Making Origin safe and secure

Millions of gamers use the Origin platform to get the latest releases from Electronic Arts and its partners, communicate with other users, and stream directly to Twitch. If you are one of them, competing for glory in Battlefield, FIFA, Need for Speed, or other games from these developers, take a few moments to sort out the security and privacy settings. Doing so will make your gameplay more user-friendly and secure, so you can focus on winning. Here, we spotlight some neat options on EA’s platform and how to use them.

• How to protect your Origin account
  • How to change your Origin password
  • How to change the security question on Origin
  • How to set up...

Ransomware 2020

Since its first appearance, ransomware has undergone an evolutionary journey — from piecemeal tools created by isolated enthusiasts to a powerful underground industry reaping vast rewards for its creators. What’s more, the cost of entry to this shadowy world is getting lower.

Nowadays, would-be cybercriminals no longer need to create their own malware or even buy it on the dark web. All they need is access to an RaaS (Ransomware-as-a-Service) cloud platform. Easy to deploy and requiring no programming skills, such services enable just about anyone to use ransomware tools, and that has naturally led to increasing numbers of ransomware cyberincidents.

Another worrying...

Mobile apps are watching you

Some mobile apps track your location — and secretly report it to services that sell the data. You almost certainly use at least one such app without even knowing it. How do you find out which apps may be problematic — and what can you do about it?

When he saw a visualization of spring breakers from just one beach in Florida dispersing all over the US during the COVID-19 pandemic, Kaspersky GReAT’s director, Costin Raiu thought not about the coronavirus, but about apps that track their users’ locations. The report used research including location data from X-Mode. But where did X-Mode get the data?

Well, X-Mode distributes...

Transatlantic Cable podcast, episode 170

We kick off the 170th edition of the Kaspersky Transatlantic Cable podcast with the alleged end of the Maze ransomware gang.

The cybercriminal enterprise recently issued a broken-English press release claiming it was exiting the game. It would be easy to take them at their word, but they are criminals, after all, and Dave and I are not buying it.

From there, we move to Japan, whose national nuclear agency warns of a cyberattack. Not many details are available at this time in Western or Eastern publications, but this is one to keep an eye on.

We then jump into the world of COVID-19 for a pair of stories involving coronavirus and cybersecurity....

OpenTIP, season 2: Come on in!

A year ago I addressed cybersecurity specialists to let them know about a new tool we’d developed. Our Open Threat Intelligence Portal (OpenTIP) offers the same tools for analysis of complex threats (or merely suspicious files) as our GReAT cyberninjas use. And lots of other folks use them now too, testing zillions of files every month.

But a lot has changed in the past year, with practically the whole world having to work remotely because of coronavirus, which in turn makes life more difficult for cybersecurity experts. Maintaining the security of corporate networks has become a hundred times more troublesome. As precious as time was before COVID-19, it is...

Transatlantic Cable podcast, episode 169

Today we’re giving you a special edition of the Kaspersky Transatlantic Cable podcast, in which Dave and I take off our news hats for once and chat with an executive from within the Kaspersky ranks.

Our featured guest is none other than Kaspersky Chief Business Officer Alex Moiseev. During our thirty-some-odd-minute chat, we discuss a wide variety of topics ranging from the company’s recent innovation report to Alex’s passion for startups and innovation and how his love of motorsport and racing has helped his career and much more.

Perhaps the juiciest bit of the interview is our discussion on the future of the cybersecurity industry, Eugene...

How to protect your Battle.net account from hackers and scammers

Losing your Battle.net account, and the years of gaming and grinding progress, could be a nightmare. There are better ways to quit WoW, Hearthstone, Overwatch, and other games that seem too addictive to walk away from, for sure. Assuming you’d rather keep gaming with your Blizzard account, safeguard it with our guide.

• Blizzard account security
  • How to change your Battle.net password
  • How to change the security question
  • How to set up two-factor authentication on Battle.net
  • How to ensure that only you have access to your account
  • Don’t leak your Battle.net password
• Privacy settings
  • How to hide your real name
  • How to...

GReAT, Ask Them Anything 2.0

A lot has changed over the past four years. We’ve seen major ransomware and wipers take the Internet by storm. Empires of bots have done everything from mining crypto to helping change how people vote. And business travel has come to a standstill thanks to a viral enemy that caused a global pandemic.

As they say, what a time to be alive.

You know what hasn’t changed? Kaspersky’s Global Research and Analysis Team (GReAT) and its quest to help keep the good guys one step ahead of the bad ones in the virtual and physical world.

What does that have to do with four years ago? Well, my dear readers, let me tell you.

A bit over four years ago, I wrote on this very...

Transatlantic Cable podcast, episode 168

In the latest episode of the Kaspersky podcast, we look into recent news about Donald Trump’s campaign website being hacked — briefly — to promote a cryptocurrency scam. It was only a single page, but the hack comes at a critical time in the US election cycle.

From there, we move on to a story about a psychotherapy clinic in Finland that was hacked. Patients are now finding their details on the dark web, and some have been contacted by an elusive individual called “The Ransom Guy.”

To wrap up, we look at a case of fake news in the retail sector. Anyone familiar with the dearly departed Woolworths chain knows it went under in 2008 — but that didn’t...

Phishing through e-mail marketing services

Scammers have used various tricks over the years to bypass antiphishing technologies. Another scheme with a high success rate for delivering phishing links to targets is to use e-mail marketing services, also known as e-mail service providers (ESPs) — companies that specialize in delivering e-mail newsletters — to send messages. According to statistics we’ve obtained from our solutions, the method is gaining momentum.

Companies that are serious about e-mail threats thoroughly scan all e-mail — with antivirus, antiphishing, and antispam engines — before letting messages reach users’ inboxes. The engines not only scan...

Windows XP source code leak: Tips for businesses

In late September, news broke that the source code for Windows XP had leaked online. A torrent file for downloading the operating system code was published on an anonymous forum, and it spread webwide quickly. Although Web analytics service StatCounter estimates that fewer than 1% of all computers actually run Windows XP, that still represents millions of devices globally.

Microsoft discontinued support for Windows XP way back in 2014, so anyone still using it in 2020 is taking a big risk; Microsoft will never patch the new vulnerabilities that continue to pop up. The company makes one...

Five life hacks for Netflix users

With its vast content library, including original shows, all at an affordable price and without ads, not for nothing is Netflix one of the most popular streaming services in the world. That said, nothing is perfect: Navigating Netflix’s catalog can be a pain; movies have a tendency to disappear every now and then; and in many countries certain content is wholly inaccessible. However, none of those issues is insurmountable. Here’s how you can overcome them.

Netflix lets you search for content by various parameters: title, cast, genre, and so forth. If you’re looking through movie titles and actors’ names, that’s...

Transatlantic Cable podcast, episode 167

Who would have thought that an episode of this podcast would start with Robin Hood? Well, you don’t have to go far; that’s exactly where we kick off this episode of the Transatlantic Cable podcast.

Our first story of the week takes a look at some Robin Hood types who, after using ransomware to steal from corporations, then donate a small fraction of the stolen money to nonprofit organizations. Sorry, but I am not going to call these guys heroes just yet.

From there, we head to the sky, to British Airways being hit with a record-setting GDPR fine. Sticking with travel news, Carnival Cruise Lines and some of its subsidiaries have been navigating...

Training by security console

The notable shortage of cybersecurity specialists on the market in recent years has become particularly problematic in 2020. The pandemic, which has led to a widespread shift to remote working, has also highlighted the need to change security strategies at many companies. Even small firms have realized that the skills of their IT administrators are no longer sufficient to ensure business continuity and protect corporate information.

Management faces a choice: Hire an additional information security specialist or provide specialist advanced training to existing IT staff. Both approaches have merit, but the second is where we can help you out.

Leaky images and other foibles of office documents

Reports, articles, marketing materials — all are document types most of us handle at some point. We write and edit them on computers, e-mail them to colleagues or friends, share them in the cloud, hand them to clients, and so much more.

If a file you intend to show to others contains information they shouldn’t see, however, you could run into problems. Let’s figure out how to prevent that.

Secrets such as passwords in the background often show up in images, and by no means do all editing tools get rid of them properly. For example, even if you thoroughly blur over sensitive information with a semitransparent brush,...

Collaboration tools from a security perspective

For many companies, the mass transition of staff to remote working created a need for new tools. Years of fine-tuning employee interaction mechanisms went down the drain overnight as IT departments scrambled to deploy market-ready collaboration solutions. These solutions aroused no less interest among cybercriminals, who smelled an opportunity to gain remote access to companies’ information systems and spread malware through corporate networks.

The problem with collaboration solutions is that at any moment they can be turned into vehicles for spreading infection across the corporate network. Just one negligent employee...

Innovation in enterprise

It is no secret that business cannot survive without innovation. To gain competitive advantage, companies must continually develop, introducing new processes, new technologies, new tools. Wholesale digitalization has affected innovation in at least two ways. On the one hand, it has prepared the ground to ease the way for the adoption of new ideas. On the other, it has opened the door to new threats by complicating IT infrastructure.

Our colleagues investigated enterprise-level attitudes toward innovations: how they are implemented and what hinders the process. To do so, with the help of independent research company Savanta, they interviewed more than 300...

Transatlantic Cable podcast, episode 166

We kick off this week’s edition of the Transatlantic Cable podcast by looking at an active scam in the UK. As if 2020 was not bad enough, now people need to be on the lookout for scams that are targeting them with travel and refunds that are more prevalent with everyone at home due to COVID-19 — and the impact on people’s wallets is continuing to get bigger.

From there, we jump across the Atlantic to Springfield, Massachusetts, whose school system was hit with ransomware. The only ones happy in this story were the kids who got an impromptu snow day.

We stay in the US for our third story, this about Google’s sharing of crime-related search data...

How to choose a truly free smartphone game

Wherever and whenever you want to play, mobile games are there for you. You can occupy yourself on the subway or while waiting in line at the doctor’s office by battling in Fortnite or PUBG, or you can spend your lunch break gathering resources in Clash of Clans. What’s more, many developers provide such entertainment free.

Indeed, you’ll find many free-to-play mobile games in your app store, although among the greats lurk plenty that are more annoying than fun, filling your screen with ads, recommending payment every step of the way, even in some cases not appearing to do anything at all (while downloading a bunch of useless or outright...

Transaction and account security tips for eBay

eBay is one of the most popular marketplaces in the world, and one of the reasons is that it’s generally safe and reliable. But when you engage in monetary transactions, you always assume the risk of losing money as a result of fraud or negligence, to name just two causes. What can you do to protect yourself as much as possible from fraud and deception when using eBay?

eBay’s increasing number of measures to ensure its users’ security is representative of a general trend. The site has programs to protect both buyers and sellers. The programs recommend some clear risk-minimizing practices. Nevertheless, it does not hurt to once again list...

MontysThree: Industrial cyberspy

Our experts have found traces of activity of a new cybercriminal group that spies on industrial enterprises. The crooks are carrying out targeted attacks, using a tool that our researchers call MontysThree, looking for documents on victims’ computers. The group appears to have been active since at least as far back as 2018.

The cybercriminals use classic spear-phishing techniques to penetrate victims’ computers, sending e-mails containing executable files that look like documents in .pdf or .doc format to employees of industrial enterprises. Such files are typically named “Corporate data update,” “Technical...

Malware delivery through UEFI bootkit with MosaicRegressor

Recently, our researchers uncovered a sophisticated targeted attack aimed at diplomatic institutions and NGOs in Asia, Europe, and Africa. As far as we can determine, all of the victims were connected to North Korea in one way or another, whether through nonprofit activity or diplomatic ties.

The attackers used a sophisticated modular cyberspy framework that our researchers call MosaicRegressor. Our investigation revealed that in some cases the malware entered victims’ computers through modified UEFIs, an extremely rare occurrence in the wild. However, in most cases, the attackers used spear-phishing, a more traditional...

Transatlantic Cable podcast, episode 165

The SAS is here — digitally, of course; it is 2020, after all. To kick off the latest iteration of the Transatlantic Cable podcast, Dave and I chat about a topic presented at the conference.

We begin with Mark Lechtik, Igor Kuznetsov, and Yury Parshin’s research on MosaicRegressor. This new malware uses a UEFI foothold to plant a second, more traditional piece of spyware on a target computer’s hard drive.

From there, we jump to the state of New Jersey, where a hospital hit with a ransomware attack paid a partial ransom.

For our third story, we head over to the world of dating apps and discuss a vulnerability in Grindr. It’s been patched, but it...

The Pied Piper of Hamelin and cyberweapons

Contrary to popular opinion, fairy tales and folk legends were not invented as entertainment, but to teach children (and adults) important lessons in an easy-to-understand form. Since time immemorial, storytellers have woven cybersecurity tips into their tales, hoping to make the Internet (which they foresaw) a safer place. For example, the story of Little Red Riding Hood is a warning about MitM-type attacks, and Snow White foreshadows government-sponsored APT campaigns. The list goes on.

Unfortunately, humankind continues to repeat the same mistakes with manic persistence, ignoring the obvious lessons of fairy tales. Another striking example of...

How to create a Google child account

Kids’ mobile phones are no longer just expensive toys. Phones help parents keep in touch, and kids to learn and develop in step with the times.

You’ve already read up on the pros and cons of kids having smartphones (as well as how to choose the right device). However, buying a phone for your child (or repurposing your old one) is only half the battle. The gadget needs to be configured properly, and that’s something you should do for yourself.

First, you will need to create an account for your child. On an Android device, it has to be a Google account, without which your kid cannot make full use of the phone. Here’s how.