Connect with us

NEWS

Cybercriminals forego low-hanging fruit to go after banking, gaming

February 25, 2022 3:20 p.m.

IN 2021, Kaspersky saw a steady decline in attacks on mobile devices, while cybercriminals consolidated their efforts to focus on more dangerous (and profitable) threats instead.

New mobile malware has become increasingly complex, featuring new ways to steal users’ banking and gaming credentials, as well as other strands of personal data. 

In 2021 Kaspersky detected more than 95,000 new mobile banking Trojans, but the number of attacks using such malware remained similar.

Additionally, the share of Trojans – malicious programs capable of executing remote commands – doubled, reaching 8.8% in 2021. These and other findings are featured in Kaspersky’s Mobile Threats in 2021 report.

Kaspersky’s annual analysis of mobile threats demonstrated a positive trend – the number of attacks on mobile users worldwide has been declining, hitting 46 million in 2021 compared to 63 million in 2020. Experts attribute this development, in part, to the wave of attacks seen at the beginning of lockdown as users were forced to work from home.

That period also saw increased use of various video conferencing and entertainment apps, increasing the volume and spread of attack opportunities. Now that the situation has stabilized, cybercriminal activity declined as a result.

Still, Kaspersky experts believe it is too early to relax. In 2021, 3.5 million malicious installation packages were detected, leading to 46.2 million attacks worldwide.

Moreover, 80% of attacks were carried out by malware rather than adware (software that intrusively displays ads), or RiskTools (malicious programs with various functions such as concealing themselves from the screen). 

“Indeed, there have been fewer mobile attacks in general, however, the attacks we are still seeing have become more complex and harder to spot. Cybercriminals tend to mask malicious apps under the guise of legitimate applications, which can often be downloaded from official app stores. On top of that, with mobile banking and payment apps becoming even more widespread, there is a higher chance of cybercriminals targeting these more actively. Staying cautious and careful on the internet and avoiding downloading unknown apps is good practice, but I also strongly recommend using a reliable solution. When it comes to the security of finances, in particular, it is better to be safe than sorry,” comments Tatyana Shishkova, security researcher at Kaspersky.

To protect yourself from mobile threats, Kaspersky shares the following recommendations:

It is safer to download your apps only from official stores like Apple App Store, Google Play, or Amazon Appstore. Apps from these markets are not 100% failsafe, but at least they get checked by shop representatives and there is some filtration system — not every app can get onto these stores.

Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services. The only permission that a flashlight app needs is to the flashlight (which doesn’t even involve camera access).
A reliable security solution can help you to detect malicious apps and adware before they start behaving badly on your device.

iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts, and GPS features if they think these permissions are unnecessary.

A good piece of advice is to update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.

Continue Reading
Advertisement

Click to comment

Leave a Reply

Your email address will not be published.

NEWS

Converge named finalist for NPC’s Privacy Initiative of the Year Award

5:25 p.m. June 11, 2025

Leading fiber broadband and technology provider Converge ICT Solutions Inc. was listed among the finalists for the 2025 Privacy Initiative of the Year at the National Privacy Commission’s (NPC) Privacy Awareness Week (PAW) Awards, in recognition of its innovative program, Project PIGLET (Privacy Integration through Guided Learning of Emerging Technologies).

The program aims to enhance digital literacy and privacy awareness among primary school students, emphasizing the critical importance of safeguarding personal information in today’s increasingly digital world.

“In a world where people are always online, Project PIGLET is important for teaching kids about privacy and data protection. We are proud that the NPC sees our work in helping build a safer and smarter digital community from the ground up. We remain committed to continuing this movement so that protecting privacy becomes a lifelong habit for all,” said Converge Corporate Compliance and Data Protection Officer Atty. Laurice Esteban-Tuason.

Every year, the NPC recognizes stakeholders for their compliance with the Data Privacy Act of 2012 (DPA) through the PAW Awards and inspires privacy advocates to deepen their commitment to data protection.

Under Project PIGLET, Converge – with the help of its Corporate Governance and Data Privacy (CGDP) Group – hosts engaging storytelling sessions in primary schools, where students, teachers, and parents learn about data protection through the adventures of ‘Astro Kids’ in the ‘Internet Universe.’

The narrative highlights the dangers of sharing personal information with deceptive online entities in the guise of friendship.

With the guidance of Captain Conrad, the Astro Kids impart crucial lessons on vigilance in cyberspace and encourage young participants to report suspected incidents to their guardians.

Previously, the company visited Francisco Legaspi Memorial School in Pasig and Anunas Elementary School in Angeles, Pampanga for Project PIGLET, inviting pupils in Grades 2 to 6 in age-appropriate discussions on digital literacy, and responsible online behavior.

Converge intends to expand the information drive by introducing new approaches and engaging more students across all academic levels in an effort to broaden the campaign’s reach throughout the country. ###

Continue Reading

NEWS

8 steps to secure industrial enterprises

5:20 p.m. June 10, 2025

Industrial sectors such as power and utilities, energy and chemicals, metals and mining and critical manufacturing are becoming increasingly vulnerable to cyber threats, in fact industrial enterprises experienced more incidents than any other, with a 25.7% share in 2024 according to the Kaspersky MDR team.

The importance of cyber resilience in these industries cannot be overstated, as cyberattacks can lead to operational disruptions, financial losses and compromised safety. Yet, according to the World Economic Forum only 19% of cyber leaders feel confident that their organizations are cyberresilient. 

Those fears are rooted in the knowledge that threat levels are rising everywhere. Global analyst and advisory firm Omdia found that 80% of manufacturing firms experienced a notable increase in overall security incidents or breaches last year, but only 45% are adequately prepared in their cybersecurity.

Why cyber resilience matters

One of the most critical aspects of cyber resilience is maintaining business continuity. Cyberattacks have the potential to cripple operations, causing significant delays and financial setbacks. The effects of a cyberattack can be felt far and wide such as power outages, safety incidents and environmental emergencies. However, organizations that prioritize cyber resilience can quickly recover from incidents, minimizing downtime and ensuring essential functions remain operational. Proactive business continuity planning is key, as it enables companies to prepare for potential cyber threats and ensure that disruptions do not lead to prolonged or catastrophic consequences.

Another hugely important reason for greater cyber resilience is its role in protecting sensitive data and preserving an organization’s reputation. Industrial enterprises manage vast amounts of sensitive data, making them prime targets for cybercriminals. A successful attack can lead to data breaches, intellectual property theft and significant reputational damage. Additionally, many industries must comply with stringent data protection regulations, and so a comprehensive cyber resilience strategy helps organizations stay compliant and avoid costly legal consequences.

Industrial control systems are particularly vulnerable, as they form the backbone of essential industrial processes. Cyber resilience ensures these systems remain secure, reliable and functional even when faced with persistent threats. Additionally, as industrial enterprises increasingly integrate connected products and digital technologies, the need to protect these interconnected systems from cyberattacks becomes even more pressing.

Financial loss is arguably the greatest concern when it comes to cyber threats though. A single cyberattack can result in substantial financial repercussions, including direct losses from theft, recovery costs, regulatory fines and lost business opportunities. A well-structured cybersecurity strategy can lead to lower insurance premiums by demonstrating a proactive approach to cyber risk mitigation. Additionally, organizations that invest in cyber resilience are better equipped to optimize their operations, ensuring that productivity and efficiency are maintained even in the face of emerging cyber threats.

Kaspersky is on the front line, protecting more than 1,000 industrial customers and has extensive experience in helping industrial organizations in adopting international standards and best practices. Calling on this expertise, Kaspersky has defined the following eight strategic steps that apply universally to automation systems:

  1. Inventory: Asset Management

Begin by building or updating your asset inventory. Account for systems, software, hardware, network segments, conduits, communication paths and devices to understand what must be secured. If you can’t monitor a part of your infrastructure – or aren’t even aware it exists and could be attacked – you can’t protect it. This comprehensive inventory ensures all valuable assets are secured.

  1. Assess: Detailed Risk Assessment

Conduct a detailed risk assessment to understand the current risk level within your organization, considering potential threat vectors and existing or planned countermeasures. This assessment helps prioritize investments and prevent potentially catastrophic disruptions.

  1. Secure: Essential Security

Implement essential security measures, such as endpoint protection, to safeguard operations. This involves creating security baselines aimed at maintaining and protecting operational OT system integrity while detecting, blocking and remediating cyber threats.

  1. Detect: Threat and Anomaly Detection

Implement threat and anomaly detection to identify threats early and understand how attacks develop, enabling quick responses to avoid disruption and continually strengthen your security posture.

  1. Audit: Security Audits and Compliance

Conduct regular security audits and focus on compliance to build a realistic picture of your organizational cybersecurity. These systematic evaluations ensure alignment with criteria and benchmarks, improving adherence to best practices and resulting in robust systems.

  1. Enhance: Zones and Conduits

Enhance your network architecture by organizing and protecting it through zones and conduits. Zones group networks, devices and services based on function and criticality, while conduits represent communication paths that unite zones or connect them to external networks.

  1. Monitor: Mature Security Operations

Develop a mature Security Operations Center (SOC) with proactive and contextual analysis capabilities to manage complex attacks. Continually evolve your SOC capability with threat intelligence and incident response features to swiftly investigate, contain and mitigate threats.

  1. Prepare: Fault Tolerance and Readiness

Guarantee fault tolerance by stress-testing your infrastructure through exercises that simulate large-scale cyberattacks. This preparation ensures that your industrial control systems can withstand and recover from cyber incidents without compromising operational continuity. People are an organization’s greatest asset, but they also a point of potential vulnerability, employers should be trained on a regular basis.

Continue Reading

NEWS

Kollab lauded as The Best Small Workplace in the Philippines by Great Place to Work®

8:44 p.m. June 9, 2025

Kollab is shaping the future of Filipino IT talent through a workplace culture that continues to set the standard.

The premier digital transformation advisor has once again been named at the #1 Best Workplace in the Philippines among small enterprises (30-99 employees) by  Great Place to Work®, earning the distinction for the second straight year and securing a spot as the #4 Best Workplace™ in Asia.

In the Philippines, Kollab topped the Top 10 list after 99% of Kollab’s employees said the company was a great place to work, a stark contrast to the national average of 65%.

Jonathan Ty, Kollab’s CCO and Head of Business Development, shares, “At Kollab, culture isn’t just a buzzword—it’s how we operate. We believe that embracing a people-first approach is the key to creating the next generation of Filipino tech leaders. We’ve seen the immense potential of Filipinos in driving tech innovation, and we cultivate that with a collaborative culture that balances positive growth results with workplace flexibility and employee wellness.” 

Kollab’s success lies in its deeply collaborative culture. During its recent acquisition of local AI firm Senti AI, teams were directly involved in shaping strategy and integrating cultures –– a move that reinforced Kollab’s pro-employee initiatives. Employees also get to lead projects and receive constant feedback, creating a continuous loop of growth and innovation. The company also promotes a remote-first work arrangement, mental health breaks, no-meeting days,  learning stipends, and a peer-run training program.

Kollab’s collaborative workplace environment has driven the company’s growth in Southeast Asia as it now serves over 1,100 organizations in the region. It has expanded its portfolio to include more complex tech solutions in cloud computing, AI, and cybersecurity. Kollab also launched Managed Security Services to help enterprises implement continuous threat exposure management and real-time protection and response.

Kollab plans to double its tech talent pool and strengthen its employee empowerment initiatives in the coming years. It has launched AI and cybersecurity bootcamps, invested in professional certifications, and formed partnerships with leading technology firms in line with its pursuit of building a future-ready workforce.

For more information about Kollab and the company’s people-first initiatives, visit https://www.kollab.com/ and follow its LinkedIN page at https://www.linkedin.com/company/kollabph/.

Continue Reading