The industrial scale of surveillance of internet users is a topic we keep returning to. Every click on a website, every scroll in a mobile app, and every word you type into a search bar is tracked by dozens of tech companies and advertising firms. And it affects not only phones and computers, but also smart watches, smart TVs and speakers — even cars. As it turns out, these motherlodes of information are used not only by advertisers offering vacuum cleaners or travel insurance. Through various intermediary companies, this data is snapped up by security agencies of all stripes: police, intelligence, you name it. See here for the latest investigation into such practices, focusing on the Patternz platform and the “advertising” firm Nuviad. Previously, similar investigations probed Rayzone, Near Intelligence, and others. These companies, their jurisdictions of incorporation, and their client lists vary, but the general formula is always the same: collect and save proprietary information generated by advertising, then resell it to law enforcement agencies worldwide.

Behind the scenes of contextual advertising

We’ve already described in detail how data is collected on web pages and in apps — but not how it gets put to use. In overly simplified terms, behind every banner display or advertising link in today’s online world, there is some lightning-fast, super-complex trading. Advertisers upload their ads and audience requirements to a demand-side platform (DSP), which finds suitable sites or apps to display such advertising. The DSP then takes part in an auction for the types of advertising (banner, video, and so on) to be displayed on these sites and apps. Depending on who views the ads and how well they match the advertiser’s requirements, a particular type of ad may win the auction. This process is known as real-time bidding (RTB). During the bidding, participants receive information about the potential ad consumer: previously collected data on the individual is condensed into a brief description card. Depending on the platform, the composition of this data may vary, but a fairly typical set would be the consumer’s approximate or precise location, the device in use, the OS version, as well as “demographic and psychographic attributes” — that is, gender, age, family members, hobbies, and other topics of interest to the user.

How RTB data is used for surveillance

A 404 Media investigation found that the Patternz platform advertised to clients that it processed 90 terabytes of data daily, covering the actions of around five billion user IDs. Note that there are far fewer real users than IDs since each person can have several IDs. Because advertising is global — so too is the scope of data collection.

Collecting and analyzing the above data allows precision tracking of:

potential consumers’ movements
times when they leave or visit certain places
times when they are located close to certain people
their interests and search queries
history of changing interests
affiliation to certain segments, for example, “recently had a baby” or “just went on vacation”

This information makes it possible to discover lots of curious things: where the person is during the day and at night, who they like to spend time with, who they travel with by car and where, and masses of other personal information. As stated by the U.S. Office of the Director of National Intelligence (ODNI), such depth of data collection was previously only possible through physical surveillance or targeted wiretapping.

Is such data collection legal? Although laws vary greatly from country to country, in most cases intelligence agencies’ carrying out mass surveillance — especially with the use of commercial data — finds itself in a gray area.

Bonus game: surveillance through push notifications

There’s another unrelated, but no less unpleasant method of centralized surveillance of users. In this case, the role of treasure trove falls to Apple and Google, which send centralized push notifications to all iOS and Android devices, respectively. To save power on smartphones, almost all app notifications are delivered through Apple or Google servers; and depending on the app’s architecture, a notification may contain information that’s easy to see and of interest to third parties. It turns out that some intelligence agencies have tried to gain access to notification data. What’s more, a recent study found that a significant number of apps abuse notifications to collect data about the device (and the user) at the time the notification is received — even if the user is not in the relevant app at that moment or on their phone at all.

How to guard against surveillance through advertising

Since all of the above-mentioned companies collect data using central hubs in the shape of large ad exchanges, no amount of denylisting apps and sites will protect you from being tracked. Any banner ad, video insert, or social network advertising generates events for trackers.

The only way to achieve any meaningful reduction in the scale of surveillance is with quite radical anti-advertising measures. Not all of them are convenient or suitable for everyone, but the more tips from the list you can apply, the fewer “events” involving you will end up on the servers of Rayzone or other such companies. In a nutshell:

Use apps that don’t display ads. This doesn’t guarantee the absence of web beacons and tracking, but will at least reduce the intensity.
Block ads and tracking in web browsers. Mozilla Firefox and Safari have built-in anti-surveillance protection, while anti-spyware and anti-advertising add-ons are available for all popular browsers in the official add-on stores.
For maximum protection, turn on Private Browsing in Kaspersky Standard, Kaspersky Plus, or Kaspersky Premium.
Disable auto-downloading of images in emails.
Configure secure DNS on your smartphone, computer, and home router by specifying an ad-blocking server, say, BlahDNS.
Check your smartphone’s privacy settings. Make it a habit to reset your advertising ID at least once a month. Prevent apps from collecting data for personalized ads and showing location-based ads (Apple, Google);
Revoke permissions to access location and other sensitive data from all apps that do not require it for their primary function.
Completely disable push notifications in your smartphone settings for all apps that can do without it.

Kaspersky official blog – ​Read More

Every day, millions of ordinary internet users grant usage of their computers, smartphones, or home routers to complete strangers — whether knowingly or not. They install proxyware — a proxy server that accepts internet requests from these strangers and forwards them via the internet to the target server. Access to such proxyware is typically provided by specialized companies, which we’ll refer to as residential proxy providers (RPPs) in this article. While some businesses utilize RPP services for legitimate purposes, more often their presence on work computers indicates illicit activity.

RPPs compete with each other, boasting the variety and quantity of their available IP addresses, which can reach millions. This market is fragmented, opaque, and poses unique risks to organizations and their cybersecurity teams.

Why are residential proxies used?

The age when the internet was the same for everyone has long passed. Today, major online services tailor content based on region, websites filter content — excluding entire countries and continents, and a service’s functionalities may differ across countries. Residential proxies offer a way to analyze, circumvent, and bypass such filters. RPPs often advertise use cases for their services like market research (tracking competitor pricing), ad verification, web scraping for data collection and AI training, search engine result analysis, and more.

While commercial VPNs and data-center proxies offer similar functionalities, many services can detect them based on known data-center IP ranges or heuristics. Residential proxies, operating on actual home devices, are significantly harder to identify.

What RPP websites conveniently omit are the dubious and often downright malicious activities for which residential proxies are systematically used. Among them:

credential stuffing attacks, including password spraying, as in the recent Microsoft breach;
infiltrating an organization using legitimate credentials — using residential proxies from specific regions can prevent suspicious login heuristic rules from triggering;
covering up signs of cyberattacks — it’s harder to trace and attribute the source of malicious activity;
fraudulent schemes involving credit and gift cards. Residential proxies can be used to bypass anti-fraud systems;
conducting DDoS attacks. For example, a large series of DDoS attacks in Hungary was traced back to the White Proxies RPP;
automated market manipulation, such as high-speed bulk purchases of scarce event tickets or limited-edition items (sneaker bots);
marketing fraud — inflating ad metrics, generating fake social media engagement, and so on;
spamming, mass account registration;
CAPTCHA bypass services.

Proxyware: a grey market

The residential proxy market is complex because the sellers, buyers, and participants are not necessarily all absolutely legitimate (voluntary and adhering to best practices) – they can be blatantly illegal.  Some RPPs maintain official websites with transparent information, real addresses, recommendations from major clients, and so on. Others operate in the shadows of hacker forums and the dark web, taking orders through Telegram. Even seemingly legitimate providers often lack proper customer verification and struggle to provide clear information about the origins of their “nodes” — that is, home computers and smartphones on which proxyware is installed. Sometimes this lack of transparency stems from RPPs relying on subcontractors for infrastructure, leaving them unaware of the true source of their proxies.

Where do residential proxies come from?

Let’s list the main methods of acquiring new nodes for a residential proxy network — from the most benign to the most unpleasant:

“earn on your internet” applications. Users are incentivized to run proxyware on their devices to provide others with internet access when the computer and connection channel have light loads. Users are paid for this monthly. While seemingly consensual, these programs often fail to adequately inform users of what exactly will be happening on their computers and smartphones;
proxyware-monetized apps and games. A publisher embeds RPP components within their games or applications, generating revenue based on the traffic routed through users’ devices. Ideally, users or players should have the choice to opt in or choose alternative monetization methods like ads or buying the application. However, transparency and user choice are often neglected;
covert installation of proxyware. An application or an attacker can install an RPP app or library on a computer or smartphone without user consent. However, if they’re lucky, the owner can notice this “feature” and remove it relatively easily;
This scenario mirrors the previous one in that the user consent is ignored, but persistence and concealment techniques are more complex. Criminal proxyware uses all means available to help attackers gain a foothold in the system and hide their activity. Malware may even spread within the local network, compromising additional devices.

How to address proxyware risks in an organization’s cybersecurity policy

Proxyware infections. Organizations may discover one or more computers exhibiting proxyware activity. A common and relatively harmless scenario involves employees installing free software that was covertly bundled with proxyware. In this scenario, the company not only pays for unauthorized bandwidth usage, but also risks ending up on various ban lists if malicious activity is found to originate from the compromised device. In particularly severe cases, companies may need to prove to law enforcement that they aren’t harboring hackers.

The situation becomes even more complex when proxyware is just one element of a broader malware infection. Proxyware often goes hand in hand with mining — both are attempts to monetize access to the company’s resources if other options seem less profitable or have already been exploited. Therefore, upon detecting proxyware, thorough log analysis is crucial to determine the infection vector and identify other malicious activities.

To mitigate the risk of malware, including proxyware, organizations should consider implementing allowlisting policies on work computers and smartphones, restricting software installation and launch only to applications approved by the IT department. If strict allowlisting isn’t feasible, adding known proxyware libraries and applications to your EPP/EDR denylist is essential.

An additional layer of protection involves blocking communication with known proxyware command and control servers across the entire internal network. Implementing these policies effectively requires access to threat intelligence sources in order to regularly update rules with new data.

Credential stuffing and password spraying attacks involving proxyware. Attackers often attempt to leverage residential proxies in regions close to the targeted organization’s office to bypass geolocation-based security rules. The rapid switching between proxies enables them to circumvent basic IP-based rate limiting. To counter such attacks, organizations need rules that detect unusual spikes in failed login attempts. Identifying other suspicious user behavior such as frequent IP changes and failed login attempts across multiple applications is also crucial. For organizations with multi-factor authentication (MFA), implementing rules that trigger upon rapid, repeated MFA requests can also be effective, as this could indicate an ongoing MFA fatigue attack. The ideal environment for implementing such detection logic is offered by SIEM or XDR platforms, if the company has either.

Legitimate business use of proxies. If your organization requires residential proxies for legitimate purposes like website testing, meticulous vendor (that is, RPP) selection is critical. Prioritize RPPs with demonstrably lawful practices, relevant certifications, and documented compliance with data processing and storage regulations across all regions of operation. Ensure they provide comprehensive security documentation and transparency regarding the origins of the proxies used in their network. Avoid providers that lack customer verification, accept payment in cryptocurrencies, or operate from jurisdictions with lax internet regulations.

Kaspersky official blog – ​Read More

We’ve decided to revise our portfolio and make it as seamless and customer-friendly as possible. This post explains what exactly we’re changing and why.

The evolution of protection

As the threat landscape constantly changes — so do corporate security needs in response. Just a decade ago, the only tool required to protect a company against most cyberattacks was an endpoint protection platform (EPP). Since then, attackers’ methods have grown ever more sophisticated — to the point where simply scanning workstations and servers is no longer sufficient to detect malicious activity.

Modern cyberattacks can be carried out under the guise of legitimate processes — without the use of malware at all. Increasingly, mass threats are beginning to deploy tactics and techniques previously associated only with targeted attacks. To detect such activity and ensure proper incident investigation, companies now need to collect and correlate data from endpoints, identify suspicious activity in their infrastructure, and, most importantly, take prompt countermeasures: isolate suspicious files, halt malicious processes, and sever network connections. To adequately respond to the increased complexity of threats, other tools are now indispensable: Endpoint Detection & Response (EDR) at a minimum, and ideally — Extended Detection and Response (XDR).

Yet EDR is no replacement for EPP. These are different solutions that solve different problems. For effective infrastructure protection, they need to work in tandem. As a result, customers have found themselves having to purchase both tools to ensure an adequate level of information security. We decided to simplify this process by rolling out a new line of products that deliver the security processes necessary in today’s world — with EDR and XDR capabilities at the core.

Simplified product line

Another reason for rethinking our product line was the ever increasing variety of the solutions we offer. Customers had to study many different products, which of course takes a lot of precious time. Therefore, we decided to simplify the line and make sure that each tier of Kaspersky Next covers the main needs of particular groups (rather — profiles) of corporate users. This approach provides room for maneuver while allowing us to use resources to develop the tools necessary to hone our XDR — a single console for products that protect different assets, expanded capabilities for the integration needed for cross-detection of threats, and the launch of new products to further enhance our XDR.

Our new Kaspersky Next approach guarantees maximum transparency of our products’ capabilities. With the particular kinds of threats that are relevant to your company in mind — combined with an accurate assessment of the skill level of your security team — you can choose one of the three Kaspersky Next tiers’ basic solutions, and then expand its capabilities with, first, additional products that cover specific attack vectors, and, second, services that provide expert assistance when and where your in-house team needs it.

What about the old licenses?

We’ve no intention of abandoning customers who use our time-tested solutions. Nor do we plan to cease selling them right away. At least until the end of this year, companies have the option to buy both old and new products. In time, we’ll stop selling licenses for legacy solutions; however, we understand that abrupt migration to new software can have an impact on companies’ workflows, so we’ll continue to renew already purchased licenses as required. The retirement of legacy products won’t occur in the short term.

For customers wishing to switch from older products to the Kaspersky Next line, we offer a flexible license renewal scheme involving trade-in mechanisms.

To learn more about Kaspersky Next, please visit our official page.

Kaspersky official blog – ​Read More

Peeking into someone’s personal diaries or notebooks has always been seen as an invasion of privacy. And since to-do lists and diaries went digital, it’s not just nosy friends you have to worry about — tech companies are in on the action too. They used to pry into your documents to target you with ads, but now there’s a new game in town: using your data to train AI. Just in the past few weeks, we learned that Reddit, Tumblr, and even DocuSign are using or selling texts generated by their users to train large language models. And in light of recent years’ large-scale ransomware incidents, hacking of note-taking apps and a mass leak of user data — your data! — is a possibility you shouldn’t ignore.

So, how do you keep your digital notes both convenient and secure? Enter end-to-end encryption. You might be familiar with the concept from secure messaging apps: your messages can only be decrypted and viewed on your device and the device of the person you’re texting. The company running the service can’t see a thing because they don’t have the decryption key.

Although most users prefer note apps that come with their phones (like Apple’s Notes) or office suite (like Microsoft OneNote), these apps aren’t exactly Fort Knox when it comes to privacy. Some, like Google Keep, don’t even offer end-to-end encryption. Others, such as Apple’s Notes, support it for individual notes or folders. That’s why there are dedicated, albeit lesser-known apps for truly confidential notes. Let’s take a look at a few and see how they stack up.

Joplin

Platforms: Windows (32/64 bit), macOS (Intel/Apple Silicon), Linux, iOS, Android

Personal license: free

Sync options: proprietary Joplin Cloud, Dropbox, ownCloud, Nextcloud, OneDrive, S3, WebDAV via plug-ins

Native platform sync: starts at €2.99/month

Open format: no, but you can export to text

Open source: yes

Website: joplinapp.org

Joplin feels like it was designed by someone who likes the idea behind Evernote, but who has been put off by the bloat and closed-source nature of that app in recent years. Notes are stored in markdown text format. Joplin supports attachments, nested folders, tags, and notebooks. There are just two templates: “note” and “to-do list”. Searching is lightning fast.

Syncing between devices relies on “drivers” — basically plug-ins written for each service. Joplin’s developers maintain almost a dozen of these drivers for all the popular sync services, such as Dropbox. Smooth collaboration and extra features such as emailing a note to yourself require a subscription to the proprietary Joplin Cloud, but it’s pretty affordable. Students and teachers get a 50% discount.

End-to-end encryption is disabled by default, but once you turn it on, your entire database and all attachments are encrypted automatically. There’s a slight quirk: on a PC, the developers have made an odd architectural choice by storing attachments in both encrypted and unencrypted versions.

Joplin has over 200 plug-ins to add features, but setting them up can be a bit of a hassle.

Recently, the developers added text recognition for images. However, since notes are encrypted, the server can’t read them, so searching within photos and PDFs only works after processing the note on your computer.

Joplin can import notes in the proprietary Evernote format and export all data as sets of plaintext files.

Obsidian

Platforms: Windows (32/64 bit, ARM), macOS (Intel/Apple Silicon), Linux, iOS, Android

Personal license: free

Sync options: proprietary service, FTP, Dropbox, S3, and other services via plug-ins

Native platform sync: starts at $4/month

Open format: yes

Open source: no

Website: obsidian.md

Obsidian differs from other note-taking apps through its strong emphasis on organization. It’s super easy to link notes together, create groups and hierarchies, and even build mindmaps in canvas mode. Each note is just a text file stored locally, so you can work on any of them in other apps too.

Obsidian also has a thriving online community, which has built over 1500 plug-ins. These let you connect Obsidian to dozens of external services, handle specific types of notes (from recipes to chemical formulas), automatically process text with ChatGPT, and much more.

To sync your data between devices, you can subscribe to Obsidian’s own paid service, use a third-party plug-in, or just store your notes in a shared cloud folder on Dropbox or OneDrive. Of these, only the native Obsidian Sync service provides encryption. When you enable sync, you can choose between “managed” and “end-to-end” encryption. It goes without saying that the latter is the right choice.

You can import notes from a bunch of different formats using a dedicated plug-in created by the Obsidian team. These include Notion, Evernote, Apple Notes, Microsoft OneNote, and Google Keep.

Students and teachers get a 40% discount.

Standard Notes

Platforms: Windows (64 bit), macOS (Intel/Apple Silicon), Linux, iOS, Android, Web

Personal license: free

Sync options: native or self-hosted

Native platform sync: starts at $7.5/month ($90 billed annually)

Open format: no, but you can export to text

Open source: yes

Website: standardnotes.com

Standard Notes is built on two core principles: flexible note templates for various needs, and a high level of privacy. End-to-end sync encryption is on by default, your notes are encrypted on your device, and you need two-factor authentication to log in. Unlike its competitors discussed above, Standard Notes has a web application, so you can enjoy all of its features in a browser.

As for the note templates, you can use these to store anything you want: from code snippets and to-do lists to financial spreadsheets and even passwords. Speaking of which, Standard Notes can be used for both storing passwords and generating one-time authentication codes (TOTPs). You can even protect individual notes with an extra password for an extra layer of security.

One cool feature of Standard Notes is its “infinite undo”: according to the developers, the app keeps the edit history for each note from the moment it’s created. This might be a lifesaver when working on larger documents like a book or doctoral thesis. Standard Notes supports plug-ins, but there aren’t many to choose from.

Sync options include self-hosting a Standard Notes server or using the proprietary cloud. The Productivity plan will set you back $90 annually, or you can store and sync simple text notes with end-to-end encryption on the free Standard plan. Some of the features we mentioned are only available in the $120-per-year Professional plan, which also includes 100 GB of encrypted file storage, and subscription-sharing with up to five accounts. If you self-host, you still need to buy a license, but it comes at a heavy discount: $39 annually or $113.42 for five years. Students get a 30% discount.

Standard Notes can import data from Evernote, Apple’s Notes, Simplenote, Google Keep, or a set of plain text files.

Extra security

Of course, encryption is of no use if someone steals the data from your computer directly. Data thieves typically use a special type of malware called “infostealers”. These can snatch your files and even intercept passwords as you type them. So, in addition to one of these privacy-focused note-taking apps, make sure to use a comprehensive security system on all your smartphones and computers.

Kaspersky official blog – ​Read More

The esports industry is booming: prize pools for top tournaments have long surpassed $10 million, with peak online viewership exceeding one million. This naturally attracts hackers, who typically either steal game source-code or target individual gamers. Recently, cyberattacks have gone beyond the pale: hackers disrupted a major Apex Legends tournament.

This post explores why gamers need cybersecurity, and how they can get it.

What happened

During the final match of the North American leg of the Apex Legends Global Series (ALGS) tournament between the Dark Zero and Luminosity teams, a cheat configuration window suddenly popped up on a player’s screen. The bewildered player also gained the ability to see in-game opponents through walls (“wallhack”) — a capital offense in competitive gaming, usually punishable by a multi-year or even lifetime ban. The player was disqualified, and their team received a technical defeat.

The tournament organizers didn’t adjust the rules or implement additional security measures on players’ computers, leading to a repeat incident a few matches later: another pop-up cheat window, wallhack, and even aimbot functionality this time. At this point, the organizers suspected something was up: cheaters can indeed be found in esports, but brazenly opening a cheat window mid-game seemed beyond belief. The match was stopped, and the tournament postponed indefinitely.

Shortly after, a user nicknamed Destroyer2009 claimed responsibility on social media, stating they exploited a remote code execution vulnerability. However, the supposed culprit didn’t specify where the vulnerability resided: in Apex Legends itself, the Easy Anti-Cheat software mandatory for esports tournaments, or another program. Easy Anti-Cheat representatives declared their software secure. Gamers worldwide await a similar statement from Respawn Entertainment — Apex Legends’ developers — but so far there’s been no word; however, Respawn did announce that it has already released the first in a series of security updates.

This case is unprecedented in esports. Internet issues? Sure. Hardware problems? Those happen too. But never before has a tournament been interrupted and postponed due to hackers.

Esports needs protection

Of course, it’s premature to draw conclusions before the investigation concludes: the tactics and methods used by the attackers, the vulnerability exploited, and the software at fault all remain unknown. However, it’s likely that the Apex Legends players’ computers lacked robust protection, which could also have prevented other embarrassing situations in esports. For example, in the summer of 2023 during the Bali Major 2023 Dota 2 tournament, Russian player Ivan “Pure” Moskalenko found himself at the center of a controversy. Mid-match, Ivan accessed his own game’s Twitch stream, potentially gaining an advantage as the stream displayed both teams’ positions. Tournament organizers weren’t pleased, disqualifying the gamer and handing his team a technical defeat.

The tournament rules stipulated restricted internet access from gaming terminals during matches: only Steam, Dota 2, and TeamSpeak were allowed. But simply blocking specific websites — or all extraneous resources altogether — could have been achieved with security solutions.

Nuances of protecting esports players

Gamers often consciously reject cybersecurity, guided by the outdated belief that “antiviruses slow games down”. But the reality today is that this isn’t the case: tests show that protection has no impact on gameplay whatsoever.

Skeptics also like to cite instances where annoying antivirus notifications popped up on the screen at crucial moments during games. Our products offer a special gaming mode, which activates automatically when games (and some other applications in fullscreen mode) are launched, pausing anti-virus database updates, notifications, and scheduled computer scans. Your computer remains protected — even during the most intense esports matches, while Kaspersky Premium works in the background.

Though it’s not known for certain where exactly the RCE vulnerability used by the hacker during the ALGS tournament is hidden, we recommend that all fans of this game install reliable gaming protection on their combat computers.

And to protect your privacy while gaming, use our ultra-fast VPN — either standalone or included with a Kaspersky Premium subscription. Special VPN servers in a separate “Gaming” locations list use the optimized Catapult Hydra protocol to reduce latency, which is crucial because the lower it is, the better the gaming experience.

Kaspersky official blog – ​Read More