Love the long weekend break? Cybercriminals do, too
April 4, 2023 5:11 p.m.
There are 18 official public holidays in the Philippines. As we all know, when these dates fall close to a weekend or if the government pursues holiday economics, most Filipinos make plans in advance to take advantage of extended holiday breaks. This year, we can get to do that at least 12 times.
Unfortunately, cybercriminals get excited about holidays, too. To refresh everyone’s memory, the $81-million Bangladesh Bank heist back in 2016 is an example of a successful cyber attack, which happened on the first day of Lunar New Year, a national holiday in the Philippines and the rest of Asia.
“Now that the world has reopened, travel is back with a vengeance this year, hence the term ‘travel revenge’. Whether Filipinos are scheduling holiday trips or just staycation-ing during the long weekends, it’s important to observe simple digital security practices so you can get to sit back and relax as you take your well-deserved vacation. Security-first thinking opens doors for a more enjoyable holiday break, especially for Filipinos who are amongst the world’s most active online users,” comments Chris Connell, Managing Director for Asia Pacific at Kaspersky.
Both individuals and companies are advised to be extra mindful of personal cybersecurity best practices and internet hygiene when on a holiday.
For companies, Kaspersky suggests to:
- Conduct drills
- Stress to vacationing employees why data encryption, two-factor authentication, strong passwords, and locking devices when not in use are important.
- Discuss the steps to take if their device ends up getting stolen.
- Advise staff about charging smartphones in a wall socket, not through USBs at airports and other public places (these can be used to steal data from a device and infect it with malicious software, such as spyware.
- Educate employees about the dangers of public WIFI (and even hotel WIFI unless it is encrypted and password-protected) and how to use a secure connection such as with a VPN.
- Log out
- Terminate unnecessary VPN connections to the corporate infrastructure.
- End unnecessary sessions that employees have left on any devices for an extended period of time. This also applies to corporate messengers, web apps and any other services.
- Check that the list of employees with access to the corporate network via VPN or RDP include only authorized users. Revoke access from those who don’t need it.
- Create special “emergency” admin accounts for potential incident response over the holidays. The rights granted to regular admin accounts can even be temporarily restricted so that attackers cannot exploit them.
- Install patches for all key applications. This process is far simpler if your company uses security solutions with a built-in patch management system.
Meanwhile, Kaspersky encourages individuals to:
- Only browse trusted apps and websites and be careful about personal information you input like credit card numbers or home address.
- Do not click on links or open email attachments from travel sites when receiving confirmations. Trusted companies include such letters in the bodies of their emails. Malware is often disguised as an attached confirmation letter.
- Bring two or three or more credit or debit cards to have a backup plan in case of loss or needing to cancel one.
- Never leave valuables unattended. Put large amounts of cash and mobile devices or laptops in the hotel safe.
- Use a credit card as most have built-in protections against fraud. There is no protection against a scammer if you send them cash or even check or debit card payment in some cases. A money transfer service is not advisable.
- Ensure their devices has security software installed, ideally with anti-theft technology.
Kaspersky blocks close to 1M financial phishing attacks eyeing SEA businesses last year
March 20, 2023 9:54 p.m.
Phishing is one of the most prevalent forms of cybercrime due to the minimal effort required and the fact that it really works.
It’s usually built around an inherently simple scheme: using carefully crafted emails or notifications that mimic messages from banks, government organizations, entertainment platforms—really any service—cybercriminals can trick users into following a link to a fraudulent website and giving up their payment or personal details or even downloading malicious programs.
Kaspersky in 2022 has blocked a total of 822,536 financial phishing targeted at companies in Southeast Asia (SEA). From SMBs to large enterprises, financial phishers kept trying to infect businesses in the
region last year.
In this case, “financial phishing” refers not only to banking specific phishing but also payment systems and e-shops. Payment system phishing includes pages impersonating well-known payment brands, such as PayPal, MasterCard, American Express, Visa and others. E-shops refer to online stores and auction sites like Amazon, the Apple Store, Steam, eBay etc.
Indonesia chalked up the highest number of financial phishing incidents (208,238). Vietnam comes second with 172,694, and Malaysia recorded 120,656. Thailand logged 101,461 phishing attempts related to finances, followed by the Philippines with 52,914, and Singapore with 22,109.
“It’s interesting to see companies being targeted by financial phishing but we have to remember here that businesses, at their core, are still made up of humans. Phishing is a type of social engineering attack. Social engineering attack is dubbed as hacking of the human mind. With nine out of ten employees needing basic cybersecurity skills training, cybercriminals know that the workforce remains a loophole they can exploit easily to launch a cyberattack against a company,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
As reported, phishing email is usually the first chapter of 91% of all cyberattacks. A phishing simulation done by Kaspersky reinforced how cybercriminals trick employees into clicking malicious mails.
It showed that workers tend not to notice pitfalls hidden in emails devoted to corporate issues and online delivery problem notifications and almost one in five (16% to 18%) clicked the link in the email templates imitating these phishing attacks.
Among the other phishing emails that gained a significant number of clicks are; reservation confirmations from a booking service (11%), a notification about an order placement (11%), and an IKEA contest announcement (10%).
To prevent complex attacks, and any related financial and reputational losses caused by phishing attacks, Kaspersky recommends the following for businesses:
- Remind your employees about the basic signs of phishing emails. A dramatic subject line, mistakes and typos, inconsistent sender addresses and suspicious links;
- If there is any doubt about the received email, check the format of attachments before opening them and the link accuracy before clicking. This can be achieved by hovering over these elements – making sure the address looks authentic and the attached files are not in an executable format;
- Always report phishing attacks. If you spot a phishing attack, report it to your IT security department and, if possible, avoid opening the malicious email. This will allow your cybersecurity team to reconfigure anti-spam policies and prevent an incident;
- Supply your employees with basic cybersecurity knowledge. Education should be aimed at changing the behavior of learners and teaching them how to deal with threats. As a major cybersecurity vendor, Kaspersky possesses a relevant base of information on real attacks and continuously supplements its Security Awareness Trainings in accordance with the current threat landscape;
- Since phishing attempts can be confusing, and there’s no guarantee of avoiding all accident clicks, protect your working devices and your enterprise perimeters with a holistic expert security like Kaspersky Extended Detection and Response (XDR) platform. It provides anti-spam capabilities, tracks suspicious behavior, and creates a backup copy of your files in case of ransomware attacks. Anti-phishing protection is also included, as well as threat hunting.
Enterprises can find out more about this new platform at go.kaspersky.com/expert .
Kaspersky in Southeast Asia also has launched a Buy 1 Free 1 promo. Businesses can now enjoy two years of enterprise-grade endpoint protection for the price of 1 with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, with 24×7 phone support. Interested customers can reach out to email@example.com.
Let there be light: MR.DIY electrical tools Pinoy homeowners should have
March 11, 2023 7:37 p.m.
Being a homeowner entails being nifty at doing quick fixes. Things like leaky faucets, crooked cabinets, and regrouting tiles are just some of the common and simple home problems you can DIY. But you can also try your hand at finally overcoming your electrical-related problems at home like changing the wires or replacing switches and light bulbs.
Got the basics down but not the tools at hand? Ace your next home repairs and improvement with MR.DIY’s wide array of electrical products, including lighting, that are not only value for your money, but are only a stone’s throw away — at your nearest MR.DIY branch!
1. MR.DIY Battery Sensor Light and LED Emergency Lantern
Make it easier for you to find your way in the dark with MR. DIY Battery Sensor Light. Equipped with a motion sensor, the 6-LED light is perfect for small and out-of-the-way spaces where you don’t have access to a power outlet. With MR.DIY’s emergency lantern, you’ll always be prepared for anything! This durable, usb-powered light is also ideal for camping or outdoor use as well.
2. MR.DIY Premium 5W Daylight
Even as simple as changing a light bulb can positively impact your space and wellbeing! With the E27Daylight LED Bulb, there’s no need to worry about straining your eyes or having headaches because you have a wide light coverage just enough to fill your room.
3. Flashlights galore
MR.DIY has torches of all shapes and sizes! From handy aluminum led-light flashlights to solar-powered, and even USB-powered torches, to battery-powered, large-capacity flashlights, we have them all at your nearest MR.DIY branch!
4. Alkaline batteries of all sizes, for all needs
Give your battery-operated devices a boost with MR.DIY batteries. MR.DIY batteries are safe and long-lasting–especially designed for clocks, remote controls, electric shavers, toys, and electric toothbrushes among others.
With more than 18,000 items available, MR.DIY is the country’s favorite family and home improvement one-stop shop retailer — the place to be for your daily home fixes. These tools and other electrical items are now available at MR.DIY stores nationwide.
To learn more about MR.D.I.Y. and other exciting events, visit MR.DIY’s official website or follow /mrdiyPH on Facebook, and @mrdiy.philippines on Instagram and Tiktok for the featured promotions. Have a fast, safe, and efficient DIY shopping!
MR.DIY is the largest home improvement retailer with more than 2,000 stores across Southeast Asia including Malaysia, Thailand, Indonesia, Singapore, Brunei, Philippines, Cambodia, India, and Europe in Turkey and Spain. The home improvement retailer has dedicated itself to making a positive difference in the lives of its valued customers by offering convenience at all its stores nationwide.
All MR.DIY stores are managed directly, and the company often works in collaboration with other mass merchandise retailers or owners of malls or shopfront properties. MR.DIY stores offer a wide selection of — approximately 18,000 SKUs — across 5 major categories, namely hardware; household and furnishing; electrical; stationery and sports equipment products; and others (comprising amongst other toys, car accessories, jewelry, and cosmetics).
The company strives to put customers first by operating an innovative business that is flexible when it comes to providing a wide variety of products, good quality, and value-for-money, holding true to the company’s motto of “ALWAYS LOW PRICES”.
Meet the Evolutions of the Three First Partner Pokémon And Mysterious Pokémon Spotted in the Great Crater of Paldea!
The Pokémon Company shares the latest news about the Nintendo Switch software titles Pokémon Scarlet and Pokémon Violet.
Twenty-six years have passed since the release of the original Pokémon games—the Pokémon Red Version and Pokémon Green Version in Japan—and Trainers have adventured in many regions and discovered many Pokémon. The number of discovered Pokémon has finally surpassed one thousand with the release of Pokémon Scarlet and Pokémon Violet.
A commemorative video showcasing encounters with all 1,008 Pokémon has been released on the official Pokémon YouTube channel. Please check out the new footage in this link –
Meet the Evolutions of the Three First Partner Pokémon!
Gholdengo, Pokémon #1,000 in the National Pokédex Gholdengo, the Pokémon that falls at #1,000 in the National Pokédex, evolves from Chest Form Gimmighoul or Roaming Form Gimmighoul.
An Evolution Driven by the Sentiments of a Thousand Coins
Gimmighoul evolves into Gholdengo when it levels up after its Trainer has collected 999 Gimmighoul Coins.
Apparently, this lively and cheerful Pokémon’s body is made of a thousand coins. It is friendly to both people and Pokémon.
The Coins That Form Its Body Are Used for Both Offense and Defense
Gholdengo controls the coins that comprise its body and even uses them as weapons in battle. The coins are densely packed, making Gholdengo durable. It can absorb impacts and lessen the damage it takes by letting coins fly off from areas hit by enemies. Gholdengo can attack by firing coins from anywhere on its body.
Mischievous and Prone to Loneliness
Floragato is a mischievous show-off, desiring attention and company. If its Trainer won’t entertain it, Floragato may try to get attention by misbehaving—it might wrap its Trainer up with its vine during sleep, for example.
Skillfully Wields Its Vine and Strikes with Its Flower Bud
Floragato is intelligent and dexterous. The flower bud on its neck is on the tip of a long vine. Floragato specializes in attacking by deftly manipulating this vine to strike opponents with the hard flower bud on the end.
The leaf that was growing from the base of Floragato’s neck has become a cape.
Flower Bombs Catch Opponents Off Guard Like Magic
Meowscarada uses the fur lining its cape to reflect and scatter light, thus camouflaging the stem of its flower bomb and making it look like the flower bomb is floating in midair. Furthermore, Meowscarada can attach its pollen-packed flower bombs to various
surfaces and choose when to set them off. With skillful misdirection, Meowscarada rigs foes with flower bombs and sets them off before foes realize what’s going on.
Strong Attachment to Its Trainer
Meowscarada is prideful and likes to show off, but it’s also sensitive. This jealous Pokémon will often display a strong attachment to its Trainer, and its mood will sour if it sees another Pokémon getting its attention.
It Can Control the Egg-Shaped Fireball on Its Head
This Pokémon’s fire energy and overflowing vitality have mixed together into an egg-shaped fireball that Crocalor can maintain atop its head. In battle, Crocalor can send out the egg-shaped fireball as part of a move.
It Projects a Destructive Voice with Its Flames
The valve in this Pokémon’s flame sac is closely related to its vocal cords, and Crocalor tends to let its voice out when it breathes fire. It cannot be said that this voice is beautiful. When Crocalor tries to breathe more-powerful fire, its voice becomes more destructive, which may cause some opponents to take damage.
Its Powerful Voice Soothes All Who Hear
Skeledirge is a busybody with a caring personality. Its gentle but powerful singing voice is filled with vitality, and it soothes the hearts of all who hear it. Foes that hear Skeledirge sing are left with feelings of warmth and fulfillment, thus losing their will to battle.
An Independent Fireball Spirit
Skeledirge gained its Ghost-type powers due to the influence of the soul inhabiting its fireball. The soul in the fireball is independent, and it can change its form via the power of Skeledirge’s singing voice.
Serious and Stoic
Quaxwell has a serious and stoic disposition, and a tendency to compete with others to see whose kicks are the most graceful. It makes sure to consistently practice the fundamentals of its training wherever and whenever it can, and it observes Pokémon and people from various regions to incorporate their movements into its own dance routines.
Messy Hair Makes for a Weakened Mind and Body
The hair on Quaxwell’s head has impact-absorbing properties, so whenever an attack is incoming, Quaxwell holds a low posture and takes the blow with its head. It feels mentally and physically unwell if its hair gets messed up, so it uses gel to fix its hair immediately after getting attacked.
It Slashes at Opponents with Its Decorative Water Feathers
The strength of Quaquaval’s well-trained legs is incredible. With a light kick, this Pokémon can flip a truck. During a battle, large decorative water feathers spray like a fountain from organs at the tips of its tail feathers, and it swings these water feathers around to slash through opponents like a water-jet cutter.
Cheerful and Always Breaking Out into Dance…But It Still Has Its Stoicism
Quaquaval is cheerful and energetic, and no matter the situation, it will shake its entire body in dances that evoke far-off places. On the other hand, it is very serious about consistently polishing its skills, and during critical moments, it shows a level of concentration that would amaze onlookers.