Blog

Is it safe to do banking on phones? by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

I sometimes get asked if it is safe to do banking on phones. Keep in mind that there is no such thing as 100% security. It is always good to assess risks in any activity on a computer, be it a desktop computer or a phone. There are three main threats I can think of when it comes to online banking from your phone: keystroke loggers, man-in-the-middle attacks, and shoulder-surfers.

Keystroke logger

The risk is that an attacker has managed to get malware installed on your computer and they are tracking every keystroke you enter—including your account number and password—as you log onto your banking site.

Note that the risk is not unique to phones. It exists whether you are on a desktop, laptop, tablet, or phone. From Microsoft’s 10 Immutable Laws of Security: Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore. The best way to mitigate this risk is to do everything reasonable to prevent a keystroke logger from being installed. I recommend people only obtain phone apps from approved stores (Play Store for Android, App Store for iOS), and only install apps that have been around for more than a couple of months. While not a guarantee that an app is malware-free, it certainly helps.

And—preaching to the choir here—use a program like GlassWire on your Windows PC. Set the firewall section to Ask to Connect and turn on Automatically analyze all apps with network activity with VirusTotal. When a new program tries to access the network, you can see if the dozens of anti-malware programs at VirusTotal think it is clean.

Man-in-the-middle (MITM) attack

In a MITM attack, the attacker hosts a Wi-Fi hotspot with the same name as the hotspot run by a legitimate organization such as your favourite coffee shop. If you connect to the attacker’s access point, all your traffic goes through their computer and is then automatically passed on to the destination server you are communicating with. End-to-end encryption normally prevents the attacker from seeing the traffic, but it is possible for the attacker to establish an encrypted session between you and them and re-encrypt the data under a separate encrypted session between them and the destination server. In this manner, they can see all the unencrypted traffic.

This is one area where using a bank’s app is probably more secure that using your web browser to do online banking. It is far easier for the bank to build defences into their app to guard against man-in-the-middle attacks.

You can also mitigate MITM attacks by ensuring you are not connected on Wi-Fi and use the mobile network instead. While a malicious IMSI-catcher could intercept your phone signal, that only intercepts texts and phone calls, not data streams.

Another mitigation against MITM attacks is to use a VPN. By using a VPN, you establish an encrypted tunnel between your computer and the VPN server. The MITM attacker has no access to the unencrypted data. You are transferring your trust to the VPN operator, who is presumably more worthy of trust than someone who sets up a rogue WiFi hotspot!

Shoulder surfers

In this risk, someone nearby watches as you log onto your bank site and notes the account number and password as you type them in.

This is probably the easiest to guard against. Simply looking around is often enough. But it is possible for cameras to be watching as well, and these may not be as easy to spot.

Some password managers can automatically logon to sites for you, removing the need to manually enter your account number and password, and foiling a shoulder surfer.

Multi-factor authentication is also a good defence. In that case, simply knowing your account number and password is not enough; you also need your device or your biometrics. Your bank’s app may also have safeguards tying it to your phone.

Bottom line

Overall, I think the risk of banking on phones is pretty low. You can probably minimize the risk by using your bank’s app and—as always—keeping your phone free from malware. And don’t forget to have strong authentication to access your phone and always keep it under your control.

I would be happy if anyone has other ideas when it comes to any of my articles. I consider myself knowledgeable, but I don’t claim to be an expert. Please add your thoughts through the comment field.

Blog

Endpoint Security: How to Keep Your Data Safe

Introduction

In today’s hyper-connected world, cybersecurity is a hot topic. Maintaining and improving the security of data and sensitive information is becoming increasingly important for individuals and organizations.

In a fully connected digital environment, trending aspects of our life, like the Internet of Things (IoT), cloud computing, or the use of online banking, demand now more than ever a high level of protection: a robust endpoint security solution is essential to guard the digital lives of people and organizations.

There are many different components that make up an endpoint security solution, including antivirus and antispyware software, firewalls, intrusion detection and prevention systems, and data encryption. Each of these components plays a vital role in keeping your data safe.

However, managing multiple endpoints can be a challenge, as can ensuring compliance with various security requirements. And the BYOD trend introduces new challenges, such as ensuring that corporate data is not compromised on personal devices.

In this blog post, we’ll explore all of these topics in more detail and provide some practical tips for keeping your data safe.

What is endpoint security

The need for endpoint security

In the business world, data is everything. It’s what helps you make decisions, connect with customers, and drive revenue. So it’s no surprise that businesses are constantly looking for ways to protect their data. Endpoint security is one way to keep your data safe.

This is a type of cyber security that focuses on protecting single devices connected to a network. These devices can include laptops, smartphones, and tablets. Typical solutions include a combination of software and hardware that work together to protect your data.

The need for endpoint security has grown in recent years as more and more businesses allow employees to use their own devices (known as Bring Your Own Device or BYOD) for work purposes. This can increase the risk of data breaches, as personal devices are often less secure than corporate-owned ones.

There are many different types of solutions available, but not all of them are equal. To find the right solution for your business, you’ll need to consider your specific needs and objectives. But with so many options out there, how do you know where to start?

Different types of endpoints

Different types of endpoints require different levels of protection. For example, a laptop will require more protection than a smartphone because it contains more sensitive data, especially if used for business. Similarly, an employee who works remotely will need a different level of protection than someone who works in an office.

Here are some common types of endpoints:

  • Laptops: Laptops contain sensitive business data and connect to public networks, making them vulnerable to attack. The best way to protect laptops is with a comprehensive endpoint security solution that includes antivirus and antispyware software, a firewall, and an intrusion detection and prevention system (IDS/IPS). Data encryption can also help safeguard business data in the event of a lost or stolen laptop.
  • Smartphones: The usage of smartphones for work purposes is increasing. This makes them potential targets for attackers seeking to gain access to corporate data. The best way to protect smartphones is with a mobile device management (MDM) solution that can remotely wipe lost or stolen devices and enforce password policies.
  • Tablets: Tablets have many of the same vulnerabilities as laptops. They are often used in public places such as coffee shops and airports, making them even more susceptible to attack. The best way to protect tablets is with the same type of comprehensive endpoint security solution that you would use for laptops.
  • Remote workers: Remote workers are often the most vulnerable to attack because they’re not physically protected by a corporate network. The best way to protect remote workers is with a virtual private network (VPN) that encrypts their data and allows them to access corporate resources remotely.

The components of an endpoint security solution

Antivirus and antispyware software

An antivirus program is a computer program that detects, prevents, and removes malware. Antivirus software is designed to protect your devices from viruses, which are malicious programs that can infect your system and damage or delete your files. Antispyware software is designed to protect your devices from spyware, which are programs that collect information about you without your knowledge or consent.

Firewall

A firewall is a network security system that controls the incoming and outgoing network traffic based on predetermined security rules. A firewall can be hardware-based, software-based, or a combination of both. Hardware-based firewalls are typically used to protect corporate networks, while software-based firewalls are typically used to protect individual computers.
We’ve recently written about different types of firewalls if you want to dive deeper into the subject. 

Intrusion detection and prevention system

An intrusion detection and prevention system (IDPS) is a network security system that monitors network traffic for suspicious activity and blocks or alerts the administrator in the event of an attack. IDPS systems are various and can be host-based or network-based.

Data encryption

Data encryption is a process of transforming readable data into an unreadable format using a key or password. Encryption main purpose is to protect data from unauthorized access and ensure its confidentiality. Data encryption can be performed at rest (i.e., when it is stored on a disk) or in transit (i.e., when it is transmitted over a network).

The challenges of endpoint security.

Managing multiple endpoint security solutions

As the use of mobile devices and BYOD policies become more prevalent in the workplace, managing multiple endpoint security solutions can be a challenge for IT departments. There are a number of considerations that need to be taken into account when implementing and managing multiple endpoint security solutions, such as:

  • The different types of devices that need to be secured (laptops, smartphones, tablets, etc.)
  • The various operating systems that are in use (Windows, iOS, Android, etc.)
  • The different security requirements of each type of device and operating system
  • The different levels of security required for each type of device (basic protection for laptops, more comprehensive protection for servers, etc.)
  • The need to ensure compatibility between the different security solutions
  • The management overhead associated with multiple endpoint security solutions

Ensuring endpoint security compliance and policies

Another challenge faced by IT departments is ensuring compliance with corporate endpoint security policies. This is because employees are often using their own devices or mobiles for work purposes and may not be aware of or compliant with the company’s security policies. There are a number of ways to overcome this challenge, such as:

  • Developing clear and concise corporate endpoint security policies that are easy to understand and follow
  • Training employees on the importance of complying with corporate endpoint security policies
  • Implementing technologies that allow IT departments to remotely monitor compliance with corporate endpoint security policies

Addressing the BYOD challenge

Over the previous paragraphs, we’ve mentioned BYOD. The acronym stands for Bring Your Own Device and constitutes one of the biggest challenges for IT departments today. With more and more employees using their own personal devices for work purposes, it can be difficult to manage and secure these devices.
There are a number of ways to address this challenge. The first and most important step is to have a clear and concise BYOD policy that outlines what types of devices an employee can use and what restrictions apply. The standard could be a simple procedure and set of rules to access the Internet via personal devices. It may include the use of a VPN to access corporate data or the adoption of certain security software, like GlassWire. Less popular but definitely effective, is letting the IT department remotely access and secure BYOD devices. 

Conclusion

Endpoint security is a critical concern for any organization that wants to protect its data. There are many different types of endpoints and each has its own security requirements. It’s important to carefully select and configure the right components of an endpoint security solution, to provide the most effective protection possible. Managing multiple endpoint security solutions can be a challenge, but it is necessary to ensure the safety of your data.

Blog

.exe files, how to deal with them

exe-file
exe-file

The Exe File Extention

Most people who use the Windows operating system have run into .exe files before, but not everyone appreciates their potential for hazard. Although most of the .exe files you rely on every day tend to carry minimal risk of harm, this rule doesn’t hold for all similarly-named files you’ll find online – or even those lurking in folders on your PC.

What makes unknown .exe files such a potential danger? Here’s a quick primer.

exe files in Windows

The EXE file extension is most commonly used for files that contain executable code. These files are typically used to run programs or start applications.

What’s inside a .exe file? If you were to open one with a regular text editor, you’d see massive chunks of seeming gibberish, but this doesn’t mean your computer is buggy. It’s just that these files aren’t intended to be read by humans because they contain mostly machine code.

Machine code includes the low-level instructions that tell a computer’s CPU how to store and move data, perform crucial arithmetic operations, and “jump” to other instructions. You can think of it as the cues that let your operating system know how to run a program by handling user input, displaying visuals onscreen, and performing other common tasks.

Windows Executable Files

Although .exe files only run on Windows (and formerly DOS), they haven’t historically been the only type of executable files these operating systems supported. Although the latest 64-bit editions of Windows no longer support them, older variants could run executables ending in “.com” and “.mz”. This may be worth noting if you’re running outdated software at home or in high-risk settings, such as a business.

The other point to bear in mind is that not all .exe files contain the same types of data. For one thing, specific programs include different instructions for your computer to follow. Also, there are a few different ways to encode those instructions in a Windows executable file, which gives rise to a range of format types including NE, PE, LE, DL, MP, P2, P3, W3, and W4.

The reasons for there being so many different formats make sense from a historical standpoint. It’s only natural that developers would improve on the old versions to deliver better performance and leverage new computing features – After all, Windows executable files and their predecessors have been around for decades!

The problem from a security perspective is that this can make things way more confusing for ordinary users.

Remember how we mentioned that opening a .exe file in a text editor would just show you a bunch of gobbled characters? There’s really no way for most people to tell at a glance whether a .exe file might contain a harmful payload. The confusing state of .exe files means that you’ll typically need to take more advanced steps, like using Windows Security or a third-party virus scanner, as we describe here.

EXE files and other executable extentions

Complex operating systems like Windows rely on hundreds of programs running in the background in addition to the applications you specifically launch from the menu. Although there’s no exhaustive list, you might see names like:

File Extensions Explained

Why bother with file extensions at all? Don’t make the mistake of thinking you can just change a file extension to protect yourself. Doing so has no bearing on the contents of the file and will actually make your life harder.

File extensions consist of the characters after the final dot (‘.’) at the end of a filename, such as the “.exe” in “my_cool_program.exe”.

These suffixes serve a few different purposes: For instance, they make it easier for human users to tell which of their files contain which types of data. They also serve a similar function for machines.

When a computer operating system, like Windows, sees a document with an extension, it relies on this information to know which program it should use to open that file. For instance, a Microsoft Word document usually has a “.doc” or “.docx” extension, while an Excel spreadsheet document will have a “.xls” or “.xlsx” extension.

Above all, remember that you can’t afford to take extensions for granted. Any user with the appropriate permissions can rename a file to have whatever name or extension they like, even if that file contains something malicious, such as a virus or malware. If you’re not sure what you’re dealing with, consider equipping yourself with better protection by installing GlassWire’s Endpoint Security Solution.

Blog

Capturing a full web page

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

Screen capture tools such as the Windows Snipping Tool are great for capturing what you see on the screen, but what if you want to capture an entire web page and you have to scroll to see it all?

Some third-party utilities such as TechSmith’s Snagit, Wisdom Software’s ScreenHunter Pro, and browser extensions can capture entire scrollable windows, but with Chromium-based web browsers such as Google Chrome, Microsoft Edge, Opera, Brave and Vivaldi you can capture an entire web page without installing anything.

In any Chromium-based browser press Ctrl-Shift-i to open Developer Tools. Then press Ctrl-Shift-p to run a developer tool. In the search box that pops up, type in screenshot (1 in image below) and click the second option: Capture full size screenshot.

The entire webpage will be captured and stored as a PNG graphic file in your Downloads folder.

Blog

Different Kinds Of Firewalls

Cybersecurity is more important than ever, with cyberattacks costing businesses billions every year.

Commercial firewalls have been available since the 1990s, but technology has changed drastically since then. With so many options available now, it can feel difficult to know where to start in choosing the right firewall. 

Read on to learn what a firewall is, how it works, and how to choose the correct firewall to protect you.

What is a Firewall?

A firewall works as a barrier between your devices and external networks. It monitors your incoming and outgoing traffic to determine whether there’s anything sinister going on, like a virus trying to install itself from the internet, for example.

Firewalls check for specific security rules to decide whether it allows or blocks certain packets of data. There are various kinds of firewalls to protect at different levels.

You can also install firewalls as software, hardware, or cloud-based protection.

How Does a Firewall Work?

Depending on what kind of protection you’re after, you can install a firewall as a piece of hardware, software, or a cloud-based service.

Hardware and cloud-based solutions are usually targeted toward businesses to protect a network of devices and virtual platforms with advanced features and permissions.

Software is more affordable and easily accessible for small businesses and home users. Firewall software can scan files and apps for viruses and monitor web usage, all while cross-referencing a database of known threats and updates regularly.

Whatever kind you choose, a firewall’s filters protect your data and devices by looking out for specific cybersecurity threats, including:

  • DDoS prevention – hackers may drastically slow down a server by flooding it with data requests.
  • Backdoors – viruses and hackers can exploit security bugs in some apps and platforms to gain access to your data and manipulate programs without your knowledge.
  • Malicious scripts – a script, also known as a macro, is a piece of code that an application can run to perform complex tasks. Hackers may use these scripts to execute dangerous processes that can harm your devices and data.

Types of Firewalls

Curious about what firewall type is best? Read on to learn about the most common types of firewalls and their features.

Packet-filtering firewalls

Considered the most basic kind of firewall, a packet-filtering firewall monitors incoming packets of data. Without a firewall, these packets of data can all reach their destination. A firewall implements a set of security rules—every packet is inspected, and if a known threat is detected, the packet is removed.

A packet-filtering firewall is quick and efficient to use, offering a basic level of security.

Proxy firewalls

Proxy firewalls offer application-level protection. Instead of the firewall simply monitoring the data packets sent and received, the proxy acts as a ‘mirror’ of the device, so it becomes the only exit and entry point for data. It protects the destination ports and at the same time can perform security checks at a deeper level.

Proxy firewalls are a more secure option, but they’re slower and put more strain on your device’s resources.

Stateful inspection firewalls

Stateful inspection firewalls examine several characteristics of incoming data and compare them against a database of known, trusted packets. 

It offers a much higher level of security, but it can impact a system’s performance and it is generally more expensive than a basic option.

Next-generation firewalls

Next-gen firewalls combine traditional firewall features like packet inspection with other security elements. These might include malware detection and antivirus protection.

A more comprehensive firewall solution, it inspects the data within the packets sent and received, based on a constantly updated database, as well as filtering for specific security rules. Next-generation firewalls are more expensive for this reason.

Deciding on a Firewall

When choosing a firewall to protect your devices and data, you should take into account the level of security you require, and the budget you can afford. Think about the protection you need now and in the future. 

If you own a business, you may need more advanced firewall features if you have a large network and complex requirements. Choosing cloud-based and hardware firewalls can suffice.

Most home users and small businesses will do well to choose a software firewall that provides malware detection and network monitoring, like GlassWire.

Blog

How to Spot Malicious Apps

A malicious app is created specifically with the intention to cause harm.

They’re usually designed to appear as innocent apps, or even clones of official apps, to steal sensitive information.

For example, a malicious developer could design a storage cleaner app to steal files and data from the users that install it on their devices. Or, clone a familiar banking app to take your account details.

What Makes an App Malicious?

There are plenty of applications that exist that could be vulnerable to hacking but overall have no sinister intentions.

For example, any app that collects location data could be intercepted by a hacker looking to steal that information. These appear as riskier apps but aren’t developed to cause deliberate harm.

Malicious apps, on the other hand, exist primarily to either steal information from the user who installs it or to manipulate the device it’s installed on.

Malicious Behavior to Look Out For

Developers have smart ways to make malicious apps appear genuine, so it’s vital you understand how to spot a malicious app before downloading it to your device.

Avoid third-party APK files

The Apple and Google official app stores protect you and your data from harm by verifying that the apps they offer are safe. Third-party sites offering APK files to download do not offer protection and pose a significant security threat.

Apple verifies all apps in the store. On Android, look for the ‘Verified by Play Protect’ message when installing an app.

App Store Reviews and Strange App Descriptions

A legit app has lots of genuine reviews and ratings left by users. They also have descriptive information about how the app works.

If you come across an app that has almost no reviews, or the reviews appear to be copied and pasted, this could be a warning sign.

Similarly, if there’s no app description or the information is vague with lots of grammatical errors, chances are the app could be malicious.

Check for higher-than-usual data usage

Malicious apps often use your data to perform sketchy tasks in the background without your knowledge.

Check your monthly data usage in your settings, or install a dedicated data monitor like GlassWire.

If something doesn’t seem right, and the problematic app appears to be using far more data than it should be, uninstall it immediately.

Common Mobile Vulnerabilities

Mobile devices can be susceptible to malicious apps or other kinds of security threats because they have certain vulnerabilities that hackers exploit.

Data Leaks

When you install an app, how often do you check what permissions you’re allowing?

Apps often collect sensitive data and we don’t read the fine print to see what this is. You could potentially be handing over a lot of your personal information without realizing it.

Open Wifi

Open wifi spots—ones you can connect to without a password—can be convenient in a pinch.

However, they pose a massive risk.

When your device is connected, hackers can easily intercept the data you’re sending and receiving and even access your device.

Old or Out-of-Date Device

Did you know that mobile devices only receive software and security updates for a certain number of years?

After that, the device becomes a huge target for hackers.

As newer models come out, developers stop providing support for the older devices. This leaves big gaps in security which can be exploited.

Poor Password Protection

Kaspersky Labs found that over half of consumers don’t password-protect their mobile devices. Are you one of them?

Leaving your mobile device easy to access poses a threat to your personal data if the phone is lost or stolen.

Avoiding Malicious Apps with a Personal Firewall

Choosing a personal firewall proactively protects your devices in several ways.

A quality personal firewall can:

  • Monitor network traffic for threats by inspecting packets of data received
  • Defend against viruses by identifying thousands of new types every week
  • Prevent hackers from accessing your data through anti-fraud and anti-phishing methods
  • Adds a layer of privacy to your data by encrypting files, protecting location info, and preventing unwanted microphone access

In Summary

Malicious apps are out to steal your data.

Protect your devices with firewalls, data monitors, and strong passwords. Avoid open wifi networks and third-party app websites.

Take care in only installing trusted apps from official app stores and if something feels off about an app you’ve installed, like higher data usage or strange permissions, uninstall the app immediately to keep yourself safe from attack.

Blog

News and Interests annoyance

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

In May of 2021, Microsoft imposed foisted released News and interests—a

tray icon app that can provide information. I like that it provides local weather information at a glance.

What I definitely do not like is that a huge window pops up if my mouse just happens to pass over the News and interests tray icon.

 Fortunately, there is a simple fix.

Right-click a blank area of the Taskbar (1) and select News and Interests (2) in the pop-up menu. You can turn off News and interests completely by clicking Turn off (3). Or click Open on hover (4) to remove the check mark for that option.

News and interests will no longer open a big box when your mouse passes over its icon. You can still access the full News and Interests: you just have to click the icon.

Blog

Spyware, why you should avoid them

spyware
spyware

The internet comes with a certain level of risk and it probably goes without saying that using it exposes us to the risks of a spyware.

Many technologies are already monitoring our online activity from pixel trackers and cookies to session tracking.

That’s why when it comes to keeping yourself secure online you should always act as though someone is watching.

We are not alone in what we do online and knowing this you should operate with a certain level of vigilance.

Moving on the non-legit side, the web is also full of several types of malware roaming around eager to jump into your computer, and among them, spyware is certainly the most sneaky and dangerous. You could also easily get one via phishing, so be aware of the emails you open. But…

What really is spyware?

Spyware is a piece of software sneaking into your device and starting running in the background, almost invisibly. While running, it listens to your activity and records relevant information stored on your computers such as personal information, usernames and passwords, payment information, emails, or even the websites you visit and the files you download. Once collected, it silently waits for a trigger to run additional software or share them with a remote computer. 

Frequently connected to spyware is identity theft, leading to unwanted access to email clients, social media, and bank accounts. In addition, once into your device, you’ll have a hard time getting rid of it. That’s why it is better to prevent spyware infection to secure your important information.

No matter the device, or the operating system

Historically, the preferred operating system for hackers has been Windows. As a matter of fact, it has been widely used. Windows is still the most used OS all over the world, constituting a very large base of potential victims to look for.

In spite of that, Windows is less popular in richer countries, where Apple man a big share of the market. That’s why since 2017 Mac spyware arose, starting to infect many devices. These viruses are mainly password stealers but could also come in the form of other malware. Popular ones are info stealer or keylogger (read below). They could also disguise themselves by pretending to be a parental control software or a system monitor app.

Your OS may not guarantee the security of your connection, let alone your device type. Mobile are now in the pockets of everyone. Spy apps for mobile are no less widespread and over the years have been reported several cases of mobile spying. 

They started rising in number in parallel with the development of mobiles themselves, evolving also in their technology. Mobile spyware affects Android and Apple smartphones with no distinction. They are also particularly devious, as they run in the background. Unfortunately, background applications are not so evident on mobiles as they are on a computer. 

They lay in the background undetected and steal sensitive information. Typically, they record phone calls, read SMS and keep track of the user’s activities.

Even worse, once a malware infect your mobile, the software may leverage additional data. These include your GPS location, the image from your camera, or the audio that your microphone records. To deceive you, they use apps recompiled with harmful code and malicious apps posing as legitimate, as well as fake download links.

The way spyware breaches into your smartphone are usually through open wifi connections, flaws in the operating systems, and malicious apps.

There are a few actions you can do to prevent infections and avoid getting spyware on your phone. You’d better connect to trusted networks at home and at work. Keep every software updated, especially the operating system, and avoid third-party apps downloading and installing.

Types of spyware

Spyware come in the form of different software, intended to perform several tasks at once. There is not a unique “spyware” definition. However, the main functionalities of spyware include the following:

Keylogger

Keyloggers’ main function is to record the system activity. Back in the day, they were responsible for keeping track of the pressure of the keys of your keyboard. The software has evolved over the years to the point where it can’t just track the keys you press. They now record the victim’s desktop, monitor the documents sent to a printer, look at websites visited, and even read emails and chats. At this point the attacker get this information, to use at his disposal.

Bank trojans

If general keyloggers collect information with no distinction, bank trojans are specifically designed to infect computers and gather credentials for banks and financial institutions. Acting mainly on the web, so in your browser, they can use the retrieved information to place bank transfers and steal money. 

Infostealers

Less specific but equally harmful, infostealers seek information out from the infected device, looking for any file or piece of information the author of the virus may consider useful. They could virtually be anything, from system information to documents, from email addresses to media files and even personal data. They usually exploit browser vulnerabilities to enter your computer, do their job, and send the loot to the attacker.

Password stealers

These applications are typically designed to exploit your system by looking for passwords. No matter if you store them in a password manager software, in your browser, or in a spreadsheet file, their unique job is to find them. Once retrieved, they will send them over to the attacker, opening a range of critical scenarios.

Protect your computer from malicious software and spyware

Prevention always wins over repair. That’s why it is so important to understand which are the main channels for infection and how to avoid getting a virus.

Phishing & spoofing

Phishing has been a major threat over the last few years. Pretending to present you with the login interface of well-known software and making you download malware or type in your credentials, phishing attacks are often the medium of infection for many viruses, spyware included. Phishing is usually paired with spoofing. Spoofing refers to the disguise of an email sender to appear to be from an individual or an organization you trust.

Bundleware

Bundleware is an infection based on the multiple downloads and installations of software. Usually, you apply for a free trial and just want to download and install a single software but by accepting all the terms of service from the provider you end up with several add-ons and plugins installed on your device. Install software only from trusted sources, and avoid third-party or unknown sources.

Backdoors, trapdoors, and other security vulnerabilities

Developers generally use backdoors (known also as trapdoors) as methods to easily bypass the authentication and run debugging. Occasionally, cybercriminals may exploit them to enter a system and take control. Other than being just mistakes, backdoors may be the results of the action of separate software, installed on purpose by a third-party malware (via a trojan or a phishing attack). That’s the case of Back Orifice, one of the most famous backdoor installers and widely exploited by attackers all over the world.

There are very few actions you can do as a user if a software contains backdoors in its code. Usually, similar vulnerabilities are fixed as soon as they are discovered and reported. The only advice we can provide here is to keep your software up to date.

Misleading communication and trojans

As one of the oldest ways to deceive the perception, selling something for what is not is evergreen in frauds. That’s why spyware is never presented for what they are but for everything that could look appealing or useful.

A good example is malware presented as utility software on a malicious website. It pretends to speed up your device, clean your disk or even repair your system from catastrophic errors. 

Protect your computer from spyware

If you’ve got a malware infection or specifically a spyware on your computer, don’t despair, it’s not too late.

There are a lot of malware scanner software and malware removal tools that can just get rid of them in a few clicks. 

A spyware detector, usually combined with a spyware remover, may be enough to detect spyware in your pc and get rid of the unwanted virus but if it’s not, you’d best access all your critical accounts (bank, email, social networks) and change all the passwords from a different device. That should add an additional layer of protection while preventing the malware from recording the new passwords.

As expected, things may also be not that simple and the detection and removal of spyware could be harder. 

Spyware are usually quite complex to find, as they are designed to hide and run in the background.

Modern browsers are quite secure and don’t let web applications dump files into your computer without your consent. Infections are usually a consequence of some human actions, like allowing a download or installing a component. That’s why it is so important to adopt a critical surfing behavior.

For example, how many of you hover with your mouse to check the link you are about to click, before actually clicking?

That’s a best practice that lets you spot unwanted destinations before getting into trouble.

Another good piece of advice is on emails. Always check the email address of the sender. 

Quite often phishing attempts make use of email addresses that look almost like the ones they are supposed to be, but with little typos, punctuation signs here and there, and other small differences that should give you a heads up.

You should always handle e-mails from unknown with suspicious eyes.

Monitoring the activity of your computer is also a good method of prevention. 

GlassWire is a free network monitoring and security tool with a built-in firewall that can easily increase the security of your device with a few clicks.

At GlassWire, we provide a useful tool to keep track of the volume of data exchanged by the software running on your computer, so anyone can simply check for suspicious peaks in data exchange and block the responsible app if this is the case.

Blog

How to add seconds and day to the Taskbar clock

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

By default, the Windows 10 clock on the taskbar shows hours & minutes and the date. Two small changes and it will also show seconds and the day of the week.

Adding seconds

To change the clock display from this…

to this…

requires a change to the registry. As of the writing of this article, this does not work in Windows 11.

Caution: while it is fairly straightforward to edit the Windows registry, don’t make random changes. There is no Undo and changes take effect with no Save command. Having a good image backup of your computer is—as always—advised.

If you are uncomfortable with using the Registry Editor, you can download https://opcug.ca/downloads/TaskbarClockSeconds.zip. See the ReadMe.txt file in the zip file for instructions.

Open the Registry Editor (Start|Windows Administrative Tools). In the left pane drill down to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Right-click on Advanced and choose New | DWORD (32-bit) value from the context menu.

In the open dialogue box, overwrite the default New Value #1 and name the value ShowSecondsInSystemClock.

If you accidentally click off New Value #1, right-click it, and choose Rename.

Double-click the ShowSecondsInSystemClock value in the right pane, set the Value data to 1, and click OK.

Close the Registry Editor, sign out of Windows and sign back in. Your clock will now display seconds.

If you want to change the clock back to not show seconds, edit the ShowSecondsInSystemClock value and change the Value data to 0.

Adding the day of the week

Run Control Panel (click Start, start typing control panel and when it appears in the results, click it).

Select Region (Clock and Region if you are in Category view). On the Formats tab, click the Additional settings… button. On the Date tab, in the Date formats section, click the start of the field for Short date: and ddd and a space (mine was yyyy-MM-dd, so the result was ddd yyyy-MM-dd).

Click the Apply button, check the clock on the Taskbar, and decide if you like it.

I tried changing the format to have a comma after the day of the week by using ddd, yyyy-MM-dd and it looked fine on the Taskbar as Thu, 2022-02-24, but dates in Excel were then formatted oddly: what used to display as 2022-02-24 was displaying as 2022,02,24. If I removed the comma after ddd Excel displayed dates as before. You know, because Windows is so consistent!

Blog

Adopting MFA in your company

Accessing your accounts with a single username and password simply isn’t enough to keep sensitive data safe.

With cyberattacks sharply on the rise, it’s essential you implement multi-factor authentication (MFA) to protect your business.

Cyberattacks are estimated to cost global business $10 trillion by 2025.

And it doesn’t matter how small your business or the industry in which you operate. Every business is vulnerable.

MFA adds extra layers of security to your accounts by asking you for more than just a password. It can include a fingerprint scan, one-time passcodes, or facial recognition among other forms of proving your identity.

Read on to find out more about why MFA is so important, the common challenges that businesses face with adopting MFA, and how you can protect your business by introducing MFA.

Why is multi-factor authentication important?

According to Microsoft, 99.9% of cyberattacks can be prevented simply by enabling MFA.

The problem with usernames and passwords is that they’re easily compromised. Hackers find several ways to steal passwords to then log into corporate accounts and steal data.

This could be everything from client addresses, payment details, and sales records to your business online banking and employee information.

Nearly two-thirds of cyberthreats happen due to negligence inside your business, according to an IBM study. Employees might leave passwords lying around or share them within insecure networks.

The positive is that by adding MFA to your company platforms, it becomes almost impossible for hackers to replicate these credentials, and guessing your password isn’t enough for them to gain access.

In multi-factor authentication, your employees can provide different types of information to prove who they are. These include:

  • What they know—usernames, email addresses, and passwords
  • What they have—an SMS containing a code, an authenticator app, a smart card
  • What they are—biometric data such as facial recognition or fingerprints

When two or more of these forms of information are used together, it creates a dramatically higher level of security to protect your business from breaches.

Common MFA challenges

Although many services and platforms have adopted multi-factor authentication, users could still be unfamiliar with what is expected of them when your business implements MFA.

Users unsure of the importance of MFA

Put simply, many users do not understand why a username and password aren’t enough to protect company data, especially if they’re so used to doing it this way.

Helping users understand good cybersecurity practices and address their concerns is key to helping your business more confidently adopt MFA.

Extra training needed

To effectively implement MFA, every member of staff will need a briefing on what changes will take place, when MFA will rollout and how this will impact their jobs.

Thankfully, familiar platforms such as Microsoft and Google provide easy-to-use MFA and resources to help the less confident users.

MFA asked for too frequently

When users feel additional security measures are interrupting their work it might mean they’re less likely to adopt it. For example, if platforms ask for confirmation of their credentials too often.

Choose a platform that only requires these steps when it’s required, leading to a smoother and more user-friendly experience.

Adopt multi-factor authentication

There are several steps to ensure your business adopts multi-factor authentication successfully.

The first is for you to determine what areas of the business require the extra levels of security. Databases and platforms where sensitive information is stored would require MFA. You might decide that other systems which don’t store sensitive data or aren’t connected to the same network, may not justify the cost.

Catalog all current users and what systems they have access to. If necessary, you should revise these permissions.

Decide what your current capabilities are and which methods of MFA will work for you.

MFA should be adopted across all resources, devices, and applications that require it. This ensures that data is protected company-wide across the network and not just on the computer at a user’s desk.

Finally, once you have implemented the MFA on your systems, you will need to onboard all employees so they understand how to set it up and use it as part of their working day.

Conclusion

One of the most powerful steps toward fighting cyber threats in your business is to adopt multi-factor authentication.

Using two or more forms of identity confirmation to access company systems prevents over 99% of attacks.

You’ll need to undertake careful planning to decide:

  • What systems are protected
  • The people inside your business who have access to data
  • The methods of MFA your business is capable of implementing

Be prepared to offer training and resources so your employees can effectively switch to this increased level of security.

Although the cost of implementing MFA can be high, the benefits far outweigh the risks of leaving your business vulnerable to attack.

Blog

Cleaning up your disk

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

Disk space seems to disappear over time. If you have hundreds of gigabytes or even terabytes of free space, this may not seem to be a problem, but there are some things to keep in mind that may make it worth some effort to keep things svelte.

First, if your boot partition (where Windows is installed—normally C:) is on a solid-state drive, it might be relatively small. If that’s the case, you might run out of available space fairly quickly. At an absolute minimum, you want to ensure you have enough space to install yearly Windows Feature updates, which can take 11 GB or more on the boot partition during the update process. You also want room to install future applications. As well, many computers are configured to store user data on the boot partition. That could include hundreds of gigabytes of documents, photos, videos, music, etc.

Second, since an image backup contains a copy of everything on the disk—operating system, programs, and data, your backups will take longer to complete and take more space on your backup drive than necessary if you have a lot of clutter. What? You don’t do image backups of your computer? Stop right now and read Why backup published in Cybersecurity News in February, 2019 (https://mailchi.mp/glasswire/glasswire-newsletter-is-your-pc-a-victim-of-this-creepy-data-hog).

There are pretty effective tools built into Windows for keeping your disk clean and tidy. The main tool is Storage Sense. Hold down the Windows key and press i to open Settings. Click the System icon.

Click on Storage in the left panel (1 in the screenshot).

Section 2 in the screenshot shows major categories of files. You can click on any of them to get more information and you can manually get rid of stuff you don’t need. Manual cleanup is sometimes the only way to deal with clutter. Windows can’t—for instance—decide what documents or programs you don’t need.

Click the link Configure Storage Sense or run it now (in section 3 in the screenshot)

Storage Sense can clean up three things (section 4 in the screenshot): temporary files not currently being used by programs; files that have been in the recycle bin longer than a specified period; and files that have been in your Downloads folder for longer than a specific period. All three of these areas tend to collect a lot of files over time.

Pick a timeframe for files in the recycle bin and Downloads folder; from Never to 60 days.

Run Storage Sense by clicking the Clean now button (5 in the screenshot)

You can automate the running of Storage Sense with the slider (section 6 in the screenshot). When you toggle it on, you can choose when Storage Sense runs (7 in the screenshot): every day/week/month or when disk space is low.

Microsoft says “Low free disk space will vary depending on disk size and minimum operational thresholds. You’re in a low disk state when the capacity bar in Start > Settings > System > Storage turns red.”

There is another major cleanup that can be done—Windows Update. Whenever Windows Update runs, it squirrels away previous versions of updated files in case want to uninstall a problematic update. These old versions of files can take up gigabytes of disk space. If my computer is not experiencing any new problems a week after Patch Tuesday (the second Tuesday of the month), I seriously doubt I will need to roll back an update and these older versions of files are just useless clutter. Microsoft provides another tool that can remove these—Disk Cleanup. Click the Start button and type Disk Cleanup. Click on Disk Cleanup in the results.

When Disk Cleanup loads, immediately click the Clean up system files button. Disk Cleanup will reload with additional options, including Windows Update Clean-up. As you can see in the screenshot, it can free up a lot of disk space—6.5 GB on this particular computer. A warning: choosing Windows Update Clean-up can take a long time to complete. I have seen it take over half an hour. That’s because it is doing more than deleting old Windows Update files and these additional actions can help free up disk space. First, it does the equivalent of dism /Online /Cleanup-Image /StartComponentCleanup. This looks at the component store (C:\Windows\WinSxS folder) for components that are no longer being referenced and deletes them. This is normally done automatically as a schedule maintenance task; Windows Update Clean-up forces it to run immediately. The other thing it does is look for operating system files that could benefit from being compressed and compresses them.

There are additional categories that Disk Cleanup can deal with. Select any of them and the Description field will give you more information about the particular option, which should help you decide whether or not you want Disk Cleanup to remove those files.

The combination of Storage Sense and Disk Cleanup will give you a fighting chance at keeping unnecessary clutter under control.

Blog

Stay secure against ransomware

Ransomware made easy

The concept of ransom, despite being totally unfortunate, is pretty easy to understand.

A bad actor takes something without permission and asks for money to give it back.

Adapting such a form of crime to nowadays technologies is pretty easy as well.
A malware enters your device without permission and encrypts all your files with an encryption key that is virtually impossible to decipher by chance. Then, the only window you are allowed to see on your monitor is the one with the ransom request. When (and if) the ransom is paid, the attacker will finally send you over the decipher key, giving you back access to your files.

Conceptually easy in its structure, this form of cyberattack costs millions of dollars every year, with businesses in retail, education, and IT among the most damaged.

Clearly, it is not just that, as more advanced forms of ransomware attacks exist and hit even stronger. They could leverage the threat of exposing sensitive information from the target organization or rely on innovative distribution models.

This is the case of Conti and REvil, the two most dangerous types of ransomware attacks in 2021 in terms of victims and financials. These two types of attack, fearsome on their own, found their fortune on their business model. Both of them have been spread around thanks to a Ransomware-as-a-Service model, where the cybercrime group allowed people from the outside to act as affiliates or mediums. In return, for every successful ransom obtained, these people took a share of the ransom.

The model, other than spreading the virus at an unprecedented pace, made it also harder to attribute the attacks to the original actors.

There are a few actions that everyone could put in place to prevent the risk of get in trouble with a malicious software. Installing a firewall for ransomware, for instance, is the first and most important security solution you could take to prevent exposing personal information. 

How to prevent a ransomware attack

Despite being extremely hard to predict, there are a few best practices that every user could put in place to mitigate and potentially nullify the risk of being hit by a ransomware attack. Bearing in mind that most cyberattacks leverage both human and IT vulnerabilities, there are good habits and technical implementations, mainly for your firewall, that could be extremely useful. Here is a helpful list to keep at hand in your daily internet surfing. 

Best practices  for  firewall  and  network  configuration

  1. Install an easy-to-use firewall, that could ease and not hinder the adoption of security habits.
  2. Remote Desktop Protocol (RDPs) are, with phishing, the main channels of infection for Ransomware attacks. Monitoring and locking down RDP and other services with your firewall is definitely a must for your internet security. Whitelist only applications you consider safe.
  3. Strengthen your passwords and use multi-factor authentication. This is a rule of thumb for every digital asset but take it as a suggestion also for your remote management and file sharing tools so that they’re not easily compromised by brute-force hacking tools.
  4. Limit remote access to your computer setting rules for connection. Your firewall should allow the setup to limit port-based access via filters or passwords. VPNs are also a valid alternative to port-forwarding when accessing your organization’s network from the outside.
  5. Enable TLS  Inspection with support for the latest  TLS 1.3 standards on web traffic to ensure threats are not entering your network through encrypted traffic flows.
  6. Segment LANs into smaller, isolated zones or VLANs, and minimize the risk of lateral movement within the network. VLANs could then be secured and connected together by the firewall. Be sure to apply suitable IPS policies to rules governing the traffic traversing these LAN segments to prevent exploits, worms, and bots from spreading between LAN segments.

Healthy digital habits

  1. Reduce data transfers every time is possible, as more data transmissions equal to more vulnerabilities. Also, try to avoid sending sensitive data on personal devices, usually less controlled and significantly more vulnerable to cyber-attacks.
  2. Download Carefully and check your data sources carefully. If in doubt, check on a search engine. It’s important to only download files from sources and avoid unnecessary downloads to lower your device susceptibility to malware.
  3. Update device software, as security is (or at least should be) a top priority for every software provider. Providers work hard on continuously making their software more secure, and regularly installing the latest updates will make your devices less vulnerable to attacks.
  4. Develop a breach response plan. Data breaches can happen to even the most careful and disciplined companies. Establishing a formal plan to manage potential data breach incidents, primary cyberattack response plan, and cyber attack recovery plan will help organizations of any size respond to actual attacks and contain their potential damage.
  5. Change your passwords from time to time. It’s free and drastically lowers the chances of one of your accounts being spoofed.

Being the most dangerous and spread form of cyber attack, preparing against ransomware is crucial for the digital health of your business, your organization, or even yourself. Adopting a good level of skepticism and common sense with regards to digital environments, and gearing up with a sturdy antivirus and a firewall could really make the difference and save you a lot of money.