Monthly Archives: August 2016
The world’s most unpopular internet browser now comes with opt-in Super Stalking. Microsoft wants people to use its Edge browser so badly it will even pay people to use it.
Windows 10 and Edge users can earn credits that can be spent in the Microsoft online store on things like three months of advertisement-free Outlook and Amazon cards. But – Microsoft won’t let you just run Edge and cash in: they will monitor the user’s mouse and keyboard movements for “active use” of the browser. If you’re busy enough, Redmond will hand over credits, soon to be renamed points under a program detailed here.
It will take about 1,000 Bing searches and about 19 days to earn about $5 which you can put towards a Starbucks coffee. Microsoft will offer additional credits to users who click things like training videos, MSN videos on how to make s’mores, and other Microsoft promotional content.
The new effort involves the renaming of Bing Rewards to Microsoft Rewards, and expanding it to cover Edge. Under the change, users who sign up before the pending switch from Bing Rewards to Microsoft Rewards will be promoted to level two, a title that can only be maintained by searching enough every day to earn that Starbucks coffee. Level two users get access to “exclusive offers” and get 10 per cent off certain Microsoft offerings.
As Internet browsers go, Google’s Chrome is the uncontested champion of the web browsing wars, with some 51.04% of the market, according to NetMarketShare. The analyst site places Microsoft’s Internet Explorer in second place with 21.76% , Safari with 11.12%, Firefox with 6% and Edge lagging behind them all at a dismal 3.91%. ‘Other’ web browsers account for 6.18% of the total.
For additional information: Get rewarded faster by browsing with Microsoft Edge. Earn points for every hour of active browsing with Microsoft Edge – up to 30 hours a month.
Here’s some more scary info. Looks like one can start their own online ransomeware business now with ZERO investment and very little effort: Ransomeware-As-A-Service
Cerber Ransomware Earns Over $2 Million with a little as 0.3% of victims paying up! A new report from Check Point software’s researchers showed that Cerber’s Ransomware-as-a-Service (RaaS) affiliate program is a resounding success with more than 160 participants at current count, and that the combined direct sales plus affiliates was almost 200K in July, despite a victim payment rate of just 0.3%. That puts it on track to earn $2.3 million dollars this year, said Maya Horowitz, group manager of threat intelligence Check Point.
Aspiring criminal affiliates create their own campaigns using the Cerber platform and keep 60 percent of the profits. They also have access to user-friendly management tools, Cerber’s Bitcoin laundering architecture, and obviously the malicious code itself. Eight brand new Cerber ransomware campaigns are launched every day!
This means that there will be more and more such services, more and more attacks, even more than today. Just this week Symantec reported on a new RaaS that competes with Cerber. The new ransomware — dubbed Shark — is currently available for no charge in underground forums. Novice hackers that use the tool to extort money from victims pay only a 20% cut to the Shark developers.
Check Point researchers identified the IP addresses that infected machines used for data traffic with their C&C servers. They were also able to easily identify that the bad guys are probably based in or near Russia.
Currently, there are no infections in Russian-speaking countries and in the configuration of the ransomware, the authors, as default, chose not to operate on machines or PCs that have Russian as their default language. Obviously another indication of the hackers physical location.
This is a tried-and-true strategy of not getting picked up by the FSB, today’s equivalent of the KGB. As long as you don’t hack inside Russia’s borders, the Russian security forces leave you alone.
Follow The Money
What is interesting is that Check Point was able to extract the exact Bitcoin wallets assigned to every victim so that they could track the percentage of people who actually paid the ransom. The next step was to “follow the money” to one ultimate final central wallet through a network of other wallets that are part of Cerber’s Bitcoin architecture.
They followed these hundreds of thousands of different wallets. This is the first time that security researchers can say for sure what percentage of victims pay the ransom.
The people that actually pay ransoms was surprisingly low, compared to earlier estimates by other researchers, but it still pays off handsomely. A small team of four of five specialized cyber criminals can make between $300,000 to $400,000 each per year, which is at least 10 times more than they could earn in any legitimate enterprise where they live.
So with the extraordinary amounts of money that can be made using these Ransomeware-As-A Service programs, we can all expect them to continue to grow and thrive in today’s internet security environment.
A simple method to “help” circumvent this particular attack vector would be to log into your hardware based firewall/router (you do have a hardware firewall right?) and block all incoming WAN traffic from Russian based IP addresses. You should probably block IP addresses that originate from China at the same time.
Imagine the cybersecurity implications of a world in which hundreds of millions of people have a physical impairment and the corrective devices they use leave them internet-connected.
Thanks to the “internet of things,” that scenario is fast becoming reality in the form of internet-connected hearing aids. But like so many aspects of the internet of things, such devices carry upsides as well as big, potential data breach downsides, according to Phil Reitinger, the chief executive of the Global Cyber Alliance. He was formerly the Department of Homeland Security’s top cybersecurity official as well as CISO for Sony.
In an opening keynote presentation Aug. 2 at the Information Security Media Group’s Fraud & Breach Prevention Summit New York, Reitinger noted that unlike some internet of things devices – toasters come to mind – internet-connected hearing aids, which are still in their infancy, offer a lot of promise for improving users’ quality of life. When a user is watching a television show, for example, their hearing aids could identify the audio and instead of simply amplifying it they could begin downloading a live audio stream of the broadcast.
But what happens when internet-enabled hearing aids enter the workplace or any WiFi enabled environment for that matter? As with smartphones, the WiFi enabled hearing aids would be a natural target for attackers, because they could be exploited and used to facilitate remote surveillance, allowing hackers to “hear” whatever the wearer hears. And that would create risks for any such device wearer who works for an organization with access to classified or sensitive information. Without appropriate safeguards being put in place, we risk a future in which attackers could perpetrate targeted breaches with little risk of their attacks being spotted or traced.
In that sort of a future, “things like the DNC [Democratic National Committee] hack, are small potatoes … because a huge number of people are walking listening devices,” Reitinger said. “Everything is connected, everything is tied together.”
Security Essential: Think Big Our everyday lives will only continue to become more connected, with more data generated; that’s our inevitable internet of things future. But from a security standpoint, it’s possible to avoid some doomsday-style scenarios, provided we make some related moves, chief among them building networks that are as big as possible.
“Right now, I think the bad guys have almost all of the advantages,” Reitinger said. “But … it’s much tougher on the good guys than the bad guys. The bad guys operate at scale much better than the good guys.”
Citing a concern that Pokemon Go players are wandering into private property and near electrical equipment, power and utility companies in Florida have asked cybersecurity company LookingGlass to pull Pokemon off the map.
“We’re now in the business of killing Pokemon,” LookingGlass CEO Chris Coleman told CNNMoney.
He said clients have asked LookingGlass to help eliminate the game’s code to get rid of the little creatures in restricted areas. Clients have pinpointed eight locations, and Coleman’s team sends those coordinates to Niantic Labs, the maker of the game, asking that the critters be removed.
Police departments around the country have issued warnings to Pokemon players to stop trespassing on property belonging to businesses, the government or religious institutions. But no one until now has figured out how to rid their property of Pokemon.
The wildly popular smartphone game instructs players to explore their surroundings to collect Pokemon, then it projects digital images of the cute creatures into the real world.
It’s a wholesome, kid-friendly video game. But the merging of digital and physical realms has also caused awkward entanglements.
One teen in Wyoming stumbled upon a dead body in a river while playing the game. Two men fell of a cliff while trying to catch Pokemon with their eyes glued to their screens. Another player crashed into a police car, because he was playing while driving.
These types of accidents aren’t stopping people from playing the game, which has already broken records for its popularity.
Coleman said his cybersecurity company is in a unique position to help eliminate Pokemon(s), because he’s friends with a member of Niantic’s board of directors: Gilman Louie.
Louie is known in cybersecurity circles, because he was the first CEO of In-Q-Tel, the CIA’s venture capital firm that the intelligence agency uses to invest in state-of-the-art technology.
The next challenge for this popular application may come from a new product soon to be available to the masses called Pokédrone. Tech brand TRNDlabs has customized its miniature drone so Pokemon Go video game players can access Pokemon in difficult places and avoid walking into hazards.
The company’s rationale for this product is that sometimes the critters appear in hard-to-reach places, like in the middle of busy roads or hovering above bodies of water – making it difficult or impossible for avid fans to catch them.
Apparently there are disappointed fans all over the world because sometimes a Pokémon occurs on your screen but in reality there is no way for human beings to catch it. According to TRND Labs, the Pokédrone is the solution that delivers the power of catching them all!