Não só regulares, as pessoas que pagam impostos impacientemente esperam Natal - cibercriminosos são tão inquieto.
sim, software malicioso não tira férias e que ‘funciona’ durante todo o ano. Contudo, com o Natal ao virar da esquina, malicious actors are suddenly a tad more determined to accomplish their goals and harvest your data and your money.
actualização de novembro 2017. Black Friday é um lembrete de que as férias de inverno estão perto. Infelizmente, o número cada vez maior de pessoas às compras online significa mais scams projetado especificamente para números de cartão de crédito-alvo das pessoas e informações pessoais. assim, os usuários devem estar à procura de fraudes, especialmente em compras dias farra, como Black Friday e Cyber Monday. Make sure to get acquainted with the atual, 2017 trends in malicious campaigns distributed around Christmas.
Christmas has been an inspiration for Internet crooks since ‘the beginning of time’. It’s only natural to ask ourselves… What does malware Santa have in stock for unprotected systems?
Em primeiro lugar, what is a PoS attack?
A POS attack is executed to steal the 16-digit credit card numbers of retail customers. You should keep in mind that once those codes are obtained by bad actors, they can put them for sale on underground forums. Lá, they can be sold for less than $100 cada. This stolen information can be employed in making fake credit cards.
What companies fall victim to PoS malware? Small and medium businesses are easier to be breached because their PoS systems are more vulnerable to such attacks.
Bad actors are selling a new variant of Point-of-Sale malware as we speak. The new strain is typically available on underground, criminal forums. Threat specialists warn that this new PoS piece is just about 76KB and can baffle AV software. It is also suspected to have rootkit capabilities.
A polymorphic engine has also been implemented to make sure that each build has different signatures. This is done as a measure against active threat protection.
The 27th of November, also known as Black Friday, has increased the price of the updated PoS strain to $2.600 for a six-month license. Cyber criminals are also making sure to be up-to-date with OS trends in the retail sector, especially the ones applied in current back-office systems.
How to Stay Protected Against PoS Malware?
- Aplique online access to your credit card via the credit card’s issuer page.
- Make sure to check regularly your credit statement and verify your transactions.
- Look for suspicious $1 charges – crooks would check if your card works by making such ‘donations’.
- If a suspicious transaction is present in your bank card statement, contact your bank immediately. Fraudulent charges may be reversed, and your account would be frozen to keep crook activities from continuing.
- In case of a security breach in a company you are a customer of, be extra cautious. Your credentials and balance may not be hurt, but this is not a guarantee for your future safety. Contact your bank for advice. Além disso, keep in mind that cyber criminals may hold on to a stolen credit card number. The 16-digit credit card number is often sold on the black market.
- Be smart and protect your personal information:
- Sustain a powerful anti-malware tool. Sometimes several tools for user protection can be applied to decrease the possibility of an attack to the minimum. Além disso, improve your browser’s settings and browsing habits.
- Avoid using the ‘remember password’ option. Em vez de, keep all your logins and credentials offline, and change them frequently. Use stronger passwords – combinations of numbers and upper case letters, symbols etc.
– Social security number;
– Date of birth;
– PIN codes;
– dados bancários;
– Website logins;
– Web searches.
Christmas Malware in Retrospect
PoS malware left aside, Christmas has been witnessing various online scams. And as we all consumers/ users perfectly know, trends are a thing not only in fashion but also in cyber security. By having a look at the timeline of Christmas’s nasty surprises, you will notice that online scams (como phishing) haven’t changed much throughout the years. Malicious threats today may be more glitter and chitter do que antes (quite literally), but their basic functionality remains unchanged – to trick you into executing what shall never be executed.
Let’s have a look at some of the more memorable Christmas ‘viruses’.
For educational purposes only!
Malware Natal 1987: the ‘Christmas Tree’ Worm
‘Let this exec run and enjoy yourself!’
Uma vez executado, the worm would display an EBCDIC character and would forward itself via email to other users.
Natal 1999: the Prilissa Virus
The Prillisa Virus a.k.a. WM97/Melissa-AS was a virus that infected Microsoft Word documents. It was spreading via email. Its subject line was:
‘This document is very Important and you’ve GOT to read this !!!’
By opening the attached file, the virus was set free. The payload would activate on December 25th and would display the following message:
Natal 2004: the Zafi-D Virus
Natal 2004 saw a rather malevolent virus called Zafi-D. Crafted in Hungary, the virus would spread via email and would recite seasonal greetings. The threat was also written in various languages, making sure it would affect as many users as possible.
Suficientemente curioso, the Christmas-themed virus would embed an obscene animated GIF image of two smiley faces on top of one another.
Como você pode ver, the methods applied by malicious actors to trick you into infecting your PC haven’t changed that much. It’s the malware that has become more persistent and sophisticated.
assim, make sure to protect your computer before you fall victim of yet another Christmas-themed scam.
How to Save the Christmas Spirit and Stay Away from Viruses and Worms?
- Certifique-se de usar a proteção de firewall adicional. A descarga de um segundo firewall (gostar ZoneAlarm, por exemplo) é uma excelente solução para quaisquer potenciais intrusões.
- Make sure that your programs have less administrative power over what they read and write on your computer. Torná-los pedir-lhe acesso de administrador antes de iniciar.
- Use senhas fortes. senhas fortes (de preferência aqueles que não são palavras) são mais difíceis de rachadura por vários métodos, incluindo força bruta, uma vez que inclui listas de passagem com palavras relevantes.
- Desligue o AutoPlay. Isso protege o seu computador de arquivos executáveis maliciosos no pen drives ou outros transportadores de memória externos que são imediatamente inseridos nele.
- Disable File Sharing – it is recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.
- Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.
- Se você ver um serviço ou um processo que é externo e não o Windows crítico e está sendo explorada por hackers (Como Flash Player), desativá-lo até que haja uma atualização que corrige o exploit.
- Certifique-se sempre para atualizar os patches de segurança críticos para o seu software e sistema operacional.
- Configurar o servidor de correio para bloquear e apagar anexos de arquivo suspeito contendo e-mails.
- Se você tem a compromised computer in your network, certifique-se de isolar-lo imediatamente por desligá-la e desconectá-lo manualmente a partir da rede.
- Desligue todos os serviços não necessários sem fio, como portas de infravermelhos ou Bluetooth - hackers gostam de usá-los para explorar dispositivos. No caso de você usar o Bluetooth, certifique-se de monitorar todos os dispositivos não autorizados que pedir-lhe para emparelhar com eles e declínio e investigar qualquer queridos suspeitos.
- Employ a powerful anti-malware solution to protect yourself from any future threats automatically.