Instagram hacking on the rise with need for more followers.

insta

Instagram users have been the target of several new credential stealers, appearing on Google Play as tools for either managing or boosting the number of Instagram followers.

Under the detection name Android/Spy.Inazigram, 13 malicious applications were discovered in the official Google Play store. The apps were phishing for Instagram credentials and sending them to a remote server. Altogether, the malicious apps have been installed by up to 1.5 million users. Upon ESET’s notification, all 13 apps were removed from the store.

All the malicious app seem to be using the same technique in their operation. They operate by harvesting Instagram credentials and sending them to a remote server. Ironically instead of their own boosting, these users accounts end up being used to increase followers for other people.

Graphic2

The question is what happens to stolen credentials? Apart from an opportunity to use compromised accounts for spreading spam and ads, there are also various “business models” in which the most valuable assets are followers, likes and comments.

In our research, we’ve traced the servers to which the credentials are sent off and connected these to websites selling various bundles of Instagram popularity boosters.

The scheme below explains how it works:

ig_credential_stealers_scheme_final-768x801

 

There are several measures you need to put in place to ensure that you are protected.

  • If you’ve downloaded one of these apps, you will find one of its icons under your installed applications. to clean your device, uninstall the above mentioned apps found in your Application manager or use a reliable mobile security solution to remove the threats for you.
  • Change your Instagram password immediately you notice from Instagram about someone attempting to log into your account to secure your account. In case you use the same password across multiple platforms, change these as well as malware authors are known to access other web services using the stolen credentials, you are advised to use a different password on each of your accounts.
  • Also avoid putting sensitive information to these third party apps.
  • Have an up to date antivirus to protect and control the download of third party apps for example ESET that has help in blocking of these malicious apps.

Credits: welivesecurity

 

 

 

PATCH MANAGEMENT SOFTWARE TIPS THAT WOULD SAVE YOUR BUSINESS

     TCCM_3

Selecting the best patch management software for your company

Its every business desire to have the right software in  order to protect its assets and importantly remain compliant. Patch management is an easy concept to understand, and it is the software that automates the process is an easy product to grasp. What’s difficult and requires insight, however, is the process through which a business purchases patch management software.

This article basically gives tips on the buying out process, explaining patch management process and even giving out few vendors that could best assist in addressing  management strategies.

The suitable patch management software for your business should offer many benefits beyond increased productivity and efficiency. It should helps companies remain secure from exploitation by hackers. This, in turn, can cause a great loss of assets.

Regulatory compliance is also another important area that can be secured with patch management tools. This enables businesses to give priority to certain operating systems and software in the patching process

To hence take advantage of the important and protections benefits that the software can offer, having a know how on how procure the right tool is substantial. Assessing the product’s usability, the systems it integrates with and how, and its features are just ways to ensure that the right patch management tool is chosen. Prioritizing a business needs means that a business is then ready to select the best patch management software for them.

TipsIn procuring the best  software, there is need to read and know about the different business use cases where an enterprise would need automated patch management tools, how they alleviate productivity and resource issues and can help mitigate risk. This will help achieve at a decision on the best software to go for.

patchIt’s important to learn on how to evaluate the software tools. These covers a wide range from cost to functionality. ESET Antivirus for example offers the cost of its products while also explaining their functionality to its customers for easier purchase. This helps an organization or company know which software to buy.

Selecting the right software means an organization must match up its patching strategy needs to vendors’ offerings, the systems tools which integrate with and the budget the business has set aside.

The most suitable software for an organization is then a software that closely matches its patch management and its overall strategies and within its budget. Follow this tips and get the best deal for your company.

IMG_20170227_170302

 

 

 

 

 

ONLINE BANKING WITH BYOD SYSTEM

online-banking-trojan-esetPresently, cybersecurity or (insecurity) in Kenya is the single biggest threat to business in terms of the consumption and use of Information Communication Technologies (ICT).

Over the recent months we have seen a rise in cases of cyber-attacks such as ransomware and data leakage, some which have even gone undetected. One such incident that went viral on regional social media circles involved a leading Kenyan bank. A hacker was supposedly able to access through a data systems breach, more than 500,000 customers’ details, including names and phone numbers and which were then plastered on various online platforms.

Unfortunately, innovation has meant that hacking tools are now cheaper and simpler to use in marking out vulnerable targets. Serianu Limited, the publishers of the Kenya Cyber security report, notes that Kenyan companies lost over Sh15 billion in 2015 through Cybercrime. On top of this pile of victim losses sits in the public sector at Sh5 billion followed by the financial services sector at Sh4 billion. Sadly, this scenario is not unique to Kenya, cybercrime has been on a steady rise globally.

Another study by consulting house PwC, notes that the number of cyber security incidents across all industries grew by 38 percent in 2015 and which is the biggest increase in the 12 years since the global study was first published.

No doubt the mobile phone is the universal communication device of choice for many. The Communications Authority of Kenya notes that we have 39 million mobile phone subscribers in Kenya, 22 million who access and are constantly on the internet.

A huge proportion of this fraction estimated at about 95 percent doesn’t have mobile security in place. This could very well mean that the smart phone is the single largest cybersecurity weakness we have today.

index

With the advent of the Bring-Your-Own-Device (BYOD) culture this could be true for both the individual and corporate users. This is a huge vulnerability gap considering that online and mobile transactions have become the most convenient ways of banking in Kenya through USSD short codes and Mobile banking apps.

 

 

Whereas banks may have invested heavily in ICT security systems, most Kenyans remain grossly unaware of the various cyber security threats that exist. Some of these include, key logging, Man-in-the-middle, Phishing and even ransomware attacks.

Attack

So how can you the consumer of online banking services ensure that you are not a vulnerable and easy target for hackers?

Teddy Njoroge, Country Manager for ICT security solutions company, ESET East Africa, says the first step would be for ICT professionals to obtain latest training on the prevalent risks in the market. Consumers, he adds would do much better for themselves by being proactive about their online security by keeping up with common cyber security threat solutions.

“These could be specific to the type of devices or platforms on which you access your online banking services. However, the important thing is to be aware of the potential risks and how to mitigate these in real-time, since it is very possible to detect unwanted intrusions such as phishing and ransomware scams”, says Njoroge.

tipsSafer Online Banking principles

According to Njoroge, some key principles of safer online banking and payments to consider include using trust worthy devices and internet connections, while keeping the operating systems and software up-to-date. Not every internet connection such as public WI-Fi at the coffee shop or a random network at any office is secure to be used for online banking or making payments. It is advisable instead to use a virtual private network (VPN) to keep your communications encrypted (unreadable) to anyone who may try to intercept them.

“Whenever you connect to your online account, use your own computer, tablet or Smartphone as it is more likely to notice if any suspicious activity is going. Avoid using a borrowed or public device that might put your data, account or savings at risk”, says Njoroge.

But having a strong password is perhaps the first step in proactively securing your device and online banking access. One easy technique in developing a strong but simple password regime is ‘pass phrasing’ which simply means using a sequence of words or other text to control access to a computer system, program or data. However, it is doubly important never to reuse your password e.g. for your bank, social media and other accounts which can mean a total hack into each account in case it leaks from any one of them. To manage these, one can use a password manager that will store all of them and allow you to remember just one master password.

ESET Smart Security PremiumSimilarly, to enjoy the internet and maximize protection while connecting to an online banking account, one should install a trusted security solution on their devices. This will preferably be a reliable, multilayered and updated security solution. For example, ESET Smart Security offers protection from multiple types of malware as well as malicious tricks that might be disguised as harmless emails or websites. Cyber criminals will try anything to access your sensitive data. They will pretend to be your banker, pose as an innocuous notification in your email, or ask you to change the password via a link added to that email you just received. If you get any message asking you to change your banking credentials or click on a link, contact your bank and verify this immediately.

“If your bank offers two factor authentication (2FA) for your online account, use it. This way the bank can double check if it is you connecting or making a transaction by using something only you have – such as your personal Smartphone”, advises Njoroge.

For those who check their online banking account less frequently, it is advisable to set up alerts and notifications to your phone. Having information about all the current transactions makes it easier to recognize any suspicious activity. When not using your online banking platform, ensure to log out every time to avoid ‘man in the middle’ type of attacks.

IMG_20170227_170302