Tag Archives: Kaspersky Labs

Ransomware Threat Growing for Phones

There’s been a scary increase in successful ransomware attacks against large organizations this year. Specifically, hospitals have found themselves at the mercy of hackers who demand ransom payments to unlock critical system files. Recently, there have been signs that these criminals have moved on to universities, too. The University of Calgary admitted to Canadian media last month that it paid a $20,000 ransom “to address system issues.”

But individuals have something new to worry about. A new report from Kaspersky Lab says its detection rate for mobile ransomware—malicious software targeting smartphones and demanding ransoms—quadrupled in one year.

It’s easy to see why phone ransomware would work. Consumers fly into a panic when their phone battery dies; imagine what it’s like to see a message saying your phone is locked, and a $100 payment is required to unlock it.

See also: Ransomware: Your Money or Your Data!  

Kaspersky says some ransomware criminals simply require that mobile victims type in an iTunes gift card number to free the device. I’ve written recently about the increasing use of Apple card payments for fraud.

A combination of easy, anonymous payments and off-the-shelf copycat software tools makes mobile ransomware a new and potentially dangerous threat, both to consumers and to the companies that employ them.

The numbers tell the story: From April 2014 to March 2015, Kaspersky Lab security solutions for Android protected 35,413 users from mobile ransomware. A year later the number had increased almost fourfold to 136,532 users.

It’s unclear from the report how users encounter mobile ransomware in the first place, though at least some get it when visiting porn sites and are tricked into downloading and installing malicious software.

“The extortion model is here to stay,” Kaspersky says in its report. “Mobile ransomware emerged as a follow-up to PC ransomware, and it is likely that it will be followed up with malware targeting devices that are very different from a PC or a smartphone. These could be connected devices: like smart watches, smart TVs, and other smart products including home and in-car entertainment systems. There are a few proof-of-concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time.”

See also: Ransomware: Growing Threat for SMBs  

Kaspersky offers these tips to consumers:

  • Back-up is a must. If you ever thought that one day you finally would download and install that strange boring back-up software, today is the day. The sooner back-up becomes yet another rule in your day-to-day PC activity, the sooner you will become invulnerable to any kind of ransomware.
  • Use a reliable security solution. And when using it, do not turn off the advanced security features, which it most certainly has. Usually these are features that enable the detection of new ransomware based on its behavior.
  • Keep the software on your PC up-to-date. Most widely used programs (Flash, Java, Chrome, Firefox, Internet Explorer, Microsoft Windows and Office) have an automatic update feature. Keep it turned on, and don’t ignore requests from these applications for the installation of updates.
  • Keep an eye on files you download from the internet, especially from untrusted sources. In other words, if what is supposed to be an mp3 file has an .exe extension, it is definitely not a musical track but malware. The best way to be sure that everything is fine with the downloaded content is to make sure it has the right extension and has successfully passed the checks run by the protection solution on your PC.
  • Keep yourself informed of the new approaches cyber crooks use to lure their victims into installing malware.

More stories related to ransomware:
Understanding ransomware helps organizations devise solutions
Cyber criminals use ransomware to hook big fish
With rise of ransomware, keeping intruders out of network is crucial

This article originally appeared on ThirdCertainty. It was written by Bob Sullivan.

Cyber Risk: Is It Worth All the Pain?

With an onslaught of bad recent cyber news, is cyber risk worth the trouble, and how should corporate directors be looking at this issue? The recent news is the high-profile breach of 4 million employee records at the U.S. Office of Personnel Management by alleged Chinese hackers and the news that even the security experts are getting hacked, with Kaspersky Labs reporting a breach supposedly committed by a nation state.

President Obama also made cyber security an emphasis of his G7 talks in Germany, commenting that the U.S. government needs to be more “nimble, aggressive and well-resourced” to combat this threat. He also urged the U.S. Congress to pass the 2015 Cybersecurity Information Sharing Act, a first step in a coordinated and systemic public/private response to cyber risks.

The attacks show no signs of slowing. PwC’s 2015 Global State of Information Security Survey indicates a compound annual growth rate of 66% for cyber incidents since 2009. The 10,000 respondents to the survey reported almost 43 million detected incidents during 2014 alone—or 117,339 incoming attacks every day of the year.

Is cyber security risk worth it? Yes, but with a caveat. Without a doubt, the many innovations currently taking place with today’s information technologies open up many new vulnerabilities. Risks are now difficult to isolate, and a protect-and-defend model is not effective against the systemic risks inherent across any corporate ecosystem.

Attacks can also come from a growing list of sources, including hacktivists, foreign and domestic nation-states, customers, employees, partners, consultants, competitors, organized crime and the bored neighbor kid living in the basement and surviving on a diet of Cheetos, Red Bull and your weak IT security infrastructure. The direct and indirect costs of mounting an effective cyber security defense are only getting more expensive, and the risks are only increasing.

Despite this, these technologies also have an upside—a significant one as they are now competitive table stakes, as new business tools always are. These tools are changing market dynamics and customer preferences, and the technologies embody distinct economic advantages such as the lowering of transaction and engagement costs. Business models and competitive advantages are changing as a result of these tools.

These tools are shaping and defining business success, but the risks are holding many companies back. Which takes us to the caveat. The upside of these technologies outweighs the downside.

Cyber is worth the risk, but boards, directors and managers need to be looking to exploit the business advantages of these tools, while at the same time mounting a “a nimble, aggressive and well-resourced” approach to mitigating these incessant risks.

This is easier said than done; 89% of companies listed on the Fortune 500 in 1955 are no longer on the list. Business cannibalizes the companies that can’t capitalize on the opportunities presented by changing market conditions, including new technologies.

Directors need to be diligent in overseeing cyber risk as part of a comprehensive IT governance and enterprise risk governance approach. But they also need to be on top of governing cyber opportunity—that’s the only way that they can make cyber security risk worth it.