Category Archives: Security News

On this page you will find links to selected IT-security related news articles from various sources, including news from conferences and some test results (also from other testing labs). If you find some interesting news or test reports, please let us know!

Spotlight on security: iPhone X introduction – job well done?

Published by:

Did you watch the Apple event? The first ever announcement in the Steve Jobs Theater showed that they miss Steve Jobs. I remember Steve Jobs introducing the NeXTcube. That was a jaw dropping event. The NeXTcube had display depth while the rest of the world used monochrome. It marked the birth of the dock. Combining an application launcher, desktop explorer, and task manager into one single application. So simple straightforward, yet so brilliant and beautiful.

The unforgettable NeXTcube introduction was literary art for geeks. The cube played a duet with a violinist from the San Francisco Symphony. A feat in the mid-eighties, but a near miracle when combining it with other complex tasks. Like navigating through Shakespeare’s plays and sending and receiving emails.

Compare this with the embarrassing demo fail of Face ID and the lengthy introduction of the new Apple Head Quarter. Since when are bricks more interesting than clicks? I bought a Volvo because it has many active security features. Not because the Swedes who build the Volvo, open a new head office. This comparison brings me back on topic: security.

The new iPhones have two interesting new security features. Facial recognition (FaceID) replaces fingerprint recognition (TouchID) on flagship smartphones. Enough has been said about the FaceID not recognizing Craig Federighi. Another less discussed feature is the improved SOS-call feature. It is triggered by repeatedly (5 times) pressing the power button. A preset personal or national (e.g. 911) alarm number will be called. Also, TouchID and/or FaceID will be disabled, so anyone knowing the passcode can use the phone in case of emergency.

Apple’s iOS is based on the NeXTstep operating system. Together with Apple’s closed shop, still gives iOS a security edge. iOS by itself is probably safer than Linux, Android and Windows. Android and Windows are making up ground and have the advantage of third party security. When the OS itself becomes safer, third party software has to innovate to keep their added value. The hype on using Artificial Intelligence is an example of this innovation push.

Luckily for Mac users many of those vendors also offer antivirus solutions for Apple devices. Read our report on Mac security software. Unluckily for Apple, the footsteps of Steve Jobs are huge and very hard to fill in. At AV-Comparatives we have not forgotten this inspiring innovator.

Malware in the media – Augusts’ eclipse and Android 8

Published by:

On August the 21st people in the USA could witness a total solar eclipse. People from Oregon to South Carolina could see the moon totally covering the sun. A total eclipse is a unique event. The last total eclipse of the sun happened 38 years ago and the next one will be in 2024. Google smartly used this event to introduce the next Android OS version. Version 8 is named Oreo, a popular chocolate cookie filled with butter milk cream.

Google modestly markets their new Android operating system as an “open wonder” and promises us that Android 8 will be “safer, smarter and sweeter”. The new Android OS has many interesting features and security improvements. Truth needs to be told that August also marked another record: over 1800 apps were found in Google Play and blacklisted.

Forbes reported on 10th of August that a developer managed to “spawn 1000 Android Spyware Apps”. Some of these apps were not detected by Google’s automated Google Play app analysis. Two weeks later Fortune posted that “Google Kicks 500 Apps Off Online Store Over Spyware Concerns”. All these apps used a software module that helps companies to target people with ads based on people’s preferences. In the last week of August CSO Online published that “experts from Akamai, Cloudflare, Flashpoint, Google, Oracle (Dyn), RiskIQ, Team Cymru united”  to take down the WireX botnet and “removed another 300 apps from the Play Store” according to Techspot.

According to BitdefenderApp install fraud is a 300 million business”. This high profit potential explains why the mobile market will keep on attracting malware. eScan even calls it an “alarming rise of mobile security threats”. This rise will also impact corporate users, since employees are allowed to bring their own (mobile) devices to work. With this in mind we applaud the ongoing efforts of Google to improve the security of the Android ecosystem. The three most important security improvements on Android device and Google server side ecosystem are:

  • No more install from unknown sources
  • Improved Google Play protect
  • Android instant apps

At AV-Comparatives we will keep testing mobile security software against real world mobile malware. Read our 2017 mobile security review, when you consider adding Antivirus on your Mobile phone.

Spotlight on security: Does Google lives up to its promise?

Published by:

In 2007 Google promised to change the world with Android and the Open Handset Alliance: “A new computing environment that will change the way people access and share information in the future. The Android platform will be available under one of the most progressive, developer-friendly open-source licenses to bring to market new innovative products faster and at a much lower cost.

A decade after the announcement we did some fact checking to see whether Google lives up the promises made in the original press release?  

The price of the average Android phone has dropped 50 percent in the last 10 years. This graph also shows that the price of Apple phones has remained the same. Android flagship phones usually have the same price as flagship iPhones. The price promise is true for the average phone, but the price for flagship phones remained the same. The price promise is half true!

Open source is often mentioned in one sentence with free. Google earns money with advertisements in browsers. Smartphone’s with browsers would double Google’s earning potential. So many people expected Android to be completely free. Android is free, but the Google services running on it are not free. Manufacturers have to pay to install Gmail, Google Maps and the Google Play Store. Again the verdict is half true.

Android is build on Linux. Linux-based systems (like Apple’s iOS) claim they are a lot safer than Windows. When counting platform vulnerabilities this might be true, but how does this relate to real-world usage?

In March 2017 Google published its ‘Android Security 2016 Year In Review’ report. This report reveals interesting facts about Google’s efforts to improve security. According to Google, less than 0.71 percent of two billion Android devices had Potentially Harmful Applications installed. Google qualified these numbers as small.

Are these numbers really small? How does this 0.71 percent compares to the Windows platform? Every month most Windows PC’s are checked with the Malicious Software Removal Tool. These metrics are reported in Microsoft’s Security Intelligence Report. The Computers Cleaned per Mille (1000 PC’s) worldwide average was 0.88 percent in 2016.

So yes, Android is safer, but not as much people tend to believe. According to FBI data the risk of being victim of a violent crime in the US is only half of this risk.  So again, we value this promise as half true. Read our ‘2017 Mobile Security Report‘, when you consider adding Antivirus on your Android device. 

Malware in the media – July’s “ignorance is bliss”

Published by:

The Internet of Things (IoT) promises to make life easy, but Panda calls it “the next cyber security nightmare” and CSO ranked “the Internet of malicious things” as the number one threat for 2017. Shortly after the NotPetya ransom-worm, the first ever WIFI-worm was unveiled: broadpwn!

On July the 27th Nitay Artenstein demonstrated the first successful WIFI-worm attack at the Blackhat USA 2017 event. Broadpwn used a vulnerability of the Broadcom WIFI chipset which could potentially impact over one billion smartphones. Luckily both Google  and Apple released a patch before public disclosure (ignorance is bliss).

Immediately another WIFI-related scoop came to mind, a practical joke published on July the 18th by Purple, a WIFI marketing and provisioning company. 22.000 people accepted a free WIFI EULA without reading and committed themselves to 1,000 hours of community service, like cleaning toilets at public events (is ignorance really a bliss?).

Combine the agility (by air) of the broadpwn worm with the eagerness of people seeking free WIFI, and the IoT suggests a gloomy outlook of titanic ignorance proportions. But is it really that dark? Let’s have a look at what positive influences can be expected from legislation, law and the increasing insights of the (IT) industry itself.

According to Bitdefender, a Swedish governmental outsource blunder exposed sensitive military data, and the names, addresses and photos of people in the witness protection program. Maybe the resignation of two Swedish ministers and the recent targeted ransom-worm attacks on critical infrastructure are a wakeup call for politicians.

When both the general public and government show little concerns about privacy and security, there is little incentive for smart product vendors to adopt their procedures, protocols and software to the security standards required by the cloud and the Internet of Things.  

So our last hope is the (security) industry itself. In our Pi-hole blog we have already noted that antivirus software vendors have partnered with hardware vendors. Tencent and Tesla have taken this partnership a step further. Tencent now owns five percent of the Tesla shares and helps Tesla to improve the security of the car control systems of the Model X. Maybe these cross-industry alliances are the way to tackle the security challenges of the IoT. After all, it makes sense when IT is an integral part of a smart product, IT-security also has to be an integral part of that smart product.

Spotlight on security: Bob Dylan & Dalai Lama on threats & transparency

Published by:

At first glance the WannaCry and NonPetya outbreaks are no different from the CryptoLocker outbreak of 2015 or the CryptoWall outbreak of 2014. Some of us may even remember the first file-encrypting malware, called PC Cyborg Trojan (aka AIDS Trojan) discovered in 1989. So security insiders may ask themselves in despair: How many fools does it take, to make the same mistake over and over again?

To quote Bob Dylan, “the times they are a changing”, because the recent outbreaks of crypto-ransomware changed the mindset of public, press and ultimately politicians:

  • The first ever case of cyber cooperation at EU level between the national Computer Security Incident Response Teams.
  • The first EU-wide legislation on cyber security to harmonize and harden network and infrastructure security for both critical infrastructure (energy, water, banking, etc.) and digital infrastructure.
  • The first framework for a joint EU diplomatic response to malicious cyber-attacks against one of its members.
  • The NATO Cooperative Cyber Defence Centre of Excellence concluded that “the global outbreak of WannaCry and NotPetya called for a Joint Response from International Community”.

Politicians finally realize that cyber-attacks are covert and cross border by nature. Ironically the cloud of confusion related to cyber-attacks also impacts the security industry itself.

According to the Dalai Lama, “A lack of transparency results in distrust and a deep sense of insecurity”. This sense of insecurity was addressed in recent Senate Intelligence Committee hearings in which unsubstantiated allegations were made against Kaspersky Lab. In a response, Eugene Kaspersky, CEO of Kaspersky Lab, said he would allow his source code to be reviewed by US officials, adding that he was ready to testify before U.S. lawmakers as well. “Anything I can do to prove that we don’t behave maliciously I will do it.” 

Code reviews are not uncommon to acquire government contracts in the China, Russia and the US (the EU officially prefers open source software). Besides intellectual property issues, source code is the intellectual capital of a software firm. By disclosing the source code, a company risks leaking its competitive advantage. Symantec for example refused to disclose their source code to the Russian FSTEC, but other IT companies like Cisco, IBM and McAfee agreed.

At AV-Comparatives we contribute to transparency by providing systematic testing of security software. Being the first test lab to be both ISO and EICAR certified, we have committed ourselves to maintaining the highest standards.

Malware in the media – June’s “fire in the hole”

Published by:

Fire in the hole is a warning that an explosion is about to occur. In old days coal miners used to yell this three times before igniting dynamite. In those days dynamite was used to break rock and dig tunnels to excavate coal. The military adopted this expression to warn of an impending explosion.

This month’s initial candidate for this blog was an adware with a name related to explosions ‘Fireball’. Fireball is operated by a Chinese digital marketing agency. This browser hijacker is bundled with signed software and turns infected PC’s into so called zombies (to generate ad-revenue). According to claims of Checkpoint Fireball had infected over 250 million PC’s. The estimate of Checkpoint was based of the number of page visits to which the browser hijacker redirected infected PC’s to.

Microsoft posted an article explaining that they identify the Fireball adware family since 2015. The monthly data gathered by the Malicious Software Removal Tool (MSRT) from 500 million PC’s worldwide showed a much lower spread of infection. From September 2016 until June 2017, less than 11 million Fireball infections were neutralized by the MSRT. While the threat is real, the reported impact of this adware family may be overblown. 

Therefore this month’s malware in the media title goes to infrastructure attacking malware. June was the month in which Ukraine and the successors of Stuxnet dominated the media. First ‘Industroyer’ and ‘Crash Override’ were discovered by ESET (Industroyer) and Dragos (Override) six months after they had caused an outage in Ukraine. What made this malware special was that it specifically, autonomously and automatically targeted electricity infrastructure (McAfee).

Within a fortnight ‘Petya.A or NoPetya’ another offspring of Stuxnet wrote headlines around the world. This malware had compromised the servers of accounting software. IT-systems of clients were infected by an update pushed out by these servers containing this NoPetya malware. Again Ukraine was hit hard (ESET). Soon Comae Technologies and Kaspersky Labs discovered that this malware was no ransomware but a disk wiper with no intend or option to recover the deleted files.

This behaviour and the coincidence that ‘Petya.A or NoPetya’ is the diminutive of ‘Pjotr’ or ‘Petro’  which happens to be the first name of the current President of Ukraine (Petro Poroshenko) fuelled speculations of cyber warfare. Speculations or not it is a clear warning that companies and governments have to rethink their digital defences for critical infrastructure. We would like to finish with a quote of ESET Senior Malware Researcher Anton Cherepanov: “The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world”: Fire in the hole . . .

Spotlight on security: Pi-hole a blackhole for Internet advertisements

Published by:

Starting from June, AV-Comparatives will highlight an interesting event, idea, initiative, announcement or product which will make the digital world a safer place to surf and live in. We will kick off with an interesting piece of software originally developed for the Raspberry Pi, called Pi-hole.   

Pi-hole is basically an adblocker which works at the network level. Pi-hole now also runs on Linux hardware and virtual machines. You may think big deal, I already use a a host file or browser extension to block trackers and advertisements. On top of that I am using Android, Apple and Windows devices, not Linux. So why does Pi-hole deserve to be highlighted in our new “spotlight on security” blog series? Well, besides blocking advertisements at the earliest stage possible (at first DNS request) it has some interesting features and applications. Furthermore, Pi-hole is open source and free to use.

Your old TV set-top and your new Smart TV already connect to the internet. Soon your car will inform your air conditioning or central heating that you are leaving work and start the microwave or oven to prepare your meal. The Internet Of Things (IoT) will increase the number of devices connected to the internet in our house. Blocking advertisements by installing software on clients will become a tedious task. Most of these devices probably won’t allow you access to the OS or pre-installed software anyway. This is where Pi-hole comes to the rescue. Pi-hole is a black hole in which internet ads and bugs disappear by blocking trackers and advertisements and trackers at the network level for all IoT-devices in your home.

People unfamiliar with linux can rest assure. The installation of Pi-hole is well documented and supported with an automated one step script, which can be copied from a website. Pi-hole has a well-designed and easy-to-use web interface, so anyone can whitelist domains or add blocklists. The Web interface offers a wealth of information, informing you what goes on in your network. The graphical interface shows how many ads were blocked, a query log, and more, like top domains visited and top advertisers blocked.

The smartphone has had a huge impact on how we communicate and socialize with other people. Will the IoT have a similar effect on how the digital agents on our devices communicate with each other?  Some antivirus companies are already anticipating the new security issues this network of interrelated devices will cause. AVG (Ally), Bitdefender (Box) and Norton (Core) have announced or launched antivirus solutions embedded in routers developed for the home and SOHO (Small Office and Home Office) market. At AV-Comparatives, we will be keeping an eye on this new trend and will keep you informed of the latest developments.

Malware in the media – May’s lesson

Published by:

Month after month, our Real-World Protection Tests show an increase in ransomware prevalence.  For people following the security industry, this is no surprise, since many security vendors (e.g. Adaware and Avast) have been predicting this.

The “star” of this month’s media attention was WannaCry. The high media coverage was caused not only by its massive outbreak in over 150 countries in a few days (according to CrowdStrike), but also because it has all the elements of an exciting 007 movie: a plot with a national security agency causing the problem (Emsisoft: “WannaCry outbreak caused by NSA exploits”); a conspiracy theory with an evil organization (The Shadow Brokers), possibly connected to a rogue nation (Symantec: “WannaCry attack shows strong links with North Korean Lazarus Group”); a young hero (22-year-old Marcus Hutchins, AKA MalwareTech) saving the world from further damage by activating the built-in kill switch by the quick registration of an internet domain name.

Despite all the media attention, it was not WannaCry but the Jaff ransomware that affected the most victims in May (eScan: “Ransomware variants vying for top slot”). Jaff ransomware is often delivered through spam emails containing a PDF attachment. When the attachment is opened, an embedded word document with macros is started. If the user ignores the macro warning and lets them run, a copy of the actual ransomware will be downloaded and executed.

Safe computing habits and an updated system with an antivirus program will protect against most ransomware attacks. The infection statistics for the recent WannaCry outbreak clearly illustrate the importance of an updated security product and operating system. Contrary to initial belief it was not XP, but Windows 7 systems that were worst hit by the WannaCry ransomware (98% of cases, according to Kaspersky Lab’s Costin Raiu).

Whilst Microsoft’s inclusion of basic antivirus protection in Windows 8.1 and 10 is in principle commendable, there are a couple of areas of possible concern which should be noted. Firstly, the same name (Windows Defender) is used for the antispyware-only program in Windows 7 as for the full antimalware program in Windows 8.1/10; some security researchers think that security-unaware PC users may believe their Windows 7 systems are fully protected without additional antivirus software, which they are not. Secondly, as ESET point out (based on Microsoft data), a monoculture of security software would make far more systems vulnerable, as attackers would only have to work out how to bypass a single antivirus program.