Viruses, Trojans still infecting our computers

Source: Surfshark Antivirus. PowerShell scripts dominate Windows malware, whereas viruses are the leading cause of malware for macOS.

Malware remains one of the main ways criminals steal money or data from people and companies. So far in 2025, Surfshark Antivirus has recorded 479K malware cases. Of these, 87% (419K) were on Windows, and the remaining 13% (60K) were on macOS. 

- Malware can cause extensive harm to internet users. Personal data breaches alone caused users US$1.5 B in losses in 2024.  

- Attackers are focusing their efforts on Windows since it holds the majority market share and therefore the biggest catch. 

Windows remains the most popular operating system (OS) worldwide, although its market share declined from 77% in 2020 to 71% in 2025. The second most popular OS is macOS, with a stable global market share of around 15%. For example, the OS breakdown in South Korea is Windows 85%, and macOS 6%. 

- PowerShell script malware is among the most common (22%) Windows infections, Surfshark said, giving hackers full control of a computer and its data; 

“PowerShell scripts are among the most common Windows malware and the most dangerous for users. They can give hackers full control of your computer and data. These scripts blend in, appearing like legitimate software operations. 

"For example, you might be browsing your favourite news site when a popup appears, saying: ‘Your system needs an urgent security update — click here.’ The pop-up shows the Windows logo and looks official, so you select ‘Update Now.’ Yet the ‘update’ actually uses a PowerShell script to install malware and connect to a hacker’s server. That’s how all your private data, including passwords and financial information, can become accessible to hackers,” explained cybersecurity expert Nedas Kazlauskas. 

- Mac users are most likely to catch viruses (28%) and Trojans (26%)

Viruses and Trojans exploit vulnerabilities in macOS. Most often, they are installed after downloading apps from outside the official App Store. Mac viruses and Trojans can also include browser-hijacking programs that attempt to steal users’ browser data, such as saved passwords in password managers.

Additionally, Surfshark’s expert draws macOS users’ attention to the “Other” malware category, which accounts for 16% of attack cases. “Hackers are experimenting extensively with macOS. They are searching for vulnerabilities and trying to install malicious programs. What makes it tricky is that it’s not really clear what their final goal is,” said  Kazlauskas.

Surfshark suggests:

- Have a working antivirus program. Regular virus scans are vital for detecting and eliminating harmful code; 

- Always update your operating system and apps. Unpatched devices are the easiest target for malware, but be cautious of pop-up windows that tell you to update or download software;

- Don’t open suspicious emails, attachments, or links. In most cases, phishing attempts lead to device infections; 

- Beware of suspicious links, particularly shortened ones circulating on social media. Usually, those lead to phishing or malware websites where personal data could be at much higher risk; 

- Use public Wi-Fi carefully. Avoid accessing sensitive accounts or data on unsecured networks.

Acronis: Need for simpler, more accessible cybersecurity paired with data backups

Source: Acronis Data Privacy in 2025 report. Asked about data privacy best practices, over 60% of respondents said they use strong, unique passwords for each account.

Acronis, a global provider of cybersecurity and data protection, has unveiled the inaugural Data Privacy in 2025: A survey to explore consumer views on cyber protection report. In its first year, the survey uncovered a stark contrast between growing awareness of cyberthreats and the lack of proactive security measures among individuals worldwide.

The research has found that data breaches are a top privacy concern for 64% of consumers, emphasising the urgent need to strengthen personal cyberdefences. Other highlights include: 

Data breach fears 

Despite heightened awareness, 25% of respondents have experienced data theft or loss, and 12% remain unsure if they’ve been breached, exhibiting the hidden nature of many cyberattacks. 

Solid backup practices

Two-thirds (66%) back up their data regularly, while 9% don’t back up their data at all. Four percent don’t know what 'backup' means. 

Weak password protection

While more than two-thirds (68%) use strong, unique passwords, fewer than half (46%) employ two-factor authentication (2FA), a key defence against breaches. 

Mobile security adoption lags

Although 43% of respondents report using mobile security apps, 35% are unfamiliar with these tools, even though smartphones have become essential to modern digital life. 

Attitudes vs actions

While over 60% rate data security as 'very important', only 40% frequently update their passwords, and nearly 70% continue to use public Wi-Fi for sensitive activities. 

Consumer frustrations

Nearly 30% of respondents find security tools too complex to use, and 25% cite high costs as a barrier to adoption. 

Generational divide

Consumers under 35 report significantly more breach incidents than older demographics (aged 55–64), potentially reflecting riskier digital habits. 

Cyber education on the rise

Encouragingly, video-based cybersecurity education is gaining traction, with 44% of respondents turning to online videos to learn about safety best practices. 

“At Acronis, we’ve seen how both corporate practices and individual behaviours shape the landscape of data privacy and cyberprotection,” said Gaidar Magdanurov, President at Acronis. 

“We launched this survey around Data Privacy Day to better understand how home users think about data protection and the steps they are taking to safeguard their information. While many people are rightly concerned about how organisations handle their data, this survey highlights that individuals also play a crucial role in protecting themselves.”

According to Acronis, the report serves as a global reminder of the importance of safeguarding personal information. The company has urged consumers to adopt foundational practices such as regular data backups, enabling 2FA, and using mobile security apps in conjunction with Data Privacy Day on January 28.

“This inaugural consumer-focused survey from Acronis highlights a critical paradox in modern cybersecurity - individuals are increasingly aware of the risks, yet still many lack the tools or knowledge to protect themselves effectively,” said Gerald Beuchelt, CISO at Acronis. 

“Data breaches are a top concern globally so there is an urgent need for simpler, more accessible cybersecurity solutions paired with data backup, and stronger education to empower individuals to protect their digital lives. These efforts can help bridge the gap between awareness and action.”

Explore

Browse the survey findings and insights by visiting https://www.acronis.com/en-us/blog/posts/data-privacy-survey-consumers-worry-about-data-but-dont-do-enough-to-protect-it/

Get the report at https://www.acronis.com/en-us/resource-center/resource/data-privacy-in-2025-survey/

*The Acronis Data Privacy in 2025 survey gathered responses from 2,480 general- population consumers aged 18–64 across the world.

Trend Micro launches world's first security solutions for AI PCs

Trend Micro will have consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs by late 2024.

Carla Rodriguez, VP and GM of Client Software Ecosystem Enabling at Intel said: “We are pleased to collaborate with Trend Micro on AI solutions leveraging our next generation Intel Core Ultra processors (codename Lunar Lake). Specifically, Trend will be the first to utilise Lunar Lake’s 48 NPU TOPS on their email defence feature to run scans locally, increasing user privacy and security while lowering latency. 

"Intel enables a broad and open ecosystem and brings unmatched scale and channels for AI ISVs like Trend Micro. We look forward to driving their solutions to those seeking to adopt AI-capable PCs rooted in security.”

Trend’s ecosystem expanding to include Intel is a testament to its focus on innovation without boundaries. As Trend continues to focus on AI and other emerging technologies, collaboration with industry peers is critical, the company said.

Noted Kevin Simzer, COO at Trend: “We are not only leveraging AI for security, but also securing AI itself. The value of this AI era will ultimately depend on how secure it is, from the enterprise level to the individual consumer. Trend is addressing both, while many in the industry are not yet doing either.”

AI PCs powered by neural processing units (NPUs) allow consumers to run AI applications locally on their device rather than in the cloud, providing benefits from privacy to performance. As PC manufacturers rapidly bring new AI PCs to market, consumers will be presented with both new opportunities and new risks. Trend is committed to addressing these risks through its new capabilities which it showcased at Computex 2024:

AI application protection

According to Trend, traditional cybersecurity solutions for PCs are not enough when it comes to protecting consumer AI applications from malicious activity. Methods such as model tampering or knowledge base poisoning can result in an AI application being directed to put users at risk of losing sensitive personal information, or becoming a victim of misinformation. 

Trend’s AI application protection capability is designed to address this risk and is set to launch for device security products in 2024.

NPU-powered email security

Previously, email content had to be sent to the cloud for analysis due to computing power requirements. Trend can now run email scam protection locally on an AI PC. This offers a better user experience and removes data privacy friction from the process, Trend said. 

Trend expects to see a 100% increase in usage of this feature on AI PCs, which will be available as part of its device security solutions in 2024.

*ISVs are independent software vendors. NPU tops refers to tera operations per second produced by neural processing units.

Your next phishing email could be about taxes, healthcare or ApplePay: KnowBe4

Source: KnowBe4 Top-Clicked Phishing Tests infographic. Q124 'in the wild' attacks.

KnowBe4, the provider of the security awareness training and simulated phishing platform, has found that HR or IT-related business email messages are the most common email subjects clicked on in phishing tests.

Phishing emails continue to be one of the most common methods for executing cyberattacks on organisations worldwide, the company said. KnowBe4’s 2023 Phishing by Industry Benchmarking Report, published in Q124, reveals that nearly one third of users are susceptible to clicking on malicious links or complying with fraudulent requests. 

Cybercriminals are further leveraging tools now available to them, such as AI, to come up with increasingly sophisticated messages to outsmart users, KnowBe4 said. Phishing emails can now be tailored to appear even more legitimate, or trick employees by inciting an emotional response and urgency to click on a malicious link or download an infected attachment.

HR-related phishing attacks take the top spot at 42%, a trend that has persisted for the last three quarters, followed by IT-related phishing emails at 30%. Phishing emails from HR or IT departments that prompt dress code changes, tax and healthcare updates, training notifications and other similar actions are effective in deceiving employees as they can affect a user’s work, evoke an immediate response and can cause a person to react before thinking about the validity of the email.

The KnowBe4 phishing report this quarter also noted more personal phishing email attacks, using pretexts such as tax, healthcare and ApplePay, that could affect users' sensitive information. These types of attacks are effective because they cause a person to react to a potentially alarming topic and engage to protect their private information before thinking logically about the credibility of the email.

“KnowBe4’s report shows that cybercriminals are becoming increasingly tactical in exploiting employee trust by using HR-related phishing emails due to their seemingly legitimate source,” said Stu Sjouwerman, CEO of KnowBe4.

“Emails coming from an internal department such as HR or IT are especially harmful to organisations since they appear to be coming from a trusted source and can convince employees to engage quickly before confirming their legitimacy, exposing the company to security vulnerabilities. 

"A well-trained workforce is therefore crucial in building a strong security culture and serves as the best defence in safeguarding organisations against preventable cyberattacks.”

Explore

Download the Q124 KnowBe4 Phishing Report Top-Clicked Phishing Tests infographic at https://www.knowbe4.com/hubfs/Quarterly-Phishing/Q12024.pdf (PDF), and 

Get the 2023 Phishing by Industry Benchmarking Report at https://info.knowbe4.com/en-us/phishing-by-industry-benchmarking-report.

Job search and retail websites in APAC compromised: Group-IB

Source: Group-IB. Distribution of ResumeLooters' compromised websites by country and sector.

Group-IB, a creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has identified a large-scale malicious campaign primarily targetting job search and retail websites of companies in the Asia-Pacific region.

The cybercriminal group, dubbed ResumeLooters by Group-IB’s Threat Intelligence unit, successfully infected at least 65 websites between November and December 2023 through SQL injection and cross-site scripting (XSS) attacks. Most of the gang’s victims are in India, Taiwan, Thailand, Vietnam, mainland China, and Australia.

Group-IB said ResumeLooters has stolen 2,079,027 unique emails and other records, such as names, phone numbers, dates of birth, as well as information about job seekers’ experience and employment history. The stolen data has been offered for sale by ResumeLooters in Telegram. Group-IB has notified identified victims.

Operating since the beginning of 2023, ResumeLooters has been using penetration testing frameworks and open-source tools to inject malicious SQL queries into 65 job search, retail and other websites and retrieve a total of 2,188,444 database rows of information. Of these rows, 510,259 were user data from employment websites.

Over 70% of the known compromised websites are in the Asia-Pacific region. The gang is primarily focused on India (12 victims), Taiwan (10), Thailand (9), Vietnam (7), mainland China (3), Australia (2), the Philippines (1), South Korea (1), and Japan (1). However, compromised websites have also been identified outside of the region.

Group-IB’s researchers have also identified two Telegram accounts associated with the threat actor. Both accounts have been used to offer the stolen data for sale in Chinese-speaking Telegram groups dedicated to hacking and penetration testing.

“In less than two months, we have identified yet another threat actor conducting SQL injection attacks against companies in the Asia-Pacific region,” said Nikita Rostovcev, Senior Analyst at the Advanced Persistent Threat Research Team, Group-IB.

“It is striking to see how some of the oldest yet remarkably effective SQL attacks remain prevalent in the region. However, the tenacity of the ResumeLooters group stands out as they experiment with diverse methods of exploiting vulnerabilities, including XSS attacks. Additionally, the gang’s attacks cover a vast geographical area.”

According to Group-IB, cybercriminals have been increasingly interested in the Asia-Pacific region. In December 2023, Group-IB reported on GambleForce, a cybercriminal group which conducted over 20 SQL injection attacks against gambling and government websites in the region. Unlike GambleForce, which focuses solely on SQL injections, ResumeLooters has a more diverse modus operandi.

In addition to SQL injection attacks, ResumeLooters successfully executed XSS scripts on at least four legitimate job search websites. On one of these websites, the attackers implanted a malicious script by creating a fake employer profile. As a result, the attackers were able to steal the HTML code of the pages visited by the victims, including those with administrative access. Malicious XSS scripts were also intended to display phishing forms on legitimate resources. It is believed that the attackers’ main goal was to steal admin credentials. However, no evidence of successful theft of administrative credentials was found.

To protect against injection attacks, Group-IB suggested that companies implement comprehensive input validation and sanitisation on both the client and server sides. Performing regular security assessments and code reviews will help to identify and mitigate injection vulnerabilities.

The comprehensive examination of ResumeLooters’ malicious infrastructure, tools, and tactics, along with the full list of indicators of compromise, is available in Group-IB’s latest blog post.

Group-IB: Phishing continues unabated

Source: Group-IB. List of Classiscam APAC targets ranked by number of brands impersonated.

Group-IB, a global cybersecurity leader headquartered in Singapore, has found that the scam-as-a-service operation Classiscam is continuing its worldwide campaign well into 2023.

In a new blog post, Group-IB analysts detail how the automated scheme uses Telegram bots to help create ready-to-use phishing pages impersonating companies in a range of industries, including online marketplaces, classified sites, and logistics operators. These phishing pages are designed to steal money, payment data, and recently in some cases, bank login credentials from unsuspecting Internet users. In addition, the phishing templates created for each brand can be localised by editing the language and currency featured on the scam pages.

According to Group-IB’s findings, 251 unique brands in a total of 79 countries were featured on Classiscam phishing pages from 1H21 to 1H23. One logistics brand was impersonated by “Classiscammers” targeting users in as many as 31 countries. Within the Asia Pacific (APAC) region, the country with the highest number of brands targeted by Classiscammers was Australia (34.6% of the regional total). Other heavily affected countries were India (11.5%), Hong Kong (10.3%), Singapore (7.7%), Sri Lanka (7.7%), and Malaysia (5.1%).

Facebook flooded with fake pages luring victims with generative AI

Source: CPR. Sample posts on fake Facebook pages inviting viewers to download malware.

A new scam uncovered by Check Point Research (CPR) uses Facebook to scam victims by taking advantage of the interest in generative AI.  Many of these fake pages have tens of thousands of followers, with a mix of real content and malware, Check Point said.

Criminals first create fake Facebook pages or groups for a popular brand, even including engaging content. The pages can offer tips, news and enhanced versions of AI services Google Bard or ChatGPT, for example. 

Unsuspecting Facebook users end up passionately discussing the role of AI in the comments and like or share posts, thereby ensuring it shows up on the feeds of their friends and attracting them to the page as well.

The scam occurs when visitors are invited to obtain new services or special content via a link on the page. Most of the Facebook pages lead to landing pages which encourage users to download password-protected archive files that are allegedly related to generative AI engines. When the link is clicked, victims unknowingly download malware, designed to steal their online passwords, crypto wallets and other information saved in their browser.

There are many versions, from Bard New, Bard Chat, GPT-5, G-Bard AI and others. Some posts and groups also try to take advantage of the popularity of other AI services such as Midjourney and Jasper AI. Seemingly small details matter, such as the fact that the real Jasper AI page has 2 million fans or the length of time the page has been in operation, in telling the genuine from the fake.

According to Sergey Shykevich, Threat Intelligence Group Manager, Check Point Research: "Unfortunately, thousands of people are falling victim to this scam. They are interacting with the fake pages, which furthers their spread – and are even installing malware which is disguised as free AI tools. We urge everyone to be vigilant in ensuring they are only downloading files from authentic and trusted sites."

CPR observed that criminals have gone to great lengths to ensure their pages appear authentic. When a user searches for ‘Midjourney AI’ on Facebook and encounters a page with 1.2 million followers, they are likely to believe it is an authentic page. The principle applies to other indicators of page legitimacy: when posts on the fake page have numerous likes and comments, it indicates that other users have already interacted positively with the content, reducing the likelihood of suspicion.

Additionally, the links to malicious websites are mixed with links to legitimate Midjourney reviews or social networks.

CPR attributed the surge to expanding underground markets, where initial access brokers specialise in acquiring and selling access or credentials to compromised systems. Additionally, the growing value of data used for targeted attacks such as business email compromise and spear-phishing, has fuelled the proliferation of infostealers.

As authentic AI services make it possible for cybercriminals to create and deploy sophisticated, credible scams, it is essential for individuals and organisations to stay vigilant, CPR said. Some rules of thumb to protect yourself include:

- Ignore display names: Phishing sites or emails can be configured to show anything in the display name. Instead of looking at the display name, check the sender’s email or web address to verify that it comes from a trusted and authentic source.

- Verify the domain: Phishers will commonly use domains with minor misspellings or that seem plausible. For example, company.com may be replaced with cormpany.com or an email may be from company-service.com. These misspellings are good indicators.

- Always download software from trusted sources: Instead of downloading software from a Facebook group, go directly to a trusted source, such as the official web page for that software. Do not click on downloads from groups, unofficial forums etc.

- Check the links: URL phishing attacks are designed to trick recipients into clicking on a malicious link. Hover over the links within an email and see if they actually go where they claim. Enter suspicious links into a phishing verification tool like phishtank.com, which will tell you if they are known phishing links. If possible, don’t click on a link at all; visit the company’s site directly and navigate to the indicated page.

Google ads used to deliver links to fake websites

ESET researchers have discovered a malware campaign that targets Chinese-speaking people in Southeast and East Asia. The campaign involves advertisements that appear in Google search results.

Source: ESET. A fake web page for the download of Google Chrome, in Chinese.

According to ESET the unidentified cybercriminals buy ads that lead to fake websites made to look identical to the download pages of popular applications such as Firefox, WhatsApp, Signal, Skype, and Telegram. Such apps are usually not available in China. 

In addition to providing the legitimate software, the websites also deliver FatalRAT, a remote access Trojan that grants the attacker control of the victim's computer. The attacks have affected users mostly in mainland China, Hong Kong, and Taiwan, but also in Southeast Asia: Malaysia, the Philippines, Thailand, Singapore, Indonesia and Myanmar, as well as in Japan.

FatalRAT provides a set of functionalities to perform various malicious activities on a victim’s computer, ESET said. Among other capabilities, the malware can capture keystrokes, steal or delete data stored by some browsers, and download and execute files. ESET Research observed these attacks between August 2022 and January 2023, but according to the company's telemetry, previous versions of the installers have been used since at least May 2022.

The cybercriminals have registered various domain names that all pointed to the same IP address: a server hosting multiple websites that download Trojanised software. Most of these websites look identical to their legitimate counterparts but deliver malicious installers instead. The other websites, possibly translated by the attackers, offer Chinese-language versions of software that is not available in China, such as Telegram.

In theory, there are many possible ways that potential victims can be directed to these fake websites, but a Chinese-language news site reported that they were being shown an advertisement that led to one of these malicious websites when searching for the Firefox browser in Google. The attackers purchased advertisements to position their malicious websites in the "sponsored" section of Google search results; ESET reported these ads to Google and they were promptly removed.

“Although we couldn’t reproduce such search results, we believe that the ads were only served to users in the targeted region,” said Matías Porolli, the ESET researcher who discovered the campaign.

“Since many of the domain names that the attackers registered for their websites are very similar to the legitimate domains, it is also possible that the attackers rely on URL hijacking to attract potential victims to their websites,” he adds. URL hijacking refers to deceiving people who mistype a URL by creating a web page that looks like it is linked to the actual URL, and conducting malicious activities on it.

“It is possible that the attackers are solely interested in the theft of information like web credentials to sell them on underground forums, or to use them for another type of crimeware campaign, but for now, specific attribution of this campaign to a known or new threat actor is not possible,” elaborated Porolli.

“Finally, it is important to check the URL that we are visiting before we download software. Even better, type it into your browser’s address bar after checking that it is the actual vendor site.”

Explore

Read the blog post These aren’t the apps you’re looking for: Fake installers targeting Southeast and East Asia on WeLiveSecurity.

Crypto giveaway scams are on the rise

Source: Group-IB. A screen capture from a fake YouTube video purporting to feature Elon Musk.

Group-IB, a Singapore-headquartered cybersecurity provider, has found a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in 1H22. Since Group-IB’s first report on the scheme, crypto giveaway scams evolved into a market segment with multiple services for fraudulent operations.

According to Group-IB, 63% of the new fraudulent domain names were registered with Russian registrars, but the fake websites are primarily designed to target English and Spanish-speaking crypto investors.

For the first time, the Group-IB Computer Emergency Response Team (CERT-GIB) observed a sharp increase in the number of fraudulent YouTube streams “featuring” big names. Videos purporting to be from Elon Musk, the founder and CEO of SpaceX and Tesla; Brad Garlinghouse, CEO of Ripple Labs; MicroStrategy's co-founder and Executive Chairman Michael J. Saylor, as well as Cathie Wood, the founder and CEO of Ark Invest were found in February this year. 

The scammers used the footage of famous entrepreneurs and crypto enthusiasts to encourage users to visit a promotional website to double their crypto investment. Victims would be invited to transfer crypto to a specified address or disclose the seed phrase of their crypto wallet to receive even better terms.

Group-IB experts have discovered that the scheme has scaled significantly in six months. In 1H22, CERT-GIB identified more than 2,000 domains registered explicitly to be used as fake promotion websites. This figure increased almost five-fold compared to 2H21 and 53-fold in comparison with 1H21. In Q122 Group-IB researchers discovered 583 fake websites involved in the scheme. The next quarter the Group-IB team found an additional 1,500-plus domains newly set up by scammers to promote fake giveaways.

Scammers also advertised promo sites featuring Nayib Bukele, the President of Salvador, as well as the soccer player Cristiano Ronaldo. Both names were chosen for a reason, Group-IB said. In 2021, mainly on the initiative of its president, El Salvador became the first country to adopt Bitcoin as its national currency. Ronaldo, on the other had, became the first football star paid with cryptocurrency: the player was awarded a bonus of 770 crypto tokens from his club Juventus, one for each goal scored in his career. In June 2022, Binance, a crypto trading platform, announced an exclusive partnership with Ronaldo.

Group-IB advises crypto owners to be vigilant about free giveaways and not to share confidential data on rogue websites. Other advice included:

- Double-check the legitimacy of the streams and the websites you visit using official sources only. If you cannot find any information about the promotion taking place, you are likely being deceived.

- Seed phrases must be kept secret and stored securely. To do so, use password management tools.

- To minimise the risk of leakage, prioritise desktop solutions over cloud-based ones.

- You risk being deceived twice if you have already transferred your crypto to fraudsters and want your money back. People who message victims on forums offering help often turn out to be scammers themselves.

Imperva warns against Singles Day scams

Imperva, the cybersecurity leader whose mission is to help organisations protect their data and all paths to it, has launched a new e-commerce report and issued advice around safe retailing in conjunction with the world’s biggest online shopping event on November 11.

The company noted that Chinese e-commerce firms Alibaba and JD.com racked up a record-breaking US$115 billion in sales across their platforms during Singles Day 2020, and that as the number of online shoppers grow, so do the scams. Imperva’s new The State of Security Within eCommerce 2021 report projects the number of victims in 2021 to surpass that of last year’s.

In Singapore, for instance, the number of security incidents in retail increased 31% from April to September 2021 compared to the previous six-month period, Imperva said, highlighting the following trends:

Malicious bots

Online retail has remained a prime target for automated bot activity in 2021. Bots can carry out disruptive or malicious, activities on retail sites including price and content scraping, scalping, denial of inventory and other types of online fraud.

According to Imperva, the volume of monthly bot attacks on retail websites rose 13% in 2021 compared to the same months of the previous year. Imperva Research Labs found that 57% of attacks recorded on e-commerce websites this year were carried out by bots. In comparison, bad bots made up just 33% of the total attacks on websites in all other industries in 2021.

Incidentally, the top type of security incident in the Singapore retail industry in the past 12 months (October 2020 − September 2021) has been bad bot traffic (44%). In the December shopping period last year in particular, Singapore’s retail industry saw a marked rise in simple bot traffic of 60% above the monthly average.

The proportion of sophisticated bad bots on retail websites reached 23.4% in 2021. This breed of bot is the hardest to stop because they are capable of producing mouse movements and clicks that closely resemble human behaviour. Sophisticated bots evade simple defences and are responsible for account takeover, fraud or denial of inventory that makes it harder for legitimate shoppers to get the goods they want, Imperva said.

Distributed Denial of Service (DDoS) attacks

Imperva Research Labs is already seeing an uptick in DDoS attacks − spiking 200% in September 2021, compared to the month prior. Part of this uptick in activity is tied to the Meris botnet that has impacted organisations globally.

Throughout the past 12 months, the retail industry experienced the highest volume of application layer (layer 7) DDoS incidents per month of all industries. Layer 7 attacks are highly effective because they consume both network and server resources. Defending against application layer attacks is difficult because it requires the ability to distinguish between attack traffic and normal traffic.

Website attacks

Attacks on retail industry websites from Q420 through the first half of 2021 were notably higher than all other industries, and were characterised by more sporadic peaks in attacks. 

Retail sites experienced slightly higher volumes of data leakage attacks (31.3%) in 2021 compared to all industries (26.9%) as e-commerce sites are prime targets because they host shoppers’ payment information or loyalty reward points. Data leakage occurs when data is transmitted from an organisation’s corporate network to an external destination, whether accidentally or deliberately, without authorisation. In January 2021, the Singapore retail industry saw a 59% increase above the monthly average for data leakage attacks, coinciding with the Chinese New Year shopping period.

Imperva's advice for shoppers includes:

• Before you shop, ensure your software and apps are updated so you have all the latest security patches. 
• Do not shop through a public Wi-Fi connection. Instead use a VPN or your phone as a hotspot. 
• Make sure you shop through a reputable site with a padlock symbol and ‘https’ at the start (not http). 
• Be careful of the apps/extensions you download onto your devices. 
• Stick to well-known brands or applications. Be especially wary of free apps. 
• When setting up your shopping accounts be sure to use strong, differentiated passwords for each account, and set multifactor authentication where possible. 
• Use secure payment methods like PayPal or your credit card. 
• Never send your bank or credit card details via email or SMS. 
• Don't let your online shopping accounts or browser save your payment details. 

Imperva's advice to retailers includes:

• Ensure your organisation is compliant with all data privacy regulations in your jurisdiction. 
• Prepare for a high volume of traffic, as well as DDoS attacks. 
• Be sure to have a bot management strategy in place to only allow legitimate customers onto your website. 
• Encourage your customers to practice good password practices and offer multifactor authentication. 
• Protect your existing website functionalities and make sure newly-added ones are safe, too. 
• Take inventory of all your JavaScript-based services. 

“The 2021 holiday shopping season is shaping up to be a nightmare for both retailers and consumers,” said Peter Klimek, Director of Technology, Office of the CTO, Imperva.

“With the global supply chain conditions worsening, retailers will not only struggle to get products to sell in Q4, but will face increased attacks from motivated cybercriminals who want to benefit from the chaos. Retailers and consumers alike need to take the necessary steps to protect themselves.”

Explore

Download the State of Security within e-Commerce Report

Cybercriminals ride on Netflix, WhatsApp usage to deliver malware

Source: Check Point Research. The Google Play page for the FlixOnline app.

Cybercriminals have been caught sharing Android malware disguised as a Netflix content enabler app. According to Check Point Research (CPR), replies containing malware are automatically sent to incoming WhatsApp messages.

The original malware was found hidden in an app on Google Play named FlixOnline. While it claimed to allow users to view Netflix content from all around the world on their mobiles, it actually monitors the victim’s WhatsApp notifications, then sends automatic replies to the their incoming messages that use content that it receives from elsewhere.

The replies say: “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE https://bit[.]ly/3bDmzUw.”

The link can be used to distribute phishing attacks, spread false information or steal credentials and data from users’ WhatsApp accounts, CPR warned.

In this case, CPR notified Google, which removed the app from the Play Store. It had been up for two months, and downloaded approximately 500 times.

The authors of the FlixOnline research, Aviran Hazum, Bodgan Melnykov and Israel Wenik of CPR, said that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups.

CPR's tips to remain protected against mobile malware include:

- Updating the operating system regularly. Mobile devices should always be updated to the latest version of the OS to protect against the exploitation of privilege escalation vulnerabilities.

- Only installing apps from official app stores. This reduces the probability of an unintentional installation of mobile malware or a malicious application.

- Enabling ‘remote wipe’ capability on all mobile devices. All devices should have remote wipe enabled to minimise the probability of loss of sensitive data.

- Install a security solution on your device.

Cybercriminals find phishing easier than ever

Consumers beware. Group-IB, a global threat hunting and adversary-centric cyberintelligence company, has found that it is increasingly easy for cybercriminals to obtain user data stolen through phishing, or fake websites which look like genuine ones requesting consumer data.

Source: Group-IB. Types of brands most frequently targeted in phishing kits.

Legitimate services such as Google Forms and Telegram bots are helping help cybercriminals keep data safe and enable them to start using the information immediately. Ready-to-go platforms that automate phishing are distributed under the cybercrime-as-a-service model, which allows more groups to conduct attacks, and widen the scope of cybercriminal activity, Group-IB said. 

According to Group-IB, phishing kits give cybercriminals who do not have strong coding skills a way to effortlessly build infrastructure for large-scale phishing campaigns and quickly resume an operation if it’s blocked.

Group-IB’s Computer Emergency Response Team (CERT-GIB) analysed the tools used to create phishing web pages (phishing kits) and discovered that in the past year, they were most often used to generate web pages mimicking online services (online tools to view documents, online shopping, streaming services, etc.), email clients, and — traditionally — financial organisations. Last year, Group-IB identified phishing kits targeting over 260 unique brands.

In 2020, as in the previous year, the main target for cybercriminals were online services (30.7%). By stealing user account credentials, hackers gain access to the data of linked bank cards. Email services became less appealing last year, with the share of phishing kits targeting them dropping to 22.8%. 

Financial institutions turned out to be the third favourite among scammers, with their share totalling above 20%. In 2020, the brands most often exploited in phishing kits were Microsoft, PayPal, Google, and Yahoo.

The analysts further found that phishing kits can do more than generating fake web pages to steal user data. Some upload malicious files to the victim's device. Sellers of phishing kits can deceive their buyers. Apart from selling the malicious tool they created, they may also direct stolen user data to themselves.

“Phishing kits have changed the rules of the game in this segment of the fight against cybercrime. In the past, cybercriminals stopped their campaigns after the fraudulent resources had been blocked and quickly switched to other brands. Today, they automate their attacks and instantly replace the blocked phishing websites with new web pages,” commented CERT-GIB Deputy Head Yaroslav Kargalev.

“In turn, automating such attacks leads to the spread of more complex social engineering used in large-scale attacks rather than separate incidents, as used to be the case. This keeps one of the oldest cybercriminal professions afloat.”

A gap between knowing about cybersecurity and protecting yourself: Acronis

Singapore’s Acronis, a global cyberprotection provider, has found a disconnect between the understanding that data must be protected and the actions to reach that goal. 

The global survey, released on 31 March (World Backup Day), polled 4,400 IT users and professionals in 22 countries across six continents, including Singapore, and dispels the myth that simply adding more solutions will solve cybersecurity and data protection challenges. 

“This year’s Cyber Protection Week survey clearly illustrates that more solutions do not deliver greater protection, as using separate tools to address individual types of exposure is complicated, inefficient, and costly,” said Serguei “SB” Beloussov, Founder and CEO of Acronis. 

“These findings confirm our belief that the smarter approach is cyberprotection, which unifies data protection, cybersecurity, and endpoint management in one.” 

The survey found a significant gap in awareness among users in Singapore of what IT and cybersecurity capabilities are available to them, which could cause them to lose valuable time, money, and security: 

 Over six in 10 (63%) of IT users would not know if their data had been modified without their knowledge because their solution makes determining that kind of tampering difficult. 

 More than four in 10 (43%) of IT users don’t know if their anti-malware stops zero-day threats, because their solution doesn’t make that information easily available – only 32% claim to actually have it. Having easy access to such cybersecurity insights is critical to ensuring data is protected.

If those responsible for ensuring data privacy don’t know they are culpable, they cannot implement strategies or evaluate the solutions needed to address the requirements. That ignorance puts the business at tremendous risk of major fines for potential compliance violations in 2021.

For anyone using multiple solutions to solve their IT and cybersecurity needs, the lack of transparency into such information only gets worse. Not only must they remember which solution provides a particular data point, they are constantly switching between consoles to find the details they need – leading to inefficiencies and missed insights.

Individuals’ lax approach to protection

The survey also revealed a lax approach to data protection among Singapore’s IT users: 

 Ninety-two percent of IT users spent more time on their devices last year, yet only half of them took extra steps to protect those devices 

 Four in 10 (41%) admit to not updating their devices until at least a week after being notified of a patch, or even longer

 Nearly all (97%) IT users reported performing backups (5% back up daily), yet 69% have irretrievably lost data at least once, suggesting that they don’t know how to back up or recover properly 

The efforts of individuals to protect their data aren’t keeping pace with threats, which is likely due to false assumptions (such as believing Microsoft 365 backs up their data) or a reliance on automatic solutions.

Action items for Cyber Protection Week

The challenges of protecting and securing data, applications, and systems will continue to grow in the post-pandemic world. To ensure that data is protected, Acronis recommends five simple steps:

 Create backups of important data. Keep multiple copies of your backups, with one local copy for fast recovery and one off-site in the cloud to guarantee recovery if disaster destroys your copies.

 Update your operating systems and applications. Outdated systems and apps lack the security fixes that stop cybercriminals from gaining access. Regular patching is required to avoid exploits.

 Avoid suspicious emails, links, and attachments. Most malware infections are the result of social engineering techniques that trick unsuspecting individuals into opening infected email attachments or clicking on links to websites that host malware.

 Install antivirus, anti-malware, and anti-ransomware software while enabling automatic updates so your system is protected against malware.

 Consider adopting a single cyberprotection solution to have the central management and integrated protection needed to meet today’s IT requirements.

Acronis True Image 2021 offers both cybersecurity and backup

Acronis, a global cyberprotection provider, has released Acronis True Image 2021. The new release integrates advanced cybersecurity capabilities with personal backup to create a personal cyberprotection solution for home users, prosumers, and micro businesses - those under five seats - around the world.

As more people stay away from their offices, securing home machines has never been more important. Despite this, a recent Acronis survey found nearly half (47%) of remote workers have never received clear guidance on working from home.

Incorporating cybersecurity capabilities such as real-time antimalware protection, on-demand antivirus scans, web filtering, and videoconference protection into Acronis True Image ensures users have complete cyberprotection.

“As more people work or attend classes from home, the FBI documents a 400% increase in cyberattacks because hackers know home systems are not usually as well-defended as an office,” said Serguei “SB” Beloussov, founder and CEO of Acronis.

“Backup without cybersecurity is an incomplete option in that situation, as is cybersecurity without backup. Acronis True Image 2021 delivers the easy, efficient, and secure cyberprotection needed today.”

At the virtual launch of Acronis True Image 2021 Acronis executives highlighted the three pillars of the all-in-one solution: backup and recovery, antimalware and antivirus, as well as easy management.

"The traditional security perimeter of their offices are not applicable any more because, essentially, everybody is working on edge devices outside the security perimeter of their companies, " elaborated Stas Protassov, Acronis Technology President and Co-founder on why remote workers are vulnerable.

"You're not behind the firewall installed by your security officer. You're potentially quite an attractive target for attackers."

Threats can be both internal and external - data can be lost in error, through theft, hardware failure as well as through cyberattacks. Since backup software and files are often the targets of cyberattacks to prevent recovery, backup alone no longer provides suitable protection for users. Similarly, conventional cybersecurity solutions do not provide the data protection and recovery capabilities users need, said Acronis.

Relying on multiple products that were not designed to work together creates security gaps, is more complex to manage, and is more costly, the company added. Acronis True Image 2021 addresses these challenges by proactively stopping any malware attack and then quickly restoring affected files. An intuitive interface reduces the complexity of managing both security and backups.

For the last few years, Acronis True Image has been the only personal backup solution with a built-in anti-ransomware that stops attacks in real-time, while automatically restoring any affected files. With the launch of Acronis True Image 2021, those capabilities are expanded with the addition of the company’s advanced antimalware technology, which is currently deployed in Acronis Cyber Protect Cloud.

This full-stack antimalware uses both behavioural analysis and signature-based analysis engines for detection, and has been shown by independent security labs such as Virus Bulletin and AV-Test to return a 100% detection rate with zero false positives*.

Features that are new in 2021 include:

- Real-time protection, driven by artificial intelligence (AI)-enhanced behavioural heuristics, which stops all malware – including zero-day attacks**

- On-demand antivirus scans of the full system or quick scans of at-risk files, either of which can be scheduled in advance or run immediately

- Web filtering that automatically blocks Windows users from accessing malicious websites that harbour malware, disinformation, scams, and phishing attacks

- Videoconference protection prevents hackers and malware injection attacks from exploiting popular apps like Zoom, Cisco Webex, and Microsoft Teams

These advanced antimalware capabilities are included with Advanced and Premium licenses, and offered as a three-month trial with the Standard and Essential licenses.

Acronis True Image 2021 gives individuals and small businesses access to the same protection technologies relied on by global companies and professional sports teams. “Cyberprotection is a top priority for Rahal Letterman Lanigan Racing,” explained Bobby Rahal, co-owner of Rahal Letterman Lanigan Racing.

“When our races were on pause, Acronis continued to provide protection for our team working remotely. Now, with Acronis True Image, everyone can safeguard their personal data against the worst-case scenario.”

Protassov said that Acronis also adds additional protection through offering training on identifying suspicious interactions, monitoring for unexpected user activities, and encrypting the data from customers that flows through Acronis. 

This data encryption can be initiated by the client, who provides the encryption key. "(Acronis cannot) actually decrypt it without you providing us with the ability to do so," Protassov said.

Acronis unifies data protection and cybersecurity to deliver integrated, automated cyberprotection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. Its portfolio includes next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions backed by AI-based anti-malware and Blockchain-based data authentication technologies.

Details:

Four editions of Acronis True Image are available: Standard, Essential, Advanced and Premium. One-computer licenses starting at S$82 for Standard and S$68 for Essential. Special launch prices for the Advanced and Premium licenses (starting at S$96 and S$137, respectively) are available until November 2020, at which time the full manufacturer's suggested retail price (MSRP) will go into effect. Under the MSRP guidelines, pricing will start at S$123 and S$171, respectively.

Acronis recommends that businesses with five or more seats use Acronis Cyberprotect.

Some functionalities are not available for the Mac but the plan is for feature parity in the long term.

Hashtag: #CyberFit

*Some security solutions miss some of the malware presented in tests, so they would be classed as having a detection rate of under 100%. Additionally, some solutions will claim there is malware present when there is not. This is called a false positive.

**Zero-day attacks are attacks on vulnerabilities which have just been discovered, ie zero days since discovery. Such attacks are most likely to be successful as the vulnerability has not yet been patched.

Smarten Spaces offers AI-based desk management for safe distancing

Source: Smarten Spaces. The 10-Step Response
Plan to adapt to the new normal.

Smarten Spaces, a proptech startup headquartered in Singapore, has launched Jumpree WorkFlex, an artificial intelligence (AI) desk management solution to automate seat planning, allocation and social distancing.

Businesses can expect visibility on patterns in desk usage and the effective identification of available office capacity when they use Jumpree WorkFlex. The solution gives real-time occupancy and tracks occupancy levels.

With the Jumpree WorkFlex algorithm, businesses can easily make changes to enjoy error-free and scalable seat planning with desk management automation technology:

• Change social distancing measures or in building capacity limits
• Enter safe distances between seats at each floor or location 
• Get the best seating plan without manual intervention, taking into account the distance of a seat from all surrounding seats

"The call of the hour for organisations is to find smart solutions which ensure the returning workforce feel reassured to return to the office. Businesses are constantly on the lookout for technological advancements which ensure a safe and compliant workplace to return to - a bonus especially if cost savings are in the mix," said Dinesh Malkani, CEO of Smarten Spaces.

"Jumpree WorkFlex is an AI-powered, fully automated, desk management solution that helps workplaces optimise their floorplan, auto-assigns seats to maintain social distance amongst workstations, and enables users to virtually navigate the office and book seats in their department to foster a strong collaborative culture. Its unique algorithm erases the margin for error, while also significantly saving up to 30% of office space cost as the occupancy of the workforce changes." 
Jumpree WorkFlex complements Jumpree WorkSafe, an AI-backed platform for workplace safety and readiness that was launched in May 2020. Smarten Spaces envisages the use of both products for a "complete back to work solution".

Jumpree WorkSafe helps to map the employee journey at work. Through a 10-step Response Plan, the solution ensures every employee, tenant or visitor is pre-screened for travel and health, tracking every entry and exit along with temperature readings.

Employees can book and select seats and view their sanitisation status, book a sanitised meeting room, adhere to social measures at common areas, take staggered lunch breaks and make contactless payments at the staff cafeteria.

It also gives the business a central platform to give instant updates to their employees and share any new protocols, along with a one-touch access to the company helpline.

Malkani said at the launch of Jumpree WorkSafe, "The top priority for businesses is to bring their employees back to work safely and manage their spaces effectively. Apart from safety elements, employees can book sanitised workstations and have visibility on when meeting rooms have been cleaned. At the same time, workforce distribution, seat and space allocation need to come together while factoring in all the new laws around social distancing.

"Jumpree WorkSafe and our 10-Step Response Plan help workplaces ensure all the required precautions are in place. This makes us one of the world's first end-to-end AI platform to disrupt a US$19.9 billion smart space industry. We are delighted with the traction we are getting and the solution can now be deployed globally via our partner network."

According to a portfolio update from Symphony International Holdings in August 2020, there are now 51 Jumpree WorkSafe sites in seven countries, including Australia, China, India and Singapore. New clients include Blackstone in India, Hitachi, and Singapore's Ministry of Defence. This is up from 30 sites announced at launch in May.

The five-minute ransomware overview from Veritas

Remote working arrangements – which necessitates the use of multiple devices, servers, networks and communication channels – typically personal and unsecured – have expanded the attack surface and provided the perfect entry for malicious actors to pilfer proprietary information and leverage those assets for ransom, says Justin Loh, Singapore Country Director, Veritas.

His quick overview of ransomware in five minutes:

What is ransomware?

Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid—and the results can be devastating. We must ensure businesses are prepared to take on the malicious threats of today as we venture into our shared IT future.

How can businesses proactively protect themselves?

· Create and maintain an organisation-wide data protection strategy, including routine opportunities to assess, test, and iterate the approach alongside key IT stakeholders;

· Ensure employees understand everyday security hygiene, ideally bolstered by comprehensive company educational resources;

· Leverage on proven solutions that provide clarity and visibility across your organisation’s data and dependable, intelligent data protection.

Veritas' four-step checklist

· Protect your IT systems by implementing the necessary personnel training to identify security gaps and investing in the technology such as malware prevention tools and access management systems

· Mitigate the impact of an attack by analysing the scope of infection and responding immediately with remediation tools

· Consistently monitor your IT environment by running antivirus and intrusion detection tools

· Prepare for recovery by using last good backup and activate operational/ procedural deployment to commence resumption of operation

"Ransomware is real, dangerous and here to stay. At the end of 2019, the average downtime from a ransomware attack was 16.2 days. That’s more than two weeks of business downtime that resulted in both financial and reputational losses. As data and operations of more companies become digital, the repercussions of ransomware attacks will only grow," said Loh.

He stressed that organisations to have a unified solution that protects all their data across physical, virtual and cloud environments. "It is also equally important to rehearse the recovery procedures so that the business can operate with predictability during a crisis," he added.

"The best long-term defense is a proactive data protection approach to strengthening IT systems including detection, protection and recovery. At Veritas, we empower our customers with the right solutions and expertise to provide them with a peace of mind and bolster their data resiliency and readiness for the new work realities."

Acronis and Minterest offer cybersecurity, financing to Singapore businesses

Acronis, a global player in cyberprotection, is now offering Singapore businesses financing through a partnership with Minterest, a Singapore-based online financial services solutions provider. The two have joined forces to launch Acronis #CyberFit Financing, Powered by Minterest to provide Singapore-based businesses with financing support to remain resilient and #CyberFit during the COVID-19 pandemic.

Through this partnership, Acronis and Minterest hope to empower businesses by providing easy access to customised financing solutions to tide them through this difficult period while building their cybersecurity capabilities to ringfence their businesses.

The COVID-19 pandemic has forced businesses globally to operate remotely and people to work from home, Acronis observed. Very often, they work with unsecured digital networks and are vulnerable to cyberattacks. As a cyberprotection company, Acronis is dedicated to helping organisations safeguard their data, applications, and systems so they can remain productive and avoid costly downtime. During the COVID-19 outbreak, essential services will need cyberprotection to be #CyberFit, ensuring their IT infrastructure remains protected and operational.

Serguei Beloussov, Founder and CEO of Acronis, said: “Cybercriminals are ruthless— they see the coronavirus pandemic as an opportunity to target new vulnerabilities such as those caused by many staff migrating to home offices. Now more than ever, cyberprotection should be a key concern for every business, as a data breach that costs a company valuable data can cripple even large organisations.

"Acronis Cyber Protect Cloud is a solution we have developed to combat this global threat. Acronis is dedicated to doing our part to help businesses both in the digital and the real world. With support from our capable partners at Minterest, we hope to provide streamlined access to vital funding to ensure business continuity for as many Singapore businesses as possible.”

Beyond the heightened cybersecurity risk, businesses often face urgent cash flow issues. Minterest is able to bring speed to lending, as it is able to process and approve loan applications within 48 hours, upon full submission of necessary documents.
Charis Liau, CEO of Minterest, commented: “The COVID-19 outbreak has sent shock waves throughout the global economy and many companies are facing deteriorating business conditions and cash flow liquidity crunches. We are pleased to partner with Acronis to accelerate the access to financial aid for Singapore-based firms. We want to be here for them; not just get through the pandemic, but beyond that as well.”

Source: Acronis. The new Acronis #CyberFit Financing, Powered by Minterest initiative is a partnership between Acronis and Minterest.

Details:

All companies and limited liability partnerships registered in Singapore can sign up for Acronis #CyberFit Financing, Powered by Minterest

Hashtag: #CyberFit

Keep your passwords safe

The first Thursday of May is dedicated to the importance of creating passwords every year. This year, World Password Day falls on the 7th of May, and we seem no closer to reducing the number of passwords we need to remember.

David Higgins, Technical Director, CyberArk commented, "This World Password Day takes place in the shadow of a ‘new normal’ existence for much of the world’s population, characterised by soaring levels of home work.

"This has resulted in a blurring of previously distinct lines between work and home devices – with more remote workers are using personal devices to access work systems – opening up a vast new potential attack surface. Combine that with common employee practices like saving passwords in browsers or reusing passwords and this new landscape becomes a playground for attackers.

"Effective authentication of all devices now becomes even more crucial in order to protect not only personally identifiable information (PII) but the critical data and assets of the organisations we work for.”

Panda Security marked World Password Day by launching a new Password Manager feature within its Panda Dome protection platform. “Our Internet-connected devices increasingly hold sensitive and confidential information, guarded by online passwords. These passwords need to be complex in their makeup, changed regularly for maximum security and stored securely,” said Hervé Lambert, Global Consumer Operations Manager at Panda Security.

Aaron Zander, Head of IT, HackerOne warned, "When it comes to organisational or institutional security, a lot of what we can do to bolster our protection can come from within. Password re-usage is often one of the most common pitfalls we see. Once a hacker has been able to access, via an employee’s password, they can go digging through the organisation's databases with insider access. In addition, if this password is reused, the user may see the ramifications across all of their personal and work accounts and devices."

Asked if biometrics could replace passwords Zander said, "Many argue that biometrics could be a better alternative. However if there is a data breach, you can’t exactly reset your fingerprint – and this data far more sensitive in the hands of a hacker. At least a password can be changed.

"For the foreseeable future, people will have to continue making passwords work for them, whether that is using personal algorithms to keep track of them or using password managers. Organisations can do their part by implementing and pushing or even mandating two-factor authentication so that even if passwords are breached, the damage is contained.

"Right now, passwords pose one of the biggest security challenges the security world faces but there isn't really a viable widespread replacement on the horizon."

Acronis True Image 2020 automates 3-2-1 backup model

Acronis, a global cyberprotection provider, has released Acronis True Image 2020, a new version of its personal cyberprotection solution. The new version enables users to automatically replicate local backups in the cloud – making it the first personal solution to automate the 3-2-1 backup rule that data protection experts almost universally recommend.

The release helps bring to life the Acronis vision of cyberprotection, which combines traditional data protection and cybersecurity into one solution. As a result of this approach, Acronis True Image 2020 is the only personal solution to address all five vectors of cyberprotection – ensuring the safety, accessibility, privacy, authenticity, and security of data (SAPAS).

“Considering how much we rely on data today, our digital assets have never been more valuable. But that use also means we’re dealing with more data and more devices than ever before. Protecting it all from the ever-growing risk of cyberthreats presents a few challenges – such as increased complexity, security, and cost concerns,” said Serguei “SB” Beloussov, founder and CEO of Acronis.

“By making comprehensive cyberprotection easy, efficient and secure, Acronis can help individuals ensure all of their data is protected.”

According to Acronis, the backup rule refers to:

- Creating three copies of data: one primary copy and two backups

- Storing the copies in at least two types of storage media, such as a local drive, a network shared/network-attached storage device, or a tape drive for example

- Storing one of the copies offsite, such as in the cloud - dual protection, as it were.

The Dual Protection replication feature is one of more than 100 enhancements and new capabilities incorporated into Acronis True Image 2020. While independent labs have already concluded that Acronis True Image is up to 10 times faster than the competition, the 2020 release introduces a new backup format that delivers better overall performance, including even better backup and recovery speeds. It also enables users to browse files in their cloud backups more quickly.

In addition to the improved technology behind its backups, Acronis True Image 2020 ensures users can keep their data safe wherever they are. The new release lets users select which Wi-Fi networks they allow backups to run on, allowing them to avoid the metered connections and insecure public networks that can put their data at risk.

Users also want to ensure their backups don’t interfere with their computer use, such as having a backup drain the battery of their laptop while they are using it. With Acronis True Image 2020, users control when backups run while the laptop is operating on battery power. They can prevent backups when on battery completely or customise a minimum power level – so if the battery goes under 40% capacity, backups will not run.

A new Tray Notifications Center provides users with real-time updates about the status of backups so they can resolve issues quickly. They will also receive the latest news to improve their cyber protection. 

For the last three years, Acronis True Image has been the only personal backup solution with a built-in antimalware defense that is powered by artificial intelligence (AI). The integrated technology, called Acronis Active Protection, stops ransomware and cryptojacking attacks in real time – automatically restoring any affected files.

Rather than scanning for known malware signatures, the technology monitors the system for behaviours that indicate attacks. As a result of this approach, it is effective at detecting and defeating any kind of attack, including ransomware strains that have never been seen before. In fact, it blocked more than 400,000 ransomware attacks last year. The company has further enhanced this AI-powered defense for the launch of Acronis True Image 2020. The new version includes enhanced machine learning models to make Acronis True Image 2020 even more effective at stopping cyberthreats of all kinds.

Enabling automatic replication of local backups in the cloud is the latest Acronis innovation. Acronis firsts for data protection include being the first to offer full image backups* to home users and the first backup to offer the ability to clone a system disk – on both Windows and Mac systems – when it is in use. It is still the only personal backup solution that includes an integrated anti-malware defense powered by AI, as well as Blockchain-based data authenticity certification and verification.

Acronis solves SAPAS challenges with backup, security, disaster recovery, and enterprise file sync and share solutions that run in hybrid cloud environments. The company is trusted by 80% of Fortune 1000 companies and has over 5 million customers.

Details:

Three versions of Acronis True Image are available:

Standard is a perpetual license designed for customers who store their data on local drives only. No cloud storage or cloud-based features are included. This option includes local backup of an unlimited number of mobile devices. Pricing starts at US$29.99 for one computer.

Advanced, the most popular option, is a one-year subscription that includes 250 GB of Acronis Cloud Storage and access to all cloud-based features, including both local and cloud backups of an unlimited number of mobile devices. Pricing starts at US$49.99 per year for one computer.

Premium is a one-year subscription that includes Blockchain-based data certification and electronic signature capabilities, as well as 1 TB of Acronis Cloud Storage. This starts at S$99.99 per year for one computer.

All versions include Acronis Active Protection, the AI-powered antimalware defense, and cover an unlimited number of mobile devices. Subscription customers can purchase additional cloud storage as needed.

Explore:

Watch a video illustrating the 3-2-1 backup rule

*An image refers to making an exact copy of the software and operating system of a computer, right down to application configurations.

Does the WhatsApp hacking have repercussions?

Despite everything it said about communications being encrypted and thus safe, WhatsApp has been hacked. Any attack on popular software could potentially affect billions of users. While this vulnerability has been patched, users need to be aware that the software they use daily might not be secure.

Nabil Hannan,Managing Principal – Financial Services, Software Integrity Group, Synopsys explained: "The risk with this incident is that any WhatsApp user, based on their phone number, could technically be targeted. Using the buffer overflow issue, attackers can install malware allowing them to reach communications conducted on that user’s device."

"Any and every WhatsApp user is at risk. Technically anyone can be attacked, whether intentionally or accidentally. In this case the hackers seemed to have specific targets in mind, but other attackers could learn about the issue and then exploit other specific users or a wide range of users," he stressed.

Carl Leonard, Forcepoint’s Principle Security Analyst, noted that while a software update has been issued to protect WhatsApp against the security flaw that was exploited, the malware itself is extremely sophisticated. "Attacks like these have huge privacy implications. Traditionally, malware developed by sophisticated threat actors leaks into the wider cybercriminal ecosystem and is repurposed for financial gain, targeting the mass market. This is early days for this particular malware but it is critical to patch, and turn on auto-updates if possible, and for all applications, not just WhatsApp," he said.

Oded Vanunu, Head of Products Vulnerability Research, Check Point Software Technologies warned: "We are seeing that vulnerabilities on mobile platform worth a lot of money, for example in the Zerodium  price list they are willing to pay up to US$1 million for a WhatsApp vulnerability that will allow running remote code," he said.

The best that users can do is keep up to date with the app and to report unusual behaviour, Hannan said. Leonard agreed. "A victim’s device would act very differently than a non-infected device, and while no details of the actions taken by this malware have emerged, one could assume that an attacker may seek out bulk contact lists, email data, location data or other personal information," he said.

Dylan Castagne, MD, Retarus Asia, commented that best practices are needed to ensure the secure and efficient transmission of information. He is in favour of leveraging established standards such as short message service (SMS, or text messages) instead of proprietary systems such as WhatsApp in business communication.

"Additionally, this reflects the need for organisations to significantly up their game in detecting, investigating and remediating intrusions across all communications avenues. With advanced threats seen to continue surpassing the capabilities of security mechanisms and cyber criminals devising new methods to infiltrate networks and exploit attack vectors, including messaging applications and emails, the value of being conscientious and vigilant in today’s digital era cannot be over-emphasised," he said.

"Utilising managed security service providers over traditional security tools also provides enterprises with the added advantage of having regular feature enhancements and upgrades that can better thwart modern cyber security threats."

"Rather than using a threat-based approach (where security professionals block individual threats, one by one) using a behaviour-based approach can pay dividends. By analysing the normal behaviour of a device, or in enterprise terms, any entity on a system, security professionals can act on the anomalies and stop even the most sophisticated attack quickly," Leonard added.

According to Business of Apps in a blog post updated in February 2019 at there are:

- One-and-a-half billion users in 180 countries, including 3 million users of WhatsApp Business

- One billion daily active WhatsApp users

- India is the biggest WhatsApp market in the world, with 200 million users (itestimated in some quarters that this has increased to 300 million

- Sixty-five billion WhatsApp messages sent per day, or 29 million per minute, and 55 million WhatsApp video calls made per day, lasting 340 million minutes in total

- From May-July 2018, 85 billion hours of WhatsApp usage were measured