McAfee Blogs https://www.mcafee.com/blogs Securing Tomorrow. Today. Tue, 18 Jan 2022 20:24:47 +0000 en-US hourly 1 https://wordpress.org/?v=5.6.3 https://www.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png McAfee Blogs https://www.mcafee.com/blogs 32 32 How to Protect Your Social Media Accounts https://www.mcafee.com/blogs/consumer-cyber-awareness/how-to-protect-your-social-media-accounts/ Tue, 18 Jan 2022 20:24:25 +0000 https://www.mcafee.com/blogs/?p=134239

Social media is part of our social fabric. So much so that nearly 50% of the global population are social...

The post How to Protect Your Social Media Accounts appeared first on McAfee Blogs.

]]>

Social media is part of our social fabric. So much so that nearly 50% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you can protect your social media accounts from hacks and attacks.

Beyond the sheer number of people who’re on social media, there’s also the amount of time we spend on it.  People worldwide spend an average of 145 minutes a day on social media. With users in the U.S. spending just over two hours on social media a day and users in the Philippines spending nearly four hours a day, that figure can vary widely. Yet it’s safe to say that a good portion of our day features time scrolling and thumbing through our social media feeds. 

Given how much we enjoy and rely on social media, now’s a fine time to give your social media settings and habits a closer look so that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there: 

1. Set strong, unique passwords

Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one. 

2. Go private

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy. 

3. Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests. 

4. Think twice before checking in

Nothing says “there’s nobody at home right now” like that post of you on vacation or sharing your location while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing photos and stories of your adventures once you’ve returned.  

5. The internet is forever

It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with “disappearing” messages and posts (like Snapchat), what you post can indeed be saved and shared again. It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post it. 

6. Watch out for phishing scams

We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messengers. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack. 

7. Also keep an eye out for scams of all kinds

Sadly, social media can also be a place where people pull a fast one. Get-rich-quick schemes, romance cons, and all kinds of imposters can set up shop in ads, posts, and even direct messages—typically designed to separate you from your personal information, money, or both. This is an entire topic to itself, and you can learn plenty more about quizzes and other identity theft scams to avoid on social media 

8. Review your tags

Some platforms such as Facebook allow users to review posts that are tagged with their profile names. Check your account settings and give yourself the highest degree of control over how and where your tags are used by others. This will help keep you aware of where you’re being mentioned by others and in what way. 

9. Protect yourself and your devices

Security software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must. 

10. Check your Protection Score and see how safe you are

Now you can point to a number that shows you just how safe you are with our Protection Score. It’s an industry first, and it works by taking stock of your overall security and grading it on a scale of 0 to 1,000. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance. This way, you’re always in the know about your security, privacy, and personal identity on social media and practically wherever else your travels take you online.

The post How to Protect Your Social Media Accounts appeared first on McAfee Blogs.

]]>
McAfee Wins Product of the Year for Best Online Protection https://www.mcafee.com/blogs/mcafee-news/mcafee-wins-product-of-the-year-for-best-online-protection/ Tue, 18 Jan 2022 18:01:37 +0000 https://www.mcafee.com/blogs/?p=134209

You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee...

The post McAfee Wins Product of the Year for Best Online Protection appeared first on McAfee Blogs.

]]>

You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee as its 2021 Product of the Year.

McAfee makes staying safe simple, and now this endorsement by an independent lab says we protect you best.

Over the course of 2021, AV-Comparatives subjected 17 different online protection products to a series of rigorous tests. Their labs investigated each product’s ability to protect against real-world Internet threats, such as thousands of emerging malicious programs and advanced targeted attacks, along with the ability to provide protection without slowing down the computer.

McAfee topped the field, taking home the award for AV-Comparatives’ Product of the Year thanks to our highest overall scores across the seven different testing periods throughout the year. McAfee further took a Gold Award for the Malware Protection Test, in addition to recognition for its clean, modern, and touch-friendly design and for the way that McAfee Firewall coordinates perfectly with Windows.

“We’re honored by the recognition,” says Chief Technology Officer, Steve Grobman. “The strong reputation that AV-Comparatives carries in the industry cements our place as a leader in online protection.” He goes on to say, “Our work continues. The internet is evolving to be integral to every part of our lives. This creates new opportunities for cyber criminals and drives the evolution of the threat landscape. McAfee is committed to staying one step ahead of these sophisticated threats, ensuring customers can safely utilize the full value of our online world.”

Read the full AV-Comparatives annual report and protect yourself and your family with the year’s top-rated antivirus. Give it a look for yourself with a free 30-day trial of McAfee Total Protection, which includes McAfee’s award-winning anti-malware technology plus identity monitoring, Secure VPN, and safe browsing for an all-in-one online protection.

The post McAfee Wins Product of the Year for Best Online Protection appeared first on McAfee Blogs.

]]>
Today’s Trends: Consumers Prioritize Protection Over Convenience https://www.mcafee.com/blogs/mcafee-news/todays-trends-consumers-prioritize-protection-over-convenience/ Fri, 14 Jan 2022 16:46:25 +0000 https://www.mcafee.com/blogs/?p=134179

People have made it clear. They’re feeling more exposed to online threats and want stronger protection. Our 2022 Trends Study...

The post Today’s Trends: Consumers Prioritize Protection Over Convenience appeared first on McAfee Blogs.

]]>

People have made it clear. They’re feeling more exposed to online threats and want stronger protection.

Our 2022 Trends Study puts figures to these feelings, saying that they believe the risks to their online privacy have increased over the past year. Moreover, 42% believe the risks to their personal and financial information have increased as well.

These findings come as more consumers shift their daily lives online, with greater use of internet banking, more investment in virtual assets, and a proliferation of online activities due to COVID-19. A lot more sensitive personal information is being stored and shared on the web, which is putting increased pressure on passwords and security measures.

As more sensitive personal information is being stored and shared on the web, people are showing a strong preference for increased security overall. For example, when asked to choose between connecting with others from anywhere to always being fully protected, the response was overwhelming in favor of strong protection (63%) over ease of connection (16%). The same sentiment extended to the workplace, where “work meetings that are guaranteed seamless” trailed significantly at 14% versus “meetings that are guaranteed secure” at (62%).

Curious as to what steps you can take to be safer online? A few tools along with a few good habits can go a long way toward keeping your privacy and identity secure.

1. Install and use online protection software: By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like steering you clear of malicious downloads and links, protecting your email from phishing attacks, and providing you with a digital shredder that can permanently remove sensitive documents from your computer (simply deleting them won’t do that alone).

2. Use a VPN: A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.

3. Improve your passwords and use multi-factor authentication (MFA): Strong, unique passwords for each of your accounts, updated regularly, offer a strong line of defense against attackers. While this may require a bit of effort, a password manager can do the work for you by securely creating and storing strong, unique passwords for you. Comprehensive online protection software will include a password manager as one of its many features. Additionally, MFA adds yet another layer of security by double-checking your identity beyond your username and password, usually with a text or email. If any of your accounts offer MFA, consider using it.

4. Monitor your accounts: Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.

5. Check your credit report: This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.

6. Consider using identity protection: In addition to checking your own credit report, an identity protection service provides yet deeper monitoring of your personal information. Identity protection such as ours monitors up to 60 different pieces of vital personal information and notifies you of potential misuse—up to ten months sooner than similar services. In addition to this around-the-clock monitoring, it also provides up to $1 million in coverage for lawyer fees, travel expenses, lost wages, and more.

 

The post Today’s Trends: Consumers Prioritize Protection Over Convenience appeared first on McAfee Blogs.

]]>
The Dark Web: A Definitive Guide https://www.mcafee.com/blogs/consumer-cyber-awareness/the-dark-web-a-definitive-guide/ Wed, 12 Jan 2022 02:24:55 +0000 https://www.mcafee.com/blogs/?p=134089

The internet has opened up wonderful new possibilities in our world, making life easier on many levels. You can pay...

The post The Dark Web: A Definitive Guide appeared first on McAfee Blogs.

]]>

The internet has opened up wonderful new possibilities in our world, making life easier on many levels. You can pay your bills, schedule your next family vacation, and order groceries with the click of a button. While the internet offers many positive benefits, it also has some negatives. Although not entirely used for illicit purposes, the dark web is one part of the internet that can be used by criminals for illegal purposes, like selling stolen personal information.

But just what is the dark web? Basically, it’s a part of the internet that isn’t indexed by search engines. As an average internet user, you won’t come across the dark web since you need a special browser to access it. It’s certainly not something you need to stress about in your day-to-day browsing, and you shouldn’t let it scare you off the internet. Unless you actively seek it out, you’ll likely never have any contact with the dark web in your lifetime.

A better understanding of what the dark web is and the possible threats it contains can help you protect yourself, though. This guide provides the essential information you need, explaining the different levels of the web and revealing how you can stay safe. With this knowledge, you can continue to browse online with confidence. Find out more below.

What is the dark web?

The “dark web” refers to websites that aren’t indexed by search engines like Google and Bing. This might seem strange since most people want their websites to be found through specific searches. Practices like search engine optimization (SEO) are specifically implemented to help websites perform well and rank higher in search engine results.

So, why would someone not want their website to be picked up by a search engine? The primary purpose is to preserve privacy and anonymity. The individuals and organizations on the dark web often engage in illegal activities and want to keep their identities hidden — something that is difficult to do with an indexed website.

It’s important to note that the dark web should not be confused with the deep web, which is a part of the internet individuals access regularly. Although the terms are sometimes used interchangeably, they actually refer to different things. Deep web content — which isn’t picked up by search engines, either — includes pages that typically require additional credentials to access. Your online banking accounts and email accounts, for instance, are examples of deep web content.

Different levels of the web

The internet is home to billions of websites — an estimated 1.7 billion to be exact, although that number changes every day as new sites are made and others are deleted. Your daily internet activity likely falls within the publicly available and readily accessible portion of the internet (otherwise known as the surface web). However, there are additional “levels” of the internet beyond that top level. Read on to learn more.

Surface web

The internet you use to search for more information is referred to as the surface web or open web. This is the readily visible part of the internet anyone can access with an internet connection and a normal web browser like Safari, Mozilla Firefox, or Google Chrome. Other terms for the surface web include the visible web, lightnet, or indexed web.

Examples of content you’ll find on the surface web include:

  • Open media websites and news sites like those affiliated with blogs, newspapers, magazines, and other publications. An example would be the home page of a newspaper like The New York Times or a media company like BuzzFeed.
  • Business websites for everything from major corporations to smaller local businesses. An example could be the website for a huge corporation like Bank of America or one for a smaller business like a local bakery.
  • Mainstream social media platforms like Facebook, Instagram, LinkedIn, and Twitter. Although you likely use these tools via an app, they all have dedicated websites.
  • E-commerce sites used for buying goods and services, like Amazon, Walmart, Target, apparel retailers, and beyond. Any company that sells products online can be considered an e-commerce site.

Basically, the sites you use daily — from your favorite news site to a local restaurant — are part of the surface web. What makes these websites part of the surface web is that they can be located via search queries and have recognizable endings like .com, .edu, .gov, or .org. You are able to find websites on the surface web because they are marked as “indexable,” meaning search engines can index and rank them. The sites are readily available on the search engine results pages (SERPs).

Interestingly, the surface web only makes up around 4% of the total internet, meaning the internet is a lot more than what you see on the surface. Think of it as an ocean — there’s the top layer of water you can see and then there’s the vast world beneath. The remainder of the internet is what’s below the surface.

Deep web

The deep web refers to any page on the internet that isn’t indexed by search engines as described above. The deep web is the first level beneath the “surface” of the visible web — and it’s significantly larger than the surface web, accounting for an estimated 96% to 99% of the entire internet.

It’s important to note that just because this type of content isn’t on the surface doesn’t mean it’s nefarious or has ill intent. A lot of the time, this content isn’t indexed because it includes pages that are meant to be hidden to protect consumer privacy, such as those that require login credentials.

Here are some examples of content on the deep web:

  • Fee-based content like news articles that are behind a paywall or membership-only content requiring login credentials are considered part of the deep web. For example, if you pay to access members-only content in a content creator’s fan club, you are using fee-based content.
  • Databases containing protected files that aren’t connected to other areas of the internet. These could be public or private files, like those from government entities or private educational institutions.
  • Intranets for educational institutions, corporate enterprises, and governments are used for exchanging and organizing internal information. Some of it is sensitive and not meant for public dissemination. Intranets usually require a login and are part of the deep web.
  • Secure storage platforms like Dropbox or Google Drive also require you to log in to upload and download files and photos. There are also proprietary data storage solutions used by companies that frequently handle sensitive data, such as law firms, financial institutions, and health care providers. An example might be a patient portal via a hospital or doctor’s office, where you can access your personal medical records.

Essentially, any webpage that requires a login is part of the deep web. That said, deep web content doesn’t necessarily have to fall into any of these categories. Any page that is non-indexable is technically also considered part of the deep web. It doesn’t have to require a login or contain sensitive data. Website creators and managers can mark pages as non-indexable if desired.

It’s worth noting that sometimes a single organization’s website will include elements of both the surface web and the deep web. Take a college or university website, for example. Most schools have a comprehensive website providing information about the school’s history, campus location, student body, available programs of study, extracurricular activities, and more.

However, many schools also have an intranet — sometimes linked from the main university page — that’s accessible only for students or staff. This is where students might sign up for classes and access their school email, for example. Since this is sensitive information and requires a unique login, it doesn’t need to be made publicly available via search engines.

In fact, it’s better in the interest of privacy that these pages aren’t readily visible. It helps to protect the user’s data. From this example, you can see that the “deep web” doesn’t have to be scary, illicit, or illegal. It serves a legitimate and useful purpose. You shouldn’t be afraid of the deep web. It’s further important to distinguish the deep web from the dark web — as the next section explains.

Dark web

As mentioned, the deep web and the dark web sometimes get confused. However, they are distinct. Technically, the dark web is a niche or subsection within the deep web. It consists of websites that aren’t indexable and can’t be readily found online via web search engines. However, the dark web is a carefully concealed portion of the deep web that people go out of their way to keep hidden.

What makes the dark web distinct from the broader deep web is the fact that dark web content can only be accessed via a special browser. The Tor network is often used to access the dark web.

Additionally, the dark web has a unique registry operator and uses security tools like encryption and firewalls, further making it inaccessible via traditional web browsers. Plus, the dark web relies on randomized network infrastructure, creating virtual traffic tunnels. All of these technical details serve to promote anonymity and protect dark web users’ privacy.

Is it illegal to browse the dark web?

The short answer is no, it’s not illegal to browse the dark web. In fact, there are instances where individuals can use it for good. Whistleblowers, for instance, can find the anonymity available through the dark web valuable when working with the FBI or another law enforcement organization.

That said, while it’s not illegal to browse the dark web, it’s also not completely void of criminal activity. Putting yourself in close proximity with illegal activities is rarely a good idea and could heighten your risk of being targeted by a criminal yourself. It’s often best to leave that part of the deep web alone.

There are also many technological threats on the dark web. Malicious software, also known as malware, is a critical concern and can affect unsuspecting users. Even simply browsing the dark web out of curiosity can expose you to such threats, like phishing malware or keyloggers. While an endpoint security program can identify such threats if they end up on your computer, it’s ideal to avoid them altogether.

Further, if you try to buy something on the dark web — even if it’s not illegal — there’s a chance you’ll be scammed. Dark web criminals use a variety of tricks to con people. For example, they may hold money in escrow but then shut down the e-commerce website and take off with the money. Due to the anonymous nature of the dark web, it’s very difficult for law enforcement to find such perpetrators.

How do criminals use the dark web?

Given its anonymous nature, the dark web clearly has an obvious appeal for cybercriminals. But just what do they use it for? The most obvious type of internet activity is the buying and selling of black market goods and services, from illegal drugs to illegal content. Cybercriminals may also run scams when selling such items, for example by taking a person’s money and not delivering the required product.

There are dark websites dedicated to the purchase and sale of illegal products or services (usually using untraceable cryptocurrencies like bitcoin) including:

  • Financial information like cloned credit cards with PIN, credit card details, online bank account logins, and more. People can then use these details to make legitimate purchases, negatively impacting your financial status and ruining your credit score in the process.
  • Account details for hacked accounts like email accounts, eBay accounts, social media accounts, streaming services, and more. For example, a person may buy a reputable eBay seller’s login details and then use their real account to make fake sales, pocketing the money and ruining the seller’s reputation in the process.
  • Personal data that can be used to steal someone’s identity, such as their name, address, Social Security number, and more. Identity theft is a serious problem that can negatively impact everything from your credit score to your private medical data.
  • Illegal services like people claiming to be able to fix credit scores for a fee. Many of these “services” are scams. They may also be law enforcement masquerading as criminals in an attempt to catch people who are up to no good.
  • Illegal goods like unregistered firearms and drugs. Law enforcement is increasingly cracking down on cybercriminals and the dark web.

Browsers like Tor, an open-source and free software, allow people to access dark websites where these goods are available, like a digital marketplace. These websites may look similar to any other surface or deep website you’d encounter. However, they differ in their domain suffix, ending in “.onion” instead of more obvious options like “.com” (Tor is actually short for The Onion Router, which is also where the term “onion routing” comes from — referring to anonymous communication on the dark web).

Onion sites often use scrambled names that make their URLs difficult to remember, minimizing the odds of being reported to authorities. It’s possible to search the dark web using specialized dark web search engines like Grams or link lists like The Hidden Wiki. However, these sources tend to be slow and unreliable, just like the dark web itself.

Some of this information can be extremely valuable on darknet forums. For example, while a Social Security number might go for $2, email credentials could sell for as much as $120,000. Hackers can make a lot of money and do so with less worry that they might get caught. Thanks to the Tor browser’s layers of encryption and IP scrambling, it’s difficult to track people down on this part of the web.

How to protect yourself online

Again, although the dark web isn’t inherently bad, you should still be proactive in preventing your personal information from falling into the wrong hands. Here are a few ways you can help keep you and your family safe online:

  • Protect your devices with passwords and antivirus software: One of the first lines of defense is to protect your devices. With passwords, ensure they’re unique and strong across accounts and keep them in one place, like a password manager. It’s also important to have antivirus software installed on your browsing devices to protect them from malware and other threats (you can even take this a step further by using a virtual private network or VPN).
  • Think before oversharing on social: Social media keeps us connected with our family and friends, but before you click “share,” make sure you’re not revealing any personal information like your home address or something else that could be compromising.
  • Sign up for a monitoring service: Whether it’s reviewing your credit report or an identity protection plan with 24/7 monitoring, additional trusted eyes on your accounts will help them stay protected.

Get a personalized protection plan today

The dark web might sound scary. The fact is, an everyday internet user like yourself likely won’t have any contact with this level of the internet. That said, it’s still important to take as many precautions as you can to keep your family and your technology safe.

McAfee provides everyday internet users with the tools they need to surf safely and confidently. Our award-winning antivirus software protects against threats like phishing, malware, and ransomware, and we also offer identity protection plans that come with a personalized Protection Score to check the health of your online information. Start browsing with confidence by using McAfee.

The post The Dark Web: A Definitive Guide appeared first on McAfee Blogs.

]]>
What to Do If Your Identity Has Been Stolen https://www.mcafee.com/blogs/consumer-cyber-awareness/what-to-do-if-your-identity-has-been-stolen/ Wed, 12 Jan 2022 02:13:39 +0000 https://www.mcafee.com/blogs/?p=134077

We live online these days, sharing everything from vacation pictures to what we eat for breakfast on the internet. The...

The post What to Do If Your Identity Has Been Stolen appeared first on McAfee Blogs.

]]>

We live online these days, sharing everything from vacation pictures to what we eat for breakfast on the internet. The internet is also useful for daily activities, like buying groceries or paying bills.

While it’s convenient to connect with people and complete tasks online, cybercriminals are eager to use the internet to steal financial or personal data for their personal gain — otherwise known as identity theft. This is a criminal act and can affect your credit score in a negative way and cost money to fix. It can also affect employment opportunities since some employers conduct a credit check on top of drug testing and a criminal history check. Identity theft victims may even experience an impact to their mental health as they work to resolve their case.

The good news is that being able to recognize the signs of identity theft means you can act quickly to intervene and minimize any effects in case it happens to you. You can also protect yourself by using preventive measures and engaging in smart online behavior. This article provides essential information about identity theft, giving you the tools you need to become an empowered internet user and live your best life online.

5 steps to take if your identity has been stolen

The internet is a great place to be, but identity thieves hope to catch you off-guard and seek access to your personal information for their benefit. This could include private details like your birth date, bank account information, Social Security number, home address, and more. With data like this, an individual can adopt your identity (or even create a fake identity using pieces of your personal profile) and apply for loans, credit cards, debit cards, and more.

You don’t have to be kept in the dark, though. There are several signs that your identity has been stolen, from a change in your credit score to receiving unfamiliar bills and debt collectors calling about unfamiliar new accounts. If you suspect that you’ve been affected by identity fraud, you can act fast to minimize what happens. Here’s what to do.

File a police report

Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you may need to get your bank or other financial institution to reverse fraudulent charges. An official report assures the bank that you have been affected by identity fraud and it’s not a scam.

Before going to the police, gather all the relevant information about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that could be related. For example, was your debit card recently lost or your email hacked? The police will want to know.

Notify the company where the fraud occurred

You should also notify any businesses linked to your identity theft case. Depending on the type of identity theft, this could include banks, credit card companies, medical offices, health insurers, e-commerce stores, and more. For example, if someone used your credit card to make purchases on Amazon, alert the retailer.

Medical identity theft is another good example. In this case, a fraudster may assume your identity to gain access to health care services, such as medical checkups, prescription drugs, or pricey medical devices like wheelchairs. If someone uses your health insurance to get prescription drugs from a pharmacy, for instance, make sure to alert the pharmacy and your insurer.

File a report with the Federal Trade Commission

The Federal Trade Commission (FTC) is a government body that protects consumer interests. You can report identity theft via their portal, IdentityTheft.gov. They’ll then use the details you provide to create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.

Ask credit reporting agencies to issue a fraud alert

A common consequence of identity theft is a dip in the victim’s credit score. For example, a cybercriminal may take out new lines of credit in the victim’s name, accrue credit card debt, and then not pay the balance. For this reason, contacting the credit monitoring bureaus is one of the most important steps to take in identity theft cases.

There are three main agencies: TransUnion, Equifax, and Experian. You can get a free credit report from each agency every 12 months via AnnualCreditReport.com. Check the report and note all fraudulent activity or false information and flag it with the relevant bureau’s fraud department. You should also initiate a fraud alert with each agency.

A fraud alert requires any creditors to verify your identity before opening a new line of credit. This adds an extra layer of security. An initial fraud alert lasts for 90 days. Once this expires, you can prolong your protection via an extended fraud alert, which will remain valid for seven years. You can notify one of the big three bureaus to set it up. They are then required to notify the other two bureaus.

A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others may want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer may check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze.

Change passwords to all of your accounts

Identity theft is often linked with leaked or hacked passwords. Even if you aren’t sure whether your passwords have been compromised, it’s best to play it safe. Change passwords to any affected accounts. Make sure to use strong passwords with a mix of numbers, letters, and symbols. Further, if there’s a chance to activate two-factor authentication on your accounts, this can provide added protection going forward.

Is it possible to prevent identity theft?

Ideally, you’ll never become the victim of identity theft, but things can happen. Cybercriminals work hard, but you can stay one step ahead by taking a few preventative measures. These include:

  • Learn how to recognize common scams. ID theft comes in many forms, from email phishing scams to social media snooping, device hacking, and data breaches. Learn the signs of a scam. For example, phishing emails are often poorly written and frequently follow certain formats, like claiming that an account of yours has been suspended.
  • Activate fraud alerts. Most financial institutions provide alerts about suspected fraudulent transactions, sending you a notification via phone call, text, or email if they notice suspicious activity on your account. The bank may also freeze an account automatically until any potentially unauthorized charges are clarified and confirmed by the account owner.
  • Protect your devices with strong passwords. Your devices, including your phone, tablet, and laptop, should all be password-protected. In case one of your tech tools is stolen, it will be harder for fraudsters to gain access to your personal data. Set strong passwords with a mix of letters, numbers, and symbols. Make sure they don’t include information a person could figure out easily, like your home address or birthday.
  • Use different passwords for different accounts. Any online accounts you use, from your banking app to your email, should be password-protected. Follow the same rules for setting strong passwords, but don’t duplicate passwords. If a hacker cracks the code for one account, they can easily guess their way into your other accounts. A password manager can help you stay on top of your passwords by encrypting them and storing them safely for easy tracking. McAfee Identity Protection includes a password manager that can secure your account credentials across devices.
  • Protect your documents. Protect hard copies of sensitive documents, like your Social Security card and birth certificate, by keeping them locked away. Also, dispose of documents with personal data by shredding them. This ensures that dumpster divers can’t access your information. Documents to shred might include invoices, bank statements, medical records, canceled checks, and junk mail with your name, phone number, and address.
  • Don’t overshare on social media. Social media is a great way to connect with friends and family, but it can also be a goldmine for identity thieves. Avoid sharing details like your kids’ or pets’ names, which are often used in passwords. Sensitive information, like a home address or birthday, can also be used to build a fake identity. You may want to set your social media accounts to private in addition to limiting what you share.
  • Review your credit report. You have the right to one free copy of your credit report every 12 months, which you can request via AnnualCreditReport.com. This provides you with a report from each of the three major credit bureaus. Review the report, verifying personal information, account details, and public records (like bankruptcies or liens) to ensure there isn’t anything suspicious.
  • Follow the news. When major corporations are targeted by hackers, they’re required to alert affected consumers. These breaches are also often reported in the media. To take a more proactive approach, though, check out the McAfee blog, which reports on breaches. If a business you use has been affected, change your passwords.

You can further protect yourself with antivirus software like McAfee’s Total Protection plan. This can help protect your devices against spyware and viruses. You can also enhance your network security with a firewall and virtual private network (VPN). A firewall controls traffic on your internet network based on predefined security parameters, while a VPN hides your IP address and other personal data.

Sign up for a protection plan today

Don’t let concerns about identity fraud keep you from enjoying all the conveniences and perks the internet offers. McAfee’s identity theft protection services can help you stay connected while keeping you safe. Tailor your package to your household’s needs to get the safeguards you want, like ID theft coverage, VPN, and 24/7 monitoring. Our Total Protection plan also comes with $1 million in identity theft coverage to cover qualifying losses and hands-on support to help you reclaim your identity.

With McAfee by your side, you can stay online confidently.

The post What to Do If Your Identity Has Been Stolen appeared first on McAfee Blogs.

]]>
Protecting Your Privacy This Year https://www.mcafee.com/blogs/consumer-cyber-awareness/protecting-your-privacy-this-year/ Tue, 11 Jan 2022 03:12:43 +0000 https://www.mcafee.com/blogs/?p=133951

If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our...

The post Protecting Your Privacy This Year appeared first on McAfee Blogs.

]]>

If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. We have your back. And here’s why. 

In the U.S., reported cases of identity theft continue to rise. Comparing the first three quarters of 2020 to the first three quarters of 2021, we can see that the number of identity theft cases reported to the U.S. Federal Trade Commission (FTC)are up. Moreover, fraud connected with government documents and benefits has jumped by nearly 100,000 reported cases. Likewise, bank fraud saw a jump as well with a solid 30% increase. 

Figure-1-2021-FTC-Fraud-Reports-Q1-Q3
Figure-1-2021-FTC-Fraud-Reports-Q1-Q3

 

Figure 2- 2020 Fraud Reports, Q1-Q3
Figure 2- 2020 Fraud Reports, Q1-Q3

Likewise, compare 2021 to the same period in 2019 and the contrast is yet more striking: well over double the number of reports of identity theft. Also note the massive bump in fraud across the board as well—notably in government documents and benefits, which went from nearly 18,000 reported cases to more than a quarter-million cases. 

Figure 3- 2019 Fraud Reports, Q1-Q3
Figure 3- 2019 Fraud Reports, Q1-Q3

And that’s just what’s been reported in the U.S. Far more crime goes unreported, and it is estimated that the cost of identity theft and fraud goes well into the billions of dollars.

Yet behind each stat is a person, a family, and a household that dealt with anything from a financial headache to a major life event no thanks to identity theft and fraud. Accordingly, we’re seeing to it that each and every person has the tools to prevent this from happening to them.

Here’s a little bit about our approach. We looked at some of the key areas where people’s private information can be vulnerable and designed a tool that offers easy-to-use, intelligent protection for Windows, Android, and iOS devices, with a consistent feel on whichever device you’re using it.

Connect safely a VPN

Unsecured networks can leave us vulnerable, like when we use public Wi-Fi. What’s at issue is that a cybercriminal can potentially capture your login credentials and other personal information as you use a public network in a hotel, airport, coffee shop, library, and so forth.

So, we made sure to include a Virtual Private Network (VPN) to keep your information protected from prying eyes. It does this easily by detecting when you’re on a public network and automatically turning on on your VPN. The VPN then scrambles or encrypts, your data as it flows over the network. Unlike some VPNs that require advanced settings to shield your data, our app offers seamless security.

Dark Web Monitoring

Given that data breaches large and small continue to occur with more regularity than any of us would like, always-on monitoring of your private information is key.

Whether one of your personal accounts is hacked–or worse–another website somehow gets ahold of your data and subsequently gets breached, your data may end up on the dark web. This is where cybercriminals buy and sell information.

To detect these dangerous leaks, we included dark web monitoring, which alerts you if your log-in credentials have been exposed. It can even provide you with a link to the site that uses those credentials when the information is available. This allows you to swiftly reset your passwords, mitigating the risk.

Identity theft insurance and recovery support

Should the unfortunate happen to you, we have your back. In several ways.

Recovering from identity fraud or theft can be expensive. We’ll help relieve the burden with $1M coverage for lawyer fees, travel expenses, lost wages, and more. If money was stolen directly from a bank account, we’ll also reimburse up to $10,000 stolen funds.

No question about it, recovery can be time-consuming, confusing, and even frustrating. With that, we offer licensed recovery experts who can work with you any time, around the clock, all year long. These pros can use a limited power of attorney to do the heavy lifting for identity recovery, taking all necessary steps to repair identity and credit.

In all, we protect your time and your money as part of protecting your identity too.

New: Identity Protection Score

Knowing your safe and staying that way just got far simpler. With a colorful view, you can see exactly what your Identity Protection Score is at a glance, which compiles your overall levels of security, privacy, and identity theft protection. Better yet, if it spots gaps in your protection, it guides you through straightforward fixes that can make you safer than before.

It’s an industry first, and something we all deserve—the ability to clearly see exactly how secure you are and to quickly shore up your protection whenever it’s needed.

Ease of Use

Also on our list, we wanted to make personal protection easy to use and available across all your compatible devices. So, whether you’re out with just your phone, or at home working at your PC, you have access to your protection, and can even pick up where you left off on a different device.

It’s about enjoying the internet

Ultimately, that’s what any of us want—to enjoy the internet with confidence, knowing that whatever it is we’re doing online is secure.

The way we use the internet continues to evolve. After all, it wasn’t long ago that the idea of using a phone to see who’s at the front door may have seemed a bit odd. Let alone having a little chat with the speaker on your kitchen counter. Yet that’s where we are today. And as the internet evolves, so will we. The protection we offer will cover your increasingly connected life in whatever shape that takes.

No question about it. We’re committed to protecting you, your privacy, identity, and certainly your devices too—and making all of it simple.

Here’s to a happy and secure year!

 

The post Protecting Your Privacy This Year appeared first on McAfee Blogs.

]]>
The Feeling of Safety https://www.mcafee.com/blogs/consumer-cyber-awareness/the-feeling-of-safety/ Thu, 06 Jan 2022 14:04:39 +0000 https://www.mcafee.com/blogs/?p=133486

The internet’s greatest feat? Fundamentally shifting how we live. Once a revelation, it quickly set our long-standing beliefs about how...

The post The Feeling of Safety appeared first on McAfee Blogs.

]]>

The internet’s greatest feat? Fundamentally shifting how we live. Once a revelation, it quickly set our long-standing beliefs about how we work, play, and connect into a whole new context. 

Today, the shifts come fast. Video meetings once felt alien. Now, they’re part of our routine. We’ve gone from setting doctor’s appointments online to actually seeing the doctor online—and from family visits to seeing everyone in seconds on a screen.  

At McAfee, we’ve seen our share of shifts as well. Looking back across our thirty-plus years, we were among the first to deliver antivirus technology. First to create a biometric password manager. First to give people an intuitive Protection Score, and so much more. And we’re not stopping. We’re protecting people and their ever-changing lives. That means covering all your life online, from security to privacy to identity, in a way that adds to your confidence and enjoyment too. 

Confidence and enjoyment. Those two words mark our next shift in online protection. We’re bringing those feelings to life across the McAfee experience. And it’ll redefine the way you stay safe online.  

Safety has an unmistakable feeling. As we bring that feeling to online protection, you’ll see a remarkable evolution. It will look and act in bold new ways, guide you, reassure you, and most importantly, keep you safe. In all, it’s a new breed of online protection that’s helpful, even thoughtful, in the ways it looks out for you. 

And this evolution is already underway. You’ll find that feeling in everyday moments as we make them simpler, freer, and safer—such as paying your bills at a coffee shop, managing your family’s healthcare from your laptop, and booking flights to catch up with old friends. Across them all, our protection will have your back, and even offer guidance when needed, all while you do you—wherever your day takes you and no matter what “online” looks like next. 

There’s simply so much to see out there. And with us by your side, you’ll feel safe and stay that way. Life online will continue to surprise us. In the best of ways. And people have a right to enjoy every moment of it, confident that they’re safe and secure, in ways they can point to and feel.  

That’s our next big shift. Giving you the unmistakable feeling of safety. You deserve it. More than that, it’s your right. And we’re proud to bring it to you. 

The post The Feeling of Safety appeared first on McAfee Blogs.

]]>
Technical Analysis of CVE-2021-1732 https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/technical-analysis-of-cve-2021-1732/ Wed, 05 Jan 2022 20:47:12 +0000 https://www.mcafee.com/blogs/?p=133657

Introduction In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows...

The post Technical Analysis of CVE-2021-1732 appeared first on McAfee Blogs.

]]>

Introduction

In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows 10 x64.

The vulnerability, CVE-2021-1732, is a win32k window object type confusion leading to an OOB (out-of-bounds) write which can be used to create arbitrary memory read and write capabilities within the Windows kernel (local Elevation of Privilege (EoP)). Memory exploitation generally requires a read, write, and execute primitive to bypass modern exploit mitigations such as DEP, ASLR and CFG on hardened operating systems such as Windows 10. A data-only attack requires only a read and write primitive as it does not seek to execute malicious code in memory, but rather manipulates data structures used by the operating system to its advantage (i.e., to achieve elevated privileges).

Kernel exploits are usually the most sophisticated attack as they interact directly with the Windows kernel. When such attacks are successful, they are critical because they provide high privileges to the attacker, which can be used to increase the impact of the overall exploit chain. In this case the exploit is a Local Privilege Escalation (LPE) that targets 64-bit Windows 10 version 1909. The original sample discovered was compiled in May 2020 and reported to Microsoft in December 2020. While searching for additional findings we went through a public exploit published in March of 2021 by a researcher. Having this code publicly available may raise the potential for additional threat attackers. While we have not found clear evidence demonstrating malicious use of the proof-of-concept (POC), we did discover some variants being tested and uploaded to VirusTotal.

In this blog post, McAfee Advanced Threat Research (ATR) performed a deep dive into the analysis of the vulnerability, to identify the primitives for detection and protection. The exploit is novel in its use of a new win32k arbitrary kernel memory read primitive using the GetMenuBarInfo API, which to the best of our knowledge had not been previously known publicly.

CVE-2021-1732 Deep Dive

Exploitation of CVE-2021-1732 can be divided into six stages with the end goal of escalating a process’ privileges to System. The following diagram shows the stages.

Figure 1 – Six stages of CVE-2021-1732

Before we dive into the details, we must give some background to win32k exploitation primitives which are used in the exploitation of CVE-2021-1732.

Win32K Background

Win32k is a Graphical (GUI) component of the Microsoft Windows Subsystem, most of which exists in the kernel for performance reasons. It is used for graphical print of the Windows OS desktop. However, due to the win32k architecture, the kernel component of win32k still needs to be able to make calls to user mode through user-mode callback functions to facilitate window creation and management.

Kernel user-mode callbacks have been well researched as far back as 2008 and 2010, with a very comprehensive analysis in 2011 by Mandt. A win32k kernel function such as xxxCreateWindowEx will make a callback function such as xxxClientAllocWindowClassExtraBytes through the user process PEB KernelCallbackTable.

When the user-mode callback has completed, NtCallbackReturn executes and passes the expected return parameter back to the kernel. Due to the stateless nature of these callbacks, many vulnerabilities have been discovered related to the locking mechanisms on the objects leading to use-after-free (UAF) exploitation.

Win32k has been one of the most exploited components in the Windows kernel accounting for 63% of vulnerabilities from 2010 to 2018, due to its large attack surface of syscalls relative to ntdll syscalls. Win32k vulnerabilities are generally turned into data-only attacks using a read/write kernel primitive by using a desktop object known as a tagWND data structure.

There are two aspects to data-only attacks:

  1. Discovering a vulnerability.
  2. Leveraging existing or new read/write primitives using specific OS APIs on object fields such as tagWND.cbWndExtra.

The tagWND data structure has two fields which make it a prime target for reading/writing within kernel memory; tagWND.cbWndExtra and tagWND.ExtraBytes. When a window is created using CreateWindowEx, it is possible to request additional bytes of memory directly after the tagWND object in memory through the cbWndExtra field in the WNDCLASSEXA structure when registering the window class.

The number of extra bytes is controlled by the cbWndExtra field, and the allocated additional memory address is located at the ExtraBytes field. The read/write primitive is created as follows:

  1. Discover a vulnerability such as a UAF, which will allow you to write to a tagWND object in memory called WND0.
  2. Allocate another tagWND object called WND1 near the previously corrupted WND0 in memory.
  3. Overwrite WND0.cbWndExtra to a large value such as 0xFFFFFFF.
  4. Call an API such as SetWindowLongPtr on WND0 which will write OOB to fields within WND1.

Win32k kernel user-mode callbacks have been exploited many times by leveraging tagWND read/write capabilities within the Windows kernel for escalation of privileges such as CVE-2014-4113, CVE-2015-0057, MS15-061, CVE-2016-7255 and CVE-2019-0808.

Win32k Exploit Primitives

Several primitives have been observed in the CVE-2021-1732 exploit used by the attackers; additionally, it is worth mentioning that some of them are new and not previously seen in the wild.

Prior to Windows RS4 it was trivial to leak tagWND kernel addresses using multiple techniques, such as calling HMValidateHandle to copy tagWND objects from the kernel to user desktop heap. The latest version of Windows 10 has been hardened against such trivial techniques.

However, using the spmenu kernel address leak technique and relative tagWND desktop heap offsets, once a vulnerability is discovered to overwrite a tagWND.cbWndExtra field, it is possible to achieve kernel read/write capabilities without leaking the actual tagWND kernel addresses. The spmenu technique in this exploit was used here and here, but we are not aware of the GetMenuBarInfo API ever being used before in a win32k exploit.

The following diagram shows the primitives used in CVE-2021-1732.

Figure 2 – CVE-2021-1732 Primitives

Existing Windows OS Mitigations

Great work has been done to harden the security of win32k against EoP attacks with new and improved mitigations by the Microsoft OSR team, Mandt, Google Project Zero, Schenk and Dabah.  These mitigations include:

  1. Type isolation (all same type objects tagWND being used).
  2. Win32k filtering (limited to Edge browser and not process wide but since this research there have been many improvements on win32k API filtering capabilities such as the addition of _stub_UserSetWindowLong and _stub_UserSetWindowLongPtr _stub_UserGetMenuBarInfo in win32k.sys).
  3. Fragmenting kernel desktop heap and removal of kernel addresses in the user desktop heap (can use relative offsets within user and desktop heaps described later in the blog).
  4. Removal of data type symbols from win32k drivers (obfuscation rather than mitigation).

In the context of a malicious process exploiting CVE-2021-1732, the above mitigations provide no protection. However, it does not impact Google Chrome as it disallows win32k calls (Windows 8 and higher), or Microsoft Edge as it applies win32k filtering on the relevant APIs.

Triggering the Vulnerability and Patch Analysis

When a window is created using CreateWindowEx API, a tagWND object is created by the Windows operating system. This window, as explained above, can be created with a parameter to allocate extra memory using cbWndExtra.

During the windows creation process (CreateWindowEx API) a callback named xxxClientAllocWindowClassExtraBytes is triggered to allocate space in the user mode desktop heap for the tagWND.ExtraBytes (offset 0x128) per the tagWND.cbWndExtra (offset 0xc8) value size (see figure 3 and 4 below for WND1).

Figure 3 – WND1 Kernel tagWND – User mode copy located at offset 0x28
Figure 4 – WND1 User Mode tagWND

The location of this memory is stored as a user mode memory pointer to the desktop heap and placed at tagWND.ExtraBytes. It is then possible to convert the normal window to a console window using NtUserConsoleControl which will convert that user mode pointer at tagWND.ExtraBytes to an offset value which points into the kernel desktop heap (see figure 5 below for WND0). It is this change in value at tagWND.ExtraBytes (window type confusion) that can be exploited for an OOB write during the xxxClientAllocWindowClassExtraBytes callback window.

Figure 5 – WND0 User Mode tagWND
Figure 6 – Triggering the type confusion vulnerability within win32kfull!xxxCreateWindowEx

Per figure 6 above the following steps are required to trigger the vulnerability:

  1. Get a pointer to the HMValidateHandle inline function within user32.dll.
  2. Hook xxxClientAllocWindowClassExtraBytes within the PEB KernelCallBack table.
  3. Create multiple windows (we will just use the first two WND0 and WND1 created), using the CreateWindowEx API, so that two windows are created in close memory proximity.
  4. Call HMValidateHandle on WND0 and WND1 which will copy their objects from the kernel desktop heap to user desktop heap. At tagWND+0x8 an offset is stored into the desktop heap; this offset is the same for the user and kernel desktop heaps. The exploit uses these offset values to calculate the relative distance between WND0 and WND1 in the kernel desktop heap which is needed later for reading and writing OOB. Per table 1 below, by using these offsets there is no requirement to leak the actual WND0 and WND1 kernel addresses since read and writes can be done relative to the offsets (user and kernel desktop heaps have the same offsets).
Table 1 – User and Kernel Desktop heaps have the same offsets

5. WND0 is then converted to a console window by calling NtUserConsoleControl which converts WND0.ExtraBytes from a user desktop heap pointer to an offset within the kernel desktop heap. This is needed later so that WND0 can write OOB to WND1.

6. Create malicious window WND_Malicious using the CreateWindowEx API

    • During the window creation the callback xxxClientAllocWindowClassExtraBytes API is executed to request user mode to allocate memory for WND_Malicious.cbWndExtra and pass the user desktop heap pointer back to the kernel function win32kfull!xxxCreateWindowEx.
    • xxxClientAllocWindowClassExtraBytes has now been hooked and we do the following before returning to win32kfull!xxxCreateWindowEx:
      • Call NtUserConsoleControl to convert WND_Malicious to a console window so converting its WND_Malicious.cbWndExtra from a user desktop heap pointer to an offset within the kernel desktop heap.
      • Finally call NtCallbackReturn which completes the callback and returns a single value to xxxClientAllocWindowClassExtraBytes. Instead of passing the user desktop heap pointer as expected by xxxClientAllocWindowClassExtraBytes back to the kernel we pass the value at WND0+0x08 which is the kernel desktop heap offset to WND0 per figure 7 below. Now anytime we call SetWindowLongW on WND_Malicious we will be writing to WND0.
Figure 7 – WND_Malicious

Patch Analysis

The vulnerability lies in the fact that win32kfull!xxxCreateWindowEx does not check whether the window type has changed between the time it initiates the xxxClientAllocWindowClassExtraBytes and gets the response from NtCallbackReturn.

When we call NtUserConsoleControl with WND_Malicious in the hook above, xxxConsoleControl checks if tagWND+0xE8 flag has been set to 0x800 to indicate a console window per figure  below. As WND_Malicious was created as a normal window, xxxConsoleControl allocates memory at an offset within the kernel desktop heap and then frees the user desktop heap pointer existing at WND_Malicious.ExtraBytes (0ffset 0x128). It then places the offset to this new allocation in the kernel heap at WND_Malicious.ExtraBytes (0ffset 0x128) and sets the tagWND+0xE8 flag to 0x800 to indicate it’s a console window.

After returning from the callback when we issued NtCallbackReturn above, xxxCreateWindowEx does not check that the window type has changed and places the WND0+0x08 at WND_Malicious.ExtraBytes per figure 9 below. The RedirectFieldpExtraBytes checks the WND_Malicious.ExtraBytes initialized value but it is too late as WND0+0x08 has already been written to WND_Malicious.ExtraBytes (offset 0x128).

Figure 9 – win32kfull!xxxCreateWindowEx (vulnerable version)

The patched win32kfull.sys has updated xxxCreateWindowEx to now check the ExtraBytes initialized value before writing the returned value from user mode to tagWND. ExtraBytes (offset 0x128) per figure 10 below.

Figure 10 – win32kfull!xxxCreateWindowEx (patched version)

Figure 11 below shows that tagWND. ExtraBytes is initialized to zero within xxxCreateWindowEx during normal window creation.

Figure 11 – tagWND. ExtraBytes initialization for normal window

Figure 12 below shows that tagWND. ExtraBytes is initialized to the new offset value in the kernel desktop heap within xxxConsoleControl during console window creation. RedirectFieldpExtraBytes simply checks this initialized value to determine if the window type has changed. In addition, Microsoft have also added telemetry for detecting changes to the window type flag in the patched version.

Figure 12 – tagWND. ExtraBytes initialization for console window

tagWND OOB Write

The vulnerability within the xxxCreateWindowEx API allowed the WND_Malicious.ExtraBytes field be to set to a value of WND0 offset within the kernel desktop heap. Now any time SetWindowLongW is called on WND_Malicious it will write to WND0. By supplying an offset of 0xc8, the function will overwrite the WND0.cbWndExtra field to a large value of 0XFFFFFFF per figures 13 and 14 below.

This means it can write beyond its tagWND structure and ExtraBytes in kernel memory to fields within WND1. In addition, WND0.ExtraBytes is also overwritten with the offset to itself so calls to SetWindowLongPtrA on WND0 will write to an offset in kernel desktop heap relative to the start of WND0.

Figure 13 – OOB Write from WND_Malicious to WND0
Figure 14 – WND0 cbWndExtra overwritten with 0xFFFFFFF by WND_Malicious OOB write

Kernel Address Leak

Now that the WND0.cbWndExtra field has been set to a very large value (0xFFFFFFF), anytime SetWindowLongPtrA is called on WND0 it will write into the adjacent WND1 in kernel memory per figure 15 below. By writing to specific fields in WND1 we can create a kernel address memory leak as follows:

  1. Write a value of 0x400000000000000 to WND1 style field to temporarily change it to a child window per figures 15 and 16 below.
  2. Calling SetWindowLongPtrA API on WND0 with a value of -12 (GWLP_ID) now allows the spmenu field (type tagMENU) of WND1 to be overwritten with a fake spmenu data structure since we have changed it to be a child window per figure 15 and 17 below.
  3. Per SetWindowLongPtrA API documentation, the return value will give us the original value at the offset overwritten, i.e., the spmenu data structure pointer which is a kernel memory address. So, we now have leaked a pointer to a spmenu (type tagMENU) data structure in kernel memory and replaced the pointer in WND1.spmenu with a fake spmenu data structure within user desktop heap per figure 17 below.
Figure 15 – OOB Write from WND0 to WND1 to Leak Kernel Address
Figure 16 – WND1 Style field before and after writing 0x4000000000000000
Figure 17 – spmenu kernel memory address pointer leaked and subsequently replaced by a user mode address pointing to a fake spmenu data structure

Kernel Arbitrary Read

Using the spmenu data structure kernel pointer leaked previously we can use the layout of this data structure and the GetMenuBarInfo API logic to turn it into an arbitrary kernel memory read per figures 18,19 and 20 below.

Figure 18 – Kernel Arbitrary Read using fake spmenu and GetMenuBarInfo
Figure 19 – Fake spmenu data structure in user desktop heap with original spmenu leaked kernel pointer at crafted location to enable arbitrary read using GetMenuBarInfo API
Figure 20 – WinDbg command to show location within spmneu data structure that is deferenced by xxGetMenuBarInfo

As you can see from the xxxGetMenuBarInfo function in figures 21 and 22 below, by placing our leaked kernel address at the right location in our fake spmenu data structure we can create an arbitrary kernel memory read when calling GetMenuBarInfo.

Figure 21 – win32kfull!xxxGetMenuBarInfo
Figure 22 – GetMenuBarInfo data structure populated return values per normal spmenu and fake spmenu (leaks kernel address)

Kernel Arbitrary Write

An arbitrary kernel write primitive can be easily achieved now by writing our destination address to WND1.ExtraBytes field by calling SetWindowLongPtrA on WND0 which will write OOB to WND1 relative to the offset we specify per figure 23 below

In this case the offset is 0x128 which is ExtraBytes. Then simply calling SetWindowLongPtrA on WND1 will write a specified value at the address placed in the WND1.ExtraBytes field. The arbitrary write is achieved because WND1 is a normal window (has not been converted to a console window like WND0 and WND_Malicious) and so will write to whatever address we place in WND1.ExtraBytes.

Figure 23– Kernel Arbitrary Write for What-Write-Where (WWW)

Data Only Attack

The arbitrary kernel read and write primitives can be combined to perform a data-only attack to overwrite a malicious process EPROCESS token with that of PID 4 which is System for an escalation of privilege (EoP).

The original spmenu kernel address leaked previously has a pointer to WND1 at offset 0x50 per figures 24 and 25 below. Through multiple arbitrary reads using the GetMenuBarInfo on our fake spmenu data structure with this WND1 kernel address we can eventually read the PID 4 System EPROCESS token.

Figure 24 – Combining fake spmenu with GetMenuBarInfo arbitrary read to get PID 4 token
Figure 25– Original spmenu with WND1 kernel address pointer at offset 0x50

By placing the destination address (malicious process EPROCESS token) at WND1.ExtraBytes then the subsequent call to SetWindowLongPtrA will write the value (PID 4 – System EPROCESS token) to that address per figures 26 and 27 below.

Figure 26 – EPROCESS Token swap
Figure 27 – Overwriting WND1.ExtraBytes with address of EPROCESS token

The exploit then restores overwritten data structure values once the EoP is complete to prevent a BSOD (Blue Screen of Death).

Conclusion

In this report, we undertook a deep analysis of CVE-2021-1732 which is a Local Privilege Escalation on Windows 10. Windows kernel data-only attacks are difficult to defend against, as once a vulnerability is discovered they use legitimate and trusted code through specific APIs to manipulate data structures in kernel memory.

The win32k component has been hardened through great work by Microsoft against read/write primitives, but there are still opportunities for exploitation due to its large attack surface (syscalls and callbacks) and lack of win32k filtering on a process-wide basis. It would also be great to see a system wide win32k filtering policy capability within Windows 10.

Patching is always the best solution for vulnerabilities, but a strong defense strategy such as threat hunting is also required where patching may not be possible, and to detect variants of vulnerabilities/exploits being used by campaigns.

The post Technical Analysis of CVE-2021-1732 appeared first on McAfee Blogs.

]]>
The Bug Report – December 2021 https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/the-bug-report-december-2021/ Wed, 05 Jan 2022 15:55:27 +0000 https://www.mcafee.com/blogs/?p=133480

Your Cybersecurity Comic Relief  Why am I here?  If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better,...

The post The Bug Report – December 2021 appeared first on McAfee Blogs.

]]>

Your Cybersecurity Comic Relief 

Why am I here? 

If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days. Feel free to pat yourself on the back, get yourself a nice cup of coffee, tea, LaCroix (you fancy!) or if you’d rather choose violence, you can go straight for the energy drink. And now that we are comfortable and energized, let’s get rolling!  

CVE-2021-43798: Grafana path traversal

What is it? 

Per its Wikipedia entry, Grafana is a multi-platform open-source analytics and interactive visualization web application that is widely used in the industry, with paying customers such as Bloomberg, eBay, PayPal, etc. It was revealed in early December that a path traversal vulnerability allowed an attacker to access local files due to an improper sanitization of “../../../” in its plugin path.  

It also showcases one of the tightest disclosure timelines known to man:  

Who cares? 

Ok, we can hardly blame you for hearing about ANY vulnerabilities except for Log4Shell in the last 30 days.  However, if your organization is using this software, you probably should have followed the disclosure last month, lest your “/etc/passwd” files are now known to the whole internet. Beyond that, there are two interesting points you can ponder while swirling your eggnog in its glass (side-rant on the disgustingness of eggnog redacted). Given how easy it is to exploit, the mere fact of the vendor fixing the bug via their public GitHub seems to have been enough to bring attention to it and get public working POCs for this vulnerability in less than 3 days following the fix. If you’re curious about how more mature open-source code bases deal with this risk, projects like Chromium rely on a separate bug tracking infrastructure that can restrict who can access the bug reports (that will spell out the security risks and test cases) combined with public commit messages with simple phrasing meant to avoid attracting the attention on the security commits.  

Another interesting tidbit, the root cause of this bug is the misuse of a Go API to sanitize paths as discussed in this Twitter thread. It turns out the filepath.Clean function used to sanitize the input processed by the vulnerable code only removes excessive “../../” if the path is absolute. This is a common case of an API behaving as expected but leading to dangerous consequences. Do you know for sure the codebase of your organization is free of these problems? The impact of unpatched vulnerabilities here could be the accessing or leaking of extremely sensitive data.  *pondering becomes frantic*  

What can I do? 

Obviously update the software if you’re using it, and you can also use Sigma rules to detect attack attempts. In an ideal world, your analytics platform should not be exposed to the wide internetunlike these 87k instances, among whose 16k are still vulnerable according to Shodan. At minimum make sure your Grafana instance is behind a .htaccess prompt or similar. From a development perspective, security testing and unit tests should be leveraged to ensure the filtering you are putting in place is working the way it is intended to. And in the grand scheme of things, if you are going to process untrusted user input, don’t wing the filtering and apply thoroughly audited code patterns rather than disabling the warnings of your security tool…  

 

The Gold standard 

Does the walker choose the path, or the path the walker?” may have mused Garth Nix in his novel Sabriel. One thing is certain though, the path described above won’t be “walked” nor traversed by an attacker for the McAfee Network Security Platform (NSP) customers. These lucky fellows are already protected against path traversal attacks via a generic rule and can even be bestowed further protection with the creation of “custom attack” rules.  

CVE 2021-44228: Log4Shell 

What is it? 

Who could have known that parsing—and sometimes even executing—untrusted input was a bad idea™? Well it turns out that Apache’s log4j logging code does exactly that, and if the logged string contains the magic characters $(jdni:…) it may even fetch and execute untrusted Java code. Iterations on this attack have also highlighted the possibility to leak local secrets stored in environment variables—such as AWS keys—and given the recursiveness of the processing, it also offers many ways to evade pattern-matching detection. 

Who cares? 

Pretty much everyone. You write Java and are into logging things? Yep, you should be on top of this. You use Java based applications/servlets? Well, there’s probably some logging of untrusted user input in there. Your corporate employer uses Java based appliances or services? Pour one for your SOC and IT folks who are probably having a blast over their holiday “break”. You get it, this problem impacts the whole industry, and in all likelihood, its effects will probably keep rippling out for the years to come. To make things worse, the bug is really easy to exploit. From pen testers to SOC analysts, “script-kiddies” to nation state actors, nearly everyone has begun to explore this attack vector and we have observed massive on-going attacks with a wide gamut of payloads, ranging from cryptominers to “rm -rf /* payloads and even a broken attempt to spread the Mirai worm. The worst is likely yet to come.  

What can I do? 

“Stranger Things” taught us that “You can’t spell America without Erica.” Similarly, you can’t spell Apache without Patch. Sort of.  Upgrade! Micro-patch. Monitor traffic. Hint: if you’re internal-only application suddenly makes LDAP requests towards a remote server in a country you have no operations in, maybe something fishy is going on…  

If you like chaos and and/or you are having a hard time convincing IT of the importance of this bug, get permission to demonstrate it for them! Then, set strings you can control (user-agent, twitter name, wifi SSID, …) to this $(jdni:ldap…) magic value and make it point to an IP:Port you control (or a third party service like Canarytoken if you trust them). If you detect hits on that address, you can start having a fun conversation about the necessity of upgrading their tech stack with the owners of the incoming addresses. This is where asking for permission first becomes extremely important, as if you indiscriminately put the magic string all over the places to see what happens (as you may have seen on various social media platforms), it’s likely that eventually someone will reach out to have a “fun” conversation with you and ask about that funky user-agent of yours. Obviously, before pulling a stunt like this consider that the last thing you want for Christmas is a CFAA (Computer Fraud and Abuse Act) complaint delivered right to your doorstep.  

The Gold standard 

McAfee Enterprise customers are protected from many different angles (for the specifics, please visit this Knowledge Base article):  

  • Expert Rules on Endpoint Security (ENS) can pick-up dangerous patterns in memory as described in this blog 
  • Endpoint Security (ENS), VirusScan Enterprise (VSE), McAfee Web Gateway (MWG) can provide generic detection under the tile Exploit-CVE-2021-44228.C via a “Potentially Unwanted Software” detection. This detection is also augmented by a list of hashes of samples related to in-the-wild campaigns exploiting this vulnerability.   
  • Network Security Platform (NSP) can also detect the attack via User-Defined signature (provided in the KB article linked previously) 
  • MVISION Endpoint Detection and Response (EDR), McAfee Active Response (MAR) can also be used to look for vulnerable systems with Real-Time Search (RTS) queries 
  • McAfee SIEM got an update (Exploit Content Pack version 4.1.0) that will raise an alarm on potential exploit attempts. MVISION Insights is also providing valuable information under the Threat Campaign “Log4Shell – A Log4j Vulnerability – CVE-2021-44228”. See Insight Preview. 

CVE-2021-43527: Big Sig 

What is it? 

Big Sig sounds like the nickname Freud’s mother gave him. This bug is no less compelling. Early this December, Google Project Zero blogged about a vulnerability they found in Mozilla’s Network Security Services (NSS) with a CVSS score of 9.8, according to NIST’s National vulnerability database page. There is a heap overflow in the processing of certain signatures (DER-encoded DSA and RSA-PSS signatures). To put it simply, the NSS is a collection of cryptographic libraries that enable developers to use safer/heavily tested implementations of cryptographic primitives and standards (for encryption of communication, verification of the authenticity of data, and so on). The feature where the bug was found is responsible for the verification of signatures that prove the authenticity of data using various public cryptography schemes. This type of function is typically used to sign emails or documents to confirm their actual authors. Something really interesting about this bug is its relative simplicity but also its long existence; according to Project Zero’s blog, this bug was exploitable going all the back to 2012. The vulnerable code path just happened to fall between the cracks where various fuzzers used by Mozilla overlap. 

Who cares? 

If you like your signatures to be verified, and rely on the NSS library to do so, you should definitely have a look at the advisory and use the latest version of the software (NSS version 3.73/3.681 ESR or later). Firefox seems unaffected, but other software that parses signatures might be impacted (Thunderbird, LibreOffice, Evolution, Evince and more).  

What can I do? 

As usual, you want to make sure any software you are using that might be vulnerable is updated to its latest version. The patch was released on December 1st so, for starters, you’d want to make sure potential vulnerable software received an update after this date. It would also help to know which software relies on this library; while there is no magic bullet, references to files such as nss3.dll on Windows or libnss3.so on Linux are a good starting point. Beyond that, the best call is to look at release notes and potential list of third-party libraries used in any given application you may use. If you use the vulnerable library in in your own product, update the code or backport the patch. 

The Gold standard 

Have you checked out our bulletins? They’re a great source of information for the critical vulnerabilities you may have missed! This may include applications that will be deploying fixes for CVE-2021-43527. 

The post The Bug Report – December 2021 appeared first on McAfee Blogs.

]]>
Welcome McAfee Forward—the Future of Online Protection Today https://www.mcafee.com/blogs/mcafee-news/welcome-mcafee-forward-the-future-of-online-protection-today/ Wed, 05 Jan 2022 14:02:16 +0000 https://www.mcafee.com/blogs/?p=133513

With digital life-changing so rapidly, it’s time for a new way to protect it. Welcome to McAfee Forward—the future of...

The post Welcome McAfee Forward—the Future of Online Protection Today appeared first on McAfee Blogs.

]]>

With digital life-changing so rapidly, it’s time for a new way to protect it. Welcome to McAfee Forward—the future of online protection today. 

As all that change reshapes how we spend our time online, we believe that one thing remains constant: meaningful protection is a personal right. Your right. That’s how we see it here at McAfee, and we want you to go forward and enjoy your digital life with confidence. Confident that you’re safe as you bank and shop online, sure. Yet also confident as you consult your doctor online, track your fitness routines, order a pizza with the sound of your voice, start your car with your smartphone, and simply do what’s next—the umpteen other innovations yet imagined, all thanks to the internet.  

So what does the future of online protection look like? You. While different technologies may come and go, the one thing that won’t change is you. The person using them. That’s why our focus is on you, your privacy, identity, and overall security, no matter what device, app, or platform you’re doing or what you’re doing it on. 

No doubt about it, life online will continue to change how we go about our day in lively and unexpected ways. You have a right to enjoy it all. And you can leave that to us. We thrive on what’s new and different—and then protecting it so you can get the most out of it.  

That future of online protection is indeed here today. We’ve already rolled out major updates and industry firsts that look out for you online, particularly your privacy and identity. There’s much more to come in the weeks and months ahead. Because you have a right to a life that’s always safe and enjoyable online, whatever shape it takes in the days to come.  

Here’s to living that life with confidence, and to what’s on the horizon. Through it all, we have your back. 

The post Welcome McAfee Forward—the Future of Online Protection Today appeared first on McAfee Blogs.

]]>
What to Do If You’re Caught Up in a Data Breach https://www.mcafee.com/blogs/consumer-cyber-awareness/what-to-do-if-youre-caught-up-in-a-data-breach/ Tue, 04 Jan 2022 21:43:18 +0000 https://www.mcafee.com/blogs/?p=133498

It happens with more regularity than any of us like to see. There’s either a headline in your news feed...

The post What to Do If You’re Caught Up in a Data Breach appeared first on McAfee Blogs.

]]>

It happens with more regularity than any of us like to see. There’s either a headline in your news feed or an email from a website or service you have an account with—there’s been a data breach. So what do you do when you find out that you and your information may have been caught up in a data breach? While it can feel like things are out of your hands, there are actually several things you can do to protect yourself. 

Let’s start with a look at what kind of information may be at stake and why crooks value that information so much (it’s more reasons than you may think). 

What can get exposed in a data breach?  

The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.  

Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:  

  • Username and password 
  • E-mail address 
  • Phone numbers and home address 
  • Contact information of friends and family 
  • Date of birth 
  • Driver’s license number 
  • Credit card and debit card numbers, bank account details 
  • Purchase history and account behavior history 
  • Patient information (in the case of healthcare breaches) 
  • Social Security Number or Tax ID Number 

As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer to detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.) 

What do crooks do with this kind of information? 

The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.  

With this information in hand, a crook can commit several types of identity crime—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get ID issued in your name as well. 

Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or other gains.  

Most breaches are financially motivated, with some researchers saying nearly 90% of breaches are about the money. However, we’ve also seen hackers simply dump stolen information out there for practically anyone to see. The motivations behind them vary, yet could involve anything from damaging the reputation of an organization to cases of revenge.   

Noteworthy examples of data breaches 

A list of big data breaches is a blog article of its own, yet here’s a quick list of some of the largest and most impactful breaches we’ve seen in recent years: 

  • Facebook – 2019: Two datasets leaked the records of more than 530 million users, including phone numbers, account names, Facebook IDs, and more. 
  • Marriott International (Starwood) – 2018. Leakage of 500,000 guest names, emails, actual mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, date of birth, and information about stays. 
  • Equifax – 2017. Approximately 147 million records, including name, address, date of birth, driver’s license numbers, and Social Security Numbers were leaked, as well as credit card information for a further 200,000 victims. 

Needless to say, it’s not just the big companies that get hit. Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location. 

In short, when it comes to data breaches, practically any business is a potential target because practically every business is online in some form or fashion. Even if it’s by way of a simple point-of-sale machine. 

What to do if you think your information may have been exposed by a breach 

When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps. 

1. Change your passwords and use two-factor authentication 

Given the possibility that your password may be in the hands of a hacker, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.  

2. Keep an eye on your accounts 

If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed. 

3. Sign up for an identity protection service 

If you haven’t done so already, consider signing up for a service that can monitor dozens of types of personal information and then alert you if any of them are possibly being misused. Identity protection such as ours gives you the added benefit of a professional recovery specialist who can assist with restoring your affairs in the wake of fraud or theft, plus up to $1 million in insurance coverage 

What if I think I’m the victim of identity theft? 

Our advice is to take a deep breath and get to work. By acting quickly, you can potentially minimize and even prevent any damage that’s done. With that, we have two articles that can help guide the way if you think you’re the victim of identity theft, each featuring a series of straightforward steps you can take to set matters right: 

Again, if you have any concerns. Take action. The first steps take only minutes. Even if the result is that you find out all’s well, you’ll have that assurance and you’ll have it rather quickly. 

The post What to Do If You’re Caught Up in a Data Breach appeared first on McAfee Blogs.

]]>
The Internet is for Everyone to Enjoy—We’re Helping See to It https://www.mcafee.com/blogs/consumer-cyber-awareness/the-internet-is-for-everyone-to-enjoy-were-helping-see-to-it/ Sun, 02 Jan 2022 14:49:33 +0000 https://www.mcafee.com/blogs/?p=132880

The internet is meant for all to enjoy. And that’s who we’re looking out for—you and everyone who wants to enjoy life online.  We believe it’s important that...

The post The Internet is for Everyone to Enjoy—We’re Helping See to It appeared first on McAfee Blogs.

]]>

The internet is meant for all to enjoy. And that’s who we’re looking out for—you and everyone who wants to enjoy life online. 

We believe it’s important that someone has your back like that, particularly where some of today’s hacks and attacks can leave people feeling a little uneasy from time to time. You’ve probably seen stories about data breaches at big companies pop up in your news feed. Or perhaps you or someone you know had their debit or credit card number hacked. Problems like these are out there, unfortunate thorns in the side of the internet we’ve come to love. Yet while these issues persist, there’s plenty you can do to avoid them. 

That’s where we have your back—doing all we can to make life online enjoyable for everyone, with protection that helps people finally feel safe and stay that way. 

The reality is that nobody wants to deal with hackers, malware, and other attacks crop up on the internet. And while it’s important to be aware of those things, we’d rather that you didn’t have to worry about them. Protection should come easy. Whether it’s keeping your banking, shopping, and streaming secure, along with your privacy and personal info too, protection should feel simple and tailored to you. That’s what we strive for. 

So as you think about protecting your life online, take a moment to consider what you’re protecting. As you do, you’ll see that it means far more than protecting your computers, phones, and other devices. Ultimately, it’s about protecting you, and all the important things connected to you. You can think of it in three ways … 

1) Protect what’s precious  

What’s among the top things people say they want to protect? Their photos. Not far behind photos are all manner of digital treasures that people like to keep close, which ranges anywhere from music they’ve downloaded to old voicemails of their children, nieces, and nephews that they’ve saved over the years. Without a doubt, we have plenty of things stored on our computers and phones that we simply couldn’t do without. 

Protecting these things means protecting the devices you use to store and access them. Installing comprehensive online protection software like ours is the first step. In addition to award-winning antivirus software and firewall protection to help keep hackers at bay (and away from your photos and other precious files), it goes a step further.  

Our new Online Protection Score shows you just how safe you are and guides you through simple steps that can seal up gaps and improve your protection overall. In all, it’s a personalized and simple way to make sure you’re protected as possible and continually make improvements as they’re needed. It’s a way of getting expert protection without being an expert. 

2) Protect what’s vital 

There’s also the “Important Stuff” in life, like our financial records, tax returns, and all the banking that we do on our phones and computers. And let’s throw shopping into mix because shopping’s important too! You can protect the important things like this, which can help hackers out of your business. 

For starters, you can protect your important files three ways with our online protection by using a combination of the McAfee® File Lock and Shredder™ features to manage your privacy:  

  • McAfee File Lock allows you to create password-protected encrypted drives on your PC that only appear when you’ve unlocked them, perfect for storing sensitive files like tax returns and financial documents.  
  • And when you’re looking to dispose of sensitive files, McAfee Shredder securely deletes files so that would-be thieves can’t put the pieces back together. 

You can lock down your privacy even further with a VPN that can shield you automatically from snooping attacks online, whether at home or when using public Wi-Fi. It creates an encrypted connection that works like a private tunnel that hides your IP address and the things you’re doing online from cybercrooks. It’s ideal for keeping your sensitive personal information like your financial data, passwords, and browsing history hidden from both hackers and websites. 

And here’s another big help. A password manager. You likely have dozens of passwords, plus a few more that you’ve probably forgotten about. You can protect your passwords and the accounts associated with them with a password manager that creates and securely stores a strong, unique password for each of your accounts. Plus, you can use it to update those passwords on the regular. Few things make it tougher for hackers than strong, unique passwords that get changed often. In a time of data breaches and account theft, a password manager is a great call. 

3) Protect yourself (and your people) 

While it’s important to focus on protecting things like laptops, phones, photos, files, and data, you’re ultimately protecting something far greater You. Your privacy, your personal information, your accounts, all the things that taken together make you—you. The thing is that our lives are more fluid and mobile than ever before. One moment we’re banking on our laptop, the next we’re splitting the cost of dinner with a payment on our phone. The constant here is you. You’re at the center of all this activity regardless of the device you’re using. The same goes for your family and the people you care about.  

That’s why we protect people, not just their devices.  

McAfee Identity Protection Service monitors the dark web for your personal info such as emails and associated passwords, up to 60 different types of critical info. If we detect that your data was stolen, you’ll get immediate alerts on the devices of your choice and guidance on how to secure your info quickly and effectively. In all, you can keep tabs on your identity any time you’re connected to the internet, and if an issue crops up you can click, solve, and carry on. ​ ​ 

Extended identity protection offers up the extra comfort of knowing that you have licensed recovery pros on the case if identity theft does happen to you. This includes monitoring and restoration services, along with identity theft insurance for lawyer fees, travel expenses, lost wages, and more. 

Protection that runs deep 

While that’s just a few of the ways McAfee has your back, we hope it gives you a good sense of what online protection should do—how it should protect you and all the things connected to you. And on today’s internet, that’s quite a bit. There’s so much to experience online today, and we believe you should enjoy all of it, freely and with the confidence that comes from knowing you’re safe. 

The post The Internet is for Everyone to Enjoy—We’re Helping See to It appeared first on McAfee Blogs.

]]>
What’s the Difference Between Identity Fraud and Identity Theft? https://www.mcafee.com/blogs/consumer-cyber-awareness/whats-the-difference-between-identity-fraud-and-identity-theft/ Fri, 24 Dec 2021 14:30:38 +0000 https://www.mcafee.com/blogs/?p=133330

What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly...

The post What’s the Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blogs.

]]>

What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you know understand what’s at stake. 

Let’s start with an overview and a few examples of each. 

Identity fraud is … 

  • When someone steals or misuses your personal information to exploit an account or accounts you already have.  
  • Examples:  
  • A criminal gets a hold of your debit card information from a data breach and makes purchases with it against your bank account. 
  • A criminal gains access to one of your accounts via a phishing attack and misuse the funds or otherwise misuses the access associated with that account. 

Identity theft is … 

  • When someone uses your personal information to open and abuse new accounts or services in your name—or possibly to impersonate you in other ways. 
  • Examples: 
    • A criminal uses your personal information to open a new line of credit at a retailer under your name and then makes purchases against the line of credit.  
    • A criminal uses your Social Security Number to create a driver’s license with their likeness but your name and personal information. 

So there’s that subtle difference we mentioned. Identity fraud involves misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name. 

Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well. 

Identity fraud in the news 

As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it a couple of different ways.  

The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. (ChipotleRobinHood, and T-Mobile being recent examples.) That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.  

On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well. 

Identity theft in the news 

Identity theft took on new forms during the pandemic, such as was the case of a Rhode Island man charged with nearly half a million dollars in a pandemic unemployment fraud case. Authorities allege that the man-made 85 unemployment claims in 2020 using the identities of several other people.  

Similarly, a Massachusetts man was sentenced for filing fraudulent claims for relief funds, as well as open store credit accounts using fake identities. Court proceedings alleged that the personal information used to commit this fraud came from several sources, including information stolen from a realty company that collected that information from potential renters.  

Identity theft can stem from the workplace as well, such as the sentencing of a Maryland man who used stolen lists of personal information from his former employer. From there, he was found guilty of garnering more than a million dollars in funds from food assistance programs and fraudulent car loans.  

Identity theft can run far deeper than these examples. Because it effectively allows someone else to pose as you, an identity thief can do more than drain your accounts. They can also claim health insurance benefits, file taxes in your name, or possibly purchase the property. Further, an identity thief can potentially get a job, driver’s license, or other forms of ID in your name, which could ruin your credit history, reputation, or even create a police record in your name.  

So while both identity fraud and identity theft are certainly something you want to prevent, identity theft holds the potential to affect far-reaching aspects of your life—which marks a distinct difference between the two. 

Spotting identity fraud and theft (and preventing it too) 

It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things. 

With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place: 

Keep a sharp eye out 

While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.  

The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an —and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.  

The post What’s the Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blogs.

]]>
Threat Intelligence and Protections Update Log4Shell CVE-2021-44228 https://www.mcafee.com/blogs/enterprise/threat-intelligence-and-protections-update-log4shell-cve-2021-44228/ Wed, 22 Dec 2021 18:03:44 +0000 https://www.mcafee.com/blogs/?p=133438

Threat Summary Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote...

The post Threat Intelligence and Protections Update Log4Shell CVE-2021-44228 appeared first on McAfee Blogs.

]]>

Threat Summary

Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability of the POC exploit and ease of exploitation triggered the widespread exploitation attempts that we are now witnessing.

CVE-2021-44228 – Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation.

Should the vulnerability be present, an attacker might run arbitrary code by forcing the application or server to log a specific string. This string can force the vulnerable system to download and run a malicious script from the attacker-controlled system, which would allow them to effectively take over the vulnerable application or server.

A full technical analysis can be found here:

McAfee Advanced Threat Research: Log4Shell Vulnerability is the Coal in our Stocking for 2021

In this blog, we present an overview of how you can mitigate the risk of this vulnerability exploitation with McAfee Enterprise solutions. Due to the severity of this vulnerability and the observed exploitation attempts already taking place, the KB article linked below will be continually updated to communicate detailed actions to mitigate risk with McAfee Enterprise products. Subscribe to this KB article to receive updates pertaining to related coverage and countermeasures.

KB95091: McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution

Attack Chain and Defensive Architecture

Organisations preparing to defend against this threat needs to think beyond the initial access vector. What the vulnerability allows a threat actor to do is initially only connect to a remote endpoint and establish a beachhead. The attacker only gets a return on investment when they can exploit that initial foothold either to move laterally, execute additional payloads on the endpoint or attack other organisations as part of a botnet. Instead of just focusing on the initial access vector, let’s look at the entire defensive kill chain.

The impact on organisations varies between resource takeover, denial of service or data theft. Therefore, making visibility in attack patterns and trend via threat intelligence extremely critical. In addition, other attack vectors have been discovered which allows for local exploitation of the log4j library over WebSocket.

Let’s walk through the defense lifecycle in more details

Getting the Latest Threat Intelligence

Threat Intelligence is critical to adapt security controls and gain an understanding of attacker techniques and active campaigns exploiting the vulnerability

 

The MVISION Insights platform reports threat intelligence related to the Log4j attacks under the campaign name Log4Shell – A Log4j Vulnerability – CVE-2021-44228.

The Global Prevalence map snapshots captured on the 10th and 16th December 2021 demonstrates how impactful has being the vulnerability so far and how fast activity, both defender and attack, is increasing and spreading worldwide.

MITRE Techniques Observed:

  • Exploit Public-Facing Application – T1190 (Initial Access)
  • Exploitation of Remote Services – T1210 (Lateral Movement)
  • External Remote Services – T1133 (Initial Access, Persistence)
  • Resource Hijacking – T1496 (impact)
  • Web Shell – T1505.003 (Persistence)

As we are writing this blog, on MVISION Insights there are 1,813 IOCs including MD5, SHA256, URL, IP, DOMAIN, HOSTNAME. In terms of Determinism, 1,632 are unique and 30 are commodity.

The top MD5 detected so far has been related to Kinsing (MD5: 648effa354b3cbaad87b45f48d59c616), a crypto miner with backdooring features. The file runs on Linux machines and has been uploaded on Virus Total for the first time in December 2020.  Its detection increased by 161% between the 11th and the 15th of December 2021 and it is currently observed in 19 different countries. The log4j vulnerability is helping threat actors to push Kinsing malware via encoded payloads to vulnerable services exposed to the internet. And this is just the tip of the iceberg. We are actively monitoring for and analyzing new payloads.

The same unique indicator is also reported as part of other two threat campaign on MVISION Insights:

  • Kinsing Malware Adds Windows to Its Target List
  • Misconfigured Apache Hadoop YARN Exploited

Since April 2020, when the Kinsing crypto miner was discovered, further developments of the malware have occurred including a rootkit component and other features that make detection harder. Kinsing comes with multiple shell scripts that download and install the backdoor, miner, and rootkit alter the system itself.

The IP address 45.155.205[.]233 included within the MVISION Insights IOCs and used by threat actor as a log4j callback attack server has been detected 6,884 times by December 4th topping 15,106 detections by December 7th. Most detected countries included the United States, Turkey, Thailand, UK, Taiwan, and Italy.

MVISION Insights also includes indicators related to unique variants of MIRAI botnet that McAfee observed being leveraged by threat actors to exploit the log4j vulnerability.

Shell scripts are using wget and curl tools for external communication as part of the attack chains analyzed.

Latest updates highlighted Conti ransomware group actively leveraging the Log4Shell exploit to gain access to internal corporate resources and lunch their malicious payloads. But also, Khonsari group and state sponsored APT35 have been reported by researchers.

Determining your Asset Exposure

In this case, you should detect and prioritise internet facing applications running java-based web servers such as Apache Tomcat, either isolate or patch these resources. Run vulnerability scans for both monolithic and containerized workloads to build an inventory of assets that might be impacted.

MVISION Cloud

Continuously discovers your cloud resources and can run vulnerability scans for Virtual Machines and Containerized workloads in the cloud. MVISION Cloud has the ability to build an inventory of running processes within workloads as part of it application control capabilities. If log4j is used as a separate package we will detect the vulnerability in both runtime and container registry. If the log4j is included in the java binary we will not be able to scan it.

Ensure you run configuration audits for cloud assets that allow unrestricted outbound access and does not use firewalls or NAT GW’s for outbound connections. Run configuration audits for secondary misconfigurations that might allow the attacker to exploit IAM to elevate privileges, gain persistence or takeover other resources. 

MVISION Insights

Compares the available defensive capabilities on the endpoint to the attacker techniques, tools and IOC’s and highlights exposed endpoints.

MVISION EDR

You can perform real time searches in MVISION EDR to identify endpoints with Log4j binaries.

Blocking Exploitation Attempts

The attacker only succeeds if they can get to this stage so blocking outbound suspicious connections, preventing execution of additional payloads, and protecting credentials/auth tokens theft are things that could prove to be critical in defeating the attack. As part of the available threat intelligence attackers are using several post exploit methodologies to pivot from the original log4j injection vulnerability. This varies from misuse of resources with crypto miners, deploying malware, or exfiltrating sensitive information.

MVISION Cloud – Cloud Native Application Protection Platform (CNAPP)

Use Application Control (VM and Containers) to kill unverified server processes and payloads from executing.

OS Hardening (VM) – ensure that SE Linux state is enforcing

MVISION UCE

Use UCE URL filtering and Remote Browser Isolation to prevent browser-based exploit attempts over WebSocket and C2 attempts.

McAfee Endpoint Protection Platform

Use signature-based protection in ENS 10.7 to block known hashes of second stage malicious payloads. On December 12, 2021, McAfee Enterprise released V3 AMCore content 4648 (ENS) and V2 DAT 10196 (VSE). Generic detections are provided under the title Exploit-CVE-2021-44228.C.

In ENS (Endpoint Security) 10.7 update 4 and above, there is a powerful security feature available to every defender, which is the ability to trigger a memory scan from an Expert Rule. For more details on this capability, please see this blog post from our AC3 team

https://www.mcafee.com/blogs/enterprise/log4j-and-the-memory-that-knew-too-much

Additionally, it is recommended to enable the ENS ATP rules that prevent or detect post exploitation techniques such of second stage payload execution, credential dumping or encryption activity from ransomware, use of malicious tools or lateral movement.

Network Security Platform

An Emergency User Defined Signature has been written and tested by McAfee Enterprise to provide immediate protection against the Apache Log4j2 Remote Code Execution Vulnerability.

For details on latest signatures, please follow the KB…KB95091: McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution

Detecting and Hunting for Exploitation Activities

Assuming breach is critical especially if you know that you had exposed assets and therefore, build forensics and post exploitation detection techniques this includes exploitation of living of the land binaries (LOLBINS), credential dumping as well as using information such as known file hashes / hunting queries to query web server / reverse proxy/ Network IPS logs.

MVISION Insights

In addition to an Intelligence Summary, Insights provides exportable YARA rules to find additional Indicators of Compromise.

MVISION EDR

As mentioned above, you can leverage Real Time and Historical Search functionality to proactively identify vulnerable systems or post exploit activity such as…

  • historical process execution spawning from Java as this could be a clear indicator that the parent java process was used to spawn additional malicious processes.
  • monitoring for detection of threats emanating from assets running Java
  • identify outbound communication attempts to known C2 domains through DNS or Web traffic

Identify Indicators of Compromise associated with exploit payloads

Data Exfiltration Visibility and Control with Cloud Security

Along with control on the endpoint, visibility into attacks and where data is being uploaded is also critical to stopping Data Exfiltration. Mapping threats to the MITRE ATT&CK Framework will provide visibility into ongoing attacks happening in the cloud and where security controls can be improved to stop future attacks.

Another critical method to stopping the exfiltration of data is putting restrictions against data uploads to non-sanctioned cloud storage. Limiting data uploads to only sanctioned Cloud Service Providers can stop external and insider threats from transferring data to Cloud Services that are questionable or not sanctioned. The Cloud Registry within MVISION Cloud/Unified Cloud Edge will provide ratings for well over 25,000 Cloud Service Providers so restrictions can be placed on CSPs with high risks or attributes that put company data at risk.

Summary

The current situation is dynamic and our resources to help you understand the attack and mitigations available are also evolving. For the latest updates on McAfee Enterprise threat intelligence and defender resources please continue to follow these sites

MCFE Log4Shell Vulnerability KB: https://kc.mcafee.com/corporate/index?page=content&id=KB95091

MCFE Log4Shell Security Bulletin: https://kc.mcafee.com/corporate/index?page=content&id=SB10377

MCFE Log4Shell Vulnerability Blog: https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/

MCFE Log4Shell Exploit Demonstration by McAfee ATR: https://www.linkedin.com/posts/mcafeeenterprise_cve-2021-44228-log4shell-exploitation-activity-6876241150219485184-URLE

MCFE LinkedIn Live Customer Briefing: https://www.linkedin.com/posts/mcafeeenterprise_mcafee-enterprise-atr-explore-the-internet-breaking-activity-6876614287197122560-wNuD

FEYE Log4Shell Vulnerability KB: https://community.fireeye.com/s/article/000003827

The post Threat Intelligence and Protections Update Log4Shell CVE-2021-44228 appeared first on McAfee Blogs.

]]>
Helping Older Adults Build Strong Digital Literacy Skills https://www.mcafee.com/blogs/family-safety/helping-older-adults-build-strong-digital-literacy-skills/ Wed, 22 Dec 2021 14:33:02 +0000 https://www.mcafee.com/blogs/?p=133318

Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our...

The post Helping Older Adults Build Strong Digital Literacy Skills appeared first on McAfee Blogs.

]]>

Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our way. Unfortunately, that picture isn’t the norm for many older adults.  

Engaging with technology can be challenging for older adults. However, when digital literacy skills are neglected or avoided, everyday activities such as online bill paying, shopping, medical appointments, and even social media can be overwhelming. And, since the pandemic, the digital divide between older adults and digital skills has become even more evident.   

Digital Divide  

One Pew study revealed that older adults continue to lag behind younger adults when it comes to technology adoption in that 41% do not use the internet at all, 23% do not use cell phones, and over 75% say they require help when learning how to use new technology.   

Bridging the Gap 

The Pew study also highlighted good news: Attitudes shift for the better when older adults increase their digital skills and access the Internet more frequently. Fully 79% of older adults who use the internet regularly agree with the statement that “people without internet access are at a real disadvantage because of all the information they might be missing.” In comparison, 94% agree with the statement that “the internet makes it much easier to find information today than in the past.” 

So how can we help the older adults in our lives grow both their digital skills and their confidence? Building practical digital skills begin with a commitment to one another, to consistency, and to learning. Here are some tips to get you started.  

7 Ways to Boost Digital Literacy 

1. Schedule dedicated time.

If you are helping an older adult build their digital skills, it’s crucial to schedule dedicated training time. Commitment and consistency will be key to achieving real results. If you’re the older adult learning on your own, set aside dedicated learning time with clear goals. For instance, “Each day this week from 7 a.m. to 9 a.m. I will learn how to set up my email and how to maximize security on all my devices.”  

2. Choose your resources and go!

Fortunately, more and more resources are emerging to help older adults bridge their technology gaps, and most are free. A few places to begin include AARP’s Senior PlanetCandoo Tech, and GetSetUp. To find a program in your area, go to at3center.net. 

3. Prioritize cybersecurity. 

Online security is one of the most critical conversations you can have with the older adults in your life. Following best practices such as installing security software, using strong passwords with Two-Factor Authentication (2FA), understanding data privacy, and knowing how to identify phishing and malware scams are fundamental components of digital literacy. For a deeper dive into cybersecurity best practices, read more 

4. Explore media literacy.

Older adults can easily fall prey to scams, conspiracies, hoaxes, and false news stories online. A recent study out of Princeton and NYU found that, prior to the 2016 election, adults over 65 were seven times more likely than those under 29 to post articles from fake news domains.Understanding how to spot misinformation online is a critical skill for anyone online. One resource to build media literacy is MediaWise for Seniors, a series of free online courses by Poynter designed to help older adults detect and combat fake news and misinformation. In addition, consider dialogue on how to challenge each piece of digital content by asking: 

  • Do I understand all the points of view of this story? 
  • What do I think about this topic or idea? 
  • Am I overly emotional and eager to share this publicly? 
  • Am I being manipulated by this content? 
  • What if I’m wrong? 

5. Avoid technical jargon. 

Jargon excludes and when you use insider language with a non-technical person, it can get overwhelming. Slow down. Use ordinary terms. For instance, instead of the hyperlink, consider “link.” Instead of URL, opt for “website address.” Rather than DM/PM, use “Private Message.” Note: Avoiding jargon doesn’t mean you dumb down to a person; it means using plain language to explain the same concept.   

6. Be patient. 

It’s a myth (and an unfortunate stereotype) that older adults don’t have the ability or don’t want to learn about technology. Frankly, they can, and they do. However, physical and mental changes are part of the aging process, which means repetition and patience are part of the process. Consider creating easy-to-read cheat sheets to summarize the day’s lesson.  

Technology is impacting our lives in myriad ways, and no one feels this reality pressing in more than older adults. If you find yourself in the privileged position of coaching an older adult toward digital confidence, remind them of the gains ahead and that the gap from “here” to “there” isn’t nearly as large as they’ve imagined. Whenever possible, point their sights to the proven benefits of stepping off the sidelines and into a connected world.  

The post Helping Older Adults Build Strong Digital Literacy Skills appeared first on McAfee Blogs.

]]>
9 Ways to Determine If Your Identity Has Been Stolen https://www.mcafee.com/blogs/privacy-identity-protection/9-ways-to-determine-if-your-identity-has-been-stolen/ Wed, 22 Dec 2021 14:17:41 +0000 https://www.mcafee.com/blogs/?p=133414

Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want...

The post 9 Ways to Determine If Your Identity Has Been Stolen appeared first on McAfee Blogs.

]]>

Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may dip their credit score.

Fortunately, you can help minimize what happens by knowing the signs of identity theft and taking fast action when you recognize them. Find out how below.

How does identity theft happen?

Being online comes with many benefits, but it can also come with some risks. Identity theft usually begins with the criminal accessing sensitive personal data, such as Social Security numbers, birthdates, home addresses, bank account information, and driver’s license details. The fraudster can then take this information to fake your identity, using it to take out credit cards, apply for loans, and more.

Here’s a quick look at some ways identity thieves can get their hands on your valuable data:

  • Phishing scams: Phishing scams can come in the form of mail, email, or websites. They may involve an identity thief pretending to be an entity you trust, like your own bank or insurance provider, to extract personal data.
  • Data breaches: Many companies store your data, from your health care provider to your internet service provider. For example, you may save payment details for your favorite shopping site. If hackers target those companies in a data breach, they can leak or access your sensitive information.
  • Social media snooping: Criminals may look to your social media to get information, like your birthdate and home address. Even seemingly innocent details, like the names of your children or pets, can be of interest to an identity thief. Why? People often use these details in their passwords.
  • Hacking devices: Hackers may try to infiltrate your computer, tablet, or mobile device through viruses or malware. That’s where antivirus software can help. McAfee’s Total Protection service works for you by protecting your devices and personal information from criminals.
  • Simple theft: Not all identity thieves use advanced methods to get your information. In fact, a person can steal your phone and access any personal data you have on it if they can unlock it. Since many people save passwords to sensitive accounts on their devices, they are easy to hack.
  • Dumpster diving: This is another example of a less tech-savvy approach to identity theft. If you throw away documents with sensitive data, thieves may get the information they want from your garbage. For example, bank account statements contain your account numbers, while pay stubs may include Social Security numbers. You should always shred paperwork before tossing it.

There are many ways thieves can get their hands on your data. Luckily, there are ways you can protect yourself against these methods. For example, you can protect your computer, tablet, or mobile device against hackers by equipping it with a strong password and safeguarding against phishing by adding a firewall and utilizing a virtual private network (VPN) like those offered by McAfee.

9 warning signs your identity has been stolen

With some best practices, you can protect your data and help safeguard you and your family against identity theft. One way to continue living your best life online is to watch for potential warning signs of identity theft. This ensures you can take fast action and minimize the effects if you’re targeted. Here are some essential signs to look out for.

You’re alerted to a credit card charge you didn’t make

Financial identity theft is one of the most common types of identity theft, and credit cards are a popular target. The rise in online shopping has made credit card fraud even more common.

Your online banking portal or app should allow you to set up alerts to email, call, or text you about suspected fraudulent credit card charges. If you get an alert, someone may have taken your identity.

Your loan or credit card application was denied

If you apply for a loan or line of credit and your application is denied, dig deeper. A rejection could indicate that your credit score is lower than you thought, possibly due to fraudulent activity. For example, someone may use your information to get new credit cards and not pay them off, leaving you responsible.

There’s a change to your credit score

Changes in your credit score can indicate identity theft. For example, if someone takes out utility bills in your name and doesn’t pay them, your credit score may dip. Checking your credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) can help pinpoint the problem.

The Federal Trade Commission (FTC) allows U.S. consumers to get a free credit report every 12 months. Just visit AnnualCreditReport.com to get a copy of yours from the credit reporting agencies. You can also pay for credit monitoring services to track your score.

There’s a new account you didn’t open under your name

Once identity thieves obtain enough data, including your name and address, they might be able to open new accounts and credit cards. When you check your credit report, keep an eye out for new accounts that you didn’t open. Another red flag is if you start getting bank statements or bills addressed to you for accounts you don’t recognize.

Your information was part of a data breach

Companies are required to notify customers of data breaches that could impact them. For example, if you save your payment information and home address on a music streaming provider’s website and their database is hacked, identity thieves may get your data. Keep an eye out for notifications and read the news. The McAfee blog is another great resource for information on data breaches.

Debt collectors call about accounts you never opened

If debt collectors start calling, be cautious, especially if they’re referring to accounts you aren’t familiar with. Don’t provide personal information to any collection agencies that call, as this can be a potential phishing scam. However, it’s a good idea to follow up on these cases by checking your credit report for new accounts. You could be liable if someone opened accounts under your name and didn’t pay them.

You receive bills for medical services you never used

Medical theft occurs when a fraudster imitates another person to get health care or supplies. For example, a person might use your identity to get prescription medication at a pharmacy. If you get unfamiliar medical bills, follow up. Incorrect medical records could impact your insurance premiums or interfere with your ability to get the care you need in the future.

Mail is addressed to your home but with another person’s name

This could be an indicator of synthetic identity theft. This occurs when a fraudster creates a fake identity using various people’s real information. For example, they may use your address and Social Security number and another person’s photo to create a fake persona that’s creditworthy. They can then take out credit cards in that fake person’s name.

A tax return is filed under your name without your knowledge

If you receive a confirmation of an annual tax filing before you’ve filed, take note. Criminals may try to file a tax return for another person to access their tax refund. Alternatively, you may find that you’re unable to e-file your taxes, which can occur if someone else has already filed under your name.

What to do if you think your identity has been stolen

No one wants their identity stolen, but it’s still good to be prepared if it does happen. If you notice the above red flags, here are some steps you may need to take:

  • Change passwords and login details for any affected accounts. If you use the same password for other accounts, change those too. The good news is that McAfee’s identity protection services come with a password manager, so you don’t have to worry about remembering your credentials across devices.
  • Freeze accounts with banks or credit card companies that show any suspicious activity, including debit and credit card Most financial institutions have a dedicated fraud department to help.
  • Review your credit reports if you haven’t already and report any suspected fraud to the respective credit bureau.
  • Contact local law enforcement to file a police report for lost or stolen credit cards, driver’s licenses, and more. Also, report your lost license to the DMV.
  • Alert the IRS fraud alert department in case of tax-related fraud.
  • Report Social Security-related fraudulent activity to the relevant government agency, the Social Security Administration’s Office of the Inspector General.
  • Place a freeze on your credit report. This blocks access to it to extend credit, ensuring no one can take out new lines of credit in your name.

You may also want to visit IdentityTheft.gov to report identity theft and find resources to help guide your recovery plan.

Get personalized online protection

Worries about identity fraud shouldn’t prevent your household from enjoying the benefits of a connected world. McAfee’s identity theft protection services can help you enjoy everyday conveniences while keeping you safe. Packages can be tailored to your needs, including 24/7 monitoring, ID theft coverage, VPN services, and more. It’s guided online protection made easy.

The post 9 Ways to Determine If Your Identity Has Been Stolen appeared first on McAfee Blogs.

]]>
How to protect yourself from identity theft after a data breach https://www.mcafee.com/blogs/privacy-identity-protection/data-breach-security-steps/ Tue, 21 Dec 2021 23:11:51 +0000 https://www.mcafee.com/blogs/?p=133123

How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going...

The post How to protect yourself from identity theft after a data breach appeared first on McAfee Blogs.

]]>

How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history. 

In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about. 

Data breaches are a (sad) fact of life 

Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include: 

  • Usernames and passwords 
  • Email addresses 
  • Phone numbers and home addresses 
  • Contact information for friends and family members 
  • Birthdays and Driver’s license numbers 
  • Credit and debit card numbers or bank account details 
  • Purchase history and account activity 
  • Social security numbers 

What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.  

Examples of data breaches over the recent years 

In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including: 

Facebook – 2019: Two sets of data exposed the records of more than 530 million users, including phone numbers, account names, and Facebook IDs. 

Marriott International (Starwood) – 2018: Half a million guests had names, email and physical mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, dates of birth, and other information about their stays exposed. 

Equifax – 2017: Some 147 million records that included names, addresses, dates of birth, driver’s license numbers, and Social Security Numbers were exposed, along with a relatively small subset of 200,000 victims having their credit card information exposed as well. 

As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants. 

Staying secure in light of data breaches 

When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, there are multiple steps you can take to help protect yourself from the potential side effects.  

1. Keep an eye on your bank and credit card accounts 

One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals. 

2. If you’re a victim, report it to local authorities and to the FTC for assistance.  

File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud, since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site offers a step-by-step recovery plan that you can follow and track your progress as you go. 

3. Place a fraud alert 

If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well. 

4. Look into freezing your credit if needed 

Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency. 

5. Update your passwords 

Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as one you’ll find in comprehensive online protection software. 

6. Consider using identity theft protection 

A solution such as this will help you to monitor your accounts and alert you of any suspicious activity. Specifically, our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat. Also, it can help you steer clear of some types of theft with preventative guidance that can help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately. 

7. Use online protection software, and expand your security toolbox 

To use your credit card safely online to make purchases, add both a VPN and password manager into your toolbox of security solutions. A VPN keeps your shopping experience private, while a password manager helps you keep track of and protect all your online accounts. Again, you’ll find a VPN as part of comprehensive online protection software. 

The post How to protect yourself from identity theft after a data breach appeared first on McAfee Blogs.

]]>
10 Ways to Protect Your Identity https://www.mcafee.com/blogs/privacy-identity-protection/10-ways-to-protect-your-identity/ Tue, 21 Dec 2021 14:04:55 +0000 https://www.mcafee.com/blogs/?p=133402

We’re online more than ever, in large part because it allows us to take advantage of online conveniences like bill...

The post 10 Ways to Protect Your Identity appeared first on McAfee Blogs.

]]>

We’re online more than ever, in large part because it allows us to take advantage of online conveniences like bill pay and booking appointments. But these many benefits might also leave us exposed to risks, like identity theft.

Identity theft is characterized by one person using another’s personal or financial data for their benefit. Cybercriminals may take information like a person’s name, birthday, Social Security number, driver’s license number, home address, and bank account information and use it for their benefit. A name and matching financial information, for instance, can be used to apply for credit cards or open new accounts.

The good news is that you can safeguard yourself and your family with some best practices — allowing you to enjoy your best life online and worry less about cybercriminals. Share these 10 tips with your family to help keep your entire household safe.

Password-protect your devices with strong passwords

A good habit to get into is to password-protect your computer, tablet, and mobile devices through unique, strong passwords. These devices are home to some of your most sensitive information, including everything from emails to apps that connect to your bank accounts. So, if these devices fall into the wrong hands, a password makes it harder to access your personal data.

Take some time to come up with your passwords, though. It’s important to create strong passwords that hackers can’t guess. A strong password will include a mix of symbols, numbers, and letters. Steer clear of simple passwords like “123456” (it might seem obvious, but this is one of the most common passwords people use). Also, avoid including information that other people can guess, like your birthdate, home address, or name.

Don’t forget to use different passwords for different accounts. If you use the same password across multiple accounts, and a fraudster gains access to one account, they may access the others. Fortunately, McAfee’s identity protection services include a password manager, which can help secure your account credentials across multiple devices. This tool encrypts passwords, storing them safely and making it easy to keep track of them.

Learn how to identify and avoid phishing scams

Identity thieves are skilled at leveraging new technologies. Phishing is one great example of this. Phishing involves criminals masquerading as trustworthy entities, such as government agencies or banks, and using this trusted position to get sensitive information. Phishing scams started with traditional mail. They’re now also done via phone, text, and email.

As a general rule of thumb, never give out any personal information when contacted by a business, bank, or another entity. Also, make sure your email spam filters detect phishing attempts. Never open emails from people you don’t know, and don’t download email attachments without knowing what they are. Some phishing emails include malware, which can infiltrate your device and access personal data. A McAfee Total Protection plan is an all-in-one protection solution that can help you detect and avoid malware.

Fraudulent websites may also use phishing techniques. A website may look similar to the legitimate website of a mortgage lender, bank, or credit card company but might be a fraudulent platform seeking to get information from consumers. Always verify that any website you visit is the legitimate website of the institution, and consider McAfee antivirus software, which offers a safe browsing solution.

Set up alerts through your bank

When financial identity theft occurs, this can also impact financial institutions like banks and lenders. So, they’re eager to prevent fraud, as well. One way they do this is through fraud alerts. You can set up your online banking to issue fraud alerts — for example, via an email, text message, or phone call — if your bank suspects suspicious activity on your account.

In some cases, a bank will also freeze your account until you verify whether the activity is legitimate. This is a common tactic used to protect against credit card fraud. Geo-control is one example: If you live in the U.S., but a German IP address uses your credit card, your credit card provider will likely issue an alert. You can also set up alerts for certain transaction amounts or types.

Review your credit report regularly

Your credit report is one of the most powerful tools you have at your disposal for catching identity thieves and stopping them in their tracks. You’re entitled to a free credit report every 12 months via AnnualCreditReport.com, an initiative of the Federal Trade Commission (FTC). You can get a free copy of your report from each major credit bureau: Experian, Equifax, and TransUnion.

Review your report thoroughly, checking for inaccuracies. When credit monitoring, check your:

  • Personal information: Verify that your name, address, phone number, birthdate, Social Security number, and employment details are correct.
  • Accounts: Confirm that all accounts listed are yours and current. Keep an eye out for unrecognized credit cards, utility accounts, phone accounts, or streaming accounts.
  • Public records: Check for foreclosures, civil suits, liens, or bankruptcies. If these issues are on your credit report and you don’t recognize them, you might be affected by identity fraud.

 

If you find any discrepancies, contact the appropriate credit reporting company. You should also contact the relevant financial institution and visit IdentityTheft.gov. You can report the suspected identity theft and find resources to help you recover.

Be mindful of what you share on social media

Social media is great for connecting with others online, but it does open the door to some vulnerabilities. Be careful about what you post, and steer clear of sharing personal details like your home address, children’s names, pet’s names, or birthdays, which some people use as passwords. If a social media platform offers two-factor authentication, opt in.

Images are another touchy subject. Never post photos that include private data, like a picture of your passport or vaccine card. Consider what’s in the background of any photos — from your home (with a house number) to mail with your address. Finally, you may want to set your visibility to private on all social media accounts, limiting who can view them. And even if your account is private, you should still follow the above tips.

Shred sensitive documents

Some identity thieves get people’s personal information by dumpster diving. One solution? Invest in a paper shredder. You’ll be able to shred documents into tiny bits that are hard to piece together, making it that much harder for someone else to piece together any personal information they contain.

Here are some documents worth shredding:

  • Debit card statements, credit card statements, and bank statements that contain personal financial information
  • Invoices or receipts containing details like financial account numbers
  • Documents containing your Social Security number, like pay stubs and work contracts
  • Junk mail with contact information, like your name and address
  • Old photos and IDs, which people can use to create fake IDs
  • Shipping labels, like those you might get from online retailers to make returns
  • Medical records or receipts, which may contain insurance information
  • Canceled checks

If you’re not sure whether something needs to be shredded, go ahead and destroy it. It only takes seconds, and you’re better off safe than sorry.

Protect all of your devices with antivirus software

Whether you use a computer, tablet, or mobile device for many of your online activities, like paying bills, these devices contain a lot of personal data. So, it’s good to protect them from hackers. ​​Install antivirus software like McAfee’s to protect against viruses and spyware. It would be best if you also had a firewall, which is a network security system that controls the incoming and outgoing network traffic based on set security parameters.

To take your device security a step further, you may also want to invest in a virtual private network (VPN). This helps hide your online activity. It can safeguard against hackers on public networks but is also worth using at home. It hides details like browsing activity, personal data, and IP address from potential snoops. McAfee also offers VPN services.

Keep personal documents in a safe space

While your computer, tablet, or mobile device may hold a great deal of personal data, you likely also have hard copies of sensitive documents worth protecting. Documents like your birth certificate, Social Security card, and passport contain valuable information that identity thieves can use for personal gain, so you want to make sure they’re kept in a safe space.

Don’t simply shove these documents into your desk drawer. It’s best to keep them in a locked, fireproof home safe with a secure code. To keep things organized, put each document in a protective plastic sleeve and put the sleeves in a binder. This can be useful if you have a large family and need to keep track of everyone’s data.

Follow the news to learn about data breaches

Sophisticated hackers don’t just target individuals. They may also try to infiltrate businesses, government agencies, higher education institutions, health care facilities, and any other organization that gathers sensitive consumer information. If an entity is subject to a data breach, they’re legally required to notify any consumers who may have been impacted.

However, it’s still good to inform yourself about potential breaches that may affect you. Larger-scale data security risks are usually reported in the media. We also post about data breaches on the McAfee blog. If an entity you do business with has been affected, change your passwords and the passwords of any related accounts immediately.

Know the warning signs of identity theft

Knowing possible signs of identity theft can help you catch it early so that you can continue to enjoy your time online. Educate yourself and your family about these warning signs, ensuring everybody stays safe. Here are some possible indications identity thieves have targeted you:

  • You receive phone calls from debt collectors about accounts you aren’t familiar with. Don’t provide personal information over the phone immediately. Check your credit report to get the details about the debts in question.
  • Your credit score experiences unexplained changes. Get a copy of your credit report from the major credit reporting agencies to find out why.
  • Your bank accounts or credit cards have unknown charges you (and your family) can’t account for. Contact your financial institution to report the suspected fraud, providing relevant documentation to back up your claims. You can also report fraud to your local government.
  • You receive a fraud alert from your financial institution. Check any activity deemed potentially fraudulent as soon as possible.
  • You get mail addressed to another person’s name. This could include medical bills, W-2 forms related to unfamiliar employers, or credit card bills, for example. Follow up with the relevant institution.
  • You experience problems with your tax return For example, the Internal Revenue Service (IRS) may reject your filing if someone else has already filed in your name (to get your tax refund). Contact the IRS fraud department.

You’re only a step away from better protection

The internet keeps all of us connected, but that’s why identity theft protection is important. With people increasingly connected, doing more, and sharing more online, cybercriminals can pinpoint weaknesses and take advantage. Hackers are ready to leverage your information for personal gain, and identity theft is no exception.

McAfee is here to help. McAfee’s identity protection services provide 24/7 monitoring of your email addresses and bank accounts, providing up to $1 million worth of ID theft coverage. You deserve to enjoy the comfort offered by the internet without stressing about identity theft. Implement the best practices above in your household so that you and your loved ones can stay connected with confidence.

The post 10 Ways to Protect Your Identity appeared first on McAfee Blogs.

]]>
5 Common Types of Identity Theft https://www.mcafee.com/blogs/privacy-identity-protection/5-common-types-of-identity-theft/ Tue, 21 Dec 2021 02:59:43 +0000 https://www.mcafee.com/blogs/?p=133387

The internet provides plenty of fun and exciting opportunities for you and your family, from sharing on social media to...

The post 5 Common Types of Identity Theft appeared first on McAfee Blogs.

]]>

The internet provides plenty of fun and exciting opportunities for you and your family, from sharing on social media to online shopping. To help you enjoy every minute of it, though, it’s good to be aware of what less savory characters are up to.

And they sure have been busy. In fact, the U.S. Federal Trade Commission (FTC) received 2.1 million fraud reports in 2020. What is identity theft? Well, it’s the fraudulent use of another individual’s name and details for personal gain.

Those affected by identity fraud may see a dip in their finances and credit scores. They may also deal with anxiety around financial security going forward. However, while it’s important to be aware of the threat of identity theft, this shouldn’t be cause for alarm. There are plenty of tools and techniques that can help protect you and your family so you can continue to enjoy everything modern technology has to offer.

The first step in protecting yourself? Educate yourself. Understanding the different types of identity theft can help you safeguard yourself and your loved ones so that you can continue all your favorite online activities. Here we’ll define and explore the different types of identity theft to watch out for.

What is identity theft?

We’ve all probably heard of identity theft, but what is it? Identity theft is when someone uses another person’s financial or personal data, usually for monetary gain. This means a fraudster may take sensitive information like names, birthdates, Social Security numbers, driver’s license details, addresses, and bank account numbers or credit card numbers. They might then use this information to make purchases, open credit cards, and even use health insurance to get medical care.

5 types of identity theft

A little knowledge can go a long way in stopping cybercriminals in their tracks — especially since they’re becoming more sophisticated and coming up with new schemes every day.

Here are five common types of identity theft to help you stay one step ahead of hackers.

Financial identity theft

Financial identity theft is when one person uses another’s personal data for financial benefit. This is the most common form of identity theft (including the credit card example described above). Financial identity theft can take multiple forms, including:

  • Fraudsters may use your credit card information to buy things. We all love to shop online — even criminals. Unfortunately, this issue has become especially prevalent thanks to online shopping during the COVID-19 pandemic.
  • Hackers may steal funds from your bank account. Sometimes, the amount might be so small that it seems inconsequential, totaling just a few dollars. However, criminals can rack up millions in damages if they target enough people in this way.
  • Criminals may open new accounts using your Social Security number and other data. For example, a person may use your data to open a new line of credit. They then run through the credit line, leaving you to foot the bill.

The good news is that it’s easy to protect yourself against financial identity theft by checking your bank accounts, credit card statements, and bills. If you see an unexplained charge, contact your credit card company or bank immediately to report it. Also, check your credit report for changes in your score. An unexplained decrease in your score could mean fraudulent activity. You can do this through AnnualCreditReport.com, where you can get a free credit report every 12 months from each of the three major credit bureaus.

Another idea is to place a one-year fraud alert on your credit reports to keep people from opening new accounts in your name. This encourages creditors and lenders to take extra precautions to verify your identity before granting any loans or credit increases. You can also place a security freeze on your credit report, which blocks others from accessing it to extend credit.

Medical identity theft

This might not seem like a real form of identity theft, but it happens. Medical identity theft is when a criminal poses as another person to obtain health care services. In fact, fraudsters may use your name and insurance information to:

  • Get prescriptions for drugs.
  • Access medical services, from checkups to costly surgeries.
  • Obtain medical devices and supplies, such as wheelchairs or hearing aids.

This can result in you having bills for prescriptions, services, or devices you didn’t need, ask for, or even receive. Your health care and insurance records may even have these things added to them. An inaccurate medical record can make it harder for you to get the care you need in the future and even impact insurance coverage.

Fortunately, you can help minimize the risk of medical identity theft by regularly reviewing your medical claims. Contact your insurer if you see unfamiliar procedures, prescriptions, or services. You’ll also want to let your health care provider know so that they can ensure your medical files are correct. Finally, consider filing a complaint with the U.S. Department of Health and Human Services (HHS).

Criminal identity theft

Criminal identity theft occurs when a person arrested by law enforcement uses someone else’s name instead of providing theirs. They might be able to pass this off by creating a fake ID or using a stolen ID, like your driver’s license, to show to the police. This type of fraud can be difficult to detect until the consequences are evident, like:

  • You receive a court summons. For example, the courts may issue a summons if a criminal uses your ID for unpaid parking tickets.
  • A bench warrant is issued for your arrest. Unresolved problems like unpaid parking tickets can also result in a judge issuing a bench warrant. You may then be taken into custody at any time, even during a routine traffic stop.
  • A background check is issued. Sometimes, police will keep an identity theft victim in their database, noting it as an alias for the real criminal. This can result in a false criminal record showing up on your background check. This can cause problems with potential landlords and employers.

You can help protect yourself against criminal identity theft by safeguarding your ID. If your license or state-issued ID is lost or stolen, report it to the local Department of Motor Vehicles (DMV) and law enforcement. Also, limit the information you share online (and encourage family members to do the same). For example, if your teen got their first driver’s license and wants to share a pic of it on social media, explain why this isn’t a good idea.

Synthetic identity theft

As one of the fastest-growing types of financial crime in the U.S., synthetic identity theft involves creating fake identities using real people’s information. Fraudsters may use data like birthdates, addresses, and Social Security numbers from real people, blending them to create a fake profile. They can then use this persona to apply for loans or credit cards or commit other financial crimes. Kids and older adults tend to be vulnerable to this type of fraud since they rarely use their SSNs.

The most important thing about synthetic identity theft is knowing the signs and acting fast. Keep an eye out for any mail with your address on it but addressed to a different name and phone calls or mail about new credit accounts. You can further protect yourself by regularly checking your credit reports for unexplained changes and placing a security freeze on them.

There are also identity monitoring services available, which scan the internet, including the dark web, for breached Social Security numbers. If you suspect you or a loved one is the victim of synthetic identity theft, contact the relevant financial institutions to alert them.

Child identity theft

We all want to protect our children from bad actors, especially when it comes to identity theft. Child identity theft involves using a minor’s information to commit financial fraud, like opening a new account or line of credit under the child’s name. The thief may even use the child’s identity to get a driver’s license, apply for government benefits, or buy a house. This is often easier than targeting an adult because most kids don’t have credit reports or financial accounts, making them a clean slate.

Unfortunately, child identity theft is often perpetrated within the family by a relative who has access to the child’s data like their birthdate and address. And many children don’t realize they’ve been targeted until they’re older — for example, when they try to take out a student loan. By this point, the issue may have been escalating for years. So, it’s important as a parent to be aware of child identity theft.

The best way to do this is to check whether your child has a credit report with any of the three big credit bureaus (TransUnion, Equifax, and Experian). If so, review the report and report any fraudulent activity. You can also place a freeze on your child’s credit report to help minimize the risk of future fraud.

How do you know if you’re a victim of identity theft?

No one wants to be left in the dark when it comes to identity theft, so knowing the signs can help you spot it and take action quickly. This can help stop fraud in its tracks, minimizing both immediate damage and long-term repercussions. Some warning signs that may indicate identity theft include:

  • You get a fraud alert from a financial institution. To protect customers against identity thieves’ scams, most banks have security protocols to pinpoint potential data breaches. For example, if you live in the U.S., but a purchase is made using your credit card information in London, your bank may stop the transaction and send you a credit card fraud alert.
  • There are unexplained changes in your credit score. Your credit score going up can mean someone is trying to extend credit in your name (with the intent to run through it). A dip in your score could indicate anything from a loan application to a bill going to collection. You can get a free copy of your credit report from the three major credit bureaus every 12 months.
  • There are changes to your financial accounts. Check your bank statements at least once a month, keeping an eye out for unfamiliar transactions or withdrawals. Also, check for an increase in your line of credit or a new credit card account (which someone else may have requested in your name).
  • A loan or credit card application is denied. If you apply for a new credit card or a loan and are turned down, find out why. If you thought you had good credit, double-check your current credit history. Identity theft can result in your credit score
  • You get phone calls from debt collectors. If collection agencies start calling you about unfamiliar debts, someone else might be using your information to open financial accounts or take out lines of credit. Don’t divulge any personal information on the phone but do check your credit report to see what debts they’re referring to.
  • You get unfamiliar mail. If you get mail sent to your address that’s clearly for someone else, that person might be using your address for personal gain. Be wary if you receive medical bills in the mail that you don’t recognize or W-2 forms for companies you’ve never worked for.
  • You experience tax return If you get a tax transcript you didn’t ask for, or the Internal Revenue Service (IRS) rejects your e-filing, identity theft might be to blame. Some thieves will file fraudulent returns to get the victim’s refund. Contact the IRS fraud alert department.

You can also increase your odds of recognizing identity theft with tools like McAfee’s identity protection services. Our continual monitoring can keep tabs on over 60 types of personal information, which allows us to quickly identify security issues, alerting you to potential breaches so that you can fix them. We’ll also notify you up to 10 months sooner than similar services. By combining the best practices described above with a comprehensive identity protection service, you can worry less about identity theft and spend more time enjoying the internet.

Start protecting your information today

The internet makes daily life easier in many ways. You can now learn, work, play, and shop online. You shouldn’t have to forego these conveniences because of the threat of identity theft.

McAfee’s identity theft protection services can help keep you and your loved ones safe. McAfee uses extensive monitoring and an early detection system to notify you of potential risks or breaches. You’ll also have access to 24/7 online security experts and up to $1 million of identity theft coverage. Get the peace of mind you need to continue using the internet with confidence.

The post 5 Common Types of Identity Theft appeared first on McAfee Blogs.

]]>
Log4J and The Memory That Knew Too Much https://www.mcafee.com/blogs/enterprise/log4j-and-the-memory-that-knew-too-much/ Mon, 20 Dec 2021 18:21:38 +0000 https://www.mcafee.com/blogs/?p=133354

By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team Collaborators:...

The post Log4J and The Memory That Knew Too Much appeared first on McAfee Blogs.

]]>

By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team

Collaborators: ATR Team (Steve Povolny, Douglas McKee, Mark Bereza), Frederick House (FireEye), Dileep Kumar Jallepalli (FireEye)

In this post we want to show how an endpoint solution with performant memory scanning capabilities can effectively detect active exploitation scenarios and complement network security capabilities your company has implemented.

Background

As it is becoming the norm lately, a new vulnerability affecting a widely used library was recently released just in time for the Holidays. As detailed in our ATR blog, CVE-2021-44228 reported a vulnerability in the Log4J Java library affecting applications and web sites using the library to perform logging.

This vulnerability allows an attacker to coerce the vulnerable site or application to load and execute a malicious Java code from an untrusted remote location. Attack vectors are varied but the most common is associated with the attacker sending crafted strings as part of a network protocol to the target machine, like for example a modified HTTP Header sent as part of a POST request.

That is the reason many defenders are focusing their efforts on detecting the malicious strings through the network traffic. However, network signatures can be bypassed and there are reports confirming threat actors are adapting their network attacks with various forms of obfuscation to defeat network scanning.  The following image shows some of the current obfuscation techniques that have been observed or reported related to this attack.

Source: https://github.com/mcb2Eexe/Log4j2-Obfucation

This doesn’t mean that network protection solutions are not useful against this attack. Network security platforms provide a first layer of defense and should be used as part of a defensible security architecture (security risk treatment strategy), augmented by additional layers of protection, detection, visibility, and response. Modern endpoint solutions are uniquely positioned to complement network-based capabilities with in-depth host-based visibility of system processes, like in-memory scanning and rapid response orchestration. This combination results in a robust defense against threats like Log4Shell.

‘I See You’: Memory Scanning #FTW

To understand how memory scanning can help complement the network security platforms after a connection arrives to the endpoint and defeating the obfuscation layers, let’s take a look at the diagram below, describing the flow of execution for a common web based Log4J attack.

Let’s outline what happens:

In Step 1, an attacker sends a specially crafted string to the web server hosting the vulnerable application. This string, as we have seen, can be obfuscated to bypass network-based signatures.

In Step 2, the application proceeds to de-obfuscate this string to load it in memory. Once loaded into memory, the application initiates a LDAP connection to request the address of where the malicious class is located.

In Step 3, the attacker-controlled LDAP server responds with the location of the malicious Class file by indicating the HTTP URL address of where it is hosted.

In Step 4, the vulnerable application will proceed to initiate a download for that malicious class file.

In Step 5, the vulnerable application will load and run the malicious class file from step 4.

At this moment, the attacker achieves code execution on the target, leaving traces that may provide visibility on this activity for the defender. For example, spawning additional processes or touching files and registry keys after an exploitation

With this in mind, let’s imagine we could trigger a memory scan at some point in this execution flow to detect the presence of the malicious code. In general, scanning the memory of an endpoint is expensive from a processing perspective, therefore it’s not something that can be done continuously or even very often, but under specific circumstances it can be achieved with precision.

So, suppose we could trigger a memory scan at any point after step (2). We would have a high probability to find the de-obfuscated string used within the process memory at that time. If the memory is scanned after the malicious class file is downloaded, that content would also be available for scanning in its de-obfuscated form.

Such possibilities make the memory signature performant, and efficient, given the timing of the detection mainly depends on the trigger used to start the memory scan.

These technical capabilities are possible in ENS, let us show you how to do that!

Endpoint Security Expert Rules meets Memory Scan

In ENS (Endpoint Security) 10.7 update 4 and above, there is a powerful security feature available to every defender, and WE absolutely love it, which is the ability to trigger a memory scan from an Expert Rule.

We have talked about Expert Rules before, these are customizable access control rules which the end-user uses to detect suspicious activity not commonly seen by other scanners. McAfee Enterprise also provides community Expert Rules mapped to the MITRE ATT&CK Matrix through our public GitHub.

The feature we are interested in now is the ability to trigger a memory scan when an Expert Rule fires. That would allow us to target the applications vulnerable to Log4J and identify the moment they are being exploited.

Consider the following rule:

In the example rule above, we see a section defining ACTORS (inside the Process {…} section) and TARGETS (inside the Target {…} section). We define as actors any process that may be vulnerable to the Log4J exploit. In this case JAVA.EXE for standalone Java applications and TOMCAT?.EXE for Apache web-based applications. Either of these processes need to load both JAVA.DLL and JVM.DLL to ensure the Java runtime is active.

In the target section we add any potential payload of the attack. As Expert Rules are not focused on network traffic, we need to focus on the last step of the execution flow, which is when the payload is executed. Additional triggers like files or registry keys accessed can be added as more information about exploits become available. We may also have in this section any exclusion of valid behavior as shown in the example above with the “Exclude” on command line parameter. This exclusion is something customers can tailor to their environment to avoid false positives.

This expert rule will trigger when any ACTOR process spawns any of the TARGET payloads. If the rule were just that, one could see it would not be too effective in detecting the exploit and would probably cause many false positives.

But notice this line at the beginning of the rule:

This instruction tells ENS 10.7 to initiate a memory scan against the ACTOR process which caused the expert rule to trigger, and only that process. Now we have a reliable trigger for a performant memory scan, avoiding the performance issues of a blind memory scan, and it is done at a time very close to the initial exploitation attempt, which guarantees the de-obfuscated string will be in memory.

The second part of this solution is executed by the AV DAT Engine when it scans the memory of the process which triggered the Expert Rule. Once this string is found, a detection will occur on the affected process, and the action configured in the Expert Rule REACTION line will be applied. More information about available actions are described in KB95901 – McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution. Note we recommend customers to use the REPORT action initially until they have sorted out what processes they need to monitor.

The first event highlighted above is the Expert Rule triggering for a suspicious process spawning from JAVA.EXE, and the second shows the AV DAT detection indicating the memory of that process had signatures of the exploit.

Note:

IF only the Expert Rule detection was present and NOT the JNDI/Log4J-Exploit event, it would indicate a program has executed children processes considered suspicious, and customers are advised to review the event and improve the Expert Rule accordingly.

However, IF, both the Expert Rule and JNDI/Log4j-Exploit events are triggered for the same program, we have confidently detected the presence of the process being exploited.

McAfee Enterprise provides more information about our current coverage for Log4J vulnerability in KB95901 – McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution. This article contain links to download the Expert Rule and the associated EXTRA.DAT, as well as details on how to set up ePO to use them in your environment.

Customers who want to implement this solution are invited to review the instructions in the KB and associated documentation. It is highly recommended to review the Expert Rule and customize it to your environment.

Conclusion

To protect an environment against attacks like LOG4J, a layered strategy comprised of network security coupled by targeted endpoint memory scans allows defenders to effectively detect and prevent the attack execution flow against vulnerable systems exposed via network vectors.

Our ENS Expert Rules and Custom Scan reactions are designed to enable defenders with such capabilities so they can apply precise countermeasures against these emerging threats.

The post Log4J and The Memory That Knew Too Much appeared first on McAfee Blogs.

]]>
So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety? https://www.mcafee.com/blogs/family-safety/so-your-kids-have-left-school-do-you-still-need-to-worry-about-their-online-safety/ Sat, 18 Dec 2021 17:47:30 +0000 https://www.mcafee.com/blogs/?p=133288

Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!!...

The post So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety? appeared first on McAfee Blogs.

]]>

Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!! A week spent kicking up your heels and living life to the max without any parental supervision at all! Oh, the sleepless nights many of us parents have had! And once Christmas and New Year celebrations are done, he’ll be heading away to University to ‘live his best life’ away from his dedicated cyber mother! 

And of course, I’m delighted for him, although secretly devastated to be losing my baby boy. But it does prompt the question, am I now done with cyber parenting? Is my work here officially done? 

Do You Ever Stop Being a Parent? 

I remember when my kids were little, my mother shared some words of wisdom with me: ‘Alex, you never stop being a parent. The kids are the same, it’s just the issues that change.’ And she was so right. As our boys have grown up, we’ve been less involved in their day-to-day needs but still very much needed. Whether it’s to help review a work contract, provide advice on an issue with a flatmate or help pick out a suit, the parenting hasn’t stopped instead entered a new chapter. And of course, there’s no doubt that having interested, devoted parents at the end of the telephone – day or night – makes navigating life so much easier! 

And when it comes to their digital lives, it’s the same story. While we have no reason to be involved in their day-to-day online lives, we have definitely been called upon to help them troubleshoot situations from receiving inappropriate messages, identifying potential scams or managing terse exchanges.  And, might I add, I have also proactively offered my advice on the appropriateness of pictures they have shared online – many times!! 

How To Help Your Young Adult Kids Manage Their Cyber Safety? 

So, after having managed 3 kids through this transition to early adulthood with another one currently underway, I thought I’d share with you some of my best strategies for ensuring their digital life is in good shape without micro-managing them! 

1. Stay Friends with Them Online But Don’t Embarrass Them Ever 

Every few days, I’ll check out my boys’ socials. Not only does it give me a ‘feel’ for what’s happening in their lives – where they’ve been and who with – it also allows me to check they are making good decisions about what they share. There have been multiple times during this period where I have sent off a quick text suggesting they remove a photo or perhaps rephrase a comment! And while I know these texts aren’t always warmly received, in nearly all cases, they take my advice! 

And it goes without saying that your ability to provide input to their digital lives will only happen if you don’t cross boundaries! So, never embarrass them. If you see something you don’t like, message them privately – do not workshop it on their Facebook page! And if you want to post a pic or video of them, always get their ‘ok’ first.  

2. Buy Them Security Software for Christmas! 

OK, security software probably won’t be top of their Christmas list, but knowing that they have comprehensive security software like McAfee’s Total Protection on their devices which works hard in the background to minimize threats and issues will give you real peace of mind. This year, I’m buying my older boys an air-fryer and frypans for Christmas. Why not continue the pragmatic theme and invest in some software for them too? 

3. Set Up A Family Messaging Group 

About 4 years ago, I set up a family Messenger Group and it’s now something I absolutely treasure. We share pics of our cats and dog, potential family holiday dates, funny photos, and videos, and relevant news stories – particularly during COVID. But the other thing I like to share is reminders about important ‘tech stuff’, like changing passwords, when to update their Apple software or details about scams that are doing the rounds. Whether it’s Whats AppTelegram, or my personal favorite, Messenger, I strongly recommend establishing a family group chat as an effective way of covering off key issues with your young adult kids. 

4. Don’t Stop Walking About Digital Reputation  

With potential employers, partners, and even friends using Google to conduct their due diligence on you, digital reputation is everything. So, weaving constant reminders into conversations with your adult kids should still be a priority. Now, of course, some kids will instinctively ‘get this’ but others will need a few pointers. According to a  70% of employers use social media to screen candidates during the hiring process, and about 43% of employers use social media to check on current employees. So, why not encourage them to ‘Google’ themselves – and why not do yourself also? How you present online could mean the difference between being employed or unemployed!  

So, if you have a school leaver in your family and you’re not sure whether your job is done, I’m here to confirm that you’ll still be required for a very long time! Whether they know it or not, our big kids will still continue to need a sprinkling of our wisdom and experience for years to come. And even though they may have fled the nest, remember you will always be one of their most influential role models. So, make sure your digital life is in good shape too because as American novelist James Baldwin shares: ‘Children have never been very good at listening to their elders, but they have never failed to imitate them.’ 

Till next time 

Take care 

The post So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety? appeared first on McAfee Blogs.

]]>
Privacy, Identity, and Device Protection: Why You Need to Invest in All Three https://www.mcafee.com/blogs/consumer-cyber-awareness/privacy-identity-and-device-protection-why-you-need-to-invest-in-all-three/ Thu, 16 Dec 2021 18:13:51 +0000 https://www.mcafee.com/blogs/?p=133306

Cybercriminals make people uneasy about the safety of their identity and online accounts. McAfee is your partner who’ll work tirelessly to restore your confidence in your online activities. Check out this roundup...

The post Privacy, Identity, and Device Protection: Why You Need to Invest in All Three appeared first on McAfee Blogs.

]]>

Cybercriminals make people uneasy about the safety of their identity and online accounts. McAfee is your partner who’ll work tirelessly to restore your confidence in your online activities. Check out this roundup of privacy protection, identity protection, and device security best practices to boost your confidence in the safety of your personal information and technology. 

Privacy Protection 

Privacy protection means keeping the information you’d rather keep to yourself from getting in the hands of advertisers, cybercriminals, and nefarious groups seeking to use your personal details for their benefit. To boost your online privacy, all it takes is a few thoughtful additions to your daily browsing, email, and social media routine.  

First, think carefully about your social media habits. Do you post everything about your day and childhood, pin your location, and share photos of documents that include your full name, birthday, or address? You may want to consider cutting back on what you broadcast on the internet, especially if your account is public for anyone to view. Unfortunately, while your friends and family may love your status updates, cybercriminals love them more. After only minutes of snooping, cybercriminals can glean enough personal details about you to impersonate you or target a social engineering attempt at you. To keep your private information private, limit what you share on social media and pare down your follower and friend lists to only people you know in real life. 

Another way to protect your privacy is to use a virtual private network (VPN). A VPN allows you to remain completely anonymous online, scrambling your location and your connection. Some users may swear by incognito mode for safe browsing; however, only a VPN can ensure your privacy is protected. Incognito mode, also known as private mode, deletes your browsing history, cookies, and site data on your device once you log out of a session. While incognito mode prevents someone from snooping on your browsing history if they gain access to your device, you’re still vulnerable to cyber criminals intruding on your sensitive transactions.   

A VPN is especially important when you’re logged on to a public network, like those in coffee shops, libraries, and transportation hubs. Cybercriminals often lurk on non-password-protected Wi-Fi networks and eavesdrop on people paying bills or online shopping to steal their credentials. 

You should also invest in antivirus software, and turn on automatic updates so you can be confident that you are always running the most secure, recent version. McAfee Total Protection Ultimate is an all-in-one service that protects your personal information and privacy. It also includes premium antivirus software, safe browsing, and a VPN. 

Identity Protection 

Another type of online security you need is protection against identity theft. Identity theft is a broad term that can apply to the following unfortunate situations: 

  • Synthetic identity fraud. This most common type of identity theft occurs when a criminal steals a Social Security Number and ascribes it to a totally new identity. 
  • New account fraud. New account fraud happens when a criminal successfully steals personal identifiable information (PII) and financial information and uses a victim’s excellent credit score to open new credit cards, utility accounts, cellphone accounts, etc. 
  • Account takeover fraud. Account takeover fraud means that a cybercriminal steals banking credentials and then adds themselves as authorized users, meaning that they get a credit card tied to the victim’s banking account. Luckily, this type of fraud is on the way out, thanks to the prevalence of EMV chip readers. 
  • Medical identity theft. Medical identity thieves impersonate patients to gain access to their prescription medications and have their medical treatments paid for by the identity theft victim. 
  • Business identity theft. Often targeted at small business owners, business identity theft is when a cybercriminal attempts to open new credit lines in the business’ name or sends customers phony bills and collects the payments themselves. 

In each case, the consequences can be a hassle to deal with and may even affect your finances, credit score, and ability to secure loans, a mortgage, or future credit cards. One way to keep your identity secure is to guard your PII carefully. Never give out your Social Security Number unless it’s absolutely necessary and never share it over email. Also, stay on top of the news and take action immediately if a company that houses your PII is breached by a cybersecurity attack. That way you can quickly take action to hopefully protect your account. 

Sometimes, you do everything right and a cybercriminal still gets their hands on your PII, like through a breach at a company with which you have an account. You may want to invest in an identity protection service that provides dark web monitoring and alerts you to unusual activity that could indicate identity theft.  

McAfee Identity Protection Service is easy to set up and offers extensive monitoring of over 60 types of PII. McAfee notifies identity theft victims up to 10 months sooner than similar identity monitoring services and grants $1 million in ID theft coverage to help you get back on your feet if a cybercriminal steals your identity. 

Device Security 

Device security covers the actions you take to keep your physical devices safe from thieves and harmful software, like viruses and malware.  

The first step to keeping your laptops, tablets, and smartphones safe is to know where your devices are at all times and never let anyone you don’t know to use them. Password-protect your devices, so in the case, you leave your laptop in a taxi or forget your phone at a coffee shop, you know that your information stored within is inaccessible. Back up your files frequently so if you do lose a device and have to wipe it remotely, you don’t lose all your photos or work documents. 

Another component of device security is defending against malicious software. Viruses and malware can make their way onto your devices through several avenues, including sketchy websites, dishonest downloads, phishing schemes, and clicking on ads. Be careful on what you click on and use common sense when visiting websites that look untrustworthy. 

McAfee Total Protection prevents, scans, detects, and deletes viruses and malware from your devices. McAfee antivirus provides real-time, 24/7 threat protection plus a 100% guarantee that it’ll remove viruses from your devices. Additionally, McAfee Web Advisor is a free option that alerts you when you visit potentially risky sites, so you can be more confident in your browsing and downloading. 

The post Privacy, Identity, and Device Protection: Why You Need to Invest in All Three appeared first on McAfee Blogs.

]]>
Quizzes and Other Identity Theft Schemes to Avoid on Social Media https://www.mcafee.com/blogs/consumer-cyber-awareness/quizzes-and-other-identity-theft-schemes-to-avoid-on-social-media/ Wed, 15 Dec 2021 14:59:00 +0000 https://www.mcafee.com/blogs/?p=132988

Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.  Where...

The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blogs.

]]>

Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker. 

Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. In 2019, total reported losses to this type of fraud reached $134 million. But reported losses hit $117 million in just the first six months of 2020, according to the U.S. Federal Trade Commission (FTC). 

Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity. 

Let’s uncover these scams these crooks use so that you can steer clear and stay safe. 

A quick look at some common social media scams 

Quizzes and surveys 

“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.  

Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you. 

How to avoid them: Simply put, don’t take those quizzes and surveys online. 

Bogus benefits and get-rich-quick schemes  

The list here is long. These include posts and direct messages about phony relief fundsgrants, and giveaways—along with bogus business opportunities that run the gamut from thinly-veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms. 

How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up. 

Government imposter scams 

If there’s one government official that scammers like use to put a scare in you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official that’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.  

How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like bitcoin. Only scammers will. 

Friends and family imposter scams 

These are far more targeted than the scams listed above, because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or in trouble. 

How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away. 

The romance con  

This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.  

How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it. 

Protecting yourself from identity theft and scams on social media 

Now with an idea of the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull. 

  1. Use strict privacy settings. First up, set your social media profile to private so that only approved friends and family members can access it. This will circulate less of your personal information in public. However, consider anything you do or post on social media as public information. (Plenty of people can still see it, copy it, and pass it along.) Likewise, pare back the information you provide in your profile, like your birthday, the high school you attended, and so on. The less you put out there, the less a scammer can use against you. 
  2. Be a skeptic. You could argue that this applies to staying safe online in general. So many scams rely on our innate willingness to share stories, help others, or simply talk about what’s going on in our lives. This willingness could lower your guard when a scammer comes calling. Instead, try to look at the messages you receive beyond face value. Does something seem unusual about the language or request? What could be the motivation behind it? Pausing and considering questions like these could spare some headaches. 
  3. Know your friends. How well do you know everyone in your list of friends and followers? Even with your privacy settings set to the max, these people will see what you’re posting online. Being selective about who you invite into that private circle of yours can limit the amount of personal information people have immediate access to via your posts, tweets, and updates. However, if you like having a larger list of friends and followers, be aware that any personal info you share is effectively being broadcast on a small scale—potentially to people you don’t really know well at all. 
  4. Follow up. Get a message from a “friend” that seems a little spammy or just plain weird? Or maybe you get something that sounds like an imposter scam, like the ones we outlined above? Follow up with them using another means of communication other than the social media account that sent the message. See what’s really going on.  
  5. Look out for each other. Much like following up, looking out for each other means letting friends know about that strange message you received or a friend request from a potentially duplicate account. By speaking up, you may be giving them the first sign that their account (and thus a portion of their identity) has been compromised. Likewise, it also means talking about that online flame with each other, how it’s going, and, importantly, if that “special someone” has stooped to asking for money. 

Stay steps ahead of the scams on social media 

Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance. 

Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends. 

The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blogs.

]]>
6 Tips to Protect Yourself From Holiday Shopping Scammers https://www.mcafee.com/blogs/cyberthreat-news/6-tips-to-protect-yourself-from-holiday-shopping-scammers/ Mon, 13 Dec 2021 14:50:25 +0000 https://www.mcafee.com/blogs/?p=132901

Like many consumers around the world, you’re probably scouring the internet to find the perfect gifts for your friends and...

The post 6 Tips to Protect Yourself From Holiday Shopping Scammers appeared first on McAfee Blogs.

]]>

Like many consumers around the world, you’re probably scouring the internet to find the perfect gifts for your friends and family in time for the holidays. While buyers prepare for the festivities, cybercriminals look for opportunities to scam shoppers with various tricks. In 2020, the FBI received over 17,000 complaints regarding goods that were never delivered, totaling losses of more than $53 million.1 And this year, it is anticipated that the number could increase due to rumors of merchandise shortages and the ongoing pandemic.  

But no need to get your tinsel in a tangle! At McAfee, we’re empowering consumers to live their digital lives with confidence by providing tips and tools for sidestepping cyber-grinches. Here are the top scams to look out for this holiday season so you can be on your merry way:  

Phishing Emails Boasting Big-ticket Items  

Phishing may be one of the older tricks in the book, but it is still a favorite standby for cybercriminals as phishing tactics become more sophisticated. According to Bleeping Computer, scammers tend to target holiday shoppers with emails advertising big-ticket or hard-to-find items to entice them to click on a malicious link.2 For example, cybercriminals could send a phishing email promising a sweet deal —often referred to as the discount scam — on the latest gaming system. Jumping at the opportunity to score such a great gift for a low price, an unsuspecting holiday shopper might click on the link and swiftly hand over their credit card details. But instead of receiving the gaming system, they receive alerts of suspicious purchases from their bank — purchases that cybercriminals made with their credit card information.  

Fake Websites and Ads 

During the holidays, many brands increase their online advertising to boost sales. However, cyber-grinches will likely take advantage of this trend by creating fake websites and ads impersonating companies that consumers know and love. For example, cybercriminals can create fake websites and ads promoting unrealistic discounts and bargains that look remarkably similar to an online retailer’s site. If a customer clicks on the fake website and makes a “purchase” by inputting their credit card information, the scammers will then be able to use this data to make fraudulent purchases elsewhere.  

Fraudulent Social Media Posts  

Many consumers rely on social media to stay up-to-date on the latest deals, and scammers are eagerly looking for ways to take advantage. To target holiday shoppers via Instagram, Facebook, TikTok, etc., criminals use fake social media posts offering vouchers, gift cards, freebies, and contests in the hopes that the user will click on the post and hand over their personal or financial information. Perhaps a user comes across a fake contest for a $1,000 Amazon gift card on Instagram — all they have to do is enter their login credentials to enter. Little do they know that this contest has been formulated by scammers and submitting their login for entry is just handing over their data for cyber-scrooges to exploit.  

Criminals can also take advantage of shoppable social media posts to target holiday shoppers with advertisements for non-existent or counterfeit items. Today, 130 million Instagram users tap on shoppable posts to learn more about products every month. It’s likely that these users will also rely on shoppable posts to interact with products they’re interested in purchasing for holiday gifts.3 

Cybercriminals can entice these users by creating fraudulent social media ads for products they don’t actually have. If an unsuspecting shopper purchases through the fake ad, their financial information will not only find its way into the hands of the scammer, but they also won’t receive what they initially paid for.  

Travel phishing and charity scams  

According to the Wall Street Journal, travel and charity scams also tend to spike around the holidays.4 Travel scams could show up in the form of an email stating that a booking has been canceled, sending you to a fake website where you’re asked to enter your credit card number to set up a new reservation. You could also receive an email directing you to a clone site offering deals on a house rental, flight, or hotel room that seems too good to be true — as long as you hold your reservation with a deposit.  

Cybercriminals also know that consumers tend to make charitable donations around the holidays, and many are quick to take advantage. A charity scam might target victims via social media feeds, asking people to donate to a fake organization. Consumers should always do their research on a charity before they donate to prevent money from ending up in a scammer’s pocket.  

Tips to Stay Safe From Online Shopping Scams 

To prevent cyber-grinches from stealing your money, data, and festive spirit, follow these tips so you can continue to make merry during the holiday shopping season: 

  1. Be cautious of emails asking you to act. If you receive an email, call, or text advertising a holiday shopping deal that seems too good to be true, it probably is. Don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money or your financial details unnecessarily. 
  2. Hover over links to see and verify the URL. If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message. 
  3. Go directly to the source. Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a holiday shopping offer or track a package’s shipment.  
  4. Watch out for fraudulent websites and ads. Today, anyone can create a website or online ad that looks like it’s from a legitimate retailer. They may tout a special offer or a great deal on a hot holiday item, yet such sites are a popular avenue for cybercriminals to harvest personal and financial information. They are commonly spread by social media, email, and other messaging platforms, so be skeptical of any links you see on these channels.  
  5. Check your bank statements. The holidays are often a time of increased spending, so a fraudulent charge on your bank statement could blend in with all the noise. Be vigilant about checking to make sure that there are no suspicious charges when you’re doing your online banking. If you do notice a purchase that you didn’t make, report it to your bank immediately.  
  6. Protect your identity. Hackers often use consumers’ personally identifiable information to make fraudulent purchases – a trick that would certainly interrupt a holiday shopping spree. A solution like McAfee Identity Theft Protection takes a proactive approach to help protect identities with personal and financial monitoring and recovery tools to help keep identities personal and secure. 
  7. Use a comprehensive security solution. Using a solution like McAfee Total Protection can help your holiday shopping spree go smoothly by providing safe web browsing, virus protection, and more. McAfee WebAdvisor also provides coverage for many of the holiday shopping scams mentioned above with misclick protection, typo protection, and alerts for known threats.  

The post 6 Tips to Protect Yourself From Holiday Shopping Scammers appeared first on McAfee Blogs.

]]>
HANCITOR DOC drops via CLIPBOARD https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hancitor-doc-drops-via-clipboard/ Mon, 13 Dec 2021 14:32:49 +0000 https://www.mcafee.com/blogs/?p=132931

By Sriram P & Lakshya Mathur  Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as...

The post HANCITOR DOC drops via CLIPBOARD appeared first on McAfee Blogs.

]]>

By Sriram P & Lakshya Mathur 

Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many more. Recently at McAfee Labs, we observed Hancitor Doc VBA (Visual Basic for Applications) samples dropping the payload using the Windows clipboard through Selection.Copy method. 

This blog focuses on the effectiveness of this newly observed technique and how it adds an extra layer of obfuscation to evade detection. 

Below (Figure 1) is the Geolocation based stats of Hancitor Malicious Doc observed by McAfee since September 2021 

Figure 1 – Geo stats of Hancitor MalDoc
Figure 1 – Geo stats of Hancitor MalDoc

INFECTION CHAIN

  1. The victim will receive a Docusign-based phishing email.
  2. On clicking on the link (hxxp://mettlybothe.com/8/forum[.]php), a Word Document file is downloaded.
  3. On Enabling the macro content in Microsoft Word, the macro drops an embedded OLE, a password-protected macro-infected document file and launches it.
  4. This second Document file drops the main Hancitor DLL (Dynamic Link Library) payload.
  5. The DLL payload is then executed via rundll32.exe.
Figure 2 – Infection Chain
Figure 2 – Infection Chain

TECHNICAL ANALYSIS

Malware authors send the victims a phishing email containing a link as shown in the below screenshot (Figure 3). The usual Docusign theme is used in this recent Hancitor wave. This phishing email contains a link to the original malicious word document. On clicking the link, the Malicious Doc file is downloaded.

Figure 3 – Phishing mail pretending to be DocuSign
Figure 3 – Phishing mail pretending to be DocuSign

Since the macros are disabled by default configuration, malware authors try to lure victims into believing that the file is from legitimate organizations or individuals and will ask victims to enable editing and content to start the execution of macros. The screenshot below (Figure 4) is the lure technique that was observed in this current wave.

Figure 4 – Document Face
Figure 4 – Document Face

As soon as the victim enables editing, malicious macros are executed via the Document_Open function.

There is an OLE object embedded in the Doc file. The screenshot below (Figure 5) highlights the object as an icon.

Figure 5 – OLE embedded object marked inside red circle
Figure 5 – OLE embedded object marked inside the red circle

The loader VBA function, invoked by document_open, calls this random function (Figure 6), which moves the selection cursor to the exact location of the OLE object using the selection methods (.MoveDown, .MoveRight, .MoveTypeBackspace). Using the Selection.Copy method, it will copy the selected OLE object to the clipboard. Once it is copied in the clipboard it will be dropped under %temp% folder.

Figure 6 – VBA Function to Copy content to Clipboard
Figure 6 – VBA Function to Copy content to Clipboard

When an embedded object is being copied to the clipboard, it gets written to the temp directory as a file. This method is used by the malware author to drop a malicious word document instead of explicitly writing the file to disk using macro functions like the classic FileSystemObject.

In this case, the file was saved to the %temp% location with filename name “zoro.kl” as shown in the below screenshot (Fig 8). Fig 7 shows the corresponding procmon log involving the file write event.

Figure 7 – ProcMon log for the creation and WriteFile of “zoro.kl” in %temp% folder
Figure 7 – ProcMon log for the creation and WriteFile of “zoro.kl” in %temp% folder
Figure 8 – “zoro.kl” in %temp% location
Figure 8 – “zoro.kl” in %temp% location

Using the CreateObject(“Scripting.FileSystemObject”) method, the malware moves the file to a new location \Appdata\Roaming\Microsoft\Templates and renames it to “zoro.doc”.

Figure 9– VBA Function to rename and move the dropped Doc file
Figure 9– VBA Function to rename and move the dropped Doc file

This file is then opened with the built-in document method, Documents.open. This moved file, zoro.doc, is password-protected. In this case, the password used was “doyouknowthatthegodsofdeathonlyeatapples?”. We have also seen the usage of passwords likedonttouchme”, etc.

Figure 10 – VBA Function to password protect the Doc file
Figure 10 – VBA Function to password protect the Doc file

This newly dropped doc is executed using the Documents.Open function (Figure 11).

Figure 11 – VBA methods present inside “zoro.doc”
Figure 11 – VBA methods present inside “zoro.doc”

Zoro.doc uses the same techniques to copy and drop the next payload as we saw earlier. The only difference is that it has a DLL as the embedded OLE object.

It drops the file in the %temp% folder using clipboard with the name “gelforr.dap”. Again, it moves gelforr.dap DLL file to \Appdata\Roaming\Microsoft\Templates (Figure 12).

Figure 12 - Files dropped under the \Appdata\Roaming\Microsoft\Template folder
Figure 12 – Files dropped under the \Appdata\Roaming\Microsoft\Template folder

Finally, after moving DLL to the templates folder, it is executed using Rundll32.exe by another VBA call.

MITRE ATT&CK

Technique ID Tactic Technique details
T1566.002 Initial Access Spam mail with links
T1204.001 Execution User Execution by opening the link.
T1204.002 Execution Executing downloaded doc
T1218 Defense Evasion Signed Binary Execution Rundll32
T1071 C&C (Command & Control) HTTP (Hypertext Transfer Protocol) protocol for communication

 

IOC (Indicators Of Compromise)

Type SHA-256 Scanner Detection Name
Main Doc 915ea807cdf10ea4a4912377d7c688a527d0e91c7777d811b171d2960b75c65c WSS W97M/Dropper.im
Dropped Doc c1c89e5eef403532b5330710c9fe1348ebd055d0fe4e3ebbe9821555e36d408e WSS W97M/Dropper.im

 

Dropped DLL d83fbc9534957dd464cbc7cd2797d3041bd0d1a72b213b1ab7bccaec34359dbb WSS RDN/Hancitor
URLs (Uniform Resource Locator) hxxp://mettlybothe.com/8/forum[.]php WebAdvisor Blocked

 

The post HANCITOR DOC drops via CLIPBOARD appeared first on McAfee Blogs.

]]>
Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. https://www.mcafee.com/blogs/cyberthreat-news/concerned-by-the-security-risk-affecting-popular-services-and-apps-heres-what-we-know/ Sat, 11 Dec 2021 02:35:47 +0000 https://www.mcafee.com/blogs/?p=133006

Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could...

The post Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. appeared first on McAfee Blogs.

]]>

Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them. 

 Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable. 

One research group has dubbed the vulnerability as “Log4Shell,” and the name appears to be sticking. It involves a widely used software used to log information on servers. This software is open source, meaning it is freely available to developers. As a result,  countless organizations and businesses use it on their servers.   

While details are still evolving, researchers are acting with a proper degree of caution given the potential scope of the issue. Needless to say, the immediate level of concern remains high given the potential of the flaw to impact millions of servers, devices, and the people who use them. 

What can an attacker do with this vulnerability?  

At this early stage, a few things appear to be possible: 

  • A hacker could access the logs on impacted servers, gathering the information kept there. This could include any kind of information from chats, usernames, passwords, or other information, depending on what’s being logged by the website, app, or service in question.  
  • In some instances, the vulnerability reportedly allows hackers to execute code or functions that can compromise or even take over the targeted server. For example, there have been reports of compromised servers that were converted to illicitly mine for cryptocurrencies. 
  • Likewise, there is the potential for hackers to further use the impacted servers to distribute malware to the computers, smartphones, and other devices connected to them. As of this writing, we have yet to uncover any such attacks. However, determined hackers could attempt such an attack if they believe there’s some value or return in doing so. 

What if I know someone who plays Minecraft or is running a Minecraft server? 

The developers of Minecraft have provided several steps that detail what both players and server hosts should do to protect themselves. The developers clearly recognize the potential gravity of the situation and are taking a proactive approach in saying, “This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take [steps] to secure your game and your servers.” We’ve provided the link to those steps here: 

 Recommended steps for Minecraft players and server hosts. 

How else you can protect yourself 

Right now, as this situation evolves, the best step is to keep your eyes open. If the app, service, site, or game you’re on performs strangely, consider signing out and closing it down. Then, perform a security scan on your device to check for viruses, malware, or other threats. Follow the guidance from your online protection software if any results come up. 

You may also consider limiting your app and service usage to the most important activities. If it’s not an urgent or important online task or activity, see about putting it off until more is known. 

Likewise, stay tuned. The details around this vulnerability continue to unfold. As they do, you’ll find further guidance that can help keep you and your family protected from this or any follow-on threats associated with this issue. 

The post Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. appeared first on McAfee Blogs.

]]>
Log4Shell Vulnerability is the Coal in our Stocking for 2021 https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/ Sat, 11 Dec 2021 00:37:30 +0000 https://www.mcafee.com/blogs/?p=133000

Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache...

The post Log4Shell Vulnerability is the Coal in our Stocking for 2021 appeared first on McAfee Blogs.

]]>

Overview:

On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team. The impact of this vulnerability has the potential to be massive due to its effect on any product which has integrated the log4j library into its applications. This includes products from internet giants such as Apple iCloud, Steam, Samsung Cloud storage, but thousands of additional products and services will likely be vulnerable. This is just the beginning as Java is heavily used in applications spanning nearly every industry.

What is it?

The vulnerability exists in the way the Java Naming and Directory Interface (JNDI) feature resolves variables.  When a JNDI reference is being written to a log, JNDI will fetch all requirements to resolve the variable. To complete this process, it will download and execute any remote classes required. This applies to both server-side and client-side applications since the main requirements for the vulnerability are any attacker-controlled input field and this input being passed to the log.

To orchestrate this attack, an attacker can use several different JNDI lookups. The most popular lookup currently being seen in both PoCs and active exploitation is utilizing LDAP; however, other lookups such as RMI and DNS are also viable attack vectors.  It’s worth noting that the simplistic LDAP/RMI attack vectors only work with older JDK versions. There are publications that have demonstrated methods to circumvent this limitation to achieve code execution, albeit with added complexity to the attack.

Java object deserialization vulnerabilities are not a new breed of vulnerabilities or attacks. Previous offensive research such as “marshalsec” can be applied to this vulnerability making code execution simplistic.

**Update 12/20/2021** 

On December 18th, a new denial of service (DOS) vulnerability, CVE-2021-45105 was discovered affecting versions 2.0-alpha1 through 2.16.0 of Log4j.  To mitigate the original Log4j vulnerability, Apache completely disabled JNDI lookups in version 2.16, however self-referential lookups remained a possibility under non-default configurations.  When a nested variable is substituted by the StrSubstitutor class, it recursively calls the substitute() class. When this nested variable recursively references the variable being replaced, it leads to an infinite recursion and a DoS condition on the server.  Current research shows this does not lead to code execution, like the previous vulnerabilities.  

**** 

**Update 12/14/2021**

It has been confirmed that Log4j version 1.2 is vulnerable to similar attacks through the JMSAppender component and has been issued CVE-2021-4104. It is important to note this is not as easily exploitable as version 2.x. For exploitation to occur, JMSAppender must be enabled, and set with TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests. This is not the default configuration.

****

What can be done about this?

**Update 12/20/2021** 

Apache has released a new version of Log4j, version 2.17.0 to address the latest DOS vulnerability.  Two additional classes were created that inherit from StrSubstitutor to deal with parsing strings that may contain user input.  These additions do not allow recursive evaluation.  Due to exploitation of this vulnerability leading to a DOS, it is considered less critical than the previously reported Log4j vulnerabilities which can lead to remote code execution. It is important to note, for exploitation to be successful there are several non-standard conditions that need to be met.  As the Log4j situation is continuing to evolve, we recommend upgrading to version 2.17.0, where possible. 

*****

**Update 12/14/2021**

Apache has released a new version of Log4j, version 2.16.0. This update disables JDNI by default requiring a user to explicitly turn the JNDI feature on and completely removes support for message lookups. When considering mitigations strategies for the Log4Shell vulnerabilities this should be considered the preferred method of mitigation.

****

There is a lot of information about different ways to mitigate this vulnerability. The most important and complete mitigation is to update log4j to the stable release version 2.17.0. Some sources are reporting that Java versions 6u211, 7u201, 8u191, and 11.0.1 are not vulnerable to this attack. This is not entirely the case. These versions are more resilient to the LDAP attack vector; however, they do not completely mitigate the vulnerability and are still susceptible to attack. To determine if a Java application is running a vulnerable version, a list of the impacted JAR files can be determined based on the hashes linked here.

The McAfee Enterprise ATR (Advanced Threat Research) team has been closely tracking this vulnerability since it became known. Our initial goal was to determine the ease of exploitation using the public PoC, which we have reproduced and confirmed. This was done using the public Docker container, and a client/server architecture leveraging both LDAP and RMI, along with marshalsec to exploit log4j version 2.14.1. We have posted a short video to demonstrate the reproduction for anyone who is struggling with this.

Going forward we plan to test variations of the exploit delivered using additional services such as DNS. We may update this document accordingly with results.

In the meantime, McAfee Enterprise has released a network signature KB95088 for customers leveraging NSP (Network Security Platform). The signature detects attempts to exploit CVE-2021-44228 over LDAP. This signature may be expanded to include other protocols or services, and additional signatures may be released to complement coverage.

Full coverage for this vulnerability can be tracked from our Security Bulletin here.

What’s out there?

Resources for the issue continue to evolve and expand rapidly. A growing list of PoCs and tools can be found here:

https://github.com/tangxiaofeng7/apache-log4j-poc

https://github.com/christophetd/log4shell-vulnerable-app

https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b

https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22

https://rules.emergingthreatspro.com/open/

https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

https://github.com/corretto/hotpatch-for-apache-log4j2

https://github.com/nccgroup/log4j-jndi-be-gone

The post Log4Shell Vulnerability is the Coal in our Stocking for 2021 appeared first on McAfee Blogs.

]]>
New tech for the holidays? Watch out for these tech support scams. https://www.mcafee.com/blogs/consumer-cyber-awareness/new-tech-for-the-holidays-watch-out-for-these-tech-support-scams/ Thu, 09 Dec 2021 18:45:48 +0000 https://www.mcafee.com/blogs/?p=132862

We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is...

The post New tech for the holidays? Watch out for these tech support scams. appeared first on McAfee Blogs.

]]>

We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you.  

Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel when things don’t work right. You want that problem fixed right now. So much so that you may not pay close enough attention to that tech support link you found in a search or came across in an ad. Tech support that looks legitimate but isn’t. 

Tech support scams make good money for bad actors. In fact, the larger tech support scam operations organize and run themselves like a business, with call centers, marketing teams, finance groups, and so forth—and can rack up some serious profits to boot. 

They make their money in several ways. Sometimes they’ll charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis but access your computer to steal information instead. 

Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.  

What do tech support scams look like? 

Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.  

First, there are the scams that actively track you down. 

This could be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they may reach you by way of a pop-up ad. Again telling you that your computer or device is in need of urgent repair. These can find you a few different ways: 

  • By clicking on links from unsolicited emails. 
  • From pop-up ads from risky sites. 
  • Via pop-ups from otherwise legitimate sites that have had malicious ads injected. 
  • By way of spammy phone calls made directly to you, whether by robocall or a live operator. 

Second, there are the scams that lie in wait.  

These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads in social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include: 

  • Online classified ads, forum posts, and blog sites. 
  • Ads on Social media sites such as Facebook, Reddit, YouTube, and Tumblr. 
  • Search results—scammers place paid search ads too! 

Tech support scams target everyone—not just the elderly 

While tech support scammers can and do prey on older computer users, they’re not the only ones. An apparent lack of computer savviness certainly makes older users an attractive target, yet it also seems that an apparent overconfidence in one’s savviness makes younger victims susceptible to tech support scams too. Turns out that the growing majority of victims worldwide are between 18 and 35 years old, a group that has known the internet for most, if not all, of their lives. That’s according to research from Microsoft’s Digital Crimes Unit, which found the 1 in 10 of people between the ages of 18 and 35 who encountered a tech support scam fell for it and lost money.  

Whatever the age group, the U.S. Federal Trade Commission (FTC) says that the reported losses in the U.S. are into the millions, which of course does not account for the assumedly millions more that do not go reported.  

How to spot and avoid tech support scams 

  • With regards to ads and search results, keep an eye open for typos, awkward language, or poor design and logos that looks like they could be a knockoff of a trusted brand. Check out our blog article that offers a field guide of what these ads and search results look like. 
  • Don’t fall for the call. If someone calls you with an offer of “tech support.” Chances are, it’s a scam. And if they ask for payment in gift cards or cryptocurrency like bitcoin, it’s absolutely a scam. Just hang up. 
  • Note that the big tech companies like Apple and Microsoft will not call you with offers of tech support or an alert that “something is wrong with your computer.” Such calls come from imposters. Moreover, in many cases, the company will offer free support as part of your purchase or subscription that you can get on your own when you need it. (For example, that’s the case with our products.) 
  • Don’t click on any links or call any numbers that suddenly appear on your screen and warn you of a computer problem. Again, this a likely sign of an attempted scam. Often, this will happen while browsing. Simply close your browser and open a fresh browser window to clear the ad or link. 
  • Go to the source. Contact the company directly for support, manually type their address into your browser or call the number that came with the packaging or purchase. Don’t search. This will help you avoid imposters that choke up search results with bogus ads. 
  • Protect your browsing. Use a safe browsing extension that can spot malicious sites and help prevent you clicking on them by mistake. Comprehensive online protection software will offer protect your browsing, in addition to protection from malware and viruses. 

Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download it on your own, get it from the company’s official website. Stay away from third-party sites that may host malware. 

What to do if you think you’ve been scammed: 

1. Change your passwords. 

This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier. 

2. Run a malware and virus scan right away. 

Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well simply by gaining access to one device on your network. 

3. Stop payment. 

Contact your bank, credit card company, online payment platform, or wire transfer service immediately to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services do not.) 

4. Report the scam. 

In the U.S., you can contact https://www.ftc.gov/complaint, which reports the claim to thousands of law enforcement agencies. While they cannot resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?” 

Enjoy your stuff! 

Here’s to holiday tech that works. And to quick fixes when things don’t go as planned. In all, if you find yourself staring down a technical issue, go straight to the source for help as we’ve outlined above. As you can see, scammers have burrowed themselves alongside otherwise legitimate ads, search results, and forums online, ready to take advantage of you when you need to get things working right. 

Likewise, keep an eye and ear open for those scammers who’ll reach out to you, particularly this time of year when so many people are getting so many new devices. Realizing that legitimate tech support won’t call you out of the blue is a great place to start. In all, go with the pros you know—the ones you can reach at the companies you trust. 

The post New tech for the holidays? Watch out for these tech support scams. appeared first on McAfee Blogs.

]]>
How To Tell If Your Smartphone Has Been Hacked https://www.mcafee.com/blogs/mobile-security/how-to-tell-if-your-smartphone-has-been-hacked/ Thu, 09 Dec 2021 14:00:19 +0000 https://securingtomorrow.mcafee.com/?p=92956

Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning...

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>

Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. 

Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically. 

Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem. 

Hacking software and their symptoms 

Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways: 

  • Keylogging: In the hands of a hacker, keylogging works like a stalker by snooping information as you type, tap, and even talk on your phone.  
  • Trojans: Trojans are types of malware that can be disguised in your phone to extract important data, such as credit card account details or personal information. 
  • Cryptominers: Similar to trojans, this software hides on a device. From there, it harnesses the device’s computing power to “mine” cryptocurrencies. While crypto mining is not illegal, “cryptojacking” a device without the owner’s consent is most certainly illegal. 

Some possible signs of hacking software on your phone include: 

Performance issues 

Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources. 

Your phone feels like it’s running hot 

Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat. 

Mystery apps or data 

If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well. 

Pop-ups or changes to your screen 

Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked. 

What to do if you’re worried that your phone has been hacked … 

  • Install and run security software on your smartphone if you haven’t already. From there, delete any apps you didn’t download, delete risky texts, and then run your mobile security software again. 
  • If you still have issues, wiping and restoring your phone is an option. Provided you have your photos, contacts, and other vital info backed up in the cloud, it’s a relatively straightforward process. A quick search online can show how to wipe and restore your model of phone. 
  • Lastly, check your accounts and your credit to see if any unauthorized purchases have been made. If so, you can go through the process of freezing those accounts and getting new cards and credentials issued. Further, update your passwords for your accounts with a password that is strong and unique 

Ten tips to prevent your phone from being hacked 

While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening: 

  1. Use comprehensive online protection software on your phone. Over the years, we’ve gotten into the good habit of using this on our computers and laptops. Our phones? Not so much. Installing online protection on your smartphone gives you the first line of defense against attacks, plus several of the additional security features mentioned below. 
  2. Update your phone and its apps. Aside from installing security software, keeping current with updates is a primary way to keep you and your phone safe. Updates can fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks. Additionally, those updates can help keep your phone and apps running smoothly while also introducing new, helpful features. 
  3. Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protected from others on that Wi-Fi hotspot.  
  4. Use a password manager. Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software such as Mcafee Total Protection will include one. 
  5. Avoid public charging stations. Charging up at a public station seems so simple and safe. However, some hackers have been known to “juice jack” by installing malware into the charging station. While you “juice up,” they “jack” your passwords and personal info. So what to do about power on the road? You can look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and easy to track down.  
  6. Keep your eyes on your phone. Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.  
  7. Encrypt your phone. Encrypting your cell phone can save you from being hacked and can protect your calls, messages, and critical information. To check if your iPhone is encrypted can go into Touch ID & Passcode, scroll to the bottom, and see if data protection is enabled (typically this is automatic if you have a passcode enabled). Android users have automatic encryption depending on the type of phone. 
  8. Lock your SIM card. Just as you can lock your phone, you can also lock the SIM card that is used to identify you, the owner, and to connect you to your cellular network. By locking it, that keeps your phone from being used on any other network than yours. If you own an iPhone, you can lock it by following these simple directions. For other platforms, check out the manufacturer’s website. 
  9. Turn off your Wi-Fi and Bluetooth when not in use. Think of it as closing an otherwise open door. There are several attacks that a dedicated and well-equipped hacker can make on devices where the Wi-Fi and Bluetooth are open and discoverable. Likewise, while not a hack, some retailers will track your location in a store using Bluetooth technology for marketing purposes—so switching it off can protect your privacy in some situations as well. You can easily turn off both from your settings and many phones let you do it from a pulldown menu on your home screen as well. 
  10. Steer clear of third-party app stores. Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer. 

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>
Does Your Child Have an Unhealthy Relationship with Social Media? https://www.mcafee.com/blogs/consumer-cyber-awareness/does-your-child-have-an-unhealthy-relationship-with-social-media/ Wed, 08 Dec 2021 19:20:42 +0000 https://www.mcafee.com/blogs/?p=132793

Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big...

The post Does Your Child Have an Unhealthy Relationship with Social Media? appeared first on McAfee Blogs.

]]>

Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be?  

Device Dependence 

These conversations weigh heavy on parents for a good reason. According to a report from Common Sense Media, teens spend an average of seven hours and 22 minutes on their phones a day. Tweens (ages 8 to 12) spend four hours and 44 minutes daily. This is time outside of schoolwork.  

Since the pandemic, another study claims that screen time for teens doubled to 7.7 hours a day—plus 5 to 7 daily hours of online learning, according to a study published in JAMA Pediatrics. In addition, according to the Journal of Affective Disorders Reports, children overall have been spending nearly triple the recommended amount of time on their screens. 

The good news is that social media also became a powerful tool for kids during the pandemic. Social channels helped kids connect with peers and combat loneliness and other mental health challenges. Still, the poor habit of device dependence may have come with those benefits.  

Revising Screen time 

While the debate continues over social media’s impact on kids and the research methodology continues to evolve, we can hold on to one clear truth: Any activity in excess can cause kids harm. When it comes to social media, too much screen time may contribute to sleep deprivation, a lack of healthy, and poor academics. In addition, studies show that mental health can be impacted by exposure to hate speech, sexual content, cyberbullying, and comparing oneself to others both physically and financially.  

As parents, we know when our family’s wellbeing is in jeopardy. We see it even if we fail to acknowledge it right away. Our kids might become compelled to check their phones. In fact, they panic when they can’t check their likes and comments every few minutes. We notice the red eyes and moodiness at the breakfast table caused by a late-night Tic Tock marathon. We sense a surge of anxiety in our kids when technology goes from entertaining to distressing.  

Thankfully, it’s never too late to help your kids better understand the impact of their actions and revise digital habits.  

Establishing new habits

1. Start small and make it fun. 

In the bestselling book Atomic Habits,  author James Clear says, “The task of breaking a bad habit is like uprooting a powerful oak within us.” He adds, “The task of building a good habit is like cultivating a delicate flower one day at a time.” Lasting change, says clear, needs to be enjoyable, not a punishment. If the goal is shaving a few hours off your child’s screen time, consider connecting time limits to an enjoyable activity such as making a meal together or creating an art space in your home for creative projects.  

2. Consider a device curfew. 

The data is in: The bright screens (and blue light emitted from devices( can cause permanent sleep cycle and brain/melatonin issues, which can have a cascading effect on physical and mental health. Turning off (or limiting the use of) electronic devices at least 15-30 minutes before going to bed may help prevent any adverse effects of technology and screen use on sleep. Consider investing in filtering software that comes with the time limits the whole family can all agree on. Do your research to ensure your family’s technology functions to empower, educate, and entertain. 

3. Encourage mindful media use. 

Consider how your child uses their time before suggesting sweeping changes to your child’s screen time. Are they vegetating, or are they consciously engaged? Are they creating and learning? Are they engaging with others or stalking accounts and slipping into “comparison despair?” Are family and school responsibilities suffering? Is there a compulsion to post or thoughtfulness? All kids are different, and all online experiences vary. Encourage your child to take time to consider how they feel and what they think while they are using their technology. 

4. Educate your kids—use facts. 

One way to negotiate screen limits is to make sure your kids understand the impact of excess media. Balance includes tapping into the benefits of social media while also taking steps to protect the body’s need for physical activity, real-life relationships, goal-setting, creative activities, mindfulness, and self-reflection.   

Helping kids manage and constantly revise their social media habits is a 24/7 endeavor from the minute they wake up to the minute they fall asleep. The biggest piece of that “management” plan and is keeping frequent, open, and honest communication a critical part of designing habits that encourage a healthy relationship with both peers and technology.  

The post Does Your Child Have an Unhealthy Relationship with Social Media? appeared first on McAfee Blogs.

]]>
Before You Download: Steer Clear of Malicious Android Apps https://www.mcafee.com/blogs/mobile-security/before-you-download-steer-clear-of-malicious-mobile-apps/ Mon, 06 Dec 2021 23:26:28 +0000 https://www.mcafee.com/blogs/?p=128842

You may have heard the news that more than 300,000 Android users unknowingly downloaded banking trojan apps from the Google...

The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blogs.

]]>

You may have heard the news that more than 300,000 Android users unknowingly downloaded banking trojan apps from the Google Play Store, malicious apps which bypassed the store’s security detections to install malware. 

This news comes from a security report that found these trojans cleverly posed as apps that people commonly search for, such as QR code scanners, fitness apps, and a bevy of other popular types of utilities. In fact, these phony apps contain trojans that are designed to steal banking information, harvest keystrokes as you enter account info, and even grab screenshots of what you’re doing on your phone.  

The trick with this malware is that it only activates after it is installed, which may or may not be apparent to the user. For the malware to activate, it requires an extra step, such as an in-app update (not through the Play Store), which then downloads the payload of malware onto the phone. In many cases, the bogus apps force users to make this update once the app is downloaded.  

So, while the apps that appeared in the Play Store may not have contained malware, they deliver the payload onto the user’s phone post-purchase from other servers, which is a reason why these malicious apps have not been readily flagged.   

All of this is just one more way hackers have found to infect smartphones with malware. 

It’s no wonder that they target smartphones. They’re loaded with personal info and photos, in addition to credentials for banking and payment apps, all of which are valuable to loot or hold for ransom. Add in other powerful smartphone features like cameras, microphones, and GPS, and a compromised phone may allow a hacker to:  

  • Snoop on your current location and everyday travels.  
  • Hijack your passwords to social media, shopping, and financial accounts. 
  • Drain your wallet by racking up app store purchases or tapping into payment apps. 
  • Read your text messages or steal your photos.  

All of that adds up to one thing—a great, big “no thanks!”  

So how do these sorts of malicious apps work? By posing as legitimate apps, they can end up on your phone and gain broad, powerful permissions to files, photos, and functionality—or sneak in code that allows cybercriminals to gather personal info. As a result, that can lead to all kinds of headaches, ranging from a plague of popup ads to costly identity theft.  

Here are a few recent examples of malicious apps in the news:   

  • Fake ad-blocking programs that ironically serve up ads instead.  
  • Phony VPN apps that charge a subscription and offer no protection in return.  
  • Utility apps that hijack system privileges and permissions, which expose users to further attacks.  

Again, “no thanks!” So, let’s see about steering clear of malicious apps like these.  

Seven steps to safer mobile app downloads  

The good news is that there are ways you can spot these imposters. Major app marketplaces like Google Play and Apple’s App Store do their part to keep their virtual shelves free of malware, as reported by Google and Apple themselves. Still, cybercriminals can find ways around these efforts. (That’s what they do, after all!) So, a little extra precaution on your part will help you stay safer. These steps can help:  

1) Keep an eye on app permissions  

Another way cyber criminals weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. (Consider the long-running free flashlight app scams mentioned above that requested up to more than 70 different permissions, such as the right to record audio, video, and access contacts.) So, pay close attention to what permissions the app is requesting when you’re installing it. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that.   

Additionally, you can check to see what permissions an app may request before downloading the app. In Google Play, scroll down the app listing and find “About this app.” From there, click “App permissions,” which will provide you with an informative list. In the iOS App Store, scroll down to “App Privacy” and tap “See Details” for a similar list. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permissions here, and Android can do the same here 

2) Be wary of apps that prompt you for an in-app update 

While some apps (like games) rely on downloadable content from within the app, look out for apps that prompt you for an immediate update directly from the app. For the most part, the app you download from the store should be the most recent version and not require an update. Likewise, update your phone through the app store, not the app itself, which can help you avoid malware-based attacks like these.  

3) Review with a critical eye 

As with so many attacks, cybercriminals rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research, which may uncover a few signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.  

4) Go with a strong recommendation  

Even better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.  

5) Avoid third-party app stores 

Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.  

6) Protect your smartphone with security software  

With all that we do on our phones, it’s important to get security software installed on them, just like we do on our computers and laptops. Whether you go with comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s iOS App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.   

7) Update your phone’s operating system  

Hand-in-hand with installing security software is keeping your phone’s operating system up to date. Updates can fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks—it’s another tried and true method of keeping yourself safe and your phone running in tip-top shape.  

Stay on guard against mobile malware  

Here are a few more things you can do:   

Lastly, you can always ask yourself, “Do I really need this app?” One way to avoid malicious mobile apps is to download fewer apps overall. If you’re unsure if that free game is on the up-and-up or if the offer for that productivity app sounds a little too good, skip it. Look for a better option or pass on the idea altogether. As said earlier, cybercriminals really rely on us clicking and downloading without thinking. Staying on guard against mobile malware will cost you a few moments of your time, which is minimal compared to the potential costs of a hacked phone. 

The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blogs.

]]>
Top Phishing Lures to Look Out for This Holiday Season https://www.mcafee.com/blogs/privacy-identity-protection/top-phishing-lures-to-look-out-for-this-holiday-season/ Fri, 03 Dec 2021 14:48:15 +0000 /blogs/?p=115033

And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some...

The post Top Phishing Lures to Look Out for This Holiday Season appeared first on McAfee Blogs.

]]>

And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own.

Let’s unwrap the top four phishing scams that users should beware of while making online purchases this week and through the rest of the year. Remember, there’s still time to shop for cybersecurity protection this holiday season.

Email Phishing: How Cyber-Grinches Steal Your Inbox

It might surprise you to see that a tactic as old as email phishing is still so widely used today. Well, that’s because many people still fall for email phishing scams, as the criminals behind these attacks up the ante every year to make these threats more sophisticated.

Scammers also tend to take advantage of current events to trick unsuspecting consumers into falling for their tricks. Take earlier this year, for example, when many users received phishing emails claiming to be from a government entity regarding financial support due to the global health emergency. Cybercriminals will likely use similar, timely tactics leading up to the holidays, posing as famous retailers and promising fake discounts in the hope that a consumer will divulge their credit card details or click on a malicious link.

Spear Phishing Takes Advantage of the Season of Giving

Like email phishing, spear phishing has been around for quite some time. With spear phishing attacks, hackers pretend to be an organization or individual that you’re familiar with and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with. For example, cybercriminals might claim to be charitable organizations asking for donations, knowing that many families like to donate during the holidays. The email might even include the recipient’s personal details to make it seem more convincing. But instead of making a generous contribution, users find that they infected their own system with malware by clicking on the fraudulent link.

Dasher, Dancer, Prancer, Vishing?

No, that’s not the sound of Santa coming down the chimney – it’s the sound of voice phishing! “Vishing” attacks can be highly deceiving, as hackers will call a user and trick them into giving up their credentials or sharing other personal information. For example, a scammer could call an individual telling them that they won a large amount of cash as part of a holiday contest. Overjoyed with the thought of winning this so-called contest, the user may hand over their bank information to the criminal on the other end of the phone. But instead of receiving a direct deposit, all they find is that their banking credentials were used to make a fraudulent purchase.

Special Delivery or SMiShing?

SMS phishing, or “SMiShing,” is another threat users should watch out for this holiday season. This tactic uses misleading text messages claiming to come from a trusted person or organization to trick recipients into taking a certain action that gives the attacker exploitable information or access to their mobile device.

Due to the current global health emergency and the desire to do more digitally, consumers will likely rely on online shopping this holiday season. To take advantage of this trend, scammers will probably send fraudulent text messages disguised as online retailers. These messages will likely contain fake tracking links, shipping notices, and order confirmations. But if an unsuspecting user clicks on one of these links, they will be directed to a fake website prompting them to enter their credentials for the attackers to further exploit.

Avoid Unwanted Security “Presents” This Holiday Season

 To prevent cybercriminals from messing with the festive spirit via phishing schemes, follow these tips so you can continue to make merry during the holiday shopping season:

Be cautious of emails asking you to act 

If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.

Hover over links to see and verify the URL

If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.

Go directly to the source

Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a holiday shopping offer or track a package’s shipment.

Browse with caution

Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.

The post Top Phishing Lures to Look Out for This Holiday Season appeared first on McAfee Blogs.

]]>
What We’ve Learnt From Home Learning During Lockdown https://www.mcafee.com/blogs/consumer-cyber-awareness/what-weve-learnt-from-home-learning-during-lockdown/ Thu, 02 Dec 2021 14:40:49 +0000 https://www.mcafee.com/blogs/?p=132205

I think it’s fair to say that come to next Australia Day, there needs to be a special award category...

The post What We’ve Learnt From Home Learning During Lockdown appeared first on McAfee Blogs.

]]>

I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a day’s worth of learning for often, multiple children! Research from Macquarie University showed that many parents spent up to 14 hours a week in their role as home learning managers and 9/10 parents reported the experience as, quite understandably, stressful! As a mum of older teens and young adults – who are usually self-sufficient – I’m in awe! 

But the good news is – things are on the improve! Our vaccine rates are amongst the best in the world, so lockdowns have been lifted and, drum roll… kids are back at school! I’ve always been a big fan of trying to find the silver lining of any situation and I think there are many we can take away from our COVID experience, particularly when it comes to digital parenting. I know of so many parents who have completely rethought their approach to managing kids and technology since the pandemic hit because of their home learning experience. 

So, in the spirit of sharing and caring, I thought I’d round up some of the best ‘aha’ moments from parents who were forced to become expert home learning managers over multiple lockdowns. And make sure you take notes because there are some great learnings that we can apply to our digital parenting journey.  

Embrace Technology 

If you have never been ‘all in’ with your kids’ use of technology for both learning and socializing, then you need to get over this ASAP. Technology is the lifeblood of your kids’ lives. It’s how they connect, nurture friendships, and organize their social lives. I also recommend parents try to see technology through the eyes of their kids NOT just through our more ‘mature’ lens. It’s the best way of truly understanding just what a huge role it plays in their day-to-day lives. And don’t forget that technology is almost always used to set up in-person catchups! So, please don’t demonize it, it will only push your kids away. 

Understanding Your Child’s Online Life is a Powerful Way of Connecting 

I totally appreciate that many parents didn’t choose to be home learning ‘managers’ however many have shared with me how they now feel far more involved in their child’s life because of the experience. Seeing first-hand how your child’s day works, overhearing their conversations with teachers and peers (courtesy of Zoom), and being blown away by your offspring’s tech skills has given many parents incredible insight into their child.  

I know of parents who have noticed learning issues and friendship problems all as a result of their home learning manager role! There’s nothing like being able to nip something in the bud before it becomes a big issue! So, stay involved and you’ll reap the rewards! 

Get Your Kids Moving – Encourage Movement and Outdoor Activities Always 

Confession – I have never been one of those parents who proactively organized park visits, bushwalks, and exercise regimes for my kids. But many of the parents who managed young children through a lockdown and resorted to becoming personal trainers reported that it paid dividends. So, now lockdowns are (hopefully!) history, don’t forget about the benefits of getting your kids to move. It’s hard to be on a screen when you are walking the dog, playing a game of family cricket, or bushwalking. I know it’s time-consuming but it’s so worth it!

Take Some Time to Understand & Protect Your Kids’ Devices 

As of 2 years ago, the average Aussie household had 17 internet-connected devices in tow so it’s no wonder keeping abreast of all the devices in your household feels like a full-time job! But with kids continuing to use their devices for both study and socializing, it’s essential that you give each device a ‘once over’ to minimize risks and prevent issues arising down the track.  

Ensuring all their software is up to date is a great place to start. Also check that the default password has been changed and that there is some top-shelf security software installed to protect the device and, most importantly, its user! And while you are there, why not also ensure that each of their online accounts has its own distinct password? If you think they could manage a password manager, then it might be time to introduce them to one? Check out McAfee’s True Key – I couldn’t manage without it! 

I think you’d be hard-pressed to find many parents keen to return to home learning. In fact, I think there may even be a revolt if we had to go back! But, knowing we have picked up some ‘nuggets of gold’ along the way makes it a little feel a little better! So, please embrace technology – it’s a fantastic way of connecting with your kids. But of course, keep your family’s usage in check and minimize the risks by giving each device a once-over.  

Happy Digital Parenting! 

Alex  

The post What We’ve Learnt From Home Learning During Lockdown appeared first on McAfee Blogs.

]]>
What is the Dark Web? Everything You Need to Know https://www.mcafee.com/blogs/consumer-cyber-awareness/what-is-the-dark-web-everything-you-need-to-know/ Thu, 02 Dec 2021 14:13:15 +0000 https://www.mcafee.com/blogs/?p=131854

You open up your laptop and check the daily news. You see a headline stating that one of your favorite online retailers was breached and that thousands of...

The post What is the Dark Web? Everything You Need to Know appeared first on McAfee Blogs.

]]>

You open up your laptop and check the daily news. You see a headline stating that one of your favorite online retailers was breached and that thousands of their customers’ passwords were exposed. Data breaches like this frequently appear in the news, but many consumers don’t realize the implications these breaches have on their personal privacy. When data breaches occur, oftentimes billions of these hacked login credentials become available on the dark web, neatly packaged for criminals to download.1 

Let’s dive into the differences between the deep web and the dark web, how cybercriminals use the dark web, and what you can do to protect your data.  

Deep Web vs. Dark Web: What’s the Difference?  

You’ve probably heard of the deep and dark web but may not be aware of their differences.2 First, let’s start by noting that the dark web is always part of the deep web, but the deep web is not always the dark web.  

The deep web refers to the pages on the internet that are not indexed in search engines, meaning that you can’t find them by performing a simple Google search. To access these pages, you have to know the exact address to the site and access it with specific software. Most personalized and password-protected sites appear on the deep web because they contain information that is not meant to be accessed by the general public. These sites include a user’s Netflix home page, password-protected sites for banking, and the internal sites of companies, organizations, and schools. These are all examples of legitimate areas of the deep web.  

On the other hand, the dark web is the disreputable extension of the deep web. Like the deep web, the dark web also houses sites that are not indexed by search engines, but it also hides a user’s identity and location. It consists mostly of illegal products or content that could be harmful to organizations or the general public. Some examples include stolen credit card numbers, fake IDs, drugs, and hacking tools. To access the dark web, a user needs to download darknet software, the most popular being Tor.  

Tor, which stands for “the onion routing project,” was developed by the U.S. Navy for the government in the mid-1990s. It was open-sourced in 2004, and that’s when it went public. Today, Tor is the dark web browser that the majority of people use to surf the internet anonymously. To do this, Tor hides a user’s IP address (or the unique address that identifies an internet-connected device or network) by bouncing their search request to multiple different locations. These bounces also referred to as relays, make it much harder for people to find users on the dark web.  

How Cybercriminals Use the Dark Web 

Because of its ability to provide anonymity, the dark web is often tied to the world of cybercrime. Scammers frequently use the dark web to find software that allows them to access other people’s computers, banking credentials, Social Insurance Numbers, and credit card information. You may be wondering how all this private information ended up on the dark web in the first place. Oftentimes when a company is breached and their customers’ data is exposed, the hackers behind the breach will upload the stolen database to the dark web. This allows other cybercriminals to purchase the stolen information and use it to target users with other scams. Say that a criminal finds a database on the dark web that contains a bunch of personal email addresses. They can purchase the database and target every email address with a phishing campaign that contains malicious links that spread malware or attempt to trick users into handing over their username and password combinations.  

How to Protect Your Data 

Incorporating cybersecurity best practices into your daily life can help protect your data from hackers looking to take advantage of the data found on the dark web. Follow these tips to bring yourself greater peace of mind:  

1. Use strong, unique passwords  

The chances of a hacker accessing your data are higher if you use the same credentials across different accounts. That’s why it’s important to use a strong, unique password for each of your online profiles. This minimizes the potential damage that could be done if a hacker does gain access to one of your accounts. You can also use a password manager with a built-in generator to make it easier for you to access and manage passwords. Enabling multi-factor authentication will also ensure that hackers cannot access your information using only your login credentials. 

2. Be on the lookout for suspicious emails and text messages 

If you receive an email asking you to take immediate action, stop and think. Criminals often convey urgency in their phishing scams in the hopes that an unsuspecting user will click on a malicious link or hand over their personal details without considering the legitimacy of the message. Examine suspicious emails carefully to check for telltale signs of phishing, such as poor grammar, grainy logos, or bogus links. If an email claims to be from a well-known company or brand and asks for your credentials, claims that you need to update your password, or sends you a “free offer,” go directly to the source. Contact customer service through the company’s website (not the email) and inquire about the urgent request.  

3. Stay informed on recent data breaches  

Be on the lookout for breach notices from relevant companies since they are often the first to know about a data breach impacting their online customers. Create news alerts for companies that have access to your information to stay notified of the latest events.  

Additionally, create notifications for your bank and other financial accounts to monitor suspicious activity, such as unauthorized transactions or a drop in credit score. You will be better prepared to mitigate any cybersecurity threats with the right security software and knowledge of the latest risks.   

4. Use comprehensive security software 

Use a comprehensive security solution like McAfee Total Protection, which includes dark web monitoring for up to 10 email addresses. This software actively monitors the dark web for data breaches and exposed information.  Personal details include but are not limited to your date of birth, email addresses, credit card numbers, and personal identification numbers. It also provides steps for remediation after a data breach to help you regain control and the integrity of your data and privacy. With a security solution like this in place, you can continue to live your connected life confidently.  

The post What is the Dark Web? Everything You Need to Know appeared first on McAfee Blogs.

]]>
Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. https://www.mcafee.com/blogs/mcafee-news/reimagining-mobile-security-for-the-way-we-live-our-lives-today-tomorrow-and-beyond/ Wed, 01 Dec 2021 22:28:37 +0000 https://www.mcafee.com/blogs/?p=132484

Online is a little different for everyone How do you connect online these days? I’ll give you an example from my...

The post Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. appeared first on McAfee Blogs.

]]>

Online is a little different for everyone

How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go. 

This trend in the way we connect is reflected in recent data too. In fact, we’ve found that the average consumer spends 6 hours and 55 min online per day, split between mobile (52%) and desktop (48%). Whether you’re a Boomer, Gen X, a Millennial, or Gen Z, the way you connect online is diverse and specific to you. 

As for what we’re doing online? It’s just about everything. After all, we spend an average of 7 hours per day on connected devices and the pandemic has forced us to do even more online. The downside to this rapid change in the way we live is that we are opening ourselves up to more risk which leaves consumers feeling highly concerned about their ability to keep their personal info secure or private. We need new protection for this new normal. 

For the new normal, a new approach to protection with mobile security 

What all these changes mean is that you’re able to have the same online experience regardless of where you are, what you’re doing, or what device you’re using. Your favorite streaming service is a great example – you can just as easily find a movie on a tablet as you can on your laptop. In fact, you can pause the movie you’re watching on that tablet and pick up where you left off on your laptop. Your experience with online security should offer the same convenience and familiarity. More importantly, online protection should give you a feeling of confidence however or wherever you choose to connect. 

 This means knowing your personal info is secure even when accessing an unsecured network, your browsing habits remain private, and you can take necessary actions should your information be compromised. To put it another way, YOU are what we’re focused on protecting and we do that by making sure everything you connect with is also secure. 

Introducing the new McAfee Security mobile app 

A phone is the remote control for your life. From the palm of your hand, you’re able to shop, browse, stream, and create – everything you do online you can now do from your phone. So, it’s crucial that your phone be a major focus of our online protection. The new mobile app makes it easier to get robust protection for your identity, privacy, and phone. Let’s look at a few of the capabilities offered by the new mobile app. 

Identity Protection Service

Think about all the online accounts you’ve created in the past year. How many of them do you use regularly? Sometimes I think I have more food delivery apps on my phone than I do restaurants to use them on. Regardless of how often you use an account (or if you no longer use it at all!), any personal information (like emails, addresses, credit cards) added to it is available online and vulnerable to breaches. McAfee Security comes with identity protection, a feature that monitors your personal information and then notifies you when there’s a risk of your data being compromised. What this means is that if we detect that your data was stolen, you’ll be alerted an average of 10 months earlier than similar services, so you can act before your data is used illegally or shows up on the dark web. 

Privacy protection with Secure VPN

Let’s say you’re about to use the free internet at your favorite café for a speedier connection. Time to flip on your virtual private network (VPN). Forget about digging through a sea of menus to find your VPN. The new mobile app offers a seamless VPN experience so you can keep your activity hidden on less-than-secure Wi-Fi. Or, better yet, you can set up a Secure VPN to automatically turn on for unsecured Wi-Fi networks. Whatever you choose, Secure VPN keeps your personal data and location private anywhere you go with unlimited data and bank-grade Wi-Fi encryption. 

Device protection 

At the end of the day, phones are devices and they’re vulnerable to viruses, malware, and, increasingly, malicious apps. The new McAfee Mobile app offers an antivirus scan for Android phones and system scans to see if your passcode is strong enough and that your OS is up to date on iOS devices. 

Most importantly, the app is part of McAfee’s total online protection, so the experience on your phone is the same as on your PC. It’s protection that goes where you go – at home on your PC, or on the go with your mobile. 

The mobile app is available right now – here’s how to get it 

If you’re an existing McAfee subscriber using McAfee Total Protection or McAfee LiveSafe, you can get the app right now. And, if you’ve already got the app installed, just make sure it’s up-to-date and you’ll be all set with the new look and features. 

Interested in trying the app out? You can buy or get a free trial of McAfee Total Protection here and get started today. 

The post Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. appeared first on McAfee Blogs.

]]>
What Is SIM Swapping? 3 Ways to Protect Your Smartphone https://www.mcafee.com/blogs/consumer-cyber-awareness/what-is-sim-swapping-3-ways-to-protect-your-smartphone/ Wed, 01 Dec 2021 14:35:24 +0000 https://www.mcafee.com/blogs/?p=132241

You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in...

The post What Is SIM Swapping? 3 Ways to Protect Your Smartphone appeared first on McAfee Blogs.

]]>

You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.  

Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts. 

Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently. 

What Is a SIM Card? 

First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc. 

What Is SIM Swapping? 

Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A cybercriminal, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more. 

SIM swapping was especially relevant right after the T-Mobile data breach.1 Cybercriminals stole millions of phone numbers and the users’ associated personal details. Criminals could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts. 

How Can You Tell If You’ve Been SIM Swapped? 

The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.  

Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider. 

How to Prevent SIM Swapping 

Check out these tips to keep your device and personal information safe from SIM swapping.  

  1. Set up two-factor authentication using authentication apps. Two-factor authentication is always a great idea; however, in the case of SIM swapping, the most secure way to access authentication codes is through authentication apps, versus emailed or texted codes. It’s also a great idea to add additional security measures to authentication apps, such as protecting them with a PIN code, fingerprint, or face ID. Choose pin codes that are not associated with birthdays, anniversaries, or addresses. Opt for a random assortment of numbers.  
  2. Watch out for phishing attempts. Cybercriminals often gain fodder for their identity-thieving attempts through phishing. Phishing is a method cyber criminals use to fish for sensitive personal information that they can use to impersonate you or gain access to your financial accounts. Phishing emails, texts, and phone calls often use fear, excitement, or urgency to trick people into giving up valuable details, such as Social Insurance Numbers, birthdays, passwords, and PINs. Be wary of messages from people and organizations you don’t know. Even if the sender looks familiar, there could be typos in the sender’s name, logo, and throughout the message that are a good tipoff that you should delete the message immediately. Never click on links in suspicious messages. 
  3. Use a password manager. Your internet browser likely asks you if you’d like the sites you visit to remember your password. Always say no! While password best practices can make it difficult to remember all your unique, long, and complex passwords and passphrases, do not set up autofill as a shortcut. Instead, entrust your passwords and phrases to a secure password manager, such as True Key. A secure password manager makes it so you only have to remember one password. The rest of them are encrypted and protected by two-factor authentication. A password manager makes it very difficult for a cybercriminal to gain entry to your accounts, thus keeping them safe. 

Boost Your Smartphone Confidence 

With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee Identity Protection Service. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities. 

1T-Mobile data breach and SIM-swap scam: How to protect your identity 

The post What Is SIM Swapping? 3 Ways to Protect Your Smartphone appeared first on McAfee Blogs.

]]>
The Bug Report – November Edition https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/the-bug-report-november-edition/ Wed, 01 Dec 2021 05:01:21 +0000 https://www.mcafee.com/blogs/?p=132034

Your Cybersecurity Comic Relief  CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” ...

The post The Bug Report – November Edition appeared first on McAfee Blogs.

]]>

Your Cybersecurity Comic Relief 

CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” 

Why am I here? 

For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report – a digest of all the latest and greatest vulnerabilities from the last 30-ish days based on merits just a tad more nuanced than sorting NVD by “CVSS > 9.0.” Instead, we focus on qualitative and experience-based analysis, relying on over 100 years of combined industry experience within our team. 

To those who are returning after having read last month’s issue, I would like to congratulate you for being a Bug Report fan before it was cool – which it now most assuredly is, thanks in no small part to a litany of fascinating vulnerabilities. We encourage our veterans to stick around as long as possible, so that a year from now you can complain about how we’re washed up and how much better our early editions were. 

PAN GlobalProtect VPN: CVE-2021-3064 

What is it? 

Palo Alto Networks (PAN) firewalls that use its GlobalProtect Portal VPN running PAN-OS versions older than 8.1.17 are vulnerable to a cutting-edge, state-of-the-art style of vulnerability known as a “stack-based buffer overflow.” Although the vulnerable code is normally not reachable, when combined with an HTTP smuggling vulnerability, CVE-2021-3064 can be used to gain remote code execution, a remote shell, and even access to sensitive configuration data according to Randori Attack Team researchers. Randori discovered the vulnerability over a year ago but chose not to disclose it to PAN until September of this year, using it as part of its “continuous and automated red team platform” during the interim – I suppose we should be thankful that PAN has claimed in its security advisory that no evidence of exploitation of this vuln has been discovered, despite its age. 

Who cares? 

Absence of “in-the-wild” exploitation aside, we should also be grateful that the number of people who should care is rapidly dwindling (an ever-present theme of 2021). Randori initially reported over 70,000 internet-accessible PAN firewalls running vulnerable versions of PAN-OS according to Shodan, which it later amended to 10,000. As of this writing, that number has fallen to around 7,000. Even so, 7,000 vulnerable firewalls mean an even larger number of vulnerable clients at risk of an over-the-internet attack vector requiring zero authentication. Those connecting to PAN firewalls running on VMs have even greater cause for concern as these lack ASLR, a factoid I have chosen to add to my ever-growing “why is that a thing” list, right next to the Ghostbusters remake. 

What can I do? 

We suggest an experiment: open the Shodan search linked above and note the total number of devices running a vulnerable version of PAN-OS. Next, call up whoever manages your firewall and demand they power it down immediately – use threats if you must. Check the Shodan scan again: has the number gone down? If so, it’s probably time to update. If you’re an Arch user and the prospect of updating terrifies you, Palo Alto has also indicated that its signatures for Unique Threat IDs 91820 and 91855 should block exploitation of CVE-2021-3064. 

The Gold Standard 

Be sure to stay up to date on the latest CVEs – our security bulletins are a great resource for finding product information for all kinds of critical vulnerabilities. 

Linux Kernel: CVE-2021-20322 

What is it? 

Researchers at the University of California, Riverside have discovered a flaw in the way the Linux kernel handles “ICMP fragment needed” and “ICMP redirect” errors, allowing an attacker to quickly learn the randomized port number assigned to a UDP socket. What this description fails to convey is the big picture impact of this vulnerability, which is its use as a side-channel for the now-prehistoric DNS cache poisoning attack, in which an off-path malicious actor ‘poisons’ a DNS resolver’s cache with a false record, mapping a known domain (google.com) to an IP address of their choosing (98.136.144.138). Truly nefarious. 

Who cares? 

To be frank, just about everyone should be at least raising an eyebrow at this one. Although the researchers have indicated in their whitepaper that this particular side-channel only affects about 13.85% of open resolvers on the internet, it’s important to note that various security services rely on proof of domain ownership, including even the issuing of certificates, making the impact tremendous. Users of popular DNS service Quad9 have particular cause for concern, as the paper claims it falls under the vulnerable 13.85%. Linux users should also be concerned, and not just because their drivers refuse to work – DNS software such as BIND, Unbound, and dnsmasq running on their platform of choice are also vulnerable. 

What can I do? 

This is where things get tricky. DNS extensions that were standardized over two decades ago, such as DNSSEC and DNS cookies, should successfully mitigate this and all other DNS cache poisoning attack side channels. The unfortunate reality is that these features see very limited adoption due to backwards-compatibility concerns. While we wait for these dinosaurs holding back progress to die out, the authors of the aforementioned whitepaper have suggested some alternative mitigations, including enabling the IP_PMTUDISC_OMIT socket option, introducing additional randomization to the structure of the DNS exception cache, and configuring DNS servers with a singular default gateway to outright reject ICMP redirects. Further details can be found in section 8.4 of their paper. 

The Gold Standard 

Unfortunately, not every vulnerability can be adequately addressed by network security products, and this vulnerability happens to be one of those cases. Your best bet is to follow the mitigations mentioned above and keep your servers up to date. 

Just About All DRAM: CVE-2021-42114 aka Blacksmith 

What is it? 

Blacksmith, a name referring to both the vulnerability and the fuzzer created to exercise it, is a new implementation of the Rowhammer DRAM hardware vulnerability from 2014. The crux of Rowhammer is the use of high frequency read operations to induce bit flips in neighboring regions of physical memory, which can lead to the crossing of any security barrier if the attacker can massage memory so that critical data is stored in a vulnerable physical page. Modern DRAM hardware uses a technology called Target Row Refresh (TRR) to prematurely refresh regions of physical memory targeted by common Rowhammer attacks. Researchers at ETH Zurich and their associates discovered that TRR exploits the uniform nature of memory accesses used by existing Rowhammer attacks to “catch” them, and so devised a Rowhammer attack that used non-uniform accesses, arriving at CVE-2021-42114, which bypasses TRR and all other modern Rowhammer mitigations. 

Who cares? 

Everyone. Just about every common electronic device you can think of uses DRAM and of the DIMMs (RAM sticks) testedthe researchers did not find a single one that was completely safe. It might be easy to presume that hardware vulnerabilities such as this are academically fascinating but have little real-world impact, but research published since 2014 has shown Rowhammer attacks successfully escape JavaScript containers in the browsercross VM boundaries in the cloud, and even achieve RCE across networks with high enough throughput. Perhaps the greatest tragedy of Blacksmith is that it arrived a month too late – it would have fit in perfectly with Halloween monsters like Freddy Krueger or Jason Voorhees who also see new iterations every few years and refuse to stay dead. 

What can I do? 

Hide your PC, hide your tablet, and hide your phone, ‘cause they’re hammerin’ everybody out there. Beyond that, there’s not much to be done besides wait for JEDEC to develop a fix and for DRAM manufacturers to begin supplying hardware with the new standard. 

The Gold Standard 

We at McAfee Enterprise are doing everything in our power to address this critical vulnerability. In other words, we’ll be waiting for that JEDEC fix right along with you. 

The post The Bug Report – November Edition appeared first on McAfee Blogs.

]]>
Fighting Supply Chain Threats Is Complicated https://www.mcafee.com/blogs/enterprise/fighting-supply-chain-threats-is-complicated/ Tue, 30 Nov 2021 14:00:44 +0000 https://www.mcafee.com/blogs/?p=132025

Relying on the kindness of strangers is not an ideal strategy for CISOs and CIOs. And yet that is the...

The post Fighting Supply Chain Threats Is Complicated appeared first on McAfee Blogs.

]]>

Relying on the kindness of strangers is not an ideal strategy for CISOs and CIOs. And yet that is the precise position where most find themselves today while trying to battle cybersecurity issues across their supply chain. While these supply chains have plenty of their own challenges, such as global disruptions of distribution, our recent research shows that it’s the cybersecurity problems that will long survive for the long term.

It’s not as though enterprises rely on their partners any more today than they did ten years ago. Their needs have not changed and are unlikely to change, except those rare instances where an enterprise will choose to manufacture their own supplies rather than rely on partners. Consider, for example, Costco creating its own gigantic chicken farm. Other than outlier examples like this, partner reliance is relatively stable.

What is changing with the supply chain is how much system access is being granted to these partners. They are getting access they didn’t always get and are getting far deeper access as well. As technology has advanced to allow such access, enterprises have accepted.

Given the wide range of partners–suppliers, distributors, contractors, outsourced sales, cloud platforms, geographical specialists, and sometimes your own largest customers–the cybersecurity complexities are growing by orders of magnitude. In addition, the more integrations that enterprises accept, the higher the level that their risk is. To be more precise, the risk doesn’t necessarily grow with the number of partners as much as the risk grows with the number of partners whose cybersecurity environments are less secure than the enterprise’s own environment.

To even begin to craft a cybersecurity strategy to manage partners and a global supply chain, the enterprise CISO needs to have a candid understanding of what their partners’ security level truly is. That is tricky, given that many of those partners themselves do not have a good sense of how secure or insecure they are.

One suggestion is to revise contracts to make it a requirement for all partners to maintain a security level equal to the enterprise customer. The contract must not only specify penalties for non-compliance–and those penalties must be sufficiently costly that it makes no sense for a partner to take that chance–but it must specify means to determine and re-verify that security level. Surprise inspections and the sharing of extensive log files would be a start.

Otherwise, even the strictest security environment such as Zero Trust may be unable to plug supply chain holes due to sloppier partner security practices. Let’s say that a large enterprise retailer is working with a large consumer goods manufacturer as a partner. A good environment will start with strict authentication, making sure that the user from the partner is really that authorized user. The enterprise environment must also watch the user throughout the session to make sure the user doesn’t do anything suspicious. But if the partner has been breached, malware could sneak in through the secure tunnel and, if it’s not caught by the enterprise, there’s a problem and now they can be breached.

This is not hypothetical. Since the beginning of the pandemic, our research found that a vast majority of global enterprises (81 percent) said that they are seeing far more attacks since the beginning of COVID-19.

Almost every business is dependent on the supply chain, making it a prime target for cybercriminals looking to cause disruption and breach wider networks. As the holiday season approaches, we are already seeing a spike in consumer and business activity across the supply chain, making it a prime target for cybercriminals looking to target essential and lucrative services.

Attackers are going to continue to leverage the global supply chain as an initial entry vector, accessing the network through a trusted connection, system, or user. The fact that these attacks exploit trusted channels makes them very difficult to prevent or detect. As organisations continue their digital transformation, including ever-more cloud services, managed services and endpoint modernization, the risks of supply chain threats will increase as its prevalence as a vector does so.

 

The post Fighting Supply Chain Threats Is Complicated appeared first on McAfee Blogs.

]]>
How to Help Your Kids Combat Clickbait Scams https://www.mcafee.com/blogs/family-safety/how-to-help-your-kids-combat-clickbait-scams/ Mon, 29 Nov 2021 23:42:32 +0000 https://www.mcafee.com/blogs/?p=132229

We’ve all fallen for clickbait. Sometimes it’s a juicy headline designed to spark curiosity and drive traffic to a specific website. Other...

The post How to Help Your Kids Combat Clickbait Scams appeared first on McAfee Blogs.

]]>

We’ve all fallen for clickbait. Sometimes it’s a juicy headline designed to spark curiosity and drive traffic to a specific website. Other times it’s a quiz that will magically reveal your celebrity look-alike. While the innocent click connected to most clickbait is seemingly harmless, some clickbait can install dangerous malware onto your devices. 

According to the FBI’s Crime Complaint Center’s 2020 Internet Crime Report, internet crime increased by 300,000 complaints from 2019 to 2020. This statistic represents a 50 percent increase over one year and losses exceeding $4.2 billion.  

Some clickbait scams exploit current events and the cultural climate, according to the Better Business Bureau. The scam-tracking organization warns consumers to be wary of any news items, links, and popups that require you to give personal information. Depending on the scam’s goal, the wrong click can result in a slew of email or text spam, malicious data mining, or even a monthly charge on your phone bill. And the hidden hook? Clickbait appears to be harmless at first glance, so we often share it with friends without understanding the entire risk.  

Critical Thinking vs. Impulse  

Clickbait relies on behavioral science. Bad actors online know that people are naturally curious. They want to understand, close their knowledge gaps, and be entertained. A popular article in Wired attributes our collective affinity for clickbait to the role emotion plays in our daily choices and to our lazy brains. We want instant gratification when filling our knowledge gaps online, cites Wired, which is why we forgo caution and opt for quick clicks we know won’t deliver on its promise.  

One way to begin changing those habits and to teach our kids to do the same is by encouraging critical thinking and strengthening our digital literacy skills. Critical thinking is more than just pausing before you click. It’s understanding the environment. Critical thinking is using websites and apps with a keen eye toward the goals, motivations, and agendas of the content provider. It’s asking questions suchy as: Where will this link take me? What’s this app or link’s goal? Do I know the person who sent me this link? What is this person, app, or website asking me to do? What risks could be on the other side of this link? 

 How to combat clickbait.

The digital world and the paths we travel are littered with malicious landmines. One way to avoid those scams is to both stay educated and layer up with protection. Here’s how you (and your loved ones) can steer clear of the digital deception of clickbait.  

Don’t fall for it.  

Avoid clicking headlines that tout exclusive, shocking, or “you won’t believe what happened next” content or footage. If it sounds outrageous or smacks of gossip, it’s likely a scam.  

Double up device protection.

Few people have the extra bandwidth to analyze internet content 24/7. For targeted protection against malware and viruses, consider comprehensive security software.   

Avoid Smishing. 

Clickbait sent via text (SMS) is called smishing, and it tends to spike during the holiday season. The link can appear from a big brand retailer and might alert you to a holiday package or encourage you to apply for a holiday loan. Do not click. Report smishing and forward the spam SMS message to the Spam Reporting Service at 7726 (SPAM). 

Avoid suspicious links. 

Avoid questionable websites that prompt you to click on links, complete a survey, or download extra plug-ins to access the content you want. Look for the ‘S’ in HTTPS in URLs when browsing online. The ‘S’ means the website is safe and secure. 

Don’t offer personal information. 

Do give personal information or banking details to unknown websites or share your password with any vendor or site.  

Hover over the link.

If you hover over a hyperlink, its web address will pop up which could lead you to unfamiliar websites.  

Trust no one—not even friends. 

Today, sadly, you can’t even trust emails and direct messages, posts, or even texts from your friends because they may have been hacked. Bad actors have found ways to drop familiar details into conversations and reach out in personable ways that immediately gain your trust. Pause and analyze before liking or sharing a link to a news item, a giveaway, or an opportunity. It may not be your friend that posted or recommended the link.  

Get choosy about content.

 You may agree with a headline or be outraged by a piece of “news,” but that doesn’t mean it’s true. Bad actors are savvy. They will exploit political division or a global tragedy and capitalize on fear by planting clickbait that is almost impossible to ignore without clicking. This tactic makes people feel emotionally compelled to share the story with others, which only increases the scam’s destruction. Look for spelling errors, poorly designed websites, and misspelled web addresses.    

If something doesn’t look right, but you’re curious about the information in the headline, stop and do your research before sharing. Go to a reliable news site to verify the information.  

There are bad actors, digital distractions, and cyber traps around every corner online. However, deciding to be intentional with your family’s online safety will render long-term habits that will shut out the bad actors online, making more room for the good stuff we all enjoy. 

The post How to Help Your Kids Combat Clickbait Scams appeared first on McAfee Blogs.

]]>
Social Engineering: Tis the Season for Tricky Hackers https://www.mcafee.com/blogs/consumer-cyber-awareness/social-engineering-tis-the-season-for-tricky-hackers/ Mon, 29 Nov 2021 22:34:09 +0000 https://www.mcafee.com/blogs/?p=132193

With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the...

The post Social Engineering: Tis the Season for Tricky Hackers appeared first on McAfee Blogs.

]]>

With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts.  

Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool the victim, and then pulls off a theft. Online, a social engineering attack will likely involve a theft attempt of personal or account information that the crook can then use to make purchases, drain accounts, and so forth. 

Not at all in the holiday spirit, right? Let’s take a look at some of their top tricks so that you can spot and avoid them. 

As said, spirits can get high this time of year. There’s looking forward to gatherings with family and friends, the fun that comes along with hunting for that perfect gift, and the excitement of the holidays overall. And that’s what hackers count on—people getting caught up in the rush of the holidays, to the point where they may not look at emails, offers, shipping notices, and such with a critical eye. That’s how the scammers get their foot in the door. 

Some of their favored tricks can look a little like this: 

1. Special access to hard-to-get holiday gifts. 

What are the holidays without that trendy “must-get” gift item, the one that’s seemingly out of stock no matter where you look? Scammers are keen on these items as well and will prop up phony ads and storefronts that pretend to sell those items but really don’t. Instead, they’re just a shady way for them to steal your debit or credit card information—or to lift a few bucks out of your pocket in return for nothing. 

One way to keep from getting burned by one of these scams is to follow the old adage, “If it looks too good to be true, it probably is.” In this case, crooks are using feelings of scarcity and urgency to get you to bite. Here’s where you can take a moment before you click to do some research.  

  • How long has the company been around?  
  • Are there reviews of this company?  
  • Do you have friends who’ve shopped with them before (and had a good experience)?  
  • What is their listing with the Better Business Bureau (and do they even have a listing)? 

Answers to these questions can separate the good businesses from the bogus ones. 

2. Gift card and coupon scams. 

Like the above, crooks will create a sense of urgency about a hot holiday item or limited time offer. The twist comes when they request payment via a gift card rather than by credit or debit card or other legitimate online payment methods. This request is highly deliberate because gift cards are much like cash. Once the money on the card is spent, it’s gone, and these cards do not offer the same protections that come with other payment methods. 

You can avoid this one easily. If anyone asks you to use a gift card as payment, it’s a scam. Gift cards are for gifts, not payment, says the Federal Trade Commission (FTC). If you come across such a scam, you can report it to the FTC as well. 

3. Charity scams. 

Donating to a charity in someone else’s name is often a popular gift. Much the same, giving a donation to a worthy cause feels particularly good this time of year. Once again, scammers will take advantage of these good intentions by propping up phony charities designed to do nothing more than dupe you out of your money. Whether that’s a flat-out phony charity or one of the many other scam charities that have been known to pocket 90 cents of every dollar donated, this is the time of year to be on the lookout for both. 

The advice here is much the same as the advice for avoiding phony businesses and retailers. Do your homework. The Better Business Bureau maintains a listing of charities that can help you make good donation choices. Also, your state government’s charity officials can help you separate good charities from bad—and even file a report if you suspect a scam is at play. 

And once again, if a charity is asking for donations in the form of cash, gift cards, or wire transfer, just say no. That’s a surefire sign of a scam. 

4. Phony shipping notices. 

Scammers know you have packages in transit this holiday season, loaded with gifts that you’re eagerly tracking. Enter another classic scam—the phony shipping notice. The idea is that you already have so many packages on their way that you won’t think twice about opening an email with a “shipping notice” that comes in the form of an attachment. Of course, that attachment is a fake. And it’s loaded with malware.  

Too bad for scammers, though. This is another one you can steer clear of rather easily. Don’t open such attachments. Shipping companies will almost certainly send along notices and invoices in the body of an email, not as an attachment. If you have a question, you can always visit the shipper’s website and look up your tracking info there. Likewise, follow up with the customer service department of the company that you purchased the item from in the first place. 

Yet more ways you can protect yourself from holiday scams 

While the holidays are a special time for scammers too, there are several things you can do to up the level of your protection now and year ‘round. A quick list includes: 

  • Secure your devices and set your email spam filters. If you haven’t already, secure your devices with comprehensive online protection. With that in place, it can prevent you from mistakenly clicking risky links and downloads, blot out spam emails before they reach your inbox, and protect your accounts with strong, unique passwords. 
  • Protect your identity too. Another thing that comprehensive online protection should cover is you. With identity theft protection, you can protect yourself. It can monitor dozens of different types of personal info along with your email addresses and bank accounts—plus provide theft insurance and support from a licensed recovery pro if identity theft, unfortunately, happens to you. 
  • Beware of downloads you aren’t expecting. This is always good form because hackers love to spike downloads with malware designed to steal your personal information. Whether you get an unexpected attachment from a friend or business, follow up with them before opening it. If they say they didn’t send it, that’s a quick way to find out whether the attachment is legitimate or not. 
  • Keep an eye out for typos and poorly crafted messages. Scammers may know a thing or two about human nature, but that doesn’t mean that they’re the best writers, designers, and website developers. A common sign of a scam is an email, ad, message, or site that simply doesn’t look or read right. Granted, some scammers have gotten quite good at making their scams look legitimate, yet many still fail to clear that bar 

Keep the good feeling going this holiday season 

No doubt, the holidays have a feel all to themselves, one which hackers and crooks want to take advantage of. They’ll craft their tricks accordingly and try to twist the good times that roll around at the end of the year into scams that capitalize on your good intentions. As you can see, it’s not too tough to spot them for what they are if you pause and take a moment to scrutinize those emails, offers, and sales. And that’s the thing with the holidays. We can all feel pinched for time at some point or other during this stretch. Look out for their pressure tactics and seemingly clever ways of using social engineering to rip you off. That way, you can spend the holidays focusing on what’s important—your friends and family. 

The post Social Engineering: Tis the Season for Tricky Hackers appeared first on McAfee Blogs.

]]>
‘Tis the Season for Scams https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tis-the-season-for-scams/ Mon, 29 Nov 2021 22:04:38 +0000 https://www.mcafee.com/blogs/?p=132022

Co-authored by: Sriram P and Deepak Setty ‘Tis the season for scams. Well, honestly, it’s always scam season somewhere. In...

The post ‘Tis the Season for Scams appeared first on McAfee Blogs.

]]>

Co-authored by: Sriram P and Deepak Setty

‘Tis the season for scams. Well, honestly, it’s always scam season somewhere. In 2020, the Internet Crime and Complaint Center (IC3) reported losses in excess of $4.1 billion dollars in scams which was a 69% increase over 2019. There is no better time for a scammer celebration than Black Friday, Cyber Monday, and the lead-up to Christmas and New Year. It’s a predictable time of the year, which gives scammers ample time to plan and organize. The recipe isn’t complicated, at the base we have some holiday excitement, sprinkle in fake shopping deals and add some discounts, and ho ho ho we have social engineering scams.

In this blog, we want to increase awareness related to scams as we expect elevated activity during this holiday season. The techniques used to scam folks are very similar to those used to spread malware too, so always be alert and use caution when browsing and shopping online. We will provide some examples to help educate consumers on how to identify scams. The victims of such scams can be others around you like your kids or parents, so read up and spread the word with family and friends. Awareness, education, and being alert are key to keeping you at bay from fraudsters.

Relevant scams this season

Although there is a myriad of scams out there, we expect the most common scams and targets this season to be:

  1. Non-delivery scams – Fake online stores will attempt to get you to purchase items that you will never end up receiving
  2. Deals that get shoppers excited. Supply chain issues recently will give scammers more fodder. Scammers can place bait deals on popular items
  3. Elderly parents/grandparents looking for cheap medical equipment, medical memberships, or looking to purchase and ship their grandchildren presents for the holidays.
  4. Emotionally vulnerable people might fall prey to romance scams
  5. Children looking for free, Fortnite Vbucks and other gaming credits may fall prey to scams and could even get infected with potentially unwanted programs
  6. Charity scams will be rampant.

SMSishing, email-based Phishing, and push notifications will be the most common vectors initiating scams during this holiday season. Here are some common tactics in use today:

1. Unbelievable deals or discounts

This is a common theme around this time of the year. Deals, discounts, and gift cards can be costly to your bank account. Be wary of URLs being presented to you over email or SMS. Phishing emails, bulk mailing, texting, and typo-squatting are some of the ways that scammers target their prey.

2. Creating a sense of urgency

Scammers will create a sense of urgency by telling you that you have limited time to claim the deal or that there is low inventory for popular items in their store. It’s not difficult for scammers to identify sought-after electronics items or holiday gifts for sale and offer them for sale on their fake stores. Such scams are believable given the supply chain challenges and delivery shortages over the last few months.

3. Utilizing Scare tactics

Getting people worried about a life-changing event or disrupting travel plans can be concerning. So, if you get an unexpected call from someone claiming to be from the FBI, police, IRS, or even a travel company, stop and think. They may be using scare tactics to dupe you. Never divulge personal information and if in doubt, ask them a lot of directed questions and fact check them. As an example, check to see if they know your home address, account number, itinerary number, or bank balance depending on who they claim to be. Scammers typically don’t have specific details and when put on the spot, they’ll hang up.

4. Emotional tactics

Like scare tactics, scammers may prey on vulnerable people. Although there can be many variations of such scams, the more common ones are Romance Scams where you end up connecting to someone with a fake profile, and Fake Charity Scams where you receive a phone call or an email requesting a donation. Do not entertain such requests over the phone especially if you receive a phone call soliciting a donation. During the conversation, they will attempt to make you feel guilty or selfish for not contributing enough. Remember, there is no rush to donate. Go to a reputable website or a known organization and donate if you must after due diligence.

Tips to identify a scam

Successful scams are situationally accurate. You may be the smartest guy in the room, but when you eagerly waiting for that delivery and you see an email update claiming a delivery delay from UPS, you might fall for a scam. This is particularly true in the holiday season and therefore such themes are more prevalent. Here are some tips on how to identify scams early on.

  1. Be suspicious of anything that is pushed to you from an unknown source – emails, SMS, advertisements, phone calls, surveys, social media. This is when you are being solicited to do something you might not have otherwise chosen to
    1. Avoid going to unknown websites to begin with. You always have the option to r before you click on a link. You can always use some of the following trusted free resources to validate a domain or business
      1. https://trustedsource.org/ – to look up a URL
      2. https://www.virustotal.com/gui/home/url – to look up a URL
      3. https://www.bbb.org/ – to validate a business, charity, etc
      4. https://whois.domaintools.com/ – to look up site history. A new or recent domain is less trustworthy. Scammers register new domains based on the theme of their scams.
    2. If you do end up navigating, look for the following to build trust in a link:
      1. Ensure it’s an “https” domain versus an “http”. A valid “https” certificate just means that your data is encrypted enroute to the website. Although this method isn’t indicative of a scam, some scams are hosted on compromised “http” sites. (example 1))
      2. Closely look at the domain name. They might be indicative of fakes. Scammers would typically register domains with very similar names to deceive you. For example, Amazon.com could be replaced by Arnazon.com or AMAZ0N.com. ‘vv’ could be replaced for ‘w’, ‘I’ for a 1, etc. Same goes for emails you receive – take a close look
      3. Another common way of reaching a fake website is due to “typosquatting” but this is typically human error, where a user may type an incorrect domain name and reach a fake site.
      4. Most legit sites will have a “Contact us”, “About Us”, “Conditions of Use”, “Privacy Notice”/”Terms”, “Help”, Social Media presence on Twitter, FB, Instagram, etc. Read up on the pages to learn about the website and even look for website reviews before you make a purchase. Fake websites do not invest a lot of time to populate these – this could be a giveaway.
    3. Always confirm the sender of and email or text by validating the email address or phone number. For example, if an email claims to be from BankOfAmerica, you would expect their email domain in most cases to be from “@bankofamerica.com” and not from “@gmail.com”. Avoid clicking on links from emails or messages when you don’t know the sender.
    4. If you end up linking to a page because of an email or message, never provide personal details. Any site asking for such information should raise red flags. Even if the site looks legit, Phishing scammers make exact replicas of web pages and try to get you to login. This allows them to steal your login credentials. (Example 4)
    5. Don’t feel pressured to click on a link or provide details to solicitors in such cases especially. Any attempt to gather personal data is a big NO.
    6. Never open attachments from unknown people. Emails with document attachments or PDF Attachments are very popular in spreading malware. The attachment names are typically very enticing to click on. Names like “invoice.pdf”, “receipt.doc”, “Covid-19 test results.doc”, etc. may invite some curiosity but could also lead to malware.
    7. Ensure you review the hyperlink before you click them. It’s easy to fake the text and get you to an illegit page (Example 2)
    8. Anyone who insists on payments using a pre-paid gift card or wire transfer, instead of your typical credit card is most likely attempting to scam you.
  1. The end goal of a scammer is that they want to make money – so be alert with your cards and their activity.
    1. Avoid using Debit Cards online. Use a prepaid or virtual Credit Card or even better utilize Apple Pay, Google Pay or PayPal for online payments. Payment card services today have advanced fraud monitoring systems
    2. Check CC statements often to look for any unanticipated charges.
    3. If you make a purchase, ensure you have a tracking number and monitor shipments
    4. Disable international purchases if you know you won’t be traveling.
    5. Never wire money directly to anyone you do not know.

What if you are a victim?

If you believe that you have been a victim of a scam, here are a few tips that might help.

  1. First, get in touch with your Credit Card company and tell them to put a hold on your card. You can dispute any suspicious charges and request an issue of a chargeback
  2. If you have been scammed through popular sites like ebay.com or amazon.com – contact them directly. If you wired money, contact the wire company directly
  3. File a Police Report. If you gave your personal information away, you might want to go to
    1. US – https://www.identitytheft.gov/
    2. UK – www.cifas.org.uk
  4. Notify and contribute – build awareness
    1. US
      1. https://reportfraud.ftc.gov/#/?pid=A – (877) 382-4357
      2. https://www.bbb.org/
      3. https://www.ic3.gov/
      4. https://www.fbi.gov/scams-and-safety
    2. UK
      1. https://www.actionfraud.police.uk/ – 0300 123 2040
      2. https://www.gov.uk/find-local-trading-standards-office
      3. https://www.citizensadvice.org.uk/

Example scams:

Example 1: Fake SMS messages

It’s become more common recently to receive text messages for scammers. The following few text messages demonstrate SMSishing attempts.

  1. The first is an attempt to gather Bank Of America details. For the scammer, it’s a shot in the dark. Given, the target is a US number, he attempts to use the phone number that he is sending the text to, as a bank account number and provides a link to a bit.ly page (a URL shortening service) to link to a fake page that poses as a Bank of America login. A successful SMSish would be if the victim entered their details.

 

2. The following are fake texts that attempt to entice you click the link. The bait is the Gift card. One can tell that they are a similar theme since they originate from fake phone numbers, which are very similar but not exact. The domain names of the two URLs are totally random (probably compromised URLs). You can tell that back in October, the full URL based SMShing attempts were not very effective which is why in Nov, they probably used keywords like “COSTCO” and “ebay” within the URL and inline to their SMS context, to make it more likely for people to click.

Also note that some of the URLs only have an “http” versus a “https”, something we had noted earlier in the blog.

Example 2: Fake email link

One cannot trust an email by the text. You should review the link to ensure it takes you to where it claims to. The following is an example email where the link is not what it claims to be.

Example 3: Fake Store Scam hosted on Shopify

Shopify is a Canadian multinational e-commerce company. It offers online retailers a suite of services, including payments, marketing, shipping, and customer engagement tools.

So, where there is money to be made, individuals are looking to take advantage. Shopify scam targets both consumers and business owners. Scammer abuse the power of e-commerce to earn money by implementing fake stores. They observe the product or category, create an attractive logo or image and promote extensively on social media.

Fake Bike Online Purchase store – Mountain-ranger-com

Site: hxxps://mountain-ranger-com.myshopify.com/collections/all

SSL info:

This site is hosted on Shopify, so it has a valid SSL cert which is the first thing we check on where we transact.

Whois Record ( last updated on 2021-11-19 )

Domain Name: myshopify.com
Registry Domain ID: 362759365_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2021-03-02T23:39:12+0000
Creation Date: 2006-03-03T03:01:37+0000
Registrar Registration Expiration Date: 2024-03-02T08:00:00+0000
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.2083895770
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)
Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)
Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)
Registrant Organization: Shopify Inc.
Registrant State/Province: ON
Registrant Country: CA
Registrant Email: Select Request Email Format

The registrar info for the site is valid too, as it is hosted on Shopify. If you look closer, however, one will notice red flags:

  1. Compare these prices listed on other known sites like amazon: Price listed on the fake site versus price listed on Amazon. This is an “unbelievable” deal.

Examples of similar sites showing incredible discounts.

2. The “About Us” doesn’t make much sense when you see the products that are being offered:

A quick google on the text shows that multiple sites are using the same exact text (most of them probably fake)

3. There are no customer reviews about the products listed.

4. It has a public email server (gmail) in its return policy

5. Looking up the list address in google maps wouldn’t show up anything and looking up the number in apps like true caller shows it’s fake.

Example 4: Social Engineering to Steal Credentials

The goal of this scam is to steal credentials however it could as well be used as a malware delivery mechanism. The screenshot is that of a fake business proposal hosted on OneDrive Cloud for phishing purposes.

The actor aims to mislead the user into clicking on the above reference link. When the user clicks on the link, it redirects to a different website that displays the below fake OneDrive screenshot.

hxxps://aidaccounts[.]com/11/verified/22/

If a user enters their OneDrive details, the actors receive them at their backend. This means that this victim has lost their login credentials to the phishing actors. Look at the address bar and trust your instincts. This is in no way related to Microsoft OneDrive. There are other such examples where they do some additional plumbing of the URL to include keywords that make it more believable – as they did in the SMSishing example above.

Example 5: Fake Push Notification for surveys

The goal here is to get the user to accept push notifications. Doing so makes the customer susceptible to other possible scams. In this example, the scammers attempt to get users to fill out surveys. Legit companies online pay users for surveys. A referral code is used to pay the survey taker. The scammer in this case attempts to get others to fill the survey on their behalf and therefore makes money when such surveys use the scammer’s referral code. Push notifications are used to get the victims to fill out surveys. Previous blogs from McAfee demonstrate similar scams and how to prevent such notifications

The initial vector comes to the victim via a spam email with a PDF Spam attachment. In this scenario, Gmail was used as the sender.

Upon opening the PDF, a fake online PUBG (Players Unknown Battleground) credits generator gets opened. In PUBG, Gamers need credits to participate in various online games and so this scam baits them offering free credits.

Once the user clicks on the bait URL, it opens a google feed proxy URL.

Malicious websites are destined to be block-listed and therefore have short shelf lives. Google’s feed proxy redirects them in adapting to new URLs and therefore utilizes a fast-flux mechanism as a technique to keep the campaign alive. Usage of feed proxy are not new and we have highlighted its use in the past by the hancitor botnet.

Clicking on the top highlighted URL, it navigates to a webpage that poses as a PUBG Arcane online credit generator.

To make the online generator look real, the website has added fake recent activities highlighting coins users have earned via this generator. Even the add comments section is fake.

Clicking on continue will bring up a fake progress bar. Now the site shows the coins and cash are ready, however, an automated human verification has failed, and a survey has to be taken up for getting the reward.

A clickable link for this verification is also loaded. Once clicked, a small dialog with 3 options are presented.

Clicking on “want to become a millionaire” loaded a survey page and prompts you to take it up. It will also prompt you to allow push notifications from this website.

Once you click on “Allow”, notifications to take up a survey or fake personalized offer notifications start popping up. Be it on your desktop or on your mobile, these notifications pop-ups to take up more surveys.

Clicking on the other links too from “Human Verification”, you will realize that you have finally ended up not gaining anything for your PUBG Arcane gaming, but ended up taking surveys.

Here is another example of a PDF theme we have seen as a lure on the Lenovo tablet offer.

Clicking on this link takes the user to a page that claims it has been protected by a technique to block bots. Persuading you to click on the allow button for enabling popups.

Once you click on the enable button, it then redirects the browser to take up a random survey. In our case, the survey was on household income.

Another such theme that we observed was around the latest Netflix series – Squid games. Although Series 1 has currently been released, the fake email prompts early access to Season 2.

Scammers spend a lot of time and effort tweaking and tuning their schemes to make it fit just right for you. Avoiding a scam is not full proof but being vigilant is key. Don’t get overly keen when you get offers thrown at you this season. Take a step back, relax and think it through, not only should you do your own research, but you should also trust your instincts. Spending a little extra on products or making donations to a reputable and known organization might be worth the peace of mind during the holidays. Help educate your family and contribute by reporting scams.

Happy Holidays!

The post ‘Tis the Season for Scams appeared first on McAfee Blogs.

]]>
McAfee Enterprise Defender Blog | Windows Zero-Day – CVE-2021-41379 https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-defender-blog-windows-zero-day-cve-2021-41379/ Mon, 29 Nov 2021 19:12:04 +0000 https://www.mcafee.com/blogs/?p=132043

Threat Summary This month it was disclosed that a Microsoft vulnerability that allows for local privilege elevation, previously patched in...

The post McAfee Enterprise Defender Blog | Windows Zero-Day – CVE-2021-41379 appeared first on McAfee Blogs.

]]>

Threat Summary

This month it was disclosed that a Microsoft vulnerability that allows for local privilege elevation, previously patched in the November 2021 Patch Tuesday, is still exploitable and was not patched correctly. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network.

Figure 1. MITRE ATT&CK Matrix for Windows Zero-Day in MVISION Insights

The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022. At the time of writing, Microsoft has not released any updates or out-of-band patches to resolve it.

CVE-2021-41379 – Microsoft Windows Installer Elevation of Privilege Vulnerability

Bleeping Computer: New Windows zero-day with public exploit lets you become an admin

Bleeping Computer: Malware now trying to exploit new Windows Installer zero-day

McAfee Enterprise Protections and Global Detections

McAfee Enterprise Global Threat Intelligence is currently detecting all known proof of concept exploits for this zero-day vulnerability as malicious.

Blocking Exploitation Attempts with McAfee Enterprise ENS

McAfee Enterprise Endpoint Security (ENS) is currently detecting exploitation attempts and will quarantine the tools utilized to exploit this vulnerability as shown below.

Figure 2. Story Graph summary of exploitation detection by McAfee Enterprise ENS shown in MVISION ePO

Detecting Exploitation Activity with MVISION EDR

MVISION Endpoint Detection and Response (EDR) is currently alerting to the activity of this exploitation as malicious and will note the MITRE techniques and any suspicious indicators related to the exploit attempts.

Figure 3. Detection of zero-day exploitation activity and techniques in MVISION EDR

Threat Intelligence for Exploitation IOCS with MVISION Insights

MVISION Insights will provide the current threat intelligence and known indicators for exploitation of this vulnerability. MVISION Insights will also alert to detections that have been observed, and systems that require additional attention, to prevent widespread infection. MVISION Insights will also include Hunting Rules and Campaign Connections for threat hunting and further intelligence gathering of the threat activity and adversary.

MVISION Insights Campaign: New Windows Zero-Day CVE-2021-41379 With Public Exploit Lets You Become an Admin

Figure 4. Global Prevalence of zero-day exploitation activity in MVISION Insights

Figure 5. Exploitation IOCs and Detections in MVISION Insights

McAfee Enterprise offers Threat Intelligence Briefings along with Cloud Security and Data Protection workshops to provide customers with best practice recommendations on how to utilize their existing security controls to protect against adversarial and insider threats; please reach out if you would like to schedule a workshop with your organization.

The post McAfee Enterprise Defender Blog | Windows Zero-Day – CVE-2021-41379 appeared first on McAfee Blogs.

]]>
McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-defender-blog-cisa-alert-ms-exchange-fortinet-vulnerabilities/ Thu, 25 Nov 2021 17:37:10 +0000 https://www.mcafee.com/blogs/?p=131938

Threat Summary On November 17, 2021, The US Cybersecurity & Infrastructure Security Agency (CISA) pushed an Alert entitled “Iranian Government-Sponsored...

The post McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities appeared first on McAfee Blogs.

]]>

Threat Summary

On November 17, 2021, The US Cybersecurity & Infrastructure Security Agency (CISA) pushed an Alert entitled “Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities” which you need to pay attention to if you use Microsoft Exchange or Fortinet appliances. It highlights one Microsoft Exchange CVE (Common Vulnerability & Exposure), three Fortinet CVEs and a list of malicious and legitimate tools associated with this activity.

Threat Intelligence Update from McAfee Enterprise

A few hours later our Advanced Threat Research (ATR) team published a new campaign in MVISION Insights under the name “Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities”. Immediately after, MVISION Insights started to provide near real-time statistics on the prevalence of the tools associated to this threat campaign by country and by sector.

Figure 1. MVISION Insights Global prevalence statistics for this campaign on Nov 19, 2021

In this blog I want to show you how you can operationalize the data linked to this alert in MVISION Insights together with your investigation and protection capabilities to better protect your organization against this threat.

Tracking New Campaigns and Threat Profiles, Including This Alert

MVISION Insights combines Campaigns and Threat Profiles in the same list, and you can change the order from “Last Detected” to “Last Added” as shown below.

Figure 2. List of MVISION Insights campaigns last added, with a selection of this campaign

On the left of figure 2, a color code shows you the severity assigned by the McAfee ATR team (Medium for this campaign), in the middle you can see whether we have seen detections of the analysed IOCs in your country or in your sector

If you are a McAfee Endpoint Security or IPS customer, on the right of figure 2 you can see whether you have had any detection of these IOCs by your McAfee Endpoint Security or IPS, or whether Endpoint Security has found exposed devices, or devices with insufficient Endpoint Security protection

As shown in figure 2, you can also click the campaign’s preview to read a short description, and the labels given by MVISION Insights:

  • APT
  • Ransomware
  • Tool
  • Vulnerability

In this case, you can see that CISA suspects this campaign to be associated with an APT threat group. It includes Ransomware behaviors. The labels also highlight the use of hacking tools and vulnerabilities which you can then view in the Campaign details. Last September we hosted a webinar focused on threat intelligence and protection against hacking tools.

The campaign description highlights the usual use of “devices encrypted with the Microsoft Windows BitLocker encryption feature”.

The campaign’s details also provide links to other sources, such as the CISA alert in this case.

Figure 3. Original CISA Alert used for this campaign

Evaluating the Risk and Whether you Could be Exposed

Once you have identified campaigns which could potentially hit you, you can evaluate your risk and whether you could be exposed because you could have:

        • Vulnerabilities listed
          In figure 4, you can see that in this campaign there is 1 CVE for Microsoft Exchange, and 3 CVEs for Fortinet FortiOS
        • Exposed devices
          In figure 2, there are none
        • Insufficient Endpoint Security protection
          In Figure 2, there are none

Figure 4. List of Common Vulnerabilities and Exposures (CVEs) in this campaign’s details

If you are a McAfee Enterprise customer, the MVISION Insights Endpoint Security Posture checks whether you have enabled the necessary Endpoint Security features to have the best level of protection across your estate.

In the example below:

  • 3 Endpoint Security devices have an insufficient AMcore content to detect all campaigns
  • The warning sign shows that some devices have been excluded from this assessment by the MVISION Insights administrator
  • 1 Endpoint Security device is missing Real Protect Client and Cloud
  • 1 Endpoint Security device is missing Adaptive Threat Protection (ATP)
  • 1 Endpoint Security device has an unresolved detection for a Medium Severity Campaign

As seen previously, this lab environment has sufficient protection to detect the “Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities” campaign IOCs. However, to have full Endpoint protection, GTI, On-Access scan, Exploit Prevention, Real Protect and ATP must be enabled.

Figure 5. McAfee Endpoint Security Detection across all MVISION Insights campaigns

Hunting for Detections and IOCs in Your Environment

If you are a McAfee Endpoint Security or IPS customer, the detections related to the campaign’s IOCs are automatically mapped by MVISION Insights as shown in Figure 6.

Figure 6: McAfee Endpoint Security Detection across all MVISION Insights campaigns

You can also use your Endpoint Detection and Response (EDR) or SIEM solution to search for the presence of IOCs. As you can see below in Figure 7, we have categorized the IOCs, and in this instance:

  • 4 File Hashes have been analyzed by our Threat Research experts and 3 File Hashes have NOT been fully analyzed at this time
  • 2 File Hashes are dual use, and therefore are non-Deterministic
  • 5 File Hashes are partially unique (2 Malicious and 2 Probable Malicious)

If you are an MVISION EDR customer, you can automatically search for the presence of these IOCs across your estate from MVISION insights

Otherwise, you can export the IOCs and hunt them in your EDR, and SIEM, to examine the evidence of a potential compromise and escalate the case to a level2 or level3 analyst to run a full investigation.

Additionally, you can also use the MVISION APIs with a third-party Threat Intelligence Platform such as ThreatQ, ThreatConnect or MISP to orchestrate this threat hunting capability.

Figure 7: MVISION Insights IOCs for this campaign

You can also leverage the new Campaign Connections feature (Figure 8) to check whether these IOCs are also listed in other campaigns or threat profiles. Campaign collection uses graphs to connect all the MVISION campaigns, and threat profile data such as:

  • IOCs
  • MITRE techniques
  • MITRE and McAfee Tools
  • Threat actors and groups
  • Labels
  • Prevalent countries and sectors
  • Detections

Figure 8: MVISION Insights Campaign connection using the IOCs of this campaign

Hunting TTPs in Your Environment

Beyond the IOCs, your Threat Analysts can also leverage the MITRE Techniques and Tools related to this campaign and documented in MVISION Insights.

Figure 9: MITRE Techniques and Tools observed in MVISION Insights for this campaign

For example, here you could use MVISION EDR to look for the presence of:

  • Unusual Scheduled Tasks
  • Unusual WinRAR archives
  • Unusual local and domain account usage
  • Mimikatz behavior

Then you can quarantine suspected devices before running a full remediation. You can also check that your Endpoint Security solution has credential theft protection capabilities such as ENS credential theft protection.

Vulnerability Management

If your organization hosts Microsoft Exchange or Fortinet appliances you will need to apply the recommended patching and upgrade recommendations. If you find indicators of compromise you might want to increase the priority of the tickets, asking the Fortinet and Microsoft Exchange administrators to fix these CVEs due to these suspicious activities.

Summary

To better assess your risk and exposure against this campaign you should review your current capabilities to:

  • Be informed about the latest relevant CISA alerts and other new campaigns and threat actors
  • Hunt the IOCs, Tools and Techniques associated
  • Identify Common Vulnerabilities and Exposures
  • Review your level of Endpoint Protection against these threats

McAfee Enterprise offers Threat Intelligence, and Security Operations workshops to provide customers with best practice recommendations on how to utilize their existing security controls to protect against adversarial and insider threats; please reach out if you would like to schedule a workshop with your organization.

The post McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities appeared first on McAfee Blogs.

]]>
My email has been hacked! What should I do next? https://www.mcafee.com/blogs/internet-security/my-email-has-been-hacked-what-should-i-do-next/ Tue, 23 Nov 2021 18:01:21 +0000 /blogs/?p=101260

If you find that your email has been hacked, one of your immediate reactions is wondering what you should next.   The answer: take a...

The post My email has been hacked! What should I do next? appeared first on McAfee Blogs.

]]>

If you find that your email has been hacked, one of your immediate reactions is wondering what you should next.  

The answer: take a deep breath and jump into action. There are five steps can help you prevent or minimize any damage done by a compromised account. 

So why do hackers go after email accounts? Fact is, that email account of yours is a treasure trove. There’s a good chance it contains years of correspondence with friends and family, along with yet more email from banks, online retailers, doctors, contractors, business contacts, and more. In all, your email packs a high volume of personal info in one place, which makes your email account a top prize for hackers.  

Let’s take a look at how you can take back control of your email account, along with some things you can do to keep it from getting hacked in the first place.  

You can’t log into your email account: 

This one speaks for itself. You go to check your email and find that your username and password combination has been rejected. You try again, knowing you’re using the right password, and still no luck. There’s a chance that a hacker has gotten a hold of your password, logged in, and then changed the password—thus locking you out and giving them control of your account. 

One of your contacts asks, “Did this email really come from you?” 

Hackers often compromise email accounts to spread malware on a large scale. By blasting emails to everyone on your hacked contact list, they can reach dozens, even hundreds, of others with a bogus email that may include an attachment that’s infected with malware. And no doubt about it, some of those emails can look a little odd. They don’t sound or read at all like the person they’re trying to impersonate—you—to the extent that some of your contacts may ask if this email really came from you. 

On the flip side, this is a good reason to never open attachments you weren’t expecting. Likewise, if you get a somewhat strange email from a friend or business contact, let them know. You may be the first indication they get that their email has been compromised. 

Slow and erratic device performance: 

A sluggish device could be a sign of malware in general. The thing with malware is that it tends to act like a system and resource hog, which may cause your device to run slowly, to turn off and on again suddenly, or even run hot. In some cases, the malware is logging keystrokes on your computer or taps on your phone to siphon off things like usernames and passwords so that a hacker can take control of the accounts associated with them—such as your email, not to mention your bank accounts. This makes a strong case for antivirus and antimalware protection that’s automatically kept up to date to protect against the latest threats. 

What should I do if my email is hacked? 

1) Change your passwords: 

Change your password for your email account if you can. Make it a strong, unique password—don’t reuse a password from another account. Next, update the passwords for other accounts if you use the same or similar passwords for them. (Hackers count on people using simpler and less unique passwords across their accounts—and on people reusing passwords in general.) A password manager that’s included with comprehensive online protection software can do that work for you. 

2) Use your email provider’s recovery service, if needed: 

In the case where you’ve been locked out of your account because you think the hacker has changed the password, your email provider should have a webpage dedicated to recovering your account in the event of a lost or stolen password. (For example, Google provides this page for users of Gmail and their other services.) This is a good reason to keep your security questions and alternate contact information current with your provider, as this is the primary way to regain control of your account. 

3) Reach out to your email contacts:

As mentioned above, a big part of the hacker’s strategy is to get their hooks into your address book and spread malware to others. As quickly as you can, send a message to all your email contacts and let them know that your email has been compromised. And if you’ve done so, let them know that you’ve reset your password so that your account is secure again. Likewise alert them that they shouldn’t open any emails or attachments from you that were sent during the time your account was compromised.  

4) Scan your device for malware and viruses: 

Also as mentioned above, there are several ways that a hacker can get a hold of your email account information—one of them by using malware. Give your device a thorough virus scan with comprehensive online protection software to ensure your device is free from malware. Set up a regular scan to run automatically if you haven’t already. That will help keep things clean in the long run. 

5) Check your other accounts:

 Sometimes one bad hack leads to another. If someone has access to your email and all the messages in it, they may have what they need to conduct further attacks. Take a look at your other accounts across banking, finances, social media, and other services you use and keep an eye out for any unusual activity. 

The bigger picture: Keep tabs on your identity 

More broadly speaking, your email account is one of the several pieces that make up the big picture of your online identity. Other important pieces include your online banking accounts, online shopping accounts, and so on. No question about it, these are things you want to keep tabs on. 

With that, check your credit report for any signs of strange activity. Your credit report is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem. 

Beyond keeping tabs on your identity, you can protect it as well. Online identity protection such as ours can provide around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance in the event your identity gets compromised. Additionally, it can put an identity recovery pro on the case if you need assistance in the wake of an attack or breach. Taking a step like this can help keep your email account safer from attack in the first place—along with many others as well. 

The post My email has been hacked! What should I do next? appeared first on McAfee Blogs.

]]>
Global Technology Provider Looks to MVISION Unified Cloud Edge https://www.mcafee.com/blogs/enterprise/cloud-security/global-technology-provider-looks-to-mvision-unified-cloud-edge/ Mon, 22 Nov 2021 15:04:14 +0000 https://www.mcafee.com/blogs/?p=131590

With the acceleration of cloud migration initiatives—partly arising the need to support a remote workforce during the pandemic and beyond—enterprises...

The post Global Technology Provider Looks to MVISION Unified Cloud Edge appeared first on McAfee Blogs.

]]>

With the acceleration of cloud migration initiatives—partly arising the need to support a remote workforce during the pandemic and beyond—enterprises are finding that this transformation has introduced new operational complexities and security vulnerabilities. Among these are potential misconfigurations, poorly secured interfaces, Shadow IT (access to unauthorized applications), and an increasing number of connected devices and users. To navigate these challenges, enterprises are relying on managed service providers to monitor and protect their cloud environment.

To better serve its customers and secure its own environments, one global technology provider decided to expand its existing on-premises data loss protection (DLP) and web protection with a comprehensive and robust cloud security strategy based on solutions from the  MVISION™ portfolio of solutions. Already a long-time user of McAfee Enterprise on-premises solutions, the global technology provider not only secured its internal cloud infrastructure consisting of more than 5,000 endpoints across over 30 locations worldwide, they also applied the same approach to the millions of endpoints they manage for more than 10,000 customers.

Evolving a Modern Cloud Security Approach

A primary objective for the global technology provider is securing data in the cloud in Software-as-a-Service (SaaS) applications (Microsoft Office 365, OneDrive, Salesforce, and others) and Infrastructure-as-a-Service (IaaS) platforms (Microsoft Azure, Amazon Web Services, Google Cloud Platform).

As a first step in its cloud journey, the global technology provider evaluated a number of cloud access security brokers (CASB) solutions. Ultimately, they decided to implement MVISION Cloud for AWS, Office 365, and Shadow IT. In addition to providing comprehensive visibility into cloud app usage, these solutions help with compliance; data loss prevention (DLP) by monitoring the movement of sensitive and confidential data content traveling to or from the cloud, within the cloud, and cloud to cloud; and detection and remediation of threats primarily through user and entity behavior analytics (UEBA).

Moving to a Consolidated Cloud Security Fabric

But the global technology provider didn’t stop there. When we rolled out MVISION Unified Cloud Edge, the global technology provider tested it and enthusiastically adopted it. As defined by Gartner, MVISION Unified Cloud Edge is an industry-leading example of Secure Access Service Edge (SASE), a security framework that brings together network connectivity and security into a single, cloud-delivered solution that supports business transformation, edge computing, and workforce mobility.

The global technology provider has reaped multiple advantages from this implementation across its own internal environment and for its customers.

Key advantage #1: Management ease and less overhead

MVISION Unified Cloud Edge combines multiple capabilities under one umbrella: CASB functionality with web proxy and DLP with a single administrative hub,  ePolicy Orchestrator® (ePO™) for streamlined management.

MVISION Unified Cloud Edge capabilities and the ease of integration with the McAfee Enterprise ecosystem has made life easier for the global technology provider’s team, saving time and resources. Now they can set consistent policies from device to cloud and provide users with accelerated and secure access to the tools they use every day, such as Box, Dropbox, and others. As the information security operations manager points out: “A single management console reduces overhead as does being able to set policies that we can sync and apply to multiple data sources on multiple cloud solutions, without having to recreate rules.”

Key advantage #2: Data protection policies in the cloud

MVISION Unified Cloud Edge has also enabled the global technology provider to further boost its cloud data protection. For example, it can detect data that is improperly managed and stored. Now the organization can apply their existing on-premises data policies to the cloud. For example, they can prevent certain user behaviors that may put both corporate and customer cloud data at risk. These include copying data to cloud apps or USBs, printing it, taking screen captures, accessing risky websites, and uploading data to unauthorized websites.

Key advantage #3: Improved control over apps

To create a more secure internal environment, MVISION Unified Cloud Edge has been invaluable for the global security provider. They have a better handle on the applications that are being used across their company. The solution also provides risk scores for the cloud apps that are being used to help steer users away from Shadow IT and toward using only authorized apps. When employees propose new apps to help them do their jobs better, the IT security team can check the security of these apps against requirements and make any necessary modifications to ensure compliance.

“The Shadow IT CASB automatically blocks all cloud services that are deemed high risk, both at our on-premises Web Gateway and the built-in cloud web gateway manager. So, when users attempt to use an unsanctioned SaaS application, they see a message explaining that the app is not safe,” notes the information security operations manager.

The global technology provider also sells SaaS solutions to its clients. With MVISION Unified Cloud Edge, the global technology provider can protect data on any newly sanctioned SaaS applications at no extra cost.”

A resounding endorsement

After a successful experience with McAfee Enterprise overall and specifically with the implementation of MVISION Unified Cloud Edge, the information security operation manager recommends the solution to any organization beginning or in the midst of migrating to the cloud.

“I would advise other companies thinking about their cloud transformation journey to seriously consider MVISION Unified Cloud Edge . . . It has a very user-friendly interface and does so much out of the box,” he asserts. “The level of granularity in policy setting lets you do things you don’t think possible or are much easier to accomplish than you realize. . . I don’t think any other vendor offers such a complete package.”

The post Global Technology Provider Looks to MVISION Unified Cloud Edge appeared first on McAfee Blogs.

]]>
McAfee Enterprise Continues to be a Leader in CASB and Cloud Security https://www.mcafee.com/blogs/enterprise/cloud-security/mcafee-enterprise-continues-to-be-a-leader-in-casb-and-cloud-security/ Mon, 22 Nov 2021 13:00:42 +0000 https://www.mcafee.com/blogs/?p=131611 Cloud Security Gateways (CSGs) are one of the hottest and most sought-after technologies in the market today, driven by the adoption of...

The post McAfee Enterprise Continues to be a Leader in CASB and Cloud Security appeared first on McAfee Blogs.

]]>
Cloud Security Gateways (CSGs) are one of the hottest and most sought-after technologies in the market today, driven by the adoption of cloud services for business transformation and the acceptance of hybrid workforce policies. CSGs, also commonly known as Cloud Access Security Brokers (CASBs), are responsible for enforcing security policies to protect cloud-hosted corporate assets from advanced threats, while enabling seamless and secure access to these assets from any location and device.  

We have witnessed an exponential growth in cloud usage in the past two years, primarily driven by remote workforce adoption. Based on the data collected by our research team from millions of connected McAfee Enterprise users across the globe, the overall usage of enterprise cloud services spiked by 50% across all industries, while the collaboration services witnessed an increase of up to 600% in usage. This led to an astonishing 630% increase in external attacks on the cloud accounts. Taking all these factors and trends into consideration, CSGs have become a highly essential element of any organization’s cloud security strategy, playing the most critical role for enabling data protection, threat prevention and compliance in the cloud. 

McAfee Enterprise continues to innovate in the cloud security space with a laser-focused strategy towards empowering our customers with the best-in-class cloud security solution. MVISION Cloud, recognized as the industry’s leading CSG solution, has become a vital part of enterprise security, allowing organizations to safely migrate to the cloud while protecting their “crown jewels” – the data. A huge testament to our cybersecurity vision is the IDC MarketScape Worldwide Cloud Security Gateways 2021 Vendor Assessment (Doc # US48334521, November 2021), and we are proud to announce that McAfee Enterprise has been recognized as a leader in the report. 

According to the report, “McAfee has a strong ecosystem of security solutions, including Secure Web Gateway, CSG, and endpoint security that it can integrate to enable customers in their data loss prevention, User Behavior Analytics, XDR, and threat prevention goals. McAfee has focused on providing robust protection and DLP, with the scale and speed necessary to support large user bases.” 

McAfee Enterprise’s multi-vector data protection capabilities go beyond the cloud to uniquely discover and protect sensitive assets on managed endpoints, in-network shares, and on-premises databases, enabling full scope of data protection from device-to-cloud. The industry-leading data protection and threat protection capabilities are tightly integrated with a unified policy framework that allows policy enforcement, data classification and incident management from a centralized console, reducing the cost and complexity of managing hybrid IT deployments, while improving the user experience. 

Figure 1: McAfee Enterprise Multi-Vector Data Protection 

MVISION Cloud is an integral component of our Unified Cloud Edge (UCE) solution, and together with McAfee Enterprise’s Next-Gen Secure Web Gateway (SWG) and MVISION Private Access (ZTNA) delivers the industry’s most comprehensive Security Services Edge (SSE) solution – the security element of the Secure Access Service Edge (SASE) framework. With McAfee Enterprise’s DLP technology being the common denominator across all the core SSE components, organizations can seamlessly utilize a unified, data-centric framework for centralized visibility and control over their entire digital footprint, while riding on an accelerated path for digital transformation and workplace mobility. 

Figure 2: MVISION Unified Cloud Edge (UCE) 

Our mission towards building a unified security platform for protecting data from device-to-cloud and defending against advanced threats and adversaries has established McAfee Enterprise as a leader in cybersecurity across multiple forums, and the 2021 IDC MarketScape report is another distinguished feather in our decorated cap. 

The post McAfee Enterprise Continues to be a Leader in CASB and Cloud Security appeared first on McAfee Blogs.

]]>
Zero Care About Zero Days https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/zero-care-about-zero-days/ Mon, 22 Nov 2021 05:01:48 +0000 https://www.mcafee.com/blogs/?p=131440

The time to repurpose vulnerabilities into working exploits will be measured in hours and there’s nothing you can do about...

The post Zero Care About Zero Days appeared first on McAfee Blogs.

]]>

The time to repurpose vulnerabilities into working exploits will be measured in hours and there’s nothing you can do about it… except patch

By Fred House

2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. Some cite this as evidence of better detection by the industry while others credit improved disclosure by victims. Others will simply conclude that as the “upside” grows (e.g., REvil demanding $70M or Zerodium paying $2.5M for exploits) so too will the quantity and quality of players. But the scope of these exploitations, the diversity of targeted applications, and ultimately the consequences to organizations were notable as well. As we look to 2022, we expect these factors to drive an increase in the speed at which organizations respond.

If we look back at the past 12 months, we have seen notable breaches that highlight the need for organizations to improve response times:

ProxyLogon. When we first learned in 2020 that roughly 17,000 SolarWinds customers were affected, many reacted in shock at the pure scope of the compromise (it should be noted that a small subset of these customers are believed to have been compromised by follow-on activity). Unfortunately, 2021 brought its own notable increase in volume. Two weeks after Microsoft released a patch for ProxyLogon they reported that 30K Exchange servers were still vulnerable (less conservative estimates had the number at 60K).

ProxyShell. ProxyShell, a collection of three separate vulnerabilities (CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523), was Exchange’s second major event of the year after ProxyLogon. In August, a Black Hat presentation outlining Exchange Server vulnerabilities was followed the next day by the release of an exploit POC, all of which had been patched by Microsoft months earlier in April/May. This analysis of data captured by Shodan one week after the exploit POC was released concluded that over 30K Exchange servers were still vulnerable, noting that the data may have underrepresented the full scope (i.e., Shodan hadn’t had time to scan the full Internet). In summary: patched in the Spring, exploited in the Fall. So, what happened in the interim you ask? The vulnerabilities in the Microsoft Client Access Service were exploited by threat actors who deployed web shells to execute arbitrary code on compromised mobile devices and web browsers.

vCenter Server. Another notable example occurred in May when VMWare released a patch for a remote code execution vulnerability in vCenter Server. This subsequent analysis concluded that over 4,000 systems remained vulnerable one week after the patch was released. Much like Exchange servers, where a typical company will only host a handful of servers, 4,000 vulnerable vCenter servers likely represents thousands of distinct companies.

Kaseya VSA. One bright spot may in fact be the Kaseya VSA breach. On July 2, REvil launched an unprecedented (anyone else tired of that word?) ransomware campaign against public facing VSA servers. Within two days the DIVD CSIRT reported that the number of exposed VSA servers had dropped from 2,200 to 140. Some estimates suggested that around 50 MSPs were compromised, affecting between 800 and 1500 business. While this doesn’t sound like much of a bright spot, patching 94% of the affected systems in two days surely helped reduce the success of REvil copycats.

So, what can we take away from all of this? Well, attackers and security researchers alike will continue to hone their craft until weaponized exploits and POCs are expected within hours of vulnerability disclosure. In turn however, and largely driven by the increased consequences of compromise, we can also expect renewed diligence around asset and patch management. From identifying public facing assets to quickly deploying patches despite potential business disruption, companies will have a renewed focus on reducing their “time to patch.”

Still not convinced? Well, the US government is. Checkout Binding Operational Directive 22-01 published on November 3rd which compels all federal agencies to remediate known exploited vulnerabilities in two weeks or sooner “in the case of grave risk to the Federal Enterprise”. It’s no coincidence that CISA’s known exploited vulnerabilities catalog, which catalogues the vulnerabilities that must be remediated, includes every one of our examples above with a two-week remediation deadline. If the US government can do it, you can too!

The post Zero Care About Zero Days appeared first on McAfee Blogs.

]]>
Ransomware Threats Affecting the Public Sector https://www.mcafee.com/blogs/enterprise/ransomware-threats-affecting-the-public-sector/ Thu, 18 Nov 2021 17:03:00 +0000 https://www.mcafee.com/blogs/?p=131446

In the October 2021 Threat Report, McAfee Enterprise ATR provides a global view of the top threats, especially those ransomware...

The post Ransomware Threats Affecting the Public Sector appeared first on McAfee Blogs.

]]>

In the October 2021 Threat Report, McAfee Enterprise ATR provides a global view of the top threats, especially those ransomware attacks that affected most countries and sectors in Q2 2021, especially in the Public Sector (Government).


In June 2021 the G7 economies urged countries that may harbor criminal ransomware groups to take accountability for tracking them down and disrupting their operations. Let’s review the high severity campaigns and threat profiles added to MVISION Insights recently.

Threat Profile Conti Ransomware & BazarLoader to Conti Ransomware in 32hrs

Conti has been one of the top Ransomware groups in 2021, including a new campaign reported in September 2021. As mentioned earlier in this report, the public sector seems to be the sector most affected by Ransomware attacks. McAfee Enterprise provides regular publications on the strategies to defend against ransomware, such as this blog.

Other Recent Threats Affecting the Public Sector

CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability

This is a serious Microsoft Office vulnerability reported in September 2021 by Microsoft, McAfee Enterprise and other sources. The MVISION Insights heat map shows the prevalence of the Indicators of Compromise (IOCs) associated with this threat in the first half of October 2021.

Although Microsoft has provided guidance on a workaround, it can be challenging for many public sector organizations to deploy these patches quickly. To help you be more agile, McAfee Enterprise has released its own guidance leveraging ENS, EDR and NSP.

Microsoft Office vulnerabilities are commonly exploited in the early phases of the attack lifecycle. BazarLoader, mentioned earlier with the Conti Ransomware, has also been used with Word and Excel documents. In the MITRE Enterprise ATT&CK framework this technique is known as T1203, which we can find in 177 campaigns and threat profiles in MVISION Insights.

Threat Profile APT41 & APT41 Malware Identified Doing the ChaCha at SAS21

APT41 is a state sponsored threat group linked to China and associated with multiple campaigns, including a new campaign reported in September 2021. Although Ransomware is currently the main cyber threat type which hits the news, state sponsored threat groups are equally concerning, especially in the public sector for organizations with sensitive government and citizen data, which could be potentially exploited by a foreign nation like China.

In the second part of this report, we highlight how you can leverage the data from MVISION Insights to find traces of these attacks to enhance your level of protection.

Cloud Threats Affecting the Public Sector

In the October 2021 Threat Report, McAfee Enterprise ATR also assessed the prevalence of Cloud Threats, identifying the US Government sector as one of the top 10 verticals affected.

Many governments are moving quickly to adopt cloud technologies to bring services for their citizens, for collaboration and cost savings.

Inadequate readiness to address cloud security has been the primary contributor of these threats. Several cloud-native controls exist to protect sensitive data from loss or theft in real time, such as:

Operationalize Threat Intelligence

In the second part of this report, we want to give you some guidance on how you can operationalize this threat intelligence data to better protect your networks. MVISION Insights can help operationalize McAfee Enterprise Threat Intelligence data by providing risk assessment against threats affecting you, protective guidance and integrating with other tools to share threat data.

Let’s take the previous example of the Conti Ransomware Threat Profile. Below you can see how MVISION Insights provides:

1. A short description with the list of CVEs linked to this threat profile, the minimum version of McAfee Enterprise ENS AMcore content to be correctly protected against this threat, detections in your environment and on which device.

2. The list of related campaigns, the devices with unresolved detections related to these campaigns or those with insufficient protections.

3. The list of MITRE techniques and tools, which provide a universal and agnostic overlay of the threats, as well as details on the observables specific to this threat profile for each MITRE technique.

4. The list of IOCs with filters, IOC attributes, and IOC export features which you can use to share them with your other solutions, such as your SIEM, and which you can also share with other public sector entities. We also provide a direct integration with MVISION EDR. Alternatively, you can leverage the APIs to automate the exchange of IOCs.

If you find devices with these IOCs in MVISION EDR you can take immediate remote actions such as quarantine the device, kill the process, remove the files, or run custom scripts.

You can also use MVISION EDR for more advanced threat hunting such as searching for specific MITRE techniques in all MVISION EDR alerts …

… or in the MVISION EDR monitoring view which automatically groups the alerts.

5. MVISION Insights also provides hunting rules created by McAfee Enterprise Threat Intelligence experts using Yara, Sigma and McAfee Enterprise ENS expert rules.

6. A proactive assessment of your Endpoint and Cloud security posture score with guidance on the configuration changes which you should follow to ensure that your McAfee Enterprise Endpoint and Cloud solutions are protecting you with their full capabilities.

7. And all this, with more than 1,200 threat campaigns and threat profiles

MVISION APIs give you the ability to integrate and to exchange this extensive Threat Intelligence data with your SOC tools, including Threat Intelligence Platforms (TIPs) and Security Orchestration Automation and Response (SOAR).

These integrations can be used both in Internet-facing and closed networks. For advanced Threat Intelligence teams, our Advanced Program Group (APG) provides “Threat Intelligence as a Service” (INTAAS) including:

  • Access to the unaggregated raw data behind MVISION Insights
  • Access to McAfee Private Global Threat Intelligence (GTI)
  • Threat Assessments
  • Adversary Monitoring and Attribution
  • IOC enrichment
  • Reverse Engineering

Summary

To conclude, here is a summary of the use cases you can achieve with MVISION Insights in the public sector:

  1. Start your threat intelligence program despite a lack of time and expertise
  2. Improve your existing Threat Intelligence program
  3. Check whether you have been breached by leveraging McAfee Enterprise ENS and NPS
  4. Predict threats, including ransomwares, that are most likely going to hit you
  5. Prioritize threat hunting using the most relevant indicators
  6. Enrich investigations with MVISION EDR/XDR
  7. Integrate with your other SOC solutions
  8. Deliver on-premise Threat Intelligence for restricted networks
  9. Proactively assess your protection status with McAfee Enterprise ENS and MVISION Cloud
  10. Improve Zero Trust with Threat Intelligence

If you want to learn more on our Threat Intelligence capabilities and participate in Architecture or Incident Response Workshops, contact your local McAfee Enterprise representative.

The post Ransomware Threats Affecting the Public Sector appeared first on McAfee Blogs.

]]>
Digital Transformation Needs to (Re)Start with Security https://www.mcafee.com/blogs/enterprise/digital-transformation-needs-to-restart-with-security/ Thu, 18 Nov 2021 15:00:00 +0000 https://www.mcafee.com/blogs/?p=131176

In life, regret tends to take on many shapes and forms. We often do not heed the guidance of the...

The post Digital Transformation Needs to (Re)Start with Security appeared first on McAfee Blogs.

]]>

In life, regret tends to take on many shapes and forms. We often do not heed the guidance of the common anecdotes we hear throughout our days and years. From “look before you leap” to “an apple a day keeps the doctor away” – we take these sayings in stride, especially when we cannot necessarily provide proof of their veracity!

One particular trope that may incite ire, frustration, or regret when applied to enterprise security is – “once bitten, twice shy.”

In its very literal sense, we’re taught that if we’re bitten by something once – whether that be dog or security breach – we’re innately cautious or fearful of falling into a similar scenario. With dogs or any animal, we may pivot our behavior to avoid sharp teeth. However, with security breaches, many enterprises continue to be blindsided by “bites” – despite believing they’ve taken the utmost of caution to protect against them.

There is a clear disconnect between enterprise-preparedness and the severity of today’s threat landscape. We continue to see that no enterprise is immune to threats and breaches, with ransomware campaigns continuing to get more sophisticated and prevalent. We’re also seeing cyber criminals work together, banding as an enterprise themselves sharing common tools and knowledge. This means, as cyber criminals become more business-savvy, operational, and efficient – the enterprises they look to attack need to consistently be one step ahead to anticipate and prevent breaches.

Safety First, Now More Than Ever

The term digital transformation is not new by any means, but it needs to be newly approached through a security-first lens. For successful digital transformation to occur today, major industries need to focus on superior prevention against threats.

It’s time for business leaders to stop focusing on the “breach of the month” and more on building security into the fabric of their organizations so they’re not the next victims. For this to happen, it is imperative to break down silos of threat and information intelligence across the organization, enabling a collaborative, holistic, and strategic approach to securing the business.

Additionally, as we’re seeing more prevalent and sophisticated attacks, enterprises need to lean into the transformative technologies that can keep up with evolving techniques. AI provides for personalization of security – a key advantage as it can prioritize detection and response to allow organizations to focus on growth outcomes instead of spending time recouping lost data, customers, revenue, efficiencies, or more that can come at the expense of a threat or breach.

Placing security at the forefront of strategies can unleash the full potential of what digital transformation can make possible. With this approach and a mindset focused on prevention and cyber-readiness as the catalyst aiding true digital and business transformation, we have the power to turn the headlines around. It is time for enterprises to bite back, and the criminals to shy away.

The post Digital Transformation Needs to (Re)Start with Security appeared first on McAfee Blogs.

]]>
Can Thieves Steal Identities With Only a Name and Address? https://www.mcafee.com/blogs/consumer-cyber-awareness/can-thieves-steal-identities-with-only-a-name-and-address/ Wed, 17 Nov 2021 14:11:50 +0000 https://www.mcafee.com/blogs/?p=131266 Can someone steal identity with name and address?

Can thieves steal identities with only a name and address?  In short, the answer is “no.” Which is a good...

The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blogs.

]]>
Can someone steal identity with name and address?

Can thieves steal identities with only a name and address? 

In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.  

If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.  

With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them. 

For starters, this information is so general that it is of little value in of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams. For example, with your name and address a thief could: 

Research public databases for further pieces of information about you. 

There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as: 

  • How long you’ve lived in your current home, what you paid for it, and what it’s valued at today. 
  • If you’re a registered voter and if you voted in a recent election. (Not how you voted, though!) 
  • Also, if you’re a veteran or the owner of a cat or dog (through pet licenses). 

In the U.S., the availability of such information will vary from state-to-state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit a library or public office. 

Send you phishing attacks and scams by physical mail. 

Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or by impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).  

What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers are bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online, which we outline in detail here 

Redirect your physical mail, essentially committing mail fraud. 

Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills. 

The Postal Service has mechanisms in place to prevent this, however. Among which, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.  

Protecting your good name (and identity too) 

So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble. Other crucial pieces of your identity include:  

Your Social Security Number or tax ID number: 

Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.  

You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned. 

Your passport and driver’s license: 

Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye. 

Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.  

Your card and account information: 

With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who’re after direct access to your finances and more.  

Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date. 

Extra steps for extra identity protection  

In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure. 

1. Install and use online protection software: By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like create and manage the strong, unique passwords we talked about and provide further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) 

2. Shred your stuff: Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collect your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too. 

3. Go paperless: Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves. 

4. Use a VPN: A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you anonymous, by masking your IP address, while connecting to public Wi-Fi hotspots. This is a great way to shield your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online. 

5. Monitor your accounts: Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot. 

6. Check your credit report: This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem. 

Your name and address are just two pieces of a larger puzzle 

While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.  

And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life.   

The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blogs.

]]>
5 Signs Your Device May be Infected with Malware or a Virus https://www.mcafee.com/blogs/consumer-cyber-awareness/5-signs-your-device-may-be-infected-with-malware-or-a-virus/ Wed, 17 Nov 2021 00:19:00 +0000 https://www.mcafee.com/blogs/?p=131380

The malware landscape is growing more complex by the minute, which means that no device under your family’s roof—be it...

The post 5 Signs Your Device May be Infected with Malware or a Virus appeared first on McAfee Blogs.

]]>

The malware landscape is growing more complex by the minute, which means that no device under your family’s roof—be it Android, iPhone, PC, or Mac—is immune to an outside attack. This reality makes it possible that one or more of your devices may have already been infected. But would you know it? 

Ho Ho Ho, Merry Hackmas 

According to 2021 statistics from the Identity Theft Resource Center (ITRC), the number of data breaches reported has soared by 17 percent over last year. In addition, as reported by McAfee, cybercriminals have been quick to take advantage of the increase in pandemic connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware, and more. With Black Friday and Cyber Monday now at hand, we can count on even more new threats.  

Have you been hacked? 

Often, if your device has been compromised, you know it. Things get wonky. However, with the types of malware and viruses now circulating, there’s a chance you may not even realize it. The malware or virus may be working in the background sending usage details or sensitive information to a third party without disrupting other functions. So, be on the lookout for these tell-tale signs.  

5 signs of malware or a virus 

  1. Your device is hot to the touch. When you accidentally download malware, your device’s internal components immediately begin working harder to support the malware or virus that’s been embedded. This may cause your device to be hot to the touch or even overheat.  
  2. Everything ‘feels off.’ Much like a human virus can impact our whole body, a digital virus can impact every area of a device’s performance. For instance, it may cause websites to load slower, it may cause apps to crash, or your battery may not hold a charge. Overall performance remains sluggish no matter how many times you reboot or how many large files you delete.  
  3. An increase in random pop-ups and new apps. If your device is housing a malicious app or a virus, you may notice an increase in random pop-ups (more than usual). And, if you take a closer look at your app library, you may even see app icons from apps you never downloaded.   
  4. Fraudulent links from your accounts. It’s common for malware to gain access to your contacts list and then use your phone to send out messages to your friends—a powerful tactic designed to spread the malware to your contacts and their contacts and so on. This can happen via email, and more commonly, via your social media accounts. If you notice this cycle, change your passwords immediately and scan your devices for malware that may be working in the background on all devices.  
  5. You have unauthorized charges. If you notice unauthorized charges on your credit card or banking statements, dig deeper. It may be a malicious app making purchases on your behalf or malware that’s grabbed your personal information to make fraudulent purchases.  

Ways to safeguard family devices

  • Stay on top of updates. In addition to installing comprehensive security software to block malware and viruses, be sure to update your device’s security features. Regular updates give you the latest security features, some of which have been developed to thwart specific attacks. 
  • Use strong, unique passwords. Every family device should have a strong password along with a unique username. This means changing your factory settings immediately and getting your family on a schedule to change passwords.  
  • Know your apps. Only download apps from trusted sources. Avoid third-party apps. Also, consider researching the app safeguards and reading reviews before installing. A best practice is to stick to apps from the app store or verified associated app stores. 
  • Don’t click that link. Slow down and notice your digital surroundings. Does that link look suspicious? Phishing scams that load malware and viruses onto your devices often come in emails, text messages, or via your trusted social media circles.  
  • Lockdown settings and limit app permissions. A great way to block malware is to make all accounts as private as possible and limit app permissions. Instead of opting for “always-on” in an app’s permissions, change the setting, so it requires you to give the app permission every time. In addition, if an app requests access to your contacts or connect to other apps in your digital ecosystem, decline. Each time you allow an app to connect to different branches of your digital footprint, you hand over personal data and open yourself up to various new risks.  
  • Clear browsing history. Take the time to go through your history and data. If you notice a suspicious link, delete it. Clear your browsing history by choosing your browser and clicking “clear history and website data.” 

Next steps 

If you discover a family device has been compromised, there are several things you can do. 1) Install security software that will help you identify the malware so you can clean your device and protect yourself in the future. 2) Delete any apps you didn’t download, delete risky texts, delete browsing history and empty your cache. 3) In some situations, malware warrants that you wipe and restore your device (Apple or Android) to its original settings. Before doing so, however, do your research and be sure you’ve backed up any photos and critical documents to the cloud. 4) Once you’ve cleaned up your devices, be sure to change your passwords.  

The surge in malware attacks brings with it a clear family mandate that if we want to continue to live and enjoy the fantastic benefits of a connected life, we must also work together at home to make online safety and privacy a daily priority.  

The post 5 Signs Your Device May be Infected with Malware or a Virus appeared first on McAfee Blogs.

]]>
Qualities of a Highly Available Cloud https://www.mcafee.com/blogs/enterprise/cloud-security/qualities-of-a-highly-available-cloud/ Tue, 16 Nov 2021 15:00:01 +0000 https://www.mcafee.com/blogs/?p=131185

With the widespread adoption of hybrid work models across enterprises for promoting flexible work culture in a post pandemic world,...

The post Qualities of a Highly Available Cloud appeared first on McAfee Blogs.

]]>

With the widespread adoption of hybrid work models across enterprises for promoting flexible work culture in a post pandemic world, ensuring critical services are highly available in the cloud is no longer an option, but a necessity. McAfee Enterprise’s MVISION Unified Cloud Edge (UCE) is designed to maximize performance, minimize latency, and deliver 99.999% SLA guaranteed resiliency, offering blazing fast connectivity to cloud applications from any location and causing no service degradation, even when the usage of cloud services spiked 600% during the COVID-19 pandemic, as reported in our Cloud Adoption and Risk Report (Work From Home Edition). This blog shares details on how MVISION UCE is architected to enable uninterrupted access to corporate resources to meet the demands of the hybrid workforce.

MVISION UCE, our data-centric, cloud-native Security Service Edge (SSE) security platform, derives its capabilities from McAfee Enterprise’s industry leading Secure Web Gateway and Enterprise Data Protection solutions. However, this is not a lift and shift of capabilities to the cloud, which would have made it prone to service outages and impossible to have the flexibility that is needed to meet the demands of SSE. Instead, the best of breed functionality was purposefully reconstructed for SSE, using a microservices architecture that can scale elastically, and built on a platform-neutral stack that can run on bare metal and public cloud, equally effectively. A hallmark of the architecture is that the cloud is a single global fabric where service instances are spread throughout the globe. Users automatically access the best instance of any service through policy configuration.

What other alternatives are out there? We have seen some cloud services replicated in each region of their presence. While this makes controlling resources and data simple, and keeps everything within a boundary, such an approach loses out on the flexibility needed to scale on demand and reduced latency on access. With UCE, each point of presence (POP) is part of the global fabric, yet at the same time, fully featured with all services housed within the POP. This avoids the need to send traffic back and forth between various services located at different locations, a phenomenon known as traffic hairpin.

By default, user traffic gets processed at the POP closest to their physical location, regardless of where the user may be. A user may work at their office in New York 90% of the time and travel to UK occasionally. When the user connects to MVISON UCE, they are connected to New York POP when they are at office, and the POP in London if they are in a UK hotel while traveling. This is a big advantage if you think about it. User’s traffic does not need to trombone from the hotel in UK, to the POP in New York and back to a server in London. MVISION UCE’s out-of-the-box traffic routing scheme favors low latency. This does not mean that the customer cannot override this policy and force the traffic to be processed at the New York POP. They might do so if there is a compliance need to process all traffic at a certain location. Many customers have a need to store logs in a certain geography even though traffic processing may occur anywhere on the globe. MVISION UCE architecture decouples log storage from traffic processing and lets the customer choose their log storage geography based on criteria that customers define.

One of the key considerations while choosing a SSE vendor would be how much latency the service adds to user’s requests. Significant latency can negatively affect user experience and could be a deterrent to product adoption. With 85 POPs strategically placed around the globe providing low latency access to customers, UCE POPs have direct peering with the biggest SaaS vendors like Microsoft, Google, Akamai, and Salesforce to further reduce latency. In addition, MVISION UCE POPs peer with many ISPs around the globe, enabling high bandwidth and low latency connectivity end to end, from the customer’s network to UCE and from UCE to the destination server.

With thousands of peering partners growing every day, over 70% of traffic served by MVISION UCE uses peering links in some geographies. The whitepaper, How Peering POPs Make Negative Latency Possible, shares details about a study conducted by McAfee Enterprise to measure the efficacy of these peering relationships. This paper is proof that UCE customers experience faster response times going through our POPs than they would usually get by going directly through their Internet Service Providers. UCE follows a living partnership model when it comes to peering, with thousands of peering relationships in production. We are committed to keeping the latency to a minimum.

You may be wondering what the secret sauce is for achieving a reliability of five 9s or higher in MVISION UCE. Several items play a crucial role in preventing unplanned service degradation.

  1. Redundantly provisioned components that allow for one or more instances to pick up the work when one of them goes down. Unexpected system failures and interruptions do occur in the real world and having a good architecture that detects failures early and reroutes the traffic to another suitable instance is paramount to maintaining availability. A combination of client redirection, server-side redirection, along with deep application state tracking, is used to seamlessly bypass a failed spot. The global nature of the fabric allows for multiple simultaneous failures without causing a local outage.
  2. State of the art automation and deployment infrastructure is key to localize issues, maintain redundancy, and react automatically when issues are found. Containerized workloads over Kubernetes are the foundation of the cloud infrastructure in MVISION UCE, which facilitates fast recovery, canary rollouts of software, and elastic scaling of the infrastructure in case of peak demand. This is combined with an extensive automation and monitoring framework that monitors the customer’s experience and alerts the operations team of any localized or global service degradation.
  3. Ability to scale up on demand at a global scale. We are not talking about scale out within a POP here. Many times, physical data centers have a hard limit on resources and sometimes it takes several months to add new servers and resources at a physical site. We are talking about bursting out to newly provisioned POPs when the traffic demands, in a matter of hours. Through extensive automation and intelligent traffic routing, a new MVISION UCE POP can be deployed in public cloud quickly and start absorbing load, providing the needed cushion to avoid traffic peaks that could otherwise cause service degradation when usage patterns change. This capability allowed MVISION UCE to successfully handle increasing demand when customer VPNs could not handle the load created by dramatically increased remote work due to the pandemic last year.

At McAfee Enterprise, security is not an afterthought. From the start, the architecture was designed with zero trust in mind. Services are segmented from one another and follow the least privileged principle when resources need to be shared between services. Industry standard protocols and methodologies are used to enforce user and identity access management (UAM/IAM). Strong role-based access controls (RBAC) across the platform keep customer’s data separate and provide self-defense when a service is compromised. None of these features matter if the software is vulnerable. McAfee Enterprise follows one of the strictest Software Development Life Cycle (SDLC) processes in the industry to eliminate known vulnerabilities and threats in our software as it is written.

Another aspect of security that is gaining momentum these days is data privacy. This is at the forefront of all feature designs in MVISION UCE. Usually, data privacy means tokenization or anonymization of customer private data stored in MVISION UCE, be it logs or other metadata. At McAfee Enterprise, we strive to take this a step further. We do not want to retrieve private data from the customer environment if it can be avoided. For example, to evaluate a policy that involves customer premise data, UCE can offload the evaluation to a component on the customer premise. Case in point, McAfee Client Proxy (MCP) that is installed on user’s machine can perform a policy evaluation and avoid sending private data to the cloud. The McAfee Enterprise cloud leverages the results of the evaluation to complete the policy execution. Where this is not possible, private data is anonymized at the earliest entry point in the cloud to minimize data leaks.

Last but not the least, a chain is only as strong as its weakest link, and physical data center security must also be considered. Global partners are selected only after careful evaluation of their facilities and infrastructure that will host our data centers, while other vendors in this space are working with a larger set of less rigorously qualified regional partners to increase their presence. The McAfee Enterprise approach provides the necessary guard rails against supply chain attacks that our customers demand.

There are other architectural gems hidden within UCE and thus failing to mention them would make this article incomplete. First, the policy engine is exposed in the form of code with which the customer can construct complex policies without being constrained by what UI provides. If you are a user of MVISON UCE, you can see this in action by enabling “Code View” in the Web Policy tree. If you do not like the way policy nodes are ordered in the tree or the evaluations made by default, you can take complete control and process the traffic in any manner you wish. By the way, the policy is so flexible that one can write a policy to process traffic in one region and store logs in another region.

Second, policy evaluation can be distributed across various components which allows its evaluation at the earliest point in the network. This avoids hauling all traffic to the cloud to apply policy. For example, if a sensitive document needs to be blocked due to data protection rules, the DLP agent running on the user’s machine can block it instead of hauling the traffic to cloud for classification and blocking. This strategy reduces load on the cloud and consequently increases the scale at which we can process requests.

Lastly, all services are automated and require no manual intervention to provision a customer unlike other vendors that require a support ticket to provision some features. Independent of where your account has been provisioned and where your preferred UI console resides, polices that you author are stored in a global policy system that is synchronized to all POPs around the world, giving you the flexibility to process traffic anywhere in the world.

To conclude, all clouds are not built equally. Architecture of a cloud is a matter of choice and tradeoffs. MVISON UCE implements a global cloud and puts customers in the driver’s seat through programmatic policies, that are secure, scalable, and highly available.

To learn more about how MVISION UCE can help ensure your critical services are highly available in the cloud, watch this short video or visit our MVISION UCE page to get started.

The post Qualities of a Highly Available Cloud appeared first on McAfee Blogs.

]]>
How I Got Here: Trevor’s Career Journey Across Four Countries and Five Roles https://www.mcafee.com/blogs/consumer/how-i-got-here-trevors-career-journey-across-four-countries-and-five-roles/ Tue, 16 Nov 2021 14:33:23 +0000 https://www.mcafee.com/blogs/?p=131332

In this career-journey series, Marketing Director Trevor shares why patient listening is the most helpful skill he’s acquired, the top...

The post How I Got Here: Trevor’s Career Journey Across Four Countries and Five Roles appeared first on McAfee Blogs.

]]>

In this career-journey series, Marketing Director Trevor shares why patient listening is the most helpful skill he’s acquired, the top career advice he’s received, and how his career at McAfee has taken him across four countries and five roles in 11 years. 

Learn more about the steps they took to find success and their advice to help you do the same. 

Q: Tell us about your McAfee career journey. 

“Three continents, four countries, five roles, eleven years. At McAfee, I’ve lived and worked in the United Kingdom, Afghanistan (mobilized as an army reservist), Luxembourg, and the United States. I’ve worked in acquisition marketing, sales, marketing operations and technology, retention marketing, and strategic projects.” ​​​​​​​​​​​​​​

Q: What do you like most about working at McAfee? 

“Great people, interesting problems, and we’re always driving new ways to innovate and grow the business.”

Q: Can you share more about your role and typical day? 

“In terms of a workday, no two are alike, but there are three constants to what I’m working on:

I’m delivering projects that drive or protect McAfee’s future revenue streams and profitability or I’m Uncovering, stitching, and interpreting facts and information into a narrative to advise and inform senior leadership decision making 

I’m learning & developing myself. Since I joined McAfee the company has supported me in gaining an advanced degree in E-Commerce Technology from Manchester University and more recently supported me in attending Stanford University’s Graduate School of Business.   

After March 2020 our local office went remote.  This has meant I was able to restructure and balance out my home life. My day always starts the same (early) followed by coffee, gym, or training at ice hockey, and then family breakfast and dropping my son off at school. Workflows throughout the day.  McAfee is an environment where you can balance your life and work.   

Whilst I miss the daily interaction with my colleagues, the local ones all live within 5-30 minutes of me, allowing for many impromptu or planned meet-ups 😊.”

 

Q: What is one of the most helpful skills you have developed in your career at McAfee?

“Listening persistently and patiently .

Being heard and delivering growth starts with listening.  In a complex organization, there can be a lot of people impacted by what might, at first, be considered a simple change.   

Persistence and tenacity are what helps you maintain your drive towards a goal or a project.    

Patience is what pulls it all together. It takes time to get everyone on board, and then it takes more time for them to align, start, forget, get distracted, restart, fall down, pick themselves up and start running. “

Q: What makes your role exciting?

“I love working and interacting with people across all functions, groups, and locations. I love learning about new cultures, perspectives, and the different behaviors of consumers worldwide that we have to plan and adapt for. I also love the diversity of work and activity of what I get to do! ”

Q: Tell us about a time when you had to get outside of your comfort zone to further your career development.

“One day my leader asked me if I would be willing to move into a sales role to better align with the strategic direction of the company while building out my own skillset. Instead of panicking about the unknown, I made a decision to embrace this as a growth opportunity.  

From scratch, I built up a sales pipeline, learned how to negotiate, run contracts, and negotiate. I shadowed our best sales leaders, read and re-read ‘How to Win Friends and Influence People’, learned Sandler methodology, and had to cold call (it’s not as scary as it sounds and there’s a true art in doing it well!).  

The result of these efforts? I closed multiple deals and built up a digital reseller network. I still remember the first deal I closed. As soon as the prospect agreed to the number proposed, I kicked myself under the table… I realized I should have negotiated and asked for more! But experience is how we learn and the skills I acquired during this period ultimately made me a better marketer and put me on the path I’m on today.”

Q: What advice would you give to prospective McAfee employees who are looking to drive their career forwards?

“I also wondered the same thing, so I asked a senior McAfee executive about how she’d managed to get to the top of the organization.   

I’ll never forget her response – “I asked.” 

I interpreted that as… be a positive force for the people around you, deliver results, ask for more… and your career will continue moving forwards.”   

Thinking about how to propel your career forward? Interested in hearing more about how McAfee fosters career growth and development? Stay tuned for more in our ‘How I Got Here’ series as we spotlight the journeys of team members who cultivated rich and impressive career paths here at McAfee. 

Want to join a team that invests in YOU? Check out our roles today. 

The post How I Got Here: Trevor’s Career Journey Across Four Countries and Five Roles appeared first on McAfee Blogs.

]]>
Cloud API Services, Apps and Containers Will Be Targeted in 2022 https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/cloud-api-services-apps-and-containers-will-be-targeted-in-2022/ Mon, 15 Nov 2021 05:01:18 +0000 https://www.mcafee.com/blogs/?p=131074

McAfee Enterprise and FireEye recently teamed to release their 2022 Threat Predictions. In this blog, we take a deeper dive...

The post Cloud API Services, Apps and Containers Will Be Targeted in 2022 appeared first on McAfee Blogs.

]]>

McAfee Enterprise and FireEye recently teamed to release their 2022 Threat Predictions. In this blog, we take a deeper dive into cloud security topics from these predictions focusing on the targeting of API services and apps exploitation of containers in 2022.

5G and IoT Traffic Between API Services and Apps Will Make Them Increasingly Lucrative Targets

Recent statistics suggest that more than 80% of all internet traffic belongs to API-based services. It’s the type of increased usage that grabs the attention of threat developers hunting for rewarding targets.

Feature-rich APIs have moved from being just a middleware to applications and have evolved to become the backbone of most modern applications that we consume today. Examples include:

  • 5G mobile applications – 5G connectivity and deployment of IoT endpoints have increased dramatically providing higher capacity for broader connectivity needs.
  • Internet of Things – More than 30.9 billion IoT devices are expected to be in use worldwide by 2025. The industrial IoT market was predicted to reach $124 billion in 2021
  • Dynamic web-based productivity suites – Global cloud-based office productivity software market is expected to reach $50.7 billion by 2026

In most cases, attacks targeting APIs go undetected as they are generally considered as trusted paths and lack the same level of governance and security controls.

The following are some of the key risks that we see evolving in the future:

  1. Misconfiguration of APIs resulting in unwanted exposure of information.
  2. Exploitation of modern authentication mechanisms such as Oauth/Golden SAML to obtain access to APIs and persist within targeted environments.
  3. Evolution of traditional malware attacks to use more of the cloud APIs, such as the Microsoft Graph API, to land and expand. We have already seen evidence of this in the SolarWinds attack as well as other threat actors such as APT40/ GADOLINIUM.
  4. Potential misuse of the APIs to launch attacks on enterprise data, such as ransomware on cloud storage services like OneDrive, etc.
  5. The usage of APIs for software-defined infrastructure also means potential misuse leading to complete infrastructure takeover or shadow infrastructure being created for malicious purposes.

Gaining visibility into application usage with the ability to look at consumed APIs should be a priority for organizations, with the goal of ultimately having a risk-based inventory of accessed APIs and a governance policy to control access to such services. Having visibility of non-user-based entities within the infrastructure such as service accounts and application principles that integrate APIs with the wider enterprise eco-system is also critical.

For developers, developing an effective threat model for their APIs and having a Zero Trust access control mechanism should be a priority alongside effective security logging and telemetry for better incident response and detection of malicious misuse.

Expanded Exploitation of Containers Will Lead to Endpoint Resource Takeovers

Containers have become the de facto platform of modern cloud applications. Organizations see benefits such as portability, efficiency and speed which can decrease time to deploy and manage applications that power innovation for the business. However, the accelerated use of containers increases the attack surface for an organization. Which techniques should you look out for, and which container risk groups will be targeted? Exploitation of public-facing applications (MITRE T1190) is a technique often used by APT and Ransomware groups. MITRE T1190 has become a common entry vector given that cyber criminals are often avid consumers of security news and are always on the lookout for a good exploit. There are numerous past examples in which vulnerabilities concerning remote access software, webservers, network edge equipment and firewalls have been used as an entry point.

The Cloud Security Alliance (CSA) identified multiple container risk groups including:

  • Image risks
    • vulnerabilities
    • configuration defects
    • embedded malware
    • embedded clear text secrets
    • use of untrusted secrets
  • Orchestrator
    • unbounded administrative access
    • unauthorized access
    • poorly separated inter-container network traffic
    • mixing of workload sensitivity levels
    • orchestrator node trust
  • Registry
    • insecure connections to registries
    • stale images in registries
    • insufficient authentication and authorization restrictions
  • Container
    • vulnerabilities within the runtime software
    • unbounded network access from containers
    • insecure container runtime configurations
    • app vulnerabilities
    • rogue containers
  • Host OS Component
    • large attack surface
    • shared kernel
    • improper user access rights
    • host file system tampering
  • Hardware

How do you protect yourself? Recommended mitigations include bringing security into the DevOps process through continuous posture assessment for misconfigurations, checks for integrity of images, and controlling administrative privileges. Use the Mitre ATT&CK Matrix for Containers to identify gaps in your cloud security architecture.

The post Cloud API Services, Apps and Containers Will Be Targeted in 2022 appeared first on McAfee Blogs.

]]>
7 Common Digital Behaviors that Put Your Family’s Privacy at Risk https://www.mcafee.com/blogs/family-safety/7-common-digital-behaviors-that-put-your-familys-privacy-at-risk/ Fri, 12 Nov 2021 14:56:56 +0000 https://www.mcafee.com/blogs/?p=131245

It would be impossible nowadays to separate our everyday lives from technology. We travel well-worn, comfortable paths online and engage...

The post 7 Common Digital Behaviors that Put Your Family’s Privacy at Risk appeared first on McAfee Blogs.

]]>

It would be impossible nowadays to separate our everyday lives from technology. We travel well-worn, comfortable paths online and engage in digital activities that work for us. But could those seemingly harmless habits be putting out the welcome to cyber criminals out to steal our data? 

It’s a given that our “digital-first mindset”  comes with inherent risks. With the work and learn from home shift looking more permanent and cybercrime on the rise, it’s imperative to adopt new mindsets and put new skills in motion. The first step with any change? Admitting your family may have a few bad habits to fix. Here are just a few to consider.  

7 Risky Digital Behaviors  

1. You share toooo much online. Too Much Information, yes, TMI. Oversharing personal information online is easy access for bad actors online. Those out to do harm online have made it their life’s work to piece together your personal details so they can steal your identity—or worse. Safe Family Tips: Encourage your family not to post private information such as their full name, family member names, city, address, school name, extracurricular activities, and pet names. Also, get in the habit of a) setting social media profiles to private, b) regularly scrubbing personal information on social profiles—this includes profile info, comments, and even captions that reveal too much c) regularly editing your friends lists to people you know and trust.  

2. You’ve gotten lazy about passwords. It’s tough to keep up with everything these days. We get it. However, passwords are essential. They protect your digital life—much like locks on doors protect your physical life. Safe Family Tips: Layer up your protection. Use multi-factor authentication to safeguard user authenticity and add a layer of security to protect personal data and all family devices. Consider adding comprehensive software that includes a password manager as well as virus and malware protection. This level of protection can add both power and peace of mind to your family’s online security strategy.   

3. You casually use public Wi-Fi. It’s easy to do. If you are working away from home or on a family trip, you may need to purchase something, meet a deadline, or send sensitive documents quickly. Public Wi-Fi is easy and fast, but it’s also loaded with security gaps that cybercriminals camp out on. Safe Family Tip: If you must conduct transactions on a public Wi-Fi connection, consider McAfee Total Protection. It includes antivirus and safe browsing software, plus a secure VPN.  

4. You have too many unvetted apps. We love apps, but can we trust them? Unfortunately, when it comes to security and privacy, apps are notoriously risky and getting tougher to trust as app technology evolves. So, what can you do? Safe Family Tips: A few things you can do include a) Double-checking app permissions. Before granting access to an app, ask yourself: Does this app need what it’s asking me to share? Apps should not ask for access to your data, b) researching the app and checking its security level and if there have been breaches, c) reading user reviews, d) routinely deleting dormant and unused apps from your phone. This is important to do on your phone and your laptop, e) monitor your credit report for questionable activity that may be connected to a malicious app or any number of online scams.  

5. You’ve gotten too comfortable online. If you think that a data breach, financial theft, or catfish scam can’t happen to you or your family, it’s a sign you may be too comfortable online. Growing strong digital habits is an ongoing discipline. If you started strong but have loosened your focus, it’s easy to get back to it. Safe Family Tips: Some of the most vulnerable areas to your privacy can be your kids’ social media. They may be oversharing, downloading malicious apps, and engaging with questionable people online that could pose a risk to your family. Consider regularly monitoring your child’s online activity (without hovering or spying). Physically pick up their devices to vet new apps and check they’ve maintained all privacy settings.  

6. You lack a unified family security strategy. Consider it: If each family member owns three devices, your family has countless security gaps. Closing those gaps requires a unified plan. Safe Family Tips: a) Sit down and talk about baseline security practices every family member should follow, b) inventory your technology, including IoT devices, smartphones, game systems, tablets, and toys, c) make “keeping the bad guys out” fun for kids and a challenge for teens. Sit and change passwords together, review privacy settings, reduce friend lists. Come up with a reward system that tallies and recognizes each positive security step. 

7. You ignore updates. Those updates you’re putting off? They may be annoying, but most of them are security-related, so it’s wise to install them as they come out. Safe Family Tip: Many people make it a habit to change their passwords every time they install a new update. We couldn’t agree more.  

Technology continues to evolve and open extraordinary opportunities to families every day. However, it’s also opening equally extraordinary opportunities for bad actors banking on consumers’ casual security habits. Let’s stop them in their tracks. If you nodded to any of the above habits, you aren’t alone. Today is a new day, and putting better digital habits in motion begins right here, right now.  

The post 7 Common Digital Behaviors that Put Your Family’s Privacy at Risk appeared first on McAfee Blogs.

]]>
How to Live a Digital Life Free of Spyware https://www.mcafee.com/blogs/consumer-cyber-awareness/how-to-live-a-digital-life-free-of-spyware/ Thu, 11 Nov 2021 16:46:52 +0000 https://www.mcafee.com/blogs/?p=131224

Spyware is tricky. Some types notify users that they’re monitoring activity. Others function in stealth mode and use the information they collect for nefarious...

The post How to Live a Digital Life Free of Spyware appeared first on McAfee Blogs.

]]>

Spyware is tricky. Some types notify users that they’re monitoring activity. Others function in stealth mode and use the information they collect for nefarious purposes. Spyware is a type of software that collects data about online users and reports it to a company or an individual. What just about everyone can agree on is that anonymous browsing is looking more and more appealing and is likely the way of the future.  

Here’s more about the types of spyware, which types are legal, and how you can scrub your device and live more confidently online. 

Types of Spyware 

Here are a few types of spyware and facts about each: 

 Keyloggers 

Is it legal? Definitely not! 

What is its purpose? Criminal 

Keyloggers are the most intrusive of the spyware variations. It does exactly as its name suggests: It takes note of keyboard strokes, logs them, and reports to the owner of the nefarious software. Once the cybercriminal has digitally looked over your shoulder at your online activity, they make note of your passwords, walk into your online accounts, and pilfer your private personal information. They could use this information to gain entry to your online bank accounts or steal your identity. 

Keyloggers are downloaded onto devices (cellphones, tablets, laptops, or desktop computers) without the user’s knowledge. Cybercriminals can hide them within email attachments or in malicious web pages. So, the best way to steer clear of keyloggers is to never download attachments you’re unsure about and don’t visit sites that seem unprofessional. One rule of thumb is to mostly stick to URLs that begin with https and include a lock icon. These sites are almost always secure. 

To determine if your device is infected with a keylogger, check your system’s performance. Is your device running slowly? See if there are any spikes in activity or unknown programs running in the background. This could indicate that your device is hosting a malicious program. 

Adware 

Is it legal? Sometimes 

What is its purpose? Advertising and criminal 

Adware is categorized as a type of spyware. It tracks users’ online activity and spits out targeted pop-up advertisements. If you have the pop-up blocker enabled on your browser, you’ll likely be spared from the annoyance. Additionally, pop-ups can slow your device, so that’s another reason to turn on the pop-up blocking feature. Legitimate adware often asks users to opt into targeted ads. 

Adware turns malicious (and illegal) when it contains malware. Sometimes cyber criminals hide malware within pop-ups. It’s easy to accidentally hit a link within a pop-up when you’re aiming quickly for the X to close it. 

It’s easy to spot a device with an adware infestation. First, the number of pop-ups will be out of control. Also, the device will crash often, run very slowly, and have a short battery life. An antivirus program will likely be able to identify and remove the culprit. You can also check out your system monitor and end tasks that are draining your device’s power. 

Cookies 

Is it legal? Yes 

What is its purpose? Advertising 

Cookies are delicious, especially to advertisers who use them to better target ads and make profits selling collected user data to third-party companies. Cookies are sometimes categorized as spyware, because they log the websites you visit and report them. You may notice the banners on websites that ask you to accept cookies. 

Many users today are uneasy with sharing their online activity with strangers and advertisers. Sometimes the ads that pop up on your social media feed or in sidebars seem a little too targeted and it feels like someone is listening in to your conversations and attempting to make a profit from them. 

How to Browse Free of Spyware 

To scrub cybercriminals from your devices and confuse advertisers, consider the following steps you can easily add to your daily routine: 

  1. Clear your cache periodically. This is a quick way to delete all the cookies from your device. It also helps if your device is running slowly. Clearing your cache deletes your browsing history, meaning that you won’t be able to type in your usual shortcuts to your most-visited sites and the browser won’t automatically auto-fill the rest of the URL or remember your passwords. Consider making bookmarks of your favorite sites for quick access and entrust your passwords to a password manager that will remember them for you. 
  2. Know how to spot phishing attempts. Cybercriminals often hide their spyware within phishing texts and emails, so it’s key to know how to spot them. Phishers trick users into acting quickly, either through scare tactics or fake exciting news, to download attachments or give up personal information. Luckily, phishing attempts usually aren’t too difficult to identify and delete immediately. Did you enter a contest lately? No? Then why would someone get in touch saying you’re a winner? Also, phishing messages are often full of typos and poor grammar. Before you click any links in an email, hover your cursor over it to see where the URL will take you. If it has typos, is filled with a long string of letters or numbers, or doesn’t match the site the message says it’ll redirect you to, delete it. 
  3. Browse in incognito mode. Browser sallow users to toggle incognito mode to use the internet anonymously. Once users exit incognito mode, all of their browsing history and the cookies collected during the session are deleted. Incognito mode, though effective against cookies, does not combat keyloggers or aggressive adware.  
  4. Use a VPN. A virtual private network (VPN) is even more secure than incognito mode. It completely scrambles your online data, making it impossible for a spy to hack into your device if you’re connected to a public wi-fi network. A VPN doesn’t stop cookies, but the geographic information they report may be incorrect. 
  5. Sign up for antivirus software. A comprehensive online protection software suite that includes antivirus software, such as McAfee Total Protection, can boost your confidence in your online safety. It can scan your phone, tablet, or computer for viruses or malware and automatically logs you into a VPN for secure browsing. 

The post How to Live a Digital Life Free of Spyware appeared first on McAfee Blogs.

]]>
Veterans Day & Remembrance Day 2021 https://www.mcafee.com/blogs/enterprise/veterans-day-remembrance-day-2021/ Thu, 11 Nov 2021 14:00:11 +0000 https://www.mcafee.com/blogs/?p=131125

November 11 marks Veterans Day in the United States and Remembrance Day across Europe and beyond. Wherever you may be...

The post Veterans Day & Remembrance Day 2021 appeared first on McAfee Blogs.

]]>

November 11 marks Veterans Day in the United States and Remembrance Day across Europe and beyond. Wherever you may be on this 11th day of the 11th month, on the 11th hour, please be thankful to all our Veterans for their service and sacrifice. We would like to take a moment to reflect and honor some of our McAfee Enterprise employees who served.

When were you drafted or when did you enlist/join? What branch of the military did you serve and in what rank?

Shannon Clancy joined October 5, 2003 and was a Major in the United States Marine Corps

Kevin Benton enlisted ten days after high school (mid 1980’s) and was in the US Army as an E4/Specialist

Kevin Suares enlisted in the US Air Force on November 1, 1994, after four year’s he was a Senior Airman (E-4)

Why did you join and why did you pick the service branch you selected?

Clancy: I had always had a niggling in the back of my mind that I wanted to be a Marine (My father served as a Marine in Vietnam), and then September 11, 2001 happened and it solidified my choice. I wanted to be the best, and everyone knows Marines are the best.

Benton: The world was bigger than my little hometown and I wanted to travel the world. Plus, I was clearly the smartest person in my house at 18 years old, so I showed my parents how smart I was.

Suares: I needed money for college and needed some direction in life. Initially I considered the Navy, as I am a former Sea Scout. I spoke to a Navy recruiter and was ready to sign up. He sent me across the hall to “get a different perspective” from the Air Force recruiter (which I was also considering) and after a 20-minute conversation where we talked about options in the Air Force, Air Force training, how the Air Force encourages higher education and AF ethos, I changed my mind. Biggest regret of that Navy recruiter’s career! The next week I scored 97 out of 99 in the Armed Services Vocational Aptitude Battery (ASVAB) making me eligible for almost any job.

What do you remember about your first day in service? What do you remember about your last day in service?

Clancy: I remember my first day being total chaos. Not knowing the (now) simplest things like how to wear your cover (hat), blouse your trousers, align your belt, etc. Things that seem small and silly but were in fact critical lessons in attention to detail that have carried with me throughout service and life.

Benton: On the first day, I was tired and nervous about not having any idea of what was happening or what to do. The last day was filled with wildly mixed emotions! I made some great friends from all walks of life, and I was ready to get on with my life by attending college on the GI Bill, but I hadn’t yet lived on my own. I recall driving off the base and wondering if I should drive north or south on the Pacific Coast Highway; ultimately, I drove North and have never regretted the decision.

Suares: I remember on my first full day being woken up at 4:30 AM after going to bed around 1:30 AM, in a new environment to a metal trash can being hit repeatedly with a baton and words I can’t repeat here. On my last day, my supervisor still made me work the whole day, ending in a small ceremony where I was presented with a few token gifts (which I still have.) I wrote my flight a quick email saying goodbye then left for home. Not going to lie – I had tears in my eyes as I left the building.

What would you describe as your most memorable experience? What is something you miss about your days of service?

Clancy: My most memorable experience was my deployment to Iraq. There was a pause in operations on Thanksgiving and I got to play soccer with some of the Marines. It was a very “normal” thing in a place where there wasn’t much normal. I don’t miss much (because there is a lot of nonsense that also goes on), but what I do miss is the camaraderie and sense of belonging. You don’t question who you are or what your purpose is while you serve.

Benton: Being in the infantry, I recall experiencing some of the toughest, most physically demanding moments in my life, then experiencing shear exhaustion when reaching the end of a march or landing in a hot zone, only to have a few laughs with the guys to your left and right, toggling thru each other’s life stories.  No one cared where you were from or the color of our skin or whether you had any money. I’ll never forget the laughs and storytelling as we were all experiencing the same things at the same time. Come to find out, we were forming bonds for life.

Suares: My most pleasant memory wastaking my grandfather out to dinner in uniform for his 70th birthday. He was so proud that he was speechless for once. If you knew him, that was a really big deal. But my saddest memory was hearing the rifle salute at a friend’s funeral. Each volley cut me to the bone.

How do you honor Veterans/Remembrance Day for yourself, with family or friends?

Clancy: I usually call my dad. Veterans day buddies right up to the Marine Corps Birthday, so there is no shortage of celebrations or drinks to be shared among Marines. This year has been extremely difficult on veterans; so, I think I’ll text a few friends I haven’t heard from in a while. I encourage everyone to reach out to one you know, just to check in and say hi. It goes a lot further than you might think.

Benton: Our little town holds a ceremony at our local cemetery. I’ve attended with my family for years, afterwards nearly always telling my kids stories of my service to my country and the pride I feel when seeing our flag and all that it stands for. ​​​​​​​

Suares: Usually with service to others. Occasionally I may go out to dinner with family, but most times I used to be involved in giving talks to youth groups, schools, etc. or donating time to other Veterans causes. I proudly served my country – and would do it again if asked – but I feel that I am not owed anything. The day should be about recognizing the living service member (past or present) and honoring us all.

The post Veterans Day & Remembrance Day 2021 appeared first on McAfee Blogs.

]]>
The Newest Malicious Actor: “Squirrelwaffle” Malicious Doc. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-newest-malicious-actor-squirrelwaffle-malicious-doc/ Wed, 10 Nov 2021 18:13:25 +0000 https://www.mcafee.com/blogs/?p=131137

Authored By Kiran Raj Due to their widespread use, Office Documents are commonly used by Malicious actors as a way...

The post The Newest Malicious Actor: “Squirrelwaffle” Malicious Doc. appeared first on McAfee Blogs.

]]>

Authored By Kiran Raj

Due to their widespread use, Office Documents are commonly used by Malicious actors as a way to distribute their malware. McAfee Labs have observed a new threat “Squirrelwaffle” which is one such emerging malware that was observed using office documents in mid-September that infects systems with CobaltStrike.

In this Blog, we will have a quick look at the SquirrelWaffle malicious doc and understand the Initial infection vector.

Geolocation based stats of Squirrelwaffle malicious doc observed by McAfee from September 2021

 

Figure1- Geo based stats of SquirrelWaffle Malicious Doc
Figure1- Geo-based stats of SquirrelWaffle Malicious Doc

 

Infection Chain

  1. The initial attack vector is a phishing email with a malicious link hosting malicious docs
  2. On clicking the URL, a ZIP archived malicious doc is downloaded
  3. The malicious doc is weaponized with AutoOpen VBA function. Upon opening the malicious doc, it drops a VBS file containing obfuscated powershell
  4. The dropped VBS script is invoked via exe to download malicious DLLs
  5. Thedownloaded DLLs are executed via exe with an argument of export function “ldr
Figure-2: Infection Chain
Figure-2: Infection Chain

Malicious Doc Analysis

Here is how the face of the document looks when we open the document (figure 3). Normally, the macros are disabled to run by default by Microsoft Office. The malware authors are aware of this and hence present a lure image to trick the victims guiding them into enabling the macros.

Figure-3: Image of Word Document Face
Figure-3: Image of Word Document Face

UserForms and VBA

The VBA Userform Label components present in the Word document (Figure-4) is used to store all the content required for the VBS file. In Figure-3, we can see the userform’s Labelbox “t2” has VBS code in its caption.

Sub routine “eFile()” retrieves the LabelBox captions and writes it to a C:\Programdata\Pin.vbs and executes it using cscript.exe

Cmd line: cmd /c cscript.exe C:\Programdata\Pin.vbs

Figure-4: Image of Userforms and VBA
Figure-4: Image of Userforms and VBA

VBS Script Analysis

The dropped VBS Script is obfuscated (Figure-5) and contains 5 URLs that host payloads. The script runs in a loop to download payloads using powershell and writes to C:\Programdata location in the format /www-[1-5].dll/. Once the payloads are downloaded, it is executed using rundll32.exe with export function name as parameter “ldr

Figure-5: Obfuscated VBS script
Figure-5: Obfuscated VBS script

De-obfuscated VBS script

VBS script after de-obfuscating (Figure-6)

Figure-6: De-obfuscated VBS script
Figure-6: De-obfuscated VBS script

MITRE ATT&CK

Different techniques & tactics are used by the malware and we mapped these with the MITRE ATT&CK platform.

  • Command and Scripting Interpreter (T-1059)

Malicious doc VBA drops and invokes VBS script.

CMD: cscript.exe C:\ProgramData\pin.vbs

 

  • Signed Binary Proxy Execution (T1218)

Rundll32.exe is used to execute the dropped payload

CMD: rundll32.exe C:\ProgramData\www1.dll,ldr

IOC

Type Value Scanner Detection Name
Main Word Document 195eba46828b9dfde47ffecdf61d9672db1a8bf13cd9ff03b71074db458b6cdf ENS,

WSS

 

W97M/Downloader.dsl

 

Downloaded DLL

 

85d0b72fe822fd6c22827b4da1917d2c1f2d9faa838e003e78e533384ea80939 ENS,

WSS

RDN/Squirrelwaffle
URLs to download DLL ·       priyacareers.com

·       bussiness-z.ml

·       cablingpoint.com

·       bonus.corporatebusinessmachines.co.in

·       perfectdemos.com

WebAdvisor Blocked

 

 

The post The Newest Malicious Actor: “Squirrelwaffle” Malicious Doc. appeared first on McAfee Blogs.

]]>
Legendary Entertainment Relies on MVISION CNAPP Across Its Multicloud Environment https://www.mcafee.com/blogs/enterprise/cloud-security/legendary-entertainment-relies-on-mvision-cnapp-across-its-multicloud-environment/ Wed, 10 Nov 2021 16:14:56 +0000 https://www.mcafee.com/blogs/?p=131113

Becoming a cloud first company is an exciting and rewarding journey, but it’s also fraught with difficulties when it comes...

The post Legendary Entertainment Relies on MVISION CNAPP Across Its Multicloud Environment appeared first on McAfee Blogs.

]]>

Becoming a cloud first company is an exciting and rewarding journey, but it’s also fraught with difficulties when it comes to securing an entire cloud estate. Many forwarding-thinking companies that have made massive investments in migrating their infrastructure to the cloud are facing challenges with respect to their cloud-native applications. These range from inconsistent security across cloud properties to lack of visibility into the public cloud infrastructure where cloud-native applications are hosted—and more. All of these issues can create vulnerabilities in a sprawling attack surface that can be potentially exploited by cybercriminals.

Legendary Entertainment is a global media company with multiple divisions including film, television, digital studios, and comics. Under the guidance of Dan Meacham, VP of Global Security and Corporate Operations and CSO/CISO, the multi-billion dollar organization transitioned from on-premises data centers to the cloud in 2012.

Meacham points out that it’s been a source of great pride for his security and IT teams to always be “on top of the latest and greatest” technology trends—and migration to the cloud is no exception. That’s why his interest was sparked when he learned about the rollout of the MVISION security product line early in the migration process. Its cloud-native, open architecture was exactly the right fit for Legendary Entertainment’s environment.

The challenges of securing a multi-cloud environment

As a cloud-first organization, Legendary Entertainment encountered challenges that are common to many companies that have migrated their workloads, applications, and data assets to the cloud. At first, the organization attempted to rely on security services natively provided by the individual cloud service providers: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Wasabi for cloud storage. As Meacham notes, “The security from one vendor doesn’t trickle over to the others. They all have different security controls, so our cloud security was not uniform, and security management was complicated.”

Lack of visibility

In their disparate multicloud environment spanning several cloud service providers, it became time-consuming and difficult to monitor and assess the security posture of applications and workloads, such as which systems needed patching or contained critical vulnerabilities.

Inconsistent security policies

With multiple management consoles required for its many cloud environments, applying and enforcing uniform security policy across their cloud estate was nearly impossible without investing a lot of time, effort, and resources.

Risky Shadow IT

Another problem in Legendary Entertainment’s early adoption of cloud-first was shadow IT, where employees or contractors enrolled in cloud collaboration platforms that were not authorized by IT. Although the shadow IT platforms were not connected to core systems, they made it more difficult to tightly monitor data which sometimes caused cloud-enabled applications to violate security policies. It is understandable that teams with a cloud-first mindset would embrace innovation and new collaborative experiences to accomplish goals faster. However, some of the shadow IT application has weak or no security controls – resulting the opportunities for external collaborator accounts to be compromised or have mis-managed privileges.

Unacceptable levels of risk

With high-profile data breaches in the entertainment industry in recent headlines, Legendary Entertainment was concerned about its level of risk and exposure, especially since it has valuable intellectual property such as scripts and marketing strategy plans for film releases among its holdings. The requirement for stronger security has been a boardroom-level conversation at digital media companies since the Sony Pictures hack and other vendor supply chain and workflow hacks. Attacks now extend beyond data leaks and can have far reaching business disruptions across an entire supply chain.

How MVISION CNAPP creates a consistent, compliant cloud security posture

By deploying  MVISION™ Cloud Native Application Protection Platform (MVISION CNAPP), Legendary Entertainment addressed all of these challenges at once. This unique solution prioritizes alerts and defends against the latest cloud threats and vulnerabilities. MVISION CNAPP combines granular application and data context with cloud security posture management and cloud workload protection in a single-console solution.

Unparalleled visibility

MVISION CNAPP provides Legendary Entertainment with broad and deep visibility across its entire infrastructure. It discovers all their cloud assets, including compute resources, containers, and storage and provides continuous visibility into vulnerabilities and security posture for applications and workloads running across multiple clouds.

Thanks to MVISION CNAPP, Meacham’s team can write, apply, and enforce security policies in a consistent fashion for the entire cloud estate. As Meacham points out, policy is continually checked so his team can correct any misconfigurations, disable services, or remove escalated privileges until corrections are made in alignment with internal compliance rules. And in many cases, the remediation can be automated internally in MVISION CNAPP or through workflow initiations.

“MVISION CNAPP gives me manageability and security uniformity for all our cloud platforms so that I can elevate the level of security and make it consistent across the board. Now that I have visibility into all our cloud assets from a high level, I can look at how current controls and configurations compare to our best practices, industry best practices, and to the best practices of peers who are using the same product. Without MVISION CNAPP, management is one to one, whereas with MVISION CNAPP, it’s one to many,” explains Meacham.

The Cloud Security Posture Management (CSPM) component of MVISION CNAPP provides Legendary Entertainment with on-demand scanning, which looks at all services used in the public cloud and checks their security settings against internal benchmarks. “This gives us a security posture score and provides feedback on what we can do to bring ourselves back into compliance,” observes Meacham. “If someone changes a configuration, we get an alert right away. And if it’s not in alignment with policy, we can roll it back to the previous settings. MVISION CNAPP also helps us remediate policy exceptions by clearly stating the risks, instances impacted, and the necessary step by step actions needed for resolution.”

Banishing Shadow IT

MVISION CNAPP also ensures that Legendary Entertainment’s developers operate in a secure environment by alerting the security team when their actions violate security policies or increase the risk of a data breach. This effectively puts a halt to Shadow IT.

“MVISION CNAPP helps me keep my system administrators and developers accountable for what they are doing. We can make sure that they are consistent in how they execute, deploy, and build things. Configuration policies, on-demand scans, and different types of checks in MVISION CNAPP can help force that compliance. I am able to keep tabs on my developers to make sure they are operating according to these guidelines in any platform,” remarks Meacham.

Risk reduction through contextual entitlements

MVISION CNAPP reduces risk associated with operating in the cloud, enabling Legendary Entertainment to run mission-critical applications and develop blockbuster movies such as “The Dark Knight Rises” and “Dune” securely across a heterogenous multicloud environment. The solution also enables contextual entitlements so that users can be identified and assigned selective access to and permissions for applications and resources based on the security profile of the devices they are using at any given time.

Data protection with user and entity behavior analytics (UEBA)

Legendary Entertainment leverages MVISION CNAPP’s data loss prevention (DLP) capabilities to monitor activity in cloud data stores in order to help prevent data breaches. Unusual or suspicious activity or unauthorized movement of data transit is tracked and flagged immediately by leveraging built-in UEBA capabilities.

“If I see 2,000 files change in 30 seconds, that’s a huge red flag indicating ransomware or some other type of attack. The solution’s monitoring tool detects suspicious behavior and immediately brings that to our awareness. If we see something like that happening on multiple platforms, we know that immediate action is required. The UEBA capability is invaluable for identifying external collaborators who may have compromised accounts, which we find on a regular basis.”

Learn more

If you are looking for a simple-to-manage, high-visibility solution to secure your multicloud environment against the latest threats and vulnerabilities such as ChaosDB, take a look at MVISION CNAPP. For more information, visit: https://www.mcafee.com/enterprise/en-us/solutions/mvision-cnapp.html.

 

The post Legendary Entertainment Relies on MVISION CNAPP Across Its Multicloud Environment appeared first on McAfee Blogs.

]]>
Protecting Yourself in the Wake of the Robinhood Data Breach https://www.mcafee.com/blogs/cyberthreat-news/protecting-yourself-in-the-wake-of-the-robinhood-data-breach/ Tue, 09 Nov 2021 23:32:54 +0000 https://www.mcafee.com/blogs/?p=131095

The Robinhood trading platform recently disclosed a data breach that exposed the information of millions of its customers. News of the attack was released on Monday, November 8th along with word the...

The post Protecting Yourself in the Wake of the Robinhood Data Breach appeared first on McAfee Blogs.

]]>

The Robinhood trading platform recently disclosed a data breach that exposed the information of millions of its customers. News of the attack was released on Monday, November 8th along with word the hackers behind it had demanded an extortion payment from the company. 

According to Robinhood’s disclosure, the attack occurred on November 3rd, which allowed an unauthorized party to obtain the following: 

  • Email addresses for some 5 million people. 
  • Full names for another group of 2 million people. 

In addition, smaller groups of Robinhood customers had yet more information compromised. Around 310 people had their names, birth dates, and zip codes exposed in the breach. Another 10 customers had “more extensive account details revealed,” per Robinhood’s disclosure.  

Robinhood went on to say, “We believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.” 

Robinhood further stated that the company contained the intrusion and that it promptly informed law enforcement of the extortion demand. Robinhood says that it is continuing to investigate the incident with the assistance of a security firm. 

The company advised its customers to visit the Robinhood help center to receive the latest messages from the company, noting that they will never include a link to access an account in a security alert. 

Any data breach that you and your information may have been involved in calls for a few quick security steps: 

1. Log into your account and update your password with a new one that is strong and unique. Likewise, if you use the same or similar passwords across several accounts, change those as well. (A password manager that’s included with comprehensive online protection software can do that work for you.) Set up two-factor authentication if your account allows for it, as this will provide an extra layer of protection as well. 

2. Review your statements for any strange activity—even the smallest of withdrawals or transactions could be the sign of a larger issue. 

3. Report any suspected fraud to the company or institution involved. They typically have set policies and procedures in place to provide support. 

If you believe that you’ve become a victim of identity theft, file a report with local law enforcement and the Federal Trade Commission (FTC). Law enforcement can provide you with a case number that you may need as part of the recovery process. Likewise, the FTC’s identity theft website provides excellent resources, including a recovery plan and a step-by-step walkthrough if you create an account with them. 

For even more information, visit our blog that points out the signs of identity theft and the steps you can take should you find yourself victim 

After the breach, keep a sharp eye out 

Given that the breach apparently exposed some 5 million email addresses, there’s the risk that these may end up in the hands of bad actors who may use them for follow-on attacks.  

Notable among them would be phishing attacks, where hackers could target Robinhood users with phony messages in an attempt to get affected users to reveal further account information. For example, hackers could potentially create bogus emails that appear to come from Robinhood and direct users to a malicious site that requests account information. As Robinhood stated, the company will never include a link to access an account in a security alert. Users should visit the Robinhood site directly for account information. 

This breach could lead to other phishing attacks as well, ones that may or may not pose as communication from Robinhood. Some of these phishing attacks can be rather easy to spot, as they may include typos, poorly rendered logos, or spoofed web addresses. However, some sophisticated hackers can roll out rather polished phishing attacks that can closely resemble legitimate communications.  

In all, people can avoid falling victim to phishing attacks by keeping the following in mind: 

1. Only access your accounts directly from the official website of the company or financial institution involved. If you receive an email, message, or text alerting you of an issue, do not click any links provided in the communication. Go straight to the site yourself by typing in the proper address and view your account information there. Likewise, calling the customer support line posted on their official site is an option as well. 

2. Use comprehensive online protection software that includes a spam filter. This can prevent phishing emails from reaching your inbox in the first place. 

3. Get to know the signs of phishing emails. A common sign of a scam is an email, ad, message, or site that simply doesn’t look or read right. (Maybe the grammar is awkward or the logo is grainy or has the colors slightly wrong.) However, some of them can look quite convincing, yet there are still ways to spot an attempted phishing attack. 

4. Beware of email attachments you aren’t expecting. This is always good form because hackers love to spike attachments with malware that’s designed to steal your personal information. Whether you get an unexpected attachment from a friend or business, follow up before opening it. That’s a quick way to find out if the attachment is legitimate or not. 

For more info on phishing and how to steer clear of it, check out our blog on how to spot phishing attacks. 

Protect your identity for the long haul 

The unfortunate fact is that data breaches can and do happen. Many of the larger data breaches make the headlines, yet many more do not—such as the ones that hit small businesses, restaurants, and medical care providers. In the hands of hackers, the information spilled by these breaches can provide them with the building blocks to commit identity theft. As a result, keeping on top of your identity and personal information is a must. 

The good news is that you have solid options to prevent them from harming you or at least greatly lessen their potential impact. With identity theft protection, even in the short-term, you can monitor emails addresses and usernames that are being used to breach other accounts. You can monitor dozens of different types of personal information and receive alerts to keep an eye out for misuse. Likewise, it can monitor your email addresses and bank accounts for signs of misuse or fraud, plus provide theft protection and support from a recovery specialist if identity theft, unfortunately, happens to you. 

Along those same lines, news of a data breach offers all of us a moment to pause and take stock of just how protected we are. Above and beyond the steps covered above, comprehensive online protection can protect your devices from malware, phishing attacks, malicious websites, and other threats. More importantly, it protects you—your identity and privacy, particularly in times where breaches such as the one we’re talking about here occur with seeming regularity.  

The post Protecting Yourself in the Wake of the Robinhood Data Breach appeared first on McAfee Blogs.

]]>
Windows RDP Client Porting Critical Vulnerabilities to Hyper-V Manager https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/windows-rdp-client-porting-critical-vulnerabilities-to-hyper-v-manager/ Tue, 09 Nov 2021 18:02:35 +0000 https://www.mcafee.com/blogs/?p=131050

This month brings us yet another critical RCE (Remote Code Execution) bug found in the RDP (Remote Desktop Protocol) Client...

The post Windows RDP Client Porting Critical Vulnerabilities to Hyper-V Manager appeared first on McAfee Blogs.

]]>

This month brings us yet another critical RCE (Remote Code Execution) bug found in the RDP (Remote Desktop Protocol) Client which has also been ported to the Hyper-V Manager “Enhanced Session Mode” feature. User interaction is a prerequisite since the vulnerability lies within the RDP client, requiring a victim to connect to a malicious RDP server.

Vulnerability Analysis: CVE-2021-38666

This RCE bug is very closely related to CVE-2021-34535 and to CVE-2020-1374 , where there is a heap-based buffer overflow in mstscax.dll due to an attacker-controlled payload size field. The vulnerability can be triggered via the RDP Smart Card Virtual Channel Extension feature [MS-RDPESC], by leveraging the existing local RDPDR static virtual channel setup between the client and server. The RDP Smart Card Virtual Channel Extension feature [MS-RDPESC] functionality was leveraged in the “EsteemAudit” Exploit released by the “Shadow Brokers,” but that vulnerability targeted the RDP server and not the client. The functionality being exploited here is the ability to share a smart card reader between the client and server. The destination buffer intended for the IOCTL (I/O control) call to locate each host smart card reader is a fixed size, but the user-controlled size field can be altered to cause the client to perform an OOB (Out of Bounds) write. Seeing how simple it is to trigger this vulnerability, our team decided to mutate the test case to verify whether any other IOCTLs within the [MS-RDPESC] specification are vulnerable. Enumerating through the 60 other IOCTL calls tied to the smart card reader, we were able to find two additional unique crashes. All vulnerabilities discovered have been patched in the latest version of the mstscax.dll, which shows that the fix for this bug has mitigated other potentially vulnerable functions. The patched mstscax.dll now simply verifies that the bytes received over the wire do not exceed the user-supplied size field; it does this at the IOCTL dispatch table level before any IOCTL functions are called, so the single validation is applied to all IOCTLs.

This vulnerability has a CVSS (Common Vulnerability Scoring Standard) score of 8.8, dropped down from 9.8 because it requires user interaction in that a victim RDP client must connect to a malicious server.

Attack Scenario

This bug has the same attack scenario as that of CVE-2021-34535, which we also analyzed in depth:

  1. It is a client-side vulnerability so not wormable
  2. Requires a user to connect to a malicious RDP server
  3. It impacts both the traditional RDP client over the network and the local Hyper-V Manager “Enhanced Session Mode” since they both use the vulnerable mstscax.dll
  4. The vulnerability could be used for a guest-to-host escape on Hyper-V Windows 10

Looking Forward

We have seen a regular cadence of critical RDP vulnerabilities since BlueKeep (CVE-2019-0708), but what distinguishes the two vulnerabilities CVE-2021-38666 and CVE-2021-34535 is that they impact Hyper-V Manager “Enhanced Session Mode” and can thus be leveraged for guest-to-host escapes. While we do not rate these vulnerabilities as critical in the same manner as past RDP server-side RCE vulnerabilities, we are now clearly starting to see a trend of vulnerabilities emerging which impact Hyper-V Manager due to the porting of RDP. We recommend patching as a top priority as threat actors will potentially look to weaponize this common protocol for guest-to-host escapes on Windows 10 Hyper-V.

Microsoft has published a Knowledge Base article for this issue here with information regarding patching this vulnerability. As always, we recommend patching as a first course of action and we will continue to monitor this vulnerability for any exploitation in the wild.

For RDP security best practices please see: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rdp-security-explained/

The post Windows RDP Client Porting Critical Vulnerabilities to Hyper-V Manager appeared first on McAfee Blogs.

]]>
‘Tis The Season for Holiday Cyber Threats Targeting Enterprises in a Pandemic World https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/tis-the-season-for-holiday-cyber-threats-targeting-enterprises-in-a-pandemic-world/ Tue, 09 Nov 2021 05:01:01 +0000 https://www.mcafee.com/blogs/?p=130960

The holiday season is upon us, and many are preparing to celebrate with family and friends both near and far....

The post ‘Tis The Season for Holiday Cyber Threats Targeting Enterprises in a Pandemic World appeared first on McAfee Blogs.

]]>

The holiday season is upon us, and many are preparing to celebrate with family and friends both near and far. While we tend to look at consumer tendencies during the holidays, the season also presents a significant challenge to industries coping with the increase in consumer demands. McAfee Enterprise and FireEye recently conducted a global survey of IT professionals to better understand their cyber readiness, especially during peak times like the holiday season, and the impact the pandemic has had on their business. Most notably, 86% of organizations are anticipating a moderate-to-substantial increase in demand during the 2021 holiday season. The question is: Are they ready for that demand?

This year, the “everything shortage” is real – from a drop in available workforce to limited supplies to lack of delivery services. This creates an urgency for organizations to have actionable security plans and to effectively contain and respond to threats. Supply chain and logistics, e-commerce and retail, and the travel industry traditionally experience holiday seasonal increases in consumer and business activity, making them more vulnerable to cyber threats and leaving business, employee, and consumer data at risk. Here’s a statistical snapshot of these affected industries and how they can prepare for the anticipated increase in seasonal risks:

Supply Chain and Logistics

According to BCI’s Supply Chain Resilience Report 2021, 27.8% of organizations reported more than 20 supply chain disruptions during 2020, up from just 4.8% reporting the same number in 2019. The loss of manufacturing and logistics capacity, and employee-power in 2021 are expected to increase demand for goods, creating the perfect attack vector for cybercriminals: a potentially weak and vulnerable infrastructure to break through. Supply chain managers must identify risks, understand the potential downstream effects of a security breach or cyberattack, and prepare response plans so they can act quickly in the event of an incident.

E-Commerce and Retail

According to Adobe’s 2021 Digital Economy Index, global online spending is expected to increase by 11% in 2021 to $910 billion during the holiday season. With store closures and increases in online shopping, along with limited product availability and concerns about shipping, this industry is faced with more threats than before. According to McAfee Enterprise COVID-19 dashboard, the global retail industry accounts for 5.2% of the total detected cyber threats. Such threats include compromised payment credentials and cloud storage, as well as other forms of retail fraud and theft.

Travel

Cyber threats aren’t new to the travel industry with airports, airlines, travel sites and ride-sharing apps having been victims in years past. However, what sets this year apart is the travel industry enduring a holding pattern caused by pandemic-related health concerns and travel restrictions. According to the International Air Transport Association (IATA), coronavirus-related loss estimates for 2020 total $137.7 billion—with total industry losses in 2020-2022 expected to reach $201 billion. As demand for holiday travel is expected to increase over the coming months, cyber criminals are watching closely for vulnerabilities as the industry battles new related challenges – labor shortages, supply chain issues, travel bans, and vaccination requirements.

What Organizations Need to Know

McAfee Enterprise and FireEye threat findings unwrap the imminently crucial need for organizations to prioritize and strengthen their cybersecurity architecture through the holidays and end of 2021. Our research indicates that 81% of global organizations experienced increased cyber threats and 79% experienced downtime in the wake of previous cyberattacks.

While IT professionals know cyber threats have intensified, the findings prove that many organizations have not effectively prioritized security during COVID-19:

  • 94% percent of IT professionals want their organization to improve its overall cyber readiness
  • 60% saw an increase in online/web activity
  • 33% have had their technology and security budgets reduced
  • 56% have suffered from downtime due to a cyber concern, costing some over $100,000 USD
  • 76% find maintaining a fully staffed security team/SOC even more challenging during peak periods

Proactively Guarding Against Emerging Holiday Threats

Organizations can be proactive in defending their networks, data, customers, and employees against the anticipated increase in holiday cybercrime by implementing security measures including, but not limited to:

  1. Adopt industry-wide cybersecurity requirements designed to protect against the latest iterations of cyber threats, especially those known to target specific industries.
  2. Provide cybersecurity awareness training for employees, especially when encountering holiday phishing emails or texts and suspicious URL campaigns designed to breach organizational databases
  3. Develop an incident response plan capable of responding and remedying a security breach in minutes rather than hours

In addition, enterprises and commercial businesses can implement cloud-delivered security with MVISION Unified Cloud Edge (UCE) and FireEye Extended Detection and Response (XDR).

 Note: The research was conducted between September- October 2021 by MSI-ACI via an online questionnaire to 1,451 IT Security Professionals from nine countries.

The post ‘Tis The Season for Holiday Cyber Threats Targeting Enterprises in a Pandemic World appeared first on McAfee Blogs.

]]>
Spot Those Black Friday and Cyber Monday Shopping Scams https://www.mcafee.com/blogs/consumer-cyber-awareness/spot-those-black-friday-and-cyber-monday-shopping-scams/ Mon, 08 Nov 2021 14:39:44 +0000 https://www.mcafee.com/blogs/?p=131008

You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are...

The post Spot Those Black Friday and Cyber Monday Shopping Scams appeared first on McAfee Blogs.

]]>

You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready. Remember, McAfee frees you to live your connected life safe from threats like viruses, malware, phishing, and more. Download award-winning antivirus that protects your data and devices today.

One aspect of cybercrime that deserves a fair share of attention is the human element. Crooks have always played on our feelings, fears, and misplaced senses of trust. It’s no different online, particularly during the holidays. We all know it can be a stressful time and that we sometimes give into the pressure of finding that hard-to-get gift that’s so hot this year. Crooks know it too, and they’ll tailor their attacks accordingly as we get wrapped up in the rush of the season. 

5 ways to spot an online shopping scam 

So while you already know how to spot a great deal, here are ways you and your family can spot online shopping scams so you can keep your finances safer this shopping season: 

1) Email attachments that pretend to be from legitimate retailers and shippers 

A common scam hackers use is introducing malware via email attachments, and during the holiday sale season, they’ll often send malware under the guise of offering emails and shipping notifications. Know that retailers and shipping companies won’t send things like offers, promo codes, and tracking numbers in attachments. They’ll clearly call those things out in the body of an email instead. 

2) Typosquat trickery 

A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them. You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and look for the deal there. 

3) Copycat deals and sites 

A related scammer trick that also uses typosquatting tactics is to set up sites that look like they could be run by a trusted retailer or brand but are not. These sits may tout a special offer, a great deal on a hot holiday item, or whatnot, yet such sites are one more way cybercriminals harvest personal and financial information. A common way for these sites to spread is by social media, email, and other messaging platforms. Again a “close to the real thing” URL is a telltale sign of a copycat, so visit retailers directly. Also, comprehensive online protection software can prevent your browser from loading suspicious sites and warn you of suspicious sites in your search results. 

4) Counterfeit shopping apps 

While the best of them can look practically professional and be tough to spot, one way to avoid counterfeit shopping apps is to go to the source. Hit the retailer’s website on your mobile browser and look for a link to the app from their website. Likewise, stick to the legitimate app stores such as Google Play and Apple’s App Store. Both have measures in place to prevent malicious apps from appearing in their stores. Some can sneak through before being detected though, so look for the publisher’s name in the description and ensure it is legitimate. On a fake app, the name may be close to the retailer you’re looking for, but not quite right. Other signs of a fake will include typos, poor grammar, and design that looks a bit off. 

5) The “too good to be true” offer 

At the heart of holiday shopping is scarcity. Special offers for a limited time, popular holiday items that are tough to find, and just the general preciousness of time during the season to get things done, like shopping. Scammers love this time of year. During the holidays, they’ll play on that scarcity and crunch you’re under in their offers and messaging. Enter the “too good to be true” offer, typically set up on phony sites like the ones mentioned above. If the pricing, availability, or delivery time all look too good to be true, it may be a scam designed to harvest your personal info and accounts. Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate. 

Great tips for shopping online any time 

Apart from spotting scams, there are several things you can do to keep yourself safer while shopping this holiday season. In fact, they can keep you safer when you shop year ‘round as well. Looking for a last minute deal? Download McAfee online protection today.

Look for the lock icon 

This is a great one to start with. Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website. 

Use a credit card instead of your debit card 

Specific to the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards, where citizens can dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using those while shopping online and use your credit card instead. 

Consider getting a virtual credit card 

Another alternative is to set up a virtual credit card, which is a proxy for your actual credit card. With each purchase you make, that proxy changes, which then makes it much more difficult for hackers to exploit. You’ll want to research virtual credit cards further, as there are some possible cons that go along with the pros, such as in the case of returns where a retailer will want to use the same proxy to reimburse a purchase. 

Use protection while you shop 

Using a complete suite of online protection software can offer layers of extra protection while you shop, such as web browser protection and a password manager. Browser protection can block malicious and suspicious links that could lead you down the road to malware or a financial scam. A password manager can create strong, unique passwords and store them securely as well, making it far more difficult for hackers to compromise your accounts. Identity theft protection takes your safety a step further by helping you secure your identity online and restore it should any of your personal info be found in the wrong hands. 

Use two-factor authentication on your accounts 

Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get. 

Use a VPN if you’re shopping on public Wi-Fi 

Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi and harvesting information like your passwords and credit card numbers. 

Keep an eye on your identity and credit reports 

With all the passwords and accounts we keep, this is important. Checking your credit will uncover any inconsistencies or outright instances of fraud. From there, you can then take steps to straighten out any errors or bad charges that you find. In the U.S., you can run a free credit report once a year with the major credit reporting agencies 

Shop happy! (Don’t give in to stress and scarcity.) 

So while you’re shopping online this year, take a deep breath before you dive in. Double-check those deals that may look almost too good to be true. Look closely at those links. And absolutely don’t click on those attachments that look like shipping notices or coupon deals. Hackers are counting on you to be in a bit of a hurry this time of year. Taking an extra moment to spot their tricks can go a long way toward keeping you and your finances safe. Remember, stay ahead of cyber criminals, get an extra layer of protection with McAfee this holiday season.

The post Spot Those Black Friday and Cyber Monday Shopping Scams appeared first on McAfee Blogs.

]]>
Who Will Bend the Knee in RaaS Game of Thrones in 2022? https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/who-will-bend-the-knee-in-raas-game-of-thrones-in-2022/ Mon, 08 Nov 2021 05:01:10 +0000 https://www.mcafee.com/blogs/?p=130954

McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into a...

The post Who Will Bend the Knee in RaaS Game of Thrones in 2022? appeared first on McAfee Blogs.

]]>

McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into a Game of Thrones power struggle among Ransomware-as-a-Service bad actors in 2022.

Prediction: Self-reliant cybercrime groups will shift the balance of power within the RaaS eco-kingdom. 

For several years, ransomware attacks have dominated the headlines as arguably the most impactful cyber threats. The Ransomware-as-a-Service (RaaS) model at the time opened the cybercrime career path to lesser skilled criminals which eventually led to more breaches and higher criminal profits.

For a long time, RaaS admins and developers were prioritized as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, created an atmosphere where those lesser-skilled affiliates could thrive and grow into very competent cybercriminals, eventually with a mind of their own.

In a response to the Colonial Pipeline attack, the popular cybercrime forums have banned ransomware actors from advertising. Now, the RaaS groups no longer have a third-party platform on which to actively recruit, show their seniority, offer escrow, have their binaries tested by moderators, or settle disputes. The lack of visibility has made it harder for RaaS groups to establish or maintain credibility and will make it harder for RaaS developers to maintain their current top tier position in the underground.

These events have undermined their trusted position. Ransomware has generated billions of dollars in recent years and it’s only a matter of time before more individuals who believe they aren’t getting their fair share become unhappy.

The first signs of this happening are already visible as described in our blog on the Groove Gang, a cyber-criminal gang that branched off from classic RaaS to specialize in computer network exploitation (CNE), exfiltrate sensitive data and, if lucrative, partner with a ransomware team to encrypt the organization’s network. McAfee Enterprise ATR believes, with high confidence, that the Groove gang is associated with the Babuk gang, either as a former affiliate or subgroup. These cybercriminals are happy to put aside previous Ransomware-as-a-Service hierarchies to focus on the ill-gotten gains to be made from controlling victim’s networks, rather than the previous approach which prioritized control of the ransomware itself.

Trust in a few things remains important even among cybercriminals underground, such as keeping your word and paying people what they deserve. Cybercriminals aren’t immune from feeling like employees whose contributions aren’t being adequately rewarded. When this happens, these bad actors cause problems within the organization. Ransomware has been generating billions of dollars in recent years and with revenue like that, it was inevitable that some individuals who believe they aren’t getting their fair share become unhappy and let the cybercrime world know it.

Recently, a former Conti affiliate was unhappy with their financial portion and decided to disclose the complete Conti attack playbook and their Cobalt Strike infrastructure online. In the past, McAfee ATR has been approached by individuals affiliated with certain RaaS groups expressing grudges with other RaaS members and admins, claiming they haven’t been paid in time or that their share wasn’t proportionate to the amount of work they put in.

In 2022, expect more self-reliant cybercrime groups to rise and shift the balance of power within the RaaS eco-climate from those who control the ransomware to those who control the victim’s networks.

Less-skilled Operators Won’t Have to Bend the Knee in RaaS Model Power Shift

The Ransomware-as-a-Service eco system has evolved with the use of affiliates, the middlemen and women that work with the developers for a share of the profits. While this structure was honed during the growth of GandCrab, we are witnessing potential chasms in what is becoming a not-so-perfect union.

Historically, the ransomware developers, held the cards, thanks to their ability to selectively determine the affiliates in their operations, even holding “job interviews” to establish technical expertise. Using CTB locker as an example, prominence was placed on affiliates generating sufficient installs via a botnet, exploit kits or stolen credentials. But affiliates recently taking on the role and displaying the ability to penetrate and compromise a complete network using a variety of malicious and non-malicious tools essentially changed the typical affiliate profile towards a highly skilled pen-tester/sysadmin.

The hierarchy of a conventional organized crime group often is described as a pyramid structure. Historically, La Cosa Nostra, drug cartels and outlaw motor gangs were organized in such a fashion. However, due to further professionalization and specialization of the logistics involved with committing crime, groups have evolved into more opportunistic network-based groups that will work together more fluidly, according to their current needs.

While criminals collaborating in the world of cybercrime isn’t new, a RaaS group’s hierarchy has been more rigid compared to other forms of cybercrime, due to the power imbalance between the group’s developers/admins and affiliates. But things are changing. RaaS admins and developers were prioritized as the top targets, but often neglected the affiliates who they perceived to be less-skilled. This, combined with the lack of disruptions in the RaaS ecosystem, created an atmosphere where those lesser-skilled affiliates could thrive and grow into very competent cybercriminals.

As more ransomware players have entered the market, we suspect that the most talented affiliates are now able to auction their services for a bigger part of the profits, and maybe demand a broader say in operations. For example, the introduction of Active Directory enumeration within DarkSide ransomware could be intended to remove the dependency on the technical expertise of affiliates. These shifts signal a potential migration back to the early days of ransomware, with less-skilled operators increasing in demand using the expertise encoded by the ransomware developers.

Will this work? Frankly, it will be challenging to replicate the technical expertise of a skilled penetration tester, and maybe – just maybe – the impact will not be as severe as recent cases.

The post Who Will Bend the Knee in RaaS Game of Thrones in 2022? appeared first on McAfee Blogs.

]]>
Telegram – What Parents Need To Know Now https://www.mcafee.com/blogs/family-safety/telegram-what-parents-need-to-know-now/ Sat, 06 Nov 2021 17:37:15 +0000 https://www.mcafee.com/blogs/?p=130987

If you hadn’t heard of Telegram till 2021 then you wouldn’t be alone. This relatively unknown messaging and social media...

The post Telegram – What Parents Need To Know Now appeared first on McAfee Blogs.

]]>

If you hadn’t heard of Telegram till 2021 then you wouldn’t be alone. This relatively unknown messaging and social media platform has risen from relative anonymity to become one of the biggest players in the ‘secret messaging’ business in less than a year. When What’s App changed its terms of usage in early 2021 and informed users that their data would be shared with their new parent Facebook, many ‘jumped ship’ in search of a less intrusive messaging option. But it was Facebook’s six-hour outage in early October that really made Telegram an enticing option. On that same day, Telegram gained a record 70 million users. 

According to Statista, Telegram is now the 10th most popular social media platform worldwide, coming in ahead of Snapchat, Pinterest, and even Twitter! So, as Telegram’s popularity continues to grow, it’s highly likely that your kids will be soon giving it a try if they haven’t already! So, how does it work? Is it safe? And, should you intervene. Here’s what you need to know… 

About Telegram 

Although many of us first heard about Telegram this year, it has in fact been around since 2013. Founded by Russian brothers Pavel and Nikolai Durov, Telegram was founded as part of their efforts to offer a forum for free speech online after their first social networking site, known as VK, was taken over by the Russian Government 

Widely considered to be a Russian ‘Mark Zuckerberg’, VK made Pavel a billionaire. Pavel claims he was pushed out for refusing to provide VK data to the Russian government and shut down anti-corruption advocates. He has since cut ties with VK and moved to Germany. Telegram was last reported to be located in Dubai. 

How Does It Work? 

All you need is the Telegram app and a mobile phone number to start your Telegram account and yes, it works across both the Apple and Android platforms. Although it was started primarily as a messaging app, it has evolved into a social network that can be used to build groups around common interests. Both public and private groups can be set up as well as channels. It is also possible to search for people located close to you. And if you love stickers then you’ll love Telegram. Many consider it to have the best range of any messaging app! 

Is It Safe? 

Right from the start, Telegram has positioned itself as an app committed to private and secure messaging. However, the fact that end-to-end encryption is not automatically used on messages sent in Telegram means it is not as ‘secure’ as privacy focussed messaging platforms such as Signal which offer end-to-end encryption for all communication.  

It is important to note that Telegram users can choose for their chats to be ‘secret’ which means they will be end-to-end encrypted, meaning that only the sender and receiver can read the message – but you must opt in to have the additional level of privacy. But group chats, one of the app’s most popular features, cannot be end-to-end encrypted. 

How Does Telegram Deal With Controversial Content? 

One of the biggest issues with Telegram is the content shared in the app and the company’s “hands-off” approach to moderation. Telegram’s a truly unique combination of messaging and social media plus its publicly relaxed content moderation strategy means it attracts a certain style of the user who may have been outed from more mainstream online platforms. 

A quick Google will produce multiple examples of how Telegram has been widely used by fringe political groups. Security experts have acknowledged that Telegram is in fact ‘the app of choice’ for terrorist organizations. Neo-nazi groups have reportedly used Telegram as a recruiting platform and the far-right QAnon has reportedly set up a home on Telegram after messaging app Parler was suspended earlier this year. 

Now, of course, this sounds completely horrid and makes Telegram seem very unattractive. But I can assure you that my Telegram user experience has been quite bland. I have been using the app on and off for several months now and I’ve never been exposed to political or fringe content but I also haven’t gone looking for it. For me, it has been yet another way of connecting with people in my life with a couple of great stickers to assist! 

Should My Kids Use It? 

In my opinion, Telegram is an app best suited for a robust adult mind. According to the terms and conditions, Telegram users need to be 16+ to join up however as worldly parents, we all know those age restrictions are not a deterrent for many young people! 

While my experience has been no different from using other messaging apps like WhatsApp, I believe Telegram is not an appropriate app for an under 18 as there are too many risks:  

  • Pornographic and violent sexual content is available on Telegram if you chose to seek it out 
  • The ‘find people nearby’ feature allows users to be targeted with inappropriate material if settings haven’t been adjusted 
  • The ‘group nearby’ feature allows users to view groups without joining. There is a risk these groups may contain violent or harmful material. 
  • The lack of content moderation means users could be exposed to fringe political material which may be traumatic and hard to process. 

Now, of course, it is possible to adjust settings to minimize the risks when using the app. If location services are turned off and profiles are not marked visible, then finding ‘random’ groups and people via location will not be an option. And if the default privacy settings are adjusted so that your child can only be contacted by ‘my contacts’ as opposed to ‘everybody’ then this will minimize the risk of receiving communication from people they don’t know. 

So, if you or your kids are looking for a top-notch end-to-end encrypted messaging app then there are definitely better options around, such as Signal. And let’s not forget about WhatsApp which offers end-to-end encrypted messaging on everything sent in the app. Yes, your information will be shared with Facebook but only if you are messaging a business on the app, according to the company. Messages and calls between parties are still protected by end-to-end encryption. So many choices, so many messages to send! 

Happy messaging! 

Alex x 

The post Telegram – What Parents Need To Know Now appeared first on McAfee Blogs.

]]>
Teen Slang and Texting Acronyms Parents Should Know https://www.mcafee.com/blogs/family-safety/tbh-to-be-honest-and-more-slang-parents-should-know/ Sat, 06 Nov 2021 12:00:05 +0000 http://blogs.mcafee.com/?p=31994

If you pick up your teen’s phone on any given day, chances are the next stop you make will be...

The post Teen Slang and Texting Acronyms Parents Should Know appeared first on McAfee Blogs.

]]>

If you pick up your teen’s phone on any given day, chances are the next stop you make will be Google. That’s because, if you’re like most parents, you’re beyond baffled by texting language kids use.  

It’s okay, you are not alone if you feel out of the loop. As parents, we’re not invited to the party—and that’s okay. Slag belongs to the generation that coined it. And few of us are aching to use words like “sus” and “simp,” right? The goal of these updates isn’t to decode or invade.  It’s digital parenting 101. The more we know about what’s going on in our child’s world, the better we can parent. It’s our job to know 

So once a year we do our best to decipher some of the more common terms you may hear or see your kids use. Keep in mind: Slang isn’t universal. It changes from city to city and culture to culture. Terms and meanings may vary. Many of the words are fun and harmless, while others are specifically meant to mask risky behavior.  Remember, McAfee frees you to live your connected life safe from threats like viruses, malware, phishing, and more. Download award-winning antivirus that protects your data and devices today.

Here are a sampling of terms, acronyms, and phrases we came across this year*. 

Terms, Phrases & Acronyms

A real one. A person who is being authentic, genuine, trusted. 

And I oop. A phrase used after a funny mistake or accident.  

Awks. Short for awkward.  

Baddie. Name for an independent female who is tough and beautiful. 

Bands. Refers to bands around cash or a wealthy person. No doubt, the dude’s got bands 

Bet. A willingness to do something; means “yes” or “okay.”  

Big yikes. When you see something, that is a huge embarrassment.  

Booed up. To be in a romantic relationship. 

Bop. A really good song. That song is such a bop! 

Bread or Cheddar. Terms that refer to money.  

Breadcrumbing. Sending flirtatious text messages to another person to get their attention but remain non-committal. 

Bussin. Something is awesome. Her new hair color is bussin’. 

Cake. When someone’s body looks good. The girl in my science class has cake.  

Cancel. Reject or stop supporting a group or idea.  

Cap. A term that means “lie” or “false.” He said we were a couple. Cap! 

No cap. A phrase that means “no lie” or “for real” emphasizes telling the truth. I just saw him eat a bug. No cap! 

CEO. A term used to describe something that you’re very good at, making you the CEO of it. I’m the CEO of being late to class.  

Cheug. This term describes a person, idea, or situation that is outdated or inauthentic.  

Clout. A term that relates to a person’s follower count, fame, or influencer status. Sometimes an expression for an extravagant way of living.  

Chasing Clout. A term that describes a person who does and says things for the sole purpose of becoming more popular. 

Curve. To reject someone romantically. 

Cuffing. Wanting to date or cuff yourself to someone temporarily—at least until summer break.  

Do it for the gram. A phrase that describes someone doing something for the sole purpose of posting online. 

Drip. A term that describes someone’s style as sexy or cool. Zayne has some serious drip.  

Facts. When you agree with someone.  

Finsta. A second Instagram account used for sharing with a smaller circle of friends and followers.  

Fish. Fishing for compliments. 

Fit. Short for outfit. 

Flex. To show off or show something off.  

Get after it. Start with something with intensity. 

Ghost. Suddenly stop all contact with someone online and in person. 

Hundo P. Being 100% certain.  

Hypebeast. A term that describes someone who cares too much about popular things rather than being self-aware and genuine. 

I’m dead. Describes how you feel when something is hilarious. 

I’m weak. Like, dead, describes how you feel when something is hilarious. 

I can’t even. An expression used when you’ve had enough of someone or a situation.  

Keep it 100. Stay true to yourself and stick to your values. 

Lewk. Look.  

Left on read. When someone does not respond to your text. He left me on read! 

Lit. Cool or awesome. 

Mood. A term used to express a relatable feeling or experience. Seeing that kid by himself kicking a can is such a mood. 

Mutuals. People who follow and support one another on social media.  

Oof. An expression used when something bad happens, and you don’t know how to respond.  

Periodt. A term used to emphasize what you just said.  

Purr. Expressing approval. I’ve got nothing but purr for my friends.  

Receipts. Evidence to prove someone is either lying. Often in the form of screenshots, videos, or images.  

Savage. A cool person or someone overly direct or candid. 

Sketch. A sketchy or ominous situation, place, or person.  

Skrrt. To leave quickly or get away from someone (the sound a car makes).   

Ship. Short for relationship.  

Simp. Used to describe a guy who is seen as being too attentive and submissive to a girl.  

Sheesh. A term used to compliment someone when they look good or do something good.  

Suh. A combination of “sup” and “huh” used as a greeting. 

Sus. Short for suspect describing a situation, a person, or a claim. That guy is sus. Let’s get out of here.  

Shawty. An attractive female. Sometimes a short, attractive female.  

Sheee. An expression of disappointment, annoyance, or surprise. 

Slaps. A term used when something is awesome. The DJ slaps. 

Snatched. Describing a person or a thing that looks great. I’m jealous her makeup is so snatched.  

Stan. A combination of “stalker” and “fan” refers to an overly obsessed fan of a celebrity.  

Straight Fire or Fire. Describes something amazing. His new truck is straight fire. 

Thumpin’. Word to describe someone going very. I didn’t even see him leave. He was thumpin’. 

Vaguebooking. The act of posting vague Facebook or other social status updates for attention or as a cry for help. Wondering what the point of it all is anyway. 

Whip. A word that means car. Have you seen his new whip? 

Wig. When something has you so excited, your wig might come off; mind-blowing. The new Adele song!! WIIIIGGG! 

Yeet. Throwing something out of rage. Also used as an exclamation for being excited.  

NGL. Not Gonna Lie. 

NMH. Nodding My Head; an expression of agreement.  

NSA. No Strings Attached.  

HWU. Hey, what’s up? 

IYKWIM. If You Know What I Mean.  

RLY. Really? 

OG.Short for Original Gangster;a compliment for someone who is exceptional or authentic. 

ORLY. Oh really?

SMH. Shaking My Head. 

TFW. That Feeling When 

TT2T. Too Tired to Talk.  

L. Short for loose or loss. 

V. Short for very. 

W. Short for win. Their loss is our w.   

WYA. Where are you at? 

WYD. What are you doing? 

YK. You’re Kidding.

YKTS. You Know the Score. 

YKTV. You know the vibe.
 

(Potentially) Risky Terms & Acronyms

Addy/Study Buddy. Terms used in place of the medication Adderal.

Break Green. A term that means to share marijuana with others. 

Crashy. Combo of “crazy” and “trashy.”  

Daddy. An attractive man, usually older, who conveys a sense of power and dominance.

Faded/Cooked. Terms used to describe being high on drugs.  

Lit/Turnt Up. It can mean party or get drunk.  

MOS/POS. Mom Over Shoulder; Parent Over Shoulder.

Kush/Flower/Gas. Terms used in place of marijuana. 

Smash. To hook up for casual sex. Is he a smash or a pass? 

Thirsty. Adjective for a person desperate for attention or sex. 

Xan/Xans. Terms short for Xanax, a sedative used to treat anxiety. Also called xanny, beans, bars, and footballs. 

ASL. Age/sex/location. 

CD9. Can’t talk parents are here. 

CU46. See You For Sex. 

GALMA. Go Away Leave Me Alone.  

GOMB. Get Off My Back.  

GSW. Get Some Weed.  

LMIRL. Let’s meet in Real Life. 

KMS/KYS. Kill myself, Kill Yourself. 

ONG. On God; a term that implies a person is serious enough to swear “on god.” 

ONS. One Night Stand. 

Spice or K2. Code for synthetic marijuana, which can be more harmful than actual cannabis.  

URAL. You’re A Loser. 

WWTP. Want to Trade Pics? 

X or E. Letters that stand for ecstasy, otherwise known as “molly” or MDMA.  

Zaddy. A well-dressed, attractive man of any age. 

Zerg. A term that originated in the gaming community for gamers using the many against one strategy to win a game. A Zerg is a person who employs the same bullying tactics in real life. Stay away from him. He’s such a Zerg! Or Stay off that site. There’s too much zerging.  

Protect your connected life today with McAfee Total Protection

*Content collected from various sources, including NetLingo.com, slangit.com, cyberdefinitions.com, UrbanDictionary.com, webopedia.com, and conversations on TikTok, Reddit, and YouTube.  

The post Teen Slang and Texting Acronyms Parents Should Know appeared first on McAfee Blogs.

]]>
Squid Game Cryptocurrency Scam https://www.mcafee.com/blogs/consumer-cyber-awareness/squid-game-cryptocurrency-scam-cheats-investors-serves-as-a-warning/ Wed, 03 Nov 2021 16:54:36 +0000 https://www.mcafee.com/blogs/?p=130933

It’s little surprise that a digital currency scam based on the popular Squid Games series on Netflix is making the news.   If you haven’t...

The post Squid Game Cryptocurrency Scam appeared first on McAfee Blogs.

]]>

It’s little surprise that a digital currency scam based on the popular Squid Games series on Netflix is making the news.  

If you haven’t caught wind of it yet, the story goes along the following lines: 

Note that this Squid Game cryptocurrency had no relationship to the show or to Netflix, aside from hijacking the Squid Game name without permission so that the scammers could use it as bait. 

The Squid Game scam: one of many cryptocurrency scams 

Scams such as this are nothing new. Earlier this year, an “initial coin offering” (ICO) called Mando turned out to be a scam as well. Based on Disney’s popular Star Wars series, The Mandalorian, the scammers used the name and the Star Wars-themed imagery around it without permission. Then, just as suddenly they used the popular name to drum up investments in the ICO, the scammers disappeared with the money they garnered from the “pre-sale” of the bogus Mando cryptocurrency. 

With all the fervor around cryptocurrencies, scams associated with them are on the rise and have been for some time. A study published by Investopedia found that 80% of cryptocurrencies are scams and that only 8% of cryptocurrencies make their way onto legitimate trading exchanges. 

In the case of the Squid Game cryptocurrency, there were several apparent signs that it was bogus to begin with. Reports call out the fact that the currency was not available for purchase on mainstream platforms. Instead, investors could only purchase the cryptocurrency on a platform that doesn’t guarantee the transactions made upon it. Further, investors could only buy the currency, not sell it, effectively locking them in.  

Other indications were found in the accompanying website and technical white paper, which were laden with spelling and grammatical errors, along with apparently unsubstantiated claims. In all, red flags such as those are very similar to the ones associated with phishing attacks—where scammers co-opt the identities of well-known brands and organizations in bogus emails and websites, albeit in an often-clumsy fashion. Errors like those are often a telltale sign that something sketchy is afoot. 

Protecting yourself from cryptocurrency scams 

1. Working with an accredited financial adviser is always a sound step with any investment you choose to make, as is only investing funds you can afford to lose if the investment falls through.  

2. Steer clear of cryptocurrency investments that ask you to contribute money directly from one of your own accounts rather than via a reliable platform that is verified 

3. Consider dependable cryptocurrencies such as Bitcoin, Ethereum, and Litecoin—of course recognizing that even legitimate cryptocurrencies can be highly volatile investments. 

4. Regard any cryptocurrency based on a pop culture reference like movies, memes, and shows with a highly critical eye. It may very well be a scam built around buzz rather than an earnest attempt at launching a legitimate cryptocurrency, such as it was with the Squid Game scam. 

The game where only the scammer are the winners 

Just as Netflix’s Squid Game is one in a long string of hit shows that’ll capture our attention, we can count on a similarly long string of cryptocurrency scams to continue. In this case, the Squid Game cryptocurrency scam was rigged from the start, despite the warning signs. After all, an investment people can only buy into but never sell is scam, plain and simple.  

The post Squid Game Cryptocurrency Scam appeared first on McAfee Blogs.

]]>
The Bug Report – October Edition https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/the-bug-report-october-edition/ Wed, 03 Nov 2021 04:01:53 +0000 https://www.mcafee.com/blogs/?p=130759

Your Cyber Security Comic Relief Apache server version 2.4.50 (CVE-2021-42013) Why am I here? Regardless of the origins, you’ve arrived...

The post The Bug Report – October Edition appeared first on McAfee Blogs.

]]>

Your Cyber Security Comic Relief

Apache server version 2.4.50 (CVE-2021-42013)

Why am I here?

Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview of what we believe to be the most noteworthy vulnerabilities over the last month. We don’t rely on a single scoring system like CVSS to determine what you need to know about; this is all about qualitative and experience-based analysis, relying on over 100 years of combined industry experience within our team. We look at characteristics such as wormability, ubiquity of the target, likelihood of exploitation and impact.  If you don’t agree with these picks, we encourage you to write a strongly worded letter to your local senator. In lieu of that, we present our top CVEs from the last month.

Apache: CVE-2021-41773 and CVE-2021-42013

What is it?
2 CVES / 1 Vuln – It appears Apache struggled a bit with this latest critical vulnerability, where it took two tries to fix a basic path traversal bug, which was introduced while patching last month’s SSRF mod_proxy vulnerability. As path traversal bugs do, this allows unauthorized users to access files outside the expected document root on the web server. But wait, there’s more! This can lead to remote code execution provided mod-cgi is enabled on the server.

Who cares?
A quick Shodan scan told me there are at least 111,000 server admins that should care! With Apache being the second largest market share holder of implemented webservers, there is a good chance your organization is using it somewhere. It’s always important to consider both internal and external facing assets when looking at your exposure. Apache is even commonly used as an embedded webserver to other applications and should be reviewed for use in any installed 3rd party applications. Oh yeah – and if you overlook an instance you have installed somewhere, this IS currently being actively exploited in the wild – no pressure.

What can I do?
Oh! I know, use Microsoft IIS! If you’re not ready to completely abandon your webserver implementation, I suggest updating to Apache 2.4.51. Remember to avoid version 2.4.50 as it does not patch both vulnerabilities. If you have been an astute system admin and followed the Apache documentation using the default and pretty darn secure “require all denied” directive for all files outside the document root, kudos to you! Although patching is still highly recommended, you are not immediately vulnerable.

The Gold Standard
We recognize in some special cases patching is harder than compiling gcc from source, so McAfee Enterprise has you covered; we have been detecting path traversal attacks in our Network Security Platform (NSP) like it was going out of style since 1990 (and it was).

Win32k Driver: CVE-2021-40449

What is it?
Ain’t nothin’ free anymore! Except kernel module addresses on your Windows machines, thanks to Microsoft Windows CVE-2021-40449. This vulnerability is a use-after-free in the NtGdiResetDC function of the Win32k driver and can lead to attackers being able to locally elevate their privileges.

Who cares?
Are you currently reading this from a Microsoft Windows machine? Using Microsoft Server edition in your cloud? Local attacks are often given lower priority or downplayed. However, it is important to recognize that phishing attacks are still highly successfully as an initial point of entry, facilitating a need for privilege escalation bugs to obtain higher level access. So, unless you are a hardcore Linux and Mac-only shop, you may want to patch since this is actively being exploited by cybercriminals, according to our friends at Kaspersky.

What can I do?
That boring Microsoft patch Tuesday thing still works, or you could just use a superior operating system like FreeBSD.

The Gold Standard
Have you checked out the latest version of McAfee Enterprise ENS lately? Detecting exploitation and cybercriminal activity is sort of its thing, assuming you have grabbed the latest signatures.

Apple iOS: CVE-2021-30883

What is it?
An integer overflow vulnerability in the iOS “IOMobileFrameBuffer” component can allow an application to execute arbitrary code with kernel privileges. This has additionally been confirmed to be accessible from the browser.

Who cares?
Since Apple still reportedly holds 53% market share of all smartphone users, statistically speaking your organization should care too. It only takes one bad apple to hack your entire network, and with reported active exploitation in the wild it might happen sooner than you think.

What can I do?
You should be sensing a common theme in this section – and, in this case, you actually can take action! Stop reading this, plug that mobile device into a power source, and install the latest version of Apple iOS.

The Gold Standard
Since you stopped reading and updated already, congrats!

The post The Bug Report – October Edition appeared first on McAfee Blogs.

]]>
The Ultimate Holiday Shopping Guide https://www.mcafee.com/blogs/consumer-cyber-awareness/the-ultimate-holiday-shopping-guide-secure-gadgets-for-everyone/ Tue, 02 Nov 2021 22:01:19 +0000 https://www.mcafee.com/blogs/?p=130864

The holidays are almost here! That means it’s time to start making your list and checking it twice. To help prepare you for...

The post The Ultimate Holiday Shopping Guide appeared first on McAfee Blogs.

]]>

The holidays are almost here! That means it’s time to start making your list and checking it twice. To help prepare you for this year’s holiday shopping spree, McAfee is providing you with the ultimate holiday shopping list for every Tech lover in your family. Here are the devices to keep on your radar this holiday shopping season and what you should use to protect them.  

For the Gaming Guru  

Know someone who enjoys vanquishing aliens, building virtual amusement parks, and online battle royale? There’s a good chance that you do, as