Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites.
Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content.
The infections automatically redirect site visitors to third-party websites containing malicious content (i.e. phishing pages, malware downloads), scam pages, or commercial websites to generate illegitimate traffic.
âThe websites all shared a common issue â malicious JavaScript had been injected within their websiteâs files and the database, including legitimate core WordPress files, such as:
./wp-includes/js/jquery/jquery.min.js
./wp-includes/js/jquery/jquery-migrate.min.jsâ
âOnce the website had been compromised, attackers had attempted to automatically infect any .js files with jQuery in the names. They injected code that begins with â/* trackmyposs*/eval(String.fromCharCodeâŠââreads the analysis published by Sucuri.
In some attacks, users were redirected to a landing page containing a CAPTCHA check. Upon clicking on the fake CAPTCHA, theyâll be opted in to receive unwanted ads even when the site isnât open.
The ads will look like they are generated from the operating system and not from a browser.
According to Sucuri, at least 322 websites were compromised as a result of this new wave of attacks and were observed redirecting visitors to the malicious website drakefollow.com.
âOur team has seen an influx in complaints for this specific wave of the massive campaign targeting WordPress sites beginning May 9th, 2022, which has impacted hundreds of websites already at the time of writing.â concludes the report. âIt has been found that attackers are targeting multiple vulnerabilities in WordPress plugins and themes to compromise the website and inject their malicious scripts. We expect the hackers will continue registering new domains for this ongoing campaign as soon as existing ones become blacklisted.â
Digital banking has been a reality for quite a while now, particularly pushed forward in these last few years. Is security keeping up the pace?
Online banking and mobile banking apps have made great security strides in recent years. In fact, some of todayâs most well-respected banks are improving security measures by offering SMS or email alerts for financial transactions, multi-factor authentication, fraud monitoring and alerts, and two-step verification for large money transfers. When these features are set up correctly, they exponentially increase the security for personal banking accounts.
Unfortunately, not all consumers use these critical safeguards on their accounts. Our recent Retail Banking Survey found that 30% of those relying on a password only change it one to two times a year, and 23% admit to never changing their password. Despite banks working to improve online security protocols, consumers must also do their part in taking advantage of enhanced security features to keep their accounts safe.
What makes digital banking vulnerable the most?
Instead of physically walking into a bank to manage finances, consumers can now access their account effortlessly on a banking website or mobile app. However, since banks strive to make the digital banking experience as intuitive and frictionless as possible for users, this can also present an opportunity for hackers to access unwitting consumersâ bank accounts.
Since authenticating a consumerâs true identity is so important to the online banking experience, if a bank does not offer strong identity verification, or if consumers are not practicing proper cyber hygiene on their mobile devices and computers, they can be socially engineered into giving up access to their bank account. Considering the majority (45%) of bank customers continue to use traditional username and password to log in, as opposed to more secure methods like thumbprint (20%), facial recognition (17%) or two-factor authentication (16%), consumerâs financial information is more vulnerable than they may realize.
What are the common mistakes consumers make when using digital banking?
The biggest mistake is that many customers still use the same username and password combination to access their online bank account, as they would for other websites. Since websites are constantly being breached (and then their entire password databases are bought and sold on hacker forums), todayâs fraudsters are well-versed in testing stolen credentials to log into as many other sensitive websites (like emails, bank accounts and cloud storage accounts) as possible. This is why consumers must use a lengthy and unique password for their online banking accounts, one that can also easily be created and managed through a password manager.
Another common mistake is when consumers donât set up secure multi-factor authentication, which is necessary in protecting oneself in todayâs online world, because simple credentials can be stolen or guessed by a hacker at any time. This protocol is easy to set up and makes it exponentially more difficult for hackers to gain access to a banking account, as it requires additional security measures like FaceID and TouchID, coupled with the consumerâs login credentials, to authenticate to the online bank.
Finally, banking customers should take advantage of security alerts to keep their financial information secure. Many banks allow customers to set up monitoring and security alerts in their banking profiles, so they know when someone is either accessing their account or performing any financial transactions with their funds. This can help them take action much quicker against potential hacks, as well as keep a closer eye on their financial information.
How aware are consumers of the possible threats to their bank accounts and data and how proactive have they become in protecting them?
Many people are still not aware of how easily a fraudster can convince the average person to unknowingly give up their bank account details. Furthermore, many donât know that poor cyber hygiene on their computers and mobile devices can lead to them inadvertently exposing their personal information.
Some good cyber hygiene practices include keeping devices and all automatically installed apps up to update, installing only trusted apps from the App Store, running anti-virus software and being suspicious of unsolicited calls, texts and emails from banks.
Hackers are using fake emails, texts and phone calls to trick people into thinking their bank is directly contacting them to take some kind of âurgent action,â by coaxing them to verify fake fraudulent activity, or their personal details. Furthermore, there have been cases of fake banking apps distributed on the Google Play Store that look identical to legitimate Android banking apps, but were actually designed to steal victimsâ banking credentials.
Banks also educate their customers about the dangers of online banking, as well as actively encourage them to set up features such as multi-factor authentication and security alerts on their accounts.
Consumers should be routinely checking their bank accounts for fraudulent activity, and according to our survey, 41% people check their bank accounts almost every day. Security is a team sport, and it involves active participation by everyone involved to ensure that bank accounts remain safe. In addition to monitoring their accounts, consumers can do their part by making sure they turn on the various security features in their bank account profile.
What can banks do to strengthen their cyber resiliency while offering a satisfactory customer experience?
Banks should continue to communicate to customers how easy it is to enable multi-factor authentication and security alerts for their accounts. This will mitigate many security issues, even if the consumer decides to continue using the same credentials on their banking site, as they do on other websites.
Additionally, banks can strengthen their cyber resiliency using a superior digital insights platform, to ensure that the process and flow for setting up online banking security controls, such as multi-factor authentication and alerts, are seamless and easy to activate. This allows banks to monitor visitorsâ digital banking experience, identify and resolve specific pain points consumers face when trying to set up better security controls on their profile, either due to technical errors or confusing UX designs.
If they have any setup issues, and back out of turning features on, banks can pinpoint exactly where that occurred so they can address it, and people are more encouraged in the future to finish the setup process. Real-time monitoring of web and mobile banking applications can also help flag fraudulent activity, so that action can be taken against it and prevent it in the future.
Burpsuite, the proxy-based tool used to evaluate the security of web-based applications and do hands-on testing developed by PortSwigger. It is one of the most popular penetration testing and vulnerability finder tools and is often used for checking web application security.
Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited, on Ukrainian websites.
MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users were visiting the website the script launched a DDoS attack against ten Ukrainian sites.
The JavaScript was designed to perform thousands of HTTP GET requests to the targeted sites
The only evidence of the ongoing attack is the slowing down of the browser performance.
According to BleepingComputer, which first reported the discovery, DDoS attacks targeted pro-Ukrainian sites and Ukrainian government agencies, including think tanks, recruitment sites for the International Legion of Defense of Ukraine, and financial sites.
Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux.
Google fixed an actively exploited high-severity zero-day vulnerability with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux.
Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug, tracked as CVE-2022-1096, exploited in the wild.
The CVE-2022-1096 vulnerability is a Type Confusion in V8 JavaScript engine, the bug was reported by an anonymous on 2022-03-23.
âThe Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks.â reads the security advisory published by Google.
âGoogle is aware that an exploit for CVE-2022-1096 exists in the wild.â
At this time, Google has yet to publish technical details about the flaw ether how it was exploited by threat actors in the wild.
âAccess to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but havenât yet fixed.â continues the advisory.
CVE-2022-0609
 is the second zero-day vulnerability addressed by the IT giant this year in Chrome. In February Google fixed a high-severity zero-day flaw, tracked asÂ
CVE-2022-0609
, which was actively exploited. Google released a Chrome emergency update for Windows, Mac, and Linux to fix theÂ
Mozilla has published Firefox 97.0.2, an âout-of-bandâ update that closes two bugs that are officially listed as critical.
Mozilla reports that both of these holes are already actively being exploited, making them so-called zero-day bugs, which means, in simple terms, that the crooks got there first:
We have had reports of attacks in the wild abusing [these] flaw[s].
Access to information about the bugs is still restricted to Mozilla insiders, presumably to make it harder for attackers to get at the technical details of how to exploit these security holes.
Assuming that the existing zero-day exploits are not widely known (these days, true zero-days are often jealously guarded by their discoverers because theyâre considered both scarce and valuable), temporarily limiting access to the source code changes does provide some protection against copycat attacks.
As weâve mentioned many times before on Naked Security, finding and exploiting a zero-day hole when you know where to start looking, and what to start looking for, is very much easier than discovering such a bug from scratch.
The bugs are listed as:
CVE-2022-26485.Use-after-free in XSLT parameter processing. This bug has apparently already been exploited for remote code exection (RCE), implying that attackers with no existing privileges or accounts on your computer could trick you into running malware code of their choice simply by luring you to an innocent-looking but booby-trapped website.
CVE-2022-26486,Use-after-free in WebGPU IPC Framework. This bug has apparently already been exploited for whatâs known as a sandbox escape. This sort of security hole can typically be abused on its own (for example, to give an attacker access to files that are supposed to be off limits), or in combination with an RCE bug to allow implanted malware to escape from the security confines imposed by your browser, thus making an already bad situation even worse.
Use-after-free bugs occur when one part of a program signals its intention to stop using a chunk of memory that was allocated to itâŠ
âŠbut carries on using it anyway, thus potentially trampling on data that other parts of the program are now relying on.
What to do?
Go to the About Firefox dialog to check your current version.
If you are out of date then Firefox will offer to fetch the update and then present a [Restart Firefox] button; click the button, or exit and restart the browser, to deploy the update.
The version numbers you want are: Firefox 97.0.2 (if you are using the regular release), or Firefox 91.6.1 ESR (if you are using the extended support release), or Firefox 97.3.0 for Android.
If youâre on Android, check for updates via the Play Store.
If youâre a Linux user where Firefox is managed by your distro, check your distro creator.
Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites. The vulnerability tracked as CVE-2022-0215 is a cross-site request forgery (CSRF) issue that received a CVSS score of 8.8.
A threat actor could exploit the vulnerability to take over vulnerable websites.
The flaw impacts three plugins maintained by Xootix:
âOn November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in âLogin/Signup Popupâ, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the same vulnerability present in two additional plugins developed by the same author: âSide Cart Woocommerce (Ajax)â, installed on over 60,000 sites, and âWaitlist Woocommerce ( Back in stock notifier )â, installed on over 4,000 sites.â reads the advisory published by Wordfence. âThis flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a siteâs administrator into performing an action, such as clicking on a link.â
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
A popular WordPress SEO-optimization plugin, called All in One SEO, has a pair of security vulnerabilities that, when combined into an exploit chain, could leave website owners open to site takeover. The plugin is used by more than 3 million websites.
An attacker with an account with the site â such as a subscriber, shopping account holder or member â can take advantage of the holes, which are a privilege-escalation bug and an SQL-injection problem, according to researchers at Sucuri.
âWordPress websites by default allow any user on the web to create an account,â researchers said in a posting on Wednesday. âBy default, new accounts are ranked as subscriber and do not have any privileges other than writing comments. However, certain vulnerabilities, such as the ones just discovered, allow these subscriber users to have vastly more privileges than they were intended to have.â
The pair is ripe for easy exploitation, according to Sucuri, so users should upgrade to the patched version, v. 4.1.5.3. Marc Montpas, a security researcher at Automattic, was credited with finding the bugs.
Pick a random person, and ask them these two questions:
Q1.Have you heard of Apache? Q2.If so, can you name an Apache product?
Weâre willing to wager that you will get one of two replies:
A1.No.A2.(Not applicable.) A1.Yes.A2.Log4j.
Two weeks ago, however, weâd suggest that very few people had heard of Log4j, and even amongst those cognoscenti, few would have been particularly interested in it.
Until a cluster of potentially catastrophic bugs â originally implemented as features, on the grounds that less is never more â were revealed under the bug-brand Log4Shell, the Log4j programming library was merely one of those many components that got sucked into and used by thousands, perhaps even hundreds of thousands, of Java applications and utilities.
Log4j was just âpart of the supply chainâ that came bundled into more back-end servers and cloud-based services than anyone actually realised until now.
Many sysdamins, IT staff and cybersecurity teams have spent the past two weeks eradicating this programmatic plague from their demesnes. (Yes, thatâs a real word. Itâs pronounced domains, but the archaic spelling avoids implying a Windows network.)
Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild.
The CVE-2021-4102 flaw is a use-after-free issue in the V8 JavaScript and WebAssembly engine, its exploitation could lead to the execution of arbitrary code or data corruption.
âGoogle is aware of reports that an exploit for CVE-2021-4102 exists in the wild.â reads the advisory published by Google which did not share additional info regarding these attacks.
The vulnerability was reported by an anonymous researcher on 2021-12-09.
Google has already addressed 17 zero-day vulnerabilities in Chrome this year, below is the full list:
CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues.
Below is the list of new vulnerabilities added to the Known Exploited Vulnerabilities Catalog, which is the list of issues frequently used as attack vector by threat actors in the wild and that pose significant risk to the federal enterprise.
Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
6/10/2022
The CVE-2021-44228 flaw made the headlines last week, after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library.
The impact of the issue is devastating, thousands of organizations worldwide are potentially exposed to attacks and security experts are already reported exploitation attempts in the wild.
CISA also warns of a recently disclosed arbitrary file download vulnerability in FortiOS, tracked as CVE-2021-44168, that is actively exploited.
âA download of code without integrity check vulnerability [CWE-494] in the âexecute restore src-visâ command of FortiOS may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.â reads the advisory published by Fortinet. âFortinet is aware of an instance where this vulnerability was abused and recommends immediately validating your systems for indicators of compromiseâ
Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library.
The Log4j is widely used by both enterprise apps and cloud services, including Apple iCloud and Steam.
A remote, unauthenticated attacker can exploit the CVE-2021-44228 to execute arbitrary code on a vulnerable system leading to a complete system takeover.
The vulnerability was discovered by researchers from Alibaba Cloudâs security team that notified the Apache Foundation on November 24. According to the experts, the vulnerability is easy to exploit and does not require special configuration, for this reason, it received a CVSSv3 score of 10/10. Researchers pointed out that Apache Struts2, Apache Solr, Apache Druid, Apache Flink are all affected by this vulnerability.
Now researchers from cybersecurity firm Cybereason have released a script that works as a âvaccineâ(dubbed Logout4Shell) that allows remotely mitigating the Log4Shell vulnerability by turning off the âtrustURLCodebaseâ setting in vulnerable instances of the library.
âWhile the best mitigation against this vulnerability is to patch log4j to 2.15.0 and above, in Log4j version (>=2.10) this behavior can be mitigated by setting system property log4j2.formatMsgNoLookups to true or by removing the JndiLookup class from the classpath. Additionally, if the server has Java runtimes >= 8u121, then by default, the settings com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase are set to âfalseâ, mitigating this risk. However, enabling these system property requires access to the vulnerable servers as well as a restart.â reads the GitHub Page set up for the Log4Shell project.
Cyberreson experts pointed out that enabling these system property requires access to the vulnerable servers, and the servers have to be restarted.
The metadata stored on the file led the researchers to several WordPress database dumps, which contained multiple administrator usernames and email addresses, as well as the hashed password for the Microsoft Vancouver website.
Security researchers â us at CyberNews included â routinely use search engines that index publicly accessible Internet of Things (IoT) devices and web servers for threat intelligence. This helps us warn users and organizations that their data is being exposed and help them plug the leaks.
Back in September, while gathering intelligence on an IoT search engine, our security researchers stumbled upon a DS_STORE file that was apparently stored on a web server owned by Microsoft Vancouver.
Leaving DS_STORE files on remote web servers is dangerous because they display their folder structure, which may result in leaks of sensitive or confidential data. This is exactly what happened with the leftover DS_STORE file present on the Microsoft Vancouver web server.
âBy analyzing the file, our Investigations team was able to learn about the files hosted on the Microsoft Vancouver server, as well as several database dump files stored on the server.â
These database dumps contained multiple administrator usernames and email addresses, as well as the hashed password for Microsoft Vancouverâs WordPress website.
According to the companyâs website, Microsoft Vancouver is home to teams that work on developing a variety of Microsoft products, including âNotes, MSN, Gears of War, Skype, and mixed reality applications, both for desktop and HoloLens.â
On September 27, CyberNews researchers reached out to Microsoft Canada via their official contact email in order to report their findings and help secure the exposed file.
Unfortunately, we did not hear back from the company right away. Even though warnings from security researchers can sometimes get overlooked by large organizations, several additional emails are usually enough to break through and reach the eyes of security teams. As such, we made multiple additional attempts at contacting Microsoft via customer support email addresses and phone numbers listed on the companyâs official websites.
On December 2, public access to the DS_STORE file was finally disabled and it is no longer leaking sensitive data. After the file was secured, we reached out to Microsoft for additional comment regarding the incident but have yet to hear back.
As a resource, the internet is a wonderful place for children to learn, explore ideas, and express themselves creatively. The internet is also key in a childâs social development, helping to strengthen communication skills, for example when playing games or chatting with friends.
However, parents should be aware that all these activities often come with risks. Kids online can be exposed to inappropriate content, cyberbullying, and even predators.
While keeping an eye on what your children see and do online helps protect them against these risks, itâs not easy monitoring your kids without feeling like youâre invading their privacy. Just asking what websites they visit may give the impression that you donât trust your child.
The key to combatting any big risk is education. Itâs important for you and your children to be aware of the dangers, how to protect against them, and how to identify the warning signs. This is why weâve put together this guide, to help both you and your kids* understand how to navigate the internet safely.
*Look out for our âFor Kidsâ tips below, which you can share with your kids and teens.
A 2020 study by the Pew Research Center found that:
86% of parents of a child under age 11 limit their childâs screen time, while 75% check what their child does online.
71% of parents of a child age 11 or under are concerned their child has too much screen time.
66% of parents think parenting is harder today than it was 20 years ago, with 21% blaming social media in general.
65% of parents believe itâs acceptable for a child to have their own tablet computer before age 12.
Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers.
The CVE-2021-40438 flaw can be exploited against httpd web servers that have the mod_proxy module enabled. A threat actor can trigger the issue using a specially crafted request to cause the module to forward the request to an arbitrary origin server.
The vulnerability was patched in mid-September with the release of version 2.4.49, it impacts version 2.4.48 and earlier.
âA crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.â reads the change log for version 2.4.49.
Since the public disclosure of the vulnerability, several PoC exploits for CVE-2021-40438 have been published.
Now experts from Germanyâs Federal Office for Information Security (BSI) and Cisco are warning of ongoing attacks attempting to exploit the vulnerability.
Cisco published a security advisory to inform its customers that it is investigating the impact of the issue on its products. The issue impacts Prime Collaboration Provisioning, Security Manager, Expressway series and TelePresence Video Communication Server (VCS) products. However, the IT giant states that it is still investigating its product line.
âIn November 2021, the Cisco PSIRT became aware of exploitation attempts of the vulnerability identified by CVE ID CVE-2021-40438.â reads the security advisory published by CISCO.
The German BSI agency also published an alert about this vulnerability, it is aware of at least one attack exploiting this vulnerability.
âThe BSI is aware of at least one case in which an attacker was able to do so through exploitation the vulnerability to obtain hash values of user credentials from the victimâs system. The vulnerability affects all versions of Apache HTTP Server 2.4.48 or older.â reads the alert published by the BSI.
Dark web monitoring seems to be a hot buzzword in discussions about cyberthreat intelligence (CTI) and how it helps cybersecurity strategy and operations. Indeed, dark web monitoring enables a better understanding of an attackerâs perspective and following their activities on dark web forums can have a great impact on cybersecurity readiness and posture.
Accurate and timely knowledge of attackersâ locations, tools and plans helps analysts anticipate and mitigate targeted threats, reduce risk and enhance security resilience. So why isnât dark web monitoring enough? The answer lies in both coverage and context.
When we talk about visibility beyond the organization, one needs to make sure the different layers of the web are covered. Adversaries are everywhere, and vital information can be discovered in any layer of the web. In addition, dark web monitoring alone provides threat intelligence that is siloed and out of context. In order to make informed and accurate decisions, a CTI plan has to be both targeted, based on an organizationâs needs and comprehensive, with extensive source coverage to support diverse use cases.
Be Wherever Adversaries Are
The internet as we know it is actually the open web, or the surface web. This is the top, exposed, public layer where organizations rarely look for CTI. The other layers are the deep web and the dark web, on which some sites are accessed through the Tor browser. Monitoring the deep/dark web is the most common source of CTI. However, to ensure complete visibility beyond the organization and optimal coverage for gathering CTI, all layers of the web should be monitored. Monitoring the dark web alone leaves an organization pretty much, well, in the dark.
The Shadow Brokers is a great example of why it is important to monitor more than just the dark web. In 2016, the Shadow Brokers published several hacking tools, including many zero-day exploits, from the âEquation Group,â which is considered to be tied to the U.S. National Security Agency (NSA). The exploits and vulnerabilities mostly targeted enterprise firewalls, antivirus software and Microsoft products. The initial publication of the leak was through the groupâs Twitter account on August 13, 2016, and the references and instructions for obtaining and decrypting the tools and exploits were published on GitHub and Pastebin, both publicly accessible.
The WannaCry ransomware attack in May 2017 was also first revealed on Twitter, as were different reports on the attack. Coverage of all layers of the web is necessary, yet even with expanded monitoring of additional layers of the web, an organizationâs external threat intelligence picture remains incomplete and one-dimensional. There are additional threat intelligence sources to cover in order to get a complete threat intelligence view that is optimized for the needs of an organization. These include:
At the end of April, Appleâs introduction of App Tracking Transparency tools shook the advertising industry to its core. iPhone and iPad owners could now stop apps from tracking their behavior and using their data for personalized advertising. Since the new privacy controls launched, almost $10 billion has been wiped from the revenues of Snap, Meta Platformâs Facebook, Twitter, and YouTube.
Now, a similar tool is coming to Googleâs Android operating systemâalthough not from Google itself. Privacy-focused tech company DuckDuckGo, which started life as a private search engine, is adding the ability to block hidden trackers to its Android app. The feature, dubbed âApp Tracking Protection for Android,â is rolling out in beta from today and aims to mimic Appleâs iOS controls. âThe idea is we block this data collection from happening from the apps the trackers donât own,â says Peter Dolanjski, a director of product at DuckDuckGo. âYou should see far fewer creepy ads following you around online.â
The vast majority of apps have third-party trackers tucked away in their code. These trackers monitor your behavior across different apps and help create profiles about you that can include what you buy, demographic data, and other information that can be used to serve you personalized ads. DuckDuckGo says its analysis of popular free Android apps shows more than 96 percent of them contain trackers. Blocking these trackers means Facebook and Google, whose trackers are some of the most prominent, canât send data back to the mothershipâneither will the dozens of advertising networks youâve never heard of.
From a user perspective, blocking trackers with DuckDuckGo’s tool is straightforward. App Tracking Protection appears as an option in the settings menu of its Android app. For now, youâll see the option to get on a waitlist to access it. But once turned on, the feature shows the total number of trackers blocked in the last week and gives a breakdown of whatâs been blocked in each app recently. Open up the app of the Daily Mail, one of the worldâs largest news websites, and DuckDuckGo will instantly register that it is blocking trackers from Google, Amazon, WarnerMedia, Adobe, and advertising company Taboola. An example from DuckDuckGo showed more than 60 apps had tracked a test phone thousands of times in the last seven days.Most Popular
My own experience bore that out. Using a box-fresh Google Pixel 6 Pro, I installed 36 popular free appsâsome estimates claim people install around 40 apps on their phonesâand logged into around half of them. These included the McDonaldâs app, LinkedIn, Facebook, Amazon, and BBC Sounds. Then, with a preview of DuckDuckGoâs Android tracker blocking turned on, I left the phone alone for four days and didnât use it at all. In 96 hours, 23 of these apps had made more than 630 tracking attempts in the background.
Using your phone on a daily basisâopening and interacting with appsâsees a lot more attempted tracking. When I opened the McDonaldâs app, trackers from Adobe, cloud software firm New Relic, Google, emotion-tracking firm Apptentive, and mobile analytics company Kochava tried to collect data about me. Opening the eBay and Uber appsâbut not logging into themâwas enough to trigger Google trackers.
At the moment, the tracker blocker doesnât show what data each tracker is trying to send, but Dolanjski says a future version will show what broad categories of information each commonly tries to access. He adds that in testing the company has found some trackers collecting exact GPS coordinates and email addresses.
âYou should see far fewer creepy ads following you around online.â
âTodayâs hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.â
Human interaction online has largely moved to the cloud
Apps and browsers are used as humans connect with work, family, and friends. Cybercriminals are taking advantage of this by attacking outside of email and taking advantage of less protected channels like SMS text, social media, gaming, collaboration tools, and search apps.
Spear phishing and human hacking from legitimate infrastructure increased in August 2021, 12% (or 79,300) of all malicious URLs identified came from legitimate cloud infrastructure like including AWS, Azure, outlook.com, and sharepoint.com â enabling cybercriminals the opportunity to easily evade current detection technologies.