Sunday, Aug 09, 2020 | Last Update : 08:51 PM IST

138th Day Of Lockdown

Maharashtra49026232728117092 Tamil Nadu2850242275754690 Andhra Pradesh2170401296151939 Karnataka164924842322998 Delhi1441271293624098 Uttar Pradesh118038698332028 West Bengal89666630601954 Telangana7751354330615 Bihar7578648673419 Gujarat68855517922604 Assam5549737225132 Rajasthan5065636310776 Odisha4419328698307 Haryana4005433444467 Madhya Pradesh3729827621962 Kerala3312020862107 Jammu and Kashmir2439020862459 Punjab2193014040539 Jharkhand165427503154 Chhatisgarh11408831987 Uttarakhand89015731112 Goa7947559570 Tripura6014408437 Puducherry5123291475 Manipur3635192711 Himachal Pradesh3242201513 Nagaland26888937 Arunachal Pradesh204913263 Chandigarh137482023 Meghalaya10234236 Sikkim8544061 Mizoram5672890
  Technology   In Other news  30 Oct 2019  A cybersecurity horror story: October’s creepiest threats and how to stay secure

A cybersecurity horror story: October’s creepiest threats and how to stay secure

THE ASIAN AGE
Published : Oct 30, 2019, 1:18 pm IST
Updated : Oct 30, 2019, 1:18 pm IST

Let’s take a look at what ghoulish threats have been leading to some tricks (and no treats) around the cybersphere this month.

One ghost that recently caused some hocus pocus across the Web is Ghostcat-3PC.
 One ghost that recently caused some hocus pocus across the Web is Ghostcat-3PC.

Halloween time is among us and ghosts and goblins aren’t the only things lurking in the shadows. This past month has brought a variety of spooky cyberthreats that haunt our networks and devices. From malicious malware to restricting ransomware, October has had its fair share of cyber-scares.

Let’s take a look at what ghoulish threats have been leading to some tricks (and no treats) around the cybersphere this month.

 

Ghostcat Malware

One ghost that recently caused some hocus pocus across the Web is Ghostcat-3PC. According to SC Magazine, the malware’s goal is to hijack users’ mobile browsing sessions.

The infection begins when a user visits a particular website and is served a malicious advertisement. Ghostcat fingerprints the browser to collect device information and determines if the ad is running on a genuine webpage. Ghostcat also checks if the ad is running on an online publishers’ page that has been specifically targeted by this campaign. If these conditions are met, then the malware serves a malicious URL linked to the ad.

From there, this URL delivers obfuscated JavaScript, which creates an obscure source or machine code. The attackers behind Ghostcat use this to trick the publishers’ ad blockers, preventing them from detecting malicious content. The code also checks for additional conditions necessary for the attack, like ensuring that the malware is being run on a mobile device and a mobile-specific browser, for example. If the malware concludes that the browsing environment fits the descriptions of their target, it will serve a fraudulent pop-up, leading the user to malicious content.

 

Bewitched WAV Files

Ghostcat isn’t the only way malware is being spread lately, as, according to ZDNet, attackers have manipulated WAV audio files to spread malware and cryptominers. By using a technique called stenography, malware authors can hide malicious code inside of a file that appears normal, which allows hackers to bypass security software and firewalls.

Previously, cybercriminals have used stenography revolving around image file formats like PNG or JPEG. However, these crooks have now upped the ante by using WAV audio files to hide different types of malware. Most recently, researchers found that this technique is used to hide DLLs, or dynamic link libraries that contain code and data that can be used by more than one program at the same time. If malware was already present on an infected host device, it would download and read the WAV file, extract the DLL, and install a cryptocurrency miner called XMRrig. Cryptocurrency miners compile all transactions into blocks to solve complicated mathematical problems and compete with other miners for bitcoins. To do this, miners need a ton of computer resources. As a result, miners tend to drain the victim’s device of its computer processor’s resources, creating a real cybersecurity headache.

 

MedusaLocker Ransomware

Finally, we have the mysterious MedusaLocker ransomware. According to BleepingComputer, this threat is slithering its way onto users’ devices, encrypting files until the victim purchases a decryptor.

This strain will perform various startup routines to prep the victim’s device for encryption. Additionally, it will ensure that Windows networking is running and mapped network drives (shortcuts to a shared folder on a remote computer or server) are accessible. Then, it will shut down security programs, clear data duplicates so they can’t be used to restore files, remove backups made with Windows backup, and disable the Windows automatic startup repair. For each folder that contains an encrypted file, MedusaLocker creates a ransom note with two email addresses to contact for payment. However, it is currently unknown how much the attackers are demanding for the victim to have their files released or if they actually provide a decryptor once they receive a payment.

 

With all of these threats attempting to haunt networks and devices, what can users do to help themselves have a safe and secure spooky season? Follow these tips to keep cybersecurity tricks at bay:

  • Watch what you click. Avoid clicking on unknown links or suspicious pop-ups, especially those coming from someone you don’t know.
  • Be selective about which sites you visit. Only use well-known and trusted sites. One way to determine if a site is potentially malicious is by checking its URL. If the URL address contains multiple grammar or spelling errors and suspicious characters, avoid interacting with the site.
  • If your computer slows down, be cautious. One way you can identify a cryptojacking attack – poor performance. If your device is slow or acting strange, start investigating and see if your device may be infected with malware.
  • Surf the web safely. You can use a tool like McAfee WebAdvisor, which will flag any sites that may be malicious without your knowing.
  • Use a comprehensive security solution. To secure your device and help keep your system running smoothly and safely, use a program like McAfee Total Protection.

 

Tags: cybercrime, mcafee, cyber security