LOOKING AHEAD TO 2015 - MALWARE

[Lee B]

FROM MALWAREBYTES:

 

Looking ahead: 2015

 

Ah, the security predictions! Everybody loves them, don’t they? Well, we’re not going to use our crystal ball for this one, but instead we, bloggers at Malwarebytes Unpacked, shared some of our thoughts on the trends we think will be most noticeable.

On the mobile side, we expect ransomware to be a major issue. We have already seen mobile malware variants that encrypt phone data and demand payment to retrieve. Pre-existing phone backup options will make this threat less severe, however many users still might be willing to pay to get their data back.

 

With more people using mobile devices to bank, it’s becoming more popular for malware authors to exploit. Creating a fake site that looks like a mobile banking site may be a bit easier for cyber criminals since many sites are limited to keep the data processing of the site low.

 

In the Exploit Kits world, there will be more fileless payloads. In an effort to circumvent detection a special breed of malware doesn’t leave a physical file on the system but rather only runs in memory. This will likely be a trend adopted by new and existing exploit families in 2015 and the antivirus and anti-malware communities will have to quickly adapt to contain the wave.

 

We expect a major Internet of Things (IoT) attack in the new year against an Internet connected device that was previously not connected. Take for example a thermostat that can be controlled over the internet.

 

Cloud security is now more important than Desktop security, this is due to the fact that users are uploading tons of personal data like images or documents to ‘cloud’ storage. This makes it easy for an attacker to gain access if they are able to compromise the account. In addition, with the trend of users making purchases, downloading games, songs, movies, etc. through cloud services, the attractiveness of these accounts has increased and we will see more of an effort against gamers and video/music streamers.

 

Potentially Unwanted Programs (PUPs) are a nuisance to the modern user because of their high requirements for system resources and constant bombardment of advertising.  However, we have seen numerous instances this year of PUPs actually going a step further and installing near-malicious and full-malicious software on the host system.  This trend may very well become more prevalent in the coming year as the war against junk software leads some developers to dabble in illegal activities to make a profit.

 

Phishers will continue to use sophisticated and effective tactics to get users to hand over their information. It’s also highly likely that, due to the bombardment of Personal Information stealing breaches at large companies, the pool of spear phishing targets will be larger and not just limited to the selected few (like executives)

[jklcpa]

I fell victim to a trojan that got through, and Malwarebytes helped me to clean up my machine and get rid of some junk bloatware too. Their forum exploded in late Oct or early Nov with those kinds of posts and A LOT of posts from victims of the ransomware too.

 

In addition to the AV and the Malwarebytes anti-malware software, I'm also running Malwarebytes Anti-Exploit and the free version of CryptoPrevent. Neither of these slow the computer down at all. They work by maintaining a list of software restriction policy path rules that won't allow malicious software to be installed.  It should stop those fileless payloads that try to add or change registry keys.

 

If anyone is interested in either of these, here are safe links to see how they work and how to download them:

 

Malwarebytes  - http://www.malwarebytes.org/downloads/

 

CryptoPrevent - https://www.foolishit.com/

Edited December 21, 2014 by jklcpa
added links

[mcb39]

I have used Malwarebytes for several years.   The Best Idea is to run it and use it.  It often picks up a Trojan or a PUP.  You need to keep it updated as well.  I also use AVG and CC Cleaner.  I use both AVG and Malwarebytes on my android tablet.  Both apps are downloadable from the Google store.  Prevention is the best cure.

[Medlin Software, Dennis]

Safe Hex is still the best prevention.  Know what you download and from where.  Know what sites you are opening.  Disable Javascript except for trusted sites.  TUrn off the preloading of web pages.  Don't open attachments you did not ask for - read questionable email in text format only.  Etc.

 

Personally, I will never pay for a protection program.  Those who depend on my payment have a much higher incidence of "false positives".  The idea being to get my payment, I have to see they are "doing" something.  There are plenty of free protection programs available which are very good.  What good is it to have a protection program when you have to turn it off to install and used trusted software?

 

Only use one at a time, but have another for cross checking.  Use virustotal to cross check against more than 50 protection programs "if" you get a hit in your two installed programs.

 

The piece which is usually not mentioned is a protection program can only accurately protect you from known threats.  They "guess" as to what might come down the pike, but often guess wrong.  Those wrong guesses cause people to tire of the incorrect warnings, and turn off the protection.  Nefarious folks (the experts, not the "script kiddies") know how to fool the guessing, it can be as easy as changing one letter in their code from upper to lower case, or vice versa...  If you ponder this a bit, we have had protection programs for many years, yet there are still new (really new, not just a rehash of some old scam) which hurt, since the protection programs can only guess at new things.  If a protection program really could protect you, there would be no more new scams... since they would never get past a "protection" program.  If you practice good safe hex, you do not need a protection program, and you will not get "hit".  On the other hand, we are all human, and a little protection can save us from a wanton keypress or click..

[mcb39]

Which means that you need to keep your protection programs up to date.  Update and run frequently.  Also, watch all of the things you do every day just as Dennis advises; downloads, links, etc.  I absolutely will NEVER click on a link from anyone.  Also, the protection programs that I use are all the free versions.  The other thing is; when you have a clean machine; backup, backup and backup.  If you ever do get hit, you can always restore to the clean version.  For complete harddrive backups, I use Ease Us to Do; a great and also free backup program.  For incrementals, such as tax files, I use jump drives. 

[Medlin Software, Dennis]

I neglected one other old time advice - don't be the person who thinks a new computer, USB stick, portable drive, etc., means no issues.  That new item was not always in your control, and may have an issue.  This is less frequent these days, but can still happen.  Like others have said for other topics, trust, but VERIFY.

[mcb39]

I neglected one other old time advice - don't be the person who thinks a new computer, USB stick, portable drive, etc., means no issues.  That new item was not always in your control, and may have an issue.  This is less frequent these days, but can still happen.  Like others have said for other topics, trust, but VERIFY.

 

Which is why I use alternating external drives for all of my system backups.  Your post is timely because I had issues last night with a brand new external HD.  Haven't solved the problem yet so will back up with a different drive today.

[Medlin Software, Dennis]

Computer hardware is likely to fail shortly after new, or several years down the road... not much in the way of failures in between.  The last time I looked, hard drives (for example) had a MTBF of about 3 years.  IIRC, this figure has been stable for many years.  The reason it is so low is because of the incidence of failure when new.  If you were to exclude failures when new, it is probably 5 or more years to average failure.

 

For backups, I have one local (never reuse media, use good CD's).  A local USB drive (one).  A set I take to another location.  A set on a server I control in a different geographic location.  A set on a public cloud backup system.  All are double encrypted by me before saving.  The real key though is routinely testing said backups (at least twice a year).  Backing up without testing is only slightly better than no backups.

 

My other "backup" is having a nearly instant way to reroute incoming phone calls, a second and third way to access internet, and alternate computers almost ready to go.  All of these which I can access from more than one location.  In my case, we do have natural disasters (earthquake and flood) in my community, which have both caused me to use part of my backup sustems in the last few years.  The worst was many years ago when we were without public utilitues for several days, and could not get across town due to all river crossings being unavailable.  That experience makes it easy for me to plan for failure, and not blink at time spent doing so, as failure does happen.

 

Fou our recent quake, the only unexpected item was the "luxury" of having a battery powered vaccum to clean up glass.  I now consider the battery vaccum a necessity... and have obtained several extra batteries as recharging from the cars took longer than I would have preferred.  Those car batteries and assuming some sort of generator or working vehicle, are our power lifeline.  Lived off them for 3 days during the '86 flood.