New mobile apps, a live Wi-Fi hack, results of a global Wi-Fi experiment, a demonstration of mobile malware, and Avast mobile experts can all be found at Avast’s booth (hall 5 stand 5K29) at this year’s Mobile World Congress in Barcelona.
Open Wi-Fi Risks and Live Demonstration
Connecting to public Wi-Fi networks at airports, hotels, or cafes has become common practice for people around the world. Many users are, however, unaware that their sensitive data is visible to hackers if they don’t use protection. This data includes emails, messages, passwords and browsing history – information you don’t necessarily want the guy sipping the latte next to you at the cafe to see. Avast experts traveled to different cities across the U.S., as well as Europe and Asia, to find out how much information is openly shared via public Wi-Fi. They found that one-third of browsing traffic in New York City, San Francisco and Chicago is openly visible for hackers.
At the Congress, Avast will conduct a Wi-Fi hack demonstration. The demonstration will allow visitors to see, first hand, what a hacker can access if they don’t use protection. Participants can connect to Avast’s (password protected) Wi-Fi network to browse and send messages as they normally would when connected to open Wi-Fi. To demonstrate how this information would look through the eyes of a hacker, their activities will be displayed on a screen at the Avast stand.
Mobile Malware and Simplocker Demonstration
Mobile malware is often perceived as a myth, yet Avast currently has more than one million samples of mobile malware in its database. Avast recently discovered a new variant of the mobile ransomware, Simplocker, which will also be demonstrated during the Congress. Visitors can see how the malware disguises itself, behaves, and will learn how they can protect themselves.
Introducing Avast’s New Suite of Apps
Avast will be introducing a suite of new apps at this year’s Mobile World Congress, including productivity and security apps for Android and iOS. Avast GrimeFighter and Avast Battery Saver address two of the most common complaints for Android users: storage concerns and battery life. Avast GrimeFighter helps users free extra storage on their devices by identifying unimportant data for one-tap removal, while Avast Battery Saver extends battery life up to 24 hours by learning the user’s behavior and optimizing features to preserve battery power.
Avast SecureMe is a dual solution app that helps iOS users identify secure Wi-Fi connections and protect personal data while using public Wi-Fi connections.
Wi-Fi Security, a feature available in Avast SecureMe, and coming soon to Avast Mobile Security for Android, prevents users from falling victim to Domain Name Server (DNS) hijacking by exposing vulnerabilities in routers they want to connect to.
We look forward to meeting you!
If you are attending this year’s Mobile World Congress, feel free to stop by the Avast booth to speak with Avast experts, learn more results from Avast’s global Wi-Fi experiment, see Avast’s new mobile apps and participate in the Wi-Fi demonstration. If you aren’t attending, make sure to check our blog, follow us on Twitter and Instagram, and like us on Facebook for updates during the Congress!
Note to media: If you would like to set up a meeting with Avast, please email PR@avast.com.
Avast is the leader in the cyber security arms race.
There are others fighting the fight, but a 21.4% share makes Avast the leader in the antivirus vendor market as reported in OPSWAT’s quarterly market share report.
That’s good news for individuals and business owners concerned about protecting themselves from vulnerable networks, swiped passwords, pilfered finanical data, erased online identities, and stolen Social Security or national ID numbers. Opinions about the future of cyber-attacks range from doom and gloom to optimism about the steady progress in security, but the fact remains that in today’s world, we have to work around the Internet’s vulnerable design and motivated hackers challenging businesses and home users.
“Installing an antivirus product is the first, not last, step to having a safe and secure computer,” said OPSWAT’s Gears product manager, Adam Winn. “Avast’s popular antivirus and security products are helping to improve security for all. Creating accessible antivirus products for home users contributes to an overall improved security status for everyone, even businesses.”
The OPSWAT report contains the latest figures on antivirus market share and usage, as well as analysis of compromised devices. A disturbing finding from the report stated,
More than 90% of Windows PCs have not run an antivirus full system scan in the last 7 days. Of these, 15% hadn’t even had their antivirus definitions updated within the previous three days which might explain why over3% were found to be seriously infected.
“It’s reasonable to assume in an organization with 400 PCs, a full dozen are compromised,” said Winn as an illustration of the seriousness. “The interconnected state of computing has blurred the lines between home and business, especially with BYOD, remote working, and SaaS. For this reason, it’s in everyone’s best interest that traditional antivirus protection continues to be in place to deter casual and commodity attacks.”
A lack of regular updates and full system scanning is especially problematic. Organizations without robust endpoint management and solutions in place to identify and remediate these risks are giving insecure devices access to their networks and could find themselves in violation of data security regulations.
The data for the report was collected by OPSWAT GEARS, a free device security and management tool. You can add your computer to the sample if you don’t mind them collecting information regarding the applications installed on your computer. Check it out here, https://www.opswatgears.com/
It’s European #DataProtection day! Every day we visit websites and willingly hand over our name, address, and credit card number. Have you ever thought about what happens to that data or what your rights are?
Members of the European Union (EU) enjoy a high standard of protection of their personal data. The Digital Agenda for Europe lays it all out for you on their website. Here’s a summary:
The burden to protect you is on organizations
The EU Data Protection Directive ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organizations that collect and manage your personal information must also protect it from misuse and respect certain rights. One of the objectives is that organizations notify their customers, in plain language, what information is collected and how it is used as well as get permission before using any personal information.
One of the stumbling blocks has been the so-called one-stop-shop for businesses and citizens in each member state in which authorities will handle citizens’ complaints about any breach of the rules. There are just as many ideas on how to run it as there are EU member states.
You must be notified of cookies and data breaches
The Directive on Privacy and Electronic communications (ePrivacy Directive) ensures that all communications over public networks maintain a high level of privacy. For example, this directive requires website owners marketing online to EU citizens to obtain consent from users, via some kind of opt-in, before implementing cookies or other technologies to capture online visitor information. (See below for information on managing your cookies.)
If your data is stolen, the ePrivacy Directive states that you should be notified. That’s good because data theft can result in identity theft or fraud, damage to your reputation, loss of control over your personal data or a loss of confidentiality.
However, this fall, the rules changed slightly and now businesses don’t have to notify consumers that their personal data has been lost or stolen if the data has been encrypted. The ministers figure that the business has “appropriate technological protection measures” to protect the data that has been lost or stolen from being accessed by people not authorized to see it.
Viewing and managing your cookies
For those of you not familiar with the term, cookies are small files stored in your browser that contain information about your visit to a web page. They help tailor your online shopping experiences by doing things such as recording items in your shopping cart, they also recommend products based on your interests, allow auto-log in and compile browsing histories.
In most modern browsers, you can control cookie settings. The options include viewing stored cookies, controlling which sites you accept cookies from, and setting how long they may be stored and used.
- 1. Open the drop-down menu in the top right corner of the Chrome browser, select Settings.
- 2. At the bottom of the page, click Show advanced settings.
- 3. In the Privacy section, open the button that says Content settings.
- 4. Under Cookies, you check or uncheck the options to manage the settings.
- 5. To see individual cookies, click All cookies and site data.
- 6. To remove cookies, hover the mouse over the entry. Click the X to delete.
- 7. To delete all cookies, click Remove all.
For instructions to clear cookies in Firefox, please visit Mozilla’s support page.
For instructions on clearing and managing cookies in Internet Explorer, please search Microsoft help for your version of IE. Here’s general information.
Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.
Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.
Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.
To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:
- If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
- Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
- Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
- Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
- Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
- Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.
Make Avast quiet when you are playing games or giving presentations.
We know you love Avast, but when you are giving a presentation to the big boss, or concentrating on playing an important game, it may not be the best time for a popup that says your computer is running slowly to appear. That’s why we made it easy for you to silence Avast.
Activate the Silent/gaming mode when don’t want to be interrupted. This will cause Avast to run in silent mode when a full-screen application is running. This means your games or other full-screen applications will not be interrupted with annoying popups or other messages.
Turn this mode on quickly by clicking on the orange Avast icon located in your computer’s system tray. Right-click on the Avast icon and a short menu will appear. Click on Silent/gaming mode to turn it on.
You can also access this option within the main user interface. Go to Settings>General and check the box for Silent/gaming mode. This will disable messages, popups, and alerts in Avast.
Turn off sounds
Silence notifications: Open the Avast user interface. Click Settings>General>Sounds and uncheck the Enable Avast sounds box. You can also uncheck the Voiceovers within the Sounds settings.
Choose the notifications you want to silence: Avast has six “events” that have notifications associated with them.. These events are Threat detected, Suspicious item detected (we suggest you keep these two on), Potentially unwanted program (PUP) detected, Scan complete, Automatic update, and Firewall query. You have the option to uncheck these boxes as well.
Turn off popups
Occasionally, we offer our users great products like GrimeFighter but we understand if you don’t need to see the notifications anymore. Our customers who have a paid-for version of Avast, have an option for you to turn those off completely. Read more…
The nightmare is back! Your security could be seriously compromised if you do not act now. Install and update your Avast for PC before is too late. The original version of CryptoWall was discovered in November 2013, but a new and improved variant of the CryptoWall ransomware starts to infect computers all over the world last days. It’s the CryptoWall 3.0. Some sources estimate that it has already infected over 700,000 computers up to version 2.0.
CryptoWall is a malware that encrypts certain files in your computer (and secure delete the original ones) and, once activated, demands a fine around $500 as a ransom to provide the decryption key. You’re asked to pay in digital Bitcoins in about 170 hours (almost a full week). After that period, the fee is raised to $1000.
You could be asking why haven’t the authorities blocked the financial funding of them? They use unique wallet ID for each victim into their own TOR anonymity servers. For the user to be able to pay the ransom, he needs to use a TOR-like connection called Web-to-TOR. Each TOR gateway redirects the victim to the same web page with the payment instructions. The commands and communication control is now done using Invisible Internet Project (I2P) instead of Tor.
Infection could reach you in various ways. The most common is as a phishing attack, but it also comes in email attachments and PDF files. The malware kit also abuses various vulnerabilities in unpatched – read non up-to-date – Flash, Java, browsers and other applications to drop the CryptoWall ransomware.
How Avast prevents the infection
1. Avast Antispam and antiphishing protection prevents some vectors distribution.
2. Virus signature block all known ransomwares versions. Remember that Avast automatic streaming updates releases hundreds of daily updates for virus definitions.
3. Community IQ intelligence and sensors of our more than 220 million users that detects malware behavior all over the world. See how it works in this YouTube video.
4. Keeping your software updated is another security measure that prevents the exploit of their vulnerabilities. Learn how Avast Software Updater can help you with this job.
What more can I do?
Avast also helps in prevention of this disaster through its Avast Backup that allows you to keep all your important files in a secure and encrypted way. We also recommend local backup, as the new malware could also attack other drives and even cloud storage. Did you know that Avast Backup also performs local copies of the files? You can enable it at Settings > Options > Local backup, and configure the backup location (better an external drive) and also versioning of the files. Remember to disconnect the external drive from the computer (and the network) to prevent infection of the backups by CryptoWall and further encryption of the files.
Only four and half minutes of your time, and you’ll know the highlights of Avast 2015.
Avast 2015 is very easy to use, and many people just install it and let it do its job silently in the background. We designed it that way, but for those of you who want to know more about the features of Avast, we created a video guide to help you get the most out of your security protection.
The core of Avast Antivirus is real-time active protection comprised of the Web, Mail, and File System Shields. These can be accessed from the user interface. Open Settings and go to Active protection.
Avast 2015 includes our new, unique Home Network Security (HSN) which scans for home router security problems. Avast is the only security company to offer a tool to help you secure this neglected area.
To save you time, Avast 2015 has an efficient 4-in-1 Smart Scan which combines scans for malware and HSN’s router vulnerabilities, missing software updates and patches with Software Updater, and performance issues with GrimeFighter. GrimeFighter requires a separate license to fully optimize your PC.
Your home router could be part of a network used to knock sites like Sony PlayStation network offline.
During Christmas we reported that a hacker group calling themselves the Lizard Squad, took responsibility for ruining the day for Sony PlayStation and Microsoft Xbox users by taking the gaming networks offline. This and previous attacks, which included a bomb threat directed at an American Airlines flight with Sony Entertainment president John Smedley on board, have been revealed to be a marketing campaign to advertise a new product available for rent to anyone who wants to cause a Denial-of-Service (DDoS) attack to the target of their choice.
I’m not a hacker. Why should I care?
You may not be a hacker, but the power for this service could be coming from your home office! Security blogger, Brian Krebs, whose own site was attacked, found out that the network of infected devices that powers the Product-That-Must-Not-Be-Named (that’s because Lizard Squad gleefully thanked Brian for the publicity on their Twitter account) is made up mostly of compromised home routers. On that same Twitter account, Lizard Squad said that they are using 250-500k infected routers.
These are the devices in everyone’s home that we warned you about in our blog, Your home network is at risk of cybersecurity attacks. Most people neglect the security of these devices by using the default user name and password that comes from the manufacturer out-of-the-box.
Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers,” said Avast Software’s CEO, Vincent Steckler.
Lizard Squad has just proven that point.
Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment, “ Steckler said. “The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”
How to protect your home router
Start by scanning you home network with Avast’s Home Network Security Solution.
Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.
The Home Network Security Solution is available in free and paid versions of Avast 2015. Get it at www.avast.com.
For more steps you can take to protect your home router, please see our blog post, 12 ways to boost your router’s security.
Yesterday, we looked at two hot areas to be aware of regarding your online security: Data breaches and mobile security. Today, we’ll look at two more areas that haven’t caused as much trouble or damage as the other two, but are likely to grow in importance.
Internet of (Every)Thing at risk
The “smart” home has been in the works for some time now, and this year, we’ll see more and more gadgets from household appliances to wearables like fitness bracelets to industrial equipment becoming connected to mobile devices and social networks. This proliferation of inter-connected things will open up a whole new glorious space for hackers to play in.
We predict that from now on, devices will increase by an order of magnitude (not too bold a prediction, huh?), and of course, that will result in greater privacy and security concerns. A breach in the Internet of Things (IoT) will give cybercrooks the ability to install malware or ransomware on private networks – not only consumer, but corporate and government – steal personal information, or even cause physical harm to a space or a person. But before you run around the yard yelling, “Skynet is falling, Skynet is falling”, cybercrooks will feel the space out probably starting with adware uploaded on our smart TVs.
What to keep your eye out for
- New technologies and businesses around the IoT including
- Increased demand for low cost bandwidth and processing
- Expansion of infrastructure that carries Wi-Fi traffic
- Start-ups focused on communication and sensors between devices, storage, data analytics
- Home and factory automation
- The rise of “fog” computing architectures, where data is closer to the source as opposed to residing in a data center somewhere
Room for improvement
- Keeping multiple smart devices updated with the latest version of this-and-that software. You think it’s hard now with a couple of devices? Wait until your house, body, garage, and workplace are full of smart gadgets.
- The fractured ecosystem will make it harder to identify threats or protect against security exploits.
- Home routers are still unsecure and people are using open, unencrypted Wi-Fi. Start by securing your own home router by scanning with Avast’s Home Network Security scan, then follow whatever suggestions are given.
Social media world
By now, social media users know that sharing too much personal information can give strangers access to their personal life. To illustrate that point on a national scale, Allstate Insurance, aired a series of commercials about what happened to a couple who shared on social networks that they were away from their home for the weekend. Read about it on our blog.
Last year, we saw new privacy settings introduced on social media, and 2015 will see a rise in anonymous interactions via social media.
Hoaxes and scams spread by email and social networks were successful in 2014, as they have been for years now, so we see no reason that occurrences will decrease. Social engineering can trick unwitting victims and the rate of identity theft will increase.
What to keep your eye out for
- Continuation of scams associated with important events like celebrity gossip or sporting events.
- Watching videos on Facebook equaled watching videos on YouTube at the end of 2014, so we can expect hackers to take advantage of this by hiding malicious links in Facebook videos.
- More fraudulent and malicious ads will appear on social networks.
- Ransomware made the jump from PC to mobile in 2014, and it will likely hit social networks.
Room for improvement
- Cut back on sharing too much on social media and through Internet of Things devices.
- Adjust privacy settings in each social network.
For a month now, I have been reading predictions for 2015. In the security field, something new and unexpected can always pop up – like the Point-of-Sale (PoS) breaches in early 2014 – but most likely what will happen is just a continuation, that is, a natural evolution, of what has already occurred.
So let’s take a look at some things that will probably happen this year and steps we can take to stay safer. Tomorrow, we’ll look at a few more.
Data breaches will continue
Data breaches made the news in 2014, and in 2015 we will continue to see security breaches of companies, irrespective of size or business sector. These breaches are often caused by software vulnerabilities, advances in data stealing malware, and as we have seen recently with the Sony breach, by states using cyber espionage against other states.
What to keep your eye out for
- Heartbleed and Shellshock were successful at using vulnerabilities in software that we depend upon. We expect to see more of the same in 2015.
- Increase in phishing and social engineering attacks on employees of big companies in order to break in.
- Health care organizations are at risk because many of them use outdated software and have rudimentary security. Plus, there is so much valuable data to be stolen like sensitive patient records.
- More revelations that governments and even companies are using cyber attacks against each other.
- Companies need to tighten up the security processes of their employees, vendors, and third party suppliers who have access to their systems.
- Companies need to adopt advanced threat solutions to secure their PoS networks from breaches.
- Enterprise breach detection methods need to be improved because cybercrooks will likely go after the bigger fish.
- Passwords are not adequate protection for our personal or financial accounts. Two-factor authentication will be adopted more widely, as will new methods like ultra-sonic sound.
- Consumers and companies should update from the old, vulnerable Windows XP.
Mobile is attractive to cybercrooks
Since our mobile phones are as powerful and can accomplish nearly all the things a regular computer can, that gives cybercrooks a relatively easy in-road to your private data and financial information. 2015 will see consumers becoming more aware of mobile security since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information. Read more…