Targeted advertising has become a mainstay of life on the web these days. You do a search on Amazon for say, exercise bikes, and then, just about every other website you visit will show you ads relating to your recent search. It's almost scary how good the ad targeting is.
If you're not a fan, there's good news. Apple has decided to do something about it.
With the release of iOS 14.5, they introduced a new feature called ATT, which stands for App Tracking Transparency. It's purpose is to make the types of ads described above a whole lot less common.
It works by placing hard limits on the data collection practices that are essential for displaying targeted ads Also, as you might expect, the decision is generating tons of backlash from retailers around the globe. After all, most of them have made targeted advertising a central component of their online ad strategy and this change stands to upend the apple cart.
Simply put, the new feature requires apps to get users' permission before tracking their data across other companies' websites and apps for advertising purposes. All you, as the user, have to do is select the option "Ask app not to track" and the app's developers will be denied access to your data.
This is a big win for the end user on two fronts. First, app developers won't be able to track your movements around the web, so they won't have a window into the various sites you visit. Second, they won't be able to share what data they do get their hands on with third party data brokers.
Privacy experts love the change, and it certainly won't hurt Apple itself; the company makes most of its profits from hardware sales and the services they provide. Advertising revenue is a small piece of Apple's pie.
So far, there's no functional equivalent in the Android ecosystem, but depending on how well it is received, you can expect something comparable to appear before very long. Kudos to Apple for taking a big step in the right direction where privacy is concerned.
There's a new malware threat you need to be aware of, and it recently made its way onto the UK's National Cyber Security Centre's radar.
Called FluBot, it is designed to steal information including passwords and banking particulars. There are a couple of interesting aspects about this threat that are noteworthy.
First, it is currently being spread exclusively via text message. A potential victim will get a text claiming to be from a shipper. The text will include a link that the user can tap in order to install a package tracking app. Of course, there is no package and thus, no package tracking app, so if the user taps this link, it will actually install the FluBot malware.
Worse, the code contains a module that gives FluBot worm-like capabilities. That allows it to access the victim's contact list and send poisoned texts to each person on that contact list, allowing it to spread like wildfire.
For the moment, the aptly named FluBot is circulating primarily in Europe. However, given the peculiar nature of its spread mechanism, it could easily jump to the United States with a vengeance, or any other part of the world.
Unfortunately, there's no good defense against FluBot at present, aside from education and awareness. Make sure your employees are aware of the threat and are careful not to click on any links promising to track packages, even if they're expecting a delivery. It is far better to simply open a new browser window, type in the URL of the shipper you're expecting a package from, and track the package that way. That is, rather than risking an infection that could put a wide range of sensitive data at risk, and cause problems for everyone on your contact list.
Stay vigilant. This won't be the last threat to emerge in 2021.
NASA has big ambitions to put 4G internet on the moon, and has tasked Nokia with turning their dream into a reality.
It seems like the next logical step, really, since 4G has basically conquered planet earth. It can even be found on offshore oil rigs and atop Mount Everest, but the moon?
It's actually not as crazy as it sounds.
After all, the goal of NASA's Artemis program is to establish a permanent human presence on the moon by the end of this decade. So, if we're going to have people there on a permanent basis, then they're going to need a reliable way of communicating with earth. The American space agency has decided that 4G connectivity is the solution.
It's certainly a big job, but not without precedent. After all, the astronauts living and working on the International Space Station (ISS) have been using Wi-Fi since 2008, and are even capable of live streaming space walks, thanks to gear added to their space suits.
For their part, Nokia has been tasked with creating a local network on the moon, to extend across roughly five kilometers, designed to enable seamless communications between astronauts and equipment on the ground. This, however, would naturally be tied into the proprietary system NASA has already developed to enable communications between space and the Earth. That would ultimately give our moon-based humans access to the 'net, even while camped out on the moon.
The network would, of course, be useful for more than live streaming videos from the moon to earth or enabling quick communications. Once in place, Nokia's network would make it a simple matter for astronauts to remote-pilot drones, rovers and similar equipment, which would make it easier to get useful work done on the moon's surface.
It's an exciting project, and over the next few years, we can expect to see, hear, and learn more about the details. A grand adventure indeed!
Last year, Google made some important changes to their Chrome browser in a bid to increase user security.
Among these changes was to default to "HTTPS" in the browser in an attempt to reduce the number of "man in the middle" and similar types of attacks.
Their strategy worked.
Other companies adopted Google's approach and HTTPS became the new standard on the web, and user security was increased. That's a very good thing.
Unfortunately, we are now learning, courtesy of data collected by Sophos, that hackers are increasingly taking advantage of TLS (Transport Layer Security) to hide their own activities. Last year, Sophos reported that some 24 percent of malware was using TLS to communicate. This year, that value is up to 46 percent.
Where malware is concerned, there are, broadly speaking, three types of communication: downloading additional malware, exfiltration of data, and command and control. By using TLS when engaging in all three of these, hackers make it significantly more difficult for IT security professionals to detect, and ultimately to stop their malicious activity.
While user security has unquestionably increased over the last year, so too, has the security of hackers, and it's complicating the lives of IT folks around the world.
Unfortunately, there's not much that can be done about it. Anything that helps the general public by definition, can also be used by hackers around the world to help themselves, so it shouldn't come as a great surprise that they're increasingly embracing TLS. The first rule of hacking is, after all, 'be at least two steps ahead.' They are, and that's unlikely to change in the foreseeable future.
For now, the best you can do is be mindful of the fact that hackers are increasingly taking advantage of TLS. Forewarned is forearmed. Good luck out there.
Jiri Kropac, the head of ESET's Threat Detection Labs, recently reported a new malware campaign to be aware of.
This one is a bit different in terms of methodology. Hackers most commonly employ emails utilizing various social engineering tricks in an attempt to lure unsuspecting recipients into clicking malicious links or downloading poisoned files.
In this instance, however, the hackers are boldly advertising, impersonating legitimate online destinations like Spotify or the Microsoft store. For instance, one example of the ad campaign hypes a chess program, inviting users to download it.
If anyone clicks on the link, they are taken to what appears to be a page on the Microsoft store, promising the software mentioned in the ad.
Anyone clicking to install the chess program will have the FickerStealer malware installed on their system instead. This malware is a Trojan released on Russian hacking forums in January of this year (2021). It was designed to steal a wide range of user data, including the capability to pilfer cryptocurrency from a variety of supposedly secure cryptocurrency wallets.
All stolen data is zipped for compression and periodically exfiltrated to a command and control server run by the hackers. Even worse, the developers behind this particular malware strain posted it on the hacker forums in a bid to gin up customers, as their goal has been, from the start, to rent their code out to anyone who wants to make use of it.
Given that, you can bet that we'll be hearing a great deal more about FickerStealer in the weeks and months ahead, as an increasing number of hackers take the developers up on their offer and begin deploying it in a growing number of campaigns.
The only real defense against this kind of campaign is to instruct your users not to click on any advertisements. If they want an app, or to sign up for services like Spotify, rather than clicking ads, have them type the URL in manually.
Make sure your people are all aware of the new threat, and stay safe out there.