Malware forces Slovak internet

Fighting against malware in Slovak antivirus company Eset.(Source: Sme)

Nowadays, when about three quarters of Slovaks use internet and the technology is spreading to many items of everyday use, malware threats are greatly increasing their power.

Though in the past Slovakia differed in the number of attacks compared to other EU countries mainly due to the lack of direct internet payments, new methods of assaulting the latest vulnerabilities are already affecting the market. Better chances to harm users lead to greater interest of hackers, who today often take attacks as a gainful activity, according to IT expert community.

“Attackers are more or less extortionists who deploy code for disk encryption and if you do not pay you will lose your data,” Ondrej Macko, editor-in-chief of the TouchIT.sk website, told The Slovak Spectator.

Hence the amount of malicious code on both desktop PCs and mobile platforms constantly grows. Eset anti-virus software company records about 300,000 new, never analysed samples of malware every day.

“The number of Android platform threats has more than doubled in the past two years,” spokesperson of Eset Zuzana Hošalová told The Slovak Spectator.

Mostly ransomware

From among the many variations of malicious code in cyberspace, security companies record the most sensitive jump in ransomware. This malicious code spreads itself through email attachments as invoices or fake notifications on emails. After infection it prevents the user’s access to the computer and generally requires a ransom.

While a huge business with ransomware attracts many attackers to huge gains, there are also more phishing attacks of which 90 percent serve the dissemination of ransomware, according to Michal Salát, security expert of Czech IT security company Avast.

“Two years ago, the public almost did not hear about ransomware and today it is one of the most disputed security topics,” Salát told The Slovak Spectator.

Attack on tax office

Slovak internet users do not avoid ransomware attacks. One of the latest harmful attacks was false website financnasprava.digital which abused the appearance of the Financial Administration’s original website to spread malware. After encryption of all user’s connected drives, the attacker demanded a ransom of 0.8 bitcoin (about €900).

Whereas the attack occurred in late February, its author clearly wanted to exploit the period in which companies and households begin to submit tax returns, according to Róbert Lipovský, security researcher at Eset.

“The official website of the Financial Administration allows for submitting tax returns, VAT statements and control statements,” Lipovský told the SITA newswire.

An anonymous hacker spread the ransomware through a false email address again with a similar name to that of the state office, and registered his fake clone of a web portal in Panama, the Sme daily reported.

Social engineering appears too

In the early months of 2017, Slovaks also struggled with links to fake shopping vouchers of Tesco and Lidl retail stores that attackers disseminated via social networks. The case represents a so-called social engineering attack without malicious code which simply fools people, said Hošalová.

“No one needs any sophisticated methods to send you a deceptive email about a too good to be true message claiming that it gives you money,” Hošalová said.

Hošalová pointed out that in the long term such attackers exploit names of prospering companies and state organisations because many people do not doubt the authenticity of emails which act as, for example, official messages from banks. These are similar cases as emails from Nigerian princes, for example, she said.

Other new threats

While in general Macko pointed to new Android operating system viruses stealing phone numbers, contacts and short messages, Hošalová listed campaigns of fake e-shops on social networks, misuse of user profiles and infected apps that triedto exploit the popularity of the Pokémon GO game at the end of summer 2016.

In addition, Avast recorded other attacks on routers and Internet of Things devices including the Mirai malware which forces devices to report to a central control server, turning them into a bot that can be used in distributed denial-of-service offences.

No spatial differences

Given that internet space is a global entity, the situation in central Europe is very similar to that in other European countries, according to experts. There are prevailing attacks like redirections to various quizzes, false chances to win tablets, spam and changes to the Domain Name System records which is the database of information about websites, ransomware, adware advertising viruses and botnet clients.

In the Czech Republic, attackers try to persuade mobile device users through emails to download fake applications for mail tracking, according to Salát.
“People should download mobile apps only from the official stores for their platforms,” said Salát.

Users are very careless

Users themselves often alter their devices and become easy targets for hackers. One of the problems is that they do not back up data or they have backup media constantly connected to computers that ransomware may impair, said Salát.

Salát pointed out that attackers can monitor un-encrypted communication through mobile networks when phones automatically connect to stored networks.

“If someone sets up a malicious network of the same name, phones will try to connect to it and therefore will open themselves to attackers’ misuse,” explained Salát.

Statistics confirm weak precaution of users as they have more than half (52 percent) of the most used applications out of date and are easily vulnerable, according to Avast PC Trends Report. The most obsolete apps are Java extension for the web, mainly the old Runtime 6 and 7 versions which more than 24 million users around the world still use, Flash Active X and Foxit Reader. On the contrary, people mostly update Google Chrome and Opera browsers and Skype.

Fight against ramsomware

To prevent ransomware attacks, Hošalová recommends to not open email attachments from unknown senders, alert colleagues about possible attacks, regularly update operating system and programmes, wipe out unused programmes and regularly back up your device’s content without continual connection of external drive to the device.

“Companies and organisations should regularly train employees about threats and test whether and how they know to get their backups,” Hošalová said.

Salát emphasised that the only means of protection against phishing attacks are digital signature and knowledge about the methods of verifying authenticity of websites.

Precaution is a keystone

For basic protection, people should be sure to have an updated antivirus programme, often free of charge, which does not slow down the computer. While antivirus in combination with a firewall can prevent the vast majority of attacks, VPN services can ensure communication via PCs and mobile devices, according to Salát.

All experts, however, see the most powerful tool in people themselves. Users should use complex passwords and two-factor authentication that in case of a log-in by an unknown device, it sends an additional verification code via short text message, said Hošalová.

“Linking accounts with phone numbers is already common on Gmail and Facebook,” Hošalová said.

Common sense and disabling users from clicking on everything they see is at the forefront of protection, said Macko.

[“Source-spectator”]