Malware Surged in 2013

Malware, short for malicious software, is a general term for hostile or intrusive software that is used to disrupt computer operations, gather sensitive information, or gain access to computer systems.

According to industry sources, 20 percent of all of the malware that's ever existed was created in 2013. That is, 30 million new threats were created in just one year or about 82,000 a day. This represents a dramatic malware surge over previous years.

A threat is any new release of malware. This may be a totally new threat or a variation on an existing piece of malware. A very minor change to the code of an existing threat is counted as a new threat because the change will probably have been devised to get around anti-virus or other security systems.

Here's a summary of the malware that was created in 2013:

Total threats... 30 million (100%)

Trojans... 21 million (70.0%)

Viruses... 2.5 million (8.5%)

Worms... 4 million (13.3%)

Adware / spyware... 2 million (6.9%)

Other... 0.5 million (1.3%)

A Trojan is a hacking program that gains access to your computer's operating system by offering something desirable such as a free app which, when you download it, includes malicious code.

A virus is a program that infects executable files (in which the name ends in.exe) such as an app. A worm is a standalone program that actively transmits itself to other computers.

Adware shows advertisements automatically. Spyware gathers your information, such as internet surfing habits, user logins, and banking or credit card information, without your knowledge.

As regards actual infections, Trojans accounted for nearly 80% of infections detected in 2013.

The most infected country was China with 54 percent of the total infections. This may be because China has the highest percentage of users running Windows XP, which is considered to be a very vulnerable operating system.

Targeted attacks

While the sheer volume of malware created last year is extremely worrying, the most disturbing aspect of Internet security in 2013 was the successful assaults on Twitter, Facebook, Apple and Microsoft. These are major tech companies whose security systems should be unbreachable. So, if the experts are vulnerable, what about the rest of us?

Starting with Twitter in February, these four companies were targeted in sophisticated attacks that exploited an unpatched vulnerability in Java. Unpatched is geek-speak for "not fixed yet".

The attack on Adobe was one of the worse incidents in 2013. Source code for some of company's products was compromised, and the usernames and passwords of more than 38 million users were lifted.

The attacks on Twitter were laughable in a way but could have had deadly serious effects. Hackers used the Associated Press' Twitter account to send out fake news alerts claiming that bombs had been detonated at the White House and that President Obama had been injured.

The Twitter account of Burger King was also hacked. The attackers changed the site's images to images lifted from McDonalds and tweeted that Burger King had been taken over by its rival. It would be interesting to see who bought and sold shares in both those companies on that day.

Passwords... lessons learned?

The breach at Adobe revealed the extent of users' laxity when it comes to passwords.

An analysis of what happened at Adobe reveals that nearly two million account-holders (about five percent of the total) used the extremely insecure password "123456", even though this type of password has been shown to be easy breachable in the past.

Another half million users relied on "123456789," while nearly 350,000 accounts simply used the term "password" as the password.

It seems that the message security experts have been pumping out for years - to use complex and therefore more robust passwords - is being steadily ignored by users.

Threats to mobile banking

The number of new or modified malicious programs tailored for smartphones and tablets more than doubled to nearly 100,000 in 2013. The vast majority were focused on users' banking details and hence their money.

Mobile users in Russia were particularly hard hit, accounting for 40 percent of all attacks, well ahead of India (8 percent), Vietnam (4 percent), the Ukraine (4 percent) and the UK (3 percent).

It's probably correct to say that the hackers were testing and refining their mobile malware in Russia which is said to be less security conscious and therefore more vulnerable. So it's only a matter of time before cyber-thieves move on to more lucrative mobile banking in the West.

It seems that this move is already occurring. At the end of 2012, there were only 64 known mobile banking Trojans, but by the end of last year, that number had multiplied by 20 to more than 1,320.

According to the industry, 98 percent of all of last year's mobile malware were targeting Android devices. Android is an operating system (OS) designed primarily for touchscreen devices such as smartphones and tablets. It enables users to use swiping, tapping, pinching and reverse pinching to manipulate on-screen objects quickly and easily. It's no surprise than that, in most markets, Android-powered phones are the most popular, comprising more than half of all smartphone sales. There are at least one billion Android devices in use.

Android is owned by Google which releases the source code under a free licence, making it a favourite among app developers. Android's share of the global smartphone market exceeds 80 percent and there are over 1 million apps available for this operating system.

According to security experts, vulnerabilities in the Android OS architecture as well as the devices' popularity, account for the surge in Android banking Trojans last year. Being Trojans, this malware gets into smartphones bundled with some innocent-looking app.

The takeaway:

As you can see, the Internet is getting more dangerous year by year and mobile banking is now becoming the target of choice for sophisticated hackers. The chances that your system will be compromised in 2014 are extremely high.

Nevertheless, there are plenty of things you can do to protect yourself from malware:

1) Keep updated... make sure your operating system and other software is updatedregularly as the latest versions will contain patches for security vulnerabilities.

2) Install anti-virus software... to guard against viruses, worms, spyware and trojans. This software should scan files are they are being downloaded and block the activities of malware components. It should also intercept attempts to install start-up items or modify browser settings.

3) Scan... your computer regularly for malware, at least once every month, to detect and remove malware that has already been installed on your computer.

4) Be careful... when following links on the internet. Be especially cautious on social networking sites... images and videos that go viral can infect huge numbers of computers very quickly indeed.

5) Don't install unknown software... some websites offer you free software. Before you download, ask yourself: 'why would anyone give away software for free?' More than likely there's a catch, such as an unwelcome piece of malware hidden within the freebee.

6) Don't click on pop-up windows... many malicious websites try to install malware on your system by making images look like pop-up windows.

7) Perform regular back-ups... to an external hard-disk or other media so that, if the worse comes to the worst and the only way to get rid of malware is to format your hard disk and reinstall your operating system, you don't lose your files.

8) Be ultra-cautious when using mobile banking... It might be best not to use the same smartphone for mobile banking as you use for other online activities such as telephoning, texting and messaging etc.

How to Reduce the Risk of Your Online Accounts Being Hacked

Internet security and protecting your online identity is becoming one of the major threats of the current day. With the increase in social media and access to personal data being more available, we must be more vigilant and careful what we are posting out on to the web. It is important to limit who can view certain data about ourselves on social media platforms. We may want our friends and family to view all of our details on social media platforms however; it is important that we are careful of who is actually viewing this personal information.

There are some simple steps that can be taken to reduce the risk of your data being hacked. Remember these steps will reduce the opportunity for hackers but cannot guarantee your accounts will not be hacked.

It is important that you have strong passwords. That does not mean using your pet's name; your favorite football team or your high school name and many other similar answers to these types of questions do not count as a strong password. If asked this for security questions do not provide real answers as these can be easily figured out. I know it can be a pain to change your passwords often and then you often find yourself having to reset them as you keep forgetting them. It is better to spend a few extra minutes generating passwords on a regular basis then spending hours trying to resolve the issues of your account being hacked. The stronger passwords contain both upper and lower case letters and special characters. Passwords should not be actual words, as this is more difficult to detect for hackers. Do not use the same password for different sites. It can be difficult to remember all these different password combinations however; there are many tools that you can use to store these passwords. One used by many currently is RoboForm. You will have to create one master password that will allow you to access your all saved passwords. There are great tools to simplify your password management.

With the increase in use of social media it is important to update your privacy settings on a regular basis. Only share your contact information with people you know and keep your social media profiles private as can be. Simply displaying an email address, screen names, phone numbers and other contact information can become an advantage for a hacker.

By implementing the changes to your online details you will be at less risk of your data and information being accessed. Even if you do regularly update passwords, create strong passwords and follow the advice above there is still a chance of your information being accessed, but there is less of a chance than if you do not do follow this.

Protecting Against Email Viruses

Anti-virus and anti-malware scams pose a serious problem for today's Internet users. Although more people are becoming aware of these risks, there are still many email users and casual web readers who don't know about the tricks and ploys scammers use to trick you into sharing information or making your system vulnerable to attack.

Despite the ingenuity of many viruses and malware, there are two basic ways most virus scams target your computer: via email or through pop-up ads. Email from unknown addresses may be dangerous, as it can include viruses in the form of attachments. Make sure that your entire management team sends out company-wide emails, warning employees of their danger. Standardize your internal processes to make a security a top priority. Pop-up ads are more likely to advertise bogus products to remove viruses you don't actually have - and then seize your personal or financial information.

There's noting more destructive to a small business than the leaking of sensitive information. Don't let that happen. Take preventative measures today! Start by addressing two of the most common threats utilized by hackers: Email Viruses and Pop-Up Ads.

Email Virus Dangers

Email virus scams are very common, and they disguise themselves well. Viruses are often sent to thousands of email addresses under the guise of a real company that you might have had contact with, such as eBay, PayPal, UPS, FedEx, DHL, or other commonly used service providers.

The email may look exactly like a legitimate email from the alleged company - or it might have typos and spelling mistakes that give it away. In either case, these "phishing" emails will ask you to take some urgent action that could endanger your computer or your personal information. For example, it might ask you to respond to email you sent, inquiring about hiring a new IT firm with your account information, open an attachment that will explain the email further, or click on a link that will take you to a site that requests your address, phone number, credit card information, or other personal data.

Opening the email could unleash a virus on your computer, or give scammers access to your PC to take credit card information or other data that would allow them to use your name and identity. If you receive an email and aren't sure if it's legitimate, contact the company directly - through the "Contact" page on their website - and ask them whether or not they actually sent the email. Most groups taking phishing very seriously and will respond quickly to these kinds of inquiries. As a rule of thumb, never open it if you aren't sure.

Pop-up Ads and Scam Anti-Malware

Scam or "rogue" antivirus software can sometimes appear in the form of pop-up ads when you visit legitimate websites (often because the website itself has been hacked by scammers). I've seen it too often: an accidental click on the wrong link corrupts data for weeks to come. Some of these bogus sites have very sophisticated designs that look virtually identical to the websites and software you use on a regular basis. These pop-ups may warn you that your computer has been compromised, listing a series of viruses or other alleged problems on your computer that their software purports to fix - for a price. Then, when you order the software, your computer will become infected with a virus or your personal information will fall into the wrong hands.

If you receive one of these pop-up messages warning you about viruses on your system, be forewarned: it's almost certainly a scam, intended to solicit cash and personal information from unwary web users. The best way to be sure, however, is to check with a reputable site like Snopes, McAfee, or Sunbelt to find out whether the notification is legitimate.

2014 And Beyond

Today's hackers are growing bolder and bolder. Unlike their forefathers in the early 1990's they use increasing complex codes, applications, and password generators to keep one step ahead of firewalls and other security measures. And while staying on the cutting-edge of virus protection is a must in today's business world, staying informed of these threats is the first step. If you don't have an internal IT department or staff, contracting your email & server protection to an outside IT services firm could be your best strategy. They'll be able to offer a wide range of customized strategies to align with your budget.

Now that you know how to spot the red flags, you won't be caught unaware the next time one of these messages turns up on your computer screen or in your email inbox.

Residential Broadband Hosts Used to Horde Phishing Sites

A new wave of phishing attacks that utilize spam to distribute links to phishing sites were found to be installed and hosted on the personal computers of residential broadband customers. Such a new trend named as 'Phish@Home' was noticed in the first quarter of 2014 by PhishLabs - a leading provider of cybercrime protection and intelligence services.

What are we talking about... 
By scanning the residential service IP address space, attackers exploit individuals who have (1) enabled the remote desktop protocol (RDP) service on Microsoft Windows and (2) use a weak password. The attackers then install PHP Triad (free, open-source, web server software) and upload a number of different phishing pages. Links to the phishing sites (usually financial institutions and payment websites) are sent out via spam email messages.

This trend is highly significant, as phishing sites hosted on compromised personal home computers are more likely to have a longer lifespan than those located in a traditional hosting environment. (The hosting provider's terms of service typically enable them to quickly shut down malicious sites; Internet service providers (ISPs), on the other hand, have little control over customer-owned home computers linked to the ISP by residential broadband networks.)While RDP is turned off by default on desktops with modern versions of Windows, it was found that the many individuals still use RDP as a free, no third-party way to remotely access at-home systems.

According to the report, a few of these recent phishing attacks suggested "evidence of social engineering to get the user to enable RDP or create Remote Assistance invitations; exploits with shellcode or malware that enables RDP; or attacks that target other possible weaknesses in RDP configurations such as Restricted Admin mode in RDP 8.1." In every attack analyzed, attackers gained access only through RDP-enabled connections and weak passwords.

Why worry?
Although these attacks target residential systems, the intentions of the attackers can't be predicted. Successful creation of such a network of compromised machines could lead to a huge bot network which can be utilised for larger attacks or breaches. It could be also used to send spam email or participate in distributed denial-of-service attacks.

Such event clearly indicate the need for security for home devices, owing to the evolution of Internet of Things. There exists a growing need for security solutions for home devices, besides the general office devices, as the level of risk and quantum of vulnerability is similar, irrespective of whether the device resides in your home or in your office network. Hence such a series of attack clearly indicate the need for security of home devices.

Social Media Issues: Why You Should Secure Your Social Networking?

In recent times, it was reported by Facebook that 83 million of its accounts were spurious, which, in practical terms, could be the entire population of Germany. So, who owns these fake accounts? As of now, no one knows, though it's clear that these bogus accounts are not used for charities or for promoting a good cause - it's most likely the other way around. Therefore, it should be common sense to take precautions while socializing on social media.

Furthermore, since the invention of the internet, it has enabled us to do lots of things - including chatting on social media website with friends, family and perhaps strangers. More than often, you'll receive a friend request from a complete stranger, and it's likely that - without thinking twice - you'll accept that stranger's friend request - especially if you find that unfamiliar person interesting or attractive. Conversely - once they have earned our trust - many of us often reveal our personal information to strangers without truly knowing the consequences of this naïve, yet critical blunder. Without having any second thoughts- we have a tendency to divulge small, but important pieces of personal information - which may not seem important to you - but can reveal key details about your identity. To make matters worse, imagine if there was a hacker on the other end? It wouldn't take long for this cyber-criminal to put the pieces of your identity's puzzle together, and before you know it, all or most of your critical accounts could possibly be hacked.

Additionally, once this e-crook has access to your account, he or she would easily be able to gain trust from your friends and hack most their accounts using Phishing - fake websites developed to retrieve user account and passwords. Other than phishing, there are plenty of other methods which can be employed by hackers to gain access to victims' accounts, such as malware and brute force.

Nonetheless, you can protect yourself by utilizing the following privacy protection tips:

If you don't know them, don't add them:

The title is self-explanatory for this tip. If you get a friend request from an unknown person, simply don't accept their friend request.

Make use of the privacy restriction options and features:

Most social media websites let you customize your privacy. It's recommended that you limit your profile visibility, this way you can minimize your chances of becoming a victim of e-crime.

Prevent hackers from breaching your personal computer:

Install and update your antivirus software religiously, as this can prevent sophisticated malware from entering your personal computer. Finally, add a second layer of protection by encrypting your important and sensitive data.

Malsubjects and Malware: The Malicious Combination

"Malsubject" (Malicious Subject) is an unauthorized individual or subject whose activities are intended to break into an Information System (IS) with malicious intent to compromise the information's confidentiality, integrity, or availability of organizations and individuals. Malsubjects include hackers, cyber-thieves, spammers, hacktivist, and nation states among many others.

It is easier to identify these individuals in the cyber security space by one common name instead of several, such as bad actors, threat actors, bad guys, cybercriminals, and others. The term malsubject defines these individuals regardless of their intended actions. After all, their intentions are always malicious in nature, no matter who they are or what we label them.

The term "malware", or Malicious Software, is defined by the National Institute of Standards and Technology's (NIST) Glossary of Key Information Security Terms as "a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or of otherwise annoying or disrupting the victim." Malware by this definition include viruses, worms, trojan horses, or other code-based malicious entity that successfully infects a computer system.

Because "malsubject" provides an opportunity to identify all types of "cyber bad guys" with a single term, the term "malware" ought to include, in addition to malicious programs, malicious hardware (e.g. ATM and gas pump skimmers) or malicious techniques (e.g. social engineering). Malicious hardware gets inserted into a system (physically and covertly) with the intent of compromising the victim's data. Malicious techniques are also used on individuals with the purpose of tricking them into performing actions or divulging information in order to gain access to information system's data. As a result, I use "malware" in general terms to identify malicious software, hardware, and techniques used to perform cyber-attacks.

In the world of cybercrime and cyber warfare, the fight is always aimed to prevent malsubjects and malware from penetrating information systems of public and private organizations as well as individual systems. It is clear that malsubjects using selected malware can identify, target, and attack all types of IS infrastructure. Once an attack is successful, the results and consequences of these malicious actions become a series of unfortunate events played against individuals and organizations.

The latest Verizon's 2013 Data Breach Investigations Report (DBIR) stated that the 2012 combined dataset of security incidents analyzed for the report represented the largest they have ever covered in any single year, spanning more than 47,000 reported security incidents; 621 confirmed data disclosures; and at least 44 million compromised records. Unfortunately, these security incidents will continue to become regular news as malsubjects intensify their efforts using more and more sophisticated malware. For example, the recent malsubject attack on the Target Corporation produced a breach that exposed personal information on millions of its customers.

An effective cyber defense against attacks from malsubjects requires technologies, people, and processes capable of preventing or mitigating the damage caused by their malicious activities. Effective security controls and security awareness training are the best weapons against their intrusions.

According to NIST, "using the risk management tools and techniques that are available to organizations is essential in developing, implementing, and maintaining the safeguards and countermeasures with the necessary and sufficient strength of mechanism to address the current threats to organizational operations and assets, individuals, other organizations, and the Nation".

Well implemented security controls based on appropriate risk management tools and techniques increase the odds of preventing many of the cyber-attacks currently affecting information systems and infrastructures all over the world.

In today's cyber space malsubjects span from one individual to organized crime groups and nation states capable of conducting sophisticated cyber-attacks from the most remote places in the world. All they need is a communication line to the public internet or private networks and the use of well-crafted malware to reach their targets. We might not be able to prevent them from reaching the system boundaries, but with good implementation of security controls; appropriate risk management tools and techniques; and constant security awareness training for organizational staff and the general public, we can slow down and someday we might be able to stop their advances.

Understanding How Anti-Virus Software Works

A computer virus is a self-replicating program which installs itself on your computer without your consent. It does so by inserting itself into other programs, data files, or the boot sector of your hard drive. Once this happens, the affected areas are said to be 'infected'.

The vast majority of viruses perform some sort of harmful activity on their hosts. A virus may access your confidential information (such as your banking details), corrupt data or steal hard disk space or processing power, log your key-strokes and spam your contacts. If you are extra lucky, however, it might only display humorous, scatological or political messages on your screen.

Anti-virus software is used to detect and remove computer viruses. It consists of two basic types: signature scanners and heuristic detectors. Signature scanning is used to identify known threats, while heuristics are used to find unknown viruses.

Infected files

In the old days... less than a decade ago... most viruses were contained in executable (or program) files, ie files with extensions such as .exe or .com, so anti-virus software only had to check these kinds of files. Nowadays anti-virus software has to check a greater variety of files, including Microsoft Word documents and other non-executable (and seemingly harmless) files.

In MS Word, a macro is a set of instructions you record and associate with a shortcut or name. You can use a macro, for example, to save the text of a legal disclaimer. You can then add the text to any document you are writing (without having to retype the disclaimer) by just pressing the particular shortcut key combination or clicking the macro name.

Despite the time they can save, macros present a risk. Rogue programmers can use them to hide viruses within documents which they send as email attachments to unsuspecting victims. Once they open the attachments, the victim's computer is infected.

Nasty little programs can also be embedded in other non-executable files, so that opening these files can result in infections.

Some email programs, such as MS Outlook Express and Outlook in particular, are vulnerable to viruses embedded in the body of an email. You can infect your computer just by opening or previewing a message.

Identifying viruses

There are several methods which antivirus software can use to identify files containing viruses: signature scanning, heuristic detection, and file emulation.

Signature scanners

Signature-based detection is the most common method of identifying viruses. It involves searching the contents of a computer's boot record, programs, and macros for known patterns of code that match known viruses. Because viruses can embed themselves anywhere in existing files, the files have to be searched in their entirety.

The creators of the anti-virus software maintain the characteristics of known viruses in tables called dictionaries of virus signatures. Because thousands of new viruses are being created every day, the tables of virus signatures have to be updated regularly if the anti-virus software is to be effective when it checks files against these lists.

To avoid detection, rogue programmers can create viruses that encrypt parts of themselves or that modify themselves so that they do not match the virus signatures in the dictionary.

In practice, the signature-based approach has proved very effective against most viruses. However it cannot be used to find unknown viruses, or viruses that have been modified. To counter these threats, heuristics need to be used.

Heuristic detectors

Heuristic-based detection involves trial-and-error guided by past experience. Heuristic detectors will, for example, look for sections of code that are characteristic of viruses, such as being programmed to launch on a particular date.

The use of generic signatures is a type of heuristic approach that can identify variants of known viruses by looking for slight variations of known malicious code in files. This makes it possible to detect known viruses that have been modified.

File emulation

File emulation is another heuristic approach. It involves running a file in a sandbox, an isolated part of a computer in which untrusted programs can be run safely, to see what it does.

The actions the program performs are logged and if any of these are deemed to be malicious, the anti-virus software can carry out appropriate actions to disinfect the computer.

Memory-resident anti-virus software

Memory-resident anti-virus software installs programs in RAM that continue to operate in the background while other applications are running.

A computer's hard disk is where computer programs and files are stored, while RAM (random access memory) is the memory that programs use when they are running. When starting, a program is first loaded into RAM. Once programs have finished running they exit RAM. In addition, RAM is volatile, ie when the power is turned off everything in RAM is wiped out. By contrast, the programs and files on your hard disk remain when your computer is powered off.

Memory-resident anti-virus programs monitor a computer's operations for any action associated with viruses, such as downloading files, running programs directly from an internet site, copying or unzipping files, or attempting to modify program code. It will also be on the look out for programs that try to remain in memory after they've been executed.

When they detect suspicious activity, memory-resident programs halt operations, display a warning message, and wait for the user's OK before allowing operations to resume.

Drawbacks

Despite its undoubted benefits, antivirus software has a few drawbacks. Because it uses computer resources, it may slow your computer down a bit, though this is not usually very significant.

No anti-virus software can provide full protection against all viruses, known and unknown. Once installed, however, it can lull you into a false sense of security. You may also find it difficult to comprehend the prompts and decisions the software throws up on your screen now and then. An incorrect decision may result in an infection.

Most anti-virus software uses heuristic detection. This must be fine-tuned in order to minimise false positives, ie the misidentification of non-malicious files as a viruses.

False positives can cause serious problems. If an antivirus program is configured to immediately delete or quarantine infected files, a false positive on an essential file can render the operating system or some applications unusable. This has happened several times in recent years, even with major anti-virus service providers such as Symantec, Norton AntiVirus, McAfee, AVG and Microsoft.

Anti-virus software can also pose its own threat, because it usually runs at the highly trusted kernel level of the operating system, thus creating a potential avenue of attack. It needs to do this in order to have access to all potential malicious process and files. There have been cases where anti-virus software has itself been infected with a virus.

Finally, it's best to remember that not all heuristic methods can detect new viruses. This is because the rogue programmers, before booting their new viruses into cyberspace, will test them on the major anti-virus applications to make sure that they are not detectable!

Rootkit Infections

A rootkit is a software program designed to provide an intruder with administrator access to a computer without being detected. Its purpose is almost always malicious.

A rootkit provides the intruder with administrative privileges, the highest level of permission that a user can have. The administrator has total freedom within the computer system, which means that he or she can install and uninstall programs, delete files, and change configuration settings, among other activities.

How you get infected by a rootkit

There are several ways in which your computer can become infected with a rootkit. They can come wrapped in email attachments or bundled with programs you download. You can become infected just by visiting a malicious site. Rootkits can also be loaded from a disk or USB drive by a malefactor who obtains access to your computer for just a few minutes.

Once a rootkit has been installed, it will create a backdoor, a hidden method for obtaining access, so that the intruder can re-enter your computer at will. This is usually done with a daemon, a type of program that runs unobtrusively in the background waiting to be activated by the occurrence of a specific event such as a particular intruder attempting entry through a specific port.

To break into a computer that follows good security practices and successfully install a rootkit takes skill and patience. Doing so however can be rewarding for malefactors as they can collect sensitive data, such as financial information, user names and passwords, and so on. Rootkits can also be used to send spam messages.

How rootkits are hidden

The success of a malicious rootkit depends on its ability to remove any traces of its existence and activities.

For example, a rootkit can modify system logs so as that all references to its insertion, to log-ins by the intruder and to the running of programs by the rootkit are either not recorded or are deleted.

A rootkit can hide by replacing standard system utilities, such as find, ls, netstat, passwd, ps and who, with modified versions.

For example, a modified version of ls, which is used to list files, might not display the files that the intruder wants to keep hidden. A modified version of ps, which shows the processes currently being run, might be not display processes launched by the rootkit.

Types of rootkits

Rootkits can be classified into three different types, depending on the level at which they operate: application level, kernel or BIOS.

In application level rootkits, genuine executable files that form part of an application are replaced with modified executable files.

The kernel is the core of the operating system. With kernel level rootkits, a portion of the kernel code is replaced with modified code. When this happens, systems calls, ie requests made by the software that's running for a service performed by the kernel, can be replaced by modified requests.

BIOS stands for 'basic input output system'. BIOS is a small program that controls a PC's hardware from the moment the computer's power is turned on until the main operating system takes over. A BIOS level rootkit is installed within the BIOS. It is much more difficult to detect and remove than rootkits at the other two levels.

Currently, almost all rootkit infects are at the first two levels. BIOS rootkits are not very prevalent yet but they are expected to become more common in the future as BIOSs become more complex and are redesigned for easy updating.

How rootkits are detected

Rootkits, by their very nature, can be very difficult to detect, and you can never be sure that any rootkits present in your system have been detected or that suspected rootkits have been wholly eliminated.

The basic problem with trying to detect rootkit infections is that, where the operating system may have been affected (as with a kernel level rootkit) it cannot be trusted to find illegitimate modifications of its own components.

Detection can take a number of approaches. Anti-virus software can search for behavioural signatures that indicate the presence of a rootkit. In difference-based detection, the expected results of a test operation are compared with the actual results. In integrity checking, original program code can be compared with the latest code to see if unexplained changes have been made.

Most of these techniques only detect application level rootkits. Extracting a copy of the contents of the kernel and performing a forensic analysis offline can detect kernel level rootkits because, being offline, the rootkit cannot take any measures to cloak itself.

How to remove a rootkit

A number of security-software vendors offer tools, usually as part of a suite of anti-virus software programs, to automatically detect and remove rootkits. Examples include Windows Malicious Software Removal Tools.

But most of these tools can only detect and remove some rootkits, and will fail against well-written kernel-level rootkits.

Thus, many experts believe that the only reliable way to remove rootkits is by re-installing your operating system and applications. Doing so is considered safer, simpler and quicker.

However, this too is not a 100% sure thing. Because BIOS level rootkits are stored on a memory chip rather than on a hard drive, they can survive the complete reformatting of your hard disk that occurs when you re-install your operating system. The only real solution to a BIOS level infection is to replace the hardware.

If you are a typical computer user, you will probably find that detecting and removing rootkits is very difficult and presents a daunting task. And indeed it can be.

Expert help - your best bet, if you suspect that you have been infected by a rootkit, is to use an online computer maintenance and repair company who can (with your permission) enter your system and run a series of checks to determine whether you have a rootkit and, if so, remove it. The cost should not exceed €25 for both detection and removal.

Multifunction Printer: Hidden Security Threats People Should Know

Although it took businesses and individuals some time to protect their networks and computers from malware and viruses adequately (and there are still breaches), it seems that many companies are now taking their sweet time when it comes to protecting their multifunctional printers. According to security experts, these commonly used printers found in offices and homes worldwide, pose a serious risk to networks simply because most people don't yet regard them as security threats.

Assessing the Threat

Networked multifunctional printers can provide access to business networks if they are not adequately secured. Many experts have been warning about the importance of shoring up these security gaps, but businesses and their employees have been slow to do that. Experts point out that the printers render the network just as vulnerable to the threats of hackers as PCs and other devices do. Yet even many IT professionals overlook their network printers and do not protect them as they should.

The Cost of a Breach

According to a report by Forbes, the average cost of a security breach lies in the neighborhood of $5.5 million for a company (Source: "The Hidden IT Security Threat: Multifunction Printers", Forbes). Yet that's just the financial damage. Companies suffer a blow to their reputations as well. A company that cannot adequately protect its data from hackers loses credibility among its clients, customers, or potential customers. In that sense, the cost is enormous. Even though companies spend large sums on managing their security risks, they are often missing some essential gaps like the printers.

How Bad Is the Risk?

Most people believe that the greatest security threat for IT networks comes from computers. Yet experts have stated that hackers can launch their full-scale attacks through multifunctional printers if the devices' access points aren't protected. Think of these printers as a back door. Once the hackers are inside, they certainly don't care how they got in; the point is they got in. The risk is even more complicated as many employees have admitted that they don't know about multifunctional printer risks or haven't taken the risks seriously. Does your business know that employees are following security protocols regarding all IT devices?

Securing Multifunctional Printers

Many companies are now purchasing their multifunctional printers that are already loaded with the necessary security software. Other businesses are working with vendors that specialize in secure printing solutions. These providers understand the inherent security needs of printers far better than most companies do. Their expertise can help businesses find the solutions they need for reliable security 24/7.

While there is no need to be fearful about purchasing multifunction printers, it is important to understand that they can compromise security when not effectively secured. These essential office items simply need to be securely protected along with all other network devices. Be sure to discuss implementing security procedures with your IT staff too. Everyone in the company needs to be aware of the risks that the printers and other devices pose for security. It's important to eliminate these risks for the good of the company and its clients.

Technology Sales: 96% of Companies Need IT Security Services

I regularly ask people: what is the purpose of sales people in society? Why does the role exist in the first place? The most frequent answer I receive is that their purpose is to achieve company revenue goals. Wrong Answer! So, I then ask what would happen if we had a society of bad sales people, who might achieve their sales goals, but were selling their customers the wrong thing... people generally realise that it would cause us all to be wearing the wrong shoes, ill-fitting clothes, driving the wrong cars, buying the wrong wine, etc. In short - society would be in CHAOS. This then leads to the realisation that the purpose of a sales person is to resolve the customer's needs. This can of course be phrased in many different ways, but essentially means that the sales person should understand the needs of the customer, and then educate the customer appropriately regarding the best buying options.

Why am I writing about this? Because this is the time for sales people in IT Security companies to step up and fulfil their purpose. The business community needs IT security providers to do what it takes to protect vulnerable companies. I am troubled, but not surprised, by recent reports that I've come across. For example, according to a UK EY study, 96% of companies believe their IT security functions are insufficient, and only 4% of companies in the UK believe they are equipped with security systems that meet their needs. Therefore, 96% of companies in the UK acknowledge that they need better IT security. This is an absolutely FANTASTIC SELLING OPPORTUNITY for IT security providers- and the business community is clearly crying out for suitable companies to help them resolve their vulnerabilities.

Small businesses are vulnerable too, with 63% of them in the UK suffering a cyber-attack in the past year - a jump of 22% compared to the previous year (according to UK's Department for Business, Innovation & Skills). That's a SCARY number - especially if companies don't do anything about it. But companies often lack knowledge on what a sufficient solution is - thinking that having an up to date anti-virus on each device is enough. IT ISN'T. This is where they need the help of their IT services provider.

And it's not just about cyber-attacks - there is human error too creating vulnerabilities for companies. Despite strong media coverage and education regarding BYOD, its benefits and dangers - many companies still don't have ANY BYOD policy in place (e.g. more than 50% of mobile devices in Ireland have no anti-virus protection according to ESET). Data leakage prevention also remains a blind spot for most companies, with 66% of companies admitting that they don't have adequate data protection in place. IT services providers should therefore not just be installing software to protect, but also advising their clients regarding policies and protocols to protect against data leakage and security breaches caused by human error.

We can all think of examples of casualties of cyber-attacks (the recent Adobe and Loyalty build breaches spring to mind) and data leakage (Edward Snowden at the National Security Agency).

The concern is that as 96% of companies still don't believe they have adequate security solutions in place, a tsunami of breaches (and shut downs) is just around the corner, which would lead to CHAOS.

This all adds up to a powerful need in society for IT security companies, including IT service providers, to ensure that their customers are doing the right things, using the right solutions and being provided with the best options when purchasing IT security services and solutions.

Many IT service providers have the technical know-how regarding how to implement such solutions, but lack the capability to engage with prospects at the right level, with the right messaging, to ensure that the right discussions occur. Maven TM can assist with this. We can engage IT services providers with companies that need to improve their security systems. These companies are easy to find after all... it is 96% of companies

Social Media Security

As well as individuals, companies large and small can be the victims of lax social media security. Accounts have been hacked, changed and used to spread political and scatological messages. Brands have been besmirched, and customers and prospects lost.

While large international corporations and other major players may be able to recover from these kinds of attacks easily enough, for the small business they can (and have) proved fatal.

So how can you counter these threats?

Getting out of social media is not a solution. More and more people are using this kind of media to follow companies and brands, to talk about them, and to decide whether to buy their products or services. The role of social media in marketing is expanding continuously and is set to stay. In fact it looks set to eventually overtake more traditional sales tools.

The reality of the threats is that most of the breaches of security that have happened so far were due to the business owner or an employee falling for simple scams... by opening suspicious emails or clicking through to rogue websites without a moment's hesitation.

Here are a few simple things you can do to protect yourself and your business.

Education and training

You or your staff may lack the caution needed to use networks securely. The only solution in these circumstances is education and training.

Structured social media educational programmes that deliver training on the use of special tools and how you can do so securely are available. These come in a variety of formats, from brief how-to manuals to webinars.

You can find programmes that fit for your business and financial resources through Google.

Malicious links are a common way in which accounts are compromised. Caution is best, especially if links lead to pages that ask for usernames and passwords.

Thus a fundamental part of these educational programmes is training in how to recognise a suspicious messages, emails or links that could act as a gateway into your systems for a hacker.

In addition to improving basic security, these programmes can also help improve the overall performance of social media campaigns. Indeed, many of them deliver training in the more advanced aspects of social media such as attracting new clients.

Protecting passwords

If you and a member of your staff are sharing social media activities, you are likely to be sharing accounts and passwords. The more accounts you have, the more the passwords that will be shared.

How can you keep these passwords secure?

The answer is... with great difficulty. Here's what you need to do:

First, you should create strong (complex) passwords, rather than relying on simple, very common passwords such as 12345etc or password. Password generating tools are available.

Secondly, you must make sure that passwords are never stored on shared computers, on mobile phones or in emails, nor on post-it notes or other scraps of paper.

Complex passwords can be hard to remember, especially where several are in use. You can reduce the number of passwords your staff uses by ensuring that they sign into your firm's accounts using the same username and password as they use for their company email account.

This has the additional advantage that, should an employee leave, their access to all company media can be disabled in an instant. A disgruntled employee can wreak havoc through your social media accounts if he or she still has access.

Centralising control over social media

Most people and businesses, even the very smallest firms, will have multiple accounts on many different networks, eg, Linked In, Twitter, Facebook, and so on.

Maintaining control over several accounts can be difficult and time-consuming, especially if you company includes several people who are involved in creating tweets and posting updates.

The first think you need to do is to undertake an audit of all your accounts, noting who manages them and who has access to them. Then you can close-down any accounts you don't need and remove permissions for the remaining account from any employees who don't need them.

Once that is done, you can consolidate these accounts within a social media management system. An SMMS will allow you:

• write messages and publish them to several accounts on several social networks from a single interface or dashboard
• monitor all social activities from one place (thus simplifying a time-consuming task).

Several well-known SMMS are available. Most operate on a freemium basis, ie basic services are free to users but additional services are delivered on a paid basis.

A good SMMS will have built-in malware tools to notify users when a suspect link is clicked. A secure system will also notify you if suspicious activity is taking place on your accounts, giving you a chance to shut-down a possible security threat.

Paid social media, such as Facebook's Promoted Posts, has made the need to bring all social media under central control using an SMMS all the more urgent. Imagine a situation in which you invest tens of thousands of Euro or dollars into Promoted Tweets on Twitter and some-one who hacked your account ruins the whole campaign with an offensive tweet.

The malware tools built into an SMMS should be able to prevent scenarios like this happening. In addition, such an SMMS should also be able to monitor the outcomes of paid social media without requiring the additional passwords usually associated with paid media platforms.

Message approval

A mistweet or other mistake on social media can happen easily. The only way to avoid these kinds of errors, which can seriously damage your reputation, is to set up an approval process that must be followed before a social message can be posted.

Of course, a formal approval process is only applicable if more than one person is undertaking social media activities. In these circumstances the process will probably be vital in order to ensure that the standards you expect in your social messages are achieved.

The simplest approval process is just to allow another person to review a tweet, message or update before it is posted. Good social media management systems should include an approval process for all social media messages.

As well as allowing the content of posts to be checked, an approval process means that typos and spelling errors can be corrected and links checked. The process also gives you and your employees a chance to learn from each other as suggestions and corrections are made.

An approval process will dramatically reduce the likelihood of a major social media crisis. However, it will not guarantee that nothing goes wrong.

Disaster recovery

Mistakes happen. No matter how many security measures you undertake, there is always a chance that something will go wrong and an inappropriate message will be sent, either because something was missed by accident during the approval process or a hacker gained access.

So, what can you do if the worst happens?

The only answer is the boy scouts' motto: be prepared.

'Being prepared' means that you and your employees must have a specific plan on how to respond quickly and effectively when a crisis erupts. As crises tend to be unpredictable, this plan must be flexible.

You should test and evaluate your plan to ensure that it will actually work in emergency. You also need to practise the plan so your and your people know instinctively what to do.

Social media happens in real-time so you need to respond in real-time. Social media, in fact, can help you respond appropriately. This is best doing using a tried and tested social media management system.

A good SMMS will enable you to monitor how your customers, prospects and the public at large are reacting to the issue so that you can respond with appropriate messages.

Social media allows you to reach a massive number of people quickly so you can tell them about the problem and how you are working to resolve it. This can increase your credibility with customers and prospects and the public at large... which is what social media for business is all about.