Apr 24, 2013 | Internet Security News, Social Media
Twitter has suffered two major security breaches that have exposed the login credentials of hundreds of thousands of its users. In response to the incident, a number of additional security controls have been considered. The best solution was deemed to be the addition of a two-step authentication process.
This will not guarantee another data breach will be prevented, but it will make sure that it becomes a lot harder for hackers to gain access to login credentials. The new controls are likely to put off all but the most skilled and determined cybercriminals from attacking Twitter in the future. There will be much easier targets they can attack.
Two-step authentication is an important security control. In order to create an account, a user must sign up and create a login name and a password. The second step in the process, which will shortly be added to Twitter, is the requirement to have a code sent to an email address, mobile phone or the Twitter app.
The additional control will log the user’s device. If another device is used to login, another code will be sent to the app, phone or email account used to register. If the code is not entered, access to the account will not be permitted.
Wired.com has recently reported that Twitter is in the process of testing the new security measure before making it live. Once testing has been completed it will be rolled out to all accounts. This will not come a moment too soon. Cybercriminals are targeting social media networks, and if security measures are inadequate, data breaches will be suffered.
Social Media Networks are an Attractive Target for Cybercriminals
The networks are a big target for hackers and cybercriminals. The data stored in user accounts can be considerable. The data can be used to conduct highly effective spear phishing campaigns. With detailed information about each user, those campaigns can be very convincing.
Criminals can use stolen data to craft emails that the user is likely to respond to. They can find out who their contacts are, and make an email appear that it has been sent by a friend. That makes it far more likely that the target will click a phishing link or open an infected attachment.
Not only that, passwords are often shared across websites. Many people use the same password for Twitter as they do for their online banking and for work. One single password could potentially give a criminal access to much more than a social media account.
Phishing emails are being sent with increasing regularity
In the first half of 2012, phishing attacks are estimated to have increased by 19%. Many criminals still use email as the vector of choice, but many are now targeting social media networks. Criminals are finding it is easier to use Facebook and Twitter to get users to click on links to phishing websites. People even unwittingly share phishing links with their friends, helping the attacker infect more machines and steal more passwords.
Phishers are targeting individuals, but many are after a much bigger prize. If a user’s work computer is compromised, it can allow access to be gained to a corporate network. In fact, businesses are now being increasingly targeted using phishing campaigns.
These campaigns are far more sophisticated than in years gone by. The emails and social media posts are much harder to identify, and many employees are convinced to (unwittingly) download malware and viruses.
Unfortunately, many businesses are still not addressing the risk and have failed to implement adequate security controls. Some employees have not even been trained how to identity a phishing email!
Unless greater investment goes on improving security protections, and further training is provided to the staff, it will only be a matter of time before a network is compromised, customer data is stolen, and corporate secrets sold to the highest bidder.
Apr 17, 2013 | Cybersecurity News, Internet Security News
Terrorist attacks are occurring with increasing regularity around the world, but it is still rare for one to happen on American soil. However, on Monday an attack took place at the Boston Marathon. The tragedy claimed the lives of three people.
It is at times like this that vigilance must be increased. Criminals often use events such as this to infect computers with malware. Big news events are often used to lure victims into clicking on links to websites infected with malware or convince them to open malware-infected email attachments. The Boston bombing is no exception. Criminals have seized the opportunity already and have started sending emails about the tragedy which contain links to infected sites.
SpamTitan is alerted when spam and phishing emails are captured. The quarantine reports are collected and analyzed, and some of the recent crop of captured messages contain titles such as “Explosion at Boston Marathon” and “Boston Explosion Caught on Video.” When news breaks, people want to find out what has happened, and images and videos of the event are sought online. Videos of the Boston bombing are being searched for on Google and social media, and emails including links to videos are likely to be clicked.
Anyone clicking one of the links in the emails will be directed to YouTube where a range of videos are listed. No harm is immediately caused.
However, after 60 seconds the visitor will be notified of a file called “boston.avi____exe”, and are asked to download it. If the file is run, it will install malware which will connect to servers in three locations: Argentina, Taiwan and Ukraine. Data from the infected machine will then be sent to those servers. SpamTitan software will prevent the email from being delivered using a variety of methods, thus protecting the user. Individuals without this software installed are unlikely to even be aware that their computers have been compromised.
Be wary about emails containing news alerts
Cybercriminals often use news events to spread malware and gain access to computers and servers. Each major news story, whether it is a terrorist attack, election result, natural disaster or celebrity wedding, will see numerous phishing and spam campaigns launched. Many of these campaigns see emails sent out randomly, often in the millions.
Any company that does not have a spam filtering solution in place is likely to see many of these emails delivered, and all it takes is for one end user to click on a link and download a file for a network to be compromised. It is not only malware that is a problem.
There have been a number of new websites registered in the past two days related to the Boston bombing. New domains have been purchased by individuals looking to capitalize on the attack. Some have been bought and are currently just parked. Some individuals have purchased the domains to prevent them from being used by scammers. Others have been activated and are seeking donations to help the families of the victims. Of course, any donations made through those websites will just go into the criminal’s pocket.
In addition to installing a spam filter to catch email spam, and employing a web filter to block links to malicious websites, be sure to adopt the following best practices and make sure that staff members do the same:
Don’t become another victim of a scam!
- Check the email address of the person sending the email even if it appears to be from someone you know
- Never click on a link in an email unless you are sure that link is genuine
- Do not open attachments contained in emails from strangers
- Be wary about opening attachments sent from friends. Their account may have been compromised or they may not realize they are sending an infected file
- Never open executable files (those that end with .exe)
- Never respond to an email request for money. If you want to donate, do so via a trusted, registered charity. Always visit the website via the search engines, not the link contained in the email
- Make sure a charity is registered before making a donation
- Be wary of any email sent to you containing information about a news event – who is sending it? How did they get your email address?
- Do not forward or share suspicious emails or links
Apr 7, 2013 | Cybersecurity News, Network Security
What is a hacker?
Hackers are commonly referred to in print media and Internet reports, and are often viewed as either criminal masterminds intent of wreaking havoc and causing chaos, or bored (but highly skilled) teenagers with nothing better to do with this time.
However, a hacker is just an individual who is familiar with computer software and who is able to find and exploit security weaknesses in computer systems. Should you conduct a search on the internet for HTML Injection, you would find a great many websites that explain how to use this technique to gain access to websites. If you were to follow the instructions, you would essentially be a hacker. Just, not a very good one.
Not all hackers are bad, not all lack a conscience, and many are not motivated by money. Some are highly talented individuals who want recognition for their computer skills or just want to protest about something. Hackers have been known to break in just to prove a point. It is morally reprehensible that board members are taking huge amounts of cash out of the business, but are jeopardizing the privacy of their customers and leaving them exposed to Identity theft.
Some companies even employ hackers to test their systems. These “ethical hackers” or “white hat hackers” perform an extremely valuable job. It is far better to have an employee attempt to hack a computer network to find vulnerabilities in order to fix them, rather than have a malicious outsider break in and steal data. Facebook has, and does, hire programmers for this purpose, and even runs an annual hack-a-thon.
The rise of the everyday hacker
The leading company in the field of application security testing, Veracode, produces an annual security report that assesses the state of software security. The company’s researchers investigate security trends and makes predictions about how vulnerabilities could potentially be exploited.
In this year’s State of Software Security Report the company has predicted there will be a rise in the number of “everyday hackers” over the next few years. These “have-a-go-hackers” will not be highly skilled computer geniuses. They will be normal people who decide to have a go at hacking. As previously mentioned, there is a lot of information on the internet, and many techniques do not require a great deal of computer skill to pull it off.
A “SQL injection” search on Google will reveal 1.74 million search results. Not all of those websites will give step by step instructions on how to do it, but some do. Currently, according to the Veracode security report, 32% of web applications contain security flaws that could be exploited by SQL injection. These flaws are not hard to identify, and are actually quite easy to fix. Many companies do not even test for them.
Hacking is increasing and data breaches are occurring much more frequently
More than half of data breaches are caused by hackers breaking into systems to steal data (or stealing data once they have broken into a system for other reasons). In 2011 and 2012, Veracode calculated that 52% of data breaches came as a result of web intrusions.
Interestingly, software is now being installed to tackle these vulnerabilities and far fewer security holes typically exist. The problem is more people are now looking for vulnerabilities to exploit.
Veracode found that unsecure software was the largest root cause of data loss. Its researchers discovered that 70% of software used by organizations does not even comply with enterprise data security policies.
Unless organizations take a more proactive approach and address these vulnerabilities as a priority, hackers will exploit the security holes and sabotage systems, hold companies to ransom, and steal data. To prevent data breaches, action must be taken and taken fast.
