7.1.17

Children in a digital world ‘need lessons in online safety’

The Children’s Commissioner for England has called for more to be done to help educate children in online safety in a new study titled Growing Up Digital.
Anne Longfield said that it is “wholly irresponsible” for youngsters to spend time in a digital world, without appropriate education.
The year-long study found that across a number of online activities, children are effectively out of their depth.
Consider social media as an example – when accessing these services, young people are often unaware of what they have signed up to.
This includes “impenetrable” terms and conditions that impact on their privacy, as well as ownership of the content they produce on these social channels.
Longfield has now called for a digital ombudsman to be created, to ensure that children growing up in the digital world have a representative at the highest level.
“I urge the government to extend the powers of the Children’s Commissioner so that there is independent oversight of the number and type of complaints that social media providers are receiving from young people,” she added.
“When the internet was created 25 years ago, the internet was not designed with children in mind. We need to rethink the way we prepare children for the digital world”.
Growing Up Digital has advised that every school in England should be made to deliver “digital citizenship” study programs.
The paper also recommends that social media companies rephrase their terms and conditions in order for children to fully understand them and thus be able to make appropriate decisions online.
Baroness Beeban Kidron, a member of the Growing Up Digital steering group, observed that there was currently “a yawning gap in [children’s] digital education and an unsustainable situation where the long established rights of children are not applied online”.



6.1.17

ESET Discovered a Variant of the Destructive KillDisk Malware that Encrypts Linux Machines



A new variant of KillDisk malware linked to the infamous Black Energy group encrypts Linux machines and demands a huge ransom, but is not capable of decryption.

The new variant of KillDisk encrypts Linux machines, making them unbootable with data permanently lost. Despite the fact that the malware’s design doesn’t allow for the recovery of encrypted files, as encryption keys are neither stored nor sent anywhere, the criminals behind KillDisk demand 250 thousand USD in Bitcoins. Fortunately, ESET researchers found a weakness in the encryption employed which makes recovery possible, albeit difficult.

“KillDisk serves as another example of why paying ransom should not be considered an option. When dealing with criminals, there’s no guarantee of getting your data back – in this case, the criminals clearly never intended to deliver on their promises. The only safe way of dealing with ransomware is prevention. Education, keeping systems updated and fully patched, using a reputable security solution, keeping backups and testing the ability to restore – these are the components of true insurance,” says Robert Lipovský, ESET Senior Researcher.

KillDisk is a destructive malware that gained notoriety as a component of the successful attack performed by the BlackEnergy group against the Ukrainian power grid in December 2015. More recently, ESET researchers detected planned cyber-sabotage attacks against a number of different targets within Ukraine’s financial sector. Since then, KillDisk attack campaigns have continued, aimed at several targets in the maritime transport sector.


The attack toolset has evolved and recent variants of KillDisk serve as file-encrypting ransomware. Initially targeting Windows systems, the version targeting Linux machines - not only affects Linux workstations but also servers, amplifying the damage potential. 

ESET publiceert zijn jaarverslag van de meest kwetsbare componenten in Microsoft Windows

Het researchteam van ESET publiceert zijn jaarlijks rapport ‘Windows exploitation in 2016’. Dit document telt 25 pagina’s en geeft een frisse kijk op de hedendaagse beveiligingseigenschappen in Windows 10. Naar goede gewoonte bevat het rapport  niet enkel informatie over de kwetsbaarheden waaraan tijdens de voorbije 12 maanden verholpen werd in de versies van Windows die nog door Microsoft ondersteund worden, maar ook de misbruiktrends voor Windows en Microsoft Office.

Daarbij worden ook heel wat andere onderwerpen besproken zoals de maatregelen die Microsoft risicobeperkend noemt en die een krachtige aanpak bieden om de exploitatie van kwetsbaarheden van verschillende types te verhinderen. Windows 10 heeft nieuwe types risicobeperkende maatregelen ingevoerd die al in Windows componenten en web brouwsers gebruikt worden. Dit punt wordt in detail besproken.

Daarnaast bevat het rapport heel wat informatie over firmware security. Het onderzoekt ook de veiligheidsfunctionaliteiten die zowel in hardware als in de moderne versies van Windows werden ingebracht. Bovendien is er ook een speciale sectie gewijd aan de inlichtingen gepubliceerd door de hackers van Shadow Brokers, die verondersteld worden tot de Equation groep te behoren.

Het rapport bespreekt ook volgende onderwerpen:
·     Statistieken over gepatchte kwetsbaarheden in de door Microsoft ondersteunde versies van Windows, zijn componenten, de web browsers en Office. 
·      Informatie over de soort vrijgegeven updates, wat dit ons vertelt over de misbruiktrends en een vergelijking van de statistieken 2016 met deze van 2015.
·     Een grondige kijk op de risicobeperkende maatregelen in de recente versie van Windows, met inbegrip van CFG, KASLR en Virtualization Based Security.
·      Informatie over de doeltreffendheid van de beveiliging van de voornaamste web browsers en hun gebruik van de risicobeperkende maatregelen van Windows.
·   Een afzonderlijke sectie over de misbruik van legale third-party drivers om SYSTEM privileges op een besturingssysteem te verkrijgen.
·       Informatie over nieuwe EMET risicobeperkende maatregelen.

De gebruikers worden eens te meer herinnerd aan het belang van beveiligingsupdates voor software, besturingssystemen en PC fimware. Het research team denkt dat zowel Microsoft als andere vendors snel patches voor kritische kwetsbaarheden proberen vrij te geven alsook nieuwe veiligheidsfunctionaliteiten om misbruik op een proactieve wijze te stoppen.

Download het volledige rapport op



1.1.17

Cyber-savvy New Year’s resolutions you’ll want to keep

For many, the New Year is a great time for starting afresh and improving on behaviors and actions from the previous year. As a result, many of us turn our attention to New Year’s resolutions – setting goalposts for the year ahead. While losing weight, quitting smoking or hitting the gym are all popular resolutions, it’s worth giving thought to your relationship with technology too.
The problem with today’s New Year’s resolutions is that they’ve become all too complex. As Confucius said, “life is really simple, but we insist on making it complicated”.
Rather than set ourselves obtainable goals, we set ourselves too much to achieve at once. Take the popular weight loss resolution as an example; lots of people sign up to the gym in the New Year, cut out drinking and junk food, and attempt to turn themselves into the ultimate healthy eating chef. By adopting an extreme approach like this, we set ourselves up for failure. Instead, small, achievable, time-bound goals hold the answer.
7 steps to a cyber-savvy 2017
1. A different kind of detox
One New Year’s resolution you might not have considered is a digital detox. Yes, a New Year’s resolution and being kind to yourself can go hand-in-hand. Achieving a healthier balance between real life and technology will see you reap rewards such as improved focus and more restful sleep.
In fact, Ofcom’s Communications Market Report 2016 found that our reliance on the Internet is negatively impacting our personal and working lives. In a study, which saw Internet users go offline for a period of time, the majority of participants reported a positive experience. A third said they felt more productive, 27% found it liberating, while a quarter said they enjoyed life more. The key to making a digital detox a success, however, is setting realistic goals. Instead of switching off from technology completely, choose one day a week to switch off. Alternatively, why not turn off all your technologies at 7 pm each night, spending your evening winding down and enjoying better sleep.
2. Get cyber security fit
The same principles apply to cyber security. Instead of changing all your passwords on the first day of the New Year and logging out of all your social media accounts, take a longer-term approach and implement small steps.
To make sure you’re in the best shape possible when it comes to cyber security, we recommend that you:
3. Install antivirus and malware software
Perhaps you decided to ditch the antivirus software a while back or maybe your subscription has run out. Whatever your reasoning for not having antivirus software, we suggest you invest in it now. Without it, you are at even higher risk of innocently downloading malware or becoming victim of a scam. As ESET researcher Aryeh Goretsky says, antivirus certainly isn’t dead.
4. Update all software regularly
Software updates seem to pop-up at the most inconvenient of times – but patching your device in a timely manner is essential in protecting against attack. Software updates for programs – including Microsoft and Internet Explorer, as well as your mobile devices – contain vital security upgrades, which help to protect your device.
5. Start becoming password savvy
If you use the same password for all devices and accounts, it’s time to change. Weak passwords or re-used passwords make the work of a cybercriminal easy.
Begin the New Year by creating secure, complex passwords or passphrases for all your accounts. Don’t stop at this step though. Set a reoccurring appointment in your calendar to change your passwords regularly and make password management a new habit.
6. Keep social media accounts but treat them with caution
Instead of deleting or logging out of all your social media accounts, why not adopt a more balanced approach? Use social media accounts on an ad hoc basis rather than scrolling through your feed all day.
It’s also important to be conscious of what you post on social media and to secure your accounts – you don’t want to give too much away. Announcing your birthday or that you’re away on holiday can be dangerous when the information falls into a cybercriminal’s hands.
7. Apply cyber safe thinking to all devices
Did you know that devices like your mobile are also subject to attack? With all internet-connected technologies at risk of being compromised, it’s essential that you applying all the same thinking and security practices to all your devices; not just your laptop.

Implementing these small but effective changes in your behavior and technology usage could make a huge difference in 2017. Remember, it’s steady, progressive steps, rather than extremities, that win the race.