What is an Advanced Persistent Threat?

If you’ve ever seen a movie where the bad guys are using ongoing, invasive hacking to spy on their “enemy,” you have some familiarity with an advanced persistent threat (APT).

This term usually refers to an attack carried out by a group that targets a specific entity using malware and other sophisticated techniques to exploit vulnerabilities in the target’s systems. It is often done for intelligence gathering with political, financial or business motives.

For example, an APT aimed at a corporation could take the form of Internet-based malware that is used to access company systems, or a physical infection, such as malicious code uploaded to the system via a USB drive. These kinds of attacks often leverage trusted connections, such as employee or business partners to gain access and can happen when hackers use spear phishing techniques to target specific users at a company.

Remaining undetected for as long as possible is a main objective with these attacks. It is their goal to surreptitiously collect as much sensitive data as they can. The “persistent” element implies that there is a central command monitoring the information coming in and the scope of the cyberattack.

Even though APTs are not usually aimed at individuals, you could be affected if your bank or another provider you use is the target of an attack. For example, if attackers secretly gather intelligence from your bank, they could get access to your personal and financial information.

Since you could potentially be affected by an APT attack on an entity or company that you do business with, it’s important that you employ strong security measures.

  • Use a firewall to limit access to your network.
  • Install comprehensive security on all your devices, like McAfee LiveSafe™ service, since malware is a key component in successful APT attacks.
  • Don’t click on attachments or links you receive from people you don’t know.
  • Keep your personal information private. Be suspicious of anyone who asks for your home address, phone number, Social Security number, or other personal identifying information. And, remember that once you share personal information online it’s out of your control.
  • Check to see if the websites you share sensitive information with use two-factor authentication. This is a security technique that uses something that you know, such as your password, and something you possess, such as your phone, to verify your identity. For example, your bank may ask for your password online, as well as a code that it has sent via text message to your phone. This is a 2nd layer of protection and should be enabled for sensitive information.



RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.


The post What is an Advanced Persistent Threat? appeared first on McAfee Blogs.

Watch Out For Malicious Mobile App Doppelgangers

As we usher in yet another worldwide sporting event this month with the World Cup, it’s inevitable that scammers will piggyback on the myriad of opportunities at their fingertips to swipe, nab, and phish for spectators’ personal data. We’ve seen it happen a million times before and trending news has always been easy fodder for cybercriminals. Whether it’s a major sporting event, the Royal Birth, or juicy celebrity gossip, unscrupulous individuals come out of the woodwork to prey on those interested. Oftentimes, the inherent trust that comes along with familiar names, whether it’s a brand or individual, lull us into letting down our guard and as a result, compromising safety.

The most recent McAfee Labs Threats Report highlights the above trend with respect to mobile devices, where popular apps are now being cloned and released with vulnerabilities and other risks included. In the last year alone, mobile malware developers have been preying on consumers’ trusting inclinations to manipulate what we are familiar with more than ever before.

Take for instance, the infamous Flappy Bird app craze and untimely shutdown that I wrote about in March, where numerous clones were released post the app’s removal from major app stores. While users were mourning Flappy Bird’s demise, hackers were quick to release their own sinister versions to rope in unsuspecting patrons who missed out on the original. In fact, McAfee Labs™ found that a whopping 79% of sampled Flappy Bird game copies contained malware. The dangerous doppelgangers and others like them are often programed with the ability to make phone calls, extract contact list data, track geo-locations, install additional apps, and even take control over anything on the device, including the recording, sending and receiving of text messages.

Aside from malicious app clones, even those in legitimate app stores can abuse trust and execute commands without user permission. Going a step beyond the app oversharing and snooping I discussed in relation to the 2014 McAfee Mobile Security Report, normal looking apps, like Android/BadInst.A—which was available in the Google Play Store—can actually automatically download, install, and launch other apps. While the Android/BadInst.A app profited through a pay-to-download scheme instead of actually downloading malware, this type of app behavior leaves the door open to more dubious activities in the future.

The final trend the McAfee Labs team identified was a series of new Trojans preying on holes in authentic mobile apps and services. The Android/Waller.A Trojan disguises itself as an update for Adobe Flash Player and remains hidden from detection until after its installed. Once it’s on a user’s device it exploits a security flaw in legitimate digital wallet services to transfer money to the hacker.

With more legitimate mobile apps and games being cloned and abused by hackers, consumers need to be extra cautious. Just because an app is in a valid app store, it doesn’t mean it is valid—as was the case with the fake anti-virus app that was downloaded 10,000 times before it was removed. Always check reviews and stats before downloading new apps, and never grant excessive or unfamiliar permission requests at installation.

As more people embrace virtual currencies and mobile payment apps, these steps are especially crucial when dealing with highly sensitive personal data and money. McAfee® Mobile Security features a number of comprehensive protection features that can help users navigate the wild and crazy world of apps. Android users can review permissions of downloaded apps and receive notifications if they are accessing things they shouldn’t be.

Stay on top of the latest consumer and mobile security threats by following @McAfeeConsumer on Twitter and Like us on Facebook.


The post Watch Out For Malicious Mobile App Doppelgangers appeared first on McAfee Blogs.

What is Wardriving?

Wireless networks have certainly brought a lot of convenience to our lives, allowing us to work and surf from almost anywhere—home, cafes, airports and hotels around the globe. But unfortunately, wireless connectivity has also brought convenience to hackers because it gives them the opportunity to capture all data we type into our connected computers and devices through the air, and even take control of them.

While it may sound odd to worry about bad guys snatching our personal information from what seems to be thin air, it’s more common than we’d like to believe. In fact, there are hackers who drive around searching for unsecured wireless connections (networks) using a wireless laptop and portable global positioning system (GPS) with the sole purpose of stealing your information or using your network to perform bad deeds.

We call the act of cruising for unsecured wireless networks “war driving,” and it can cause some serious trouble for you if you haven’t taken steps to safeguard your home or small office networks.

Hackers that use this technique to access data from your computer—banking and personal information—that could lead to identity theft, financial loss, or even a criminal record (if they use your network for nefarious purposes). Any computer or mobile device that is connected to your unprotected network could be accessible to the hacker.

While these are scary scenarios, the good news is that there are ways to prevent “war drivers” from gaining access to your wireless network. Be sure to check your wireless router owner’s manual for instructions on how to properly enable and configure these tips.

  • Turn off your wireless network when you’re not home: This will minimize the chance of a hacker accessing your network.
  • Change the administrator’s password on your router: Router manufacturers usually assign a default user name and password allowing you to setup and configure the router. However, hackers often know these default logins, so it’s important to change the password to something more difficult to crack.
  • Enable encryption: You can set your router to allow access only to those users who enter the correct password. These passwords are encrypted (scrambled) when they are transmitted so that hackers who try to intercept your connection can’t read the information.
  • Use a firewall: Firewalls can greatly reduce the chance of outsiders penetrating your network since they monitor attempts to access your system and block communications from unapproved sources. So, make sure to use the firewall that comes with your security software to provide an extra layer of defense.

Although war driving is a real security threat, it doesn’t have to be a hazard to your home wireless network. With a few precautions, or “defensive driving” measures, you can keep your network and your data locked down.


RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The post What is Wardriving? appeared first on McAfee Blogs.

Workplace Wearables and the Loss of Privacy

We’ve all had those late afternoon hunger pangs when it’s time to start fantasizing about going home and making dinner. Imagine if the watch you were wearing could actually find out what ingredients you had in stock, rather than leave the contents of your refrigerator up to memory or fate. Wearable technology is the next frontier of innovation and has been getting a lot of press, as the latest tech-infused accessories have become all the rage with consumers. The newest iterations of smart technology can track everything from our diets and exercise, to our mood and sleep patterns.

Wearable technology has already blossomed into $50 billion dollars worth of investments, led by heavy hitters like Google (their Google Glass product), with Apple and others not far behind with their own fashionable devices. However, the next generation of wearable technology is finding its way into the workplace. Currently, a research collaboration between the Institute of Management Studies (IMS) at Goldsmiths, University of London and cloud company Rackspace, is assessing the impact of wearable technologies on productivity and performance in the office. Taking biometrics a step further, the real-world implementations of this research could give employers valuable data about employees’ non-work activities, sleep cycles, optimal performance time, and much more.

Despite the possible benefits, wearables utilized in the workplace could reveal a lot more than your average steps per day or heart rate. While having a better grasp of one’s lifestyle profile through biometric data could have a positive impact on productivity and work satisfaction, it also presents some new security and privacy threats for users. Beyond employers monitoring mobile device usage, tracking and collecting information on behavioral data raises questions as to how much personal information companies should collect on their staff. Aside from the privacy risks, this information also has the potential to be exploited by both the companies collecting it and hackers alike. Some companies like BP and Autodesk have even gone as far as incorporating wearables into corporate wellness programs that lower insurance premiums for employees who are more active.

How wearable technology will truly manifest itself in the workplace is yet to be seen, but the same privacy and safety precautions used for mobile devices should still apply. This phenomenon of wearable Internet-connected devices ties into the larger Internet of Things (IoT) discussion we’ve had previously, and with each new gadget connecting to one another the security stakes are raised a little higher. Like mobile devices, fitness bands can capture information about movement using GPS, which in turn could provide valuable details about daily routines and even current location. It’s the Wild West out there, and the IoT allows devices and data that were once separate from each other to be interconnected—for better or for worse.

As a security-conscious user, it is important to take precautions with all of your technology, whether it’s a Fitbit or smartphone. For mobile devices, always remember to use security software like McAfee® Mobile Security, free for Android and iOS, and know what kind of information is being collected. Wherever wearables end up, understanding the impact of data collection is key to protecting privacy in the office and beyond.

Stay on top of the latest consumer and mobile security threats by following @McAfeeConsumer on Twitter and Like us on Facebook.


The post Workplace Wearables and the Loss of Privacy appeared first on McAfee Blogs.

What is Fake Antivirus Software?

Most of you know how important it is to have security software on your computers to stay protected from viruses, malware, spam and other Internet threats. Unfortunately, cybercriminals also know that it is critical to have security software, and they are using this knowledge to trick us into downloading fake antivirus software that is designed to do harm to your computer.

Fake antivirus software is one of the most persistent threats on the Internet today. It masquerades as legitimate software, but is actually a malicious program that extorts money from you to “fix” your computer. And often, this new “antivirus” program disables your legitimate security software that you already have, making it challenging to remove.

These rogue programs often hook you while you’re browsing the web by displaying a popup window that warns the user that their computer may be infected. Often, the popup includes a link to download security software that offers to solve the problem, or redirects you to a site that sells the fake antivirus software. It is also often also called scareware since the hackers use messages like “You have a virus,” as a way to get you to click on their message.

Because the idea of having an infected machine is alarming to us—it can mean lost data, time, and money—most of us are eager to get rid of any potential problems, and this is what has made the bad guys who make fake antivirus software so successful.

And once you agree to the purchase, the cybercriminals end up with your credit card details and other personal information, and you get nothing but malware in return.

So here’s some steps you can take to protect yourself from the bad guys:

  • Never click on a link in a popup window. If you see a message pop up that says you have a virus or are infected, click the “x” in the corner to close it.
  • If you are concerned that your computer may be infected, run a scan using the legitimate security software you have installed on your device.
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service, which protects all your PCs Macs, tablets, and smartphones from online threats as well as safeguarding your data and identity.

While it is frightening to think that your computer may be infected, don’t fall for fake alerts that could compromise your personal and financial information. Take a minute to run a scan using your trusted security software rather than give more money to the bad guys.


RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The post What is Fake Antivirus Software? appeared first on McAfee Blogs.