The IT Nerd

ESET, a global leader in cybersecurity, recently announced the launch of Safer Kids Online, a new resource platform for kids, parents and educators dedicated to building a safer online environment for children across North America. The website and corresponding newsletter features blogs, vlogs, parental guidance and expert insight that helps children enjoy the full potential of the Internet in a secure digital world.

While the Internet can be a valuable resource for information and news and provide a vital connection to the outside world – especially as many children are now learning from home – it can expose children to cyberbullying, unsolicited attention and inappropriate or unsafe content. 

It can also expose children to identity theft. 

According to a 2018 study by Javelin Strategy & Research, more than one million children were the victims of identity theft in 2017, with two-thirds of those children under the age of eight and 20 per cent between the ages of eight and 12.

In addition to drawing on the knowledge of ESET’s cybersecurity professionals, the content on Safer Kids Online will be developed in consultation with child Internet safety experts and feature a variety of topics, including social media, cyberbullying, creating strong passwords, how to recognize malware and how to stay safe while gaming online. To find out more or to sign up for Safer Kids Online monthly newsletter, visit www.saferkidsonline.eset.com.

To further support its efforts to foster a safe Internet for kids, ESET has become a member of the Family Online Safety Institute (FOSI), an international, non-profit organization that brings together leaders in industry, government and non-profit sectors to collaborate and innovate new solutions and policies in the field of online safety.

For more information, visit www.saferkidsonline.eset.com

Black Friday and Cyber Monday create one of the biggest shopping weekends in Canada, but holiday shopping is going to look a bit different this year.

As Canadians from coast to coast continue to battle the ongoing pandemic, many are choosing to snag all the best deals from the comfort of their living rooms by shopping online.

But while staying home and shopping online will help limit the spread of COVID-19, it may make shoppers vulnerable to more risks if they don’t know the ins and outs of cybersecurity and how to protect themselves from online holiday scams.

That’s why cybersecurity firm ESET has put together the following tips to keep in mind when shopping online.

Keep it Familiar — There‘s an endless number of websites and ads out there in cyberspace wanting to sell you things. Never click on a pop-up ad or email, instead go directly to the weblink to see if the deals are real.

Read Reviews – It might sound strange, but if an item or site only has good reviews be wary. A legit retailer always has one or two bad reviews (which may or may not be justified). When only glowing reviews are available, they are likely fake.

Use third party payment options – Never pay for an online purchase with your debit card. Your debit card is directly linked to your bank account and often has no credit limit. If possible, try to use PayPal, Google Pay or Apple Pay when making those holiday purchases since they are not linked to any of your personal information.

Check out as Guest – Whenever possible, do not create an account with an online retailer. Instead check out as a guest. This saves you from sharing your data footprint with them. If they end up having a data breach, your data will not be available to be stolen.

Don’t store payment details – Don’t prioritize convenience over safety. If you use a retailer often, you may be tempted to save your credit card number for ease. But remember many major retailers have suffered data breaches in the past and there is no way to ensure that you will not become a victim. Another useful tip is to use a virtual credit card instead of your real one. The virtual credit card gives you a number that is tied to your credit card for short-term use and provides another layer of security.

If you have previously allowed a retailer to store your credit card number and you no longer want them to do so, you should contact them and ask for your card details to be deleted.

To add an extra layer of security, make sure to invest in antivirus software like ESET’s Internet Securitywhich is ideal for modern users concerned about their privacy, who actively use internet for shopping, banking, work and communication.

For more security tips, please visit welivesecurity.com

November 3, 2020 marks third anniversary of Antimalware Day, an annual campaign that honors the work done by researchers in the field of information security and in the broader technology industry. Antimalware Day aims to reinforce the importance of antimalware, so this year ESET is looking back at some of the most important malware types threatening internet users in 2020, to demonstrate how critical it is to continue the fight against malicious software.

The threat landscape has transformed rapidly in 2020, and we have seen a variety of new developments in malware. To gain an understanding of the threats facing internet users, ESET is taking a look at five malware types plaguing 2020, drawing on research from the year, including the recent Q3 2020 Threat Report:

1. Malicious torrents: In September, ESET announced that it had uncovered a previously undocumented malware family, which was subsequently named KryptoCibule. The malware uses cryptominers and clipboard hijacking to steal cryptocoins and exfiltrates cryptocurrency-related files.
2. Android threats: In terms of the Android threat landscape, malware in the ‘Hidden Apps’ category has dominated for three consecutive quarters in 2020. This threat consists of deceptive apps, commonly disguised as gaming or utility apps, which hide their icons after installation and display full-screen ads. 
3. IoT threats: Often designed with little to no security in mind, Internet of Things (IoT) devices are easy pickings for attackers. By infesting IoT devices with malicious bots, attackers can enslave them into botnets that can be leveraged for large-scale attacks.
4. Mac malware: In early 2020, the Kattana trading application for Mac computers was copied and trojanized, with cybercriminals inserting malware used to steal information such as browser cookies, cryptocurrency wallets and screen captures.
5. Malicious emails: Malware distributed via email surged in the third quarter of 2020. The most prevalent detection in 2020 is of a Microsoft Office exploit.

For more information on 2020 malware trends, check out the ESET Q3 2020 Threat Report, which summarizes key statistics from ESET detection systems and notable examples of ESET’s cybersecurity research. Make sure to follow ESET research on Twitter for the latest news from ESET Research.

ESET, a global leader in cybersecurity, has released its Q3 2020 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research – including previously unpublished ESET research updates. The report and its findings were exclusively presented during the “ESET European Cyber Security Day – Towards a Secure Post-COVID Future” virtual event.

After months of abusing the COVID-19 theme in their campaigns, cybercriminals appear to have returned to their usual tactics in the third quarter of 2020, the Q3 2020 Threat Report shows. An area where the risks remain particularly high, however, is remote work.

ESET telemetry showed further growth in attacks targeting Remote Desktop Protocol (RDP), which grew throughout H1. While the number of unique clients targeted rose by more than a third, the total number of attack attempts surged by 140%.

Other key trends observed in Q3 were the revival of cryptominers, Emotet returning to the scene after months of inactivity, and Android banking malware surging following the source code release of the notorious mobile banking trojan Cerberus. 

The ESET Q3 2020 Threat Report also reviews the most important findings and achievements by ESET researchers. Among many other findings, they uncovered more Wi‑Fi chips vulnerable to KrØØk-like bugs, exposed Mac malware bundled with a cryptocurrency trading application, discovered CDRThief targeting Linux VoIP softswitches, and delved into KryptoCibule, a triple threat in regard to cryptocurrencies.

The exclusive research presented in the Q3 2020 Threat Report includes campaigns leveraging malicious MAXScripts, the spread of Latin American banking trojans to Europe, new activity of the TA410 threat group and a look into the updated arsenal of the Gamaredon Group. 

Besides these findings, the report also recapitulates the many virtual talks held by ESET research specialists in Q3, introduces talks planned for the upcoming quarter and provides an overview of ESET’s contributions to the MITRE ATT&CK knowledge base. 

For more information, check out our ESET Threat Report Q3 2020 on WeLiveSecurity. 

A global partnership to disrupt the Trickbot botnet is already showing signs of significantly reducing cyberattacks aimed at swiping financial data and deploying ransomware.

In September 2020, ESET collaborated with partners Microsoft, Lumen’s Black Lotus Labs, NTT Ltd. and others to prevent businesses around the world from falling prey to Trickbot botnets – one of the top security threats currently prowling cyberspace on the hunt for victims. 

ESET telemetry shows Trickbot detection numbers have plummeted in tandem with the joint disruption effort. Compared to June 2020, Trickbot detections dropped by 7% in July, by nearly 32% in August and by nearly 36% in September.

“Trickbot has been a major nuisance for Internet users for far too long. It’s gratifying to be part of this effort to limit the damage inflicted by this malware and to make it safer for all of us online,” says Jean-Ian Boutin, Head of Threat Research at ESET. 

ESET first detected Trickbot in late 2016, and it has since been recognized as one of the most prevalent banking malware families across the globe. The botnet has infected more than one million computing devices around the world, targeting several different industries – including education, real estate and government – but the most frequently targeted seems to be the financial sector.

Trickbot is known to use phishing emails and other tactics to go after browser-stored passwords, Point-of-Sale systems, and cryptocurrency wallets, as well as banking, email and cryptocurrency exchange credentials. Trickbot’s modular architecture allows it to perform a vast array of malicious actions using a variety of plugins. It can steal all kinds of credentials from a compromised computer and, more recently, has been observed mostly as a delivery mechanism for more damaging attacks, such as ransomware.

While the threat global collaboration appears to have lessened the threat of Trickbot – at least temporarily – it’s still critical for businesses to maintain vigilance for other botnet attacks. ESET’s telemetry shows there has been a recent increase in activities by the botnet Emotet, a destructive Trojan malware spread primarily through spam emails.

Our Emotet detection numbers show an increase in attacks over the past few months. Compared to June 2020, Emotet detections increased by 64% in July, by more than 120% in August and more than 22% in September.

There are a few ways businesses can protect themselves from botnet operations:

• It is crucial to protect all endpoints with a security solution that has robust detection modules, such as ESET Endpoint Security.
• Businesses also need to ensure that their networks are always patched with the latest security updates to avoid falling victim to vulnerabilities that threat actors may exploit.
• Remote ports can provide an access point for hackers, so restrict access as far as possible – especially to remote desktop protocol (RDP) ports. 

To find out more about ESET’s efforts to disrupt the Trickbot botnet, read ESET takes part in global operation to disrupt Trickbot on WeLiveSecurity.

October is a month associated with many things, including stunning fall foliage displays and various celebrations.

Canadians from coast to coast have turned their attention to Thanksgiving preparations and Halloween costume planning. Yet, there is one more thing October is about, and it is by no means the ever-present smell of pumpkin spice. A subject that if overlooked can be far more terrifying than the ghastliest Freddy Krueger costume – cybersecurity.

Unfortunately, that is no exaggeration. With technology now being an integral part of everyday life and many tasks transitioning from the analog to the digital space, it is now more important than ever to protect our digital lives from continuously evolving cyber-threats. For cybercriminals, everybody is a potential target — government officials, celebrities, tech CEOs or the average citizen.

In an effort to help Canadians learn about the dangers of cyber crime, Canada has declared October and Cyber Security Awareness Month.

We are connected more than ever before, with Internet-enabled devices steadily becoming more integrated into our lives and homes with each passing day. We use voice assistants to help manage our daily activities, our smartphones are connected to our security cameras and smart doorbells as well as smart household appliances; you can now check if your washing machine has finished its cycle or if your dinner has been properly heated. You can use your smartphone to check the contents of your fridge while in the middle of the grocery store. Everything is available at the tap of a finger on your smartphone’s screen.

However, all of these marvels of technology also introduce a slew of potential risks and avenues for cyberattacks. But being aware of how these devices impact our lives and what risks they carry allows us to handle them more responsibly and take steps to mitigate those risks. It’s also worth noting that the current pandemic has changed how people work and even study, with technology shouldering the brunt of the transition of doing almost everything from home. The transition also introduces its own vulnerabilities of which people need to be aware.

By raising the collective awareness of these threats and vulnerabilities, initiatives such as Cyber Security Awareness Month is ensuring that everyone does their part and contributes to increased safety and security online. When everyone is responsible, and everyone does their part, it increases global cyber-immunity and reduces the risk of getting cyber-infected.

To raise awareness around October’s Cyber Security Awareness Month, ESET challenges Canadians to take its Phishing Derby Quiz.

This quiz will challenge your security expertise. The quicker and more accurately you respond, the higher your score will be.

Prizes for ESET’s Phishing Derby include:

• First Place: The top 25 contestants on the leaderboard are entered into a drawing to win a Microsoft Surface Laptop.
• Second Place: Those ranked from 26^th to 50^th place on the leaderboard, will be entered to win one of three Apple iPad Airs.
• Third Place: Everyone else will be entered into a drawing to win one of five Bose SoundLink BlueTooth Speakers.

Entries will be accepted from October 8 to November 5, 2020. Enter to Play

For more cybersecurity tips, please visit welivesecurity.com.

When it comes to coercing people into parting with their money, cybercriminals seem to have an endless bag of tricks, but one of their favourites is extortion.

It’s important to remember that blackmailers don’t just stick to one scheme but will employ multiple methods of extortion to try to force victims into doing their bidding – be it paying them a handsome sum or even performing tasks on their behalf.

Here is a list of five ways cybercriminals can try to extort you:

1. Ransomware

Ransomware is by far one of the best-known examples of extortion employed by hackers around the globe. The basic premise is that your device will be infested by ransomware using one of the various tactics hackers employ, such as duping you into clicking on a malicious link found in an email, posted on social media or shared with you through a direct instant message.

After the malware makes its way into your device, it will either encrypt your files and won’t allow you to access them or it will lock you out of your computer altogether, until you pay the ransom. Some ransomware groups have begun using a form of doxing, where they go through your files looking for sensitive information and threaten to release it unless you pay an additional fee. This could be considered a form of double extortion.

You should never pay when faced with ransomware, but you should check if a decryption tool has been released for the ransomware strain that has infested your device. For additional advice on protecting against ransomware attacks, you can check out our  excellent, in-depth article Ransomware: Expert advice on how to keep safe and secure.’

2. Hack and extort

The extortionist will infiltrate your device or online accounts, go through your files looking for any sensitive or valuable data, and steal it. Although it may echo ransomware in some respects, in this case, the breaking-and-entering of your device is done manually. The target then receives an email threatening to expose this data unless they pay up, listing examples for added effect.

To protect yourself, you should consider encrypting your data and adequately securing all your accounts using a strong passphrase, as well as activating two-factor authentication whenever it is available.

3. Sextortion

Sextortion relies on a threat of exposure of sexual material about the target. It can start as an apparent romantic dalliance through a dating platform, until the criminal gains their victim’s trust, convincing them to leave the platform for a regular messaging service. This is done to avoid triggering the security mechanisms dating apps use to detect potential scammers. Once off the dating platform, they will try to coax the target into sharing intimate photos or videos, which will then be used to blackmail the victim. Alternatively, hackers can opt for hacking a victim’s computer and hijack their webcam to secretly watch and even take salacious snapshots or voyeuristic videos of them.

Sending any kind of risqué photos to anyone is ill-advised, even someone you trust, since you can’t rule out that their devices or accounts won’t be compromised, and the sensitive photos leaked. Keep your devices patched and up-to-date as well as use a reputable security solution to mitigate the risks of being hacked.

4. Sextortion Scams

While not sextortion per se, scammers also like to engage in scams that consist of bluffing, rather than having any damning evidence, to scare you into paying. This scam isn’t very sophisticated and consists of an email accusing you of visiting a pornographic website, with the fraudsters claiming that they have both a screen-recording of the material you watched and a webcam recording of you while watching it. Unless you want them to release the material you have to pay up. A good spam filter can help protect you against this type of scam.

5. DDoS Extortion

Distributed denial of service attacks (DDoS) against businesses are not uncommon and are often deployed by cybercriminals to cripple their target’s ability to provide services. To boost their illegal income, they often offer their services on DDoS-for-hire marketplaces. During these attacks, cybercrooks use a large number of machines organized into a botnet  to flood a target with requests, which leads to their systems crumbling under the onslaught, effectively taking them offline. Attackers can keep this up for days at a time, which could mean hundreds of thousands of dollars lost in revenue for some businesses.

Setting up a firewall that will block access to all unauthorized IP addresses and registering with a DDoS mitigation service can protect you from DDoS extortion schemes.

For more cybersecurity tips, please visit welivesecurity.com.

As more companies embrace working from home as a long-term model, they need to take steps to protect themselves against a growing number of cybercriminals looking to exploit the expanding remote workforce.

ESET has launched a security solution – the ESET Remote Workforce Offer – to help small and medium-sized businesses (SMBs) prevent ransomware, zero-day attacks and other complex threats from undermining their IT infrastructure. 

Designed for companies with up to 250 staff working from home, the security bundle includes an advanced anti-virus endpoint solution, encryption and cloud sandboxing.

“Many SMBs have realized during the pandemic shutdown that they can continue to be productive and effective with their employees working from home, but it’s important not to allow network vulnerabilities to expose them to external threats,” says Cameron Leetham, Director of Sales and Partner Alliances, Canada for ESET.

Today’s cybersecurity landscape is constantly evolving with new attack methods and never-before-seen threats. Organizations are sometimes completely unaware that an attack has even taken place.

A cloud security sandbox product provides an additional layer of defense, outside a company’s network, to prevent ransomware from ever executing in a live environment.

ESET’s Dynamic Threat Defense uses three machine learning models to analyze suspect files, before running each sample in a cloud-based sandbox to simulate its behavior and trigger detection-evasion techniques. If anything malicious is detected, the technology moves to protect a company’s IT infrastructure.

To learn more about ESET’s Remote Workforce Offer, visit here.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption.

Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.

Last week, cybercriminals set their sights on the Canadian government when several government services were disabled following a series of cyberattacks.

On August 15, the Treasury Board Secretariat announced that approximately 11,000 online government services accounts, originating from the Government of Canada Key service (GCKey) and Canada Revenue Agency (CRA) accounts, had been victims of hacking attempts. The GCKey allows Canadians to access several Government of Canada online programs and services, including Employment Insurance services and Canada Emergency Response Benefit (CERB) payments, a support program for employees who have lost employment due to the pandemic.

On August 7, CRA noticed the first signs of credential-stuffing attacks on its website. Credential stuffingmeans criminals try to use previously stolen credentials to log into another account owned by the same victim. Unlike a brute-force attack, bad actors use previously stolen user/password combinations to access a third-party service.

The government estimates approximately 11,200 accounts have been hacked. Of these, approximately were 5,600 for the CRA and 9,000 for the KeyGC system. Of the CRA accounts affected, more than half were hacked using the GCKey access.

What can we do?

At this time, we don‘t have details about the types of data that the bad actors have accessed and whether all victims of these attacks have already been notified by the government yet.

However, since we are talking about credential-stuffing attacks, we can point out that people who usethe same credentials for multiple sites and programs are at risk of being victims of this type of attack. Various resources are available to help you find out if one of your accounts has ever been the victim of a data breach.

Even if you weren‘t a victim of cyber attackers this time around, it’s recommended to adopt better security habits now to avoid being a victim of the next attack.

First and foremost, we can never say it too much: never recycle a password. This is an easy and essential step to ensure the security of you and your data. In this case, the bad actors used previously stolen login/password combinations for their attacks.

• Use passwords – or better yet, passphrases – that are strong and unique for each of your accounts.
• You can use a reliable password manager to help you create and, above all, memorize strong and unique passwords.
• Enable multi-factor authentication, whenever it’s available, to add an extra layer of security to your accounts.
• Regularly check your personal records for anomalies, especially if you have been the victim of data theft.

For more information about cybersecurity, please visit welivesecurity.com

In today’s world, the Internet and digital applications is woven into every day life.

From our personal lives to our careers, our digital footprint has become a big piece of our identity. And while our online presence is important to us during life, it is often left for others to deal with after we pass away. 

“I, like many people, use the Internet as a daily part of life and in ways that cause my online and offline worlds to be entwined,” says Tony Anscombe, Chief Security Evangelist for ESET. “Recent events have provoked me into thinking about creating guidance while preparing my own digital world so that, if something unexpected happens to me, those that I leave behind will be less stressed when dealing with my digital legacy.”

The important elements of a digital footprint may include, but are not limited to; financial accounts, family photographs, music collections and playlists through to social media and email accounts. Some service providers may have a broad range of services: for example, Google could be providing email, photos and cloud storage, while Spotify may be storing your favorite playlists. Accessing the data or managing the online accounts could be important both short-term: to inform people about a situation, and long-term to ensure no important data needed by those you leave behind is lost.

The suggested actions below may not cover all services or accounts, but it should constitute a good starting point for making the preparations needed to ensure your data lives on, that loved ones can gain the access needed or your right to be forgotten is observed.

Assign a digital executor

Appoint a digital executor. It’s common practice to appoint an executor in a will, someone trusted who takes care of property, finances and assets and distributes them according to your wishes. Today’s world means you may also need a digital executor to take charge of and handle digital assets – deleting, converting, downloading and managing accounts and profiles. In the same way that you list important financial assets, you may wish to list digital assets and what your specific instructions are for each one, so that there is no confusion or disagreement among the people you leave behind.

Use a password manager

Using a password manager to create a single repository where account credentials are stored has the benefit of enabling extremely complex (and hence secure) passwords to be generated, since the need to remember them all is removed; all you need to remember is one single, very strong, password to unlock the password manager. It’s also a protection against keyloggers, as they cannot monitor something that is not being typed in. Some password managers include a variety of options including creating a family plan, a file vault providing each user a secure place to store important documents and information and a variety of options for password recovery should it be needed.

Alert service providers

Make sure your loved ones know what your wishes are regarding your social media.

·       Facebook — Facebook allows you to appoint a legacy contact; this gives the nominated person the ability to memorialize the account and post a final message. The legacy contact can also delete any unwanted tribute posts, remove tags, respond to friend requests, request account deletion and such like. Be cautious, though, for they can also see all posts you made even if marked as ‘Only Me’ in the privacy settings. The instructions to assign a legacy contact on Facebook can be found here. The other option is to request deletion of the account – note, though that once deleted, access can never be regained; the details to make a deletion request can be found here.

·       Instagram – Instagram does not allow you to appoint a legacy contact. The account can bememorialized or deleted with separate online forms needing to be completed and they include the need to provide proof of death, such as a death certificate. If the request is to delete the account, it needs to be made by an immediate family member who will need to provide proof of their relationship and their authority.

·       LinkedIn – LinkedIn provides the ability to remove an account by reporting it and providing documented evidence similar to that of Instagram.

“This is a delicate topic, especially during a pandemic, and I hope it prompts you to consider taking some action to make a plan, appoint a digital executor, preselect legacy and inactivity contacts or discuss with the family lawyer,” says Anscombe. “While it may be an awkward topic, a discussion directly with family members, close friends or colleagues may prove to be the most effective course of action. The important thing is to do something rather than to do nothing.” 

For more tips, please visit welivesecurity.com