Avosec’s new security operations centre ensures users have 360-degree cyber security protection

 

(London, UK) July 13, 2020: COVID-19 has brought change to every aspect of life. Businesses are closed, staff are working remotely, and the global economy has slowed significantly. While many business sectors have slowed down, one sector is busier than ever – cyber crimes. In the last week of March alone, Microsoft reported more than 110,000 phishing attacks on businesses and offices. As well as focusing on their core services and products, businesses are being tasked with implementing new health and safety measures, managing remote workforces and navigating government loan programs, it’s no wonder that for many, cyber security has taken a back seat, leaving companies vulnerable to data breaches as well as serious cyber attacks.

Avosec, a European leader in managed IT services, is launching a new security operations centre (SOC) for end user clients. While the company has focused its working relationships on large organizations and businesses in the past, it is now bringing the security and convenience of its premium cyber security protection to small businesses, software resellers and computer support companies. The new service is dedicated to covering all aspects of business security needs including managed anti-virus protection, email and content filtering, and disaster recovery. Clients will have access to leading edge cyber security protection and effortless one-on-one IT helpdesk support when needed.

The online security and IT experts at Avosec encounter a sense of complacency amongst network end users on a daily basis. Perhaps out of a mistaken sense that their business won’t be targeted, or that they are too small to afford professional cyber security, most small businesses will only think about security after a phishing or cyber attack has happened and their network, customer information, and work product have been compromised. Avosec CEO explains why businesses need to be proactive with their cyber security and data recovery planning.

“With businesses suffering so much down time already, being taken offline or having to deal with privacy breaches is the last thing that companies need,” explains James Norris, CEO of Avosec. “The new SOC service being offered by Avosec will provide clients with anti-virus, content filtering and patch management services and will go a step further into fully managed backup and disaster recovery assistance. Clients will have the assurance of knowing their network, online activities and email systems are fully protected, while never having to do any of the technical work themselves.”

Avosec’s new SOC service launches this week. With offices in London, England, Sofia, Bulgaria and Pune, India, Avosec has the resources and staff to provide support and monitor cyber security for its clients around the clock. For more information or to connect with the IT security experts at Avosec, please visit www.avosecmsp.com.


Mobile threats are everywhere – here’s what you can do

Even if your company issues you a locked-down smartphone, embracing best security practices remains vital

Our smartphones. Where would we be without them?

If you’re anything like me, making a phone call is the fifth or sixth reason to reach for your Android or iPhone. Whichever OS you favor, a good portion of the key components that make up your digital life — email, texting, social media, shopping, banking, hobbies, and work duties — now route through these indispensable contraptions much of the time.

Cybercriminals know this, of course, and for some time now they have been relentlessly seeking out and exploiting the fresh attack vectors spinning out of our smartphone obsession.

Don’t look now, but evidence is mounting that the mobile threats landscape is on the threshold of getting a lot more dicey. This is because mobile services and smartphone functionalities are rapidly expanding, and, as you might expect, cyberattacks targeting mobile devices and services are also rising sharply. Here are a few key developments everyone should know about.

Malware deliveries

Upon reviewing Android usage data for all of 2018, Google identified a rise in the number of “potentially harmful apps” that were preinstalled or delivered through over-the-air updates. Threat actors have figured out how to insinuate themselves into the processes that preinstall apps on new phones and push out OS updates.

Why did they go there? Instead of having to trick users one by one, fraudsters only have to deceive the device manufacturer, or some other party involved in the supply chain, and thereby get their malicious code delivered far and wide.

In a related development, OneSpan, a Chicago-based supplier of authentication technology to 2,000 banks worldwide, reports seeing a rise in cyber attacks targeting mobile banking patrons. “Popular forms of mobile attacks, at this point in time, include screen scrapers and screen capture mechanisms, as well as the installation of rogue keyboards,” said OneSpan security evangelist Will LaSala.

This isn’t just an Android problem. “Apple’s system is a bit more closed, so you don’t see it as much, but it does exist,” LaSala told me.

Booby-trapped selfie apps

The fact remains that Android commands an 85% share of the global smartphone operating system market, and that’s irresistible to criminals. To wit, Avast researchers recently discovered several “selfie beauty apps” on the Google Play Store posing as legitimate apps. However, the three apps in question — Pro Selfie Beauty Camera, Selfie Beauty Camera Pro, and Pretty Beauty Camera 2019 — were really tools to spread adware and spyware.

On one level, the apps provided the seemingly innocuous functionality of filtering and modifying selfie photos. Below the surface, however, they primarily functioned as tools to aggressively display ads, as well as to install spyware capable of making calls, listening to calls, retrieving the device’s location, and changing a device’s network state.

Forensics conducted by Avast revealed that each app had at least 500,000 installs, with Pretty Beauty Camera 2019 logging over 1 million, mainly by Android users in India. With that many installs, these apps have generated thousands of reviews, most of which rate the apps poorly. And the handful of positive reviews were most likely faked.

Structurally unsound

Rising mobile threats have not escaped notice by company decision makers who may have thought they had solved security exposures created by BYOD, the trend where employees bring personally owned devices into the workplace.

Companies today routinely issue corporate-controlled devices, or they insist that employees install device management software on personal devices used for work. Meanwhile, mobile security continues to advance, giving companies more options for dealing with shifting BYOD risks.

But the corporate sector is still a long, long way from coming to grips with rapidly expanding mobile security exposures. The problem is a structural one. The supply chain that puts a smartphone (jam-packed with cool apps) into your hands is not as monolithic as it was when PC-centric networks arose.

In mobile, independent app developers have little incentive to deliver secure software, much less participate in any initiatives to improve the security of the platforms they write for. Meanwhile, device manufacturers put out new models so often that it becomes logistically impossible to keep up with vulnerability management. And the telecoms don’t want to get involved in pushing out security updates for fear of bricking millions of phones.

So what does this all add up to for the average consumer? It means the Wild Wild West of mobile attacks is just warming up… and Wyatt Earp is nowhere in sight. It’s up to you to protect yourself and the organizations you care about in today’s increasingly dangerous mobile landscape.

Following these nine best practices tips is a good place to start. In a nutshell: lock your device; click judiciously; use antivirus. Talk more soon.

 

 

avast distributor, avast support, avosec


Cybercrime comes to school lunches

Avast Security News Team, 11 May 2019

School lunches exec faces felony charges related to the hacking of his rival’s network to expose weak security

Every form of crime seems to invade the world of cybersecurity. Sooner or later that had to include the age-old childhood bullying trauma of school lunch theft. Except in this case the pilfered prize was data, not baloney.

Keith Wesley Cosbey, CFO of California school lunch provider Choicelunch, was arrested in April on two felony counts — identity theft and unlawful computer access. The San Francisco Chronicle reports that law enforcement accuses Cosbey of hacking into the network of longtime Choicelunch rival The LunchMaster, accessing sensitive student data including names, grades, meal preferences, and allergy info.

The charges contend that Cosbey, claiming to be an anonymous tipster, then sent the stolen data to the California Department of Education in an attempt to discredit The LunchMaster by exposing weak security and complaining the company does not do enough to protect student data.

When the Department of Education confronted The LunchMaster about the breach, the company launched an internal investigation. The LunchMaster cybersecurity team was able to trace the breach back to an IP address in Danville, Calif., where Choicelunch is based. The LunchMaster contacted the FBI in April 2018, and after a yearlong investigation, Cosbey was arrested.

Cosbey is currently out on $125,000 bond and is due in court later this month. If convicted, he faces over three years in prison. This week, investigators allowed LunchMaster to notify families affected by the breach, which the company has been doing, The Chronicle reported.

avosec distribution, avast partner


18 duped via phishing

18 duped via phishing, conmen from Rajasthan, West Bengal

In a fresh spate of cyber attack incidents being reported in the city, conmen from Rajasthan and West Bengal have been found targeting people via phishing – sending emails to steal bank account data.

LUCKNOW: In a fresh spate of cyber attack incidents being reported in the city, conmenfrom Rajasthan and West Bengal have been found targeting people via phishing – sending emails to steal bank account data.

In earlier cases of duping, conmen used to call targets posing as bank officials and asked for debit and credit card details on phone and then siphoned off money.

In fresh incidents, conmen are posing as insurance agents and only asking for e-mail IDs on phone. Then they send mails offering lucrative deals, the links for which redirect user to a webpage which asks to enter PAN, Aadhaar, details of bank accounts. The details are then use to siphon off money from bank accounts.

“Once you start a deal, you’re offered huge discounts and then asked to enter details of bank accounts to take the deal ahead and are finally duped,” said cyber cell in charge Abhay Mishra.

In last two months, 18 complaints of conmen using phishing to dupe victims have been received. Two such incidents were reported on Monday.

“The initial probe revealed that in 10 cases, conmen operated from West Bengal, while in six the tricksters were from Rajasthan. We are in touch with cyber sleuths of Rajasthan and Bengal police,” said Mishra.

First such complaint was reported on July 29 when Anand Sirothia, a businessman from Mahanagar, was duped via phishing.

Sirothia stated in his complaint that he got offer for a lucrative business deal of selling imported furniture online and getting 50% commission per item.

He followed the instructions on email and was asked to deposit Rs 10,000 as security on company website and the money got deducted from his account. But he was bewildered when he got a message of some item purchase.

Sirothia tried calling the number but no one responded. He then informed the cyber cell.

 

Cybersecurity Specialists Avosec are here if you need help with ransomware and cybersecurity then get in touch. Contact us

 

 

The Economist India


A NUUO zero-day vulnerability gives hackers your camera feed.

New vulnerabilities found in NUUO surveillance software can put cybercriminals in the director’s chair. When exploited through a stack buffer overflow, the Peekaboo vulnerability grants hackers full control over the surveillance video. Assuming control remotely, a hacker can tamper with the recording, tamper with the feed itself, and generally execute any code he or she wants in the software. This major security flaw is reportedly present in hundreds of thousands of devices around the world, such as the NUUO NVRMini2, a network-attached storage (NAS) device.

Another vulnerability is a backdoor that can be created out of leftover debug code in the software. So, along with access to the surveillance feed, the flaws allow hackers to burrow into the surveillance data, accessing login credentials, port usage, IP addresses, and info on the camera equipment. NUUO provides surveillance video management for residential complexes as well as industries such as banking, transport, and government.

Avast Security Evangelist Luis Corrons comments, “We always say that IoT devices have to be protected, updated, with non-default credentials, etc., which is right. However, this vulnerability could compromise video cameras even if all those precautions have been taken, as the attackers can get the credentials from the NVRMini2. In other words, it can be used to create new armies of IoT bots.”

As for anyone currently using an NVRMini2, Luis has some advice: “Right now, make sure it is isolated from the internet and that only authorized employees can access it through the local network until a patch is available. And those that use a solution from another vendor have to make sure that the vulnerable software is not being used, as NUUO offers it to several providers as OEM and whitelabel.”

NUUO reports that a patch is being developed, though there is no indication yet when it will become available. In the meantime, Avast recommends that if you use NUUO technology, you stay aware of these new zero-day vulnerabilities and keep vigilant for any odd behavior from the software.

 

 

Cybersecurity Specialists Avosec are here if you need help with ransomware and cybersecurity then get in touch. Contact us


180 million threats on Windows devices of individual and enterprise users between April and June

Global IT security firm Quick Heal Technologies on 19 September said it detected more than 180 million threats on Windows devices of individual and enterprise users between April and June of this year.

More than two million malware, 16,000 ransomware, 13,000 cryptomining malware, 141,000 exploits, and 40,488 potentially unwanted applications (PUAs) and adware were detected on a daily basis, according to the quarterly threat report released by Quick Heal Technologies and its enterprise security brand Seqrite.

Windows 10. image: Microsoft

Windows 10. image: Microsoft

“Cybercriminals are at a completely different level today than they were a few years ago. They are using novel technologies to drive increasingly-complex attacks and are targeting larger user bases,” Sanjay Katkar, joint managing director and chief technology officer, Quick Heal Technologies, said in a statement.

“The latest threat report highlights this risk that individuals and businesses in India currently face with this evolution of the threat landscape,” Katkar said.

According to data from the report, the Trojan Horse families retained its position as the most dominant malware in the second quarter of 2018, registering a quarter-on-quarter growth of four percent.

The security experts at Quick Heal Technologies also identified a spike in the EternalBlue exploit, which was used for the WannaCry ransomware attack, one of the biggest global cybersecurity incidents ever seen.

Other key trends identified in the report include a significant increase in the number of ransomware attacks targeting the Master Boot Record (MBR) of infected devices and cryptomining.

The report also revealed the rise of cryptojacking as one of the most worrying security trends and warned about it becoming an “advanced threat” as it is the new source of getting direct monetary benefits to cyber criminals.

Cryptojacking attacks remain undetected for a long time and can often be used as a platform to launch other complex attacks.

Cybersecurity Specialists are hard to find but Avosec is here, if you need help with ransomware and cybersecurity then get in touch. Contact us

 

 

 

 

Credit to. www.firstpost.com


Beware of cyber attacks this holiday season!

As the calendar enters into September, a celebratory mood envelops the entire subcontinent. With a range of festivals throughout the festive autumn months, this is truly a time of celebration and joy as the entire country comes together. Whether it is Ganesh Chaturthi, Durga Puja, Diwali or Christmas, people everywhere are in a merry mood, spending time with their families and friends.

These festive times also mean that it is a great time for shopping. Thousands of Indians shop for new things and with the advent of e-commerce, they log online to find the best deals and discounts. Unfortunately, holidays seasons are often the breeding grounds for cybercriminals who readily leverage security glitches and lack of attention towards cybersecurity to initiate various scams.

Some of the common ways in which users can get scammed by cybercriminals in these festive teams is through malware disguised as something safe. So hence, an e-card you receive from a gift may seem like a sweet gesture, but be careful, there may be malicious code disguised inside it. Or criminals can try and lure unsuspecting individuals of free gifts and discount coupons, which they know people are searching for during the holiday season. These lured people will click on suspicious links or fill out forms providing personally identifiable information to cybercriminals who will sell it off to advertisers.

Vigilance is always one quality with which everyone should use the Internet but in the holiday season, it is advised to be even more careful. Following the basics goes a long way as illustrated in these tips below:

  1. Change your Password (s)

A simple rule but even more relevant during these times. Even if you haven’t changed your password all this time, make a note and change it before indulging in festive shopping. Maintain different passwords for different accounts. This way, you are safe and even if your personal information gets breached, the hackers will not be able to use your other accounts.

  1. Don’t Shop on Public WiFi

You never know who could be watching your activity on a public WiFi. Wifis used at airports, cafes and other public areas can be extremely rudimentary without too many security features. These make it very easy for hackers to set up specialized software to collect all the activity that happens on these networks. Keeping that in mind, indulging in any activity where you have to give financial information on these networks would be stupid. Don’t do it.

  1. Keep Devices Updated

People are in a rush during this season and often tend to procrastinate or overlook important tasks. This means important software, which include anti-malware, firewall and anti-virus solutions, may not be updated at stretch. Computers and phones will continue to remain unpatched which makes them vulnerable to new threats in the wild, a fact cybercriminals are extremely well-aware of.

A smart customer will stay ahead of the curve and ensure they download the necessary updates always when required.

  1. Don’t Be Tricked When Shopping Online

Be careful when shopping online this season. Check the URL of the website you are on so that it is secure. Do research around an e-commerce site you haven’t heard of, to ensure you don’t lose your money. Be very wary of deals that seem too good to be true – in most cases, these deals are just a front to get your personal information. The same applies to emails from purported e-commerce companies – check their details thoroughly even if they look like they’ve come from a genuine well-known website. As anyone knows, forging these details isn’t very difficult.

  1. Check your bank account and statement

Always keep checking your bank account and statement to ensure that there are no suspicious transactions. In the rush of the holiday season, customers can often go on swiping cards regularly and then forget to check their accounts. If there’s something suspicious that is happening, it is important that it is flagged immediately so that the necessary action can be taken.

 Stay cyber aware and stay safe. Wish you a happy holiday season!

 

 

 

Provide protection from such threats. Contact us.

 

 

 

 

 

Credit to Quick Heal India


Avast Security Researcher Martin Hron explains why your smart speakers may be the next big target

Avast Security Researcher Martin Hron explains why your smart speakers may be the next big target by cyber criminals. Smart speakers accumulate personal info and deep-level permissions the more we incorporate them into our lives, and they become virtual (and literal) treasure troves to criminals looking to steal your identity or your money ➤ http://bit.ly/2phJka

 

Secure your information and contact Avosec today.


Avast research finds at least 32,000 smart homes and businesses at risk of leaking data

Avast research finds at least 32,000 smart homes and businesses at risk of leaking data

REDWOOD CITY, Calif. – August 16th, 2018 – New research from Avast (LSE: AVST), the global leader in cybersecurity products, found more than 49,000 Message Queuing Telemetry Transport (MQTT) servers publicly visible on the internet due to a misconfigured MQTT protocol. This includes more than 32,000 servers with no password protection, putting them at risk of leaking data. The MQTT protocol is used to interconnect and control smart home devices, via smart home hubs. When implementing the MQTT protocol, users set up a server. In the case of consumers, the server usually lives on a PC or some mini computer such as Raspberry Pi, to which devices can connect to and communicate with.

While the MQTT protocol itself is secure, severe security issues can arise if MQTT is incorrectly implemented and configured. Cyber criminals could gain complete access to a home to learn when their owners are home, manipulate entertainment systems, voice assistants and household devices, and see if smart doors and windows are opened or closed. Under certain conditions cybercriminals can even track a user’s whereabouts which can be a serious privacy and security threat.

“It is frighteningly easy to gain access and control of a person’s smart home, because there are still many poorly secured protocols dating back to bygone technology eras when security was not a top concern,” said Martin Hron, security researcher at Avast. “Consumers need to be aware of the security concerns of connecting devices that control intimate parts of their home to services they don’t fully understand and the importance of properly configuring their devices.”

Martin Hron describes five ways in which poorly configured MQTT servers can be abused by hackers:

  1. Open and unprotected MQTT servers can be found using the Shodan IoT search engine, and once connected, hackers can read messages transmitted using the MQTT protocol. Avast research shows that hackers can read the status of smart window and door sensors, for example, and see when lights are switched on and off. In this particular case, Avast also found that outsiders could control connected devices or at least poison data using the MQTT protocol on behalf of devices. This way, for example, an attacker could send messages to the hub to open the garage door.
  2. Even if an MQTT server is protected, Avast found that a smart home can be hacked as in some cases, the dashboard used to control a smart home’s control panel runs on the same IP address as the MQTT server. Many users use default configurations that come with their smart home hub software, and these are often not password protected, meaning a hacker can gain complete access to a smart home’s dashboard, allowing the hacker to control any device connected via the dashboard.
  3. Even if both the MQTT server and dashboard are protected, Avast found that in the case of smart hub software, Home Assistant software, open and unsecure SMB shares are public and therefore accessible to hackers. SMB is a protocol used for sharing files on internal networks, mainly on the Windows platform. Avast found publicly shared directories with all the Home Assistant files including configuration files. In the exposed files, Avast found a file storing passwords and keys stored in plain text. The passwords stored in the configuration file can allow a hacker to gain complete control of a person’s home.
  4. Smart homeowners can use tools and apps to create a dashboard for an MQTT-based smart home, to control their connected devices. A particular application, MQTT Dash, allows users to create their own dashboard and control panel to control smart devices using MQTT. Users have the option to publish the settings they set up using the dashboard to the MQTT server, so they can easily replicate the settings on as many devices as they would like. If the MQTT server used is unsecure, a hacker can easily access the user’s dashboard, which allows them to easily hack the smart home.
  5. Avast found that MQTT can, in certain instances, allow hackers to track users’ location, as MQTT servers typically concentrate on real time data. Many MQTT servers are connected to a mobile application called OwnTracks. OwnTracks gives users the possibility to share their location with others, but can also be used by smart home owners to let the smart home devices know when the user is approaching the home, to activate smart devices, like smart light lamps. In order to configure the tracking feature, users have to configure the application by connecting to an MQTT server and expose the MQTT server to the internet. During this process, users are not required to setup login credentials, meaning anyone can connect to the MQTT server. Hackers can read messages that include a device’s battery level, location using latitude, longitude, and altitude points, and the timestamp for the position.

Avast’s full research can be found on the Avast blog: https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes