What is Hamster Kombat?

Hamster Kombat is yet another tap game that works internally in Telegram Messenger. The main target of the game is to earn virtual currency that may further be converted into cryptocurrency. Developers of the project claim listing the corresponding token in July 2024, converting earned virtual tokens into crypto. That is not the first game of its genre: Notcoin tap-game definitely has been an inspiration to Hamster Kombat.

Based on The Open Network (TON), a blockchain network of Telegram Messenger, it has a similar principle of action. Users tap on the screen, complete different tasks, and increase the “profit per hour” stat. Actually, the latter is determinant for the amount of new tokens that the user will receive upon listing. But where does all this generosity come from?

Hamster Kombat Raises Concerns Over Russian Origins

Last week turned out to be disastrous to a seemingly innocent Hamster Kombat game. Quite a few newsletters, mainly ones from Ukraine, published detailed analyses of the game, tracing its roots to Russia. And it is hard to argue with their observations: the official website of the game, hamsterkombat[.]io (scan report), is registered in Moscow, the capital of Russia. The site itself, at the same time, lacks any details about the developers, with all the corresponding data being wiped from the domain reports.

The problem here is the law the Russian government passed back in 2015. It implemented a mandatory demand to store all the user data and provide law enforcement access to it on demand. Effectively, Russian security services can get access to the data of Hamster Kombat users, any day, any minute.

One more problem here is that the game itself lacks privacy policy. Users register using their phone numbers – that, together with the username, is the minimal amount of data the program may access. At worst, Hamster Kombat may collect the entirety of user data – from the list of contacts and the device’s gallery to the location with regular updates.

What is the problem?

You may ask a rather logical question – what is the reason for all that fuss? Almost all big tech companies in the US and Europe collect user data to a certain extent and occasionally collaborate with law enforcement. Memes about Mark Zuckerberg having user data for breakfast would not appear out of nowhere, right? Well, there is an explanation.

The alarm about Hamster Kombat’s origins was mainly raised by Ukrainian media, as a warning for all Ukrainians against participating in the game. Immediately after the game was launched, a huge wave of advertising started in Ukrainian Telegram communities. Considering the Russian origins and absence of any declared limitations on user data collection, the concerns are rather realistic. The war between two countries is ongoing, and big data about Ukrainian citizens may be as valuable as reconnaissance data from profile agencies.

This bears resemblance to the theory about Pokemon GO being an undercover spyware that may uncover military bases and top secret objects. Users supposed that the game algorithm could have put rare Pokemons in the places where people don’t typically go. Military-related objects, at the same time, are exactly the places where you won’t typically expect crowds to appear. While a lot of people called it a conspiracy theory, it makes much more sense than most of the other ones.

The data from Hamster Kombat is unlikely to reveal military bases. However, considering all I’ve said about the Russian origins and laws that allow special services to access the data, it may still have great value.

Is it safe to play Hamster Kombat?

The promotion of the new tap game started spreading in Europe and English-speaking countries only recently. It will most likely become more intensive with time, as such projects always rely on scaling the audience. Thus, the security questions touch these countries as well.

From the data security perspective, I would not recommend playing Hamster Kombal. That is, of course, unless you’re OK with sharing potentially unlimited amounts of personal data with the country internationally accused of sponsoring terrorism. But politics aside, the aforementioned law allows for almost unsupervised access to user data. It may still be valuable for spamming or sale on the Darknet

But without data safety concerns, the project looks more or less legitimate. It does not require any sensitive info – SSNs, ITINs, payment info, so you are not risking anything that may harm you personally. Newly minted tokens may sometimes soar in price pretty significantly, thus it can turn into a rather profitable investment. If you would not mind spending quite a lot of time tapping your smartphone’s screen, of course.

The post Hamster Kombat Game Rises Concern Over Russian Origins appeared first on Gridinsoft Blog.

What Is Data Protection?

People have been practicing data protection since ancient times. Imagine a messenger running from one city to another, carrying a ribbon with seemingly random letters. Or a medieval scribe who makes copies of his manuscripts. Both were protecting data. The runner was using a scytale encoding to keep the message from being read by enemies should he even be caught. The writer made a copy of the text to hide it in a chest to protect it from wind, rain, snow, and thieves. Today we do the same things, but the threats are different.

Data protection encompasses any measures we take to secure data regardless of where it is stored: on a remote server or a hard disk of our computer. These measures include inputting passwords to any devices or Internet accounts, undergoing biometric authentication, installing antivirus software, conducting regular scans, etc. These measures can be arbitrary or obligatory.

What Are Data Protection Regulations?

People’s attitude to the security of their private data can be astoundingly careless. But it’s their problem. On the contrary, those companies who take responsibility for storing or processing their clients’ personal data (like social networks or electronic mailboxes, state registries, public services, etc.) oblige themselves or are obliged by law to implement data protection regulations within their workspace. An example of such obligatory guidelines is GDPR, the International General Data Protection Regulations accepted in the European Union in 2018.

Why Is it Important?

One can hardly find a modern industry that would not rely on information technologies or involve them. Criminals and thieves of all sorts now have a new catch – information. Hackers can steal information, destroy it, blackmail owners with its disclosure, or encrypt the data on hacked computers. Then they can demand a ransom from their victims for having their data decrypted. The last case is the first viable and widely-used hacker business scheme – a ransomware attack. In a world where all person’s work, private life, plans, notes, and even dreams become the content of a portable device – the security of this content becomes crucial, and its loss can be deplorable.

Ways To Protect You Personal Data

What is very important to remember is that although various internet services comply with their data security policies and regulations, users should cooperate with these services and not overthrow all the responsibility for the safety of their data on the corporations. The following list of data-safety measures is good for protecting data on a personal device and the cloud.

1. Set up two-factor authentication on your financial accounts.

Financial accounts are usually more protected than social media profiles, mailboxes, or messengers, but they require more attention and care. A breach of a bank account is like nothing you want to experience. Therefore, use the two-factor authentication in your banking service to protect yourself from fraud, deceptive social engineering, and phishing attacks. All it takes is to press a button on your telephone every time you try to access your banking account. If any crooks get your login and password, you won’t let them use those credentials.

2. Malware protection is a must.

Without an anti-malware solution any system today is bare against a jungle of harmful entities. A modern security program will:

1. warn you about suspicious webpages you are trying to access;
2. stop you from entering overtly dangerous sites;
3. quarantine and remove any recognizable malicious programs as soon as they end up on your device;
4. clear all hidden threats with the help of a deep scan function.

GridinSoft Anti-Malware is a versatile solution featuring all the described functions and providing consistent protection without inconveniences typical for bulky and “heavy” antivirus programs. Economically beneficial, Anti-Malware is one of the most efficient and quick security programs on the market.

3. Use a firewall.

A firewall is a program filter separating a network it protects from the external environment. It can be protecting one computer or an entire workgroup. Most of the OSs have an in-built firewall. It controls the incoming and outbound traffic using pre-defined rules. Users tend to switch off firewalls temporarily to access suspicious websites but later forget to reactivate the defense. That is dangerous and puts a device or a network at risk.

4. Use free Wi-Fi with care.

A Wi-Fi router can be a source of a so-called Man-in-the-middle attack that uses a spoofed network name. After you access the wrong network by mistake, all the data outbound from your device comes into the possession of crooks. Later your data can be used directly against you up to identity theft or blackmailing, or, in better cases, it can be collected and sold to third parties for their own needs.

5. Protect your email accounts.

An email account is the core of any person’s virtual representation. Profiles in social media and other internet services often refer to your email address, and that address is essential to password restoration if you happen to need that. Therefore, email safety should be of the utmost concern. Remember to log out from your mailbox on any device except for yours. Also, make sure you use a strong password and change passwords from time to time.

6. Update your software regularly.

Computer software nowadays gets updated automatically or with the slightest effort from the user. However, many program vulnerabilities emerge in in-between moments, when one program (let’s say operating system) is already updated, while some different software is not yet up-to-date. Such inconsistent versions can lead to malware infection if cybercriminals intend to pull that over. The most wanted updates are the updates of security programs. The more malware signatures an antivirus program has in its libraries, the more malicious items it will remove from your PC before they can even harm it.

7. Back up your data.

Advice to have a backup of all critical information to preempt physical damage of the drive, loss, or theft is one of the wisest hints one could harken to. Anyone who has ever experienced anything mentioned above knows how important it is to have everything in two or maybe even three instances.

8. Don’t store passwords on your laptop or mobile device.

Always consider that your portable device might get into someone else’s hands. It might be a good person, but some bad person might also steal your device. You must be ready for such an unfortunate event. And that means not only photos and videos you wouldn’t like anyone to see should not be there on your device, but definitely, passwords should not be stored thereon. By the way, don’t forget to log out from all the accounts remotely when you notice your device is gone.

9. Use Strong, Unique Passwords

Using strong, unique passwords for each of your online accounts is one of the most effective ways to protect your personal data. Weak passwords are easy for hackers to guess, and using the same password for multiple accounts means that if one account is compromised, all of your other accounts are at risk too.

Tips for Creating Strong, Unique Passwords:

• Make It Long: Aim for at least 12 characters. The longer your password, the harder it is to crack.
• Mix It Up: Use a combination of uppercase letters, lowercase letters, numbers, and special characters (like !, @, #, $).
• Avoid Obvious Choices: Don’t use easily guessable information like your name, birthdate, or common words like “password” or “123456.”
• Use a Password Manager: Password managers can create and store complex passwords for you, so you don’t have to remember them all. This ensures each of your passwords is unique and secure.

Imagine your password is a secret code that only you and your best friend know. Make it something fun and memorable, like a phrase from your favorite book or movie, but change some letters to numbers or symbols.

Example: If you love the book “Harry Potter“, you could start with “HarryPotterRocks” and make it stronger by adding numbers and symbols: “H@rryP0tt3rR0ck$!“

Instead of a single word, think of a sentence or phrase you can remember easily. Make it something silly and fun.

Example: “MyC@tJumpsOver7Rainbows!” This phrase is long, includes a mix of characters, and is easy to remember because it’s a funny mental image.

Just like you wouldn’t use the same secret handshake forever, change your passwords from time to time to keep them fresh and secure.

10. Be Cautious with Phishing Attempts

Phishing is when scammers try to trick you into giving them your personal information, like passwords or credit card numbers, by pretending to be someone you trust. They often do this through fake emails, messages, or websites. Being cautious helps you avoid these traps and keeps your information safe.

• Check the Sender’s Email Address: Scammers often use addresses that look similar to real ones but have slight differences.
• Look for Red Flags: Be suspicious of emails or messages with urgent requests, bad grammar, or unfamiliar links.
• Don’t Click on Suspicious Links: Hover over links to see where they lead before clicking. If it looks suspicious, don’t click.
• Verify Requests: If you get an email or message asking for personal information, verify it by contacting the company directly using a phone number or website you know is legitimate.
• Use Anti-Phishing Tools: Many email services and web browsers have built-in tools to help detect and block phishing attempts.

Always question messages that ask for personal information or seem unusual. It’s okay to be curious and skeptical – it’s better to be safe than sorry.

The post 10 Ways to Protect Your Personal Data appeared first on Gridinsoft Blog.

Ransomware encrypted main server “Ethyrial: Echoes of Yore”

On October 19, 2023, ransomware actors successfully attacked the main server of the Ethyrial: Echoes of Yore game. The attackers encrypted all data, including local backup drives – as it usually happens in the course of ransomware attacks. They also left a ransom note demanding payment in Bitcoin for a decryption key.

What is unusual though is the profound impact on all 17,000 player accounts, resulting in the loss of account and character databases. However, game-related files, such as zones, items, monsters, etc., were not lost. Moreover, no customer data was accessed or removed – which is definitely a positive sign for both the developers and users.

Legend says that paying the ransom does not guarantee the return of files. So, faced with the dilemma of trusting the attackers, the developers chose not to negotiate with them. Instead, Gellyberry Studios pledged to restore lost all the info possible manually. To express gratitude for player acceptance and support, impacted users will receive their items and progress back, along with a premium “pet”.

Mitigation

This is not the first time a game publisher has been targeted in ransomware attacks. However, they usually impact the company rather than the players. It’s been a bumpy ride for Gellyberry Studios. The developer outlined security measures it will implement to prevent future incidents in light of the attack. These include:

• Increased frequency of offline account database backups. This solution will reduce the potential impact of any future attacks. So, in case of any security breaches, player accounts and progress can be immediately restored, and the effect of such incidents can be minimized.
• Implementation of a P2P VPN for all remote access to the development server. P2P VPN establishes a secure connection between two or more devices without a central server. This is a reasonable solution, that provides secure networking and additional protection against unauthorized access attempts. It elevates the overall security posture of the development environment.
• Restriction of access to a specific IP address range. By restricting access to the development server within a specific IP address range ensures that only designated IP addresses. By implementing this restriction, the studio reduces the attack surface and strengthens defense against potential external threats seeking unauthorized entry into the server infrastructure.

Although the game servers are currently available, users are prompted to create a new account when logging in. The developer asks players to email echoesofyore@gmail.com to restore the game’s progress. It’ll be interesting to see how the indie team comes out of the other end of this attack and whether or not the majority of those 17,000 accounts affected will return.

The post Ethyrial: Echoes of Yore Ransomware Attack Wiped Player Accounts appeared first on Gridinsoft Blog.

WeChat and Kaspersky products are Banned in Canada

The Canadian government, like many others, is committed to safeguarding government information and networks from potential threats. As part of this commitment, it regularly monitors emerging threats and takes swift action to mitigate risks. Consequently, Tencent’s WeChat and Kaspersky’s suite of applications have been removed from government-issued mobile devices.

Anita Anand, President of the Treasury Board, explained that this decision aligns with a risk-based approach to cybersecurity. It is emphasizes the importance of securing government mobile devices. The banned applications were singled out due to their considerable access to device contents. It is raising concerns about potential data breaches and privacy compromises.

But why so much suspicion towards these two programs?

While suspicions may appear politically motivated to some, they reflect a growing trend in many Western countries to scrutinize the cybersecurity implications of technology with ties to certain nations.

Here’s an example – WeChat, a Chinese messaging app, has been under scrutiny due to China’s history of strict internet censorship and surveillance. With over 1.2 billion active users worldwide, WeChat’s reach is extensive. However, its close alignment with the Chinese government’s regulations and laws raises concerns about data privacy and potential government access to user data.

Kaspersky, a Russian cybersecurity vendor, faces suspicions linked to Russia’s history of cyber espionage and interference in other nations’ affairs. Moreover, Eugene Kaspersky himself was once working for FSB, which means life-long ties with the Russian special services. The worry is that Kaspersky’s products could be exploited to facilitate Russian cyberattacks. The U.S. government’s ban on Kaspersky products from its devices heightened these concerns.

Implications for Canadians

The ban on WeChat and Kaspersky applications in Canada represents a significant development in the context of national security and data privacy. Canadians should stay informed about the potential risks associated with these apps and take proactive measures to safeguard their digital lives.
The ban has several implications for Canadians:

• Those using WeChat and Kaspersky on their government-issued mobile devices must remove the apps by October 31, 2023, or potentially face disciplinary actions.
• The ban does not extend to the general public, but users should be aware of the associated risks and potential data privacy concerns.
• Businesses employing WeChat and Kaspersky should also be cautious and take steps to safeguard their data and their clients’ information.

This decision is part of a broader international trend. Where Western governments are taking measures to restrict the use of Chinese and Russian technology. While some criticize it as discriminatory, others defend it as a necessary step to ensure national security.

Is it Safe to Use Russian and Chinese Software?

The safety of using Russian and Chinese software has been the subject of much scrutiny. It is recently due to concerns about data privacy and national security. Both countries have been associated with government surveillance and cyber espionage, raising doubts about the integrity of their software products. In light of the developments described above, we recommend using analogs of similar software. It keep your data and your organization safe. Info about one person is not valuable, while info about millions of people can give serious hints in politics, economy and other large-scale topics.

The post WeChat and Kaspersky Ban in Canada – What You Should Know? appeared first on Gridinsoft Blog.

What is MOVEit MFT?

MOVEit is a software solution that allows convenient and secure data transfer inside the organisation. The product under this brand name has a long story that begins in 2002, and on its path got the cloud storage feature and support of mobile platforms. Solutions of such kind gained significant popularity since the companies started bearing on electronic document management. Retaining diligent security level for that process is tremendously important, as such apps are used to transfer any kind of corporate documents.

MOVEit MFT 0-day Allows to Steal Data

According to the advisory published by the Progress, the vulnerability in MOVEit MFT allows for unauthorised access that ends up with remote code execution. The vulnerability also relies on two HTTP ports – 80 and 443. Known cases of this vulnerability usage were bearing on an SQL injection that grants hackers access to the MOVEit MySQL server. Researchers detected a sample of the webshell code uploaded to VirusTotal – it is completely undetected. The consequent requests to the database tries to pick the password, and once the input is correct, the door is open. After the successful penetration, hackers get access to the list of the files, and possess the ability to add new and download what is already present.

The list of the vulnerable and secure MOVEit versions is as follows:

Security Advisory for Vulnerable Versions

Aside from the update request, developers released a list of recommended actions. The only solution is banning the connections via the aforementioned 80 and 443 ports in the firewall rules. Though, it is not lossless – without the access through these ports, users will not be able to log into the web interface; built-in automation tasks as well as some of the APIs and add-ons will not work either. After this manipulation, Progress still recommends checking the logs for potential attempts of malignant access and updating the software.

The post MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data appeared first on Gridinsoft Blog.

1.Use Tor for Ultimate Privacy

First and foremost, it’s essential to choose a browser that offers advanced privacy protection features, such as Tor . By using Tor, your online activities become untraceable since it encrypts your traffic. Sure, it is not the best option for everyday usage, but will fit well to conduct activities that require increased level of privacy.

When you use the Tor browser, your traffic is routed through a chain of Tor servers known as “relay nodes” or simply “nodes”. The data is first encrypted and then progressively decoded one layer at a time in each node. The encrypted data then passes through an ingress/protection node, several relay nodes, and an egress node, leaving no trace of your IP address, but only the IP addresses of previous and subsequent nodes.

Tor is a powerful tool for protecting your privacy online, which provides data encryption and anonymization of your IP address. However, it is important to remember that using Tor does not guarantee 100% protection of your privacy, so you should be careful and follow the security rules.

2.Don’t Forget about Incognito Mode

Next, enable the privacy or anonymity mode available in most browsers. This mode does not store your browsing history, cache, or cookies, which helps to protect your privacy.

Incognito mode simply does not save your browsing information. Sites can still track your IP address, operating system, browsing behavior, and other details they can use to identify you.
Incognito mode simply does not save information on the computer. It does not prevent sites from tracking you while you browse. If a site uses tracking technologies, it will still be able to see you and track your activities.

3. Use Special Browser Extensions and Install Updates

Browser extensions are also an excellent option to enhance your privacy protection. Many extensions block tracking and advertising, which can help you maintain your privacy while browsing the web. Some may also block the script’s execution and show you if the website gathers any data about you. Still, it’s important to use well-proven plugins rather than just baubles which only imitate the effect or even make the website malfunction by excising some of its elements.

Also, ensure that your web browser is always up to date with the latest version to take advantage of any security improvements and patches that could prevent possible attacks.

Criminals constantly find new ways to attack users and gain access to personal information. Developers are usually quick to find browser vulnerabilities and improve security with each new version. If you haven’t updated your browser for a long time, then there is a high possibility that you will become a victim of information theft.

Apply Reliable Password Storages to Improve Privacy

Avoid saving passwords and payment information in your browser, as it could jeopardize your privacy if someone else gains access to your device or computer. In this way, your private and payment information can simply be stolen by criminals who somehow gained access to your computer. Therefore, it is better to store passwords and private information with a password manager, or in a “safe place”, such as encrypted documents.

Picking the password-storing tool is either not an easy task. Fortunately, the Internet never forgets, thus any data breaches or cyberattacks related to a certain app will likely appear in the search results. Do a diligent search before trusting a service not only with your money but also with keys to all your private information.

Use Virtual Private Network (VPN) Service

Finally, use a VPN (a virtual private network) to safeguard your online privacy further. VPNs encrypt your traffic, preventing it from being tracked or monitored by anyone. Moreover, it makes it impossible for website masters to filter your traffic depending on your IP address. The latter will always be one of the VPN provider’s, which is generally different from your location.

VPN has numerous applications, but it is almost essential when you use Wi-Fi in public places. Such networks are usually unprotected and may easily be scanned by hackers. But it is worth remembering that choosing a VPN should not be less careful than choosing a password manager. For example, free VPNs can also collect your personal information, payment details, etc. And the providers of such a VPN will sell this information about you. It is especially probable with “free” services, that monetize the server time spent for you by selling data. Before downloading, it’s worth doing a little research and choosing a provider with a strict privacy policy and one that won’t log your online activity.

The post 5 Tips to Improve Your Privacy on the Web appeared first on Gridinsoft Blog.

The basics of VPN encryption

A VPN encrypts all your Internet traffic so it can only be decrypted using the correct key. Before leaving your device, the outgoing data is encrypted and sent to the VPN server, which decrypts the data using the appropriate key. From there, your information is sent to its destination, such as a website. This way, the encryption prevents anyone who can intercept the data between you and the VPN server from decrypting the content. This could be your ISP, a government agency, or hackers. In some cases, they may be synonymous with each other.

With incoming traffic, the same thing happens, only in reverse order. For example, when the data comes from a website, it goes to the VPN server first, gets encrypted, and arrives at your device. Your device decrypts the data, and you can browse the website as usual. All of this ensures that your Internet data remains private and does not fall into the hands of unauthorized parties. But, of course, if the VPN provider does not keep much data about its users and will not provide it by order of the police.

Encryption types may differ in the following ways:

• The persistence of encryption, or the method and degree to which your data is encrypted.
• How encryption keys are managed and exchanged
• What interfaces, protocols, and ports do they use
• What OSI (Open Systems Interconnection) layers do they operate on
• How easy is it to deploy
• Performance (read: speed)

Difference between IPSec and SSL: Security

In a nutshell, a slight advantage in favor of SSL. IPSec connections require a shared key on both the client and the server to encrypt and send traffic to each other. However, sharing this key allows attackers to hack or capture the pre-shared key. SSL VPNs are devoid of this problem because they use public key cryptography to negotiate the handshake and exchange encryption keys securely. Unfortunately, TLS/SSL has a list of other vulnerabilities, such as Heartbleed.

Some SSL VPNs allow untrusted self-authenticating certificates and do not verify clients, which are especially common in SSL VPN browser extensions. Such virtual private networks allow anyone to connect from any computer and are vulnerable to man-in-the-middle attacks. However, this does not apply to most of OpenVPN’s clients. Likewise, SSL usually requires frequent patches to update the server and the client.

The lack of open source for IPSec-based VPN protocols may worry people who fear government spies and spyware. Thus 2013, Edward Snowden reported that the U.S. National Security Agency’s Bullrun program was actively trying to “insert vulnerabilities into commercial encryption systems, IT systems, networks and communication endpoints used by targets.” The NSA allegedly used IPSec to add backdoors and side channels that hackers could exploit – even the ones hired by the government. In the end, strong security is likely the result of experienced and careful network administrators, not protocol choices.

Firewall traversal

In short, SSL-based VPNs are better suited for bypassing firewalls. However, most Wi-Fi routers and other network equipment contain NAT firewalls. So they reject unrecognized Internet traffic and data packets without port numbers to protect against threats. IPSec encrypted packets (ESP packets) do not have default port numbers assigned to them. Therefore, NAT firewalls can intercept them, which can interfere with IPSec VPN workflow.

To avoid this, many IPSec VPNs encapsulate ESP packets into UDP packets. This assigns the data a UDP port number (usually UDP 4500). Although this solves the problem of NAT traversal, your network firewall may not allow packets through this port. Thus, network administrators at airports, hotels, and other locations may only allow traffic through certainly required protocols, and UDP 4500 may not be one of them.

SSL traffic can go through port 443, which most devices know as the port used for secure HTTPS traffic. Since almost all networks allow HTTPS traffic through port 443, it is likely to be open. In addition, although OpenVPN uses port 1194 by default for UDP traffic, it can be redirected through UDP or TCP ports, including TCP port 443. This makes SSL more helpful in bypassing firewalls and other forms of censorship that block port-based traffic.

Speed and reliability

Although both are reasonably fast, IKEv2/IPSec negotiates connections faster. Most IPSec-based VPN protocols take slightly longer to negotiate connections than SSL-based protocols. However, this does not apply to IKEv2/IPSec. IKEv2 is an IPSec-based VPN protocol that is more than a decade old. Nevertheless, it is still popular among VPN providers. Its crucial feature is quickly reconnecting whenever the VPN connection is interrupted. This makes it especially useful for mobile iOS and Android clients who don’t always have a reliable connection or frequently switch between Wi-Fi and mobile data.

As for the actual bandwidth, things are not clear here, as there are arguments on both sides. However, according to some claims, IKEv2/IPSec can offer higher throughput than OpenVPN, although both protocols typically use 128-bit or 256-bit AES encryption. The extra layer of UDP that many ISPs add to IPSec traffic to help it pass through firewalls adds to the load. This means that more resources may be required to process it. However, most people won’t notice the difference because, in most consumer VPNs, throughput is determined by server and network congestion, not the VPN protocol.

Ease of use

IPSec is more versatile, but most VPN provider applications users will not notice the difference. Because IKEv2, SSTP, and L2TP are built-in IPSec-based VPN protocols in most major operating systems, they do not necessarily require an additional application to run and work. However, most consumer VPN users will still use an ISP application to connect. In addition, although SSL works by default in most web browsers, you will need a standalone application to use OpenVPN. From an end-user perspective, IKEv2 offers a more user-friendly interface. This is because IKEv2 connects and handles interruptions faster. That said, OpenVPN is more versatile and may be better suited for users who can’t get what they need with IKEv2.

If we talk about corporate VPNs, they aim to provide access to the company network, not the Internet. The consensus is that SSL is better suited for remote access, and IPSec is preferred for VPNs between networks. Because IPSec operates at the network layer of the OSI model, it gives the user full access to the corporate network regardless of the application. Consequently, restricting access to specific resources can be more difficult. On the other hand, SSL VPNs allow businesses to control remote access to specific applications at a fine level.

Generally, network administrators who work with VPNs find that client management using SSL is much easier and less time-consuming than using IPSec.

Conclusion

If you have both options, we recommend using IKEv2/IPSec first, and if you have any problems, try OpenVPN. IKEv2 connection speed will be more comfortable for everyday VPN users while offering comparable security and speed. However, it may not work in some circumstances. Until recently, OpenVPN/SSL was considered the best VPN combination for most consumer VPN users. It is fast enough, secure, open-source, and can overcome NAT firewalls. It can also support UDP or TCP.

In turn, IKEv2/IPSec is a new competitor to OpenVPN. It improves L2TP and other IPSec-based protocols with faster connections, excellent stability, and built-in support for most new consumer devices. In any case, SSL and IPSec boast reliable levels of security with sufficient bandwidth, safety, and ease of use for most commercial VPN service customers.

The post Difference Between IPSec and SSL appeared first on Gridinsoft Blog.

Why Ransomware Protection Matters?

The problem of ransomware protection is pretty hot since more than a dozen ransomware groups target different categories of users. Each has different spreading ways, disguises, and toughness. Some of the ransomware¹ attacks may be decrypted due to the recklessness of its developers, some have design flaws that make the cipher decryptable with the simple brute force.

To avoid such reactions, we will show you how to protect yourself when you are an individual user and in the corporation, bearing on typical tricks they use. Moreover, we’ll also explain the working steps of protecting against ransomware.

Is Protect Against Ransomware Your PC Important?

First, let me explain why ransomware attack is such a bad omen. It is not only about making your data inaccessible. Several other malware types prevent the users from accessing the files. However, they did not get any significant spreading. Things like screen lockers, archiving, and shortcutting malware ceased to exist – not just because of a bad accident. That is why it is vital to find a good and working ransomware attack protection solution.

Ransomware (at least most) uses a tough cipher that makes it almost impossible to get your data back. Even if you use a modern quantum computer, you’ll probably spend several thousand years decrypting this cipher.

NOTE: The list of dangerous ransomware includes: avaddon ransomware², STOP/Djvu ransomware, lockBit ransomware³, makop⁴, etc.

But it is still not the only disaster – some ransomware samples carry spyware attacks together with their main payload and collect all credentials it can reach. Unfortunately, nobody (despite crooks on their own) can delete the stolen credentials. That is why it is important to find working solutions for best ransomware protection software to be armed.

File recovery after a ransomware attack is complicated if you are not going to pay the ransom. Modern ransomware variants can disable Volume Shadow Copies, OneDrive backups, and other popular backup methods. Crooks often scares the victims that any attempt at file recovery will lead to data loss.

They may also say that your data will be deleted if the ransom payment demand is unmet. While the first thing is partially true, the second is a complete lie – to scare you and force you to pay the ransom. However, dealing with the consequences of an attack is never a pleasant case. Let’s figure out how to prevent ransomware attacks.

You can explore some working tips to protect yourself from ransomware in the picture above.

Tips to Prevent Ransomware Attacks

The advice on how to stay secure depends on your environment. Crooks will apply different approaches to attack the individual user or company employee. Even when you are working from home on your personal computer, you will be attacked differently when crooks aim at your PC and the whole company.

1. Don’t use dubious/untrustworthy sources of software, films and other risky stuff. Around 90% of ransomware cases are accounted for by the use of third-party sites to get the program or film they want without paying a penny.
2. Remember – the only thing for free is a piece of cheese in a mouse trap. Major players of the ransomware market, such as STOP/Djvu, even create their one-day sites that mimic the forums with hacked software or pages with new films to download for free. Torrent trackings that are spread through these sites contain a payload that executes as soon as the downloading is over.
3. Don’t open email attachments from unknown senders. Crooks will try to mask their email addresses to look legitimate, but an attentive look at them will show you the truth.
4. If you are not sure if the email from Amazon you’ve received is a real one, don’t be too lazy to check the list of real Amazon support/delivery email addresses. And don’t be naive – no one will offer you to get a prize for a lottery you never took part in.
5. Be careful with software you’ve found on the forums or social networks. Not all of them are dangerous, and not all of the dangerous ones carry ransomware. But still, using such programs is like buying drinks in a dirty doorway.
6. You never know if it is good or counterfeit, but you definitely know who to blame for your heavy hangover the next day. This spreading way is rare but must not be crossed out, especially considering the high trust in such apps.

Tips to Prevent Ransomware Injection in Corporation

These tips will be useful for both administrators and employees who have to deal with potential attack surfaces. Generally, attacks on companies are committed with specific methods and ones that repeat the attack vectors on individuals. Thus, you may see the things that are common in both situations.

• Use the protected RDP connection. RDP brute force attacks are one of the most widespread attack vectors. They are used to deploy ransomware, spyware, advanced persistent threats, and only God knows what else.
• Controlling this moment is essential; it will be ideal if system administrators will set all RDPs on their own – to prevent any wrong moves. Brute forcing the RDP connection is available only when the ports used to establish the connection are not secure. Unfortunately, these ports are used by default, so inexperienced users who set up the RDP for the first time will likely choose them
• Cluster the internal corporate network. Most companies have all the computers connected to a single local network inside a single office. Such a step eases the management but makes it much easier to infect. When there are 4-5 pieces, each of them controlled by a separate administrator PC, and only then – by the domain controller, hackers will likely fail to make it through.

Sure, one segment of this network will likely be down, but all others will be OK, and your office will not be idle, having any ability to use the computers.

Tips and ransomware prevention best practices that can help.

• Apply the 2FA for logging into all vulnerable places. To extend their presence in the infected network, attackers try to steal credentials or brute force all places that may be used to spread the malware in the network. Their final target is the domain controller – the computer that handles the whole network and has access to the servers. Its protection must be as high as possible.
• Initiate regular password changes among the personnel. Some known attacks happened after the password leak from one of the networks. Besides that, advanced attacks may last for several months – and suddenly changed passwords will confuse their cards. So changing the passwords on the internal accounts is about to happen every 4-6 weeks. It may look like it too often, but believe me – that’s worth it.

As a postscript, I want to recommend avoiding some common passwords – “qwerty,” “12345”, or something like that. The success of brute forcing particularly bears upon such easy passwords. Even the cheapest (or free) password databases for brute forcing contain them. Use strong passwords so that they cannot be cracked – this is one of the main key to success.

* PLEASE NOTE: Another widespread mistake is adding some personal information to the passwords. Your or your spouse’s birth date, the name of your pet, and the date you joined the company are all effortless to figure out with open-source intelligence. Keep that in mind when creating such an important thing!

Show the employees how to distinguish the counterfeited email. While individuals rarely fall victim to email scams, companies are the primary targets of such an event.

*Cybercriminals are not lazy to create some ingenious disguise for their emails. They may mimic the requests to your tech support, offers from other companies, notifications about the bills the company needs to pay, and so on. There is nothing dangerous in seeing the exact message, but any links in it and attached files expose you to potential danger.

It is better to avoid interacting with them at all, but if it may inflate your working process, check the sender’s address meticulously. Companies’ officials never text you from personal email addresses and never contact you.

*I WANT TO REMIND: It is essential to choose the best ransomware protection solution for yourself to protect yourself and your PC. After studying the necessary materials and research, you protect your PC from adware, spyware, ransomware, and other threats.

The best anti-ransomware protection is possible when you have constant database updates and, more importantly, proper proactive protection. These two things will already give you a pretty high protection ratio.
Nonetheless, the problems of most of the mass-market antiviruses don’t disappear: they still may overload your CPU/RAM, as well as scatter your privacy by sending a lot of telemetrics.

That’s why I’d recommend the one that does not have both of those disadvantages – Ransomware Protection & Removal Tool. Its databases are updated every hour, and the overall CPU and RAM consumption is low enough to fit even the weakest systems.

Proactive protection, based simultaneously on heuristic engine and neural network, will make your device much more protected from most of the malware types.

The post The Best Ransomware Protection for 2024 appeared first on Gridinsoft Blog.

Using these vulnerabilities, attackers could remotely steal files from computers running Windows or macOS.

“I really wanted to find a major security flaw in a well-known and widely used service, and I felt like WhatsApp was a good start. So I gave it a go since I already had some clue of existing security flaws in WhatsApp mobile and web applications. I managed to find four more unique security flaws in WhatsApp which led me all the way to persistent XSS and even reading from the local file system – by using a single message”, — writes Gal Weizman.

In particular, the specialist discovered a potentially dangerous vulnerability such as Open Redirect, which allows conducting an XSS attack by sending a specially crafted message. If the victim sees a malicious message, the attacker can execute arbitrary code in the context of the WhatsApp domain.

Another problem was the incorrectly configured Content Security Policy (CSP) on the WhatsApp web-domain, which allows downloading useful XSS-loads using iframes from a site controlled by an attacker.

“If the CSP rules were correctly configured, the impact of the XSS attack smaller. The ability to bypass the CSP configuration allowed an attacker to steal valuable victim information, easily load external payloads, and much more”, – noted the expert.

Weizmann demonstrated a remote file attack via WhatsApp, gaining access to the contents of the hosts file from the victim’s computer. According to the researcher, the open redirect vulnerability could also be used to manipulate URL banners – a preview of the domain that WhatsApp displays to recipients when they receive a message containing links.

“It is 2020, no product should be allowing a full read from the file system and potentially a RCE from a single message”, – summed up Gal Weizman.

Weizmann announced in Facebook his discovery, and the company released a revised desktop version of the messenger.

What a dumb thing is WhatsApp, only I recently wrote that attacker in a WhatsApp group chat could disable messengers of other participants. However, the Internet and real world are quite dangerous too.

The post Dangerous vulnerabilities in WhatsApp allowed compromising millions of users appeared first on Gridinsoft Blog.

Alas!

The browser starts to act stupid, redirecting and taking you places filled with creepy adverts or worse yet, issuing warnings of possible harm if you don’t “Update Your Flash Player.” And while the naïve would likely fall for the trap, smart and tech-savvy individuals may automatically note the adware running in the background. But as ubiquitous as the phenomenon is, adware attacks are a discreet way cyber criminals are using to make money off the unsuspecting.

Though it is probably the most popular way of telling that you are under attack, there are other subtle and perhaps less ferocious cyber attacks. There’s a form of adware gradually going mainstream. Besides redirecting, the virus goes ahead and alters your default search engine to something weird.

You start your PC, ready to browse the web, but once you key in whatever you need to search the web, you are redirected to a page with bizarre search results. It happens often and hurts the unsuspecting!

Pop-ads are yet another sign your computer is under an immense adware attack.

Simple as they appear, these pop-ads can be a source of immense misery, hurt your typical browsing habits and perhaps steal valuable data as you browse.

Many other times, these malicious occurrences make the PC act slower than it normally does, including lowering the average browsing speed and how the computer executes simple tasks. Of course, the phenomenon becomes more suspicious when you note the occurrence yet your PC doesn’t have a heavy program running or when you’re connected to a fast internet.

How Adware Works

Generally, these malicious tools are embedded into ‘free-ware’ or pirated software and act as part of a bundle of payment to the proprietor of the freely downloaded software.

Adware is simple software that comes with integrated advertising materials, including those that trigger redirects and pop-ups.

Mostly, the adware is activated whenever the tool that it is embedded in runs and the PC is connected to the internet.

At the moment, many software developers offer their products as “sponsored software” so that the ad pays for the free services provided. It is a pretty common type of adware and may continue until the user pays to register and thus unlock the ad off the software.

Regardless of how they work, these malicious attacks are very much annoying. Pop-ads waste a lot of time, while redirects and the slowing down of the PC hurt the ordinary performance of the computer. Aside from these, adware can set the stage for various other attacks, including spyware, ransomware and virus attacks.

How to avoid Adware

Tip #1 Never click any suspicious-looking pop-up windows and ads
Tip #2 Don’t answer or reply unsolicited emails and messages
Tip #3 Exercise utmost caution when downloading free software applications

Above all, invest in the best malware removal software. GridinSoft Anti-Malware does a great job!

The post Adware Everywhere: Who Knows What Is Happening? appeared first on Gridinsoft Blog.