Research from McAfee has revealed that mobile malware has grown by 79 per cent in the past four quarters. Additionally, cyber-security threats today are so serve that Lloyd’s of London has predicted that global cyber-attacks could cost £40 billion. For Ross Tuffee, CEO of DOGFI.SH Mobile, if developers neglect to enforce strict security measures, malicious hackers are presented with an easy entry point that they can abuse.

He explains: “Cyber criminals are constantly finding new ways to compromise the digital world and the potential threats are continuing to grow. There are many different cyber-attacks on applications, these include impossible to remove malware whereby an attacker gains control for the sole purpose of displaying ads on your phone – they actually get legitimate revenue from your compromised device – as well as man-in-the-app attacks capable of monitoring email communications from an external server.

“To combat these threats, the need for the utmost security cannot be underestimated and a twofold approach to security is necessary. Firstly, responsible user behaviour must be encouraged. Secondly, introducing adequate security into the software’s design helps to ensure the business logic is robust, while carrying out penetration testing catches any technical problems before they hit the public domain. Building a solution that works effectively is obviously of paramount importance, but it must also be noted that app development is a high-pressure process, with developers often challenged to produce or update apps to very tight timescales.

“Despite the obstacles, it’s crucial that developers dedicate enough time towards implementing an industry standard, tried and tested security solution. But the buck cannot fall on just them; IT leaders, along with the wider organisation, must all work together and extend their security remit to ensure that the apps and data held on a device are just as safe from malware and other threats as the data hosted on their servers,” concludes Tuffee.

The post Businesses must be savvy to mobile security threats as app adoption spikes appeared first on IT Security Guru.

• Only download apps or updates from a trustworthy source – in the case of an Adobe Flash Player update, the only safe place to get it from is the official Adobe website. Always check the URL address in your browser.
• Pay attention to what permissions and rights your apps request.
• Use a reputable mobile security solution.

The post New Android Downloader Masquerading as Flash Player Update appeared first on IT Security Guru.

That’s the view of Geoff Green, president and chief executive officer of Myntex Inc. Green says: “The rapid adoption of digital technology and the scale of cybercrime globally represent significant challenges not only to law enforcement agencies but to each and every one of us that increasingly relies on IT and especially mobile communications to live and do business. Each year, about 556 million people fall victim to online fraud. More than 230 million identities are exposed and victims lose around €290 billion as a result of online criminality, making cybercrime more profitable than the global trade in cocaine, heroin and marijuana combined.

“For years, one of the most effective weapons in the battle against cybercriminals has been the Blackberry. Widely regarded as the most secure smartphone on the market and the mainstay of encrypted communications for governments and large corporates, sales of the devices have declined dramatically over the last few years but last month’s announcements by chief executive John Chen have given those of us at the forefront of this battle renewed hope.”

In July, Chen launched Blackberry’s first touchscreen-only Android handset, in a bid to diversify its range of devices and turn round performance of the firm’s hardware division. The Dtek50 smartphone offers improved security over rival Android devices – incorporating unique internal hardware, with chips protected by cryptographic keys to prevent tampering and thwart hackers – and will cost less than the firm’s previous handset. He also promised more to come with a further new phone to be unveiled before March 2017.

Earlier in July, Chen had revealed that although quarterly Blackberry sales were only around the 500,000 mark, claims that he is presiding over a dying company were well wide of the mark.

Fundamentally its security-focused software business is good and, financially, the quarterly results were up 21 per cent when compared to the same period last year.

“And that’s good”, says Green, adding: “because business owners and individuals everywhere are going to have to think more and more closely about how important privacy is to them and how they are going to ensure their digital privacy is maintained going forward as the frequency and sophistication of cybercrime increases.”

The scale of cybercrime in Europe is particularly worrying. Its residents and businesses provide attractive targets because, compared to a lot of the world, the Internet infrastructure is advanced and economies and payment systems are increasingly Internet-based. In July, in the UK, the Office for National Statistics revealed that almost six million cybercrimes were committed last year. That’s as much as every other type of crime committed in England and Wales combined. 

Again in the UK, research shows that 74 per cent of small businesses suffered some form of data breach in 2015 and that the average financial impact on a business doubled between 2014 and 2015. And, across the wider European continent, individual nations reported an average increase of 30 per cent in the number of cybercrime cases being reported, which many believe poses a significant threat to the internal market, economy and security of the European Union.

Green continues: “European firms, in particular, lag behind when it comes to implementing the highest cyber security standards. We see an alarming level of complacency, especially among smaller businesses, who falsely believe that cybercrime is an issue only larger corporations have to deal with. But the issue of cybersecurity for small businesses is made even more pressing by proposed new European regulations aimed at protecting customer data.”   

The EU’s new General Data Protection Regulation will come into force in 2018 and could result in companies being fined up to €20m or 4% of their annual turnover, whichever is greater, for allowing any security breaches to compromise customer data. We’ve all seen the headlines involving hackers or coordinated groups of activists leaking or stealing customers’ personal details or other sensitive corporate information, not only causing financial losses but huge reputational damage for the businesses involved.

According to Green: “Smaller businesses face a disproportionate risk when it comes to falling prey to cybercriminals. Many are so focused on conducting or growing their business day to day, they have neither the time nor the dedicated in-house expertise to concentrate on the issue.” 

“Add to that the increasing adoption of smartphones and tablets, mobile and cloud computing, the flexibility now given to many workforces to work remotely – often using public wifi zones – and the fact that small businesses are often attacked because they provide a less challenging gateway into bigger firms’ systems elsewhere along the supply chain and the scale of the problem is clear.”

So instead of continually playing catch up with the latest hardware and software trends or newest threats and fixes, what can business owners do to get on the front foot when it comes to choosing, managing and updating the best technology and associated security systems for their operation?

“For a start, they should stop thinking that size has anything to do with the likelihood of an attack,” asserts Green. “It’s not always about size or money, rather it’s often about what industry you are in, what you do, who you are connected to and what data you hold as well as cyber espionage.

“In business, the first step in bolstering your cyber resilience has to be a proper audit so that you know where your potential vulnerabilities lie – what sensitive information do you use, for what tasks? Who has access to it; where is it stored and what are your procedures for remote working and password protection? You need to assess what would be compromised if your data is stolen, paying particular attention to high value items like contract terms, financial and tax records, personnel and customer records. Having nothing to hide is not the same as having nothing to lose.

“People are wising up to increasingly professional looking phishing scams where pop ups on websites or emails in inboxes ask for sensitive information that criminals can use for financial gain, identity theft or the introduction of malware and malicious lines of code. But how many people consider the impact of their everyday online communications with people being intercepted? 

“Many smaller businesses are starting to appreciate the potential severity of cyber-attacks turning to proper password management, secure payment processing systems, automatic back-ups, antivirus packages and off the shelf security software for help. But encryption, a particularly powerful tool in the fight against cybercrime, where Blackberry may have a renewed role to play, is yet to generate as much momentum as you might have thought.   

Green continues: “Myntex implements PGP for BlackBerry according to the highest cryptographic standards using the most advanced mathematical processes available. As computing power increases, the algorithms for PGP’s key strength are increased to match so that your PGP solution remains secure well into the future. Since its invention in 1991, a tried and tested protocol for encrypting and authenticating data, PGP has become the de facto standard in email encryption and the mainstay of encryption technology for BlackBerrys.

“It works independently of other security software loaded onto or built into your smartphone and allows you to send email messages that only the intended recipient can read. Users can also authenticate their identity when sending secure messages, so the recipient can guarantee the message wasn’t sent by an imposter. 

“Standard email is a very insecure means of sending information. And wireless communication on a mobile device is even less secure. Messages aren’t difficult to intercept and aren’t encrypted by default. They’re sent as plain, readable text, and any third party determined enough to intercept them can read the message, clone the account, download the attached file or view the embedded photographs without the sender or recipient ever knowing. Postal mail is sent in envelopes, to protect it from prying eyes and prevent anyone from reading the content.  Essentially, our PGP solution, although infinitely more complex, serves exactly the same purpose as the envelope.

“Of course, it can’t prevent the most determined and expert of cybercriminals from intercepting an email message, but since messages are encrypted it can render the content unreadable and useless. Even for Myntex – there are no backdoors!”

Several popular online applications already utilise encryption for email messages, video-telephony and instant messaging, with WhatsApp recently announcing a major security upgrade to its network. Developers at major technology brands such as Facebook, Snapchat, Twitter and Google are all believed to be working on new encrypted email and instant messaging projects too.            

Green concludes: “We all communicate banking details, project updates, medical information, travel plans, tax codes, even gossip through emails, texts, instant messages and phone calls every day but few of us consider what would be compromised if that data was stolen, altered, diverted or exposed. With cybercrime now more profitable than the global trade in cocaine, heroin and marijuana combined, and more and more criminals exploiting the vulnerabilities of digital communications to commit a range of crimes, encrypted communications must play an increasingly important role in all of our lives in future. And that could well signal a renaissance for the trusted Blackberry brand.”

The post Growth In Cybercrime And Uptake Of Encryption Services May Save Blackberry appeared first on IT Security Guru.

Google’s recently published Android Security 2015 Annual Report has revealed that, despite steps to introduce patches to combat issues such as last year’s Stagefright bugs, 29 per cent of the unique Android models available to the public are not supported to receive these regular updates. This tardiness on the part of many handset vendors is leaving millions of users at risk of cybercrime, and shows that it is time for app developers to take security matters into their own hands.

Tom Lysemose Hansen, founder and CTO at Promon, commented: “Google has upped its game and is doing its part to address the glaring vulnerabilities that bugs such as Stagefright exposed. But once these patches are produced, it’s then up to individual handset vendors to make sure the updates are customised for each device and then rolled out to users. Google’s own Nexus devices now receive these updates, but adoption amongst other vendors has been – for want of a better phrase – patchy.”

In addition, Symantec’s 2016 Internet Security Threat Report has shown a 77 per cent year-on-year growth in the number of new Android mobile malware variants. This indicates that Android-focused hackers have established themselves as a serious threat, and are now concentrating on refining their craft.

Hansen added: “The Android threat landscape is a rapidly evolving one, and hackers are much savvier now than they once were. As a result, delaying in making regular patches available can have serious consequences in terms of increased data theft and fraud. This can cause significant damage to the reputations of handset vendors and, by association, app providers.”

To address these issues, Hansen believes that app providers should take matters into their own hands, by taking steps to protect their own apps.

Hansen said: “Google’s report has shown that it’s very difficult to rely on handset providers to make security patches available swiftly and efficiently. By introducing self-defending app software, providers can take charge of their customers’ data security by protecting their apps from any threats that may have found their way onto a user’s device. 

“What app developers need to realise is that they represent a crucial cog in the Android cybersecurity machine. With handset developers representing an unreliable and inefficient medium through which data can be secured, it’s time for the app makers themselves to step up. Hackers are refining their craft; it’s now up to the app providers to refine theirs.”

The post Holes in Android patching implementation mean app providers need to take charge of security appeared first on IT Security Guru.

The post Triada: a Mobile Trojan Invading Android Brains appeared first on IT Security Guru.

• 36% of UK consumers use personal finance/banking apps
• 52% of people in the UK would be most upset about having their financial information compromised, compared to just 2% who are worried about connected home appliances
  • This means that nearly half of UK consumers don’t seem to care about their personal banking information being hacked, or they are less concerned about financial hacks than other information being compromised.
• However, for nearly 10% of UK smartphone users there is not a single thing a hacker could take from their phone that would upset them
  • This includes text and voice messages, pictures and videos, even health and location tracker data

Kevin Haley, Director of Security Response, Norton said: “Consumers see smartphones as devices they talk to friends with and check on social media. They use it to easily manage their money. They don’t think anything bad could happen on a smartphone. The point is not to panic, nor is it to stop using these devices. Mobile apps and IoT devices aren’t going away. We want the people who are not concerned about hacking to understand the risk.”
Further details about the research and top tips on how consumer can stay safe online could be found here:  http://uk.norton.com/norton-blog/2016/02/mobile_apps_and_iot.html

The post 10% of UK smartphone users say not a single thing a hacker could take from their phone would upset them appeared first on IT Security Guru.

• After the US, China is the number one destination for data from malicious applications.
• Dangerous mobile apps from rogue marketplaces affect two out of five enterprises. Proofpoint researchers identified rogue app stores from which users could download malicious apps onto iOS devices – even those not “jailbroken,” or configured to run apps not offered through Apple’s iTunes store. Lured in by “free” clones of popular games and banned apps, users who download apps from rogue marketplaces – and bypass multiple security warnings in the process – are four times more likely to download an app that is malicious. These apps will steal personal information, passwords or data. 40% of large enterprises sampled by Proofpoint TAP Mobile Defense researchers had malicious apps from DarkSideLoader marketplaces – that is, rogue app stores – on them.
• The fourth quarter of 2015 saw a surge of “riskware.” These are mobile apps that aren’t necessarily malicious but transmit sensitive data to servers that may be compromised or that reside in foreign countries.  Malicious mobile apps alone communicate data to 57 countries, and 19% of these apps send data to China.
• People willingly downloaded more than 2 billion mobile apps that steal their personal data. Attackers used social media threats and mobile apps, not just email, to trick users into infecting their own systems. Proofpoint analysis of authorized Android app stores discovered more than 12,000 malicious mobile apps – apps capable of stealing information, creating backdoors, and other functions – accounting for more than 2 billion downloads.

Commenting on the findings from the study, Mark James, security specialist at ESET, said: “Most people still do not perceive the mobile phone or tablet as very real threat vector, it’s still seen as just a phone and not a very powerful computer which is also capable of making calls. The worrying trend is peoples lack of understanding of what’s actually stored on a phone, in most cases the data on a mobile phone can reveal a lot more about what you do on a day-to-day basis than your computer can, users will save information in contacts, notes, photos and videos that they may not even consider saving on a desktop computer.”
In addition to this, the study also highlighted the fact that 2015 was the year machine exploits were overtaken by human exploitation. Essentially, rather than opting to purchase expense technical exploits they sent emails with malicious attachments and relied on humans to carry out their dirty work.

The post Android Users Happily Downloaded Over Two Billion Malicious Apps in 2015 appeared first on IT Security Guru.

The post MWR InfoSecurity Suggests 2016 will be Dramatically Impacted by Smart Technology appeared first on IT Security Guru.

• Each app is exposed to an average of 9 different vulnerabilities, 38% of which are critical or high severity
• 40% of detected vulnerabilities in iOS applications were found to be critical or high severity compared to only 36% on Android
• 50% of vulnerabilities are either personal/sensitive information leakage or  authentication and authorization faults

AppSec Labs founder Erez Metula said: “When we undertake penetration testing for our customers, we’re often asked to test both the Android and iOS versions of the same app. We realized that since iOS developers wrongly assume that iOS is “more secure”, they let themselves take poor security decisions that open up vulnerabilities in their app.”
The full report and its key findings can be found here.

The post Mobile App Security Report: Think iOS Is Safer than Android? Think Again. appeared first on IT Security Guru.

• Passwords — Avast Passwords automatically generates extremely strong passwords that users don’t have to remember — users set and remember only one main password to access all their passwords, synchronize passwords across devices, check the security of a user’s password and delete all passwords stored in a user’s browser. Avast Passwords alerts users if their credentials are stolen in a data breach. Avast Passwords is a multi-platform solution – users can sync their passwords across devices, including iOS and Android devices, by connecting their devices through their Avast Account.
• SafeZone Browser — Isolates all banking and payment sites in a protected space in Pay Mode, while also automatically opening suspicious sites into an isolated, virtual environment.

“While people are rightfully concerned about privacy, there is a disconnect between that concern and the steps they take to protect themselves,” said Vince Steckler, chief executive officer of Avast. “Users have a multitude of devices and passwords to keep track of, which can be overwhelming. When users feel overwhelmed, they tend to default to unsafe practices that put their privacy at risk.” 
The completely redesigned, and free, Avast Mobile Security for Android includes:

• Leading Mobile Malware Protection — Avast Mobile Security provides users with the most advanced mobile malware protections available, now even faster with Avast’s leading cloud scanning engine.
• Privacy Advisor – Informs the user about data apps have access to and ad networks included in apps.
• Wi-Fi Security – Notifies the user when connecting to an unsecure router.
• Unlimited App Locking — Users can password protect any and all apps on a device, providing another line of defence against prying eyes. 

Avast SecureMe is a brand-new privacy app for iPhone and iPad users:

• Wi-Fi Security – Same feature as in Avast Mobile Security. Users will be notified when connecting to an unsecure router.
• VPN – Avast SecureMe establishes a secure connection when the user is connecting to open Wi-Fi. 

Avast 2016 for PC and Mac is now available for download at www.avast.com. Avast 2016’s Avast Passwords feature is now available for PC, Android and iOS, and will soon be available for Mac. The new Avast Mobile Security app can be found in the Google Play Store. Avast SecureMe will soon be available on the Apple App Store.

The post Avast releases new mobile and PC solutions to protect privacy appeared first on IT Security Guru.