Avast is one of very few antivirus solutions that my clients use at work and at home, and that crossover makes it even more powerful. The included VPN, firewall, and sandbox features made this a great tool for our business
Stop even the most determined hackers from getting their hands on what’s yours. Webcam Shieldprotects your built-in camera from hidden spies. And Ransomware Shield ensures your files cannot be encrypted without your permission, so you don’t get held to ransom.
Avast Free Antivirus raises the bar on security with real-time protection, intelligent threat-detection, and added security for your network, passwords, and browser. Easy to install and easy to use, no other free antivirus comes close.
Our 400 million users are the 400 million reasons why we lead the digital security pack. Each Avast-loaded device is a source of real-time intelligence about new and current threats. That’s how we stop over 100 million of them every day. By joining Avast, you help to make that network even stronger.
In a joint effort by six countries, Europol led a complicated international operation to take down the GozNym malware cybercriminal network. The network preyed on over 40,000 victims from whom it attempted to steal a collective $100M. A federal grand jury in Pittsburgh indicted ten members of the criminal network under conspiracy to infect victims’ computers with GozNym malware designed to capture banking credentials, using the stolen credentials to gain fraudulent access to the victims’ accounts, and stealing and laundering money from those accounts. The bust entailed cooperation from Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States.
The GozNym network is an example of “cybercrime as a service,” where bad actors with specific criminal skill sets team up to form a full “assembly line” of crime. This consists of the leader of the network, the developer of the malware, “crypters” who encrypt the malware so it can’t be detected, spammers who distribute the malware, bulletproof hosting servers to house the malicious domains, account takeover specialists who do the actual transferring of funds from victims’ accounts, and “cash-outs” (also called “drop masters”) who launder the money. Five of the indicted men have evaded capture and remain on the run, while the others await prosecution.
Quote of the week
“The GozNym network exemplified the concept of ‘cybercrime as a service,’ with different criminal services such as bulletproof hosters, money mules networks, crypters, spammers, coders, organizers, and technical support.”
– Europol explaining GozNym malware crime ring
WhatsApp flaw lets in spyware
Commercial-grade spyware believed to come from the Israeli cyber-offense program called Pegasus has been detected in certain cyberattacks using the WhatsApp app. The malware could install itself onto the mobile device just by making a call, and the victim didn’t even have to answer. WhatsApp parent company Facebook believes specific people were targeted in the attack, namely human rights activists and lawyers. “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
The attackers took advantage of a buffer overflow flaw, but WhatsApp claims it immediately blocked that attack vector in an update once the attacks were detected and users have been protected against it since last week. It’s unclear how many victims were targeted in the attack, but WhatsApp has briefed a number of human rights organizations on the details over the past few days.
Avast Security Researcher Luis Corrons notes, “Although we are not used to seeing attacks through WhatsApp, we are talking about a platform with several hundreds of millions of people using it. A security hole in this platform that allows the targeting of specific people can be a powerful weapon in the hands of criminals.”
Fact of the week
Zero: The number of publicly reported “hacktivism” cybersecurity attacks reported so far this year. The activist, politically themed hacks reached a peak of 35 in 2015, according to IBM.
Magecart card skimming malware infects Forbes
Cybersecurity researchers have found that hackers have infected the Forbes subscription site with Magecart malware, an oft-used card skimming program that has been terrorizing businesses around the globe. We’ve reported on the Magecart attack of British Airways, the Magecart attack on Magento extensions, another Magecart attack on British Airways, and the evolution of the term Magecart from a specific cybercrime group to the type of malware for which they’ve become infamous.
The malware collects customer credit card info including name, number, expiration date, and security code, as well as phone number, home address, and email address. Authorities immediately took down the domain that the cybercriminals were using to collect the stolen data as soon as the malware was detected. In addition to Forbes and British Airways, Magecart malware has been used in attacks against Ticketmaster, Newegg, OXO, Amerisleep, and MyPillow. One security expert comments, “For every Magecart attack that makes headlines, we detect thousands more that we don’t disclose. A considerable portion of these lesser-known breaches involves third-party payment platforms.”
Attack of the Zombieload
Researchers have identified a new class of vulnerabilities in Intel processing chips that can be maliciously exploited. Intel microchips have been riddled by newfound flaws over the past year — Spectre, Meltdown, and Foreshadow — and now there’s a new type of threat joining the ranks, the colorfully named Zombieload.
Like the other three vulnerabilities, Zombieload takes advantage of the speculative execution process, the ability to calculate the user’s next probable move, which adds to the speed and smoothness of Intel chip performance. Zombieload is a side-channel attack known as a Microarchitectural Data Sampling (MDS) attack. A hacker can use such an attack to pull data from other apps being used by the same CPU, hence this idea of creating a “side door.”
Intel is already on top of patching this flaw, reporting to ZDNet that “MDS is already addressed at the hardware level in our recent 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today.”
Every form of crime seems to invade the world of cybersecurity. Sooner or later that had to include the age-old childhood bullying trauma of school lunch theft. Except in this case the pilfered prize was data, not baloney.
Keith Wesley Cosbey, CFO of California school lunch provider Choicelunch, was arrested in April on two felony counts — identity theft and unlawful computer access. The San Francisco Chronicle reports that law enforcement accuses Cosbey of hacking into the network of longtime Choicelunch rival The LunchMaster, accessing sensitive student data including names, grades, meal preferences, and allergy info.
The charges contend that Cosbey, claiming to be an anonymous tipster, then sent the stolen data to the California Department of Education in an attempt to discredit The LunchMaster by exposing weak security and complaining the company does not do enough to protect student data.
When the Department of Education confronted The LunchMaster about the breach, the company launched an internal investigation. The LunchMaster cybersecurity team was able to trace the breach back to an IP address in Danville, Calif., where Choicelunch is based. The LunchMaster contacted the FBI in April 2018, and after a yearlong investigation, Cosbey was arrested.
Cosbey is currently out on $125,000 bond and is due in court later this month. If convicted, he faces over three years in prison. This week, investigators allowed LunchMaster to notify families affected by the breach, which the company has been doing, The Chronicle reported.