Categories
Apps

6 accounts you should never abandon

Add Your Heading Text Here

Share it:

Can you recall every online service account you have? Maybe you signed up to access some content or because a friend asked you to, then lost interest. Many users simply stop logging in and don’t bother to delete their accounts. The accounts sit there, dormant, waiting to be hacked — but if they are, you won’t know about it anytime soon, if ever.

Abandoned account: What could go wrong

Does it really matter what happens to an unwanted profile, though? If it gets hacked, so what? You didn’t need it anyway. However, in some cases, an abandoned account can be exploited to gain access to resources and important information that you do need. Here’s what you need to know

  1. Social network accounts

Few people regularly check their accounts in all of their social networks. Say, for example, a person creates a Facebook profile, uses it to log in to Instagram and other services (handy, right?), and then realizes he doesn’t actually need Facebook — not an uncommon scenario. Sure, the social network continues to send e-mail notifications if the user didn’t bother to disable them, but they get filtered into a separate folder that he quit checking long ago.

Again, a more-than-plausible scenario. When the user receives an e-mail warning that someone logged into his account from an unknown device, he doesn’t see it. The cybercriminals who logged in have a free shot at the accounts linked to Facebook. They will also probably have time to sting some of the victim’s friends or followers on Facebook.

What to do

Set up two-factor authentication. Lots of services offer it; here are our posts on setting up security, including 2FA, in Facebook and Twitter.
Enable notifications about account logins from unknown devices — and pay attention to them.   
  1. Backup e-mail address

Many people set up a separate e-mail account for mailings and notifications so as not to clutter up their main mailbox, and use it for registering everything and anything, including profiles with important data. And no incoming e-mails there are from real-life people, so they don’t check it very often. Therefore, they may not notice for a long time that their backup e-mail has been hacked — at least not until they lose access to a very important account.

What to do

Enable two-factor authentication for this account.
Set up forwarding of messages from this mailbox to a separate folder in your primary e-mail account.
  1. Password manager

What if you saved your account credentials in a password manager, and then decided to replace it with a different app? The profile in the old manager doesn’t go anywhere, and neither do the passwords in it (half of which you probably didn’t change). If someone gains access to this profile, they will be able to get into your accounts. And even if you do discover the theft of an account, it won’t be immediately obvious how the cybercriminal got hold of the password for it.

What to do

Delete accounts in password managers if you no longer use them

How to avoid problems with abandoned accounts

As you can see, even an unneeded account can cause a lot of problems if hijacked. Preventing a problem is much easier than dealing with its consequences. Therefore, we recommend that you keep track of your accounts. Here are some general handy tips:

Recall which online services you have registered for. Check which phone numbers and e-mails your accounts in social networks, online stores, banks, and other important services are linked to, and unlink all current profiles from inactive phone numbers and mailboxes.
If you log in somewhere through Facebook, Twitter, or Google, or keep an additional e-mail or phone number for newsletters, public Wi-Fi, etc., check those accounts from time to time.
If you decide to stop using a password manager, online store, or social media account, delete your accounts in these services.
Turn on account login notifications in services that have this option — and review those notifications promptly.
Use a security solution such as Kaspersky Security Cloud, which will notify you of leaks in services you use.
Categories
Internet Security

Major Airport Malware Attack Shines a Light on OT Security

Add Your Heading Text Here

Share it:

A cryptomining infection managed to spread to half of all workstations at a major international airport in Europe – shining a spotlight on security for operational tech and IT convergence.

Researchers at Cyberbit found the XMRig Monero mining malware, which was a known strain called “Playerz,” but which skated by antivirus solutions on the endpoints by adding a new tweak.

The malware “was modified just enough to evade the vast majority of existing signatures for it” according to Meir Brown, head of research at Cyberbit, adding that it was detected by only 16 out of 73 detection products on VirusTotal.

“The modification was really simple: the MD5 was modified, however, the attacker kept the use of the original tools and even the original file names…which is an indication of simple modification, nevertheless this was sufficient to evade most AV products,” he told Threatpost.

The malicious mining activity also raised no red flags with airport personnel, according to an analysis posted this week by the firm.

“Its business impact was relatively minor, limited to performance degradations leading to quality of service and service interruptions, as well as a significant increase in power consumption throughout the airport,” the analysis noted. “The malware may have been used for months.”

This is the advantage of cryptomining for financially motivated threat actors, according to Brown: Persistence.

“We see growing usage of cryptominers in recent attacks and we see a trend to switch from ransomware to mining,” he told Threatpost. “Since ransomware attacks are more visible by nature they tend to ‘burn down’ faster. In this specific attack the malware was active for months without any indication.”

Cyberbit was tipped off to the presence of the malware while installing a security solution at the location. It observed the PAExec tool being used, which is a legitimate service used for running Windows programs on remote systems without having to physically install software on those systems. The suspicious part was that it was used several times in a short period to launch an application named player.exe.

Further, once up and running, player.exe was seen using reflective DLL loading, which the firm said is a technique for remotely injecting a DLL library into a process without using the Windows loader, thus avoiding having to access the hard drive. In short, it was clear that a remote user was attempting to stealthily access the network – multiple times.

Further digging uncovered that PAExec was being used to escalate privileges and execute the coinminer in system mode, so the miner would take priority over any other application for the use of workstation resources. Then, the reflective DLL technique was employed to load additional DLLs from memory for the cryptocurrency miner, meaning that “the file is not fetched from the hard drive and would not go through file-based detection systems like AV and most NGAV systems,” according to Cyberbit

While in this case the attackers were looking to mine Monero cryptocurrency, the fact they were able to infiltrate the network remotely and spread laterally to 50 percent of all workstations – while remaining hidden – is alarming, Brown said – especially given the unique security issues and threat surfaces present at airports.

“With the increased convergence of IT and OT networks, we strongly urge airports to also ramp up the protection of their OT network, which is used to control physical airport systems,” the firm concluded.

source: Threatpost

Categories
Internet Security

Five sources to find malware samples for testing.

Add Your Heading Text Here

Share it:

In this article, we will list five sources where you can find malware samples for testing.

Usually malware researchers search for malware samples, analyze them statically or dynamically and build a defense system via python-yarato detect similar malware.

Those interested in analyzing malware samples can grab samples for testing by visiting the following sources:

ANY.RUN is malware service that provides a collection of tools for malware researchers to analyze malware samples and even generate reports. You can retrieve malware samples submitted by other researchers to analyze.

Das Malwerk

You can also download malware samples from Das Malwerk. Unlike ANY.RUN, Das Malwerk does not provide service or tools for malware researchers to analyze malware samples on their platform.

Thus, you need to have a pre-built malware lab to test those samples. If you want to download malware samples from Das Malwerk, you do so at your own risk.

Objective-See

Are you malware researcher looking for mac-based malware samples to test, you can find some from Objective-See.

Again, you download malware samples from Objective-See at your own risk.

  • theZoo

    theZoo provides a repository of malware samples for malware researchers via Github.

This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

You can collect malware samples too from HybridAnalysis.

Source: Michael