28.12.17

The worst passwords of the year revealed

Need a New Year’s resolution? How about this one?
Start taking password security more seriously.
New research released by SplashData reveals that many people are still making woefully poor decisions when it comes to the passwords they use to secure their online accounts.
As we all know, passwords often leak out onto the internet – which is clearly bad news for the people who own the accounts, and good news for malicious hackers who want to break into them.
But another group who find leaked password databases fascinating are the security researchers interested in shining a light on the sometimes (poor) choices made by regular internet users when choosing a password.
SplashData’s chart of most commonly-chosen passwords (which thus makes them some of the very *worst* passwords you can choose) is based upon its examination of over five million passwords leaked by hackers.
Truth be told, a lot lot more than five million passwords were grabbed by hackers in the course of 2017, but it’s still a helpful indicator of just how reckless computer users can be online.
Here’s a list of the top (ie worst) 30 passwords:
1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. letmein
8. 1234567
9. football
10. iloveyou
11. admin
12. welcome
13. monkey
14. login
15. abc123
16. starwars
17. 123123
18. dragon
19. passw0rd
20. master
21. hello
22. freedom
23. whatever
24. qazwsx
25. trustno1
26. 654321
27. jordan23
28. harley
29. password1
30. 1234
Passwords like these are not only easily guessable, they’re already in the password-cracking databases of any hacker worth his or her salt, alongside millions of other popular choices and dictionary words.
If you, or someone you know, is using any of the passwords above online then you need to take a long hard look at yourself in the mirror. The good news is that better password security is not a hard resolution to keep, and with the right tips you have a much higher likelihood of achieving your goal than you will making the most of your gym membership.
I believe that the vast majority of computer users would benefit from running a good password manager – a program that not only securely stores your passwords, but can also generate hard-to-guess, complex passwords when you create an account on a website.
But maybe websites need to buck their ideas up as well. Not only do more websites need to do a better job of securing sensitive information (such as password databases) but they could also be more diligent in rejecting easy-to-crack passwords like those listed above or regular dictionary words.
For instance, wouldn’t it be great if more sites blocked passwords that are frequently used, have been exposed in past data breaches, or if they at the very least *warned* users that they might be choosing a potentially unsafe password? Troy Hunt’s HaveIBeenPwned service makes hundreds of millions of passwords available for download for precisely this purpose. For advice on how the data might be best used to defend your website’s users – be sure to check out his blog post.
Additionally, I’d love to see more website administrators make a New Year’s Resolution to look into implementing two-factor authentication (2FA) – so even if login credentials do fall into the wrong hands, they won’t be enough by themselves to allow a hacker to break into an account.
Chances are that if you’re a regular reader of We Live Security you have heard a lot of this advice before, and may even have (hopefully!) put it into practice. If that’s the case, give yourself a pat on the back – but realise that you have your own special New Year’s Resolution…
… and that’s to spread the word. Tell your friends, colleagues, and loved ones how they can better defend themselves online by choosing complex, hard-to-guess, hard-to-crack passwords, and explain to them the benefits of two-factor authentication.
Wishing you a happy, and safe, new year.

21.12.17

Sednit update: How Fancy Bear Spent the Year


The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.
This article is a follow-up to ESET’s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit’s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group’s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent.
The Campaigns
Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment. We have seen a shift in the methods they use ‘in the course of the year’, though. Sedkit was their preferred attack vector in the past, but that exploit kit has completely disappeared since late 2016. The DealersChoice exploit platform has been their preferred method since the publication of our white paper, but we saw other methods being used by this group, such as macros or the use of Microsoft Word Dynamic Data Exchange.
The following three sections will describe the different methods used by Sednit’s operator to gain an initial foothold on a target system. Generally, these campaigns will try to install Seduploader on the target system. Seduploader is a first stage backdoor that can be used to assess the target’s importance and download additional malware. If the system is indeed of interest to them, it is likely that Sednit’s operators will eventually install Xagent on it.
Sedkit (Sednit Exploit Kit)
Sedkit was an exploit kit used exclusively by the Sednit group. During its lifetime, Sednit leveraged vulnerabilities in various persistently vulnerable applications, but mostly Adobe Flash and Internet Explorer. When Sedkit was first discovered, potential victims were redirected to its landing page through a watering-hole scheme. Following that campaign, their preferred method consisted of malicious links embedded in emails sent to Sednit’s targets.
Between August and September 2016, we saw several different email campaigns trying to lure the recipients of their messages to a Sedkit landing page. Sedkit’s targets at that time were mostly embassies, and political parties in Central Europe. The next figure shows an email containing such a URL.
The email tries to fool its recipient into believing that the link will ultimately lead to an interesting news story. In this case, the article is supposedly about an earthquake that struck near Rome in August 2016. While the email impersonates someone the victim would consider trustworthy, there are two major hints that could lead an attentive recipient to conclude that this email is fake. The first one is that there are spelling mistakes (e.g. “Greetigs!”). Spelling mistakes are common in malicious Sednit mails. The second one is the URL’s domain part. It is a purely malicious domain, but the path part of the URL actually mimics a real, legitimate link. In this particular case, the URL path is the same as one used in a BBC story about this earthquake. Again, this is a commonly-used Sednit tactic, using popular stories found on legitimate news websites and redirecting targets that click on the emailed URL to the real website, but not before visiting the Sedkit landing page. Besides the BBC, The Huffington Post is another popular media outlet whose stories they like to use as bait.
Firstly, the email’s subject and URL path are not aligned: the former refers to Syria and Aleppo while the latter refers to WADA and Russian hacking. Secondly, there are two glaring spelling mistakes. The first one, is again the use of “Greetigs!” and the second one is “Unated Nations”. Hopefully, someone working for the United Nations’ public relations department would not have such a glaring error in their email signature block.
The last campaign using Sedkit was observed in October 2016. It is interesting to note that the disappearance of Sedkit follows a trend we have seen with other exploit kits. Most of these were relying exploits for older versions of Internet Explorer and/or Flash to perform drive-by downloads. The decline of the majority of exploit kit operations during 2016, including Sednit, could well be attributable to the code hardening performed by Microsoft and Adobe.
Full details of Sedkit’s inner workings can be found in our previously published white paper.
DealersChoice
In August 2016, Palo Alto Networks blogged about a new platform used by Sednit to breach a system initially. This platform, which they called DealersChoice, has the ability to generate malicious documents with embedded Adobe Flash Player exploits. There are two variants of this platform. The first one checks which Flash Player version is installed on the system and then selects one of three different vulnerabilities. The second variant will first contact a C&C server which will deliver the selected exploit and the final malicious payload. Of course, the second version is much harder to analyze, as the document delivered to the targets does not contain all the pieces of the puzzle.
This platform is still in use today by Sednit and, like Sedkit, tracks international news stories and includes a reference to them in their malicious emails, in an attempt to lure the target into opening the malicious document attachment. Sometimes, they also use other, non-political, schemes. In December 2016, they used a rather unusual (for the group) lure:
This email was sent to multiple Ministries of Foreign Affairs and embassies in Europe on December 22nd and 23rd, and contained a Word document attachment that appeared to be a Christmas eCard. Note that this was the first time that we saw the Sednit group use a non-geopolitical phishing gambit attempting to trap their targets. Of course, the Word document, if opened, uses DealersChoice to try to compromise the system. Sednit used DealersChoice intensively in late 2016, but the platform was not seen for a long time after that. In fact, the first time we saw them use it in 2017 was in October.
The complete post can be found on

19.12.17

Why we should fight for Net Neutrality

On Thursday 14 December 2017 the Federal Communications Commission (FCC) voted to repeal the rules, known as Net Neutrality, that regulate Internet Service Providers (ISPs), the companies that connect us to the internet.
What is Net Neutrality and why should we care?
The principle behind Net Neutrality is simple: it requires ISPs to treat all data on the internet the same. Discrimination by user, traffic type, website, platform, application, device or method of connection was not allowed. This stopped ISPs from charging more, blocking or slowing down access to websites and online content. It also meant that broadband was treated as a utility in the United States, regulated in similar ways as water and energy supplies.
The FCC voted 3-to-2 in favor of repealing the legislation that has been in effect since 2015. Reactions from numerous organizations were fast, with the Internet Association, which represents tech companies such as Google and Facebook, stating it is considering legal action.
Since Net Neutrality came into effect, consumers have enjoyed a ‘dumb pipe’ approach to their access. The ISP provides the connection and transparently routes traffic, not caring what type of traffic, where or to whom the user is connecting.
This change will potentially allow ISPs to adjust traffic based on who pays. When Ford introduced the Model T back in 1908 they revolutionized the car industry with mass production and a lower cost of purchase and ownership, but what would have happened if the incumbent more expensive manufacturers had been allowed to limit the performance of the Model T so that only their automobiles could travel at speed! The car industry today would look very different.
Challenging the repealing of net neutrality benefits us all: a small startup with a cool idea could easily be suppressed by players that can afford to pay to keep their own traffic prioritized.
“Since Net Neutrality came into effect, consumers have enjoyed a ‘dumb pipe’ approach to their access.”
Granting ISPs the right to shape traffic, allowing for some traffic to be prioritized due to a commercial agreement, may have a negative effect on the outcome of using the service for both the consumer and the company providing the service. Traffic-shaping is used in certain places today: for example, airlines may limit onboard video streaming to ensure that all passengers wishing to use Wi-Fi in the air at least get some type of connection that is not being grabbed by just a few passengers bingeing on their favorite shows.
What happens to freedom of speech if one party has the funding to allow faster access to their published content, making their opposition’s traffic slow to the point of and un-usability. Do we enter a society where only the rich can publish a useable service?
This may sound hypothetical, but 2012, AT&T had to backtrack on a decision to stop subscribers to their unlimited or tiered data plans from using Apple’s then-new Facetime service. They only allowed Facetime access to subscribers of their new shared-data plan. Imagine the reaction of consumers on an unlimited data plan discovering they were unable to use a feature of their new iPhones unless they changed plan? In that instance AT&T claimed they wanted to protect their network from the unknown volume of traffic that Facetime might add, but cynical people may view it as taking the opportunity for enhanced monetization when people purchased a new iPhone. Fortunately, the weight of consumer pressure had this rolled back.
ISPs such as AT&T and Comcast have issued statements stating nothing will change with the repeal of Net Neutrality. The fact remains, though, that Internet Service Providers can implement a system that prioritizes traffic for companies that pay. In the boardroom in 12 months, when revenue targets are not being reached, then the motivation to offer a superior for-fee service to brand A over brand B may be too tempting.
Consumers, businesses and society need to fight to keep the internet an unbiased and free place that does not depend on the decision of a few as to what can be accessed at what speed.


Adventures in cybersecurity research: risk, cultural theory, and the white male effect


The digital technologies that enable much of what we think of as modern life have introduced new risks into the world and amplified some old ones. Attitudes towards risks arising from our use of both digital and non-digital technologies vary considerably, creating challenges for people who seek to manage risk. This article tells the story of research that explores such challenges, particularly with respect to digital technology risks such as the theft of valuable data, unauthorized exposure of sensitive personal information, and unwanted monitoring of private communications; in other words, threats that cybersecurity professionals have been working hard to mitigate.
The story turned out to be longer than expected so it is delivered in two parts, but here is the TL;DR version of the whole story:
·         The security of digital systems (cybersecurity) is undermined by vulnerabilities in products and systems.
·         Failure to heed experts is a major source of vulnerability.
·         Failure to heed experts is a known problem in technology.
·         The cultural theory of risk perception helps explain this problem.
·         Cultural theory exposes the tendency of some males to underestimate risk (White Male Effect or WME).
·         Researchers have assessed the public’s perceptions of a range of technology risks (digital and non-digital).
·         Their findings provide the first ever assessment of WME in the digital or cyber-realm.
·         Additional findings indicate that cyber-related risks are now firmly embedded in public consciousness.
·         Practical benefits from the research include pointers to improved risk communication strategies and a novel take on the need for greater diversity in technology leadership roles.
Of course, I am hopeful a lot of people will find time to read all of both parts of the article, but if you only have time to read a few sections then the headings should guide you to items of interest. I am also hopeful that my use of the word cyber will not put you off – I know some people don’t like it, but I find it to be a useful stand-in for digital technologies and information systems; for example, the term cyber risk is now used by organizations such as the Institute of Risk Management to mean “any risk of financial loss, disruption, or damage to the reputation of an organization from some sort of failure of its information technology systems”. (I think it is reasonable to use cyber risk in reference to individuals as well, for example, the possibility that my online banking credentials are hijacked is a cyber risk to me.)
The sources of cyber risk
Like most research projects, this one began with questions. Why do some organizations seem to “get” security while others apparently do not? Why is it that, several decades into the digital revolution, some companies still ship digital products with serious “holes” in them, vulnerabilities that leak sensitive data or act as a conduit to unauthorized system access. Why do some people engage in risky behavior – like opening “phishy” email attachments – while others do not?
These questions can be particularly vexing for people who have been working in cybersecurity for a long time, people like myself and fellow ESET security researcher, Lysa Myers, who worked on this project with me. Again and again we have seen security breaches occur because people did not heed advice that we and other people with expertise in security have been disseminating for years, advice about secure system design, secure system operation, and appropriate security strategy.
When Lysa and I presented our research in this area to the 2017 (ISC)2 Security Congress we used three sources of vulnerability in information systems as examples:
1.     People and companies that sell products with holes in (e.g. 1.4 million Jeeps and other FCA vehicles found to be seriously hackable and hard to patch, or hundreds of thousands of webcams and DVRs with hardcoded passwords used in the Mirai DDoS attack on DNS provider Dyn)
2.     People that don’t practice proper cyber hygiene (e.g. using weak passwords, overriding security warnings, clicking on dodgy email attachments)
3.     Organizations that don’t do security properly (e.g. obvious errors at Target, Equifax, JPMorgan Chase, Trump Hotel Collection)
Could it simply be that some percentage of people don’t accept that digital technology is as risky as experts say? Fortunately, the phenomenon of “failure to heed experts” has already been researched quite extensively, often in the context of technology risks. Some of that research was used in the project described here. (A good place to start reading about this research is CulturalCognition.net).
Technology risks in general
Risk is a surprisingly modern concept. For example, risk it is not a word that Shakespeare would have used (it does not appear in any of his writings). The notion of risk seems to have gained prominence only with the widespread use of technology. For example, advances in maritime technology enabled transoceanic commerce, which created risks for merchants shipping goods, which led to the development of financial instruments based on risk calculations, namely insurance policies (for more on the history of risk and risk management see: The New Religion of Risk Management by Peter L. Bernstein, author of Against the Gods: The Remarkable Story of Risk).
Over time, risks arising from complex and widespread technologies and behaviors became matters of public concern and debate. For example, the widespread use of fossil fuels created risks to human health from air pollution. The development of “cleaner” nuclear energy caused heated debate about the hazards of nuclear waste disposal. In Figure 1 below you can see how 1,500 American adults rated the risks from seven technology-related hazards in a landmark 1994 survey, broken down into four demographic groups:

14.12.17

It’s time to patch your Microsoft and Adobe software again against vulnerabilities



It’s the second Tuesday of the month, and you know what that means… Yep, it’s time for another bundle of essential security updates from Microsoft.
For its final scheduled batch of updates for 2017, Microsoft has released fixes for over 30 security vulnerabilities in its software, impacting users of the likes of Microsoft Windows, Microsoft Office, Exchange Server, Microsoft Edge, and the malware protection engine built into security products such as Windows Defender.
That fix for Microsoft’s malware protection engine is particularly interesting, as the security hole it patches was discovered by the National Cyber Security Centre (NCSC), part of the UK’s intelligence agency GCHQ.
Experts at NCSC discovered a way to exploit two critical remote code execution flaws in Microsoft’s anti-malware code that could potentially be exploited when it attempts to scan a boobytrapped file, allowing an attacker to compromise targeted systems.
The flaw was fixed in an out-of-band patch earlier this month, and Windows users should already have received an automatic update to the anti-malware engine itself, but the company was probably correct in being cautious, and including the fix again in this regular round-up of patches.
Among the other critical flaws patched this month, is a memory corruption vulnerability in the Edge browser:
“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Although details of the Edge vulnerability have not been publicly disclosed, and there has not (to date) been any sightings of attacks exploiting the vulnerability, Microsoft has assessed that the chances of it being used in attacks is “more likely” than not.
And it’s not just Microsoft customers who will be ensuring that their software is up-to-date. Flash Player users would also be sensible to update their systems, after Adobe released version 28.0.0.126 for the Windows, Macintosh, Linux and Chrome OS platforms.
In a security bulletin, Adobe detailed its latest security update, that contains a single solitary bug fix and does not appear to be of anything more than moderate severity.
“The important thing is, of course, not to turn a blind eye to security updates – whichever of your software vendors they come from”
Your experience may differ, but I’ve found it quite easy in recent years to live without Adobe Flash Player on my computer. If you’re not quite ready to desert Flash entirely and uninstall it, you may want to consider enabling a browser security feature called “Click to Play.”
“Click to Play” can reduce your attack surface by telling your browser not to render potentially malicious Flash content unless it has been given the permission to run. In other words, a maliciously coded Flash file will not execute unless given the green light, rather than automatically running when you visit a poisoned webpage.
The important thing is, of course, not to turn a blind eye to security updates – whichever of your software vendors they come from. Increasingly, software can be automatically updated, reducing the window of opportunity for hackers to exploit newly-discovered flaws – although many companies still prefer to stagger the roll-out of a patch across their enterprise until they feel confident that it won’t cause more problems than it was designed to fix.

Onderzoek: agile in opmars in internationale handel en logistiek




      Agile project management biedt duidelijk concurrentie voordeel, leidt tot superieure resultaten
      Belangrijkste succesfactor: open bedrijfscultuur
      Ervaringsgegevens over agile projecten in internationale handel en logistiek blijven echter schaars

Agile project management stijgt met stip in de internationale handel en logistiek: 84 procent van de bedrijven gelooft dat een agile aanpak een duidelijk competitief voordeel verschaft. Twee derde verwacht dat agile project management uiteindelijk de traditionele project management methoden in internationale handel en logistiek zal vervangen. Dat is de conclusie van ‘Agile Future – How Agile Project Management Is Transforming Global Trade and Logistics’, een studie van softwarehuis AEB en de Baden-Württemberg Cooperative State University (DHBW) in Stuttgart. Voor dit onderzoeksrapport, gratis te downloaden op www.aeb.com/gtm-study, zijn 155 experts uit de vakgebieden logistiek, internationale handel en IT ondervraagd. Het rapport bevat ook praktische tips voor implementatie van agile project management.
Experts kiezen agile project management vanwege betere resultaten
De meeste deelnemers aan het onderzoek hebben een voorkeur voor een agile aanpak: 87 procent verwacht efficiëntere processen, 86 procent voorziet snellere implementaties en 79 procent voorspelt betere resultaten. Agile project management scoort ook hoog vanuit kostenperspectief, aangezien 60 procent de projectkosten ziet dalen. Daarnaast verwacht 83 procent van de respondenten dat agile project management een flinke injectie geeft aan de motivatie van medewerkers. “Deze ervaringen zijn in lijn met de uitgangspunten van zelforganiserende teams in agile projecten”, stelt Dr. Dirk Hartel van de Baden-Württemberg Cooperative State University (DHBW), co-auteur van het rapport. “Een grotere vrijheid leidt gegarandeerd tot een sterker verantwoordelijkheidsgevoel en sterkere motivatie van individuele teamleden.”
Belangrijkste succesfactor: bedrijfscultuur
De meest belangrijke randvoorwaarde voor succes met agile project management is een bedrijfscultuur die open staat voor deze aanpak. Bijna driekwart van de respondenten, vooral die ouder dan vijftig jaar zijn, noemen dit cruciaal. Andere belangrijke factoren zijn de steun van supervisors en een grote bereidheid van managers zelf om zich de agile aanpak eigen te maken. “Dit benodigd  een nieuw bewustzijn dat doorwerkt binnen het hele bedrijf’, verklaart Dr. Ulrich Lison, directielid van AEB en co-auteur van het rapport. “Agile project management werkt alleen in combinatie met een moderne visie op management.”
Experts vrezen gebrek aan discipline
Naast de vele positieve verwachtingen uiten enkele experts ook hun bezorgdheid omtrent de toepassing van agile project management. Bijna een derde vreest dat de grotere vrijheid van zelforganiserende teams leidt tot een gebrek aan discipline. Om dit risico te vermijden waarschuwt Lison dat het noodzakelijk is het juiste team samen te stellen en dat iedereen de juiste kwalificaties bezit. “Het is bovendien belangrijk om medewerkers goed te trainen in deze methodologie”, stelt hij.
De grootste bezorgdheid omtrent agile project management betreft het vermogen om binnen het vastgestelde budget te blijven. 56 procent acht het waarschijnlijk dat budgetten overschreden worden. Bijna evenveel respondenten voorziet problemen door een gebrek aan coördinatie (54 procent) en ontoereikende projectdocumentatie (51 procent).
Hoge verwachtingen vs schaarse ervaringscijfers
De meeste respondenten beschouwen de adoptie van agile project management in internationale handel en logistiek als een positieve ontwikkeling en een concurrentie voordeel. Echter, nog maar 36 procent van de bedrijven is begonnen met het hanteren van deze methode. Een op de vijf bedrijven heeft plannen om agile project management te implementeren, maar 44 procent – vooral bedrijven met minder dan 2000 medewerkers – heeft nog geen enkel voornemen daartoe. De reden is niet zozeer dat agile project management geen kansen biedt voor deze bedrijven. Het probleem is vooral een gebrek aan de juiste expertise en het ontbreken van standaarden. “We verwachten dat deze kloof de komende jaren zal worden gedicht door gerichte training van de talenten in bedrijven”, zegt professor Hartel. “Maar beroepsverenigingen zouden ook stappen moeten zetten en de kleinere bedrijven meer ondersteuning moeten bieden bij de introductie van een agile aanpak en implementatie van agile projecten.”
Over het onderzoek
Het rapport ‘Agile Future – How Agile Project Management Is Transforming Global Trade and Logistics’ is gebaseerd op een onderzoek onder 155 experts in de vakgebieden logistiek, internationale en IT. De respondenten zijn afkomstig uit verschillende sectoren. Ze werken bij bedrijven van uiteenlopende grootte in verschillende landen. Een op de tien is directielid en meer dan de helft (55 procent) heeft een middenkaderfunctie als hoofd van een business unit of afdeling. Softwareleverancier AEB en de Baden-Württemberg Cooperative State University (DHBW) doen sinds 2013 jaarlijks onderzoek. Alle onderzoeksrapporten zijn beschikbaar op www.aeb.com/gtm-study.
Over AEB (www.aeb.com – www.aeb.com/nl) 
AEB ontwikkelt al meer dan 35 jaar software voor de ondersteuning van internationale handel en logistieke processen van bedrijven in de industriële, commerciële en dienstverlenende sectoren. Meer dan 5000 klanten uit meer dan 35 landen gebruiken de oplossingen van AEB voor transport en warehouse management, voor import en export management, preferentie management en veel meer. Zij profiteren van een verbeterde efficiëntie, compliancy en transparantie – in binnen- en buitenland – dankzij toepassingen zoals dounane- en embargocontroles, verbeterde samenwerking met supply chain partners en automatisering va verzendprocessen. AEB’s portfolio strekt zich uit van online plug-and-play oplossingen tot uitgebreide logistieke systemen.
AEB heeft zijn hoofdkantoor en datacenters in Stuttgart en beschikt daarnaast over internationale vestigingen in het Verenigd Koninkrijk, Singapore, Zwitserland, Zweden, Tsjechië, Frankrijk en de Verenigde Staten. Het Nederlandse kantoor is gevestigd in Capelle aan den IJssel.

De Baden-Württemberg Cooperative State University (DHBW), met circa 8400 bachelor-studenten, behoort tot de grootste instellingen voor hoger onderwijs in de regio Stuttgart. De Schools of Business, Engineering en Social Work werken samen met ongeveer 2000 zorgvuldig geselecteerde bedrijven en maatschappelijke instituten om meer dan 40 nationaal en internationaal erkende opleidingen te geven. Om de drie maanden switchen de studenten tussen de universiteit en de bedrijven, wat hen in staat stelt om al tijdens hun studie waardevolle werkervaring op te doen. Studenten genieten belangrijke voordelen variërend van financiële onafhankelijkheid, betere kansen op de arbeidsmarkt, kleine studiegroepen en internationale ervaring. 


13.12.17

Un logiciel malveillant sur Google Play cible les banques polonaises


Un autre groupe de chevaux de Troie bancaires a réussi à franchir les mécanismes de sécurité de Google Play, ciblant cette fois plusieurs banques polonaises. Le logiciel malveillant est parvenu à se faufiler dans Google Play en se faisant passer pour des applications apparemment légitimes : « Crypto Monitor », une application de suivi des prix de cryptomonnaie et « StorySaver », un outil tiers pour télécharger des histoires provenant d’Instagram.
En plus de fournir les fonctionnalités promises, les applications malveillantes peuvent afficher de fausses notifications et des formulaires de connexion apparemment issus d’applications bancaires légitimes, récolter des informations d’identification saisies dans les faux formulaires, ainsi qu’intercepter des messages texte pour contourner l’authentification à deux facteurs par message texte.
Ce même cheval de Troie, sous un déguisement différent, a récemment été repéré sur Google Play par des chercheurs de RiskIQ, qui ont publié leur analyse de cette menace dans un rapport publié le 9 novembre. 
Les applications malveillantes
La première des applications malveillantes que nous avons rencontrées, « Crypto Monitor », a été téléversée au Google Store le 25 novembre 2017 sous le nom de développeur walltestudio. L’autre application, « StorySaver », est apparue sur Google Play le 29 novembre, sous le nom de développeur kirillsamsonov45.
Ensemble, les applications avaient atteint entre 1000 et 5000 téléchargements au moment où nous les avons signalés à Google, soit le 4 décembre. Les deux applications ont depuis été retirées du magasin.

Une fois que les applications malveillantes sont lancées, elles comparent les applications installées sur le périphérique compromis avec une liste d’applications bancaires ciblées – dans ce cas, les applications officielles de quatorze banques polonaises (la liste des applications bancaires spécifiques se trouve à la fin).Si l’une des quatorze applications est trouvée sur l’appareil, le logiciel malveillant peut afficher de faux formulaires de connexion, imitant ceux des applications légitimes ciblées. Cela peut se produire sans aucune action de la part de l’utilisateur, ou après que l’utilisateur ait cliqué sur une fausse notification affichée par le logiciel malveillant, apparemment au nom de la banque.

Les systèmes de sécurité d’ESET détectent cette menace sous le nom Android/Spy.Banker.QL et l’empêche de s’installer.
La télémétrie ESET montre que 96% des détections proviennent de Pologne (les 4% restants d’Autriche), apparemment en raison de campagnes locales d’ingénierie sociale propageant ces applications malveillantes.
Comment demeurer en sécurité?
La bonne nouvelle est que ce logiciel malveillant bancaire n’utilise aucune astuce avancée pour assurer sa persistance sur les périphériques affectés. Par conséquent, si vous avez installé l’une des applications malveillantes décrites ci-dessus, vous pouvez les supprimer en allant dans Paramètres > (Généraux) > Gestionnaire d’application/Applications (ou Settings > (General) > Application manager/Apps), pour rechercher « StorySaver » et « Crypto Monitor » avant de les désinstaller.
Mauvaise nouvelle cependant : si vous avez installé l’une de ces applications sur un appareil sur lequel vous utilisez l’une des quatorze applications bancaires ciblées énumérées ci-dessous, les escrocs pourraient déjà avoir accès à votre compte bancaire. Nous vous conseillons de vérifier si votre compte bancaire contient des transactions suspectes et d’envisager sérieusement de changer votre code PIN.
Pour éviter de devenir la proie des logiciels malveillants mobiles à l’avenir, assurez-vous de toujours vérifier les évaluations et les critiques des applications, de porter attention aux autorisations que vous accordez aux applications et d’utiliser une solution de sécurité mobile réputée pour détecter et bloquer les dernières menaces.
Applications bancaires ciblées
Afficher éléments
Rechercher:
Nom de l’application
Nom du paquet
Alior Mobile
com.comarch.mobile
BZWBK24 mobile
pl.bzwbk.bzwbk24
Getin Mobile
com.getingroup.mobilebanking
IKO
pl.pkobp.iko
Moje ING mobile
pl.ing.mojeing
Bank Millennium
wit.android.bcpBankingApp.millenniumPL
mBank PL
pl.mbank
BusinessPro
pl.bph
Nest Bank
pl.fmbank.smart
Bank Pekao
eu.eleader.mobilebanking.pekao
Affichage des éléments 1 à 10 sur 14 éléments
PrécédentSuivant

Afficher éléments
Rechercher:
Nom du paquet
Chaîne de hachage
Serveur d'hameçonnage
in.crypto.monitor.coins
57A96D024E61F683020BE46173D74FAD4CF05806
nelis.at
com.app.storysavernew
757EA52DB39E9CDBF5E2E95485801E3E4B19020D
sdljfkh1313.win
Affichage des éléments 1 à 2 sur 2 éléments
PrécédentSuivant

Un merci tout particulier à Witold Precikowski, qui a porté à notre attention l’une de ces applications malveillantes.