Skip to main content

Samsung Galaxy Note 20’s chipset might not be that bad after all

With the Galaxy Note 20 launch just a week away, all eyes will be on what upgrades Samsung brings to the table. While the chipset might remain unchanged, there might be a silver lining. While Samsung flagship like the Note series and the S series are powered by Snapdragon chipsets in the US and European markets, they come with Exynos chipset in Asian markets such as India. It often tends to lose out on the performance front against Qualcomm Snapdragon counterparts. However, a new leak suggests some good news in this regard. Samsung Galaxy Note 20 release date, price, news and leaks Upcoming smartphones in India: Specs, launch date, price (Image credit: Samsung/WinFuture) According to a tweet by Anthony, a Youtuber, Samsung Galaxy Note 20 will continue to be powered by the Exynos 990 chipset, but with major improvements in terms of the performance and efficiency. These optimizations should bring it closer to the Snapdragon 865 series. He even suggested that it is almost li...

No honour among thieves - how cybercriminals are exploiting the ongoing pandemic

No honour among thieves - how cybercriminals are exploiting the ongoing pandemic

We are, as I’m sure you’re well aware, in the midst of a global health crisis. As governments and health organisations around the world work to stem the spread of the virus and ease the anxiety and panic within society, there are those who are maliciously turning this crisis into opportunity.

Our security research teams have identified a number of instances where bad actors are preying on the worries of the public, tainting the good work of people and institutions trying to help, and taking advantage of our increasingly remote workforce for profit. These are troubling times, there is a long road ahead of us, and it’s important that we all be alert to additional threats riding on the coattails of the current crisis and take appropriate precautions.

What follows are examples of recent exploits we’ve been seeing that both businesses and the public need to be aware of.

Phishing on fear

With so much fear having permeated society, cybercriminals are using this to entice people to click on malicious links and provide personal information or corporate credentials. Recent phishing emails promise recipients a variety of false COVID-19 related information, from up to date infection numbers in their locality, shocking images that governments are supposedly hiding from us, and even a link to a cure. Panicky and curious users who click on these links will often find that malware infects their devices.

Attackers will also go so far as exploit people’s sense of urgency and make emails time-sensitive. It’s a similar psychological trick to how online retailers may use flash sales to lure us to make a purchase on-the-spot, although what a user gets is a lot worse than a little buyer’s remorse.  An email promising free coronavirus testing for the first 10,000 respondents will get a user’s attention, especially those who may not know the warning signs of a malicious email.

Ransomware in sheep's clothing

Attackers are also using coronavirus fears to draw people to bogus, malicious apps. Most recently we found one app that presented itself as a means to track the global spread of the virus, when in fact it had a ransomware payload. To confuse and entice users these will sometimes be built on the genuine work of professionals. For example, Johns Hopkins University recently created an interactive dashboard of coronavirus infections and deaths, which has now been copied onto websites utilising drive-by downloads and malicious apps in the Google Play Store for Android devices.

Security researchers identified a new campaign where attackers are copying the Johns Hopkins map into an Android app. When the user installs the application, it encrypts the phone’s data, transmits the user’s GPS location data, and displays a message to the user that they can only retrieve their files if they pay $100 in bitcoin.

This is already turning into a lucrative black market business. Hackers on underground forums are reportedly selling £600 exploit kits that include Java code that clones the virus outbreak map and allows attackers to inject password-stealing malware, spam, malicious ads, or ransomware. Worryingly, the .jar file is reportedly able to make it through popular webmail filters and can also successfully exploit a system with a fully-patched version of Java.

Working from home woes

With public gatherings currently prohibited, remote working policies and business continuity plans are enabling workers to continue performing their duties from home. Whilst flexible working policies have been part and parcel of the modern workplace for some time, the sudden introduction of remote access solutions at scale is introducing additional work and complexity to an already overworked IT and security staff.  As remote users increase, and with a limited number of technical staff to support them, it exposes a far larger attack surface for criminals to exploit.

As the scale of the need to support remote workers appeared so quickly, it’s possible that in the rush to get more remote access appliances online as quickly as possible, organisations may have bypassed traditional security reviews and change management procedures. This will have been done for benevolent reasons, most likely preventing any major disruption and ensuring business continuity, but it creates vulnerabilities within the remote access system.

For instance, traditional remote access solutions such as VPNs or firewalls need inbound access to listen for incoming connections. If organisations have not kept their appliances adequately patched and updated due to the rush, it could lead to unauthenticated access into corporate networks.

With so many employees working remotely, social engineering attackers could more convincingly call into the help desk to get user credentials reset, as this would be chalked down to a common hiccough associated with the onboarding of a significant number of remote access users. Once an attacker gains access to VPN credentials, the entire corporate network is exposed unless significant network segmentation has occurred.  Network changes during a crisis are difficult, and may not be seen as top priority, so many organisations unaccustomed to supporting a large number of remote workers may well have been left vulnerable.

Lastly, the very nature of human psychology may put networks at greater risk. Employees working remotely are no longer protected by the security stack traditionally housed in a corporate data centre. Organisations rely on VPNs to send their traffic to a data centre for inspection, then out to the internet. However, end users are likely to take the path of least resistance in aid of getting their jobs done more efficiently, and forgo using a VPN for a faster browsing experience, or only use the VPN when they need to access the corporate network.

Be alert to cyberthreats

So long as coronavirus continues to disrupt our lives, both personal and professional, expect cybercriminals to exploit the situation by luring victims into clicking malicious links and installing malicious software. With all that’s going on in the world already this is a disheartening truth, but by following remote working organisational procedure, being more suspicious than ever of what you click and download, and trusting that the cybersecurity community is working tirelessly to stop these threats in their tracks, you can limit yours and your employer’s exposure.

Comments

Popular posts from this blog

The best Android games of 2018

TechRadar - All the latest technology news The best Android games of 2018 There are loads of great games available for Android, but how can you pick out the gems from the dross, and amazing touchscreen experiences from botched console ports? With our lists, that’s how! We cover the best titles on Android right now, including the finest racers, puzzlers, adventure games, arcade titles and more.  We've tried these games out, and looked to see where the costs come in - there might be a free sticker added to some of these in the Google Play Store, but sometimes you'll need an in app purchase (IAP) to get the real benefit - so we'll make sure you know about that ahead of the download. Check back every week for a new game, and click through to the following pages to see the best of the best divided into the genres that best represent what people are playing right now. Android game of the week: Spitkiss ($1.99/£1.99/AU$3.69) Spitkiss is a mashup of...

Samsung Galaxy Note 20’s chipset might not be that bad after all

With the Galaxy Note 20 launch just a week away, all eyes will be on what upgrades Samsung brings to the table. While the chipset might remain unchanged, there might be a silver lining. While Samsung flagship like the Note series and the S series are powered by Snapdragon chipsets in the US and European markets, they come with Exynos chipset in Asian markets such as India. It often tends to lose out on the performance front against Qualcomm Snapdragon counterparts. However, a new leak suggests some good news in this regard. Samsung Galaxy Note 20 release date, price, news and leaks Upcoming smartphones in India: Specs, launch date, price (Image credit: Samsung/WinFuture) According to a tweet by Anthony, a Youtuber, Samsung Galaxy Note 20 will continue to be powered by the Exynos 990 chipset, but with major improvements in terms of the performance and efficiency. These optimizations should bring it closer to the Snapdragon 865 series. He even suggested that it is almost li...

The best Sky Q 4K movies and TV to watch

The best Sky Q 4K movies and TV to watch You’ve got the 4K TV, you’ve coughed up for a Sky Q UHD-ready premium set-top box, and now you’re looking for something great to show off all those pixels with. Great news! If you’ve signed up for Sky’s 2TB Sky Q box with a Sky Q multiscreen subscription, you’re good to go, getting access to the suite of 4K films and TV shows Sky is currently curating. It’s usually a £34 a month deal (including rental of the box), but is currently down to £32 a month. There’s a growing selection of top-notch films on the service, with the library growing all the time, and Sky pumping more and more money into presenting its own original programming in 4K too. Note you’ll have to download 4K content in advance of watching it, rather than streaming it – so if you’ve got a slower broadband connection, you may want to get some of these downloading well in advance of settling down to watch them. Depending on the film and length, they can be many gigabyte...