Weekly Tech Roundup — April 3
Last Friday was World Backup Day, and good thing it was because cybercriminals weren’t taking any time off. But it wasn’t just cybercriminals putting your data at risk. Software upgrades and even trusted government tools made hacking into your data even easier. What do you have to worry about when it comes to protecting your data this week? Find out in the stories below.
Windows 10 upgrade damaged data — and people are suing
“Allegedly the Windows 10 installer genie checks the consumer’s computer for compatibility; it does not, however, check the condition of the PC and whether or not the hard drive can withstand the stress of the Windows 10 installation,” the complaint reads.
After its release in July 2015, Windows 10 was offered as a free upgrade to users. But this upgrade allegedly caused major damage, and users are placing all the blame on Microsoft.
Some of the plaintiffs claim that Windows 10 was installed without their consent, while others said they agreed to the upgrade, but that it prevented other software from working, causing unrecoverable data loss. These plaintiffs claim that their PCs were effectively destroyed after installation.
"We believe the plaintiffs' claims are without merit," a Microsoft spokesperson said in a statement. They went on to say that customers had the option to refuse the upgrade, and 31 days to roll back to their old OS after accepting if they changed their mind.
Best practices, however, are always to run backup before installing or upgrading to new software, because you never know what damage could come to your device after.
Apple iPhone scareware threat resolved with new iOS update
A new iOS update fixed a sneaky scareware threat on Apple iPhones.
Cyber criminals were exploiting a bug in Safari to scare users into coughing up $125, according to Computer World. When users reached a malicious site, their browser was implanted with a code that pulled up an endless loop of pop-ups. Users were unable to disable the pop-ups or use Safari, giving these cyber criminals the perfect in.
With Safari unusable, users thought their data was doomed, giving these hackers the perfect opportunity to demand ransom and take advantage of users without proper data protection.
There weren’t actually any malicious codes implanted onto the phone itself, but most users weren’t aware of how to stop this on their own. That’s why Apple offered an iOS update.
"This was a scareware attack, where [the attackers] were trying to get people to not think and just pay," said Andrew Blaich, a Lookout security researcher.
Scareware is what experts call phony security software. They claim that your devices are infected with malware and that they can fix it if you pay up when in actuality there is no malware on your device—it’s all fake.
Avoid these fake scams by ensuring you back up all of your devices—this way even if cyber criminals do get ahold of your data, you will be prepared.
GitHub developers being targeted by malware
An ongoing campaign has been targeting developers who publish their code on GitHub, PC World reports.
Cyberespionage malware began these attacks in January. The attacks consist of malicious emails sent to developers with requests for development projects. They offer payment for these jobs. The emails contain .gz attachments that come with malicious macros. If the recipient opens the attachment and has enabled macros to run by default, the malware program known as Dimnie is downloaded onto the user’s device.
This deceptive malware downloads additional malicious modules that leave no trace. These modules grab screen shots and interact with smartcards. Some even wipe all the files from the system drive as to destroy all traces of the malware.
It is likely that these developers are being targeted for cyber espionage. Their devices often hold proprietary information and access credentials for highly valued networks and systems.
There are some best practices to follow to ensure you aren’t infected. Don’t open emails from unknown or fishy senders and definitely don’t open any random attachments. Data protection is something that needs to be taken seriously, especially now that these threats are only getting more prevalent.
Android ransomware evades all mobile antivirus solutions
A new Android ransomware variant has been spotted that could evade detection from all available mobile antivirus platforms, Bleeping Computer reports. It also lacks basic decryption functionality, making decryption impossible—even if users pay the ransom.
This particular ransomware instance is being spread through third-party app stores. Cyber criminals are copying popular apps from the Google Play Store, cloning them, and disassembling them. Then they alter the normal behavior of the app and insert the ransomware payload.
This Android malware is particularly deceptive because it waits four hours after downloading before it goes to work. This makes users and anti-malware measures like application sandboxes think it’s a legitimate app. Then four hours later, they are hit with popups that won’t go away, asking for administrator rights.
After this, the screen locks and demands a ransom of about $8-$10. The ransom note also threatens to send their contacts a message telling them they were illegally watching adult content. Researchers later confirmed that the ransomware didn’t have the capabilities to message contacts as it didn’t even have the capability to decrypt data.
With the increasing success of this Android malware, many worry that it’ll continue to spread.
"Considering the stealth tactics designed into this sample, it wouldn't be difficult to imagine the author successfully uploading this ransomware to the Google Play Store," said Gaurav Shinde, an analyst at Zscaler.
Don’t fall victim to this devious ransomware — make sure your data protection plan is complete by including your mobile devices on your backup list.
RELATED: What is Ransomware?
IRS Data Retrieval Tool offline after data breach worries surface
The US Internal Revenue Service (IRS) and the US Department of Education’s Federal Student Aid office (FSA) announced that the Data Retrieval Tool (DRT) used on two federal student lending sites, fafsa.gov and StudentLoans.gov, will be temporarily unavailable in order to strengthen security protections, according to the U.S Department of Education.
"We know this tool is an easy way for students and families working on applications to access their financial data. While this tool provides an important convenience for applicants, we cannot risk the safety of taxpayer data. Protecting taxpayer data has to be the highest priority, and we will continue working with FSA to bring this tool back in a safe and secure manner,” said IRS Commissioner John Koskinen.
The IRS is currently trying to identify how many users were affected by the vulnerable tool. It is possible that cybercriminals were able to access personal information using the DRT in the Free Application for Federal Student Aids (FAFSA) form. There were instances where the IRS was able to identify these attempts and stop them, but it is also possible that some bypassed this identification. The full scope of affected taxpayers has yet to be determined.
Students and families who are currently filling out the 2016-17 and 2017-18 FAFSA have to manually enter tax information from 2015 as the tool is not yet ready for use.
Data protection is vital, especially when personal information is on the line. Make sure you’re taking the proper precautions to ensure your data isn’t vulnerable.