla got a notification about the hacking incident, and thereafter, they secured the server instantaneously. According to the version of RedLock, the incident took place for the reason that Tesla engineers overlooked to protect the Kubernetes console with an access password. Tesla officials were also found quoting that in order to persuade this type of research, they maintain a bug bounty program, and had the capacity to encourage this type of research. Furthermore, they can solve any problem within hours of learning about it. The impact of breaching its internal servers appears to be restricted to internally-used engineering test cars only. As per the inquiry made by them, there was no sign of breaching or comprising of customer privacy or security in any way.

Most interestingly, the hackers made configuration changes in order to avoid any kind of suspicion or detection. Obviously, they made out what they were doing. They hacked the system only to set up a private mining pool meant for their fraudulent illegal mining operations. As a part of their illegal activities, they suppressed the mining pool behind CloudFlare, and the mining software was further configurated to take note of commands on a non-standard port. As a result of these activities, the hidden mining software was able to utilize only a small portion of Tesla's AWS CPU resources.

It is, obviously, clear that the hackers made a considerable amount of money by the utilization of a custom mining pool. In the past too, RedLock found exposed similar servers without a password belonging to Aviva, a British insurance company, and Gemalto, the world’s leading SIM cards manufacturing company.

Read More

Ransomware vs Malware differences and protection

Ransomware vs Malware - The differences and protection using Antivirus or VPN 

What is malware?
Malware acts by instigating a user to install particular software in order to get an access to the user’s computer. As soon, it gets installed; it begins tracking the user’s system and can potentially lead to damages without the user’s knowledge and permission. The most common forms of malware are keyloggers, viruses, worms, and spyware. Nowadays, Malware is used by as fraudulent software to steal confidential information and spread spams via email attachments. Some unscrupulous elements also use this malicious software for conscripted advertising, and also to make earnings through it. Recently, a Chinese digital marketer used malware Fireball and made ad-revenue generating engines via 250 million web browsers around the globe.

Malware has spread its arms to the corporate networks as well, and almost 20% of them were affected on account of this. The major spread of the Fireball has been discovered to spread because of the bundling process. Without any permission from the user, Malware got installed on its own on the programs like Deal Wi-Fi, Mustang Browser, Soso Desktop and FVP Image viewer.

Also, a malware named Judy affected 36.5 million Android devices. The main intention was to generate revenue by bogus clicking on advertisements via fraudulent means. A Korean company Kiniwini accountable for developing apps had this malware in 41 apps. On the other hand, there are many harmful apps that still exist on the Google Play Store, thereby; it is highly questionable as regards Android’s security.

Also recently, a malware named ‘Crash Override’ was detected in the Ukrainian capital, Kiev which was responsible for a power outage. Most interestingly, it is the first -ever malware that attacked an electric grid.

What is ransomware?
Ransomware is another form of malware accountable for locking up your computer. Furthermore, for getting unlocked, you are required to shell out a demanded payment. The most demanded form of the payment is in terms of Bitcoins. These days, Ransomware is attacking in some other form too. The user’s individual files on his computer are encrypted utilizing a private key. This key is only obtainable from the ransomware authors, and even if you get this key after paying the demanded amount, this no guarantee that your computer will get unlocked.

Ransomware, a new subsidiary of malware, has briskly emerged as a major threat to the online digital technology. In 2016, there were near about 638 million ransomware attacks, which were exceeding 167 times the ransomware attacks in 2015. Most of the prominent organizations and individual users got confused on these malign terms - malware and ransomware. Being victims of various cyber-attacks, there was a sense of insecurity amongst them as a whole.

In May 2017, the Wannacry Ransomware made a prominent cyber-attack and was accountable for infecting more than 300,000 computers, running on Windows OS and spread over 150 countries. A number of businesses across Europe, the Middle East, and the United States were also affected because of Ransomware Petya. The difference between Petya and WannaCry is that Petya Ransomware can spread only across a local network, and on the other hand, WannaCry Ransomware is more harmful as it could spread for an indefinite period across the web.

As per the recent reports, it was revealed that Petya is rather a deadly ‘Wiper Malware’, and not simply a ransomware. The design of Petya was similar to that of a ransomware, but its outline lacks the scheme of information recovery. Petya worked by rebooting the user’s computer, encrypted the hard disk’s ‘Master File Table (MFF)’, and affected in making the ‘Master Boot Record (MBR)’ maladjusted. Its malicious code then replaced the encrypted code, thereby ruling out the user from rebooting. On the other hand, the latest variant of Petya does not possess a copy of substituted MBR, thereby, preventing the user to boot his computer.

Mode of spread of Malware and Ransomware
The mode of spread of malware is mainly through emails and attachments with unknown links claiming to have some interesting information tricking the computer to open and read them. Just the once, a computer user clicks on that very link, they get diverted to a fake website which looks identical to a genuine one. Then the users are prompted to download some software, as soon as user downloads it, their system gets infected and damaged.

As revealed, the major sources of cyber attacks are the unclaimed web sites and pop-ups which offer free content in the form of free music or free movies. The main purpose of these attacks is to steal the personal credentials and confidential information of the users, and then use the same for carrying out a number of fraudulent and illegal activities.

Protection from malware attacks using a Antivirus
Many of security vendors provides Anti malware and Anti Ransomware tools to scan and secure you PC or devices and even release you from ransomware attacks.

Protection from malware attacks using a VPN
The best and most-effective way to get protection from malware attacks is to back up your data occasionally. This can help protect your system against malware and ransomware.

Also, a VPN is the technique that permits you to access the web through ambiguity. VPN can also help enhance the security of your system. As soon as the VPN procedure is followed, the attackers will not be able to attack your computer and track all of your confidential information. There are various top-quality VPNs that provide the users a security warning, whenever they make an effort to access doubtful URLs. Moreover, all the data shared online utilizing a VPN is fully encrypted.

Read More

Ovidiy Stealer Malware - $7 Makes you become Hacker

 A new form of malware has been revealed by Security company Proofpoint. This malware can be purchased at $7 and the matter of concern is that, it is not detected by antivirus software. 

Ovidiy Stealer was a undocumented credential stealer that appears to be marketed in the Russian speaking regions, was recently analyzed by threat researchers of Proofpoint. Its original samples were experimental in June 2017 and it is under stable development with various updated versions. criminals has actively adopted this malware due to its growing number of samples. It attacks through the execution of compressed attachments, email attachments and hosting pages or keygen websites links. In all cases, the attachment is executable and infected with malware, so it is important to remain protected. 

When it infects a system, malware communicate through control server and command via SSL/TLS and search for passwords in the apps in order to transmit them to hackers. It leaks the information like username and password, processor ID, targeted applications, website with saved credentials, and registered Ovidiy Stealer username. 

During the in-depth analysis of this malware, it was explained by Proofpoint that the price of Ovidiy Stealer is 450-750 Rubles (~$7-13 USD), and one build is included in the archive that comes as a precompiled executable. It is also reported by the company that the file is crypted to prevent analysis and detection, however, if some antivirus solution detect the infection, then it is flagged with simple description. 

Going after popular software 

Popular software's such as Opera Browser, Filezila, Google Chrome and Torch Browser, are at great risk from the malware as it targets them. 

Version 1.0.1 and 1.0.5 is distributed in the wild. Written in Dot NET, Ovidiy Stealer samples are full of Confuser and .NET Reacter. When executed, the malware will remain the installed directory and carry out tasks. According to Proofpoint, there is no resolution mechanism created into this malware, so it will top running on reboot but the file will remain on the victim machine. 

There are many updated samples of Ovidiy Stealer have found online, so to remain protected, it is essential to check twice before updating software and downloading file from different untrusted sources.

Read More

Difference between Viruses and Malwares (Antivirus vs Antimalware)

One of the most frequently asked questions in online Software Security Forums is the difference between Viruses and Malwares (Antivirus vs Antimalware). 

Let us answer this right now so that it serves as the base when we later talk about Antivirus and Antimalware solutions. 

• Virus: Viruses were very popular in the early 1990s, when the internet was relatively new. They were meant to infect and replicate and make the users’ experience with computers and the internet bitter. 
• Malware: It is a general term which has been used for malicious programs which include adware, spyware, rootkits, exploits, Trojans, worms etc. In short, all viruses are malware, but all malware are not viruses. 

The question which usually follows the above question is:
“Would my Antivirus program keep me safe from all types of Malware?”

The answer to this question is a straight NO! Antivirus programs are meant to deal with viruses. A complete protection against malware is only guaranteed by installing a complete package of security software solutions (Internet Security or All in One Security). When employees of different vendors were asked the same question, they nodded in affirmative, but at the same time, hinted that users would be safer if they purchased the complete package, and not just the system antivirus. All the major antivirus vendors like Kaspersky, Bitdefender, Norton and McAfee have been providing security for the system, protection against online threats, safeguarding your online identity and building a personal firewall for you. This multilayered secure environment makes the internet a safe place for you. Since malware have been extensively used for stealing information from victims for quite some time now, it is essential that all types of malware are blocked. Most of the antivirus packages provide you cutting –edge technology and protection against even zero-hour threats due to their integration with the cloud. They forward the virus database to the cloud, reporting of the most recently launched threats. Definitions are dynamically updated and sent to systems connected to the cloud all over the world, thus preventing the spread of the infection.

Anti-malware and Antivirus programs essentially have the same goal- denying access to malicious programs into the computer/server/network. MalwareBytes, one of the leading suppliers of Antimalware software, clearly mentions that the programs is meant to remove malware and is less directed towards the removal of traditional viruses. The best solution is to scan your system for viruses and other vulnerabilities, disable it for some time and then scan the computer for malware.

What is the difference between Antivirus and Internet Security Software?

Read More