Tag Archives: Anti Malware

Android Click-Fraud Apps Briefly Return to Google Play

Click-fraud-1c
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior that simulates clicks is similar to the behavior of many legitimate applications (using common API calls and permissions). Further, part of the malicious code does not reside in the original malware and comes from a control server. Using special methods to perform the clicking allows the attackers to decide when and how pursue their fraud.

The McAfee Mobile Malware Research Team recently found on Google Play a group of Android/Clickers published by the developer “TubeMate 2.2.9 SnapTube YouTube Downloader J.” Five apps were updated on Google Play on August 4 and were removed a few days later, along with the developer profile.

By checking “com.ggnegmth.app” on GooglePlay we saw something suspicious in this application: a nonsense name, no description, and poorly reviewed. Of course, those traits do not guarantee an app is malicious, but this lineup should serve as a warning for Android users looking for new apps.

 

Analyzing and reverse engineering this sample shows us a DeviceAdminReceiver class that connects to a hardcoded URL to obtain parameters that indicate how and where to perform click-fraud activities:

This function is part of a service initiated by a receiver related to DeviceAdmin.

Once the URL is requested, the control server returns an HTML page with the parameters in an uncommon way—inside the title tag, as we see in the following:

All the parameters are in one line, but the malware interprets them using the string “eindoejy” to separate them, obtaining the target URL, JavaScript functions to perform clicks, HTTP headers used in the fraudulent HTTP request, and another Google Play package to monetize the clicks in the abused ad network. We thought that string “eindoejy” could be an anagram of “I enjoyed” or “die enjoy,” but we found other variants in which the word used to split the parameters is different.

Once installed, Android/Clicker.BN adds an icon to the main menu that is not related to the downloaded app from Google Play. The new icon appears to be a system utility. Some examples of the icons loaded by the malware:

When Android/Clicker.BN executes, it requests device administration privileges:

Some of the apps can access YouTube inside a WebView and list trending channels, others lock and blacken the screen, and others crash the UI while in the background running click fraud—which not only harms advertisers and publishers, but also generates malicious traffic on infected devices, impacts battery and overall usage performance, and opens the door to new malicious payloads.

McAfee Mobile Security detects this threat as Android/Clicker.BN!Gen and prevents its execution. To further protect yourself against malicious apps, use only legitimate app stores, and pay attention to suspicious traits such as nonsense names, missing descriptions, and poor reviews. Also verify that the app’s request for permissions are related to its functionality. Be wary when apps request device administration API access, which is usually requested only by security apps, antimalware, mobile device management, or corporate email clients. Most apps and games will never ask for device admin rights.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

Intel Security Launches ‘Threat Landscape Dashboard’

threat_landscape_dashboard
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Every week, we read in the news of another breach or targeted campaign, as more patches are released to protect against the next strain of sophisticated malware. For the administrators responsible for safeguarding a company’s systems, networks, and digital information, keeping up is an overwhelming task, made doubly difficult because it is often hard to determine the most significant threats.

To serve those admins, Intel Security began work nine months ago to design a new dashboard that identifies the most significant threats and illustrates the relationships between them.

We want to assist security practitioners when they make decisions about which vulnerabilities should be patched first, based on the prevalence of attacks that exploit those vulnerabilities.

Using vulnerabilities as the pivot point, the Threat Landscape Dashboard illustrates the relationships among exploit kits, campaigns, and ransomware. For example, the RIG exploit kit takes advantage of vulnerabilities that are used to spread certain ransomware families. Further, some of these vulnerabilities are also seen in targeted campaigns. Consequently, we can show links between exploit kits and targeted campaigns through vulnerability correlation. We also calculate a “risk score” for each threat and campaign, and recently added a “media score,” too. Monitoring and processing information from social media feeds, we calculate a score for the press attention received by the specific threat or campaign.

On each threat’s details page, we provide reference links to more information about the threat, including the source, blogs, and whitepapers. The dashboard also supports RSS feeds.

This is just the beginning for the Threat Landscape Dashboard; we are eager for your feedback. In the near future we plan to expand the dashboard with detailed threat descriptions and more contextual data. That information will be available through the RSS feed so users can import the feed and, based on keywords, filter the incoming stream.

To view the Threat Landscape Dashboard, visit tld.mcafee.com. It is also accessible through the Threat Center at www.mcafee.com/threatcenter.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

How to Protect Against Petya Ransomware in a McAfee Environment

McAfee_fight_against_ransomware
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft’s implementation of the Server Message Block protocol. This ransomware encrypts the master boot records of infected Windows computers, making the machines unusable.

The initial attack vector is unclear, but aggressive worm-like behavior helps spread the ransomware. (Read McAfee’s detailed technical analysis of the Petya ransomware.)

Microsoft released a set of critical patches on March 14 to remove the underlying vulnerability in supported versions of Windows, but many organizations may not yet have applied these patches.

How McAfee products can protect against Petya ransomware

As with WannaCry and other similar attacks, a layered, integrated cyber defense system that combines advanced analytics, threat intelligence, signatures, and human expertise is the best way to protect your business against emerging threats. McAfee’s collaborative cyber defense system leads the way for enterprises to protect against emerging threats such as Petya ransomware, remediate complex security issues, and enable business resilience. By empowering integrated security platforms with advanced malware analytics and threat intelligence, our system provides adaptable and continuous protection as a part of the threat defense life cycle.

Attacks like Petya and its future variants cannot win against a collaborative cybersecurity ecosystem that works as a team and empowers protective tools to make better decisions at the point of attack.

McAfee offers early protection for components of the initial Petya attack in the form of advanced malware behavior analysis with Real Protect Cloud and the brand-new Dynamic Neural Network (DNN) analysis techniques available in McAfee Advanced Threat Defense (ATD). ATD 4.0 introduced a new detection capability using a multilayered, back-propagation neural network (DNN) leveraging semisupervised learning. DNN looks at certain features exercised by a malware to come up with a positive or negative verdict to determine whether the code is malicious.

Whether in standalone mode or connected to McAfee endpoint or network sensors, ATD combines threat intelligence with sandbox behavior analysis and advanced machine learning to provide zero-day, adaptable protection. Real Protect, part of the Dynamic Endpoint solution, also uses machine learning and link analysis to protect against malware without signatures and provide rich intelligence to the Dynamic Endpoint and the rest of the McAfee ecosystem. Real Protect combined with Dynamic Application Containment provided early protection against Petya.

Multiple McAfee products provide additional protection to either contain the attack or prevent further execution. This post provides an overview of those protections with the following products:

McAfee Endpoint Security

Threat Prevention

  • McAfee Endpoint Security (ENS) with Global Threat Intelligence (GTI) and On Access Scan policy with the sensitivity level set to “Low” protect against known samples and variants. Learn more about recommended McAfee GTI file reputation settings in KB74983, with more information in KB53735.
  • McAfee Threat Intelligence Exchange (TIE) with GTI protect against known samples and variants.

Thus systems using McAfee ENS 10 are protected from known samples and variants with both signatures and Threat Intelligence.

Adaptive Threat Protection

  • Adaptive Threat Protection (ATP), with rule assignment configured in *Balanced mode” (Default in ATP\Options\Rule Assignment setting), will protect against both known and unknown variants of the Petya ransomware.
  • The ATP module protects against this unknown threat with several layers of advanced protection and containment:
    • ATP Real Protect Static uses client-side pre-execution behavioral analysis to monitor unknown malicious threats before they launch.
    • ATP Real Protect Cloud uses cloud-assisted machine learning to identify and clean the threat, as shown below:

  • ATP Dynamic Application Containment (DAC) successfully contains the threat and prevents any potential damage from occurring (DAC events noted below):

Advanced Threat Defense

  • McAfee Advanced Threat Defense (ATD) 4.0 with Deep Neural Network and Dynamic Sandbox identified the threat and proactively updated the cyber defense ecosystem

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

An Overview of Malware Self-Defense and Protection

McAfee-Central-wind8apps
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Many malware authors spend a great deal of time and effort to develop complex code. Their success depends on a threat’s remaining undetected and avoiding sandbox analysis, antivirus efforts, or malware analysts. This post offers an overview of the mechanisms used by malware to evade detection.

If malware is detected quickly, it has little time to steal data or to maximize its impact. The IT security market has matured and security tools and applications are today more efficient. However, attackers understand and monitor the operations of security tools. In addition, organizations do not always follow best practices. Antimalware tools are sometimes outdated, and sandboxes can easily be detected due to misconfiguration.

Malware self-defense

Malware can use several mechanisms to avoid detection and analysis. We can classify these techniques into three categories:

  • Anti-security tools: Used to avoid detection by antivirus, firewall, and other tools that protect the environment.
  • Anti-sandbox: Used to detect automatic analysis and avoid engines that report on the behavior of malware.
  • Anti-analyst: Used to detect and fool malware analysts. For example, spotting monitoring tools such as Process Explorer or Wireshark, as well as some process-monitoring tricks or packers, to avoid reverse engineering.

Some malware techniques are common to these three categories. Malware can use a technique like RunPE (which runs another process of itself in memory), to evade antivirus software, a sandbox or an analyst.

Sandbox evasion

Sandboxes are an effective tool to quickly detect and understand malware; however, it is relatively trivial for malware to detect a sandbox if it is not hardened. Malware can perform several basic checks:

  • MAC address detection: Virtual environments such as VMware or VirtualBox use known MAC addresses. This address is often stored in the registry at (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0000\NetworkAddress). The malware can detect this two ways, either by requesting the Hive key or using the GetAdapterInfo API.
    DWORD GetAdaptersInfo(
              _Out_   PIP_ADAPTER_INFO pAdapterInfo,
              _Inout_ PULONG                   pOutBufLen
    );
  • Process discovery: Malware may be able to detect whether there are any running processes related to a sandbox. For example, processes such as VmwareService.exe can be easily detected with the CreateToolHelp32Snapshot API, to get a snapshot of the current running processes, and then list each process of the snapshot with the APIs Process32First and Process32Next.
    HANDLE WINAPI CreateToolhelp32Snapshot(  
              _In_ DWORD dwFlags,  
              _In_ DWORD th32ProcessID
    );
    
    BOOL WINAPI Process32First(  
              _In_    HANDLE           hSnapshot,  
              _Inout_ LPPROCESSENTRY32 lppe
    );
    
    BOOL WINAPI Process32Next(  
              _In_  HANDLE           hSnapshot,  
              _Out_ LPPROCESSENTRY32 lppe
    );
  • Registry detection: Virtual environments create registry keys on the system that can be detected by malware. Following we see an incomplete list of the registry keys that malware can check:
    “HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0”
    “SOFTWARE\\VMware, Inc.\\VMware Tools”
    “HARDWARE\\Description\\System”
    “SOFTWARE\\Oracle\\VirtualBox Guest Additions”
    “SYSTEM\\ControlSet001\\Services\\Disk\\Enum”
    “HARDWARE\\ACPI\\DSDT\\VBOX__”
    “HARDWARE\\ACPI\\FADT\\VBOX__”
    “HARDWARE\\ACPI\\RSDT\\VBOX__”
    “SYSTEM\\ControlSet001\\Services\\VBoxGuest”
    “SYSTEM\\ControlSet001\\Services\\VBoxMouse”
    “SYSTEM\\ControlSet001\\Services\\VBoxService”
    “SYSTEM\\ControlSet001\\Services\\VBoxSF”
    “SYSTEM\\ControlSet001\\Services\\VBoxVideo”

Malware can also perform some advanced techniques to detect a sandbox:

  • Checking hook function: A hook is basically a technique to alter the behavior of an internal function of an operating system or an application. Sandboxes use hook techniques to alter the behavior of a sample; for example, by hooking the DeleteFile function, malware will try to delete a file that will be intercepted by the sandbox. These kinds of function are located in a specific place in memory (kernel land).

Malware can detect a hook by checking the address of the calling function. For example, if the returned address is not located in the kernel, the function is currently hooked.

Malware can use other techniques such as checking the size of the hard drive or using special instructions to detect specific registers (“Red Pill” or “No Pill” techniques). These techniques are based on the fact that registers are unique in a machine and have to be relocated on a virtual environment.

Antivirus evasion

Antivirus tools use three basic functions: signatures, scanner, heuristics.

  • Evading signatures can be performed by changing the hash of the sample, which is as easy as changing only one byte in the executable.
  • Evading a scanner can be performed by creating a big file to confuse the emulator.
  • Evading heuristic analysis is more complex, but can be performed by hooking back functions.

Another way to evade antivirus tools is for the malware to disable the tool or add an exception. Polymorphic codes are particularly difficult to detect.

Antidebugging

Malware analysts often have to dig deep during code analysis. Antidebugging is another malware technique for avoiding reverse engineering by a debugger. It is relatively trivial to detect the presence of a debugger using the Windows API.

  • IsDebuggerPresent: This function checks a specific flag in the process environment block for the field IsDebugged, which will return zero if the process is not running in a debugger or a nonzero if a debugger is attached.
    BOOL WINAPI IsDebuggerPresent(void);
  • FindWindow: This function can search for windows by name or class (for example, OllyDbg). This function can also detect tools such as Wireshark or Process Explorer.
    HWND WINAPI FindWindow(  
              _In_opt_ LPCTSTR lpClassName,  
              _In_opt_ LPCTSTR lpWindowName
    );
  • CsrGetProcessId: This function can find the process ID of csrss.exe, a system process. By default, a process has the SeDebugPrivilege privilege in the access token disabled. However, when the process is loaded by a debugger such as OllyDbg or WinDbg, the SeDebugPrivilege privilege is enabled. If a process can open csrss.exe, it means that the process has the privilege SeDebugPrivilege enabled in the access token, thus suggesting that the process is being debugged.

Anti-Disassembly

Anti-disassembly is another technique to avoid analysis through reverse engineering. There are many ways to hinder a disassembler:

  • API obfuscation can hide a call to a special function. The result could be a call without the name of the API function, for example. The analyst has to reverse it to understand which function was used. This takes time.
  • Inserting junk code: Junk code can be inserted into the malware to fool analysts into wasting time trying to reverse unusable code. The junk code does not change the behavior of the sample because this code is never executed.

The “Unprotect Project”

There are many ways to avoid malware analysis. Some open projects list these techniques. The Unprotect Project is an open wiki that collects and lists malware protection and self-defense techniques. The project includes a mind map that lists techniques for a better understanding of malware protection capabilities.

The goal of this project is to help the community better understand techniques used by malware to stay undetected, bypass security protection, and avoid analysis. The following categories appear on the website:

  • Sandbox evasion techniques: To evade sandboxes analysis.
  • Antivirus evasion techniques: To evade detection by antivirus.
  • Anti-debugging techniques: To fool debuggers and avoid analysis.
  • Anti-disassembly: To avoid reverse engineering and understand the behavior of malware with a disassembling tool.
  • Process tricks: To hide the malware processes on the system and stay undetected.
  • Obfuscation and data encoding: To hide data or part of code in the malware.
  • Packers: To protect malware code and add other evasion capabilities.

The wiki is updated continuously.

Conclusion

Malware is constantly growing smarter and evolving techniques to stay undetected. Understanding these techniques and sharing the experiences of the information security community are effective ways to fight malware.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

McAfee Customer Success Group Puts Customers at the Core

tech-support-customer-support
Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

To Our Valued Customers:

Allow me to introduce myself. I am Aneel Jaeel, the new leader of the McAfee Customer Success Group. With 25 years of industry experience, I’m excited about applying what I’ve learned to help transform our organization to bring you the best possible customer experience. I’d like to share our vision of customer success, which includes a new approach and a new flagship offering.

When it comes to protecting against breaches and other advanced threats, companies are facing big challenges—enterprise environments are more complex than ever before, the volume and sophistication of attacks is increasing at a rapid pace, and skilled staff are in short supply. There’s never enough time to keep up with new outbreaks, updates, and technology trends. With 1.8 million cybersecurity jobs going unfulfilled in 2017, building a top-notch team has never been more difficult. And threats are evolving rapidly, which means we need to proactively evolve our defenses.

As part of our transformation as a company, we pledge to dedicate ourselves to keeping the world safe from cyberthreats and to be your number one security partner. Our new Customer Success Group has aligned itself with that mission. We aim to put you, our customer, at the core to ensure that you get your desired outcomes from your McAfee solutions. With that goal always at the forefront, we are now providing holistic solutions that align Education Services, Professional Services, and Enterprise Support teams to help you achieve and maintain success throughout your entire threat defense lifecycle with us.

At MPOWER, we’ll be launching a new integrated offering—our flagship McAfee Premier Success Plan. We understand that acquiring the right solution is just the beginning. Equally important to a sound security strategy are decisions around design, deployment, maintenance, risk management, escalations, and education. Drawing from key services across our organization, we’ve created a simplified, all-in-one program focused on three outcomes. Through the McAfee Premier Success Plan, we’ll collaborate with you to more proactively plan and maintain your McAfee solutions, manage operational risk, and derive the full value of your security investment over time. Our comprehensive roadmap integrates professional services and solutions services, training, and technical support with personalized management.

We at the McAfee Customer Success Group believe in the principle that “Together is power.” When it comes to achieving digital safety and success, you are not alone.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

How To Removing McAfee Antivirus Using The Command Prompt

Activate-Mcafee-product

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

There are a lot of internet utility tools that help us in maintaining our life at a par stage every time. We use these tools and applications on daily basis without pondering about anything related to these. Take anything from this world and you will find that it definitely has something related to the internet. And when this internet word gets attached to something then there attaches some vulnerability also. And to prevent our systems from any such vulnerability, we install best of antivirus and other security software’s. One such software which has been discussed in this blog is McAfee.

It is a complete package in itself. Here, by installing it, you get a whole set of services with all the tools that are needed to make your computer or any other device full secure. You can also take the help of McAfee support to learn some of the interesting features of this application. It is not only an antivirus but also a waste removal tool with the tune up arrangement and network protection tool also.

If you are facing any difficulty with this product and want to remove it from your computer but are unable to do so through the programs and features window then you can follow the below mentioned steps in order to remove it through command prompt:

  • 1. First, on your computer, press the keyboard combination Windows + R and click OK to proceed.
  • 2. Now you have to navigate to your McAfee software by providing the access path to that place where this product is installed.
  • 3. Now you will see some keys corresponding to your all the installed products on your computer. Select only that key that corresponds to the McAfee application.
  • 4. Press the uninstall command and then select the modify button to proceed to next screen.
  • 5. Highlight the value data by selecting it and copy it to the run dialogue box.
  • 6. Click OK and the product will now uninstall by itself.

You can Contact McAfee support from your phone to get some additional assistance. Our Expert team even can do the required task on your behalf. They will make sure that your problem is solved in minimum interval of time.

Source : unknown

McAfee.com/activate : Blog

How to Secure the Future of the Internet of Things

McAfee_antivirus_internet_security

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

The world of security for the Internet of Things just became more complex. IoT devices are no longer a potential threat to their owners; now they pose a significant threat to everything connected to the Internet.

The old IoT security problem

For the past year, the cybersecurity and IoT communities have been at odds regarding how to keep devices from harming their owners. Much of the focus emerged around industrial controls and transportation equipment. Vulnerable industrial controls devices could cause cascading effects to power stations, water distribution, chemical plants, heavy machinery, and other industrial facilities, posing a threat to workers or downstream users. There have been hacks, compromises, and stern warnings. Concerned governments are putting pressure and establishing requirements to protect services at a national level.

Vehicles, most notably airplanes and smart cars, have taken the bulk of the public’s attention. Hacks against Jeep, Tesla, and Volkswagen have shown how doors can be unlocked and total operating control commandeered with steering, breaks, and acceleration taken over by an attacker. A car that is rendered unusable by its owner or made to crash and injure occupants is frightening but apparently trivial if you do not own that type of vehicle. The public appears to be entertained by these research exploits but not too concerned. The danger may seem beyond the everyday consumer and the effects are likely limited to only those who could afford such conveyances.

On the low-cost side, home appliances, wearables, toys, and drones are already a part of the everyday consumer world, but hacking a smart toaster or rice cooker seems harmless, beyond some burnt starch.

Eventually, we will face more risks than we can imagine. As IoT devices are woven into the fabric of people’s daily lives, we will be at risk of their misuse. In the future they will begin to control the stoplights on the way to work, the equipment in the emergency room, control of progressively more vehicles on the road and in the sky, and the distribution of such necessities such as electricity, food, medicine, water, and communications. We will begin to understand how these little technical minions become critical to the smooth delivery of services in our future digital lives.

This is the space where thought-leading IoT manufacturers are working feverishly. The automobile industry in particular has been quick to invest in security to ensure their products do not cause accidents. Such work has begun, but it still has a long way to go in cars and across all the other billions of devices we will weave into our lives and businesses in the next few years.

The next generation of IoT devices is appearing and will work to help protect our property, monitor our health, automate our homes, keep our children safe, increase our communication, eliminate time-wasting chores, make us more efficient, and optimize our businesses. A great future to be sure, but it will need to be trustworthy and secure, as our reliance on the smallest elements will ultimately impact the biggest parts of our lives. These are all known and accepted security challenges in the world of IoT. This is not the end of the security story, only the beginning.

iot5

The new IoT security problem

We now face a new set of problems with IoT. Unlike the known challenges, in which IoT devices might impact local owners and bystanders, the new threat is a powerful weapon that can be pointed at anything connected to the Internet. Recent distributed denial of service (DDoS) attacks have been fueled by hacked IoT devices, called bots. DDoS attacks saturate Internet-connected devices and services to bring them down or make them unavailable. Such attacks have been around for years, and in fact were some of the first types of Internet attacks; but the scale is now changing the game at a pace not tenable for security workarounds.

The game has changed. These IoT DDoS attacks are typically run by “bot herders.” These herders compromise devices and install malware that allows them to be remotely controlled. By pointing hundreds or thousands of devices to flood a target with requests and data, they can overwhelm it to the point it can no longer maintain functions. There are several anti-DDoS services that offer protection for a price. But the scale of the new IoT-backed attacks, which are larger than anything ever seen, makes protection difficult and costly. Josh Shaul, Akamai’s vice president of web security, warned that if such an attack were sustained, it could cost the victim millions of dollars in cybersecurity services to stay online.

Traditionally, PCs were the prime targets to turn into bots, as many people did not bother with installing antimalware products. But over the last few years, PCs have become much better protected and thus difficult for bot herders to consistently control. The other problem is the shift to laptops. A bot is good only if it is online, can receive instructions from its master, and then continuously execute those orders. Laptops do not fit this model well, as they spend much of their time off, to save battery life.

What bot herders really want is a massive number of devices that are easy to hack, are ignored by their owners, and are constantly connected to the Internet. Recent attacks have proven IoT devices are the perfect solution for cybercriminals.

The rise of IoT is a dream come true for bot herders. Most IoT devices are not powerful enough to have any type of antimalware service. A majority of consumer products come with a default login and password that are published by the manufacturer and easily found on the web. Many stay continuously connected to the Internet and users rarely monitor or update these devices, especially consumers. The biggest factor is around scale. Unlike the hundreds or thousands of PCs that might be in a herd, IoT botnets can number in the hundreds of thousands!

With legions of exploitable devices, attackers are mustering massive DDoS armies and the results of IoT botnets are devastating.

How to secure the future of IoT

The problem is not just what to do now, with the current exploits, but also how to protect the future. Attackers are using the most simple and easy path to take control, the default passwords. But they will adapt as controls come into play. This is the pattern we have seen with many other attack vectors. It is a repeating cycle in which attackers follow the path of least resistance to achieve their objective. IoT devices are just too perfect for botnets for the attackers to easily give up. This is shaping up to be a long and drawn-out fight.

securing-iot-devices

We must secure the future of IoT. This means blocking current exploits as well as interdicting the likely future maneuvers of attackers. This is what must be done to protect the life cycle of IoT devices, from inception to retirement.

  1. Designed and architected for security
    IoT manufacturers must take the time to embed security into the architecture, interfaces, and designs of their products. Basic security concepts and capabilities such as compartmentalization of data and code, communication between trusted parties, data protection both in use and at rest, and authentication of users should be established and tested. Products in the future will get more powerful, store more data, and possess more functionality. This means products should have the ability for security updates, feature locking, build validation, software vetting, and default configurations that follow industry best practices. It all starts with the manufacturer. Future proofing begins at the foundations. The hardware, firmware, operating systems, and software must be designed to go into a hostile environment and survive.
  1. Secure provisioning and configuration
    Most IoT devices require some kind of setup and provisioning upon installation. Device identity and authentication are a must, as part of this two-way process. Proper default configurations that adhere to best security practices are important and should be easy for users to understand. Rules should be in place that do not allow default passwords, require patches and updates to be signed, data to be encrypted, and only secure web connections. For enterprises, limiting network access, patching in a timely manner, and allowing only approved software to run will go a long way to keeping the devices secure. For gadgets that are capable, implementing security software such as antimalware, intrusion prevention systems, and even local firewalls will improve the device’s defense posture. Detection and telemetry should also be configured to detect when systems are under attack or are functioning in ways not intended by the organization. Policies must be established for privacy, data retention, remote access, key security, and revocation procedures.
  1. Proper administration and management
    For devices owned by consumers, it is imperative they alone maintain the final say in how the device is managed. Manufacturers and online service providers play a role in provisioning but the owner must retain ultimate control of what the device will do. Provisioning is different than administration. For example, during installation of home cameras it makes sense to connect to the manufacturer for the latest patches and maybe even setting up cloud storage. But you would not want your home cameras controlled by the manufacturer. They should not have the ability to operate them outside of buyer’s authority. Owners must retain the power to turn on or off their products and choose which online services they allow to connect. This requires proper user identification and authentication. As before, allowing a common default password is not good because anyone can take over as the administrator. Imagine if Windows came with a default login password for every system. It would create a security nightmare because many would never change it and attackers would login as users. So, first IoT systems must be able to authenticate their owners. Management functionality must also extend to empower the owner to set limits, data policies, and privacy parameters that are more restrictive than those of any potential third-party vendor. Signed security updates should be automatically installed by default as they become available. Savvy owners should be able to configure limits for inbound and outbound connections, data types, ports, and security settings. Logs that can be pushed to a trusted system or viewed locally should capture errors, and unexpected and unusual activities. A system for remote-warning notifications, via email or text, is a welcome feature on some devices. Finally, a reset capability must be present in the event of an unrecoverable compromise or transfer of ownership.

Enterprise and industrial devices are typically managed centrally, by the purchasing organization. This may be part or different than provisioning by the manufacturer or service provider. Entire classes, potentially numbering in the thousands, may be controlled to operate individually or as part of a collective. The same choices and control are required. Instead of a single owner, an organization’s employees will administer the IoT devices, monitor for issues, and respond to problems.

Proper administration and management is about oversight and final control by the device owner. It should be simple to understand and easy to manage. Devices should possess the necessary processes to determine if something is wrong, communicate such events to their owners, and provide options to resolve issues. IoT devices are here to make our world better and smarter; they themselves must bring some intellect to the ecosystem to protect themselves and work with their owners for their benefit.

How do we make IoT security a reality? 

Security and privacy take effort, resources, and commitment. To change from the status quo, we must hold manufacturers accountable for their devices. If they fail to design and architect security into their products, make them liable and stop buying their wares. For critical functions that could put the safety of people at risk, enact regulations and subject them to government penalties.

As part of the best practices, which manufacturers and service providers must follow, developers must institute the aspects that make provisioning and initial configuration secure by default. Industry consortiums are working to define best practices, configurations, and default settings for different device classes.

Last and perhaps most difficult, is to raise the level of awareness and involvement of users. It is their security and the operational availability of potential Internet targets that is at risk. Without some assistance from consumers and businesses, these controls will be easily undermined or neglected. Social interaction must take place. We all have a responsibility, as a digital community, to maintain reasonable hygiene for devices connecting to our common resource, the Internet.

The choice is ours

It may seem like a lot to consider, but remember attackers need only find a reasonable vulnerability to exploit. The opportunity is to make the effort challenging enough so they are not motivated to pursue these devices. We find ourselves in a situation in which billions of IoT products will flood every industry and quickly find their way into our homes, schools, governments, and businesses. We must make the necessary efforts to not bring vulnerabilities with them. The effects will go well beyond our own lives, data, and devices. They may be turned into legions of bots, which could cause havoc to even the biggest of organizations on the Internet. We could all become victims if we do not work together to make our future technology trustworthy, safe, and secure.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

McAfee MOVE AntiVirus Multiplatform Deployment Just Got a Lot Easier

macafee-antivirus

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

McAfee Management for Optimized Virtual Environments AntiVirus (McAfee MOVE AntiVirus) optimizes security for virtual desktops and servers. Version 4.6 became available on July 18, 2017. One of the major enhancements offered by this release is dramatic simplification of the multiplatform deployment process. McAfee MOVE AntiVirus 4.6 automates the deployment of the Security Virtual Machine (SVM) Manager, SVM and clients, reducing manual clicks by 70%!

Here’s a quick walk through of the new streamlined deployment steps:

Step 1:  There’s now just one click installation of software extensions and product packages required so that you can install McAfee MOVE AntiVirus components on McAfee ePolicy Orchestrator (McAfee ePO) or deploy them to virtual systems. No more separate downloads.

Step 2:  Like in previous versions of  McAfee MOVE AntiVirus, you register your VMware vCenter account with McAfee ePO.

Step 3: Configuration and deployment

of the SVM Manager is now consolidated into one step using a single Meta Package.

Step 4:  You review your McAfee MOVE AntiVirus deployment status.

Step 5:  Next, you deploy the McAfee MOVE AntiVirus client. The McAfee MOVE AntiVirus client will automatically run the European Institute for Computer Antivirus Research (EICAR) test.  This means that you no longer need to log into the MOVE client and the MOVE SVM to check connection status and that you don’t need to run separate EICAR tests.

Step 6:  The SVM deployment will start automatically. Deployment of SVM load balancing is also automatic.

Error codes for all six steps are now automatically generated and displayed in the status during installation to make diagnosing issues much easier.

Learn More

McAfee MOVE AntiVirus 4.6 includes a number of additional enhancements, including the ability to block more threats in multiplatform deployments with improved threat intelligence. Check out the release notes for more details.

Source : securingtomorrow.mcafee.com

McAfee.com/activate : Blog

What Are The Steps To Fix Mcafee Error Code 0?

McAfee-error-code-0

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

When users try to install McAfee antivirus they come across an error code 0 and this issue generally takes place during installation of security suite and it gets failed. Further, installer displays you a red banner with a message “Unable to continue installation” or “we are having issues in installing McAfee antivirus”. There may be another message that displays “something went wrong with the installation”. But you don’t have to worry about this situation McAfee support team experts have found a complete solution to overcome this error.

In this blog, you will read the complete description of steps that will help you in fixing this error.

Steps To Follow:

Run McPreinstall Utility

  • The first thing that users need to do simply click on “Done” icon and then close this dialog box.
  • After that, you have to download “Pre-install tool” zip files and then save it on your PC.
  • You just need to double click to open and access zip file to install Pre-install tool to your desktop.
  • You need to double click on the downloaded setup and follow on-screen prompts.
  • Now, wait for some moments until the installation is done and then retry installing this antivirus.

Process:2 Run McAfee Virtual Technician

  • Open your web browser and there click on “Download and Run” icon follow all directions to run all MVT features
  • Wait for some moments until it is done and then retry installing your antivirus application

Process:3 Re-Download McAfee Installation Package After Execution Of Removal Tool

  • You need to make use of a different browser and then download “Removal Tool” carefully
  • Run this tool and then perform a reboot when you get an option to do so.
  • Next, you need to use a different browser to download McAfee Windows Security Suite again.
  • Now you have to install this application from the newly downloaded setup.

These steps will help you in fixing this error and in case, you face this error again then make a turn towards McAfee Customer Support team. You’ll find the proficient technicians sound in dealing with any issue.

Source : Unknown

McAfee.com/activate : Blog

How To Update Credit Card Info In McAfee?

mcafee-plus-antivirus

Tags : McAfee.com/activate , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Have you linked your credit card with your McAfee Account? Do you want to update its details? Or do you wish to remove it from account due to some personal reason? You are at the right place as this blog provides the exact information you are seeking for.

McAfee Support is a service for its customer to deal with them directly regarding their queries and doubts. You are provided the information about the latest updates and features too by the experts. The team of well-trained technicians has brought this content for the users to help them in case of their credit cards. The users are always left satisfied with the best possible ways. You can follow these instructions carefully and step-by-step:

Update the Credit Card Information:

  •  Browse the official website of McAfee.
  • On the home page, go to My Account.
  •  As you click on my account, click the option of Edit Billing.
  •  If you are prompted then Sign in: enter the correct email address and password to Log In.
  •  Now you are on main page i.e. to update details of your card: Enter in each box Credit card type, Credit   Card number, Security code, Expiration Date.
  •  Billing address should match with the address that is on file.
  •  Lastly to update these details click Save.

Remove Credit Card:

If you wish to remove card’s details from your McAfee you will have to Contact McAfee Support . McAfee doesn’t allow the users to remove it himself; agents will do that for customers. You cannot remove it, so just give a call and remove by giving the necessary details to the team member. You talk to experts and get instant replies. You can deal with any issues regarding antivirus product and stay updated.

Source : Unknown

McAfee.com/activate : Blog