Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘hackers’
March 6th, 2015

Why you need to protect your small business from hackers

Avast Free Antivirus protects small and medium sized businesses for free.

IT pros have used Avast Free Antivirus at home for years. It’s not a huge leap to use free Avast for Business at their place of business.

Small and medium-sized businesses face a challenge when it comes to keeping their data secure. Many companies don’t have the budget to hire a Managed Service Provider (MSP) to take care of their IT needs, and often, they think they do not have enough knowledge or time to handle it themselves, therefore the path of least resistance is to not have any security at all. At the very best SMBs use a consumer version of antivirus software.

But these days, neither of those options is a good idea. Having no protection leaves you too vulnerable, and the problem with using a consumer product in a work environment is whoever is managing the network cannot look across all computers at once and implement policy changes or updates.

Do hackers really target small businesses?

The media coverage of big time data breaches like Target, Neiman Marcus, and Home Depot may have many SMB owners thinking that they are not at risk, but even small and medium-sized businesses need to make sure that their data and that of their customers is protected.

Here’s a statistic that should get your attention: One in five small businesses are a victim of cybercrime each year, according to the National Cyber Security Alliance. And of those, nearly 60% go out of business within six months after an attack. And if you need more convincing, a 2014 study of internet threats reported that 31% of businesses with fewer than 250 employees were targeted and attacked.

Why do hackers target small businesses?

Hackers like small businesses because many of them don’t have a security expert on staff, a security strategy in place, or even policies limiting the online activity of their employees. In other words, they are vulnerable.

Don’t forget that it was through a small service vendor that hackers gained access to Target’s network. Hackers may get your own customer’s data like personal records and banking credentials and your employee’s log in information, all the while targeting the bigger fish.

While hackers account for most of the data lost, there is also the chance of accidental exposure or intentional theft by an employee.

Avast for BusinessWhat can I do to protect my small business?

For mom-and-pop outfits, Avast for Business, a free business-grade security product designed especially for the small and medium-sized business owner, offers tremendous value. The management console is quite similar to our consumer products meaning that the interface is user-friendly but also powerful enough to manage multiple devices.

“Avast for Business is our answer to providing businesses from startup to maturity a tool for the best protection, and there’s no reason for even the smallest of companies not to use it, because it starts at a price everyone can afford, free,” said Luke Walling, GM and VP of SMB at Avast.

Some companies may still opt to pay for a MSP, and in many cases, especially for medical or legal organizations, handing over administration to a third-party may be a good way to go. Either way, our freemium SMB security can be used, and if you use a MSP then the savings can be passed on to you.

Is free good enough for a business?

Many IT professionals have been using free security on their home computers for years. It’s not such a huge leap of faith to consider the benefits of making the switch in their businesses as well.

“I have been using Avast since 2003 at home, with friends, with family. You really come to trust and know a product over the years. It lends itself to business use really well, nothing held back,” said Kyle Barker of Championship Networks, a Charlotte-area MSP.

How do I get Avast for Business?

Visit Avast for Business and sign up for it there.

Comments off
January 12th, 2015

Lizard Squad hackers use unsecured home routers in DDoS attacks

This Lizard is out to get your home router.

This Lizard is out to get your home router.

Your home router could be part of a network used to knock sites like Sony PlayStation network offline.

During Christmas we reported that a hacker group calling themselves the Lizard Squad, took responsibility for ruining the day for Sony PlayStation and Microsoft Xbox users by taking the gaming networks offline. This and previous attacks, which included a bomb threat directed at an American Airlines flight with Sony Entertainment president John Smedley on board, have been revealed to be a marketing campaign to advertise a new product available for rent to anyone who wants to cause a Denial-of-Service (DDoS) attack to the target of their choice.

I’m not a hacker. Why should I care?

You may not be a hacker, but the power for this service could be coming from your home office! Security blogger, Brian Krebs, whose own site was attacked, found out that the network of infected devices that powers the Product-That-Must-Not-Be-Named (that’s because Lizard Squad gleefully thanked Brian for the publicity on their Twitter account) is made up mostly of compromised home routers. On that same Twitter account, Lizard Squad said that they are using 250-500k infected routers.

These are the devices in everyone’s home that we warned you about in our blog, Your home network is at risk of cybersecurity attacks. Most people neglect the security of these devices by using the default user name and password that comes from the manufacturer out-of-the-box.

Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers,” said Avast Software’s CEO, Vincent Steckler.

Lizard Squad has just proven that point.

Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment, “ Steckler said. “The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”

How to protect your home router

Start by scanning you home network with Avast’s Home Network Security Solution.

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.

The Home Network Security Solution is available in free and paid versions of Avast 2015. Get it at www.avast.com.

For more steps you can take to protect your home router, please see our blog post, 12 ways to boost your router’s security.

December 26th, 2014

Hackers claim Christmas day outage of Sony PlayStation and Microsoft’s Xbox networks

PSN offlineEarlier this month, as the Sony Entertainment breach was making headlines, Sony’s PlayStation Network (PSN) was knocked offline due to an alleged hacking attack. On Christmas morning, just as kids everywhere were unwrapping their new PlayStation and Xboxes, the PSN and Microsoft’s Xbox Live network were both disrupted leading to speculation that they were once again hacked. A group calling themselves Lizard Squad claiming responsibility for the attacks via Twitter.

As of now, PlayStation is still offline and PSN is directing users to their @AskPlayStation Twitter account for updates.

Xbox Live Status reports that its core services are running, but there is limited access to apps for IGN, Maxim, and MLG.tv.

Related article: Sony PlayStation Network down due to hacker attack

Categories: General Tags: , , ,
December 8th, 2014

Sony PlayStation Network down due to hacker attack

Poor Sony. They are getting it from all directions these days.  On Sunday, the PlayStation Network, the online store for games, movies, and TV shows, suffered a hacker attack and was knocked offline. Visitors to the store got a message that said, ‘Page Not Found! It’s not you. It’s the Internet’s fault.’ I just visited the page, and got this same message, so reports that it was up again, were at best, temporary – at least for some of us.

Sony PSN hacked

Sony tweeted yesterday that they were investigating.

A group called Lizard Squad, which was also involved in a hack of Xbox Live last week as well as previous attacks on EA Games and Destiny, claimed responsibility for the attack.

During the Xbox hack, Lizard Squad promised that attacks would continue until Christmas.

This attack comes on the heels of news recently that Sony Pictures’ corporate network was infiltrated by cybercrooks which resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was speculated that North Korean hackers were behind the attack due to the upcoming release of the movie “The Interview,” which is about an attempted assassination of Kim Jong-Un. The North Korean government denied responsibility for the attack on Sunday. The attack has since been traced to a luxury hotel in Bangkok, and is being investigated.

The two attacks appear to be unrelated.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Categories: General Tags: , ,
Comments off
August 18th, 2014

A look into the future of mobile hacks

crystal ball 1

Mobile malware is maturing quicker than PC threats did.

Mobile malware analyst Filip Chytry looks into his crystal ball and predicts where cybercrooks are headed next.

The majority of mobile malware AVAST has in its database comes from unofficial app stores. As we wrote about in The Fine Line between Malicious and Innocent Apps, infiltrating official app markets like Google Play is rather difficult. Therefore, it is very likely that mobile malware authors will look for other ways to hack mobile devices, which contain a plethora of valuable and sensitive information.

App servers and base transceiver stations (BTS), which enable communication between mobile networks and devices, will most likely be targeted next by mobile hackers. Man-in-the-middle attacks via app servers mean that mobile hackers may redirect communication between mobile app users and the app’s server or infect app users’ by pushing malware onto user devices via the apps on their devices.

Mobile operators should be prepared for a BTS attack, as this may be possible in the near future. Not only would hackers be able to spread malware to mobile users via a BTS attack, but infected BTS could re-route all incoming mobile data.

Another possibility is that hackers could intercept communication between mobile users and app servers. Hackers could retrieve banking details if they intercept the communication between a user completing a transaction using a mobile banking app.

Mobile malware is in its infancy; at the moment comparable to a toddler. Mobile users, security providers, app markets, and mobile operators should brace themselves for the teenage version of mobile attacks.

AVAST will continue to be one step ahead of mobile malware authors, protecting avast! Mobile Security users from malware and other mobile security risks. Download avast! Mobile Security for free.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

August 7th, 2014

Russian hackers steal 1 billion passwords – now what?

Change your passwords every six months or after news of a breach

Change your passwords every six months or after news of a breach

Reports on “the biggest hack ever” recently surfaced. A Russian hacker group allegedly captured 1.2 billion unique username and password combinations.

With this latest security breach, AVAST encourages consumers to take necessary precautions. Change your passwords immediately and if you’re using the same password somewhere else, you must change it there, too. Choose complex passwords so it will be more difficult for hackers to de-encrypt them. In general, we recommend changing passwords every three to six months, or after news of a breach.

A password manager like avast! EasyPass helps encrypt and protect personal information online, with random, strong passwords. avast! Easy Pass generates complex passwords and removes the inconvenience of having to remember them.

If financial and credit card data is compromised in an online threat, AVAST advises users to monitor and check their accounts for unauthorized charges and to immediately report any suspicious activities to their bank or card provider.

Interested in reading more?

Try our articles on creating strong passwords:  Do you hate updating your passwords whenever there’s a new hack? and My password was stolen. What do I do now?

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

June 9th, 2014

Are hackers’ passwords stronger than regular passwords?

Hackers use weak passwords just like the rest of us.

librarian_dict_sm

Nearly two thousand passwords used by hackers were leaked this week, when I tried to decode a PHP shell without knowing the key. Because I did not know the exact content of the encoded file and searching the key could take me years, I chose a different approach. I decided to find out how strong passwords used by hackers are and create a dictionary. :)

Over the years of fighting malware, the avast! Virus Lab has gathered many samples of various back-doors, bots and shells. Some of them are protected with a password encoded in MD5, SHA1 or in plain text, so it was good way to start. I looked at 40,000 samples of hackers’ passwords and found that nearly 2,000 were unique and 1,255 of those were in plain text. Another 346 passwords were easily cracked from MD5 hashes, because they were shorter than 9 characters. That gave me a total of 1,601 passwords and 300 hashes. I created statistics from those words, and here are my findings.

1Passwords that nobody will guess

Percentage of characters used in hackers' passwords

About 10% of the passwords were beyond normal capabilities of guessing or cracking. Of those, I found words as long as 75 characters, probably generated by a computer. Some of them were in long sentence form mixed with special characters such as lol dont try cracking 12 char+. Too bad it was stored in plain text. ;)

There were also passwords that don’t use characters from an English keyboard. But there was still a 90% chance it could be a normal word, maybe with some number in it. No less than 9% of the passwords could be found in an English dictionary.

The table on the right shows which characters are used in hackers’ passwords. The first row means that 58% of passwords contained only lower-case alphabet characters a-z. Read more…

May 21st, 2014

eBay becomes victim of security breach

Auction giant eBay requests 128 million users to change their passwords after hack.

tweet ebay

In a blog post from the company, eBay Inc. said a cyberattack “compromised a database containing encrypted passwords and other non-financial data.” There is no evidence that the compromise resulted in users’ financial or credit card information being stolen, but the company is telling all users to change their passwords.

Users need to be alert even after their passwords have been changed. After a breach like this the risk that hackers will use their personal information to commit identity fraud and launch phishing attacks increases. As always, do not click on links in emails, or give personal information over the phone. If you need to discuss your account information, please contact eBay’s customer service by phone or via their website.

“The eBay breach is yet another password issue like Heartbleed. It is really important that people take this seriously, ” said Ondrej Vlcek, Chief Operating Officer of AVAST Software. “Data from our recent survey shows that nine out of ten people intended to change their passwords after Heartbleed, but only 40% took action. This careless attitude is completely irresponsible; people have to take the initiative to protect themselves.”

A password manager like avast! EasyPass helps encrypt and protect personal information online, with random, strong passwords. Learn about creating strong passwords by reading our blog, My password was stolen. What do I do now?

Two weeks ago, eBay discovered that cyberattackers broke into their corporate network through a small number of employee log in credentials. They revealed that the database was actually compromised in late February and early March, and included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.

Another eBay compromise yesterday

Yesterday in an unrelated attack, eBay’s UK and French advertisement network was compromised and showed fake Java and Flash updates. This malicious advertising replaced the visited page and an installer offered a Potentially Unwanted Program (PUP).  As of last night, they were working to resolve the issue. avast! Antivirus detected the compromise and alerted users.

“Third party ad networks are useful to attackers because the number of connections delays taking malicious content down,” explained Honza Zika, malware analyst in the avast! Virus Lab. “Instead of a normal ad, the attacker deploys a code that redirects to the attacker’s page. It’s designed to look like an official Flash or Java page, but installs unwanted toolbars, addons, extensions or other PUPs. avast! detected this and protected our users.”

Thanks to independent researcher Malekal for his work on this compromise. Read more on his blog.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , ,
February 24th, 2014

avast! SecureLine VPN protects you from the Apple Exploit

A major Apple security flaw allows cybercrooks and spies to grab personal information like email, credit card numbers, and other sensitive data. Apple confirmed researchers’ findings that the same SSL/TSL security flaw fixed with the latest iOS 7.0.2 update is also present in notebook and desktop machines running OS X.

Please apply the patches as advised in this post.

It is clear that we need constant protection to cover flaws that will always exist; flaws that we are not even aware of. Reuter‘s reported that

The bug has been present for months, according to researchers who tested earlier versions of Apple’s software. No one had publicly reported it before, which means that any knowledge of it was tightly held and that there is a chance it hadn’t been used.

But documents leaked by former U.S. intelligence contractor Edward Snowden showed agents boasting that they could break into any iPhone, and that hadn’t been public knowledge either.

It’s very public now, and that means the race is on between cybercrooks to exploit the flaw and Apple to fix it. You are exposed until the bugs are identified by the vendor, a patch is created, and it’s pushed out or you install it. Your vulnerability increases when you use public WiFi Hotspots.

Your best protection is constant protection

ios-vpn (1)

 

It’s precisely because we put ourselves at risk by using free WiFi, and we don’t know when the next security crisis is coming that we need constant protection. SecureLine VPN is that protection. Read more…

Categories: General, Mac Tags: , , , , , ,
February 8th, 2014

My password was stolen. What do I do now?

howto2_en

Update: The new eBay hack has customers changing passwords again. If you’re sick of changing your password every month after yet another breach, it’s time to consider a password management program like avast! Easy Pass.

The massive hack against Target, in which 40 million credit and debit card numbers were stolen, began with stolen login credentials from the air-conditioning repairman. This illustrates the old adage, “a chain is only as strong as its weakest link.”

While consumers can’t control why a third party contractor would have external network access at a major retailer, there are some things you can do to protect yourself.

How can I be notified if my email address or password was hacked?

Every two seconds in the US, someone becomes a victim of identity fraud. With 13.1 million victims last year and multiple companies (Facebook, Target, Neiman Marcus, Adobe) being exploited, there is a good chance you could be among them. You can use the have i been pwned notification service to learn if your email address was included in a large data breach. This service allows you to enter an email address and will notify you if your address appears in any databases added to the service. I learned that my email address was stolen from the Adobe breach, but thankfully, I haven’t been notified of anything else.

pwned

What’s your weakest link?

You can’t stop shopping, but there are things you can do (other than paying cash only) if you’ve become the victim of hacking.

  1. 1.  Change your passwords We’ve talked about it plenty of times, but here’s a reminder: Make passwords long and strong. Combine capital and lowercase letters with numbers and symbols to create a more secure password. eNcrYP0123tion$ is stronger than Encryption123. If you can’t remember different passwords for all the accounts you have, use a password manager like avast! EasyPass. Read more…
Comments off