Tuesday, September 24, 2019

Hackers Can Now Use Fake Voices To Steal Money


You've almost certainly been seeing stories on the internet this year about the growing trend of Deep Fakes.

They are videos that are expertly engineered to give the appearance of some prominent figure or another saying something that he or she never actually said.

It's a clever, computer generated ruse.

The reason it's been making headlines is that Deep Fakes tend to be really good, which makes them notoriously difficult to spot. Their recent appearance, unfortunately, is negatively impacting the national dialogue on important issues.  After all, when you're looking at what appears to be evidence of a prominent figure saying something shocking, of course you're going to be inclined to believe your own eyes.

Naturally, it did not take the hackers of the world long to figure out a way to use this relatively new technology to their benefit.  Recently, a UK energy company's CEO was tricked into wiring more than $220,000 USD to a Hungarian supplier.  He believed that he had received verbal instructions from his boss to do exactly that, and merely complied with the order.

The only problem?  His boss issued no such order.  It actually came from a hacker using deep fake software to precisely mimic the voice of the executive demanding that his underling pays the supplier within the hour.

A spokesman for the company's insurance firm had this to say about the matter:

"The software was able to imitate the voice, and not only the voice:  the tonality, the punctuation, the German accent."

Energy company employees caught onto the ruse when the hacker made a similar demand a short time later that same day.  The second time though, the energy firm CEO called his boss personally, only to discover that he was simultaneously dealing with his fake boss and the real one.

There's no way to know how many times this has happened before, or how frequently it's happening now. Even worse, our ability to create deep fakes presently far outstrips our ability to detect them.  That should give business owners everywhere pause.

Protect your business from online threats such as deep fakes. Let SpartanTec, Inc. in Fayetteville set up security measures that will protect your company from such malicious software.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Monday, September 16, 2019

Popular PDF Creator App Found To Have Malware

Do you use the PDF Creator App called CamScanner?  If you do, you've got plenty of company.  Since the app was first published in 2010, it has been downloaded more than a hundred million times.

Unfortunately, Google recently pulled it from the Play store when they discovered that it began delivering malware to user devices.

For much of the app's life, its creators, Shanghai-based CC Intelligence, have relied on ads and in-app purchases to generate revenue from the app.  That shifted in recent months, and Kaspersky Lab discovered that recent versions of the app introduced a new library that contained a Trojan designed to deliver malware to Android devices.

According to a spokesperson at Kaspersky, the "malicious code may show intrusive ads and sign users up for paid subscriptions."  Granted, this isn't as bad as it could be, because intrusive ads are more of an annoyance than a genuine threat. However, the issue of unwanted paid subscriptions is a bit more worrisome.

Even so, based on their investigation into the matter, Kaspersky concluded that it was probable that this is simply a case of the developer accidentally using a malicious ad library.  It seems unlikely that they'd run the risk of ruining a reputation that's been nearly a decade in the making. This conclusion is underscored by the fact that the developers have removed the offending library from the most recent build of their app.

Unfortunately, this kind of thing is all too common.  There are a disturbing number of instances where legitimate apps have been found to be using poisoned libraries, so in that regard, CamScanner is as much a victim as the users who wound up with paid subscriptions.

Even so, kudos to Kaspersky, Google and CC Intelligence for swift, decisive action. If you use the app and have been noticing intrusive ads, be sure to upgrade to the latest version as soon as possible.

Don't leave your computer or network unprotected against online threats. Call SpartanTec, Inc. in Fayetteville and let our team help you keep your information and business safe from possible breaches.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Thursday, September 12, 2019

Watch Out For Old Hacking Technique Offering Free Downloads

An old hacking technique is getting new attention from hackers around the world, and it underscores the fact that people must exercise extreme caution when it comes to deciding who to trust and where to download files from.

Hackers have long been in the business of spoofing legitimate sites; making exact replicas of popular websites offering a variety of free downloads.

Of course, instead of getting genuinely useful code, you find yourself on the poisoned domain. Rather than the legitimate site, what you download will be malware of one type or another.

The most recently discovered instance of this involves the Smart Game Booster site.  It's a legitimate piece of code that helps to improve the performance of the games you play, and it has become popular enough that it's caught the attention of at least one hacking group. That group cloned the site and pretends to offer the same product.

In this case though, the malware the hackers deploy is one of the more insidious we've seen.  Unlike many malware attacks which latch onto a system with a persistent presence, this one runs only once and then deletes itself. Even more alarming is that it leaves no trace that it was ever there.

When it runs, it scans the infected device for passwords, your browser history, any cryptocurrency wallets you may have, and a wide range of other critical files.  It collects these and sends all the data to its command and control server, and then self-destructs.

With no outward sign, many users will be completely unaware that there's a problem until they start seeing suspicious charges on credit cards, noticing funds being removed from bank accounts and the like.  By then of course, it's far too late.

The bottom line here is simple:  Be mindful about where you download files from.  Check your URLs, and unless you can avoid it, never stray far from the big, well-respected sites like the Apple Store, Microsoft Store, or Google Play Store.  It's just not worth the risk.

Call SpartanTec, Inc. in Fayetteville and let our team help you find out if your network or computer has been breached. Our IT staff will also set up the most effective measures to make sure that you and your business are protected against the most common yet vicious online threats.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Thursday, September 5, 2019

Study On Passwords Shows People Still Use Breached Passwords

Google recently released a large-scale password study that will probably give every IT manager in the country heartburn. The results of their study indicate that a disturbing percentage of users continue to use passwords after they've been warned that those passwords have been compromised.

One of the most common tactics hackers employ is called 'password spraying.'  It's a simple technique.  The hackers simply try several compromised passwords (even if they've been floating around the Dark Web for months) thinking that a surprising percentage will still work.  Google's study confirms the hackers' beliefs to be true.

Right now on the Dark Web, there are more than 4 billion passwords known to be compromised.  The scope and scale of the problem is staggering. Worse, the users who have compromised accounts are, as a rule, slow to do anything to mitigate the danger.  According to the results of the study, only 26.1 percent of users who saw an alert indicating a compromised password bothered to change it.  Barely one in four.

Even when users did bother to change their passwords, 60 percent of the time, the new password was found to be vulnerable to a simple guessing attack. Although in fairness, 94 percent of changed passwords wound up being stronger than the previous one.

To collect the information, Google relied on a newly offered Chrome extension called Password Checkup, which it claims is superior to Firefox's Monitor and the "Have I Been Pwned" website.
The company contends that these other solutions could be exploited by hackers, summing it up as follows:

"At present, these services make a variety of tradeoffs spanning user privacy, accuracy, and the risks involved with sharing ostensibly private account details through unauthenticated public channels...For example, both Firefox and LastPass check the breach status of user names to encourage password resetting, but they lack context for whether the user's password was actually exposed for a specific site, or whether it was previously reset.

Equally problematic, other schemes implicitly trust breach-alerting services to properly handle plaintext usernames and passwords provided as part of a lookup.  This makes breach alerting services a liability in the event they become compromised (or turn out to be adversarial)."

Call SpartanTec, Inc. in Fayetteville now. Our team will determine if your passwords are compromised and help you set in place security measures that will minimize the risk of online breach.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto