Showing posts with label internet security. Show all posts
Showing posts with label internet security. Show all posts

Wednesday, 13 April 2016

The Ransomware That Knows Where You Live


Ransomware - Scam Email Quoting People’s Postal Addresses -

As per security researcher, an extensively distributed scam email quoting people’s postal addresses tends to link to a dangerous kind of ransomware. After getting to know of an episode of BBC Radio 4’s You and Yours that discuss about the phishing scam, Andrew Brandt, of US firm Blue Coat had got in touch with BBC. He found that the emails seemed to be linked to ransomware known as Maktub.

The malware tends to encrypt the files of the victims, demanding a ransom to be paid before they can be unlocked. The recipients were told by the phishing emails that they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking a link. However, according to Mr Brandt that leads to malware. One of the said emails had been received by You and Yours reporter, Shari Vahl. Mr Brandt had informed BBC that `it was incredibly fast and by the time the warning message had appeared on the screen, it had already encrypted everything of value on the hard drive, it happened in seconds’. Maktub does not only demand a ransom but it tends to increase the fee which needs to be paid in bitcoin, as time passes.

Addresses Highly Precise

One of the website connected with the malware had explained that during the first three days, the fee is at 1.4 bitcoins or around $580 and rises to 1.9 bitcoins or $799 after the third day. The recipients are told by the phishing emails that they owe money to British business and charities when they do not owe them anything. One of the organisations named was Koestler Trust, a charity that tends to help ex-offenders and prisoners produce artwork.

Chief executive Sally Taylor told You and Yours that they rely on generous members of the public and was very distressed when they discovered that people felt they had received emails from them asking for money when they had not been generated by them at all. A remarkable feature of the scam was that they included not only the victim’s name but the postal address as well. Several of them including the BBC staff had noticed that the addresses were generally highly precise.

Data Derived from Leaked/Stolen Databases

As per cybersecurity expert at the University of London, Dr Steven Murdoch, it is yet not clear how scammers were able to gather people’s addresses and link them to names and emails. The data could have been derived from a number of leaked or stolen databases for instance making it difficult in tracking down the source.

Many of the people had got in touch with You and Yours team to inform that they were concerned that the data could have been taken from their eBay account since their postal addresses had been stored in the same format there as they seemed to appear in the phishing emails.

The firm had mentioned in a statement that eBay tends to work aggressively in protecting customer data and privacy which is their highest priority and they are not aware of any link between this new phishing scam and the data of eBay. In an effort of creating the safest, environment possible for their customers, they tend to constantly update their approach to customer data security.

Thursday, 24 March 2016

Why the Government can’t Actually Stop Terrorists from Using Encryption


Encrypted devices at the hand of the governmental agencies seem like a bliss but same is made available for the common public or more importantly lands in the hands of terrorists then world appears to be in danger. U.S. government is currently failing to gain an upper hand in the fight to compel the tech giant Apple and others to give access to their encrypted devices. But having to these encrypted devices and technologies will not be enough to marginalize the wide availability of same technologies to the terrorists and criminal minded individuals.

How the encrypted service or devices turns to be out-of-reach of U.S. government

Most of the encrypted products and services are made by the developers who are from all parts of globe. In simple words most of the encryption projects happens to be open source in nature which brings an amalgamation of great developers from across the globe and it puts them out of government’s reach as well.

An example will help in understanding the limitation of governmental agencies in going after the encrypted services and products. There is a popular instant messaging service based in Germany called Telegram and it offers one of kind encrypted chat functionality. Another encrypted services provider which helps in encrypted voice call and test messages is called Silent Phone which is based in Switzerland. They are simply out of reach of the U.S. government but are easily available for the public and criminal minded individuals alike.

Open source projects are simply driving the ushering of encrypted technologies reach

A research conducted by the Open Technology Institute has revealed that there are about 16 different applications for encrypted communications are being developed outside of US mainly through the open source projects.

U.S. government hands are simply tied as it can’t stop the developers from developed such application outside its borders. However it is enraging a battle against the domestic companies which offers encryption services to its consumers.

Even more number of common users has started making use of strong means and forms of encryption technologies than before for their own reasons. This has made it necessary for the tech companies to bring such encrypted features in their own applications as default in order to reign in consumers from adopting other applications. iPhone has already brought the features of setting up the password by default in order to encrypt the information stored on the device. On other hand Facebook owned Whatsapp is thinking aggressively about bring an encrypted texts and messages features on its instant messaging platform.

U.S. government has finally understood that with continuous availability and emergence of new mode of encrypted communication applications it is not feasible to reign in the availability to the users. But as it is working on other front of reducing the amount of information which is likely to get encrypted by bringing in default encryption features in the popular applications and devices. In other words U.S. battle against encryption is not going to stop the common users and terrorist alike from using the encryption technologies in future.

Tuesday, 22 March 2016

Chinese Hackers Behind U.S. Ransomware Attacks Security Firms


A group of four security firm investigating the cyber attacks on the U.S. based companies has found that most of the hackers make use of the same tactics and tools which were once associated with the Chinese government supported cyber attacks. Ransomware has become a major tool for unleashing the cyber attacks on the unsuspecting common users. Ransomware as the name suggests simply take over the control of the system and very carefully encrypts all the data stored on the system which leaves it inaccessible to the users. In order to get back the access users are required to a ransom of few Bitcoins.

Hackers tricks users into installing Ransomware

Security firms have stated that hackers use various complex and highly intelligent ways to spread ransomware by actively exploiting the vulnerabilities found in the application servers. Once vulnerability has been compromised hackers tricks users into installing ransomware on their devices. In one of the recent attacks more than 30% of the machines at transportation and a technology firm were infected with the ransomware.

The rise of ransomware over the years

Ransomeware aren’t something new as it has been in wide usage by the cyber criminals over a decade. In the beginning unsuspecting users were lured into downloading infected programs or antivirus suits which when installed happens to overtake the device and requires a ransom of certain amount in order to get back the access.

However in the recent years cyber criminals has got hand at the better encryption techniques which ensures that users wouldn’t be able to get access to their files without paying the ransom. Formatting the devices is a great way to do away with the ransomware but it comes at the cost of losing all the data associated with device. Ransomware payments are mainly made in the virtual currency Bitcoin which offers secrecy from governmental agencies and others.

‘Mind’ game behind ransom

Ransomware happens to be one of the most successful tools of the cyber criminals as a greater percentage of infected users end up in paying the modest ransom amount for their inaccessible data. Cyber criminals usually set a modest price as a ransom in order to give back the access to the users. Most of the victims are willing to pay this amount in order to get back their data and it also results in getting positive response in the online sphere. Assume a victim pays about 1 or 2 Bitcoin which amounts to $600 and he gets back the access to its data and he give a feedback on the online forums that he was relieved to get access to data finally after paying then ransom operators. In short all the other victims searching for this malady online will be more willing to pay on basis of this feedback.

On other hand security firms have warned victims that paying ransom will only end up in making cyber criminals much more ambitious. Very soon they will shift from asking ransoms of few Bitcoins to performing some complicated scams and credit card theft as well.

Tuesday, 16 February 2016

Hack' on DoJ and DHS downplayed


Data Breach – DoJ/DHS

The US authorities had approved a data breach disturbing the Department of Justice, DoJ as well as the Department of Homeland Security – DHS, though restrained its severity. As per technology news site, Motherboard, the hacker has stated that they would soon share personal information of around 20,000 DoJ employees comprising of staff at the FBI.

It was informed by the news site that it had verified small parts of the breach, but had also observed that some of the details listed seemed to be improper or probably out-dated. The Department of Justice too restrained the significance of the breach. DoJ spokesman, Peter Carr had informed Guardian that `the department has been looking into the unauthorized access of a system which was operated by one of its components comprising of employee contact information and this unauthorized access is under investigation.

However, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department has taken this very seriously and is continuing to arrange protection as well as defensive measure in safeguarding information. Any activity which is determined to be criminal in nature would be referred to law enforcement for investigation’

Hacked Data Posted on Encrypted Website

Hacked data which had been anonymously posted on encrypted website and reviewed by the Guardian comprise of a DHS personnel directory and the information listed included phone numbers together with email addresses. These were for individuals who have not worked for DHS for years. Besides this, some of the listings also had out-dated titles.

The encrypted DHS directory had appeared online prior to 7 pm EDT on Sunday and the password seemed to be `lol’. A source demanding responsibility had informed Motherboard who had revealed the story of the hack, that they had compromised the employee account of DHS and had then used the information from it to convince an FBI phone operator to provide access to the computer system of DoJ.

 The hackers had promised to release the information from the DoJ on Monday. At 4 pm EDT, an identical list had been posted on the same site with a DoJ staff directory which had also appeared to be out-dated. In order to assess the hack, during a government wide-meeting, an official compared it to stealing a years old AT&T phone book after the telecom had digitized most of its data already.

Disruption Regularly in Government Data Security

However, experienced officials state that it should be less simple in obtaining access token by imitating an official from a different department over the phone to a help desk.Things tend to be disrupted regularly in government data security and the OPM hack, exposed in June, revealed the deeply researched security clearance of 21.5m present and former government employees together with contractors from phone numbers to fingerprints.

 But the DHS breach seems to be far less severe and it is especially embarrassing considering that the department has been selected the point of entry for all corporate data shared with government agencies in the debated information sharing program between government and industry developed last year, by the Cybersecurity Information Sharing Act. The program wherein private companies tend to share user information with the government in exchange for immunity from regulation had not been accepted from its start at the DHS, which is left holding the bag in the incident of a breach.

Alejandro Mayorkas, DHS deputy secretary cited troubling provision from the bill to Senator Al Franken in a letter sent in July, wrote that `the authorization to share cyber threat indicators and defensive measures with any other entity or the Federal Government, notwithstanding any other provision of law, could sweep away important privacy protection’

Tuesday, 29 December 2015

Java Plugin Malware Alert to be issued by Oracle

Oracle is widely known for being behind the popular programming language called Java. Java is used for variety of purposes by the developer from making apps, games to even other robust programs. Oracle has issued an advisory where it has warned millions of Java users could get exposed to a malware threat which results due to the flaw in the software update tool. This particular plug-in is installed on a large number of PCS’s which allows them to run small programs written in the Java language.

Oracle has issued an alert for this malware threat on the social media as well as on its official website. US’s Federal Trade Commission is currently investigating the Oracle for any wrongdoing which isn’t a good time for the malware to emerge.

The threat of the Malware target

The reason for launching an investigation on Oracle can be summarized from the FTC’s complaint which states that Oracle was aware of number of security issues in the Java SE (standard edition) plug-in when it bought Java technology from its creator Sun in 2010. FTC has highlighted the flaws in the security system of the Java will can easily allow hackers to craft malware providing access to consumer’s usernames and passwords for the financial accounts. Apart from this malware can even be designed to feed of other vital and sensitive information which results in the attack on the user’s privacy. FTC has alleged that Oracle has been fooling its customers by asking them to install its updates which would ensure that their PC’s remain safe and secure. But Oracle had the firm knowledge that the Java has existing security issues.

Reasons for security issues in Java

The presence of security issues in the Java language is mainly attributed to Sun as it didn’t deleted the original update process in the earlier versions of the software before passing it on to Oracle. FTC states that it offers a great way for the hackers to exploit and launch their attacks on the PCs running Java.

Oracle has tried to address this issue but its update tools were only able remove the issues in latest version of Java but it left the earlier editions behind. Oracle only managed to rectify the problem in August 2014. In the current investigation being carried out by the FTC Oracle is not liable to plead ignorance as internal documents dating 2011 has stated that Java update mechanism is not aggressive enough or simply not working.

Trouble days for Java

Java is currently used to power a wide number of web browser base games, hat tools, and calculator and performs some other essential functions. Java also happens to be one of the top three applications which are targeted by the criminals. Most of the people don’t even know that it comes pre-installed on a large number of machines. FTC is recommending the business to stop using the java application or to remove them from their systems in order to remain safe secure from cyber threats. FTC is basically corned about the update procedures which are followed by the Oracle and it will not simply settle the problem by imposing a financial penalty.

Wednesday, 14 October 2015

Crippling Linux Botnet Strikes Gaming, Education Sites

Botnet Plundering Linux Computers – Attack Powerful

The IT world has recently revealed that a botnet has been plundering the Linux computers and the attacks seem to be quite powerful. Several of the targets seem to be in Asia and the security experts are making efforts in tracking them and the botnet appears to be of Asian origin.

A network of Linux computers seems to be flooding gaming as well as education sites with about 150 gigabits per second of malicious traffic, according to Dan Goodin of Ars Technica, which in some cases is adequate to knock the targets offline.

This is a DDoS – distributed denial-of-service network and the discoveries are from Akamai Technologies. The Security Intelligence Response Team – SIRT, at Akamai reflected the botnet XOR DDoS as `High Risk’ in an advisory posted recently.

 It is said that the XOR DDoS botnet had developed and now has the potential of mega DDoS attacks at 150 plus Gbps and are utilising a Trojan malware in hijacking the Linus system. The first access was obtained by brute force attacks in order to discover the password to Secure Shell services on a Linux machine. When the Login has been attained, the attackers used root privileges in order to run a Bash shell script, thereby downloading and executing the nasty binary

SIRT Tracking XOR DDoS – Trojan Malware

Akamai’s Security Intelligence Response Team has been tracking XOR DDoS, which is a Trojan malware that DDoS attackers seemed to have used in hijacking Linux machines in building a botnet for distributed denial of service attack campaigns with DNS and SYN floods.

Some of the key points observed by Akamai were that the gaming sector had been the main target, which was followed by educational institutions. The botnet seemed to attack around 20 targets each day, 90% of which were from Asia.

The malware tends to spread through Secure Shell – SSH services vulnerable to brute force attacks owing to weak passwords. This could turn from bad to worse. The team at Akamai expect the XOR DDoS activity would continue since attackers refine and improve their methods, inclusive of a more diverse selection of DDoS types of attack.

Advisory Describing DDoS Mitigation/Malware Removal Information Available

As per the Akamai team, the IP address of the bot seems at times hoaxed though not always. The botnet attacks noticed that in the DDoS campaigns against Akamai consumers were a mixture of hoaxed and non-hoaxed attack traffic. According to Lucian Constantin of IDC News Service recently stated that this power to generate crippling attacks at more than 150 Gbps represent several time greater than a usual company’s organization could endure.

 In the meanwhile an advisory describing this threat inclusive of DDoS mitigation payload analysis as well as malware removal information is made available for download from Akamai. Eliminating the XOR DDoS malware seems to have a four step procedure wherein most of the scripts are provided in the advisory.

Senior vice president and general manager of Akamai, Stuart Scholly has said that XOR DDoS is an example of attackers switching focus and developing botnets utilising compromised Linux systems to launch DDoS outbreaks. This occurs more frequently now than earlier, when Windows machines were the main targets for DDoS malware.

Thursday, 8 October 2015

Global Nuclear facilities 'At Risk' of Cyber-Attack


Cyber-Attacks on Nuclear Power Plants on the Rise

According to a report, the danger of serious cyber-attack on nuclear power plants across the globe is on the rise. It has stated that civil nuclear infrastructure in several nations are not well equipped to defend against such outbreak.

 The report had mentioned that most of the control systems for the organization were insecure by design due to their age. Circulated by the influential Chatham House committee, the report considered cyber defences in power plants across the world over an 18 month period. It stated that cyber criminals, state sponsored hackers as well as terrorists were increasing their online activity which would mean that the risk of a significant net based attack would prevail.

 This kind of attack on nuclear plant though on small scale or unlikely, should be taken seriously due to the harm which would follow if radiation was released. Besides, it is said that even a small scale cyber security instance at a nuclear facility would lead to a disproportionate effect on public opinion as well as the future of the civil nuclear industry.

Research, unfortunately carried out for the study indicated that the UK’s nuclear plants and the related organization did not seem to be adequately protected or prepared due to the industry being converted to digital systems recently.

Increase in Digitisation/Growing Reliance on Commercial Software

Increase in digitisation and growing reliance on commercial software is giving rise to the risk that the nuclear industry tends to face. There seems to be a `pervading myth’ that computer systems in power plants were isolated from the internet due to which, they were immune to the type of cyber-attacks which has evaded other industries.This air gap between the public Internets and nuclear system seems easy to breach with `nothing more than a flash drive’.

It observed that the destructive Stuxnet computer virus infected Iran’s nuclear facilities through this route. The researcher also came across virtual networks together with other links to the public internet on nuclear structure networks.

Some of these seemed to be unknown or forgotten, by those in charge of these organisations. Search engines which had hunted out critical structures had indexed these links making it easy for attackers to locate ways in to networks as well as control systems

Security with Cyber Security – Priority for Power Station Operators

According to chief executive of the Nuclear Industry Association, Keith Parker, he states that `security inclusive of cyber security is an absolute priority for power station operators. All of Britain’s power stations are designed with safety in mind and are stress tested to withstand a huge range of potential incidents. Power station operators tend to work closely with national agencies like the Centre for the Protection of National Infrastructure and other intelligence agencies, to be aware of emerging threats always’.

He added that the industry’s regulator continuously monitors plant safety to protect it from any outside threats.The first international conference with regards to cyber threats facing plants and manufacturing facilities was held in June this year by the International Atomic Energy Agency.

 Yukiya Amano, director of the IAEA had informed during the conference, that both random as well as targeted attacks were directed at nuclear plants. In a keynote address to the conference he commented that `staff responsible for nuclear security needs to know how to repel cyber-attacks and to limit the damage should the system be penetrated.

Wednesday, 23 September 2015

Poker Players Targeted By Card-Watching Malware


Malware Target Popular Online Poker Sites

Malware researchers at security firm ESET have come across a new Trojan which has been designed to cheat online poker by a sneak quick look at the cards of infected opponents. According to ESET’s security researcher, Robert Lipovsky, the malware is said to target PokerStars and Full Tilt which are two of the most popular online poker sites.

He has mentioned in his recent blog post that the attackers operate in a simple manner and after the victim has been affected successfully with the Trojan, the culprit then attempt to join the table where the victim tends to be playing with an unfair advantage by getting to know about the cards in their hands.

Malware, Win32/Spy.Odlanor, covers up as a benevolent installer for several general purpose programs like Daemon Tools or mTorrent. Lipovsky has mentioned that people tend to get infected while downloading some other useful application from some unofficial source.

In some instances, it tends to get loaded on to the user’s systems through several poker related programs which comprises of poker player databases as well as poker calculators like Tournament Shark, Smart Buddy, Poker Calculator Pro, Poker Office and much more.

Prowls in Software Created For Better Performance

The tricky malware has been discovered prowling in software created to support poker fans with better performance according to a security firm which discovered it. The software is also said to target other valuable information on a user’s computer like login names as well as passwords.

When a system is infected, the software observes the activity of the PC and operates when a victim has logged in to any of the two poker sites. Thereafter it begins taking screenshots of their activity and the cards they tend to deal with and send the screenshots to the culprits.

Lipovsky mentioned that later on the screenshots can be retrieved by the cheating culprits which reveal not only the hands of the infected opponent but the player ID as well.This according to ESET enables the criminals to search the sites for that play and join in their game. Both the targeted poker sites permit searching for players by their player ID and so the culprit can connect with ease at the table on which they tend to be playing.

Largest Detection of Spywares – Eastern European Countries

With the information gathered with regards to the victim’s hand, it provides significant advantage to the criminal. Lipovsky writes that he is not sure if the attacker tends to play the games manually or in some automated way.ESET have discovered that the Windows malware seem to be prowling in some of the well-known file-sharing applications, PC utilities and many other widely used poker calculators and player databases.

Lipovsky writes that the largest number of detection of spyware has been active for several months where most of the victims were from Eastern European countries. However, the Trojan tends to be a potential threat to any online poker player.

 Most of the victims were from the Czech Republic, Poland and Hungary. ESET had stated that they had discovered various versions of this malware dating back to March 2015. To make matters worse, new versions also tend to contain `general purpose data stealing functions’ with the abilities of siphoning passwords from several web browsers. As of September 16, several hundred users have been infected with Win32/Spy.Odlanor.

Tuesday, 1 September 2015

Samsung Smart Fridge Leaves Gmail Logins Open to Attack


Samsung Smart Fridge – MiTM attacks on Connections

Security researchers have identified a possible way of stealing user’s Gmail identifications from Samsung smart fridge. At the recent DEF CON hacking conference, Pen Test Partners have discovered the MiTM – man-in-the-middle, weakness which enabled the exploit at the time of the IoT hacking challenge. The hack was against the RF28HMELBSR smart fridge, a part of Samsung’s line-up of Smart Home appliances that is controlled through their Smart Home app.

Though the fridge gears SSL, it tends to fail in validating SSL certificates thus enabling man-in-the middle attacks on most of the connections. Internet connected devices are designed to download Gmail Calendar information to on-screen display. Security shortcomings would mean that hackers who tend to be on the same network could possibly steal Google login information from their neighbours.

According to a security researcher at Pen Test Partners, Ken Munro, `the internet-connected device is designed to download Gmail Calendar information on its display and it seems to work the same way like any device running a Gmail calendar. User or owner of the calendar, logged in, can make updates and those changes are then seen on any devices which a user could view the calendar on

Fridge Fails to Validate Certificate

The fridge fails to validate the certificate while the SSL is in place and hence the hacker who tend to access the network where the fridge is on, probably through a de-authentication and fake Wi-Fi access point attack, can man-in-the-middle, the fridge calendar client and steal Google login information from the neighbours.

Since the fridge has not yet been in Europe, the UK based security consultancy fell short of time at DEF CON in trying to interrupt communications between the fridge terminal and the software update server. Efforts were made to mount a firmware-based attack through a customer updates was not successful but they had more safety when it pulled apart the mobile app and discovered the possible security problem in the process, though was not confirmed.

Name of a file that was found in a keystore of the mobile app’s code indicated that it comprises of the certificate which was used to encrypt traffic between the mobile app and the fridge.

Working on IoT Security/Hacking Research

The certificate had the correct password though the information to the certificate seemed to be stored in the mobile app in an obscured manner.

Then the next step would be to find out the password and use the certificate data in order to confirm to the fridge and send commands over the air to it. Pedro Venda of Pen Test Partners adds that `they wanted to pull the terminal unit out of the fridge in order to get physical access to things such as the USB port and serial or JTAG interfaces, but were unable to do so since they had run out of time. The MiTM is sufficient enough to expose a user’s Gmail information’.

 The team at Pen Test Partners are working on more IoT security and hacking research. It had published research that revealed Samsung’s smart TV’s failure to encrypt voice recordings sent through internet, in February. Samsung had informed that they were looking into the issue and stated that `at Samsung they understand that the success depends on consumer’s trust and the products and services provided. Protecting consumers’ privacy is the top priority and will work hard each day to safeguard valued Samsung users’.

Certifi-gate Vulnerability


Certifi-gate Vulnerability – Disclosed at Black Hat Conference

Mobile application manipulating the Certifi-gate vulnerability which was disclosed at Black Hat conference in Las Vegas earlier this month has been removed from the Google Play store. Although the number of Recordable Activator downloads, which is a screen recorder app for Android devices soars between 100,000 and a half million, researchers at Check Point Software Technologies discovering the vulnerability stated that it would be successfully manipulated on only three devices.

The company had mentioned in a blog post, that the data seems to come from Check Point’s home-based Certifi-gate scanner application. Data from scans utilising the scanning app portray that LG devices the most are at a risk, together with Samsung and HTC, and 16% of the devices responding to scans indicate that they host vulnerable plugins. Certifi-gate which was revealed at Black Hat, three weeks ago and when misused, enables an attacker to take complete control of the device by using malicious mobile app or SMS message. The weakness is due to the third party remote support tools which are either pre-installed on Android devices by the developers and/or carriers, or are available to be downloaded.

Mobile Remote Support Tools – mRST

Mobile remote support tools – mRST tend to be generally signed with OEM certificates proving them system level privileges for the purpose of handling remote support tasks. It was revealed by Check Point at Black Hat that there are authentication problems which could be bypassed by malicious app utilising one of these mRST tools.

The issue with Recordable Activator is that it tends to download vulnerable form of TeamViewer as well as abused insecure communication between the app and system-level plugins. App that are signed with OEM certificates are treated as trusted and evade native Android restriction avoiding app like Recordable Activator in obtaining excessive permissions.

It could then be utilised in exploiting the prevailing authentication vulnerability as well as connect with the plugin in order to record whatever is happening on the screen, according to Check Point. Ohad Bobrov, researcher of Check Point, had explained at Black Hat that a malicious app tends to impersonate the original mRST to obtain access to everything on the device.

Tools Pre-installed with No UI

Bobrov stated during a press conference at Black Hat that the reason of this problem was that on several devices, these tools are preinstalled and in many cases since these tools do not have a UI, one is not aware of its existence on the device since one does not see an icon and it is not visible on the device to show that it exists.

Thus it tends to get easier for an attacker to take control of it. Check Point states that to patch up this problem is not easy since the tools which are generally preinstalled, may need manufacturers to push updated ROMs to vulnerable devices. Though new versions of remote support tools like TeamViewer tend to be released, the older versions could still be likely to be in circulation for a while.

He further adds that it would take a long time till a new version comes up though but the more problematic issue is not the bug but its architecture. The vendors and OEMS have signed this vulnerable mRST with their certificate and one cannot withdraw or else the plugin will not function.

Friday, 14 August 2015

Hackers Target Internet Address Bug to Disrupt Sites


Hackers Manipulating Internet Architecture

According to a security firm, it is said that hackers are manipulating a serious flaw in the internet’s architecture wherein the bug seems to target systems that tend to convert domain names into IP addresses. Taking advantage of it could impend the smooth function of the internet services since it would permit hackers to launch denial-of-service attacks on websites, possibly forcing them offline and regular internet users would unlikely be severely affected.

Bind seems to be the name of a variety of Domain Name System – DNS software which is used on most of the internet servers. The most recently discovered bug enables attackers to crash the software thus taking the DNS service offline and stopping URLs for instance, from functioning. Patch for the fault is made available, though several systems need to be updated.

 The ISC – Internet Systems Consortium that had developed Bind had mentioned in a tweet that the vulnerability was `particularly critical’ and `easily exploited’. Last week ISC had release a patch for serious vulnerability in BIND, one of the popular Domain Name Servers which is bundled with Linux.The flaw that affects versions of BIND 9 from BIND 9.1.0 to BIND 9.10.2-P2.

Fault in Handling TKEY Queries

It could be exploited to crash the DNS servers running the software followed by a DoS attach. Red Hat, Ubuntu, CentOS as well as Debian have all been affected with the bug and so patching is straightforward, update or apt-get update, whichever is suitable to the environment together with a DNS server restart.

 A networking expert at Sucuri, Daniel Cid, had published a blog post stating the vulnerability wherein he had clarified that the real exploits taking advantage of the fault had already taken place, based on the reports received from the customers of the company, that they were facing DNS server crashes. He also informed BBC that a few of the clients in various industries had their DNS servers crashed due to it.

He further added that due to their experience, server software such as Bind, Apache, OpenSSL and the others did not get patched as often as they should. According to a report in The Register, CVE-2015-5477, last week, there is a fault in handling TKEY queries, like a constructed packet could use the defect in triggering a REQUIRE assertion failure, which could cause BIND to exit. Cid informs that it is also trivial to check if the DNS server is being targeted.

Large DNS Exploits Take Down Hunks of Internet

One could look for the ANY TKEY in the DNS logs with querylog enabled since TKEY request seems to be `not very common’ and should be easy to notice suspicious requests. Brian Honan, cybersecurity expert, had commented that a spike in exploits of the fault was expected in the next few days.

He further added that the websites would frequently be accessible through other routes and cache addresses on DNS servers all over the world even though certain key DNS servers have been made to crash. He stated that `it is not a doomsday scenario but a question of ensuring that the DNS structure could continue to work while patches tend to be rolled out.

According to Mr Cid, the impact on general users is probably to be minimal and the average internet users will not experience much pain besides a few sites and email servers down. A large DNS exploit could take down hunks of the internet.

Monday, 10 August 2015

Watch Out for These Serious Mac Attacks

Apple’s esteemed line of Mac devices are about to go through troubled times with the emergence of new age advanced bugs and glaring loopholes in Apple’s operating system. Security researchers had unearthed a new kind of vulnerability in the Mac devices, which allows the hackers install devious ad-wares like VSearch without even requiring the password. VSearch is a notorious malware, which infects the Mac devices with numerous pop-up ads and redirects the users to different search engine whenever they try to use Google.

VSearch bug reported earlier by vigilant security researcher

A German security researcher named Stefan Esser had made this bug public earlier this week. It should be noted that the generally accepted protocol is to inform Apple about the new bug discoveries not to disclose it to the public and cause a furor. Some of the hackers had already taken advantage of this bug found by the German researcher. They had actively used this newfound vulnerability to attack Macs devices as said by a security company named MalwareBytes in their blogpost.

How this bug works and how it can be neutralized?

This bug is designed to effectively take advantage of the Mac OS X 10.10 (Yosemite) features that determines which programs are allowed to make changes on the computer without the need of password. Yosemite makes a list of those programs and keeps it hidden in a file named Sudoers. However, this bug allows the malware to get listed in the Sudoers file which simply means that the malware gets the capability to install any in any part of the OS without users approval via password.

Esser had provided a fix to solve this malware issue. It should also be noted that next patch for the Yosemite will include the bug fix because even Apple about this vulnerability for a while.

Another deadly bug, which take over the control of Mac device

Another group of security researchers had found a more threatening bug, which has the ability to take permanent control of the Mac device. Users can effectively get rid of most vicious malwares by reinstalling the operating system but this new vulnerability in Mac devices turn the game away from the users. Using this particular vulnerability hacker can easily install the malware directly in the computer’s firmware, which is responsible for booting up the computer.

A team of researchers had developed this worm and named it Thunderstrike 2 which can easily take the advantage of this security flaw in Mac deices.

This worm can be installed on the computer just like any other malware where people happen to click on wrong links or fails to the ploy of phishing scam. Once installed this malware takes a nastier turn and keeps looking for the devices connected to Mac in order to load them with worm. Other users when uses the same infected Ethernet adapter happens to get their Mac devices infected too. This bug has not been fixed till now by the Apple.

Friday, 7 August 2015

Privacy Analysis Shows Battery status API as Tracking Tool

Most of the Smartphone nowadays contain a feature which is essential to their usage i.e. battery status. A HTML 5 coded Battery analysis API is found to have major flaws in it which is leaving the privacy vulnerable. The flaws in the battery status API are extremely threatening and need to be resolved at the earliest.

The flaw mainly resides in the battery status API of most of the Smartphone. The set of protocols set in HTML5, which is the current language of the internet. This API unknowingly provides a web browser like Google Chrome and Firefox regarding the sensitive information of the Smartphone. Later on, this API also helps in activating a power saving mode which helps the Smartphone users in making more out of their devices.

How severe is the flaw?

Battery Status API has the capability to extract and pull several pieces of information related to the device’s battery, which includes the battery level, charging times along with discharging time. When this data is combined together it helps in creating a digital fingerprint of the device and it can be used by the potential attackers for tracking the activities of the users on the internet.

Recent studies on battery status

A recent study was conducted by the four researchers from France and Belgium on the battery status API. The research paper has been titled “The leaking battery: A privacy analysis of the HTML5 Battery Status API”. The researchers have concluded that the Battery Status API can serve as a potential tracking identifier when it is used in the hands of the notorious trackers.

The study had showed that HTML5 Battery Status API secretly enables the websites to access the battery state on any device ranging from the mobile device to laptops. Most of this information related to battery is extracted from the devices without the knowledge of the users. This API is extremely dangerous to the protection of the privacy, as no permission is required by the API to send out the details.

This study had even showed that when this API is implemented by Firefox Browser it happens to enable the fingerprinting and tracking of devices in short time intervals. Same results were found by the researchers on other popular web browsers like Chrome and Opera. The only web browser which possesses strong measures of defense against fingerprinting by the Battery Status API is Tor Browser. This particular web browser simply initiates a procedure, which completely disables the API and stops it any fingerprinting attempts.

Private browsing can’t stop Battery Status API

Most of the people nowadays use private browsing in order to maintain their privacy online but Battery Status API can still allow the attackers to track the online activities through battery data. A script used by the Battery Status API can help in tracking the people who had already deleted their browsing data. This script even reinstates the identifier such as cookies without the knowledge of the users. This study is conducted with the hope of identifying the glaring loopholes and flaws in the Battery API and to draw people attention towards its effects.

Tuesday, 28 July 2015

United Hackers Given Million Free Flight Miles

United Continental Holdings, a US airline has rewarded the two hackers under their bug bounty program because they have spotted security holes in the company website and they disclose the security flaw privately rather than sharing it online.

As a part of reward hackers have received the maximum reward of a million miles on flight, which is worth of hundreds free domestic flights and it is for two people. According to tech experts, its big and very good step in the domain of online security. In conversation with Reuters United Continental Holdings confirmed that they have paid the reward of one millions mile to each hacker, but they didn’t respond on the tweets of individuals which is saying that they have been also paid the small cash reward. This Chicago based carrier is hoping that its bug bounty program will help the company to uncover the cyber risks in the area of airline web security. With the help of bug bounty program web researchers solved the problem before hackers can exploit them and due to that the cost is much less than hiring outside consultancies.

However; all the three major competitors of United have declined any comment on the bug bounty programs and fourth was not available for commenting. Whereas; Trade group Airlines stated that in US all the air carriers should conduct these kinds of tests to make sure that system is secure. United adopted this strategy in the month of May when due to technology glitches they have grounded its fleet more than two times. In one incident company locked its airline reservations system and prevents customers from checking in, however; due to other zapped functionality of the software this air carrier dispatches its entire flight plan. According to spokesperson of United, “We believe that with the help of this program we will continue to provide best, secure and most excellent service”.

Jordan Wiens, who is working on the cyber vulnerabilities, tweeted that last month he received a reward of 1 million miles from United for exposing a security flaw which can allow hackers to control the website of airline. The more he added in an interview that there are not many companies in industry which are doing bug bounty programs, however; according to Wiens it’s normal for big companies such as; United to offer bug bounty program for their websites. Beyond the bug bounty program, United stated that its perfect test system which internally engages the cybersecurity firms to keep its website and online security secure.

According to Dr Jessica Barker, who is security consultant, “Schemes which are rewarding the hackers are perfect way to find and disclose the online security problems in right way and it help us to make the internet safe for all of us”. The more he added that bug bounty programs are common for tech companies because they understand online security and due to certain benefits now other industries are catching them.

Saturday, 18 July 2015

Internet Addresses Have Officially Run Out

Top Level Exhaustion ….. IPv4 Addresses Allocated for Special Use

When the internet was first developed, it was presumed that around 4 billion unique number combination would be adequate. However, it did not turn out the way it was predicted when tech pioneer Ken Olsen had stated in 1977 that `there is no reason anyone would want a computer in their home’.

With the internet it gave rise to more usage with users getting tech savvy and getting connected to the internet world. Each node of Internet Protocol – IP network like computer, router or a network printer has been assigned an IP address which is used in locating and identifying the node in communication with several other nodes on the internet. An IP address space is handled by the Internet Assigned Numbers Authority – IANA, globally, as well as by the five regional Internet registries – RIR, that are responsible in their respective territories for tasks to end users and local internet registries like internet service providers.

 Top level exhaustion took place on 31, January’2011. From the five RIRs, three have exhausted allocation of the blocks and have not reserved for IPv6 transition which took place on 15th April 2011 for Asia Pacific, while on 14th September 2012 for Europe and for Latin America and the Caribbean on 10th June 2014.Internet Protocol version 4 offers 4,294,967,296, addresses though large blocks of IPv4 addresses have been allocated for special uses and are not provided for public allocation.

ARIN unable to Fulfil Allocation of Large IPv4 Address Block

As per Gartner researchers, he states that there would be around 25 billion internet connected devices by 2020 which is more than six times to what the developers had planned when the net went live in 1983. Vint Cerf, the internet founding father clarifies that they were aware of this coming up and had been reading about the drying blocks of IPv4 addresses and for the first time North America has been out of the new IPv4 addresses.

Presently, Caribbean Islands, Canada, North Atlantic and US will be receiving the waiting list from the American Registry for Internet Numbers and has been cautioned that it will be unable to fulfill the allocation of a large IPv4 address block since the address pool has been drying and because of this the ARIN for the first time will be changing its policies on allocation. Though the infrastructure running the internet was made with space for 4 billion addresses, which had seemed a lot at that point of time, however with provision of too many devices coming up, the IPv4 protocol seems to be running out of space.

Initiated IPv4 Unmet Request Policy

American Registry for Internet Numbers, - ARIN, has now initiated its IPv4 Unmet Request Policy and till now, organizations in the ARIN area were in a position of getting IPv4 addressed whenever needed. However, recently, ARIN is now not in a position of fulfilling the requests resulting in ISP which come to ARIN for IPv4 address space are faced with three choices namely-
  • They could take a smaller block, presently ARIN does have a limited supply of blocks of 512 and 256 addresses
  • They could go on the wait list with the hope that a block of desired size would be available sometime in the near future.
  • They could buy addresses from an organization which may tend to have more than their requirement.
Experts have advised those running websites to use the spacious IPv6 specification, though moving could be expensive as well as time consuming. However, most of the large websites had already gone ahead and done so while several smaller ones could be left without much space to continue working. The IP address version which are now running out are utilised by computers in identifying themselves to each other in order to get connected. The old IP addresses comprised of four numbers with dots between them.
IPv6 Picking up Pace
Although being limited to four numbers meant that only 4 billion addresses were available and there are many more devices intending to get connected to the internet. IPv6 is picking up the pace and ARIN has been encouraging organizations in considering using IPv4 addresses.

Supply of IPv6 addresses is enough and is not likely to run out in future. By adopting a much more complex address, IPv6 would be increasing the minimum amount and it has space for 340 undecillion addresses or 340 followed by 36 zeroes, which is adequate for each atom on Earth to be accommodated with one. Those businesses who have not switched so far could move towards the new specification - IPv6.

Being expensive, companies could move towards hardware which would be compatible with IPv6. Should they decide to move over they could end up buying the limited and probably expensive IPv4 addresses that may be left. If users do not move over to the new system, they would not be able to get on the net since they will not have addresses to use and the internet would stop growing at that point. Experts had warned earlier that there were only 3.4 million addresses left in North America and that they would be running out in summer.

Friday, 10 July 2015

Hackers Unearth Major Security Flaw That Affects Adobe Flash Player

A major gaping hole is found in the popular Adobe Flash Player software used for watching videos online on a global scale. This flaw allows the attackers to take control of user’s system once they visit any malicious website.

Hackers Team which is known to create surveillance software for governmental agencies had stumbled upon this flaw when 400 GB of data was stolen from it over the weekend. Adobe had cleared all the speculations surrounding the emergence of this serious flaw and it had promised to make a fix available to all the users by Wednesday.

All You Need To Know About The Flaw In Flash Player

This serious flaw is present in the Adobe Flash Player and its earlier versions, which were released for all the major OS like Windows, Mac and Linux. Adobe stresses on the fact that this flaw can be used to cause a sudden crash and act as a backdoor for the attackers to take control of affected system.

Hacking Team had described this bug as a fascinating bug, which had come to light in as many as four years of successful running of Flash player. The severity of this flaw is extremely high and some of the hackers are already utilizing it for a long time to create undue nuisance for the users with affected systems. The internal documents also stress on the point that it can be used as a weapon on mass scale to cause considerable loss of information and high-jacking of systems on a larger scale. Until a fix or security update is provided by the Adobe it will be wise to disable the Flash Player completely in the browsers to avoid further damages.

Hacking Teams Cautions Windows Users

The data released by the Hacking Team also reveals about vulnerability in the Adobe font drivers in Windows. The flaw in Flash Player has high severity rate in both 32 and 64 bits versions of Windows OS ranging from the order XP to latest 8.1. Windows computer is at greater risk of losing control to the hackers with the presence of this flaw. For successful taking control a hacker will have to rely on other vulnerability of font driver. Microsoft is quick to give heed on this situation and they are actively working on bringing a security fix for its users.

Hackers Are Already Exploiting This Flaw

Hackers Team got a wind of this flaw after a mysterious hacker going by the name PhineasFisher started exploiting this flaw. He had already created immense troubles for many companies being serviced by Hackers Team which includes even some governmental institutions.

The detailed report furnished by Hackers Team states that its RCS surveillance software possess capabilities for monitoring activities on Skype, Gmail, Facebook and along with cryptocurrencies transactions. This can be helpful for companies and its clients in keeping a keen eye upon its employees. However European parliament is seriously debating upon the legitimacy of any such software being used by a governmental organization to snoop upon its citizens.

Wednesday, 10 June 2015

Google’s Security News: Malware’s Down, and You’re Heeding More of Its Warnings

According to the Google’s security product manager, the company defines their success in simple term- invisibility. As per Stephan Somogyi they are targeting as the main outcome when we encountered a blank browser window appearing in front of him. He was able to give some insight on the status of the online security, during the Google’s I/O conference at the half-hour presentation called the Second annual Google Security update at I/O.

Phishing and Malware Sites: 

He gave some more details on the Safe Browsing service of the company. He calls them as a collection of systems that have the ability to hunt down the badness all across the net. It has the ability to protect the visitors who are searching the web using the Google search site or even Chrome, Safari as well as Firefox. This indicates the total reach to the audience amounting to 1.1 billion people.

According to the reports released by the company, they have located that the Malware is becoming is not a huge problem anymore. But they have also found that phishing sites that are able to fool the customers into entering their details like password and more financial details are increasing in numbers.

During the last week of Mat, they were able to detect nearly 14,977 malware sites and nearly 33,571 phishing sites using the safe browsing. The Malware has shown a big drop and Phishing has shown a bigger increase. Somogyi has given all the credit to the enhanced security in all their operating system in every device. Due to this the Malware authors are now more concentrating on the phishing sites and targeting the software’s.

The much needed push for encryption: 

Google has been among the first companies who were advocating the use of encryption to avoid people from snooping on users online. The acceleration to this push came in the form of the revelations made by Edward Snowden, who confirmed that NSA has been eavesdropping on their traffic from quite some time. He further expressed his anger pertaining to the effort that is being put forth by Google to get other emails providers to try and adapt the TLS, which is the Transport Layer security encryption. Through this all the third party companies care unable to reading the messages when they are transit.

The company is hoping to reach to larger companies that work in sending email and find out the reasons why they are unable to implement TLS. But from the perspective of the company, they do not want to resort to public shaming.

They are not ready to disclose the names of the company who have still not followed or implemented TLS. Compared to TLS, Google has been able to attain much more success in terms of encouraging different websites to implement HTTPS encryption to completely secure the user visit to websites. The company is making all effort to ensure that the users feel completely safe when spending their time online.

Friday, 3 April 2015

Year-Old Android Security Flaw Puts Millions at Risk

When it comes to Android phones, nearly fifty percent are still prone to security bug which provokes the attackers to either replace or modify these apps by using malware without the knowledge of the users. The same information was reported by the researchers at Palo Alto Networks.

Even though the security flaw was discovered a year back, the Android 4.3 distributed by some of the vendors are still vulnerable to the flaws. Vendors have already been altered by the Palo Alto Networks research team about the potential flaw and its vulnerability which includes Amazon, Google and Samsung handsets. Nearly 89% of the Android devices were prone to the exploit when it was first discovered in Jan 2014. As if now Android 4.4 has managed to get a fix to this flaw through proper upgrading.

Malware distribution with Arbitrary Permissions: 

Phones which are still running on older Android versions are still at risk. According to the security researchers they were able to duplicate the attack on the Samsung’s Galaxy S4 phones and calling this as the Android installer hijacking. According to the researchers from the Palo Alto Networks, they have ensured that an app has been available on Google Play that will help the people to scan their phones to check out for potential risk and vulnerability. The team has ensured that this app is on open source and the code is available on a GitHub repository.

Companies who are concerned can take actions to mitigate these risks. Researchers state that companies should withhold permissions from new apps that seek access to their log-cat making space for potential exploitation. Companies can stop further risk by avoiding employees from using any kind of rooted devices.

Even though exploit does not rely on any kind of rooted devices for causing any harm they make these devices more susceptible. The exploit is based on the susceptibility in the Android OS which makes the hijackers to take over the Android APK installation process. They can spread the malware with illogical permissions.

Application developers need to be beware: 

These vulnerabilities can be used in different ways by an attacker. Simple example is the prompting of a person to install an application that is false but might seem legitimate. The main reason being the app does not require any special kind of permissions.

Whenever a user downloads an app from a third part app store, it opens up the chances of attackers to use malware while the permission screen is still being displayed. Application developers are required to get cautious about these attacks. Since mobile ads and apps do not rely on Google play making to save apps in an unprotected storage.

This will allow the attackers to replace the current apps with malware. There are instances where in the first app might be prompted to advertise about another app in itself. When the user will try to download the second app, the first app will modify itself and potentially open up the space for malware attacks.

Wednesday, 1 April 2015

CAPTCHAs May Do More Harm Than Good

If you have been presented with the choice- CAPTCHAs or Password, I am pretty sure passwords will take the cake and emerge as winners as the most preferred choice of internet users. CAPTCHA also known as the “Completely Automated Public Turing Test to Tell Computers and Humans Apart” was created with the aim of foiling bots from their attempts of creating mass accounts on the websites.

After account creation, these can potentially lead to the exploitation of the accounts for malicious works like spewing spam by some of the online lowlifes. But the recent technological advancements also highlighted that the highly acclaimed use of letters for differentiating between human and machines might have become old school.

According to the study conducted by Distil Networks, whenever a user visiting a website is offered with a CAPTCHA, statistics indicates that nearly 12% of these visitors tend to discontinue with the main purpose of visiting these websites.

The study also suggested that when it comes to mobile users, nearly 27% of them abandon their task when they are presented with CAPTCHAs. As per Rami Essaid, Distil CEO and co-founder, if these CAPTCHAs are creating problem when carrying out any transactions then eventually it will lead to loss of money or even the user for the website.

Evolution of the Bots: 

According to Distil the idea behind the study was initiated by their customers. One their customer was looking into the fraud problem when they identified that using their CAPTCHA decreases the conversion by nearly 20%.

The results indicated that the people are starting to get too much annoyed by the CAPTCHAs online that they prefer to abandon the websites rather than carrying out the specific transactions. Essaid highlighted that there is a wide gap between mobile and desktop abandonment and this is mainly attributed to usage. He further added that these CAPTCHAs were meant for desktops and there is nothing which has been fully formed.

The purpose of blocking the bots itself has created a problem. Bots have now evolved and able to solve CAPTCHAs which might have been difficult in the past.

Bad certification: 

A rogue certification being used for spoofing the company’s live services was already issued by Microsoft. Even though this certificate cannot be used for issuing or impersonate another domain or sign code but it can certainly be used for spoofing content, phishing and middle attacks.

According to Kevin Bocek, vice president for security strategy, cybercriminals are increasing using certificates as their main targets. Fraudulent tricks are being used for acquiring these certificates. With nearly 200 public Certificate Authorities being trusted around the world, it is easy to get hands on a valid certificate. Even though Microsoft has been taking stern action against these but the solution is only applicable to their products.


Freak was another vulnerability that was discovered earlier this month. Through this an attacker can stop using the128-bit encryption by forcing SSL and then start using 40-bit encryption, which is easily crack able. Even though initial studies highlighted the impact of Freak on the browser communication but the latest studies highlights its significant impact on mobile apps as well.

Tuesday, 24 March 2015

Gamers Targeted By Ransomware Virus

A computer virus has been targeting the gamers around the world. The virus has the ability to stop the gamers from playing out their favourite games unless they are ready to pay a ransom for the same. Once a machine gets infected by the virus, this cruel program has the ability to seek out the saved games and other important files on the user’s computer and go ahead with encrypting the data. Reports suggest that in order for a user or the gamer’s to unlock any of their encrypted files, they will have to be ready to pay nearly $500 (£340) in Bitcoins. This malware has the ability to target nearly 40 separate games which include World of Warcraft, Call of Duty, World of Tanks, and Minecraft.

Dark world of the web and cash: 

This malicious program is very much similar to that off the widely distributed Cryptolocker Ransomware. It is the same Cryptolocker Ransomware which has been able to target thousands of people around the world in the last few years. However post the analysis of this malicious program called as Teslacrypt, it was revealed that it bears no resemblance or code share with Cryptolocker. Reports suggest that this program seems to have been created by a totally different cybercrime group.

According to the Vadim Kotov, a researcher from the security firm Bromium, the malicious file was targeting people by means of a website which has been already compromised by the creators. This site consists of a Wordpress blog that is unintentionally hosting a file that is making use of drawbacks in the Flash for infecting the potential visitors.

What happens when a machine gets infected? 

According to Kotov, post the infection of the machine, this malware has the ability to check out nearly 185 different file extensions in the user’s system. This malware, particularly looks out for files which are linked with popular video games and online services. These games need not belong to the top listing games on the web. He further added that the Teslacrypt malware, has the ability to store the files of the gamers which includes their maps, profiles, and saved games. He also added that gamers will only end up being disappointed if they try to uninstall any game downloaded through any online service. He further added that it is not possible for the user to restore any of their required data post re-installing the game file as well.

So what happens next? 

Once the user’s files have been targeted and encrypted by this malware, they will get a pop up message indicating that they have been targeted and they have only a few days to make the payment in order to retrieve their data. Reports suggest that the victim might end up paying between $500 to $1,000 Bitcoms in PaypalMy Cash payment cards. The Teslacrypt virus directs the potential victims to send their payment details to a designated address on the Tor anonymous browsing network. Although there are works in progress to crack the encryption system of the virus, user can resort to backups of the files in the meantime.