Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

3 main cyberthreats to be on the lookout for during the holidays

26 views

Published on

While summer might be almost over, letting one’s guard down is still a risk – one we’re not willing to take. For this reason only, we’ve listed here the three main cyber-threats to be on lookout when you’re not being too carried away with the scenery.

Published in: Software
  • Be the first to comment

  • Be the first to like this

3 main cyberthreats to be on the lookout for during the holidays

  1. 1. 3 main cyber-threats to be on the lookout for during the holidays While summer might be almost over, letting one’s guard down is still a risk – one we’re not willing to take. For this reason only, we’ve listed here the three main cyber-threats to be on lookout when you’re not being too carried away with the scenery. 1. The dangers of public Wi-Fi Be it at the airport, in coffee shops or back at your hotel room, public Wi-Fi is a particularly tricky thing nowadays. For one thing, it’s free, which makes it the easiest and the most attractive option for tourists. But just because something’s convenient, doesn’t necessarily mean it’s also safe. Where there’s complimentary Wi-Fi, there’s probably a dozen hackers lurking around, looking for ways to compromise your computer. One such example is the DarkHotel hacker group, active for more than 10 years according to ZDNet. The latter is apparently dropping a very ingenious malware on luxury hotels and carefully handpicking its targets, which include political representatives and company executives. Dubbed Inexsmar, the cyber-attack is conducted in several stages: first the hotel’s Wi-Fi network is compromised (either by exploiting vulnerabilities in server software, or by getting physical access to the infrastructure), then users of interest are targeted using highly convincing phishing emails. A Word file that actually contains a Trojan payload is attached to the message, making it so that, once opened, the user is completely distracted from the malicious software that is currently downloading itself on the computer. One must note that this Trojan is more evolved than others since it does not send its payload all at once, managing to cover its tracks and remain undetected. Stay on the lookout for Inexsmar by being extra-careful with your emails while away from work. Social engineering is never on leave of absence. 2. The two-faced taxi app Uber has become increasingly popular and hackers are not shying away from the opportunity transportation apps present themselves with. While the Uber or other taxi apps haven’t been hacked per se, another Trojan malware is wreaking havoc on Android mobile by impersonating the interfaces of our favorite riding apps. Dubbed Faketoken, its end goal is to get its hands on your bank credentials. That being said, the first sign of infection is related to this very piece of information: if your app asks you to re-enter you card details, don’t! If you’ve been using the app for a while, it should already have this information. There are cases when a credit card expires and information must be re-intered, however we advise you to proceed with caution. While this is not the first time we’ve heard of the malware in question, Faketoken has definitely gotten more sophisticated as time has passed. According to security experts, the Trojan generally infects smartphones through bulk SMS messages with a prompt to download images. Sounds familiar? You’ve certainly received one of these weird text on your mobile before. Now, if you ignore it, nothing happens. Click on the link on all the Trojan will begin spying all that goes on on your phone. Once it detects an app whose interface it can mimic, Faketoken immediately overlays said application with its
  2. 2. 3. A PowerPoint laced with malware You know by now to never enable Macro in suspicious Word or Excel files, but what about other files? This is not a topic we’ve dwelled on before, but malware can also spread using PowerPoint presentations. If you’re like most folk, you probably enjoy getting a personalized holiday e-card, you know, those old-school PowerPoint shows that are sort of a guilty pleasure. Or maybe you’re just checking your work emails from time to time to keep in touch with important affairs. Either way, scammers have unfortunately seized this as an opportunity, sending out fake presentations filled with malware instead of holiday wishes or business briefings. This time however, hackers have gone one step further with the help of one PowerPoint trick that doesn’t even require the user to click on file in order for the infection to commence. Exploiting the CVE-2017-0199 vulnerability, the perpetrators rely on a completely new method that abuses PowerPoint Slide Show. To be clear, the malware is actually a banking Trojan designed to get remote access. It spreads via phishing campaigns containing a PowerPoint Show (.pps). It must be noted that these files differ from usual PowerPoint files (.ppt and .pptx) in a sense that they cannot be edited and require to be opened solely in presentation mode. Malicious links are carefully embedded in the PowerPoint slides and trigger the Trojan installation as soon as they sense any hovering or a mouse-over action. We’ll resist the urge to say ‘neat’ and prompt you instead to apply the same caution you’d apply to an Excel file received from a suspicious user. Link: https://www.reveelium.com/en/3-main-cyber-threats-to-be-on-the-lookout-for-during-the-holidays/

×