Poor Sony. They are getting it from all directions these days. On Sunday, the PlayStation Network, the online store for games, movies, and TV shows, suffered a hacker attack and was knocked offline. Visitors to the store got a message that said, ‘Page Not Found! It’s not you. It’s the Internet’s fault.’ I just visited the page, and got this same message, so reports that it was up again, were at best, temporary – at least for some of us.
Sony tweeted yesterday that they were investigating.
We are aware that users are having issues connecting to PSN. Thanks for your patience as we investigate.
— Ask PlayStation (@AskPlayStation) December 8, 2014
A group called Lizard Squad, which was also involved in a hack of Xbox Live last week as well as previous attacks on EA Games and Destiny, claimed responsibility for the attack.
During the Xbox hack, Lizard Squad promised that attacks would continue until Christmas.
This attack comes on the heels of news recently that Sony Pictures’ corporate network was infiltrated by cybercrooks which resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was speculated that North Korean hackers were behind the attack due to the upcoming release of the movie “The Interview,” which is about an attempted assassination of Kim Jong-Un. The North Korean government denied responsibility for the attack on Sunday. The attack has since been traced to a luxury hotel in Bangkok, and is being investigated.
The two attacks appear to be unrelated.
The FBI, along with the Department of Justice, announced a multinational effort on their website that has disrupted a botnet called GameOver Zeus. GameOver Zeus has infected millions of Internet users around the world and has stolen millions of dollars.
The UK’s National Crime Agency (NCA) has worked closely with the FBI to crack down on the GameOver Zeus botnet. The NCA has given infected users a two week window to get rid of the malware and those lucky enough to have thus far been spared, the opportunity to safeguard themselves against future attacks. The two week window is an estimation on how long it will take cybercriminals to build a new botnet. The FBI has stated on their website that GameOver’s botnet is different from earlier Zeus variants in that the command and control infrastructure communicates peer-to-peer, rather than from centralized servers. This means that any infected computer can communicate controls to other infected devices. If cybercriminals build a new botnet, which will likely happen, the new botnet can resurrect dormant infected machines and continue to infect new users while stealing financial and personal information from innocent victims.
Do you really have two weeks, and what should you do?
Who knows how long it may take for a new botnet to emerge; it could appear tomorrow or in two weeks. People should not take this threat lightly and should act immediately. Read more…
Back in the good ol’ days of Halloween, you only had to worry about your house getting egged or your big brother stealing the good candy. Halloween tricks have moved online, and along with any significant event or holiday, this spooky celebration marks an increase in malware. Cyber ghouls pull out their bag of tricks – rogue apps, scams, and email attachments, to name a few classics – all to get unsuspecting people to click on a link in order to steal credentials.
Here are a few tricks to be aware of:
Bad video links and rogue apps
In the weeks before Halloween, searches for holiday-related items like costumes and pumpkin carving increase. This example of a search for “Halloween costume make your own” came from Glen Newton of Wired’s Innovation Insights. He wrote,
The website that came up at the top of the list has a link to a video that promises to show you how to make one for under $15 in materials, requiring only basic sewing skills – just what you were looking for. You click, and there it is, but the video doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click.
You can guess what happens next. No, someone in a Ghostface is not looking in your window. Rather, when you click to download, a warning pops up that your PC is infected with multiple instances of malware. But don’t you already have virus protection? You immediately assume that it’s not working, plus you remember that you haven’t backed up your files in months (cue the Psycho music). Panic ensues.
The scan window…show(s) you third-party software that can remove the malware… Fortunately, it’s not a budget breaker: $39.95 for a year’s license. The web page includes graphics that show several certifications with which you’re unfamiliar, so you figure it must be safe.
Instead of finding out how to make a costume, you end up selling your soul to the devil. Well, not quite that bad – but you give personal information and your credit card number to buy a malware removal program. After the purchase is made, you still can’t access the video. Meanwhile, the personal information and credit card data you gave away is being sold to the highest bidder on underground crime webs, and your real antivirus has been disabled and replaced by malware that the crooks can use to control your computer. Talk about a Nightmare on Elm Street…
Read the whole article from Wired.
AVAST Tip: Only visit websites that are established and reputable, and keep your antivirus software updated. (And remember, vampires can only enter your house if you invite them!)
Some old-fashioned tricks that have made the jump from darkened parlors to cyberspace are virtual voodoo dolls, fortune-telling, psychic readings, and spell casting. There are good and respectable “intuitive consultants” (as some psychics prefer to be called) that are able to help others. For every good one, there are a plenty who con people to only get their money.
A typical M.O. of scammers is to use multiple sites with similar content. So if you see a site for Voodoo Queen Mumbo Gumbo who is offering a buy one spell, get one free, and you see 12 others with similar content, then forget about it.
“It’s a new twist on an old idea,” said Nicholas Little, legal director of the Center for Inquiry to the Toronto Sun yesterday. “It’s easy to hide your identity on the Internet, so people are willing to try scams online that they would never be willing to try in person.”
AVAST Tip: Never pay for a service or product that you are not sure of or you do not want. (A money-back guarantee for spell casting is not a good sign!)
AVAST is a proud champion of National Cyber Security Awareness Month (NCSAM) and supporter of the European Cyber Security Month (ECSM) recognized this October. The month begins with the awareness that no individual, company, or government is solely responsible for securing the internet – it is Our Shared Responsibility.
Individual computer users are the first line of defense in guarding against online risks. For this reason, online security requires our collective participation, requiring awareness and vigilance from every citizen, community, and country.
How can I do my part?
The Stop.Think.Connect.™ campaign is designed to help people practice safer online habits. Here are some basic steps everyone from kids to business owners should know to minimize the chances of becoming a victim of cybercrime:
- Set strong passwords, change them regularly, and don’t share them with anyone.
- Keep your operating system, browser, and other critical software optimized by installing updates. (AVAST has Free protection for PCs, Macs, and Android devices.)
- Maintain an open dialogue with your friends, family, and colleagues about Internet safety.
- Use privacy settings and limit the amount of personal information you post online.
- Be cautious about offers online – if it sounds too good to be true, it probably is.
During this month, we’ll talk more about cybersecurity with AVAST experts and share tips that you can adopt and share. For all the latest news, fun and contest information, please visit our blog often and follow us on Facebook, Twitter and Google+.
Question of the Week: I hear so much on the news about identify theft, scams and fake emails. How does a regular person with limited computer skills protect themselves?
Cybercriminals use a variety of tactics which can cause major inconvenience and hassle in your life – identity theft, financial fraud, stalking, bullying, hacking, email spoofing, information piracy and forgery, intellectual property crime, and more.
Many cybercrimes start with malware—short for “malicious software.” Malware is considered an annoying or hostile type of software intended for secretly accessing a computer without your knowledge or consent. It includes Trojans, worms, viruses, spyware, most rootkits, and other such unwanted intruders. Malware can be used to monitor your online activity, cause your device to crash damaging hardware, software or data in the process, and it can spread through networks of machines to infect others.
Where does malware come from?
Malware is most commonly delivered through the internet and by email messages. There are so many varieties that it can also come in through hacked webpages, game demos, music files, toolbars, software, free subscriptions, and other things you download from the web. Read more…
I’ve kept a NETWORKWORLD.com article open in my web browser for the last 9 days, hoping to have time to read it. Today I finally did read it, and it’s worth sharing. And, it was actually short enough that I could’ve read it 9 days ago.
Among the largest data breaches you’ll find: credit card companies, government agencies, utility companies, universities, and hospitals.
Read more here, initial data courtesy of Identity Theft Resource Center: http://www.networkworld.com/slideshow/52525
If your organization needs great network security, take a look at our new line of avast! Endpoint Protection.