Connect with us

TECHNOLOGY

Kaspersky unmasks active malicious campaigns targeting Android and iOS users in APAC

September 2, 2022 6:19 p.m.

Global cybersecurity company shares how to secure smartphones from “Anubis” mobile Trojan and the infamous “Roaming Mantis” campaign

With the continued uptick in the adoption of mobile banking in Asia Pacific (APAC), global cybersecurity company Kaspersky warns of more attacks against Android and iOS devices.

Particularly, active monitoring shows the notorious Anubis Trojan now delivers a combination of mobile banking Trojan with ransomware functionalities to its target smartphones.

Mobile banking Trojans are one of the most dangerous species in the malware world.

This type of threat steals money from mobile users’ bank accounts usually by disguising the Trojans as legitimate apps to lure people into installing the malware.

Kaspersky’s elite researcher – Suguru Ishimaru – zeroed in on the mobile threat landscape in APAC to answer: what if there are no smartphones? Sharing the reality that users cannot live without a mobile device, he unmasked the latest malware targeting iOS and Android users in APAC during the company’s 8th Cyber Security Weekend in Phuket, Thailand.

Suguru Ishimaru, Senior Malware Researcher for Global Research and Analysis Team (GReAT) at Kaspersky 

Anubis is a mobile banking Trojan targeting Android users as early as 2017. Its worldwide campaigns targeted users from Russia, Turkey, India, China, Colombia, France, Germany, the US, Denmark, and Vietnam.

This malware family continues to be one of the most common mobile bankers, according to Kaspersky’s latest mobile statistics in the second quarter of 2022. In this period, one in 10 (10.48%) of unique Kaspersky users globally who encountered a banking threat have encountered Anubis mobile banking Trojan.

Initial infections are done through multiple ways – legitimate-looking and high-ranking but malicious apps available on Google Play, smishing (phishing messages sent through SMS), and Bian malware, another mobile banking Trojan.

Once in, this infamous mobile banker can do a complete device takeover. It can steal personal information and identity, access private messages and login credentials, record sound, request GPS, disable play protection, lock the device’s screen, and more.

“Anubis is known for compromising hundreds of bank customers per campaign, proving that it’s among the most active malware targeting Android users right now. Our recent findings show that the cybercriminals behind this threat have started implementing ransom functionalities. If this modification proves to be successful, chances are other malicious groups will copy the same technique of stealing data and holding devices hostage. As a result, I expect to see more of such attacks in APAC due to cybercriminals’ strong financial motivation,” says Ishimaru, Senior Malware Researcher for Global Research and Analysis Team (GReAT) at Kaspersky.

The threat against Android and iOS users: Roaming Mantis

Another prolific threat actor targeting mobile banking users, globally and in the APAC region, is Roaming Mantis.

The group carries out malicious campaigns that target Android devices and spreads mobile malware initially via DNS hijacking and currently through smishing.

Kaspersky experts have been tracking its operations since 2018 and detected almost half a million attacks in APAC from 2021 to the first half of 2022.

Most numbers of the malware were blocked from infecting Kaspersky users in Russia, Japan, South Korea, India, and China.

Ishimaru also underlined that while the cybercriminal group is known for targeting Android devices, Roaming Mantis’ recent campaign showed interest in iOS users.

Using the same techniques, the smishing messages targeting iOS users contain a very short description and a URL to a landing page.

If a user clicks on the link and opens the landing page, there are two scenarios: iOS users are redirected to a phishing page imitating the official Apple website, while the Wroba malware is downloaded on Android devices.

If a victim inputs his credentials to the phishing website, it will then proceed to the 2FA (two-factor authentication) phishing website.

This allows the attacker to know the user’s device, credentials, and 2FA codes.

“There is a notion that iOS is a more secure operating system. However, we must take two things into account – the increasing sophistication of mobile bankers’ social engineering techniques and malware arsenal and the possibility for human errors. Remember that both Anubis and Roaming Mantis require user’s participation before they can take over a device. With more than half (63%) of digital payments in APAC doing their financial transactions online through mobile devices, awareness is no longer enough. Protecting our smartphones is a step that everyone should be doing by now,” adds Ishimaru.

Kaspersky expert suggests two layers of protection for smartphones

  • Basic security
    • Keep phones up-to-date and install the latest patches 
    • Reboot daily
    • Do NOT trust third-party apps and mobileconfig
    • NEVER click on links sent through SMS
    • Install a security solution like Kaspersky Total Security
  • Advanced protection
    • Use a VPN to mask your traffic
    • Check live network traffic using live Indicator of Compromise (IOCs)
    • Use Lockdown Mode for iOS 16 users

TECHNOLOGY

Top AI camera phone HONOR Magic6 Pro now available nationwide with free HONOR Watch GS3! 

9:05 p.m. May 20, 2024

Leading smart devices provider in the Philippines, HONOR, continues to expand all over in the country as it opens its latest HONOR Experience Store in SM City San Lazaro. It marked also the First Day Sale of the impressive HONOR Magic6 Pro, dubbed as the Top AI Camera Phone available in the market, currently priced at P59,999. 

“This incredible Magic AI camera phone to date immensely made waves in the market and now that it’s officially available here in the Philippines, we’re also excited to have a double celebration as unveil our newest experience store in SM City San Lazaro,” said Stephen Cheng, HONOR Philippines Vice President. 

The HONOR Magic6 Pro is available with FREE HONOR Watch GS3 worth Php 11,999 when purchased in physical stores from May 18 to May 31.  

The store was officially opened through a ribbon-cutting ceremony executed by Bluelite Operations Manager Joseph Chua, Bluelite Purchasing Manager Hyacinth Simbulan, SM San Lazaro Asst. Mall Manager Darcy Royo, HONOR PH Brand Marketing Manager Joepy Libo-on, HONOR PH Retails Sales Director Tom Yuan, and HONOR PH PR Manager Pao Oga. 

To extend the fun and excitement, consumers participated during the Guess the Phone Challenge as they familiarize themselves with various HONOR smartphones and identify their lucky pick on the spot.  

HONOR Magic6 Pro’s Pro-Level Specs 

The HONOR Magic6 Pro is known for its impressive camera with 180MP resolution, Second-generation Silicon-carbon Battery with 5600mAh battery capacity, Snapdragon 8 Gen 3 processor, Magic Ring, Magic Portal, HONOR NanoCrystal Shield, and IP68 Dust and Water Resistance Certification.  

Available in Epi Green and Black, HONOR Magic6 Pro can be purchased through selected HONOR Experience Stores, and via Shopee (https://bit.ly/Shop_M6Pro_PR), Lazada (https://bit.ly/Laz_M6Pro_PR), and TikTok Shop (https://bit.ly/TikTok_M6Pro_PR)

For more affordable offers, the HONOR Magic6 Pro is also available at Home Credit for as low as P1,719/month with FREE Harman Kardon Luna and HONOR Earbuds X3 worth P11,699. Take advantage of the offer at https://bit.ly/HONORPH_HomeCredit. 

HONOR Lazada Flash Sale on May 19-21! 

Shop for your favorite HONOR devices and enjoy up to P5,000 off on top of Exclusive Vouchers and Freebies only from May 19 to May 21 via Lazada! Get the HONOR 90 Lite 5G for only P8,990 with FREE Band 6; HONOR X9a 5G for P11,990 from its original price of P16,990 with FREE Band 6, HONOR X8b for P11,400 with FREE X5 Earbuds; and HONOR X7b for only P7,600! Check out your orders now at Lazada https://www.lazada.com.ph/shop/honor.  

For more exciting announcements, head on to HONOR Philippines’ social media platforms: Facebook (Facebook.com/HonorPhilippines), Instagram (Instagram.com/honorph/) and TikTok Shop: (Tiktok.com/@honorphilippines). To check out HONOR’s complete list of retail stores, go to https://www.hihonor.com/ph/retailers/.

Continue Reading

TECHNOLOGY

PLDT Enterprise bags 3 Stevie Awards: Celebrating diverse innovations in Events and Digital Communication

12:34 p.m. May 6, 2024

PLDT Enterprise, the corporate business arm of the leading Philippine telecommunications and digital services provider PLDT, proudly announced its latest victories at the 2024 Asia-Pacific Stevie Awards.

The Philippine Digital Convention (PH Digicon) 2023 VISION: Reimagine Tomorrow’s Enterprise secured a Silver Stevie® under the category of Innovation in the Use of Events and a Bronze Stevie® for Innovation in Business-to-Business Events, while the “Visionaries” campaign received a Bronze Stevie® in the category of Innovation in the Use of Social Media. These accolades once again highlighted PLDT Enterprise’s relentless pursuit of excellence and innovation in the digital communication space.

“We are deeply honored by the recognition bestowed upon us at the Stevie Awards, which underscores our unwavering dedication to business excellence and innovation,” stated Mitch Locsin, First Vice President and Head of Enterprise and International Core Business at PLDT and Smart. “These awards are a testament to our expertise and steadfast commitment to propelling businesses towards success in the digital age. As we continue to garner accolades, they serve to reaffirm our role as a catalyst for transformative digital solutions within the B2B marketplace, and they celebrate our deep-rooted mission to empower enterprises across the spectrum with the tools and services necessary to thrive in an increasingly connected world.”

PH Digicon Uniting and Empowering Visionaries

PH Digicon 2023 VISION: Reimagine Tomorrow’s Enterprise was the most recent leg of the pioneering annual digital conference that once again brought together industry leaders to discuss and explore the future of digital enterprise. The convention offered a platform for businesses to reimagine their operations in the emerging digital landscape.

As the 9th edition of the widely anticipated industry event, it drew a record-breaking number of participants eager to immerse themselves in the latest technologies, hear from digital thought leaders and trailblazers, network with business experts, and participate in on-ground activities such as Digi Grounds, Digi Hub, and SME Zone, to form a shared vision on how to foster the Philippines’ digital transformation.

The event also featured the Start-Up Innovation Challenge, the final pitching and demo day for start-ups to showcase their ideas to industry experts on how to solve everyday challenges using technologies involving Internet of Things (IoT), Artificial Intelligence (AI), 5G, Smart Cities, Immersive Technologies, and Environmental, Social, and Corporate Governance (ESG). 

The event stood as a hallmark in PLDT Enterprise’s event calendar, not just for its scale but for its role in shaping the dialogue around digital transformation in the region. This year’s theme, “Reimagine Tomorrow’s Enterprise,” resonated deeply with attendees, as the event featured industry experts and thought leaders including prominent C-suite executives who shared their insights into the emerging trends and future of digital business. It served as an incubator for innovative ideas, fostering a space where technology and strategy converged to inspire businesses to embark on transformational journeys.

The success of PH Digicon 2023 VISION: Reimagine Tomorrow’s Enterprise in elevating the conversation on digital innovation is further validated by its Silver Stevie® and Bronze Stevie® Awards, marking it as a pivotal event that not only forecasts the trajectory of digital enterprise but actively contributes to its evolution.

Leading the Industry by Example

The “Visionaries” campaign, on the other hand, was a transformative movement celebrating customer success stories across diverse personas and industries, from SME founders, large enterprise leaders, local government unit partners, to international carriers. It showcased the digital transformation journeys of PLDT Enterprise’s customers and reinforced the brand’s customer-centric approach.

The Bronze Stevie® Award for Innovation in the Use of Social Media through the “Visionaries” campaign is a compelling affirmation of PLDT Enterprise’s leadership by example in the realm of digital storytelling and innovation. This prestigious award is a testament to the company’s success as a digital transformation ally for businesses, showcasing their ability to not just follow but set trends in the dynamic narrative of enterprise technology.

The “Visionaries” campaign exemplifies PLDT Enterprise’s role as an architect of change, demonstrating their expertise in crafting impactful stories that resonate with the audience and galvanize the market. As champions of digital innovation, PLDT Enterprise’s approach goes beyond traditional methods, reflecting a pioneering spirit that is essential for leaders in the digital age.

Raising the Bar for Industry and Innovation

“As we celebrate these Stevie Awards, we’re reminded that at the heart of our innovative endeavors lies our commitment to our customers,” added Locsin. “PH Digicon and the ‘Visionaries’ campaign are embodiments of our promise to propel our business partners and customers to success, ensuring that every initiative is attuned to the needs and aspirations of our clients. This commitment is not just a tagline; it’s a guiding principle that steers our journey towards a customer-centric future. Our accolades in events and digital communication stand as milestones along this path, reaffirming our pledge to support every enterprise in achieving their digital transformation goals,” he concluded.

The Asia-Pacific Stevie® Awards are renowned for recognizing innovation in all its forms across the 29 nations of the Asia-Pacific region. The wins at the Stevie Awards, alongside its recent accolades at the ANVIL and Quill Awards, further cement PLDT Enterprise’s position as a thought leader and customer-centric business in the telecommunications and digital services industry.

Download all attachments as a zip file

Continue Reading

TECHNOLOGY

SEA 2023: Cybercriminals clog business networks with financial phishing

6:36 p.m. March 18, 2024

In 2023, Kaspersky anti-phishing technologies detected nearly 500,000 attempts to follow a phishing link on businesses’ devices in Southeast Asia (SEA). Interestingly, this number only refers to phishing links related to finance matters – e-commerce, banking, and payment systems.

Phishing persuades users to take action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organization the users trust, they can more easily infect the victim with malware or steal their information.

These social engineering schemes “bait” with trust to get valuable information. This could be anything from a social media login, to your entire identity via your social security number. These schemes may urge the user to open an attachment, follow a link, fill out a form, or reply with personal information.

“Financial phishing” is a type of phishing which refers to fraudulent resources related to banking, payment systems and digital shops. Payment system phishing includes pages impersonating well-known payment brands.

From January to December last year, Kaspersky solutions detected and blocked a total of 455,708 financial phishing attempts targeting companies of various sizes in the region. The statistics reflect clicks on phishing links placed in various communication channels, including emails, fraudulent web sites, messengers, social media, etc. 

“Phishing is a trusted technique for cybercriminals when it comes to infiltrating business networks because they usually work. The rise of generative AI helps cybercriminals to make phishing messages or scam resources more convincing. As a result, it becomes challenging for people to distinguish between a scam and a legitimate communication. That’s why the role of robust security solutions increases,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. 

The Philippines logged the highest number of financial phishing at 163,279 attempts in 2023, followed by Malaysia with 124,105. Indonesia chalked up 97,465 incidents while Vietnam experienced 36,130 phishing attacks related to financial matters. Thailand and Singapore registered the least number of this threat at 25,227 and 9,502 respectively.

“Cybercriminals employ various tactics, including financial-related phishing, to deceive employees and trick them into falling victim to an attack Our recent study showed employee security violations can be as damaging as external hacking for companies in Asia Pacific which means the human factor continues to play a role in making businesses vulnerable. Tools to help safeguard against human error are a vital step forward, but they can’t exclude employee education, skills development, and overall strengthening of the company’s ability to detect and respond to cyberattacks,” adds Yeo.

To help companies protect their systems against the damages of a successful phishing attack, Kaspersky experts recommend:

  • To advance decision-makers’ understanding of the importance of cybersecurity and how best to distribute budgets to stay ahead of threats, engage them with Kaspersky Interactive Protection Simulation for enhanced C-level professional education.
  • Consider experts’ help. For example, Kaspersky Assessments family of professional services identifies security gaps in your system’s configuration, and the Security Architecture Design helps create an IT security infrastructure that’s a perfect fit for a particular company. Every step of implementation is grounded in real security needs, giving decision-makers convincing arguments to allocate budgets.
  • Install and use enterprise security solutions with anti-phishing software: The Advanced Anomaly Control feature within Kaspersky Endpoint Security for Business Advanced, Kaspersky Total Security for Business and Kaspersky Endpoint Detection and Response Optimum help prevent potentially dangerous activities that are ‘out of the norm’, both undertaken by the user and initiated by the attacker who has already seized control of the system.  
Continue Reading