The holiday season is coming up and we expect that many will opt to shop online to avoid the big crowds in city centers, malls and stores.
In America, Cyber Monday, the cyber version of shopping day Black Friday, was born in the mid 2000s. Cyber Monday sales have steadily increased since its inception and according to IBM Digital Analytics, sales grew 8.5% in 2014. According to ComScore, purchases are now also being made from smartphones with overall spending from mobile devices in the millions.
Americans aren’t the only ones who have embraced Cyber Monday, many other retailers around the world have come together to offer deals on the Monday after U.S. Thanksgiving and in China, Singles’ Day (November 11th) has become a major ecommerce day with 27,000 online merchants participating in 2014.
This is not only an exciting time for online retailers and online shoppers but also for cyber criminals. I spoke with our senior malware analyst, Jaromír Hořejší about how cybercriminals are preparing for Cyber Monday:
The season finale of Mr. Robot left me asking myself many questions. The big question that most of the characters in the show asked themselves as well was: Where is Tyrell?
What exactly happened while Elliot was in Tyrell’s car? Did Tyrell execute the plan to bring down E Corp or did Elliot? Why is Angela now working for E Corp? Who really put that video of Elliot falling from the boardwalk on the James Bond-like sunglasses USB stick? Did Angela really have to go shopping for designer shoes after James Plouffe’s suicide? Does she not own more than one pair of high heels? Who is knocking on Elliot’s door at the end of the episode?
I admit, I initially stopped watching as the credits came, but then I read online that that was a big mistake. There is a scene that comes after the credits, which, of course, left me asking myself two more questions: Why is White Rose meeting with the CEO of E Corp? Does E Corp really know that Elliot is behind the take down?
However, one very important question that I have been asking myself for the last 15 years was finally answered in this episode. FSociety let the dogs out.
In addition to the numerous plot questions, I had two technical questions after watching the episode. I sat down with senior malware analyst, Jaromir Horejsi, who kindly answered my questions for me.
This week’s episode of Mr. Robot continued from where it left off last week, focusing on the show’s characters rather than hacking methods. We see Elliot struggle with himself as he figures out that Mr. Robot is his dad (who died years ago), who he has been imagining in his mind. Meanwhile, Tyrell’s world is crumbling. His wife gave birth to a baby boy, but tells him she does not want to be with him unless he “fixes things”. He then gets fired from E Corp and remains as the prime suspect in Sharon’s murder investigation. It doesn’t look like Tyrell did a very good job of fixing things, if you ask me…
Despite the lack of hacking, I did have a few questions about the final scene of the episode. I spoke with my colleague, senior malware analyst Jaromir Horejsi, who helped me better understand FSociety’s plan.
In the last scene of the episode, Tyrell pays Elliot a visit. Tyrell tells Elliot about how he murdered Sharon and how surprisingly good that felt. Elliot then decides to tell Tyrell about his plan to take down E Corp. Elliot explains to him that by encrypting all of E Corp’s files, all of their financial records will be impossible to access as the encryption key will self-delete after the process completes.
This week’s episode answered A LOT of questions — we met the infamous White Rose and found out why the Dark Army backed out of the planned takedown of Steel Mountain a few episodes ago, we found out why Cisco blackmailed Ollie into infecting AllSafe with malware and we (kind of) found out who Mr. Robot and Darlene really are! Although many of my questions were answered in this episode, I also found myself asking “what?” and “why?” throughout it. What is a honeypot? What is reverse engineering and why is Tyrell talking to Mr. Robot? Why is Tyrell happy about Fsociety hacking E Corp? I turned to my colleague Ivan Jedek, malware analyst at Avast, to get some answers to my questions. Read more…
In February, Avast launched the world’s first free, easy to use, cloud-managed security offering, Avast for Business, protecting SMBs from viruses and cyberattacks. We conducted a survey amongst our Avast for Business users in the UK to gain further insight into how local SMBs handle their security.
Nearly three-quarters (73%) of respondents said that 100% of their company’s employees use the Internet. Businesses, whether small or large, retail or non-profit, often have a database of valuable customer data, making them an attractive target for cybercriminals.
Cybercrooks use social engineering to attack businesses, tricking employees via phishing scam to, for example, gain access to a company’s network. Despite the high number of data breaches, 57% of SMBs in the UK invest only 0-2% – little to nothing – of their IT budget on security.
Who handles IT support services for SMBs in the UK?
- 1 out of 10 said an employee (not a designated IT admin) handles the company’s IT support services
- Nearly 50% have an in-house technician
- 1 out of 10 have an external supplier/technician handles the company’s IT support services
- 28% of SMB business owners handle their company’s IT
More than half of SMBs in the UK allow their employees to access company data from their personal devices. Bring your own device (BYOD) is a convenient practice SMBs have embraced, as it saves costs and encourages productivity.
However, BYOD can be risky, if not handled properly. Not only can hackers target the device to gain access to sensitive corporate information, but if the device is lost or stolen, the company data stored on it goes with the device. More than half (52%) of SMBs authorize employees to access corporate data on personal devices, yet the majority (54%) doesn’t run a BYOD scheme.
Losing valuable and confidential data (31%) is the greatest security risk to UK SMBs along with productivity (23%) and losing customers (16%). We asked our business users if a virus or threat had infected them before switching to Avast for Business. When it came down to it, threats and hacks cost six out of 10 businesses productivity, followed by data loss (19%).
Types of security solutions SMBs used prior to switching to Avast for Business:
- More than half (55%) used free consumer security solutions
- 23% used premium business security solutions
- Nearly one out of ten used premium consumer security solutions
- Nearly one out of ten either do not know what kind of security solution they used before switching to Avast for Business or did not use any security solution (3%)
If your SMB has a low IT budget or if your business is currently using a consumer security solution, make sure you check out Avast for Business. Avast for Business is FREE and can be downloaded here.
This week’s episode was pretty intense — although not so many hacks took place, this week focused on meaningful development of the show’s characters. The episode opened with a flashback to when Elliot and Shayla met; we now know where he got his fish and that he is the reason Shayla got involved with Vera. Then we move onto Angela, who has gone forward with her plan to get justice for her mom’s death, but she isn’t the only one on a mission. Tyrell continued in his fight to become CTO of E Corp – going a little too far (even for his own comfort) during his private time with Sharon, the wife of the newly-appointed E Corp CTO.
Despite the fact that there were no major hacks, there were a few interesting scenes I sat down to talk about with my colleague, Filip Chytry, security researcher at Avast.
This week’s episode of Mr. Robot was an exciting one for us here at Avast – our product made an appearance on the show! In addition to the exploit Avast blocked, there were many other interesting hacks in this week’s episode, which I discussed with Avast security experts, Filip Chytry and Jiri Sejtko.
Minute 7:00: Elliot is in his apartment with Isaac and DJ. Something about Vera’s brother, Isaac, bugs Elliot and what does Elliot do when he is bugged by someone? He hacks them!
Stefanie: We see Elliot once again turn to the Linux distribution, Kali, to hack Isaac’s cell phone. He seems to do this within a matter of seconds, how easy is this to do? Later on, when Elliot visits Vera in prison, we learn what Elliot plans to auto-send information from Isaac’s phone to himself. This seems really intrusive and couldn’t Isaac just get a new phone?
Filip Chytry: This is a more advanced hack and unless Elliot had everything prepped before they entered his apartment, this would taken a lot more time to execute (but this is a TV show, so things sometimes happen faster on TV then they do IRL). The Linux distribution Kali, a popular tool for penetration testing, can be used to plant code on a device. But, Isaac’s phone would have had to be connected to either Elliot’s Wi-Fi network or Elliot could have set up a fake Wi-Fi hotspot using a popular network name like “Starbucks Wi-Fi” or “ATT Wi-Fi”, a Wi-Fi network Isaac’s phone had connected to before and would connect to automatically. Elliot would then use Kali to exploit a vulnerability in Isaac’s phone and plant code to send information from the phone to Elliot’s chosen destination. Since Elliot told Vera about this, Vera could have told Isaac and Isaac could have gotten a new phone, but Isaac was not given a happy end in this episode…
Get your small business up and running with free software.
Getting a new business off the ground is not an easy task and can be quite costly, but there are a lot of free software and services available online that your new or small business can use as an alternative to paid-for products.
Here is a list (in alphabetical order, so no favorites ) of some you will find useful:
Avast for Business – cloud-managed security
Avast not only provides consumers with free security, but we also provide small and medium sized businesses with free cloud-managed protection. Avast for Business is easy to install and can be managed from anywhere and at anytime.
Facebook Page – alternative to building your own website
If you’re a restaurant owner or a small boutique you could also, either in addition to or instead of hosting your own website, create a Facebook page for your business. You won’t be able to sell items online, but you can add your business’ address and directions, opening hours, a description of your business and post images and status updates to inform your customers of new items on your menu or of new items available for sale in your store.
Fundera – loans for your business
Fundera is a free service that offers you loan options and lets you choose the one best suited for your small business. All you need to do is fill out a short questionnaire and then you are presented with loan products, lenders and rates and can apply to the lenders that fit you best with only one application.
The major theme of this week’s Mr. Robot episode revolved around vulnerabilities. As much as we sometimes try to deny it, we all have weaknesses. Cybercriminals, being the intelligent people they are, unfortunately often use their smarts for evil. They know that it is human nature to have weaknesses since no one is perfect, and they exploit these weaknesses using a tactic called social engineering.
“People make the best exploits”
Whether directly or indirectly, humans and the software they create can be exploited via their weaknesses and vulnerabilities.
FSociety penetrates Steel Mountain, E Corp’s data security center, by exploiting human weaknesses. We first see this happen when Elliot exploits Bill Harper, a sales associate at Steel Mountain, by dismantling his self-worth and telling him that no one in his life really cares about him. Elliot then requests to speak to someone who matters and Bill, disheartened and humiliated, calls his supervisor.
To FSociety’s surprise, Trudy comes instead of Wendy, the supervisor they were expecting and were prepared to utilize to get into the next level of Steel Mountain. This slightly throws off FSociety for a few seconds, but they make a quick comeback by doing a bit of online research. They learn that Trudy’s weakness is her husband and use a Linux distribution called Kali to send her a text message appearing to be sent from her husband saying that he is in the hospital. I researched more about this tool and found out that when using it, it is possible for anyone to spoof SMS and make messages appear as if they are from a number the recipient knows — a trick that is also employed in fraud emails.
The interesting thing about this, though, is they say they do not have Trudy’s number, just her husband’s number. Yet, they type her number into the program to send the message.
Windows 10 will be launching in T-minus seven days and will be offered for free within its first year of availability to Windows 7 and 8 users. Not only will the beloved Start button be back in Windows 10, but Windows 10 will also include a personal assistant, Cortana. What’s more, the new operating system will introduce many promising security features and a new browser.
Hello there, Windows Hello and Passport!
Windows Hello is biometric authentication that either scans your face, iris or fingerprint to access your Windows 10 device – very secret agent-like security! By doing so, Windows Hello eliminates the chance of hackers stealing your password to access your device, simply because you will no longer have a password to begin with!
Windows Passport also eliminates the use of passwords to access your online accounts. For now, Microsoft will work with the Azure Active Directory and has joined the FIDO alliance to subsequently support password replacement for other consumer, financial and security services. Windows will verify that you are truly the one using your device through a PIN or via Windows Hello, and then it will authenticate Windows Passport so you can log in to websites and services without ever using a password. Combined use of Windows Hello and Windows Passport would mean that a hacker would not only have to physically steal your device, but also kidnap you to access your accounts.
You will, of course, need hardware that is capable of infrared scanning your face or iris, or that has a built-in fingerprint reader to use Windows Hello. Microsoft has already confirmed that all OEM systems with Intel® RealSense™ 3D Camera (F200) will support Windows Hello’s facial unlock features.