Category : Encryption

US Government Bitcoin Ransomware Attack

5224

More than 20 municipalities in the US have been hit by ransomware attacks this year alone, the software has grown rapidly by an internet worm that spreads copies of itself by hacking into other computers on a network. These attacks can be expensive, costing not only the company, but the public time.  Especially if those targeted say they won’t pay. In 2018 hackers demanded the City of Atlanta to pay about $50,000 in bitcoin in ransomware, the city refused and the attack actually ended up costing the city about $17 million to fix the damages. These ransomware attacks have not only recently been in Atlanta but other local governments across the US demonstrate that as these attacks spread more common targets will include schools and hospitals. Can you imagine not being able to graduate or not being able to have your MRI results because all your patient files are being held by these attackers? That’s exactly what happened in Baltimore, May 7th 2019 hackers targeted and digitally seized 10,000 government computers and are demanding around $100,000 in Bitcoins to free them back up. Not only are government employees locked out and are un able to have access to their computers, files and emails, the cities public residents are effected. Services that are utilized for paying water bills are not able to be accessed, paying parking tickets, or property tax payments. Last year Baltimore’s 911 Operating System was down for about a day from a separate ransomware attack.
“Ransomware” attack, where hackers deploy malicious software to block access to or take over a computer system. The basic idea behind ransomware is simple: A criminal hacks into your computer, scrambles your files with unbreakable encryption, and then demands that you pay for the encryption key needed to unscramble the files until it forces the owner of that system to pay a ransom to get their own files back. If you have files that are very important on your computer, you might be willing to pay a lot or succumb to the demands to avoid losing them. The most effective way you can protect your computer from these ransomware attacks is to do regular backups, the malware can only encrypt and delete files that are on your computer. If you are implementing a regular backup of your files, either to an external hard drive or using an online service  and your computer is targeted then you can wipe your infected computer clean. Once clean simply reinstall its software and then restore your files from the backup copy you have. The unfortunate difficulty is most people don’t keep adequate and routine backups so they are more likely to be impacted by these attacks so negatively.

Significant Security Flaws

Big name companies have made public this week some major security flaws in their devices. While it is not uncommon for companies to disclose information on potential vulnerabilities, this week the sheer number growing rapidly seems shocking.

Microsoft is trying to prevent the outbreak of a computer system bug. A serious flaw in Windows 7, Windows XP, and Windows Server 2003 and 2008 systems. Which can be exploited to create malware that is capable of automatically spreading from one vulnerable machine to another. Microsoft is urging those running older Windows systems to patch their machines. However, Windows 8 and Windows 10 are immune from the threat.

Intel found a susceptibility in every chip manufactured since 2011, which using 4 different bugs would steal data from victims processor. Cisco’s 1001-X router can be compromised using 2 different bugs, which would gain access to the router, then to administrative privileges on the device. This poses some wide range implications with just how marketed both commercial and residential Cisco products are.  WhatsApp, an encrypted messenger service owned by Facebook has its own vulnerabilities by hackers implanting spyware onto a victims phone via Voice Call (even without you answering the call).

Luckily, these companies let it be known that they will be releasing patches, or make sure you download the latest version for your peace of mind.

The Best VPN Services of 2018

“A virtual private network is the best way to stay anonymous online and to secure your web traffic. We’ve tested more than 50 VPNs, and these are our top performers” stated PC Mag’s, Max Eddy

Best VPN Services of 2018

 

What Is a VPN?

In the simplest terms, a VPN is used to create a secure, encrypted connection—which can be thought of as a tunnel—between your computer and a server operated by the VPN service. In a professional setting, this tunnel makes you part of the company’s network, as if you were physically sitting in the office—hence the name.

While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN.

Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN service, you are essentially driving into a closed parking garage, switching to a different car, and driving out, so that no one who was originally following you knows where you went.

VPNs Keep You Safe Online

Have you become so comfortable with the idea of transmitting your data via Wi-Fi that you’ve stopped worrying about the safety of said data—and of who else might be looking at it? You’re not alone. In fact, you’re probably in the majority. That’s a huge privacy and security problem. Public Wi-Fi networks, which are commonplace and convenient, are unfortunately also highly convenient for attackers who are looking to compromise your personal information. When even your ISP is allowed to sell your browsing history it’s time to begin thinking about protecting your data. That’s where virtual private networks, or VPNs, come in.

 

Who Needs a VPN?

The protection provided by a VPN offers users many advantages. First and foremost, it prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. VPNs also cloak your computer’s actual IP address, making it harder for advertisers (or spies, or hackers) to track you online.

 

How to Choose a VPN Service

The VPN services market has exploded in the past few years, and a small competition has turned into an all-out melee. Many providers are capitalizing on the general population’s growing concerns about surveillance and cybercrime, which means it’s getting hard to tell when a company is actually providing a secure service and when it’s throwing out a lot of fancy words while selling snake oil. In fact, since VPN services have become so popular in the wake of Congress killing ISP privacy rules, there have even been fake VPNs popping up, so be careful. It’s important to keep a few things in mind when evaluating which VPN service is right for you: reputation, performance, type of encryption used, transparency, ease of use, support, and extra features. Don’t just focus on price, though that is an important factor.

____________________________________________________________________

For the original content, please visit:

PCMag.VPN2018

Keep Conversations Private with End-to-End Encryption Messaging

facebook-messenger-encryption1

Messaging is one technological advance that most cannot live without. But most of us would like to rest assured that what we type will be for the eyes of the receiver only, and not a mysterious third party. Regardless of paranoia or worry about hacking, encryption is a sure fire way to protect messages as they leave your finger tips. End-to-end encryption ensures that only the sender and the recipient can read the message. The message is first encrypted on your phone, then sent, and decrypted on the receiving side. Telecom providers, government agencies, and the company that hosts the service itself, cannot read your messages. The provider couldn’t even hand over messages if subpoenaed, because the provider would not have the ability. Hackers that infiltrate the service platform still would not be able to read your encrypted messages.

This sounds almost too good to be true, and not all encryption services are created equal. Encrypted, does not imply end-to-end encryption. Services that encrypt messages between endpoints of transmission, means that conversations are stored encrypted on the platform’s servers, which is not entirely bad. However, since the platform encrypted them they can also decrypt them.

The best end-to-end encryption services on the market today are as follows:

Telegram – Has been around for a while now, which might aid with the biggest hang up on the app, inviting all your friends to join. This over-the-top service does not have the ubiquity of SMS messaging. The app does allow for individual messaging, group messaging for an unlimited number of users, or even public group messaging for a social network feel.

Signal – This is one of the easier applications to set up, automatically authenticating your phone number. It can be used as your default SMS application as well, eliminating hurdles found with over-the-top services. The color custimization for conversations helps with communication clarity, aka not sending the wrong text to the wrong conversation. In addition to private conversations and group conversations with unlimited users, this application also makes calls.

Wire – Wire is a cool alternative for the user that wants message encryption and creative license. The application allows for doodling, location sharing, image sending, and video recording. Despite the feature initiatives, the application doesn’t support some of the escalated group messaging features, and is best used for private one-on-one conversations.

WhatsApp – By far the most popular, this application offers end-to-end encryption and the lure of over a billion users. Hopefully meaning less people you have to convince to install and use a different messaging service. The application is owned by Facebook, which just recently announced they would be using phone numbers and some other account information from  WhatsApp. Hmm. Despite worry, the application proves to be a user friendly messaging alternative.


If you would like to learn more about the information presented in this blog post please visit: www.networkworld.com

Pegasus Spyware Detected – Upgrade to iOS 9.3.5 ASAP

Pegasus2Pegasus

Malware that spies on user phone calls and text messages, has been alleviated thanks to the latest iOS mobile operating system upgrade, and the wise proceedings of a human rights activist. Canadian cyber security research group, Citizen Lab, published a report that a human rights activist, Ahmed Mansoor, received a text message with a malicious malware link attached. Thankfully Mansoor was not tempted to click on the link.

Rather he passed the link to Citizen Lab where researchers identified the correlation between the link and the NSO Group, an Israeli company notorious for selling a government-exclusive spyware product, Pegasus, that is described as a “lawful intercept”. Most have dubbed this the most sophisticated spyware software detected and Apple, Android and Blackberry smartphone users are the target. The main difference between this malware and others is Pegasus’s ability to infect the powerhouse of the operating system, the kernel of the phone. This allows the software to intercept any conversation before encryption ever takes place, so encrypting such apps proves pointless against Pegasus. The link would have been capable of jail breaking the iPhone and installing surveillance software used to access the camera and microphone. Mansoor’s WhatsApp and Viber calls would have been especially vulnerable in addition to his GPS location services.

Citizen Lab wrote in its report that “[w]e are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign.”

Last Thursday Apple released the latest version of iOS 9.3.5, which I highly advise upgrading to if you have not already done so. The update improves how iOS devices access memory and adds a patch that prevents visits to maliciously crafted websites from remotely executing arbitrary code.

Phew.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com 

Why You Need to Deploy Encryption and How

encryption

Encryption is the transformation of data from plain text to ciphertext. In other words, basically taking data that is easy to read and placing it into a riddle that has no rhyme or pattern so that only those that know the riddle, can read your data. Still with me?

Encryption alone is not enough to guarantee the safety of your data. An endpoint protection software is necessary to monitor for malware, especially making sure you aren’t hit with ransomware which will most certainly blackmail you for the encryption key, bringing us back to square one. It is known however, that hackers don’t particularly like encrypted data, and are much less likely to continue along once they learn you’ve employed encryption throughout your business.

“The best reason to encrypt your data is that it lowers your value,” said Mike McCamon, President and CMO at SpiderOadk. “Even if [attackers] got in, all the data stored is encrypted. They’d have no way to do anything if they downloaded it.”

Passwords are a great start, but lets take it one step further. If an attacker were to get into your network they most likely can navigate around and find where all your passwords are kept, again back to square one. No point in a password if hackers can find it without breaking a sweat. Password encryption allows you to put an extra layer of protection on your passwords. Any password you use to log in to a portal, will be encrypted as soon as you press Enter. The password will be scrambled and saved on your company’s endpoint in the same matter explained above, a riddle so to speak. The only way to get past the encryption is to have the encryption key.

Protect the house, with database and server encryption. Anyone who can gain access to your network can see information in plain text. If the house of all your data is in plain text, that is a surefire road to disaster.

Secure Sockets Layer (SSL) Encryption  protects the transfer of data from the browser to the website. This will encrypt and protect the data employees and clients exchange via browsers to your company website. This is a safeguard against the interception of information as it is being transferred from the browser to the endpoint. However, once the data has reached your company server the information will be in plain text, and yet another encryption method should be used.

Email identity encryption provides employees with a complex key, known as a Pretty Good Privacy (PGP) key. This key is given to all email recipients, so that if and possibly when one of your clients receives an email without the decryption prompt, such as one claiming to be from your company’s CEO, the client knows to ignore the email.

Device Encryption is critical to the safety of your organisation. Device encryption should be required of all employees. IT management can significantly help in this process, and can also set up mobile device management software for all mobile devices. This will protect your employees and your business from avoidable and preventable vulnerability.

End-to-End and Zero-Knowledge Encryption is the most comprehensive form of encryption. Before your data can reach the end-point it is manipulated, jumbled, bamboozled – including all log ins, device passwords, application information, files. The only way to decipher the code and gain access to the information is with an encryption key that only your IT management company has, along with the software company that works to encrypt the data.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com

Undetected Hacker Group Spying Since 2011…

Russia

Strider hackers reference the all-seeing eye of Sauron in their ‘nation-state level’ malware, which has been used to steal files from organisations across the globe. Unknown hacker group, ‘Strider’, has just been discovered by cyber-security researchers at Symantec. Strider hackers are referencing the all-seeing eye of Sauron in the groups ‘nation-state level’ malware in use currently to steal files from organisations all over the world. Apparently the group has aimed their malware at those that would be of potential interest to a nation state’s intelligence services.  The Remsec malware is mainly targeting organisations in Russia, however the group has infected airline systems in China, an embassy in Belgium, and a large organisation in Sweden, who’s name could not be confirmed. The malware in use is designed to infect a system and open a backdoor where it logs keystrokes and steals files.

 

The malware has been in operation since October 2011, but avoided detection by the majority of antivirus systems for nearly five years. Only 36 infections have been reported in these five years, but the nature and capability of the malware in terms of stealth and detection is rather unsettling. Components that make up Remsec are built as “BLOBs”, which stands for Binary Large Object, collections of binary data which are often difficult for antivirus security software to detect. The malware is deployed across a network rather than stored on a disk, which makes it increasingly had to detect.

A deeper look in the modules of the malware found the modules are written in the Lua programming language. This embedded scripting language is used to perform various functions and processes. In the case of Remsec, these functions include key logging and the code that contains references to the all-seeing eye of Sauron from the Lord of the Rings. The use of Lua modules leads security researchers to believe that Strider may have connections to the Flamer hacking group, known for using this type of programming in it’s malware. Another lead could be the connection the the infamous Regin malware. One of the victims of the Remsec malware had also been the victim of Regin malware. That poor machine!

 

The nature of the malware, combined with the coding and programming, leads security researcher to believe that the Strider group are highly proficient technically in the development of malicious software, and very well could escalate to a nation-state level attacker.

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

How to scrub data from your device

Delete

You may be surprised to hear that “Delete” is not an end all function for wiping data clean from your machine. To ensure you data doesn’t get into the wrong hands, perform a secure erase. Whether you are selling an old computer or just want to wipe some sensitive data off your machine completely, Secure Erase is an easy way to get the job done.

SECURE ERASE

When you hit Delete, you most likely expect that all of your data is actually deleted. Unfortunately, this is not the case. Delete doesn’t actually delete your data, what this function does is erase a file’s reference information in the disk directory and marks the blocks as free for reuse. Your operating system might not be able to see it, but your data is still there deep down. Hence the use of file recovery programs, these programs look for blocks that the directory says are not in use, and searches for your data. There is something called bad blocks as well, which is when data is left from partly overwritten blocks, and other actions. Secure Erase command overwrites every track on the disk, meaning, there is no data recovery from a Secure Erase. This is great for data security if you know what you are doing, which most of us don’t, which is why the Secure Erase command has been disabled on most motherboards.

ENCRYPT, REFORMAT, ENCRYPT.

Deleting the last little bit of your data can be easier than you think with the right knowledge. Windows uses an encryption tool called BitLocker, which usually requires a system with a Trusted Platform Module (TPM) chip. Without a TPM you won’t be able to access BitLocker or when you attempt to access BitLocker it will pop up with an error message. Full disk encryption is built into Windows and Mac OS X.

To try BitLocker, go the Control Panel, click System and Security, and then click on BitLocker Drive Encryption. Select the drive and start the process. Encryption will take hours on a large disk, but you should be able to do other work on the system while encryption completes. – Robin Harris, writer for Storage Bits

In order to perform this on a Mac, you will need to access the Mac OS File Vault 2 (10.7 and later) function. Open System Preferences, Find Security and Privacy, and FileVault. Choose Turn On FileVault, select a password option, enable any other accounts you want to access the drive – in this case none – and click Restart. The encryption process will begin and, like Windows, will take some hours if you have a large drive. – Robin Harris, writer for Storage Bits

Once you have your drives encrypted, you need to reformat the drive as a new drive and encrypt it again. The drive is now empty so you won’t be met with long wait times as you did with the previous encryption. The purpose of the second encryption is to ensure that your first encryption key is overwritten, because a really great decrypter could recover the key and decrypt your data, which would make all that work for nothing. The second encryption eliminates that possibility.

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

 

 

3,500 Chimera decryption keys posted on pastebin

 

Cybersecurity firm Sophos reported the authors of Mischa ransomware program gained access to the development platform of a rival program called Chimera this week, and posted thousands of Chimera decryption keys online. The reasons for why Mischa gathered such codes are unclear, except for maybe the fact that Chimera and Mischa are big time rivals. Regardless the forecast looks promising for antivirus companies and users alike. About 3500 decryption keys went live on Pastebin.

Chimera not only encrypts user data, but also threatens to publish the data in plain text if payment is not met in full and in a timely fashion. So far, there is no evidence that Chimera enforcers have followed through with this threat. The threat alone seems enough to motivate victims to pay whatever ransom Chimera chooses. Clever tactic to put victims between a rock and a hard place and guarantee payment.

“it should not be difficult for antivirus companies to build a decrypter” – MischaChimera

Mischa says they received access to Chimera’s development system earlier this year even though Mischa developers explain they are not involved with Chimera.

Sophos cautions users that things of this nature take time, stating,  “it will take some time to determine if the leaked RSA keys will actually work to decrypt files locked up by Chimera and for someone to write a decryptor program, but for now, there’s at least hope that victims can get their data back.”

For any of those following the rise of malware and ransomware tactics, this is a huge break. If you are a victim of Chimera, keeping your encrypted files just a bit longer could mean getting your data back if the encryption keys turn out to be legit.

 

 

 

 

 

 


 

If you would like to educate yourself in more detail about the information in this blog post please visit : www.pcmag.com

Webcam Malware aimed at company employees

aaaaayaaaaa

Attacks face many working employees as the newest form of malware has been aimed at webcams in the workplace. The new malware is used to record employee’s private moment sin order to extort information out of them later. Sounds like everyone’s worst nightmare. The malware is called Delilah, a sweet sounding name for something so morally compromising. Delilah is the world’s first insider threat Trojan. It allows operators to capture sensitive and compromising footage of victims, which is then used to pressure victims into leaking important company secrets. The malware is being delivered via multiple popular adult and gaming sites. Thus far it is not clear if any engineering or software vulnerabilities are the source of the installed malware. The bot comes with a social engineering plug in that connects to the webcam operations so you never know you are being filmed. The attackers are using encrypted channels to communicate with victims. The bot itself needs a high level of management from a human to know who to recruit, choosing who to scam effectively. The bot, once installed, seeks to gather as much personal information about the candidate as possible, in order to bully the victim into complying with attacker requests. This can span to family and friend information as well. At the moment, not much has been accomplished as to checking for the malware. All that is known is that the bot is still buggy, and that because of the number of screenshots it is taking, often makes the screen freeze momentarily.

As security researchers look into this type of malware, more preventative information should follow.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.zdnet.com