cyber attacks – PSafe Blog

Who is Responsible For May’s Ransomware Attacks on the NHS?

PSafe Newsroom — Sat, 16 Sep 2017 13:00:16 +0000

Massive global ransomware attacks are not only becoming more common, but far more dangerous, too. In order to protect your devices from these types of threats, make sure that your software is always up to date, and that you install all security patches. You should also regularly scan your device for hidden malware to catch any threats before they become an issue. Click here to use the full virus scan feature to check your device for security threats:

What Was the Ransomware Attack in May?
In May 2017, the WannaCry ransomware attack targeted computers that were running an outdated and unpatched version of Microsoft Windows as their operating system. The hackers encrypted the data so that users could no longer access their data. The hackers then demanded payment through Bitcoin because it’s untraceable. Once the payments were received, the hackers then flipped the “kill switch” for the ransomware and essentially removed it from that device.

The WannaCry malware infected over 230,000 computers worldwide. The most critical part of the ransomware attack infected over 70,000 computers in the United Kingdom’s National Health Service (NHS). This was an emergency situation because all of the patients’ data was stored in the computer system, which sent the NHS into chaos. Many of their computers, MRI scanners, and even blood-storage refrigerators had been affected by the ransomware and were compromised by the attacks. The NHS had to start turning away non-critical emergencies, and even some ambulances were diverted.

How WannaCry is Linked to North Korea
After the malware attack had been taken care of, the NSA and the British Security Group investigated the Wannacry ransomware attack. They found that the ransomware was being shared in a way that had similar code to an earlier malware hack that was associated with a North Korean threat group. Once that connection had been made, the NSA kept finding links between the May attack and the 2014 Sony Pictures hack, which was carried out by the Lazarus Group. The 2014 Sony hack released the film The Interview, which focused on a plot to assassinate the North Korean leader.

These connections mean that WannaCry was similar enough to the other Lazarus Group hacks that the NSA and the National Security Centre have linked it to the North Korean hacking group.

Possible Motivations
According to many intelligence experts, North Korean hackers may be working for the government under their intelligence agency. The hackers will earn money from the ransomware attacks by charging people Bitcoin to remove the ransomware. The proceeds from these attacks will then be redirected towards the funding of the North Korean military strategies. This is one of many “self-funding” strategies that North Korea’s intelligence agency uses.

America’s Emergency Hotline May be Susceptible to Hacking

PSafe Newsroom — Wed, 16 Nov 2016 21:40:45 +0000

The 911 emergency phone system has served as a lifeline for Americans since 1968. We often take for granted that if we dial those 3 numbers, someone will answer our call and help will be on the way shortly thereafter. The truth is, 911 is vulnerable to attacks that could disable entire systems and wreak havoc in communities across the country.

Hacking 911

Researchers have discovered that it would be possible for hackers to disable the 911 system for a whole state by using a TDoS (telephony denial-of-service) attack. This works by infecting mobile phones in a given area. Once infected, the phones will auto-dial 911, which causes the local call center to become overwhelmed with phony calls. This means that people calling with real emergencies may not be able to get through. Because most call centers already operate near full capacity, just a small uptick in call volume could quickly cause problems.

How Bad Could It Be?

Theoretically, a TDoS attack could be used to infect phones in strategic areas across the country. This could compromise a large portion of emergency response services across the United States. If this were implemented simultaneously with some kind of terrorist activity or attack, it would only add to the tragedy since emergency services would be crippled right when they are needed most.

What’s Being Done?

Now that the problem has been identified, steps are being taken to safeguard our nation’s emergency call centers. The FCC has addressed part of the problem by allowing carriers to block calls that are not associated with any service account. This was initiated because these untraceable phone numbers are often used to place prank calls or to run scams on people — it would stand to reason that hackers could use these phones to help jam the lines in a TDoS attack.

What More Should Be Done?

As 911 security struggles to catch up with modern technology, phone manufacturers can help by reconfiguring hardware to protect against such misuse. This might include installing a firewall that could detect activity — such as repeated calls to 911 — that appears to be auto-generated. The government can also help by creating and enforcing cyber terrorism laws, which might be a minimal deterrent to those who might be considering such an attack. With one of our country’s most vital services sitting vulnerable to hacking, government agencies must work alongside phone manufacturers, service providers, and the public to find the best solutions to protect it. A widespread 911 hack could be devastating, and it’s imperative that we take steps now to make our emergency phone system more secure.

Drammer Attack Threatens Millions of Android Users

PSafe Newsroom — Tue, 25 Oct 2016 21:33:53 +0000

Google has recently discovered a new security threat that could leave your Android device exposed to hackers. Much like the Linux-based attack known as Rowhammer, Drammer is a particularly pernicious form of malware that allows hackers to gain full access to your phone by first targeting a specific memory chip. Because of this security loophole, all PSafe users who have downloaded apps recently should click below immediately to remove threats.

For the most part, the attack is transmitted through an app that contains harmful code. Once the app is downloaded, it can repeatedly activate a specific row of memory chip transistors to cause a bit flip (a switch of states from 1 to 0 and/or 0 to 1). Since all data is written in binaries, having the ability to change values for stored information is the equivalent of successfully picking a lock.

According to Emilio Simoni, PSafe’s Security Manager, checking the app permissions before downloading them does not work, because the malware does not need any permission to perform this kind of attack. “We strongly advise users to download apps only in Google Play, and check if the app is well recommended,” he says.

With PSafe Total’s Quick AV Scan active and running, any threats to your phone will be immediately detected and removed. Click below to check if

All That You Need to Know about DDoS Attacks

PSafe Newsroom — Tue, 11 Oct 2016 21:38:41 +0000

A DDoS attack stands for a “distributed denial of service.” It is a type of DoS (denial of service) attack. DoS and DDoS attacks are an attempt to take control of a particular machine or network. A DoS attack originates from a single machine; its purpose is to flood a system or network with data. If a website has too much web traffic and too many tasks to complete at once, the site will stop responding and crash. This will prevent actual users from accessing the website.

Unlike a DoS attack, the attacker in a DDoS attack is often made up of multiple (or thousands of) machines, all with unique IP addresses that can come from around the world. Often, hackers take advantage of machines with poor security to help launch their attacks. The attacks usually target banks or other financial services. The attacks typically send about 50+ gigabits per second of data in order to crash the network. However, larger attacks have sent up to 500+ gigabits per second.

DDoS attacks are often motivated attacks, and the reasoning could be political or vengeful. This has been exemplified by hacking groups like Anonymous, who target specific organizations and businesses that they believe to be corrupt. Another example would be the cyber warfare between the United States and Iran. In 2013, Iran attacked U.S. banks with DDoS attacks, supposedly in response to economic sanctions.

How to Prevent a DDoS Attack
A business or organization isn’t necessarily vulnerable to a DDoS attack if they take the right precautions. These precautions are necessary, because without them, a DDoS attack could greatly affect a business financially, in addition to resulting in a loss of customers. One of the first steps in DDoS prevention is learning how to recognize an attack. Some signs might include slow site performance, inability to access a site or page, and dramatically increased bandwidth and site traffic. The second step involves protection. Track your website’s behavior so that you have an idea of normal behavior. If a business is particularly vulnerable to a DDoS attack, it might be best to seek out a company that offers DDoS software protection.

Download PSafe Total
While you might not personally experience a DDoS attack, it’s always a good idea to protect your devices against any potential cyber attacks. Download PSafe Total for your Android devices and PSafe Total Windows for your PC to protect your devices against malicious threats 24/7. In addition, both services offer cleanup tools so that you can ensure your devices are free of unnecessary files and running as efficiently as possible.