Fortnite: Why Kids Love It and What Parents Need to Know

  Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend …

The post Fortnite: Why Kids Love It and What Parents Need to Know appeared first on McAfee Blogs.

Fortnite: Battle Royale

 

Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend more and more time immersed in the Fortnite realm.

Why kids love it

A few hours on Fortnite and you can easily see why kids (and adults) love it. The game drops up to 100 players onto an island, where they try to find weapons to defend themselves and try to eliminate other players. The battlefield gradually shrinks, forcing players into encounters with each other until just one player remains and becomes the winner.

Even though it’s a battle, the Fortnite characters and interface are colorful and cartoon-like and there’s no blood or gore. The game itself possesses an inherent sense of humor and personality that’s lighthearted yet still competitive. The app is free to download, but players can outfit their characters (for purchase) in an array of battle fashions and any number of fun dances.

Ultimate gaming mash-up

Fortnite: Battle Royale

One reason kids love Fortnite: Battle Royale is that it’s the perfect survival mash-up of several popular media titles: The Hunger Games movie, Call of Duty video game, the first Fortnite (Fortnite: Save the World) video game, and the game PUBG (PlayerUnknownBattlegrounds). Fortnite: Battle Royale takes elements from all of these favorite storylines and game interfaces.

The game has a lot of fun attached for sure. Fortnite’s interface and hilarious character moves can be just as much fun to watch as it is to play. However, as with any other wildly popular, multi-player video game, there are some red flags families need to be aware of.

Fortnite: What to look out for

Excessive screen time. Because of the way Fortnite is structured, kids can easily burn through hours a day if left unmonitored. Some parents have reported their kids becoming Fortnite obsessed, even addictedSuggestion: Pay attention to the amount of time your kids spend playing. If your child is playing on Xbox, PlayStation, or Switch, you can turn on parental controls to limit gaming sessions. Another option, for PC, tablets, and mobile devices, is monitoring software that allows parents to set time limits for apps and websites.Fortnite: Battle Royale

Chat feature. Fortnite is a multi-player game, which means kids play against other gamers they may not know. So, Fortnite’s chat feature carries some potential safety issues such as foul language, potentially befriending an imposter, and cyberbullying. Suggestion: Talk to your child about this aspect of the game and the dangers. Spend time and sit in on a few games and listen to the banter. Then, make the best decision for your family. To turn chat off, open the Settings Menu in the top right of the main Fortnite page, go to the Audio Tab and turn it off.

In-app purchases. Fortnite is free to download but can get expensive quickly. Kids can use virtual currency (purchased via credit card) to access animations, weapons, and outfits for their characters. These items aren’t needed to win the game, but they allow a player to express his or her personality within the game, which is especially important to kids. Some parents have reported finding hundreds of dollars in unauthorized purchases on their credit cards due to Fortnite’s array of in-app purchases. Suggestion: If you know your child is passionate about Fortnite, take away the spending temptation by blocking his or her ability to make in-app purchases. Or, set a weekly limit on purchases.

Fortnite: Battle Royale

Increased anxiety/stress levels. Fortnite’s game structure is a highly-competitive, fast-moving game that renders only one winner. This means, as a solo player, the odds are stacked against you. Play Fortnite enough, and lose enough, and rage can surface. If your child is prone to anxiety or stress, Fortnite may not be the best environment. Suggestion: Monitor your child’s mood. Discuss the emotional highs and lows potentially associated with Fortnite and put some healthy parameters — that address both the types of content and time limits — around gaming habits.

Unsure about allowing your kids to play (or continue playing) Fortnite? Talk to them about it. Join in or watch your child play. Find out what your child loves about the game and if his or her demeanor changes during or after playing. Monitor the amount of time as well. Once you’ve gathered the facts as they pertain to your child, decide how much (or how little) of the Fortnite world is best for your family.

Want to connect more to digital topics that affect your family? Stop by ProtectWhatMatters.online. Also, join the digital security conversation on Facebook.

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Fortnite: Why Kids Love It and What Parents Need to Know appeared first on McAfee Blogs.

Zika virus outbreak concerns used to spread malware

Malicious spam campaign capitalizes on the global interest in the virus to deliver JS.Downloader.

続きを読む

Malicious spam campaign capitalizes on the global interest in the virus to deliver JS.Downloader.

続きを読む

Best practices for preventing Dridex infections

Mitigating the Dridex threat at multiple levels like file, registry, url and ip address can be achieved at various layers of McAfee security products. Browse the product guidelines available here (click Knowledge Center, and select Product Documentation from the Support Content list) to mitigate the threats based on the behavior described below in the Characteristics and […]

The post Best practices for preventing Dridex infections appeared first on McAfee.

Mitigating the Dridex threat at multiple levels like file, registry, url and ip address can be achieved at various layers of McAfee security products. Browse the product guidelines available here (click Knowledge Center, and select Product Documentation from the Support Content list) to mitigate the threats based on the behavior described below in the Characteristics and symptoms section.

We build several documentations regarding DRIDEX and variants :

  1. https://kc.mcafee.com/corporate/index?page=content&id=PD25689 – W97M/Downloader
  2. https://kc.mcafee.com/corporate/index?page=content&id=PD25982 – Dridex

Basic rules on handling emails:

Email from unknown senders should be treated with caution. If an email looks strange, do the following: ignore it, delete it, and never open attachments or click on URLs.

Opening file attachments, especially from unknown senders, harbors risks. Attachments should first be scanned with an antivirus program and, if necessary, deleted without being opened.

Never click links in emails without checking the URL. Many email programs permit the actual target of the link to be seen by hovering the mouse over the visible link without actually clicking on it (called the mouse-over function).

Configuring Access Protection in VirusScan Enterprise

 Refer to the following KB articles to configure Access Protection rules in VirusScan Enterprise:

How to create a user-defined Access Protection Rule from a VSE 8.x or ePO 5.x console

How to use wildcards when creating exclusions in VirusScan Enterprise 8.x

Dridex usually copies itself into the Administrator’s Application Data folder using edge or edg with the random numeric numbers at the end, like the following examples:

On Win XP:

 C:Documents and SettingsAdministratorApplication DataLocal Settingsedge or edg[random.hex].exe

 WIN7:

C:UsersAdministratorAppdatalocaledge or edg[random.hex].exe

Users can configure and test Access Protection Rules to restrict the creation of new files and folders when there are no other legitimate uses.

Select New files being created and add the following file location in File or folder name to block:

  • [OS installed drive]Documents and Settings[administrator]Application DataLocal Settingsedge or edg[random.hex].exe

[random. hex] can be replaced with a ‘*’ thus for example you can either input edge*.tmp or edge123.tmp.

Example Access Protection Rules

Windows 7:

 Premier

 Windows XP:

Second

For the dropped DLL:

WINDOWS XP

Troisieme

Windows 7

222

Configuring Host Intrusion Prevention

  • To blacklist applications using a Host Intrusion Prevention (Host IPS) custom signature refer to KB71329.
  • To create an application blocking rules policies to prevent the binary from running refer to KB71794.
  • To create an application blocking rules policies that prevents a specific executable from hooking any other executable refer to KB71794.
  • To block attacks from a specific IP address through McAfee Nitrosecurity IPS refer to KB74650.

*** Disclaimer: Usage of *.* in access protection rules will prevent all types of files from running and being accessed from that specific location. If specifying a process path under “Processes to Include”, the use of wildcards for Folder Names may lead to unexpected behavior. Users are requested to make this rule as specific as possible.

Nouvelles technologies:

You need to know that McAfeeThreat Intelligence Exchange in cooperation with à Advanced Threat Defense can give you a very efficient protection level against DRIDEX variants. In addition through these technologies you might used IOC or IOA to find other infections sources or patient zero in your network:

https://www.youtube.com/watch?v=Wxvizasvj8k&feature=player_embedded

With TIE the rule:  Malware Dropped by Infected Microsoft Office Documents gives you a way to proactively scan and detect DRIDEX behaviors :  : https://community.mcafee.com/docs/DOC-6908

In addition McAfee Application Control gives you a full protection against DRIDEX.

Conclusion:

Even if DRIDEX infections technics are not new, this is always tricky to block all variants by only using signatures based approach.

GTI activation and samples submissions are still very efficient in order to increase the global detection level.  However the Best Approach is to build a security Connected platform and connect technologies such as TIE , ATD to work on behaviors and code analysis https://community.mcafee.com/docs/DOC-6462

This approach gives you also the ability to share the intelligence between the different component in your network and by this way to increase your global security posture.

Thanks to my colleagues, Emmanuel Flores, Vinoo Thomas and John Health.

The post Best practices for preventing Dridex infections appeared first on McAfee.

Dridex Best Practices

Limiter et protéger votre entreprise contre les attaques de type Dridex peut se faire à différents niveaux d’interception : Fichiers, Registre, URL et IP, et celà à travers plusieurs technologies des gammes de produits Intel Security. La protection contre ce type de codes malveillants extrêment volatile nécessite une approche multi niveaux et une coordination entre les différents […]

The post Dridex Best Practices appeared first on McAfee.

Limiter et protéger votre entreprise contre les attaques de type Dridex peut se faire à différents niveaux d’interception : Fichiers, Registre, URL et IP, et celà à travers plusieurs technologies des gammes de produits Intel Security. La protection contre ce type de codes malveillants extrêment volatile nécessite une approche multi niveaux et une coordination entre les différents outils.

Pour tous les détails sur DRIDEX et le downloalder l’accompagnement:

  1. https://kc.mcafee.com/corporate/index?page=content&id=PD25689 – W97M/Downloader
  2. https://kc.mcafee.com/corporate/index?page=content&id=PD25982 – Dridex

Au niveau de vos Endpoints:

Il est primordial au niveau du Endpoint de mettre en place et d’activer les détections par réputations à travers le Global Threat Intelligence sur toutes les technologies utilisées.

Il est possible de plus au regard du fonctionnement des codes DRIDEX d’activer des régles de détections au niveau de la protection d’accés de Virusscan Enterprise.

Pour plus de détails sur les étapes à suivre pour mettre en place les régles de protections ou d’alertes d’accés :

How to create a user-defined Access Protection Rule from a VSE 8.x or ePO 5.x console

How to use wildcards when creating exclusions in VirusScan Enterprise 8.x

DRIDEX présente un comportement dans lequel il se copie dans le répertoire Admin d’Application Data en utilisant le terme Edge ou edg et une valeur numérique aléatoire, voici des exemples :

Win XP:

 C:Documents and SettingsAdministratorApplication DataLocal Settingsedge or edg[random.hex].exe

 WIN7:

C:UsersAdministratorAppdatalocaledge or edg[random.hex].exe

Nos utilisateurs peuvent ainsi utiliser une régles d’Access Protection pour restreindre ou auditer la création de nouveaux fichiers ou repertoires :

Selectionner New files being created et ajouter les information suivantes : File or folder name to block:

  • [OS installed drive]Documents and Settings[administrator]Application DataLocal Settingsedge or edg[random.hex].exe

[random. hex] peut être remplacé par ‘*’ ou par un élément plus précis ce qui peut donner par exemple *.tmp ou edge123.tmp.

Example Access Protection Rules

Windows 7:

 Premier

 Windows XP:

Second

Pour la DLL droppée:

Troisieme

Il est possible aussi de bloquer des éléments de DRIDEX via Host Intrusion Prevention

  • Pour blacklister une application avec une signature personnalisée Host Intrusion Prevention (Host IPS) KB71329.
  • Pour bloquer un binaire à travers une règle KB71794.
  • Pour créer une règle qui protége contre le hooking entre executables KB71794.

*** Disclaimer: Usage of *.* in access protection rules will prevent all types of files from running and being accessed from that specific location. If specifying a process path under “Processes to Include”, the use of wildcards for Folder Names may lead to unexpected behavior. Users are requested to make this rule as specific as possible.

Au niveau des passerelles mails :

Il n’est pas nécessaire de repasser trop de temps sur les basiques mais néanmoins réenforcer l’attention des utilisateurs reste clef :

  • Ne pas ouvrir les pièces jointes venant d’expéditeur inconnu
  • Si un email parait trop intéressant, sur-vendeur, ou étrange supprimez le
  • Aucun organisme ne vous demande jamais vos coordonnées bancaires

Le renforcement des régles dans les passerelles mails permet aussi de limiter les impacts de DRIDEX via :

  • Interdiction des executables en pièces jointes
  • L’activation de la fonction : Find all macros and treat as infected

mail

Enfin formez vos utilisateurs avec des outils comme : https://phishingquiz.mcafee.com/

Nouvelles technologies:

Il est a noter que la technologie Threat Intelligence Exchange associée à Advanced Threat Defense vous permet de protéger vos employés des attaques de type DRIDEX. De plus ces technologies vous permettent aussi d’utiliser les IOCs d’autres sources afin d’augmenter votre niveau de protection global: https://www.youtube.com/watch?v=Wxvizasvj8k&feature=player_embedded

Dans TIE la régle :  Malware Dropped by Infected Microsoft Office Documents permet une anticipation de la menace, plus d’information sur : https://community.mcafee.com/docs/DOC-6908

Enfin Application Control permet une couverture optimale sur les machines.

Conclusion:

Même si les techniques utilisées par DRIDEX ne sont pas nouvelles il est toujours compliqué de bloquer toutes les variantes avec une approche uniquement basée sur les signatures. L’activation de GTI , la soumission d’échantillons permettent une amélioration significative du taux de couverture. La meilleure approche étant l’utilisation de la Sécurité Connectée à travers TIE, et ATD afin de travailler sur le comportement et découvrir les patients zéros afin de protéger le reste de l’infrastructure à travers le partage d’intelligence https://community.mcafee.com/docs/DOC-6462

Merci à mes collégues, Emmanuel Flores, Vinoo Thomas et John Health.

The post Dridex Best Practices appeared first on McAfee.