Share This

Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts

Thursday, August 1, 2024

SAFEGUARDING DATA IN M’SIA’S NEW ERA OF E-INVOICING

Vast potential: Digitalisation boosts growth and efficiency, but adopting strong cybersecurity measures and secure software can protect data, systems and customers. Image: Blake Wisz / Unsplashed

AS THE roll out for Malaysia’s e-invoicing mandate draws near, small businesses around the country are embarking on their digital transformation journeys.

In doing so, they unlock numerous benefits such as increased efficiency and productivity and improved customer engagement, while becoming more competitive and resilient.

This digital shift however, can also introduce significant data and security risks.

Understanding these risks is crucial to protect businesses, their data and their customers.

Data breaches and other online crimes, including hacking and financial fraud, can have disastrous effects on businesses, such as the exposure of sensitive customer information, intellectual property theft and the disruption of business operations.

These breaches in security can result in significant losses for companies, sometimes amounting to millions of ringgit.

Additionally, small businesses, often the targets of cyber-attacks because they are seen as more vulnerable, may lose valuable consumer trust and potential opportunities.

Ahead of the phased mandate launch in August, business owners can ensure they are fully prepared by understanding the key advantages and risks of e-invoicing, and take proactive measures to safeguard their business.

Security first: Cyber threats are increasingly complex and widespread. Small businesses can protect sensitive data by choosing reputable software with strong security.Security first: Cyber threats are increasingly complex and widespread. Small businesses can protect sensitive data by choosing reputable software with strong security.

Security benefits and e-invoicing considerations

Despite the risks, the shift towards e-invoicing is certain to offer businesses numerous immediate and tangible benefits.

Enhanced efficiency, reduced errors and improved transparency in financial transactions make e-invoicing more secure than manual handling and traditional invoicing practices.

With oversight from the Malaysia Digital Economy Corporation (MDEC), e-invoicing is tracked through the Peppol framework and verified in real-time, providing an additional layer of security and accountability.

Verification through Peppol ensures that invoices are authentic, preventing fraud and alterations.

This standardised network facilitates the secure and efficient exchange of electronic documents, protecting them from cyberattacks and potential data breaches.

Choose a reputable software provider

As Malaysian businesses look to adopt solutions that will enable them to comply with the upcoming mandate, prioritising reputable software providers to ensure data, privacy and security protection cannot be overstated.

In today’s digital landscape, cyber threats are pervasive and increasingly sophisticated, targeting vulnerabilities in businesses of all sizes.

By choosing established software providers known for robust security measures, small businesses can protect sensitive customer information and internal data from breaches and theft.

Reliable software providers offer regular updates, advanced encryption and compliance with regulatory standards, ensuring that businesses remain resilient against evolving cyber threats.

Additionally, this proactive approach fosters customer trust, as clients are more likely to engage with businesses that prioritise their privacy and data security.

Xero, for example, adheres to stringent security standards and compliance requirements to effectively safeguard user data.

By incorporating multi-factor authentication (MFA), user accounts and financial data remain secure and protected while Xero’s encryption protocols prevent unauthorised data access, safeguarding it from cyber threats.

With a global presence, including in countries such as the United Kingdom, United States, Singapore, Australia and New Zealand, Xero maintains a high level of cybersecurity features and compliance measures to meet regional and international standards.

The accounting platform currently supports many local businesses in streamlining processes and improving data security.

Additional precautions

In addition to leveraging the security features of cloud accounting software like Xero, Malaysian businesses can take extra precautions to safeguard their accounting data. This includes:

> Paying attention to security notices: staying informed about security alerts and notices from software providers to promptly address emerging threats.

> Reporting unusual activity: encouraging employees to report any suspicious or unusual activity related to accounting data to prevent potential security breaches.

> Deploying antivirus and anti-malware solutions: installing reputable antivirus and anti-malware software on their devices to protect against potentially malicious software.

There is no question that digitalisation presents enormous opportunities for growth and efficiency for small businesses, but with that, come some critical security risks.

By adopting cybersecurity measures and choosing software with robust protection features, small businesses can safeguard their data, systems and customers.

Proactive security management not only protects against financial losses and reputational damage but also builds trust with customers, fostering long-term business success.

Source link 

E-invoicing system set to go


PETALING JAYA: With two days to go, most of the 5,000 companies under Phase 1 of the e-invoicing rollout are raring to go and looking at a smooth takeoff, say stakeholders.

Associated Chinese Chambers of Commerce and Industry of Malaysia treasurer-general Datuk Koong Lin Loong said these companies, with an annual turnover of RM100mil and above, should not face any major hiccups when transitioning to e-invoicing on Thursday.

“They will be able to cope with the transition as these companies have the resources to do so,” he said when contacted yesterday about worries some businesses have expressed about beginning the e-invoicing process.

Asked if accounting firms acting for these companies are facing pressure in switching to e-invoicing, Koong, who is a practising auditor and licensed tax agent, said that it is unlikely.

ALSO READ: How e-invoicing affects you

“There is some misunderstanding that e-invoicing is like the Goods and Services Tax (GST), which required some companies to change their entire accounting system.

This is not the case with e-invoicing because companies are already generating invoices through email and their existing computing systems. The only difference is that their invoices will now be digitised and linked to the Inland Revenue Board (LHDN),” he added.

Koong also said that it is quite normal for businesses to express worries whenever a new system is introduced, like mobile phone and QR code payments, for instance.

ALSO READ:‘There’s time for smaller companies to learn the new system’

“There would have been a lot of complaints prior to the Covid-19 pandemic (in 2020) if businesses had been asked if ewallets could be used to make payments. They were practically non-existent.

“But nowadays such payments are widely accepted even among smaller businesses and hawkers,” he said.

Experts say the pandemic greatly sped up digital payments globally, as, for a few years, people were living mostly online.

ALSO READ:LHDN announces six-month grace period for einvoicing implementation

When it comes to e-invoicing, the driving force is efficiency in collecting taxes and stopping leakages to increase the government’s tax revenue. To further ensure a smooth transition, Koong said the LHDN has announced some flexibility and relaxation of e-invoicing regulations.

For instance, there will be no prosecution action under Section 120 of the Income Tax Act 1967 for non-compliance with e-invoicing rules, provided the business complies with consolidated e-invoicing requirements.

This means the supplier can gather all statements or bills issued and then issue a consolidated einvoice as proof of the supplier’s income, according to einvoicemalaysia.my.

ALSO READ:Are you ready for e-invoicing starting Aug 1?

Koong added that the LHDN is planning to roll out an e-invoicing mobile app and e-POS (electronic point-of-sale) system by the end of this year, free of charge for businesses to download.

Phase 2 of the e-invoicing system will be implemented on Jan 1, 2025, for companies with a turnover of below RM100mil and up to RM25mil, while full implementation under Phase 3 will begin on July 1, 2025, for businesses with an annual turnover of above RM150,000.

Malay Chamber of Commerce Malaysia secretary-general Ahmad Yazid Othman said most Phase 1 companies are ready, although some may still be facing some difficulties, especially smaller businesses that serve the larger companies under the Aug 1 rollout.

He added that companies are expecting to run into teething problems just as they did when the GST was first implemented in April 2015.

ALSO READ:The e-invoicing dilemma

“The LHDN has given its assurance of some flexibility and relaxation of regulations during the initial implementation period, and this is most welcome.

“We hope that companies will not delay implementing e-invoicing with these assurances, which will at the same time motivate other companies to speed up the transition process when their turn comes,” he said.

Ahmad Yazid, who is also a senior fellow with the Malay Economic Action Council, said the experience gained from Phase 1 of the e-invoicing process will be helpful for both the LHDN and businesses to better prepare for the coming phases next year.

Source link 

Related stories:

How e-invoicing affects you

‘There’s time for smaller companies to learn the new system’

LHDN announces six-month grace period for einvoicing implementation

Are you ready for e-invoicing starting Aug 1?

Microenterprises unprepared for e-invoicing, says Wee

The e-invoicing dilemma

Navigating e-Invoicing for SMEs

Over 5,000 applications for MyInvois access ahead of Aug 1 rollout, says LHDN

New accounting software not needed for e-invoicing

Related posts:

Planned e-invoicing will be troublesome


The e-invoice conundrum dilemma

Wednesday, August 30, 2023

When malware strikes


Knowing what to do can be the difference between a costly trip to the repair shop and a diy fix at home.

MANY of us have been there before – an accidental click or file download that leaves us worrying about whether our passwords have been stolen or our webcam has been compromised.

Or maybe it’s the system becoming slow, erratic, freezing, or crashing, which may hint that something strange is going on with your machine.

But hiring a professional can be an expensive affair, and lugging around an entire desktop computer for troubleshooting is anything but fun, so it’s best to check if you can fix the issue yourself.

Those on Windows 7 or 8 should take note that their operating system (OS) is in end-of-life status, making it especially vulnerable to malware as it no longer receives security updates.

Antivirus 101

One thing to keep in mind is that no antivirus or anti-malware tool is perfect, as one may detect a virus while another misses it completely.

Like seeing a doctor, it’s valuable to have a second opinion in the form of another software scanner. Good options include Malwarebytes, Avast Antivirus, and antivirus programs from Kaspersky.

However, the first thing you’ll want to do is download Rkill (bit.ly/rkill), a handy tool from Bleeping Computer that kills malware still resident in memory and running in the background, also known as “processes”. It will also list them in a text file.

This is vital, as active malware can attempt to trick and hide from antivirus programs.

Then do an antivirus scan – don’t use more than one at the same time, as simultaneous scans can result in the antivirus programs mistaking each other for malware.

If the scans turn up positive, potentially malicious items will be listed, and the antivirus will prompt you on what action to take, such as to quarantine or remove the affected file or folder.

It’s best practice to look up the name listed by the antivirus, as it could be a false positive.

Then switch over to the alternative antivirus tool and run another scan to cover blind spots.

If the antivirus discovered an issue and fixed it, then all is well; otherwise, you will have to get your hands dirty by engaging in a little “digital forensics”.

‘Suite up’, digital detective

Your digital forensics work will require a toolkit to analyse and understand your computer better, especially what’s causing the issue.

Our recommendation is the Sysinternals Suite (bit.ly/sysinternalssuite), a set of utilities from Microsoft that provides a detailed view of what each and every program and process is doing.

Like Rkill, Sysinternals is meant to do the same, except that you will be the one identifying, disabling, and removing the malware manually.

One of the most useful tools it contains is the Process Explorer (procexp64.exe in the Suite folder), which lists all the active processes in a system, one of which could be malware.

In Process Explorer, click on the options tab and enable the options for both “Verify Image Signatures” and “Check Virustotal.com”.

Things to look for here are processes without descriptions or verified image signatures from a third-party vendor to indicate it’s a legitimate program.

The description and signature columns may turn up blank for some Windows processes, so ignore those and focus on the ones labelled “unverified”.

Virustotal.com is a website that collates information from 75 different malware-scanning engines because, you know, who needs a second opinion when you can get 75?

If a process is legitimate, then it should have a proper description, a verified image signature from a third-party vendor (like Microsoft or Adobe), and not be flagged by any of the antivirus engines (0/75).

A side note: users looking to check if a specific file is malware can also upload it directly to Virustotal.com, though the size is limited to 650MB.

Make sure to look up each process to find out more about it before taking action, as there are many different types of malware out there, with some being more difficult to remove. There’s a shortcut to searching online included in the right-click menu to help with this. Process Explorer can also be used to uncover processes that are utilising the resources of your graphic card, RAM, and storage.

For a more granular view of what a process is doing, the Process Monitor (Procmon64.exe) tool includes details like where a process is writing a file and whether it’s making a network connection to upload something.

Do note that it is still not immune to false positives. Two of my legitimate processes are always flagged by Virustotal: Apagent.exe (for an Apple Airport Router that was repurposed as network attached storage) and Gaming services. exe (an official process from Microsoft for its video game platform and store).

When a malicious process is discovered, right-click and view its properties, which will reveal details like how it is being launched and where the file is being stored.

Like with Rkill, you will need to kill the malicious process, though some malware types run multiple processes at once so that they can restart each other as you kill them.

In this case, it’s best to “suspend” the target processes first before terminating them.

Then move on to the Autoruns (Autoruns64.exe) tool to disable it from starting up automatically when the machine turns on.

Avoid deleting the entry right away since it could be a misidentified process; instead, disable it first to confirm it is indeed malware.

Once sure, navigate to the folder hous usually ing the malware – these are “user folders” like Temp or Appdata, as administrative rights are not required for malware to access them – and delete the source file to end your woes.

Though, for more complex malware, manual removal may be difficult or downright impossisure ble, so make to check what is involved.

In the worst scenario, case there’s always the nuclear option of doing a clean install of Windows, but this will wipe out your entire system.

Source link

Related post:

DIGITAL WAVE of deception

DIGITAL WAVE of deception


Wednesday, August 20, 2014

What the hack were they up to, MH370?

Hackers target information on MH370 probe

The computers of high-ranking officials in agencies involved in the MH370 investigation were hacked and classified information was stolen.

The stolen information was allegedly being sent to a computer in China before CyberSecurity Malaysia - a Ministry of Science, Technology and Innovation agency - had the transmissions blocked and the infected machines shut down.

The national cyber security specialist agency revealed that sophisticated malicious software (malware), disguised as a news article reporting that the missing Boeing 777 had been found, was emailed to the officials on March 9, a day after the Malaysia Airlines (MAS) plane vanished during its flight from Kuala Lumpur to Beijing.

Attached to the email was an executable file that was made to look like a PDF document, which released the malware when a user clicked on it.

A source told The Star that officials in the Department of Civil Aviation, the National Security Council and MAS were among those targeted by the hackers.

"We received reports from the administration of the agencies telling us that their network was congested with email going out of their servers," said CyberSecurity Malaysia chief executive Dr Amirudin Abdul Wahab.

"Those email contained confidential data from the officials' computers including the minutes of meetings and classified documents. Some of these were related to the MH370 investigation."

About 30 computers were infected by the malware, CyberSecurity Malaysia said. It discovered that the malware was sending the information to an IP address in China and asked the Internet service provider in that region to block it.

An IP (Internet Protocol) address is a unique numerical label assigned to each device on a computer network.

"This was well-crafted malware that antivirus programs couldn't detect. It was a very sophisticated attack,'' Amirudin said.

The agency and police are working with Interpol on the incident.

CyberSecurity Malaysia suspects the motivation for the hacking was the MH370 investigations.

"At that time, there were some people accusing the Government of not releasing crucial information,'' Amirudin said. "But everything on the investigation had been disclosed."

Flight MH370 with 239 on board went missing on March 8 about 45 minutes after take-off.

Expert: Spearphishing needs a lot of planning and work


Spearphishing attacks such as the ones that targeted the Civil Aviation Department and the National Security Council require a lot of planning and work, said a cyber security expert.

These point to either a very skilled attacker or group of hackers who have the know-how to spoof an email address to make it appear as if the message is coming from a familiar sender, said Dhillon Kannabhiran.

He is chief executive of Hack In The Box which organises the annual HITBSecConf series of network security conferences.

He said that sensitive and confidential documents should always be encrypted as an added layer of security against hackers.

How sophisticated an attack was, Kannabhiran said, depended on which version of the Microsoft Windows operating system was on the victim's computer and how up to date the system security was.

By Nicholas Cheng, The Star/Asia News Network

 Related posts:


Malaysia is poised to escape the middle-income trap, but also ready to fall back into it. Normally the middle-income trap refers to count...
 
Photo taken on July 17, 2014 shows the debris at the crash site of a passenger plane near the village of Grabovo, Ukraine. A Malaysian...
Malaysia is poised to escape the middle-income trap, but also ready to fall back into it. Normally the middle-income trap refers to count...
 
Boeing has patent for autopilot tech: When it was first speculated that Flight MH370 could have been hijac...

Sunday, June 9, 2013

Malware, ransomware attacks are a growing threat to computer and mobile phone!

FORGET pickpockets or thieves. The biggest threat to your smartphone now is kidnappers cyber “kidnappers” that is, with their Ransomware.

As the name suggests, ransomware is a malware (malicious software) that will keep your phone or computer a prisoner until you pay a ransom. Only when the specified amount of money is paid will you be able to “free” your device and access data or information.

Although it is not new ransomware is said to originate from Russia in 2005 and has been attacking many computers worldwide since the Symantec Corp Internet Security Threat Report (ISTR) Volume 18 revealed that ransomware is emerging as the malware of choice because of its high profitability for attackers.

Luckily, says Symantec Malaysia's senior technical consultant David Rajoo, to his knowledge, no cases have been reported here yet.

“However, as the worldwide web has no boundaries and with increasing broadband penetration and as more users are accessing the Internet, Malaysia is certainly exposed to the Ransomware threats,” he says.

Infected machines display messages which demand payment in order to restore functionality. - David Rajoo Infected machines display messages which demand payment in order to restore functionality. - David Rajoo
Rajoo points out that awareness is key to combat ransomware threat.

As the report highlights, attackers are using deceptive links and poisoned websites to infect unsuspecting users with malicious software and lock their machines.

“The attackers, many of them cybercriminal organisations, then hold users' machines for ransom. Infected machines display messages which demand payment in order to restore functionality,” he tells.

Recent attacks have also displayed images that impersonate law enforcement.

Consumers on the Android platform are most vulnerable to ransomware and mobile threats, says the report.

Last year, mobile malware increased by 58%, and 32% of all mobile threats attempted to steal information, such as e-mail addresses and phone numbers.

Although Android has fewer vulnerabilities, its threats are higher than any other mobile operating system. Its open platform and the multiple distribution methods available to distribute malicious apps make it the go-to platform for attackers, adds the report.

With malware growing sophisticated every day, Rajoo adds, a mix of intelligence-based technologies can provide optimal security to stop new and unknown malware.

To avoid getting infected, ensure the device's software and anti-virus definitions are up to date, and avoid suspicious sites, Rajoo advises.

“We also advise users to use more than antivirus for protection. We recommend using advanced reputation security which provides layered defence. Use more than just Antivirus use a full functionality solution which includes heuristics, reputation-based, behaviour-based and other technologies,” he says, stressing that a key strategy is to fend off threats before they infiltrate your computer system.

Symantec Malaysia's Systems Engineering director Nigel Tan agrees that stopping the threat at the gate is important as cyber criminals continue to devise new ways to steal information from organisations of all sizes.

Staying ahead of attacks

“The sophistication of attacks coupled with today's information technology complexities require organisations in Malaysia and globally to remain proactive and use “defence in depth” security measures to stay ahead of attacks,” he added.

According to the annual ISTR which analyses the year in global threat activity, Malaysia was ranked 35th on its global Internet security threat profile in 2012.

As it highlights, there was a 42% surge last year in targeted attacks globally compared with the prior year.

These targeted cyberespionage attacks, designed to steal intellectual property, are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31% of these attacks.

Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques.

In a watering hole attack scenario, attackers compromise a carefully selected website by inserting an exploit resulting in malware infection. Through the compromised website, the attackers will target victims who visit the compromised site and take advantage of their software vulnerabilities to drop malware that will allow them to access sensitive data and take control of the vulnerable system.

As Symantec alerts, 61% of malicious websites are actually legitimate websites that have been compromised and infected with malicious code.

Business, technology and shopping websites were among the top five types of websites hosting infections. The shift of focus from government websites indicates an increase in attacks targeting the supply chain cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.

The attack uses the security weaknesses in the supply chain specifically the small businesses to gain access into larger and more secured companies, adds Symantec.

Case in point is that those in sales became the most commonly targeted victims last year.

Another growing source of infections on websites is malvertisements this is when criminals buy advertising space on legitimate websites and use it to hide their attack code.

Tan urges organisations to continue to take proactive initiatives to secure and manage critical information from a variety of security risks, especially targeted attacks in the manufacturing and small business sectors, mobile malware, and phishing threats.

By HARIATI AZIZAN sunday@thestar.com

Thursday, November 10, 2011

Is Your Computer Infected by DNS Malware? Seven accused in $14 million click-hijacking scam



Seven accused in $14 million click-hijacking scam

by Elinor Mills 
This graphic shows how the DNSChanger malware worked.
This graphic shows how the DNSChanger malware worked.
(Credit: FBI)
 
The U.S. Department of Justice said today that it has uncovered a large, sophisticated Internet scam ring that netted $14 million by infecting millions of computers with malware designed to redirect their Web searches to sites that generated ad revenue.

Six people have been arrested in Estonia and a Russian is being sought on charges of wire fraud and computer intrusion, the FBI said. They are accused of infecting about 4 million computers in more than 100 countries--500,000 in the U.S. alone, including NASA--with malware called DNSChanger. The malware altered the Domain Name Server settings on the computers so they could be automatically redirected to rogue DNS servers and then on to specific Web sites.



In essence, the malware hijacked the computers when certain Web searches were done, redirecting them to sites that would pay them money when people visited or clicked on ads.

"When users of infected computers clicked on the link for the official Web site of iTunes, for example, they were instead taken to a Web site for a business unaffiliated with Apple Inc. that purported to sell Apple software," an FBI statement said.

In addition, the malware would redirect infected computers searching for Netflix to a business called "BudgetMatch" and searches or the IRS to H&R Block, according to the FBI.

Defendants also allegedly replaced legitimate ads on sites with ads that triggered payments to them. For instance, they are accused of replacing an American Express ad on the Wall Street Journal home page with an ad for "Fashion Girl LA," and an Internet Explorer 8 ad on Amazon.com with one for an e-mail marketing firm.

Computers became infected with DNSChanger when they visited certain Web sites or downloaded particular software to view videos online. In addition to altering the DNS server settings, the malware also prevented antivirus and operating systems from updating, according to officials.

The defendants allegedly created companies that masqueraded as legitimate advertising publisher networks. The operation began in 2007 and ended in October with the completion of the two-year FBI investigation called "Operation Ghost Click," the FBI alleges.

The rogue DNS servers used in the operation have been replaced with legitimate servers in the hopes that infected computers will still be able to access the Internet. Owners of infected computers will need to clean the malware off their machines. People can see if their computer is infected by typing in their DNS information on this FBI Web page.

The indictment filed in the U.S. District Court of New York was unsealed today.


Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press.

 Newscribe : get free news in real time