Blog

DNS Hijacking: How To Stop It

Did you know there is a type of hacking that can take over an entire website without encountering it directly?

DNS hijacking is dangerous because it can siphon your visitors, incoming emails, and other services before they reach your network.

DNS stands for “Domain Name System”. A good way to think about a DNS is like an online phone book, or collection of phone books. The DNS essentially provides a series of tools a browser checks, before it finally reveals the location of the server that hosts the website the user seeks to visit.

In other words, DNS is your name in the massive universe that is the Internet. It helps people find you.

How DNS Hijacking Works

DNS hijacking can subvert the resolution of Domain Name System (DNS) queries. It is often done by using malware to override a computer’s TCP/IP configuration. Then, it redirects the rogue DNS server to the control of a cyber attacker.

Another method of DNS hijacking is to modify the behavior of a trusted DNS server which then makes it not comply with internet standards.

DNS hijacking is used for both malicious purposes, such as phishing and spear phishing, or for self-serving purposes of the ISP (internet service provider) and public router-based online DNS server providers.

When used for malicious purposes, hackers can travel upstream in the digital lines of communication to build false entries, which then point visitors intending to visit a website to a false destination.

While a website typically identifies a website by its .com or .net address, the DNS must also translate the fully qualified domain name into an IP address. During this exchange of information, redirects can harm a website.

How to Protect Yourself from DNS Hijacks

Part of the problem with DNS hijacking is the hacking attempt is often difficult to detect, then combat. This type of hijacking has witnessed a bit of a reemergence of late which is unfortunate as many thought it was a thing of the past.

The good news is that while preventing some DNS hijacking is challenging, it is not impossible to stay away from. The techniques you can use to guard against DNS hijacking is comparable to other kinds of cyber attacks.

Basic preventive measures include:

●      Using well regarded security software.

●      Installing the updates and security patches as soon as they become available.

●      Avoiding clicking on suspicious links in emails or on social media.

●      Avoiding sending or receiving personal information on public Wi-Fi.

●      Leaving websites immediately that seem untrustworthy.

●      Exercising caution with Wi-Fi networks that don’t start with a terms of service before browsing the web.

Furthermore, one can protect their router by making sure the default admin username and password for the router is changed.

Improve Your DNS Security

Though some of the more basic forms of DNS hijacking are avoidable, there are other kinds that are more difficult to detect. For example, there is little you can do about a website that becomes compromised.

Consequently, there are additional measures you can take to protect your personal information. It includes the ability to implement Domain Name System Security Extensions (DNSSEC) on all your devices.

The security program allows domain owners to monitor traffic on their own domains, and therefore check for suspicious activity. A DNSSEC also presents control over registering domain zones and enabling DNS resolvers.

Change the DNS Server

Another security measure is to change the default DNS server. Computers and routers, by default, connect to the global DNS service related to the local internet service provider (ISP). A third-party DNS server, meanwhile, can take over responsibilities for routing.

Google DNS and OpenDNS are two third-party DNS routing providers, and free of charge to use. If you select another alternative make sure it is from a reputable company or nonprofit organization, because allowing control to the wrong DNS server could actually expose you to more threats, not fewer.

How do you protect mobile devices? Have you ever considered anything like a Firewall for your Android device? This should be a first line of defense any time you go online.

Encrypted Connections

Virtual Private Networks (VPNs) are software applications that encrypt web traffic, keeping your data private when connected to a network. The VPN connection takes place through an encrypted “tunnel” to ensure secure web browsing, and helps with DNS hijacking protection.

A VPN serves as a tunnel between your ISP and the host, where the information between the two endpoints cannot get hacked or stolen. A VPN is similar to third-party DNS providers.

A word of caution: not all commercial VPNs are created equal. The unfortunate misconception is that they’re all the same, but some VPNs are more effective than others. The best VPNs should have stellar reputation (which is easily discoverable online with a little searching), definitive no-logging policy, and no trace of government ties or state ownership. You should also remain aware that some VPN providers will log your browsing habits, filter network traffic, and block certain websites.

OpenVPN has one of the better reputations on the market. L2TP/IPSec is another common configuration that some invest in. There are other ways you can stop recording network activity.

Cross-Site Scripting (XSS)

When a local network gets infiltrated there are several noticeable differences. Web pages will load slower, and have a different looking presentation. It may even include replacing a popular website, such as Amazon or Google, with a fake, look-alike page.

Along with DNS hijacking, cross-site scripting (XSS) is another type of attack that is common with DNS hijacking. XSS enables criminals to obtain private information through a web browsing session.

Therefore, vigilance is crucial. Users should remain mindful of what URL the browser is pointing toward. If the domain portion of the address (which contains .net, or .com) looks unfamiliar then you need to immediately shut down the browser and double check the DNS settings.

A Final Thought

Lastly, you can get further confirmation that the website is legitimate by making sure it has a valid secure sockets layer (SSL) certificate. The SSL is indicated by the green “lock” icon in the address bar. Never enter personal information or credit card numbers to a website missing an SSL.

Blog

The Ultimate Secret Data Hog – Cryptomining Malware

Are you already a victim of this data hog?

Are you a victim of this data hog?
Sam Bocetta puts the word out about a new type of data hog and how to spot it.    Sam Bocetta is a former naval contractor and security analyst. He’s now (mostly) retired and spends his days reading the classics and fly fishing with his grandkids. Sam can be reached on Linkedin: https://www.linkedin.com/in/sambocetta/


The Ultimate Secret Data Hog – Cryptomining Malware
Malware development, like many non-malicious types of software, is subject to certain trends that are impacted by a variety of external factors outside the tech industry.

Ransomware, for example, was the cyber bogeyman of 2017 and 2018 for the following reasons:

  • Spectacular attacks on high-value targets.
  • News media headlines.
  • The modernization of traditional crimes such as hijacking, extortion and ransom.
  • Availability of leaked cyber warfare weapons and techniques developed by American intelligence agencies.
  • The use of cryptocurrencies to deliver ransom payments.
  • Ransomware-as-a-Service platforms.

In early 2019, ransomware has thankfully lost some of its shine thanks to law enforcement intervention, prosecution and reaction by the information security community; in other words, this particular malware threat is on a downtrend cycle.

As can be expected, a new threat has emerged to take ransomware’s spot on the malware scoreboard, and it goes by the names of cryptojacking or crypto mining malware.


Understanding Cryptojacking

Speaking of IT trends, let’s talk about Bitcoin trading: despite cryptocurrencies having endured more than a year of bear market conditions, they are still being bought, sold, exchanged, and mined for various reasons.

In the case of Bitcoin, the most valuable digital currency in the world, the market cap of $60 billion is sizable enough to ignore that it has plunged from an all-time high near $20,000 in late 2017 to around $3,500 and lower in early 2019. Some investors remain hopeful that a rally similar to the one experienced in 2017 could materialize this year, and miners are holding even greater hopes.

As volatile as the cryptocurrency markets are, they present significant opportunities for profit, especially for those who engage in mining of tokens. In essence, mining entails putting considerable processing power and bandwidth to work on behalf of the blockchain that supports cryptocurrencies such as Bitcoin, Ethereum, Monero, Stellar, and many others.

The blockchain is a decentralized and distributed ledger where transactions are verified and cleared through very complex cryptographic calculation; miners who perform this service can present the blockchain with “proof-of-work” performed in exchange for the potential of earning a few tokens.

Cryptocurrency mining is not a “get rich quick” scheme by any means. With valuable tokens such as bitcoin, the barriers to entry include powerful hardware with efficient cooling systems, electricity, and broadband connections. These factors are combined into rigs that feature plenty of hash power and are fully dedicated to blockchain mining work.

It should be noted that hash power can be distributed in a manner somewhat similar to the distributed ledger of blockchain networks, which means that a single computing device can generate some hash power to contribute towards a mining operation.

IMAGE: Mining Rig

In the early days of Bitcoin mining, some individuals were able to mine a few tokens by means of running mining software on their laptops; once greed kicked in and blockchain transactions became increasingly difficult because of market volatility, mining cartels emerged.

By the time malicious hackers and cybercrime groups latched onto digital currencies, the development of cryptojacking was imminent. With cryptojacking, hackers inject malicious code into computing devices for the purpose of stealing hash power, meaning processing power, bandwidth and electricity, all with the goal of surreptitiously mining tokens.

Bitcoin is not a popular cryptocurrency among cryptojacking attackers; privacy tokens such as Cardano and Monero are preferred.

How Cryptojacking Malware Works
To a certain extent, crypto mining malware shares many of the characteristics of legacy spyware in the sense that injection may take place through click-and-bait strategies or Trojan horse attacks; in other words, victims often believed that they were installing software or executing code that was not malicious.

In some cases, remote code injection of cryptojacking malware may be conducted through old-school network intrusion, which is often a more sophisticated and aggressive approach since it may involve defeating a firewall.

The most common types of cryptojacking target personal computing devices such as desktops, laptops, tablets, and smartphones. It is not unreasonable to think that smart home appliances like the Samsung Family Hub refrigerators could be next since they are equipped with a motherboard running Android and many connectivity services. These devices can be infected with in-script cryptojacking code or through JavaScript browser extensions.

As can be expected, cryptojacking attacks against business targets tend to be more powerful while at the same time being stealthier. A sophisticated cybercrime group targeting office networks or enterprise data centers may forego browser extensions and go with rootkits, remote code execution, and virtual machine hijacking. The most trailblazing and brazen attacks may utilize social engineering to gain credentials and set up fake intranet pages.

Once installed, cryptojacking malware will transform GPU and CPU resources into hash power to conduct transaction verification. According to a report published by a respected information security firm, 37 percent of corporate networks were impacted by cryptojacking activity in 2018.

More than 20 percent of business IT security departments are detecting cryptojacking attempts on a weekly basis. Companies that implement “bring your own device” policies are at greater risk.


Cryptojacking Detection

The first line of defense against cryptojacking involves monitoring network connections between devices and the internet.

Network monitoring is a security strategy widely used in the enterprise world, but it is also available on a personal computing level with smart firewall apps that notify users of suspicious activity, intrusions, high CPU usage, and unusual data. It is important to note that cryptojacking crews will not ignore mobile devices since they are powerful enough to generate hash power and contribute to their wicked trade.

Aside from monitoring and detection, cryptojacking can also be prevented with safe computing practices such as the use of virtual private networking technology. It is not unreasonable to think of public Wi-Fi hotspots being taken over by hackers for the purpose of distributing mining malware.

To this effect, always protect your computer by using standard security measures when accessing public networks: firewall protection (such as GlassWire), antivirus scanners, and any no-logging VPN service. This is especially when connecting to an enterprise network using your personal computing device, so as to avoid exposing the entire network to remote attack.

Blog

Security – It’s all about layers

Layers of computer security.

Security – It’s all about layers
by Chris Taylor, President, Ottawa PC Users’ Group

I once heard, “The only secure computer is encased in concrete and dropped in the middle of the ocean. And even then, I am not really sure.” There is no such thing as absolute computer security; it’s all about layers. If one security layer fails, you hope another layer will provide the protection you need.

In the beginning (i.e. the mid 1980s), personal computer security focussed on antivirus. The aim was to block known bad programs from running on your computer. With few personal computers networked, viruses spread slowly. Back then, antivirus signature files were updated about once a month and that actually served us pretty well.

In the 1990s, Internet connectivity grew exponentially, as did security threats. Even Microsoft understood (albeit a little late) that more than just antivirus was needed and introduced a firewall in Windows XP SP2 in August 2004.

In January 2003, the SQL Slammer worm spread to 90% of all vulnerable hosts world-wide in the first 10 minutes after release. It exploited a vulnerability for which a patch had been available for 6 months. Vulnerability management was born in the realization that few users would, or indeed could reasonably be expected to keep all their software up-to-date with security patches.
The fundamental concepts behind antivirus, firewalls, and patch management have not changed over the years. But each has become more complex.

Blocking “known bad” with antivirus signature files is arguably essential. But now, with more than 10 million new malware variants per month (https://www.av-test.org/en/statistics/malware/), it is not enough. Antivirus programs use heuristics to catch unknown malware. More and more are using real-time blocking techniques to stop new malware before you get updated virus signature files.

To this day, the firewall built into Windows (now called Windows Defender Firewall), is aimed solely at preventing unsolicited inbound connections from getting through. It eschews more advanced capabilities, such as those found in GlassWire. While people who read GlassWire’s Cybersecurity News are likely to be able to handle issues regarding computer security, Microsoft does not want to deal with even a very small fraction of their billions of users not being able to figure out if some program should be permitted to access the Internet.

Vulnerability management has evolved. Microsoft’s Windows Update service has matured since it was introduced with Windows 98. While not problem-free, Windows Update is remarkably robust. Other vendors have added self-updating capabilities and most are quite reliable. Unfortunately, a lot of vendors don’t include automatic updating capabilities. I should add that my biggest concern is about patching security vulnerabilities, not feature updates.

Secunia Personal Software Inspector, which was bought a number of years ago by Flexera, was a wonderful vulnerability management program. PSI tracked over 20,000 programs for security vulnerabilities and patches. Unfortunately, that program went end-of-life in April, 2018. I have yet to find a good replacement for PSI. Some former employees of Secunia are building a new vulnerability management program (https://vulndetect.com/), so hope remains.

Computer security goes well beyond these technical safeguards, but I think antivirus, firewalls, and vulnerability management represent the bedrock of computer security. Every computer user should embrace all three and watch for advancements in each to keep ahead of the latest threats.

About Chris Taylor:  Chris is on the Community Review Board for SAN’s OUCH! security awareness newsletter designed for everyone, and we’re excited about his second contribution to the GlassWire newsletter!

Blog

GlassWire 2.1.152 – now with Incognito Apps!

Make any GlassWire app Incognito!

Since GlassWire was first launched we have always had an “Incognito” option under our top left GlassWire menu to allow you to stop recording network activity anytime you want. You can also choose to never record network activity at all by leaving this mode on all the time.

Many GlassWire fans have asked for a way to make only certain apps “Incognito”, and now that feature is finally available! To try out this new feature with GlassWire 2.1.152, first go to the GlassWire firewall tab and click on the icon of the app that you want to make Incognito. Next click “More” then choose “Add to Incognito”.

If you want to see what apps you have that are Incognito you can go to the top left GlassWire menu and choose “Incognito” there also. To update GlassWire just download our latest installer, then install GlassWire over your previous version.

Get GlassWire 2.1.152Change List


Blog

GlassWire 2.1.137 is here with dark themes and detailed host info!

 

GlassWire fans have been requesting a dark theme for awhile, and our dark theme for GlassWire is finally here!  Upgrade now to try this major new update.

Also, have you ever seen unusual activity from a host (IP) but you were unable to determine if it’s safe or not?  We’ve now added a cool new feature to help with this situation.  Mouse over the host you’re concerned about and a circle icon with three dots will appear.  Click that icon and choose “search online” and we show detailed information about the host including VirusTotal results and much more!

Upgrade now to try our GlassWire 2.1 update FREE.

Get GlassWire 2.1.137 Now!

Blog

GlassWire’s new Android Firewall is here!

We are excited to announce that our newly updated GlassWire Android Firewall app is now available for download in Google Play!

GlassWire Android Firewall App

How does it work?
GlassWire for Android now has a brand new “Firewall” tab.  Tap the top left GlassWire menu and choose the Firewall option to get started.

With our new firewall you can block app network access completely, or block only WiFi or mobile connections. For example, if you want your browser to only use WiFi data and never use mobile data turn on the GlassWire firewall, then tap the WiFi tower icon next to the browser you want to block.

Ask to connect?
You can also block newly installed apps from accessing the network at all.  Once the firewall is on, switch the “automatically block” option on.  GlassWire will then send you a notification when a newly installed application tries to access the network.  You can then allow or deny that application immediately.  Want to block all mobile or WiFi network activity for all apps?  Tap the WiFi and Mobile icons under the “All Apps” row and block all the apps at once!

*Please note you may sometimes still get “new” notifications from blocked apps, but these connections are black-holed and never leave your device.

With GlassWire’s new mobile firewall you can block spying apps, apps inundated with pop-up ads, or data hogging apps that can make you go over your monthly data limit.  Data hogging apps can also cause your phone to have a slow Internet connection.

Unlimited themes!
If you purchase GlassWire you also get access to unlimited themes, including our dark themes.  Did you buy GlassWire themes before with our previous version?  Don’t worry!  You should still have access to all your purchased themes.  If you run into any issues please email us and we will fix it!

How is GlassWire different from other data managers or firewalls?
Did you know most other data manager apps in Google Play exist solely to collect your data usage stats, and sell your private data to third parties?  Large companies want to know what the most popular apps are in the app store, then copy their features, or even acquire them.

Have you ever wondered why another data manager app you used was using so much mobile data itself?  If you’re using another firewall or data manager please check their privacy policy.  You might be surprised that not only do they collect personal identifiable information about you, but they store your data usage stats in a database.

The difference between GlassWire and other data usage and firewall apps is that WE NEVER COLLECT YOUR PERSONAL INFORMATION!  Our GlassWire app never even accesses the network at all, so we couldn’t see your app usage information even if we were asked to under a court order.  Check out our privacy policy for more details.

GlassWire also never shows you any mobile ads that clutter up your screen or annoying sponsored pop-ups that waste your data and slow your phone to a crawl.

If you support privacy please consider buying our new Android firewall option with unlimited themes!  It’s only a few dollars and your support goes a long way to help us continue improving this app.

How much does it cost?
GlassWire for Android will continue to be free as is for unlimited use.  However, if you want to use our new firewall features it’s only a few dollars ($4.99) per year.  Your financial support allows us continue making improvements on GlassWire for Android.

If you aren’t sure you want to buy the software we include a free 30 day trial for everyone!  Everyone getting this update can try it for free for 30 days for absolutely no charge.

Please also note that GlassWire will occasionally show “new” network activity alerts with apps that are blocked by the firewall.  This is not actually a bug with GlassWire, but this is how the Android OS functions.  The Android OS sees these apps as accessing the network and may count some data used with them.  However, these apps are actually black-holed by our firewall and their connections never leave your phone.  We’ve included a note about this inside the app itself to help avoid any confusion.

Also, if you’re new to GlassWire for Android and you’re worried about our “phone” permission, technical details are here on why we have to request that permission.  We’d love to request no permissions at all if it was technically possible, but the mobile “phone” permission is required for our app to show you your mobile phone data.

Thanks for your support and we hope you enjoy our new Android firewall update with unlimited themes!

Get the GlassWire Firewall for Android now!

Blog

GlassWire 2.0 launches today!

 

We’re excited to announce that GlassWire 2.0 is now available for download.  This major update is a free upgrade for 1.0 paid users, and for free users GlassWire now includes a fully unlocked free 7 day trial!

(Run into a problem with the upgrade?  Check out these tips.)

What’s new with GlassWire 2.0?

Earlier this year you may have received a survey request from us asking what you wanted from GlassWire. We went through your survey and tried to implement as many as your requests as possible, and we hope we’ve accomplished that with GlassWire 2.0.

High DPI Support – One of the top requests from users was support for high resolution DPI monitors, and GlassWire now fully supports high resolution monitors.  You can now change your monitor resolution and GlassWire itself will change sizes to support those resolutions.  GlassWire also now has excellent dual monitor support so you can drag it between multiple monitors if you choose to do so.

Data Usage Improvements – After launching our popular Android data usage app, we found a lot of our Windows users were unhappy with how GlassWire’s usage window worked.  We changed GlassWire 2.0’s usage window to better match our Android app.  Now it’s much easier to keep track of how much data your PC is using every month.  Also, if you want to track your data usage in detail go to GlassWire’s top left GlassWire menu and choose “settings” to set up a Data Alert.  GlassWire’s Data Alerts can warn you before you go over a data usage limit.

 

Firewall Profiles – Another request we saw was a wish for firewall profiles.  Now you can go to GlassWire’s Firewall tab and click the top middle “Firewall Profiles” down arrow.  You can now create a new firewall profile and save it.  For example if you’d like an “Ask to connect” profile for public WiFi you can now set it up and save it and switch to it when you’re not at home or work.

Firewall Improvements – Many people commented on how GlassWire’s Firewall worked, and how they wanted better compatibility with the Windows Firewall.  With GlassWire 2.0 we have made our firewall rules sync with Windows firewall, plus GlassWire can check your Windows Firewall and restore it if changes are made without your knowledge.

Security Analysis – Another top request was that people wanted to know more details about the apps that were accessing the network on their PC.  You can now go to GlassWire’s settings to turn on the VirusTotal API to analyze network-related files on your PC.

 

Do you have an Evil Twin lurking about? – A new type of network attack is known as an “Evil Twin” attack.  This type of attack occurs when someone sets up a new WiFi access point with a name similar to your current WiFi access point.  GlassWire watches out for these types of attacks by warning you if the Mac address of the WiFi access point you’re on changes.  Of course if you’re using something like a mesh network with repeaters you may get occasional alerts, but as GlassWire learns these new access points over time the false alerts should stop.  Also, if the WiFi access point you’re on loses its password you’ll also be alerted.

A 7 day trial – A lot of our free users asked to have a GlassWire trial of our paid features, so we have enabled a 7 day trial that starts on installation of GlassWire.  After the trial ends GlassWire’s security features and blocking reverts to its free status (similar to GlassWire 1.0’s free version).

Ready to upgrade to GlassWire 2.0?  Give it a try now!

Download GlassWire 2.0Change ListUser guide

Having technical problems?  Check out these tips in the forum.

Are we still missing some features you’re wanting?  Now that GlassWire supports high DPI we can move faster and add more features.  We’re going through your list of requests in the survey we sent and we’re implementing them as quickly as possible.

Want more features?  Let us know what you want in the comments below!

Thank you for your support and we hope you enjoy GlassWire 2.0!

 

 

 

 

 

 

Blog

GlassWire Data Usage for Android Update

We’re excited to say we just released an update for our popular GlassWire Data Usage app for Android.  This new update includes dark themes many of you requested.  These GlassWire premium paid themes support future GlassWire development and we hope you’ll consider buying a theme or two.

This update also includes a fix for Android O so GlassWire’s persistent notification is easy to read, plus some other bug fixes.

Speaking of our persistent notification, a common question people ask us is why can’t it be disabled?  The reason for this is because Google Play requires any apps that run in the background have a persistent notification for security reasons, so the user realizes that app is running.  Our GlassWire app has to run in the background to keep track of your mobile data.  To learn more about these rules check out this web page by Google itself.  Also, if you’re wondering why we request the “phone” privilege, it’s because we have to request this to see the phone’s mobile data usage as explained here.

Thanks for all your feedback and support and please go to the top left GlassWire menu and choose “send feedback” to send us feedback or report bugs.

Get GlassWire for Android Now! 

Blog

Is your Data Usage or VPN app spying on you?

When we first started testing our GlassWire Android app against other popular data usage apps we made an upsetting discovery.  We were shocked to find that many of the data usage apps we tested were using a lot of mobile data themselves.  Our team wondered why an app that claims to help save mobile data would use so much mobile data itself.

The reason became clear once we started to look more closely at other data usage app privacy policies.  Many of these apps are made solely to log what apps you use and when, then to store that data in a database to sell to third parties.  The worst part about it was that some of these apps even seem to be storing personally identifiable information of their users.  This means that if their database was hacked not only would your app usage history be leaked, but that app usage history could be publicly linked to your identity.

After learning how these other apps were operating behind the scenes we decided to call our Android app “data usage privacy” to make it clear that with GlassWire your data and app usage never leaves your phone.  We are a privacy and security company and we make money through sales of our popular Windows security software, not by spying on our users.

Recently Facebook’s Onavo data usage app was in the Wall Street Journal due to its monitoring of its users, and according to Ars Technica the popular VPN Hotspot Shield has now had a formal complaint filed against it with the FTC.  It’s good that the media, app users, and privacy organizations are starting to take notice of privacy violations with apps and online services.

When using an app that accesses your network activity or app usage data always check its privacy policy.  If the app is free and you see no way for it to make money then you and your data might be the product.

If you want to see what apps on your phone are using your data or phoning home right now try GlassWire for Android.  With GlassWire your data never leaves your phone.  We’re working hard to add more privacy related features to our Android app in the future so you can see what other apps on your phone are doing behind the scenes.

Blog

Add zero-rated apps for your mobile data plan

A new version of GlassWire for Android is here and it lets you add zero-rated apps to your data plan.  Does your mobile phone provider let you use certain apps that don’t count towards your monthly data allocation?  If so GlassWire for Android can help.

First install GlassWire for Android, then go to the “Data Plan” screen by tapping the top left three line menu.  Look for where it says “zero-rated apps” and then pick the apps that your mobile phone company lets you use unlimited data with.  For example if your mobile provider gives you free data with Facebook or Netflix tap those apps.

Now set up your data plan and you should be good to go!

Download GlassWire for Android Now!