Sandra@F-Secure

Follow me on:

latest posts from Sandra@F-Secure

Screen Shot 2014-09-20 at 9.12.30 AM

Unlike Team Fortress 2 or Doom, two of the most popular PC games of all time, GameOver ZeuS is not a game you can buy online or would willingly download on to your computer. What is GameOver ZeuS? While we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver ZeuS or GOZ Trojan, which initially began infecting users in 2012. Gameover ZeuS is designed to capture banking credentials from infected computers, and make wire transfers to criminal accounts overseas. It was allegedly authored by Russian hacker Evgeniy Bogachev, who then implanted it on computers all around the world; building a network of infected machines - or bots - that his crime syndicate could control from anywhere. It’s predominately spread through spam e-mail or phishing messages. So far, it’s been estimated to scam people out of hundreds of millions of dollars and it’s only getting worse. It doesn’t stop there; Gameover ZeuS can also be modified by hackers to load different kinds of Trojans on to it. One such Trojan is a ransomware called CryptoLocker, which is a devastating malware that locks a user’s most precious files by encrypting all the files until he or she pays the hacker a ransom. In June 2014, the FBI, Europol, and the UK’s National Crime Agency announced they had been working closely with various security firms and academic researchers around the world and took action under a program dubbed “Operation Trovar.” This initiative temporarily disrupted the system that was spreading the Trojan and infecting computers, allowing a temporary pause in additional computers from being infected. However, computers that were already infected remained at risk, as they were still compromised. What’s next? The disruption of the GameOver ZeuS botnet was a great success in many ways, but it’s not over. Our security advisor, Sean Sullivan, worries that this temporary disruption was actually more dangerous than completely taking it down. “Without arresting Bogachev, Gameover ZeuS is still a huge threat and likely to evolve to become more dangerous. The hackers can just as easily program a future version of the Trojan to initiate a “self-destruct” order (like destroy every file on a computer) if the ransom isn’t paid, or if authorities try to intervene.” What can we do to protect our digital freedom? Beware of malicious spam and phishing attempts — don’t open any attachments within emails unless you are specifically expecting something. Check email attachments carefully, and make sure you don’t open any files that automatically launch, which frequently end in .exe Have an Internet security solution in place and keep it up to date Keep your Windows operating system and your Internet browser plugins updated Back up all of your personal files regularly Also, check your machines to be sure you do not carry the Gameover ZeuS Trojan. For more information on how this powerful Trojan works and how it is spread, check out this this video. [protected-iframe id="888198d18fd45eae52e6400a39fb4437-10874323-9129869" info="//www.youtube-nocookie.com/v/JhiPDbTIsqw?hl=en_US&version=3&rel=0" width="640" height="360"] Have more questions? Ask us here on the blog.  

Sep 20, 2014
Unbenannt-1

In the early twenty-first century, when hackers were mostly pranksters, having security software on your PC was mostly about saving you some trouble. In 2014, international crime syndicates regularly co-opt millions of computers in order to systematically steal banking information, take identities and hold files for ransom, security isn't about convenience. It's about giving our families the freedom to live our lives online with out the threat of strangers invading our lives, hijacking our time and money. An anti-virus on one PC is a good step. But who just uses one PC now? Many of us three different devices before breakfast. That's why we created F-Secure SAFE -- it's built to protect all the devices and all of the people in your family. The latest update of SAFE is designed to make it easier to install on infected computers for a smoother overall experience. It also gives your tools to keep your devices and family safe wherever they go. Since SAFE is such a dramatic expansion of what our traditional F-Secure Internet Security does we wanted to cover 16 ways it protects you, your family and your devices. And to celebrate the new SAFE launch, we're giving away one SAFE hoodie and a free year of SAFE on our Facebook page every day for 16 days beginning on September 16. Please read the rules and enter now. Here's how SAFE protects you, your devices and your family: PCs and laptops 1. Protection against ransomware Thanks to browsing protection, F-Secure SAFE protects you against malicious software that impersonates authorities, such as Interpol or the FBI, and may block your computer, demanding ransom for unblocking it and preventing you from accessing your files until you pay. Thanks to F-Secure SAFE, all known versions of this insidious type of malware can't get on your computer. 2. Protect your home computer in the same way your office computer is protected Your office computer is protected by software that safeguards it against viruses and protects corporate data against theft by criminals. SAFE gives you the same options on your home computer. 3. Limit the time your children spend on the Internet. If you think that your children may spend too much time browsing the internet or playing online games, SAFE will let you decide for how many hours they are allowed to do it every day. You can easily define in which hours exactly they connect to the Internet. If they try to go online during unapproved times, the computer will not connect to the Internet. 4. Online banking protection your bank knows you need Do you know that most banks recommend in terms of security is using paid anti-virus software when banking online? SAFE ensures you meet these recommendations. 5. Safeguard your memories  F-Secure Safe protects the photos and videos of your children or grandchildren against falling into the wrong hands. The built-in anti-virus application and protection against as-yet-unknown threats ensure that all of the memories collected on your computer are fully protected. Your files will never be destroyed, encoded to demand payment for decoding them, or intercepted in order to be published or to gain profit from distributing them. 6. Protect your children against adult content Define which sort of content can be accessed by your children, whether you're monitoring them or not. 7. Shop online without worry Thanks to protection against spyware and browsing protection, your credit card number is invisible to criminals. Now you can relax when shopping online, booking hotels or buying air tickets. Tablets 1. Control which apps your kids can install Keep games that involve virtual violence, sex or gambling off your child's device with a simple setting. 2. Decide which sites your child can visit  Even if they use tablets in their rooms, you can be sure that they visit no websites inappropriate for their age. 3. Protect your device against malware with browsing protection. Protect yourself from phishing scams, ransomware and malicious apps that could be triggered by visiting the wrong site. 4. Keep login data and online banking passwords secure SAFE protects your tablet against spyware that steals your bank login data. Smartphones 1. Find your missing phone. Locate your lost phone and make sure no one can access your data should your device be stolen. 2. Find your child Check the location of your child’s phone from our simple web portal. 3. Avoid surprising charges Are you concerned that your children may install games than require additional payments? F-Secure Safe lets you control which software is installed on their phones. 4. Block calls and text messages from unwanted numbers Start your own "Do not call" list with this feature that allows you decide who has access to you through your phone. 5. Keep your phone malware free More than 99 percent of all mobile malware targets Android, which is the second most targeted platform in the world behind Windows. With SAFE, you have protection from increasingly complex ransomware and trojans designed to get inside your phone then your wallet. You can try F-Secure SAFE for free now. Cheers, Sandra

Sep 15, 2014
Screen Shot 2014-08-01 at 9.33.51 AM

Black Hat conferences promise to "put you face to face with people on the cutting edge of network security, and with no vendor pitches." In other words: just the latest industry intelligence with no marketing BS. The USA edition begins in Las Vegas on Saturday August 2 and two experts from F-Secure Labs will be there. Unlike the NSA, our Mikko Hypponen will presenting this year. His talk -- "Governments as Malware Authors: The Next Generation"-- will likely be of interests to spy agencies all over the globe. "After canceling his RSA talk in protest, Mikko delivered his talk on Governments as Malware Authors at TrustyCon instead," the description reads. "This follow-up talk will look at what's changed since then, and what new we have learned about governments that write malware." Timo Hirvonen will be giving his first Black Hat talk on "Dynamic Flash Instrumentation for Fun and Profit". Timo has been working on the Deep Guard technology in our security products for years and is an expert in analyzing the kind of files most likely to infect you -- including Java files and PDFs. In this talk he will introduce and demonstrate "the first tool that enables dynamic analysis of malicious Flash files". But our experts also value the information they pick up from talks -- whether they are attending or not. BadUSB: Big, bad USB security problems ahead: http://t.co/2xrL1vrE2x ~ About Karsten Nohl's upcoming Black Hat talk. Looks very interesting. — Sean Sullivan (@5ean5ullivan) August 1, 2014 Antti Tikkanen, our Director of Security Response, gave us a list of talks he'd be attending if he were in Las Vegas this year: - A SURVEY OF REMOTE AUTOMOTIVE ATTACK SURFACES. More of car hacking, which has been in the news with Tesla lately. - COMPUTRACE BACKDOOR REVISITED. "We have found several proofs of unauthorized activations of Absolute Computrace anti-theft software on our private and corporate computers and discovered that this software can be used as an advanced removal-resistant BIOS-based backdoor." - DISSECTING SNAKE - A FEDERAL ESPIONAGE TOOLKIT. Should be a good warmup for Mikko's talk. And what's Mikko looking forward to? "The BadUSB talk should be good," he told us. "And I'm always looking forward for Pwnie Awards." Cheers, Sandra [Image by Marco Verch via Flickr.]

Aug 1, 2014
password_joke1

You come back after a nice vacation, rested, tanned and ready to catch up on a few weeks of email.  The only problem? You've forgotten your password. This may seem like a trivial problem, until you realize that it's not just you -- it's the guy at the next desk and the next desk and the next desk. And it isn't just one account. A new report finds that lost or forgotten passwords cost the city of Espoo, a city of about 249,000 in Finland, about 18€ per worker for a total cost of 200, 000€ -- every year. And that doesn't include the cost of the workers' lost time. The fact is people have better things to think about than strings of often nonsensical numbers and letters that include a special character. The need for strong, unique passwords for all of our important accounts is overwhelming, with most people needing to remember at least 20 different passwords. Users have been forced to chose between using memorable terrible passwords or forgettable good passwords. At F-Secure, we believe technology should free your mind to deal with important work, not passwords. That's why we created Key, our password manager that offers you one password to rule them all. It stores all your passwords, log-ins, e-mails, PIN codes and other credentials securely. You don't need to think of crazy unguessable passwords because it generates them for you and fill them in as you use the web. And our encryption protects all your data. It's free to use on one device and as cheap as $1.84 a month if you want a premium account that covers all your devices. Give it a try, before you forget. Cheers, Sandra Image courtesy of Lulu Hoeller, flickr.com

Jul 23, 2014
Screen Shot 2014-07-02 at 4.29.36 PM

"We're not creative enough when we imagine cyber warfare," F-Secure Security Advisor Sean Sullivan recently told me. "It's not kinetic explosions. It could be a guy whose crimeware business has dried up and is looking for new business." Over the last week, F-Secure Labs has taken a look at attacks from the "Energetic Bear" hacking group, Havex, which targets the energy sector, and now CosmicDuke, which is aimed at targets in Ukraine, Poland, Turkey, and Russia. The goal of these attacks seems to be espionage or gathering information up for a buyer, which could be a government. But the methods don't match the precision and massive investment of manhours that went into an attack like Stuxnet, which was designed to take down Iran's nuclear capabilities. "They rely on plausible deniability and using resources that don't seem to be created specifically for the task," Sean said. "It matches the modular methodology of what we conventionally think of as crimeware." "You look at one element and it looks like crimeware," said F-Secure Senior Researcher Timo Hirvonen, who wrote the CosmicDuke analysis. "You look at it from a different angle and you say, 'I've never seen it aimed like that before.'" "The conventional wisdom is that anything related to cyber warfare will be shiny and new," Sean said. These attacks instead suggest "semi-professionalism". Here are three questions Sean is pondering in the wake these attacks: What do we mean when we say state-sponsored? "Cyber warfare models real life," Sean said.  "Some countries have a massive cyber intelligence infrastructure that works from the top down. Others seem to have a more grassroots origin, co-opting existing technologies that seem to be built on existing crimeware." He wonders if state-focused campaigns are using malware that isn't necessarily state-sponsored. "Countries who use troops with black masks and no insignias standing on a peninsula may have the same kind of thing going online." Opportunistic and pragmatic governments may be paying people to co-opting technology that exist for international espionage purposes. He suggests the goals of such attacks may fit into Sun Tzu's advice from The Art of War: know your enemy. Armed with information, countries can use soft power to turn allies against each other and dissuade retribution like economic sanctions. What do we mean by APT -- advanced persistent threat? These attacks are not complex in the way Stuxnet was. And they don't need to be. CosmicDuke  -- a variant of a malware family that has existed since 2001--  infects by tricking targets into opening either a PDF file which contains an exploit or a Windows executable whose filename makes it look like a document or image file. Once the target opens the malicious file, CosmicDuke gains access starts collecting information with a keylogger, clipboard stealer, screenshotter, and password stealers for a variety of popular chat, e-mail and web browsing programs. CosmicDuke also collects information about the files on the system, and has the capability to export cryptographic certificates and their private keys. Once the information has been collected, it is sent out to remote servers via FTP. In addition to stealing information from the system, CosmicDuke allows the attacker to download and execute other malware on the system. Pretty standard stuff. Is the war against crimeware driving criminals to cyber espionage? Or: Could be fighting cybercrime be counterproductive? "Some of these guys may be working for the government and themselves," Sean said. A wave of successes in the international war on cybercrime may be driving criminals to new buyers. "The talent developed on its own," he said. "And now there's a government taking advantage of talent in their borders. Law enforcement has been going after crimeware. But it doesn't go away. It's fungible. The talent's still there it needs to make a buck." Sean believes there's a message in these attacks for everyone. "It's not just the NSA that hunts system admins. If you have any sort of credentialed access to important systems, you are a target. Keep calm and secure your stuff." He hopes that businesses will recognize that prevention is always the best remedy. "For IT managers: ask for the security budget you need – and fight for it. There is more evidence than ever that letting cost dictate security is bad management." If governments are willing to work with increasingly opportunistic malware authors, risks could grow exponentially. "Is today's crimeware botnet, tomorrow's national security nightmare?" Sean asks. "What happens when these guys get out of jail? I'm sure they won't let the talent go fallow." Cheers, Sandra

Jul 3, 2014
Screen Shot 2014-06-23 at 4.07.40 PM

If you bring your phone, tablet or laptop with you when you travel, there's one thing to keep in mind: public WiFi networks are public. "That open Wi-Fi connection opens the door for hackers," writes NPR's Steve Henn. "They can get in the middle of transactions between, say, you and your bank." Because you’re sharing the network with strangers, there’s the risk that someone is using readily available software that snoops on what you’re doing. “It may feel private because you’re using your personal device, but it’s not,” our Security Advisor Sean Sullivan told us last year. Sean advises against doing anything via public WiFi that you wouldn’t want an eavesdropper to know – including logging into accounts with passwords. Before you hit the road make sure all your devices are backed up, your applications and operating system are patched and you're running an updated security solution on any device you can. You can try F-Secure SAFE on up to 3 devices for free for the next month. Here are some more tips that will keep you secure wherever you may roam: • Don’t let your device connect to public WiFi spots automatically. • Delete out the WiFi access points you’ve used when you arrive home. • Log out of all your apps you don’t need while traveling. • Lock any device you're your using with a code that can't be guessed. • Be aware of your surroundings and anyone who could be trying to peek over your shoulder. • Use a unique, strong password for each account. • For laptops, disable file sharing and turn on the firewall, setting it to block incoming connections. • Use a VPN (virtual private network) like Freedome if possible, which secures your connection even on public WiFi. • Use a travel router with a prepaid SIM card for your own personal WiFi network. • At the very least, watch for the padlock and “https” in the address bar for any site with your personal information. If they’re not there, avoid the site. • A good general rule: Assume anything you do over public WiFi is part of a public conversation. Cheers, Sandra [Image by Mario Mancuso via Flickr]

Jun 24, 2014
Screen Shot 2014-06-17 at 8.44.57 AM

"Privacy activists, you may start shouting... now," Gizmodo's Jamie Condliffe wrote last week. Why? Facebook announced that it will soon be tracking its users -- it's more than one BILLION users -- not just as they use the social network but across the internet. The site assures you that it's doing this for a simple business reason that will benefit customers. “Let’s say that you’re thinking about buying a new TV, and you start researching TVs on the web and in mobile apps," Facebook explained in an update to users. "We may show you ads for deals on a TV to help you get the best price or other brands to consider. And because we think you’re interested in electronics, we may show you ads for other electronics in the future, like speakers or a game console to go with your new TV.” If you're not interested in Facebook helping you spend your money -- and influencing our behavior in ways we can't predict -- there are a few ways to stop this tracking now before it begins: 1. Stop using Facebook. Cancel your account. Log out and never log in again. Okay, if you're like most people who've become entrenched in the site's world, that's probably not happening. And even if you do quit, you'll still see Facebook "like" boxes all over the internet that would likely develop a profile of your behavior. 2. Opt out Facebook's tracking. Go to this page from the Digital Advertising Alliance and opt out of tracking from Facebook -- and any other advertiser you don't want tracking you. Then keep going back as more advertisers figure out more ways to track you. 3. Get Freedome. This is the path to digital freedom that we at F-Secure endorse because we built it AND it stops tracking from Facebook and sites all over the web. When any site you visit uses third-party analytics services known to our database or loads Facebook 'like' buttons or advertisements from ad networks, Freedome either blocks these requests completely, or strips cookies from them. Facebook and any other third parties are then unable to track which sites you're visiting. And that's not all our VPN does. Freedome will make sure you can connect to any site you want, even if your government or web provider is blocking it. It's also an anti-virus and anti-Phishing tool that makes it so you can choose your location from several choices around the globe to enjoy the web programming you want, regardless where you are, which is a nice trick to have during events like the World Cup. Try out Freedome for free here. Cheers, Sandra  

Jun 17, 2014