Category : Security

Are you promoting a safe Network?

security

On average, organizations take about 200 days to identify new ransomware threats. In combination with aging hardware, out of date software, poor network monitoring, and lack of professional IT assistance, this makes for quite the mess.

Hackers are less likely to attempt an attack against an automatically patched software or newly issued hardware. The reason being that vulnerabilities are lower and exploits for newly issued hardware most likely have not been found yet, or are already patched. Those that are behind in refreshing their technology are an easy target for attack.

Here are 5 best practices to follow to secure your network and avoid ransomware attacks.

  1. Improve Network Hygiene – Automatic deployment of patches and updates, replace old or out of date firewalls, IPS, as well as ensure you are using a quality email spam filtering service to protect against phishing and malicious links and sites.

  2. Defend Strategically rather than Haphazardly – It is recommended that organizations employ security as a big picture solution rather than single use. Integrated security is the best defense for networks as it reduces backdoor vulnerabilities and holes that might be exploited.

  3. Reduce Detection Time – It would be ideal if your organization had the tools and professional aid to recognize an attack as soon as it occurred. But most organizations find themselves in the dark for weeks before an attack is detected. By measuring the time to detection, you vet that the systems in place are capable or not capable of delivering the fastest detection time. This ensures that your organization can respond to threats in real time, and prevent further attack.

  4. Protect Users No Matter the Location – Ensure that you are protecting your users while they are on the company network and when they are not. Good password manager software and VPN tunnels are key to keeping to a good security practice. It is also important that you communicate with your users the importance of cyber security and illustrate good habits.

  5. Routinely Test Backups – Confirm that your backups are healthy and current. Test that they are free from compromise. If you are hacked, you will want to have backups that are ready to go.

 


 

If you are interested in reading the original article, or would like to educate yourself in more detail about the information presented in this blog post, please visit: https://newsroom.cisco.com 

Fully Booked hotel & ski-resort pays bitcoin to regain control

bitcoin

Four-star hotel and ski-resort in Australia paid a reported $1,600 ransom to regain control of its computer system during a fully booked weekend. The systems were kicked offline which temporarily interfered with room keys and guest check in among other things. This ransom marks the third attack on the hotel system, but the first time full control was taken. This may be why the hotel opted to pay the bitcoin rather than mess with the situation any further. Rather than risk losing revenue and fully restricting guests from checking in or out of their rooms the hotel worked with the hackers. Cheaper and faster said the hotel representative.

“Neither police nor insurance help you in this case,” Brandstaetter lamented to The Local. “The restoration of our system after the first attack in summer has cost us several thousand euros. We did not get any money from the insurance so far because none of those to blame could be found.” – PCmag

This is not the first time that a company has had to make the difficult decision whether or not to pay the bitcoin and risk losing that money as well as their data, or not paying the bitcoin, and risk total lockout of the system. IBM Security ran a study that found 70 percent of businesses attacked and infected with ransomware have paid the dollar to regain access to their systems and or data.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com

 

Android Trojan rerouters you to Rogue DNS server

android trojan

New Android Trojan virus reported by Kaspersky Lab, that goes by the name, Switcher.

Switcher Trojan infects wifi routers through an infected Android, where an attacker can then reroute other users on the network to malicious sites. This is through brute force attacks against the admin interface of the router – using a predetermined list of password/login combos. The DNS servers are then replaced with both an active and backup server of the hacker. This allows for a multitude of potential infections, since every DNS query is directed to a network controlled by the attacker.

Kaspersky Lab researchers explained that “the ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system … the approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.” – www.techgenix.com

Attacks primarily in china and proven track record predicts that the attacks will certainly spread across locations. This is the first Android malware that has been used to attack routers in this manner.

At the moment it is advised that admins and users alike should be on the look out for the following rogue DNS servers:

101.200.147.153

112.33.13.11

120.76.249.59 

“A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on,” says Kaspersky Lab cybersecurity researcher Nikita Buchka. – www.zdnet.com

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.techgenix.com

 

What/Why/How – you should always use a VPN

vpn

What is a VPN? A virtual private network creates a secure tunnel between two sites via the Internet to protect your privacy. This is usually a paid service to ensure web browsing is secure and private while using public wifi or less secure wifi networks.

What happens? Your PC connects to a VPN server, and then your web traffic passes back and forth through that server. This VPN server can be located anywhere in the world whether it be the United States or Thailand. Therefore when you are surfing the web, those websites you are visiting see you as browsing from that VPN server’s geographical location, not where your laptop is really located.

Why is that important? When you are hanging out on your laptop in a public space such as a coffee shop, perusing Amazon for some deals, hackers are far less likely to be able to steal your login credentials, your credit card information, email address, or direct you to a fake banking site or other spoof. Even your internet service provider will have a hard time trying to snoop on what websites you are visiting.

Free services are offered, but they are slow with considerably less bandwidth, so pay the $5 a month and get a service of quality. Ask questions such as what kind of logging does the VPN provider do? How long do they keep information about your VPN sessions? Are they going to be recording the IP addresses you use? Answers to these questions should be taken into consideration based on how much privacy you want and need.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.networkworld.com

 

Luggage Tag Code, Gives Identity and Flight Info to Hackers

gds

Researchers from German security company, Security Research Labs, recently revealed the poor security behind the current travel booking systems. Three of the largest Global Distributed Systems (GDS) handling flight reservations for worldwide travel are Amadeus, Sabre, and Travelport. These three systems handle 90 percent of flight reservations.

The poor security stems from these systems originating in the 70’s and 80’s and never being rebuilt, but rather integrated with the more modern web infrastructure of today.

Each traveler on a GDS is identified by a six-digit code that also serves as the booking code. This code houses all traveler information from home address, email address, phone numbers, credit card information, frequent flyer number and even the IP address used to make the booking online! This ID is printed on boarding passes and luggage tags.

A specific ID is not needed to find valid traveler information and airline websites and GDS do not limit the amount of times you can check for codes. This gives hackers the window to use brute force approach to finding valid codes for use.

Researchers explain that it is possible for a hacker to steal your flight by changing the flight information without your knowledge or canceling it and receiving a voucher, just from your ID printed on your luggage tag. A hacker could also take frequent flyer miles, or use the knowledge that you are on vacation for a potential phishing attack.


If you would like to educate yourself in more detail about the information presented in this post please visit: www.pcmag.com 

 

Shopper Safety – Beware of Fake Apps and Wifi Hotspots

shopper

Now that holiday shopping is upon us, security researchers are handing out advice on how to protect yourself and your information from cyber hacking. More and more shoppers use their smartphones while they are shopping, to compare prices and deals at other stores or online. Reports by RiskIQ, an enterprise security firm, estimates that 30 percent of Cyber Monday and Black Friday shopping will be done on a mobile device.

Cyber criminals are well aware that shoppers are relying heavily on their smartphones this holiday season. Noticing that many consumers often connect to free wifi hotspots while shopping, hackers have taken to setting up fake wifi zones to entice people into connecting. Consumers may see a wifi network available named “Macysfreewifi” and connect without even second guessing – often times the store isn’t even in the mall! If you see a wifi network labeled with a store name that is nowhere nearby, do not connect. The same goes for wifi networks set up with the word “free”, often these are bogus as well. Hackers will also monitor communications over legitimate networks that are poorly secured and not properly configured, but this is a more difficult process than getting an unsuspecting shopper to connect to a malicious network.

Hackers are also known to repackage legitimate applications so that the fake application they create looks almost identical to the real thing, in the hopes you will choose theirs instead. Sometimes hackers will create a completely fake application from scratch, such as “Amazon Rewards” that does not exist in the official app stores. Many times these fake apps will promise rewards or points for downloading. The fake Amazon Rewards app was found to be a trojan, spread by using fake Amazon vouchers and a link to a fake website sent via SMS text messages. The fake app even accesses the user’s contacts to send the vouchers to more mobile phones without permission.

This is not the first fake application, and it most certainly will not be the last. RiskIQ found 1 million applications that have been blacklisted for using brand names in the title or description of the application to trick consumers. The only real way to avoid such applications is to go directly to official application stores such as Google Play and Apple App Store to download applications.

Things To Remember:

  • Download applications only from official app stores

  • Beware of apps that ask for permissions to contacts, text messages, stored password or credit card information

  • Question applications that have rave reviews, they are easy to forge

  • If you do not understand the warning on your device, do not click continue

  • Update your device to the most current operating system

  • Disconnect from the network if your phone begins to act up or crash

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.computerworld.com 

 

Two Factor Authentication – What is it?

two factor authentication

Two Factor Authentication, or 2FA, takes a combination of generally accepted forms of authentication to further secure your login to big sites and applications such as Facebook, Microsoft, Google, Apple iCloud and others. This is an extra layer of protection that utilizes something you know such as a password, and something only you has, such as a cell phone or fingerprint. This is not necessarily a new idea, many of us use this everyday when making purchases with a credit card and asked to enter a zip code for verification.

There are 3 generally accepted factors of authentication:

  1. Something you know – such as a password

  2. Something you have – such as a hardware token like a cell phone

  3. Something you are – such as your fingerprint

Two Factor Authentication takes two of the above in order to secure your log in. Such that if you have 2FA enabled on Facebook for instance, when you attempt to log into Facebook on a new device or browser you will be asked to confirm this log in with a second form of authentication which can be any of the three described above.

This form of authenticating is especially advised for sites and applications that house your personal information, credit cards, location information, are tied to other accounts, and could otherwise affect your personal life such as email, social media – the list is endless!

A few big names have taken head to this advice by employing 2FA, although the process is not entirely seamless, great strides have been taken to make using 2FA as easy as possible. Look for 2FA on your favorite big name sites and applications.

Set up Google 2FA here 

Set up Apple 2FA here 

Set up Microsoft 2FA here


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit :

Windows 10 Vulnerability – Edge Browser users Safe

windows-10-cyber-threat-bug-558378

The vulnerability is called Strontium, found in Windows code. Google stumbled across the flaw, and wrote a blog post in late October stating the affects on Adobe’s Flash media player. Google’s policy concerning such critical vulnerabilities is to publish them actively seven days after Google has reported them to the software’s creator.

According to Google, the flaw exists in the Windows kernel and can be used as a “security sandbox escape”. Sandboxes are use in software in order to stop malicious or malfunctioning programs from reaching or otherwise damaging other parts of the machine.

Microsoft has acknowledged the flaw, but also criticized Google for releasing it before a fix was available, stating to a member of VentureBeat,

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” said a Microsoft spokesperson.  “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”

Microsoft Executive Vice President Terry Myerson, explained the vulnerability in more detail in his blog post on Tuesday. In order for the computer to be affected with the malware, it must first infiltrate Adobe;s Flash to gain control of the web browser. After which privileges are elevated in order to escape the browser’s sandbox. Finally the malware would be able to install a backdoor to provide access to the victim’s computer.

Those that are using Microsoft Edge browser are protected, as the browser prevents the installing of the backdoor. Everyone else is left to wait for the next available patch to solve the issue, which should be November 8th.

 


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcmag.com 

 

DDOS Attack: Mirai botnet hacks devices with default passwords

miraiWeak default usernames and passwords spawned the massive DDOS attack against internet connected cameras and DVRs. Most botnets use infected PCs to generate an attack. This botnet, Mirai, was of a different breed, specifically programmed to scan the internet searching for poorly secured products, and proceeding to try redundantly obvious and easily guessed passwords. When a poorly secured device was found the botnet attempted to log into the product with a login similar to “admin” and a password with some derivative of “12345”.

The botnet’s maker released the source code, which is programmed to try a list of over 60 password and username combinations. This list gained the botnet access to over 380,000 devices. Mirai also took down the website of security researcher Brian Krebs last month in a DDOS attack.

Unfortunately this could become a bigger problem, as devices connected to the internet, such as cameras and DVRs are not created with security in mind. Passwords are not required to be changed once installed, and on a hunch I can assume that most users are not using their strongest password for their DVR. Security researchers have noticed an upward trend in DDOS attacks, as botnets continue to attack poorly secured devices and infect the devices with malware.

Krebs went online and looked up default usernames and passwords and matched them to devices, creating a list of possibly susceptible devices to the Mirai botnet. Check it out and change your passwords.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.techconnect.com 

 

 

Do this and not that – Mobile Malware

mobile-malware1

The three best practices to avoid mobile malware is to use an official app store, resist temptation to jailbreak your device, and keep updates current. Apple and Google app stores remain the most vigilant about mobile malware concerns. Google uses Verify Apps that runs in the background of modern Android systems to scan for spyware, ransomware, and fraudulent apps. The company also checks mobile apps that are submitted to the Google Play Store. Less than one out of every 10,000 devices that only downloads from the Google Play Store has a program in the malicious category.

Jailbreaking your device undermines much of the already pre-installed security on the phone. In addition to this, the ability to restrict applications from accessing personal data on the phone as well as validate applications is disabled. Basically, if you jailbreak your device you better have a pretty good understanding of technology, because you just became the sole provider of security for that device.

This may be a surprise to most, but vulnerabilities actually do not increase the likelihood on malware on mobile devices. Symantec’s Internet Security Threat Report released Apple iOS had nearly 8 times as many vulnerabilities as Android in 2014, but near all malware for that year were targeted at Android devices.

The reliance and increased functionality of mobile devices leads developers to push out updates and bug fixes as fast as possible. Users should pay attention to this and keep their applications and software updates current. Android users often wait to update because of the lengthy process involved, but the benefits usually out whey this inconvenience, especially considering Android devices are most susceptible for malware.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcworld.com