Connect with us

Industry

FACEBOOK DENIES RANSOMWARE INFILTRATION

Published

on

facebook-locky-ransomware

Facebook on Monday denied that its network and Messenger app were being used to spread ransomware to its users, contradicting the claims of Check Point researchers Roman Ziakin and Dikla Barda.

The two researchers last week reported they had discovered a new method for delivering malicious code to machines, which they dubbed “ImageGate.”

Threat actors had found a way to embed malicious code into an image, they said.

Due to a flaw in the social media infrastructure, infected images are downloaded to a user’s machine, Ziakin and Barda explained. Clicking on the file causes the user’s machine to become infected with a ransomware program known as “Locky,” which encrypts all the files on the infected machine. The user then must pay a ransom to the purveyor of the malicious software in order to decrypt the files.

“In the past week, the entire security industry is closely following the massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign” the researchers wrote in an online post. “Check Point researchers strongly believe the new ImageGate technique reveals how this campaign was made possible, a question which has been unanswered until now.”

Bad Chrome Extension

Facebook has disputed Check Point’s findings.

“There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook,” the company maintained.

“We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for nearly a week,” Facebook noted. “We also reported the bad browser extensions to the appropriate parties.”

Most social media sites, including Facebook, have protections in place to block spam and dangerous file types, said Marc Laliberte, an information security threat analyst with WatchGuard Technologies.

“This most recent attack bypassed Facebook’s protections by using a specific type of image file that supports interactivity via embedded scripts, like JavaScript”Facebook has since added the image file type — SVG — used in this attack to their filter.”

Cloak of Legitimacy

What makes this attack so devious is that it’s cloaked in legitimacy.

“The JavaScript embedded in the image is not malicious,” explained Alexander Vukcevic, virus labs director at Avira. “It leads you to a website that looks like YouTube.”

At the website, you’re told you need to download a browser extension to watch video at the site.

“The browser extension then downloads the ransomware,” Vukcevic told TechNewsWorld.

Ransomware like Locky has become a big threat to consumers, observed Javvad Malik, a security advocate for Alien Vault.

“Most are not technically savvy to spot or defend against ransomware,” he told TechNewsWorld. “While a lot of effort is put into educating consumers around the dangers of clicking on links in emails or opening attachments, there is an inherent level of trust that people put in social media platforms, which is being abused by this current threat.”

Consumer Protection

While Ransomware is always a serious threat to consumers, this new twist on its distribution raises the bar even higher, WatchGuard’s Laliberte noted.

“Consumers simply do not expect malware to be delivered via a Facebook message,” he said. “Most people probably consider social media sites to be a safe space, so the lack of concern and vigilance makes it powerful as a potential infection channel for malware.”

For consumers concerned about an ImagteGate attack, Check Point recommended not opening any files downloaded to a device after clicking any image. The same is true for image files with unusual extensions, such as SVG, JS or HTA.

Users also should keep their operating system and antivirus software up to date, Avira’s Vukcevic added, “and make backups. Even if you’re never infected with ransomware, you never know when something might go wrong with your machine.”

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Industry

THE FINTECH REVOLUTION IN INSURANCE

Published

on

Advancing technology has collided with longstanding customer issues to create a series of deep, lasting, systemic challenges for insurance. How will these trends impact insurers’ businesses and the industry overall?

The rise of fintech, changing consumer behavior, and advanced technologies are disrupting the insurance industry. Additionally, Insurtechs and technology startups continue to redefine customer experience through innovations such as risk-free underwriting, on-the-spot purchasing, activation, and claims processing.

The report from Deloitte Global examines forces that are disrupting the insurance industry and presents four possible scenarios for the future. We explore:

  • Changing the channel: Partnerships with product makers and distributors, and embedding insurance into other products and services may enable customers to select products that best fit their lifestyle.
  • Underwriting by machine: Technology advancements including AI innovations and algorithms will likely individualize risk selection and pricing, and customers can select products based on a wider range of price points.
  • Rise of the flexible product: Time-flexible, event-driven, modular and adjustable coverage may evolve to accommodate life stage, lifestyle, and wellness changes among consumers.
  • E-Z life insurance: Given the growth and shopping patterns in emerging markets, insurers who introduce flexible term products, and master digital distribution without compromising underwriting are likely to win in the marketplace.

Read the report to understand what the future holds for the insurance industry.

Key Contact

Neal Baumann

Neal Baumann

Global Insurance Leader

Neal leads Deloitte’s Global Insurance practice and is the US insurance consulting leader. He has 20 years of experience advising financial services and insurance company clients on corporate and comp… More

Continue Reading

Industry

GOOGLE NEVER REALLY LEFT CHINA: A LOOK AT THE CHINESE WEBSITE GOOGLE’S BEEN QUIETLY RUNNING

Published

on

More information is leaking out about just how Google is planning to re-enter the Chinese market with a mobile search engine application that complies to the country’s censorship laws.

The Intercept first broke this story when a whistleblower provided them documentation detailing the secret censored search project (codenamed Dragonfly). According to them, an overlooked Google acquisition from 2008 — 265.com — has been quietly laying down the foundation for the endeavor.

In order to run a business in China, tech companies are required to obtain a Internet Content Provider license from the Chinese government. As it’s difficult for foreign businesses to obtain this license, Google has long partnered with Chinese IT company Ganji.com. Back in the early years of Google.cn, Google actually operated directly off of Ganji.com’s license, even claiming the Chinese company was temporarily running its search engine. Facing intense scrutiny from the Chinese government and the media over this license arrangement, in 2007 Google formed a legitimate joint venture company with Ganji.com — the Beijing Guxiang Information and Technology Co.

Because of the necessity of that license, Google has maintained that joint venture and has been operating in China under the name Beijing Guxiang Information and Technology Co. ever since. Even after the shut down of Google.cn, Google’s Chinese advertising enterprise has been operating under the joint venture company as well as, low and behold, 265.com. A whois search of the 265.com domain name, which provides a record of the current domain registrant information, pulls up Beijing Guxiang Information and Technology Co. as the registrant organization.

A significant number of Google employees are reportedly none too happy about Google’s project complying with Chinese censorship laws. This most recent news, that the company has long been collecting data for a moment just like this, surely won’t make morale among these workers any better.

Continue Reading

Industry

WHISTLEBLOWER REVEALS GOOGLE’S PLANS FOR CENSORED SEARCH IN CHINA

Published

on

Google is reportedly planning to relaunch its search engine in China, complete with censored results to meet the demands of the Chinese government. The company originally shut down its Chinese search engine in 2010, citing government attempts to “limit free speech on the web.” But according to a report from The Interceptthe US tech giant now wants to return to the world’s biggest single market for internet users.

According to internal documents provided to The Intercept by a whistleblower, Google has been developing a censored version of its search engine under the codename “Dragonfly” since the beginning of 2017. The search engine is being built as an Android mobile app and will reportedly “blacklist sensitive queries” and filter out all websites blocked by China’s web censors (including Wikipedia and BBC News). The censorship will extend to Google’s image search, spell check, and suggested search features.

The web is heavily censored in China, with the country’s so-called Great Firewall stopping citizens from accessing many sites. Information on topics like religion, police brutality, freedom of speech, and democracy are heavily filtered, while specific search topics (like the 1989 Tiananmen Square protests and Taiwanese independence) are censored completely. Advocacy groups report that censorship in the country has increased under President Xi Jinping, extending beyond the web to social media and chat apps.

The whistleblower who spoke to The Intercept said they did so because they were “against large companies and governments collaborating in the oppression of their people.” They also suggested that “what is done in China will become a template for many other nations.”

Patrick Poon, a researcher with Amnesty International, agreed with this assessment. Poon told The Intercept that if Google launches a censored version of its search engine in China it will “set a terrible precedent” for other companies. “The biggest search engine in the world obeying the censorship in China is a victory for the Chinese government — it sends a signal that nobody will bother to challenge the censorship any more,” said Poon.

In a statement given to The Verge, a spokesperson said: “We provide a number of mobile apps in China, such as Google Translate and Files Go, help Chinese developers, and have made significant investments in Chinese companies like JD.com. But we don’t comment on speculation about future plans.”

According to The Intercept, Google faces a number of substantial barriers before it can launch its new search app in China, including approval from officials in Beijing and “confidence within Google” that the app will be better than its main rival in China, Baidu.

Google previously offered a censored version of its search engine in China between 2006 and 2010, before pulling out of the country after facing criticism in the US. (Politicians said the company was acting as a “functionary of the Chinese government.”) In recent months, though, the company has been attempting to reintegrate itself into the Chinese commercial market. It launched an AI research lab in Beijing last December, a mobile file management app in January, and an AI-powered doodle game just last month.

Although this suggests Google is eager to get a slice of China’s huge market of some 750 million web users, ambitions to relaunch its search engine may yet go nowhere. Reports in past years of plans to bring the Google Play mobile store to China, for example, have so far come to nothing, and Google regularly plans out projects it ultimately rejects.

Notably, relations between China and the US have worsened in recent weeks due to trade tariffs imposed by President Trump. The Interceptreports that despite this Google staff have been told to be ready to launch the app at short notice. The company’s search engine chief, Ben Gomes, reportedly told employees last month that they must be prepared in case “suddenly the world changes or [President Trump] decides his new best friend is Xi Jinping.”

Continue Reading
Advertisement

Trending