Varenyky Malware is Recording People’s Screens and Sending Sextortion MessagesByBill Toulas-August 15, 2019.115 Varenyky is a new breed of malware and spambots which records screens of people using Ffmpeg.Liviu Arsene Bitdefender: Box 2 Will Keep Your IoT Devices Safe and Protect Your Children Online
ByGabriela Vatu-February 12, 2019.120 Created in 2001 Bitdefender has proven to be the best antivirus software for home and office in the world over and over again. Through keeping your devices safe from harm, the Romanian company has grown to a global level that manages to create a name for itself. Liviu Arsene is one of the Global Cybersecurity Researchers at Bitdefender and he agreed to speak with us TechNadu people. We addressed some issues concerning cybersecurity issues that plague us all, as well as some of the newer products from Bitdefender that aim to keep you and your home secure even when that home is full of insecure IoT devices. Arsene addressed the key benefits of such innovations, as well as the many everyday threats that we face. Click here for our interview. Liviu Arsene: Bitdefender Box contains a wide range of security tools capable of protecting both IoT devices as well as personal data from incoming attacks. For instance, Bitdefender Box will conduct a vulnerability evaluation on all IoTs connected to it and let users know if security updates are available for each device so they can install them. Bitdefender Box also prohibits the use of established vulnerabilities on compromised computers, prevents brute force attempts at authentication credentials and even detects outbound traffic irregularities if some IoTs start communicating with command and control servers. Each smart device connected to the Bitdefender Box from laptop desktop computers and smartphones to smart devices with smart TVs and any IoT is continuously protected from incoming threats and at the same time easily controlled through an easy-to-use mobile app. TechNadu: Box also comes with an aspect of parental control like we haven’t seen before, which also takes into account the privacy of the children. Tell us how it all works, and what has been the feedback so far. Liviu Arsene: Bundled with Bitdefender Box parental control technology notifies parents when children are verbally abused online or unintentionally involved in offensive language demands for photos or meetings outside the home and even requests for private information such as passwords or card numbers. This advanced digital defense against cyberbullying and online predators allows parents to protect their children while online in a completely non-intrusive manner while at the same time enabling both parents and children to think about and discuss these interactions in a controlled way. TechNadu: Security experts spoke a few years ago about how much Ai will become an essential component of security products. How much does that make Bitdefender a reality? Liviu Arsene: Since 2008, Bitdefender has been using machine learning algorithms and over 10 per cent of our proprietary inventions have been around machine learning in the last few years. The ever-evolving threat environment and growing threats have made machine learning an integral part of defense. Although the common assumption is that machine learning is a single algorithm that can recognize any type of threat, the fact is that security solutions often have hundreds of machine learning algorithms that increase existing security layers each specifically trained to identify a particular threat. There are machine learning algorithms for example in malware detection that have been trained to correctly identify a specific class of ransomware. This means you may have an individual algorithm for each ransomware family which is qualified to recognise it. When a new sample of malware is discovered it is typically fed to these algorithms, and each of them will give a score on how similar the new sample of malware is to something already known. Although machine learning is great when working with large amounts of data you can not rely on it for detection alone. To maximize identification and implicit protection you need to pair it with other layers of security. Another great way to use machine learning is to spot anomalous network activity that is normally indigenous to a breach of data. For example, while security solutions are great at stopping malware, malicious behaviors such as remote desktop connections during off hours or the use of authentication credentials during off hours can’t be identified. Machine learning can be trained to detect such signs of a data breach and send notifications and security alerts to it and security teams. TechNadu: Bitdefender made another acquisition a few months back with RedSocks, a network security analytics company. How are you planning to apply your expertise to your regular business? TechNadu: What do you think is nowadays the most serious threat to people’s safety? Liviu Arsene: There are several types of risks depending on how we look at the threats to people’s security. Physical danger is a serious threat particularly when considering critical infrastructure attacks that take down electricity gas or even traffic lights from heating. Let’s not forget implantable medical devices that are internet-connected and have bugs that attackers can remotely hack and use as remote kill switches. We’ve seen insulin pumps and peacemakers vulnerable to these attacks making physical technology-related danger a real problem. Infringements of data are also a significant threat to the security of individuals, as they have long lasting effects. Personal data which is exposed online can be used very long for identity theft. Although some of it may change over time by changing your phone number or email address some of it is permanent (e.g. social security numbers or biometric data). Privacy invasion is also a serious threat to the security of people, especially in the context of vulnerable internet-connected surveillance systems that threat actors in your home can remotely control and spy on you. Risks aimed at children are also one of the greatest threats to the welfare of men. Grooming sexual predators and cyberbullying are nowadays serious threats to the safety of children, as they are exposed from an early age to the unfiltered Internet. Enhanced parental control mechanisms that warn parents of verbal attacks of offensive language leaks in private information, and even inappropriate photo and picture requests will help children stay safe online. Liviu Arsene: Ransomware will continue to be one of the greatest threats, particularly since it has proven to be very lucrative financially and extremely easy to deploy. Ransomware-as – a-service has made installing the infect and making money from victims extremely easy for anyone even with limited technical knowledge. If anything, ransomware-disseminating threat actors have started working with botnet operators who have remote desktop access to business infrastructures to manually deploy and infect endpoints with ransomware. The ransom note is typically personalized depending on the organization’s value of the encrypted data and the ransom note is usually split between the botnet operator who initiated the access and the threat agent who delivered the ransom. A perfect example of that is Emotet (CoreBot). TechNadu: One of the big issues nowadays seems to be the lack of safety education among people in both a home and an office environment. How can we tell people to stop clicking on every connection to download every attachment and search for source of email? Has Bitdefender done anything to help educate the people? Liviu Arsene: There are different ways in which you can reduce the risk to users when online. Training courses and regular training and retesting are highly recommended for companies as they train workers on how to manage threats and social engineering techniques. Coupled with a layered and comprehensive security solution installed on endpoints one that accurately identifies malware online threats as well as various automation tools meant to identify potential data breaches potential data breaches can significantly be reduced especially if augmented by employee security awareness. There are also some layers of security that can offload some of the user burden. For instance email attachments can be detonated in sandboxed and controlled environments and check whether they are malicious or not. It helps users to relieve some of the guilt. So there are guys out there if you have loads of IoT devices in your home maybe it’s a good idea to use a tool like Box to secure them and you. Often try not to click risky links and download all the software you probably don’t even need to get infected. Stay safe to all! For cooler tech news. NordVpn is launching a new technology called NordLynx, designed around the WireGuard protocol combining the high speeds of the WireGuard and NordVpn’s custom dual network dress translation system to help protect the privacy of users. At this point NordLynx is available only for Linux users. After WireGuard NordVpn’s introduction and growing popularity it wanted to find a way to introduce it. As fast as the Vpn tunneling protocol is it does come with some security caveats because it doesn’t manage to guarantee anonymity. The WireGuard protocol can’t dynamically assign Ip addresses to everyone connected to a server so it contains a local static Ip address table to know where Internet packets are traveling from and to whom they should return which means that the real Ip addresses of users must be linked to an internal Ip address assigned by the Vpn which is a privacy risk. NordVpn has developed NordLynx working on this issue, using a dual network dress translation (Nat) framework to build two locaByGabriela Vatu-February 12, 2019.120 Created in 2001 Bitdefender has proven to be the best antivirus software for home and office in the world over and over again. Through keeping your devices safe from harm, the Romanian company has grown to a global level that manages to create a name for itself. Liviu Arsene is one of the Global Cybersecurity Researchers at Bitdefender and he agreed to speak with us TechNadu people. We addressed some issues concerning cybersecurity issues that plague us all, as well as some of the newer products from Bitdefender that aim to keep you and your home secure even when that home is full of insecure IoT devices. Arsene addressed the key benefits of such innovations, as well as the many everyday threats that we face. Click here for our interview. Liviu Arsene: Bitdefender Box contains a wide range of security tools capable of protecting both IoT devices as well as personal data from incoming attacks. For instance, Bitdefender Box will conduct a vulnerability evaluation on all IoTs connected to it and let users know if security updates are available for each device so they can install them. Bitdefender Box also prohibits the use of established vulnerabilities on compromised computers, prevents brute force attempts at authentication credentials and even detects outbound traffic irregularities if some IoTs start communicating with command and control servers. Each smart device connected to the Bitdefender Box from laptop desktop computers and smartphones to smart devices with smart TVs and any IoT is continuously protected from incoming threats and at the same time easily controlled through an easy-to-use mobile app. TechNadu: Box also comes with an aspect of parental control like we haven’t seen before, which also takes into account the privacy of the children. Tell us how it all works, and what has been the feedback so far. Liviu Arsene: Bundled with Bitdefender Box parental control technology notifies parents when children are verbally abused online or unintentionally involved in offensive language demands for photos or meetings outside the home and even requests for private information such as passwords or card numbers. This advanced digital defense against cyberbullying and online predators allows parents to protect their children while online in a completely non-intrusive manner while at the same time enabling both parents and children to think about and discuss these interactions in a controlled way. TechNadu: Security experts spoke a few years ago about how much Ai will become an essential component of security products. How much does that make Bitdefender a reality? Liviu Arsene: Since 2008, Bitdefender has been using machine learning algorithms and over 10 per cent of our proprietary inventions have been around machine learning in the last few years. The ever-evolving threat environment and growing threats have made machine learning an integral part of defense. Although the common assumption is that machine learning is a single algorithm that can recognize any type of threat, the fact is that security solutions often have hundreds of machine learning algorithms that increase existing security layers each specifically trained to identify a particular threat. There are machine learning algorithms for example in malware detection that have been trained to correctly identify a specific class of ransomware. This means you may have an individual algorithm for each ransomware family which is qualified to recognise it. When a new sample of malware is discovered it is typically fed to these algorithms, and each of them will give a score on how similar the new sample of malware is to something already known. Although machine learning is great when working with large amounts of data you can not rely on it for detection alone. To maximize identification and implicit protection you need to pair it with other layers of security. Another great way to use machine learning is to spot anomalous network activity that is normally indigenous to a breach of data. For example, while security solutions are great at stopping malware, malicious behaviors such as remote desktop connections during off hours or the use of authentication credentials during off hours can’t be identified. Machine learning can be trained to detect such signs of a data breach and send notifications and security alerts to it and security teams. TechNadu: Bitdefender made another acquisition a few months back with RedSocks, a network security analytics company. How are you planning to apply your expertise to your regular business? TechNadu: What do you think is nowadays the most serious threat to people’s safety? Liviu Arsene: There are several types of risks depending on how we look at the threats to people’s security. Physical danger is a serious threat particularly when considering critical infrastructure attacks that take down electricity gas or even traffic lights from heating. Let’s not forget implantable medical devices that are internet-connected and have bugs that attackers can remotely hack and use as remote kill switches. We’ve seen insulin pumps and peacemakers vulnerable to these attacks making physical technology-related danger a real problem. Infringements of data are also a significant threat to the security of individuals, as they have long lasting effects. Personal data which is exposed online can be used very long for identity theft. Although some of it may change over time by changing your phone number or email address some of it is permanent (e.g. social security numbers or biometric data). Privacy invasion is also a serious threat to the security of people, especially in the context of vulnerable internet-connected surveillance systems that threat actors in your home can remotely control and spy on you. Risks aimed at children are also one of the greatest threats to the welfare of men. Grooming sexual predators and cyberbullying are nowadays serious threats to the safety of children, as they are exposed from an early age to the unfiltered Internet. Enhanced parental control mechanisms that warn parents of verbal attacks of offensive language leaks in private information, and even inappropriate photo and picture requests will help children stay safe online. Liviu Arsene: Ransomware will continue to be one of the greatest threats, particularly since it has proven to be very lucrative financially and extremely easy to deploy. Ransomware-as – a-service has made installing the infect and making money from victims extremely easy for anyone even with limited technical knowledge. If anything, ransomware-disseminating threat actors have started working with botnet operators who have remote desktop access to business infrastructures to manually deploy and infect endpoints with ransomware. The ransom note is typically personalized depending on the organization’s value of the encrypted data and the ransom note is usually split between the botnet operator who initiated the access and the threat agent who delivered the ransom. A perfect example of that is Emotet (CoreBot). TechNadu: One of the big issues nowadays seems to be the lack of safety education among people in both a home and an office environment. How can we tell people to stop clicking on every connection to download every attachment and search for source of email? Has Bitdefender done anything to help educate the people? Liviu Arsene: There are different ways in which you can reduce the risk to users when online. Training courses and regular training and retesting are highly recommended for companies as they train workers on how to manage threats and social engineering techniques. Coupled with a layered and comprehensive security solution installed on endpoints one that accurately identifies malware online threats as well as various automation tools meant to identify potential data breaches potential data breaches can significantly be reduced especially if augmented by employee security awareness. There are also some layers of security that can offload some of the user burden. For instance email attachments can be detonated in sandboxed and controlled environments and check whether they are malicious or not. It helps users to relieve some of the guilt. So there are guys out there if you have loads of IoT devices in your home maybe it’s a good idea to use a tool like Box to secure them and you. Often try not to click risky links and download all the software you probably don’t even need to get infected. Stay safe to all! For cooler tech news. NordVpn is launching a new technology called NordLynx, designed around the WireGuard protocol combining the high speeds of the WireGuard and NordVpn’s custom dual network dress translation system to help protect the privacy of users. At this point NordLynx is available only for Linux users. After WireGuard NordVpn’s introduction and growing popularity it wanted to find a way to introduce it. As fast as the Vpn tunneling protocol is it does come with some security caveats because it doesn’t manage to guarantee anonymity. The WireGuard protocol can’t dynamically assign Ip addresses to everyone connected to a server so it contains a local static Ip address table to know where Internet packets are traveling from and to whom they should return which means that the real Ip addresses of users must be linked to an internal Ip address assigned by the Vpn which is a privacy risk. NordVpn has developed NordLynx working on this issue, using a dual network dress translation (Nat) framework to build two locaSkyVpn Vpn Proxy Vault and TunnelBear are the only three free Vpn applications that were found to comply with Apple’s new guidelines. Vpn Proxy Master (800k downloads / month) Hotspot Shield (800k downloads / month) Vpn-Super Unlimited Proxy (800k downloads / month) Betternet (700k downloads / month) Turbo Vpn (600k downloads / month) X-Vpn (500k downloads / month) and Vpn 360 (400k downloads / month) are the most common non-compliant Vpn apps still available on the App Store. If surfing the free Vpn wave isn’t your sport, you can check out our list of the best iPhone and iPad Vpn solutions where we’re providing the most secure and user-friendly iOs privacy solutions.