by titanadmin | Oct 11, 2017 | Industry News, Internet Security |
Email may be the primary vector used to conduct cyberattacks on businesses, but there has been a massive rise in cyberattacks on websites in recent months. The second quarter of 2017 saw a 186% increase in cyberattacks on websites, rising from an average of 22 attacks per day in Q1 to 63 attacks per day in Q2, according to a recent report from SiteLock. These sites were typically run by small to mid-sized companies.
WordPress websites were the most commonly attacked – The average number of attacks per day was twice as high for WordPress sites as other content management platforms. That said, security on WordPress sites is typically better than other content management platforms.
Joomla websites were found to contain twice the number of vulnerabilities as WordPress sites, on average. Many users of Joomla were discovered to be running versions of the CMS that are no longer supported. One in five Joomla sites had a CMS that had not been updated in the past 5 years. Typically, users of Joomla do not sign up for automatic updates.
WordPress sites are updated more frequently, either manually or automatically, although that is not the case for plugins used on those sites. While the CMS may be updated to address vulnerabilities, the updates will not prevent attacks that leverage vulnerabilities in third party plugins.
The study revealed 44% of 6 million websites assessed for the study had plugins that were out of date by a year or more. Even when websites were running the latest version of the CMS, they are still being compromised by cybercriminals who exploited out of date plugins. Seven out of 10 compromised WordPress sites were running the latest version of the WordPress.
There is a common misconception than website security is the responsibility of the hosting provider, when that is not the case. 40% of the 20,000 website owners who were surveyed believed it was their hosting company that was responsible for securing their websites.
Most cyberattacks on websites are automated. Bots are used to conduct 85% of cyberattacks on websites. The types of attacks were highly varied, including SQL injection, cross-site scripting attacks, local and remote file inclusion, and cross-site request forgery.
SiteLock noted that in 77% of cases where sites had been compromised with malware, this was not picked up by the search engines and warnings were not being displayed by browsers. Only 23% of sites that were compromised with malware triggered a browser warning or were marked as potentially malicious websites by search engines.
Due to major increase in attacks, it is strongly recommended that SMBs conduct regular scans of their sites for malware, ensure their CMS is updated automatically, and updates are performed on all plugins on the site. Taking proactive steps to secure websites will help SMBs prevent website-related breaches and stop their sites being used to spread malware or be used for phishing.
by titanadmin | Oct 11, 2017 | Email Scams, Network Security, Phishing & Email Spam, Spam Advice, Spam News, Spam Software |
FormBook malware is being used in targeted attacks on the manufacturing and aerospace sectors according to researchers at FireEye, although attacks are not confined to these industries.
So far, the attacks appear to have been concentrated on organizations in the United States and South Korea, although it is highly likely that attacks will spread to other areas due to the low cost of this malware-as-a-service, the ease of using the malware, and its extensive functionality.
FormBook malware is being sold on underground forms and can be rented cheaply for as little as $29 a month. Executables can be generated using an online control panel, a process that requires next to no skill. This malware-as-a-service is therefore likely to be used by many cybercriminals.
FormBook malware is an information stealer that can log keystrokes, extract data from HTTP sessions and steal clipboard content. Via the connection to its C2 server, the malware can receive and run commands and can download files, including other malware variants. Malware variants discovered to have already been downloaded by FormBook include the NanoCore RAT.
FireEye researchers also point out that the malware can steal passwords and cookies, start and stop Windows processes, and force a reboot of an infected device.
FormBook malware is being spread via spam email campaigns using compressed file attachments (.zip, .rar), .iso and .ace files in South Korea, while the attacks in the United States have mostly involved .doc, .xls and .pdf files. Large scale spam campaigns have been conducted to spread the malware in both countries.
The U.S campaigns detected by FireEye used spam emails related to shipments sent via DHL and FedEx – a common choice for cybercriminals. The shipment labels, which the emails say must be printed in order to collect the packages, are in PDF form. Hidden in the document is a tny.im URL that directs victims to a staging server that downloads the malware. The campaigns using Office documents deliver the malware via malicious macros. The campaigns conducted in South Korea typically include the executables in the attachments.
While the manufacturing industry and aerospace/defense contractors are being targeted, attacks have been conducted on a wide range of industries, including education, services/consulting, energy and utility companies, and the financial services. All organizations, regardless of their sector, should be alert to this threat.
Organizations can protect against this new threat by adopting good cybersecurity best practices such as implementing a spam filtering solution to block malicious messages and stop files such as ISOs and ACE files from being delivered to end users. Organizations should also alert their employees to the threat of attack and provide training to help employees recognize this spam email campaign. Macros should also be disabled on all devices if they are not necessary for general work duties, and at the very least, should be set to be run manually.
by titanadmin | Oct 4, 2017 | Internet Security, Network Security, Phishing & Email Spam |
The 2013 Yahoo data breach was already the largest data breach in U.S. history, now it has been confirmed that it was even larger than first thought.
Verizon has now confirmed that rather than the breach impacting approximately 1 billion email accounts, the 2013 Yahoo data breach involved all of the company’s 3 billion email accounts.
Prior to the disclosure of the 2013 Yahoo data breach, a deal had been agreed with Yahoo to Verizon. The disclosure of a 1-billion record data breach and a previous breach impacting 500 accounts during the final stages of negotiations saw the sale price cut to $4.48 billion – A reduction of around $350 million or 7% of the sale price. It is unclear whether this discovery will prompt Verizon to seek a refund of some of that money.
Verizon reports that while Yahoo’s email business was being integrated into its new Oath service, new intelligence was obtained to suggest all of Yahoo’s 3 billion accounts had been compromised. Third party forensic experts made the discovery. That makes it the largest data breach ever reported by a considerable distance, eclipsing the 360 million record breach at MySpace discovered in 2016 and the 145 million record breach at E-Bay in 2015.
The data breach involved the theft of email addresses and user ID’s along with hashed passwords. No stored clear-text passwords are understood to have been obtained, and neither any financial information. However, since the method used to encrypt the data was outdated, and could potentially be cracked, it is possible that access to the email accounts was gained. Security questions and backup email addresses were also reportedly obtained by the attackers.
The scale of the cyberattack is astonishing, and so is the potential fallout. Already there have been more than 40 class action lawsuits filed by consumers, with the number certain to grow considerably since the announcement that the scale of the breach has tripled.
Verizon has said all of the additional breach victims have been notified by email, but that many of the additional accounts were opened and never used, or had only been used briefly. Even so, this is still the largest data breach ever reported.
The 2013 Yahoo data breach was investigated and has been linked to state-sponsored hackers, four of whom have been charged with the hack and data theft, including two former Russian intelligence officers.One of those individuals is now in custody in the Untied States.
by titanadmin | Oct 2, 2017 | Industry News, Internet Security, Network Security, Phishing & Email Spam, Spam Advice, Spam Software, Website Filtering |
Today is the start of the 14th National Cyber Security Month – A time when U.S. citizens are reminded of the importance of practicing good cyber hygiene, and awareness is raised about the threat from malware, phishing, and social engineering attacks.
The cybersecurity initiative was launched in 2004 by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) with the aim of creating resources for all Americans to help them stay safe online.
While protecting consumers has been the main focus of National Cyber Security Month since its creation, during the past 14 years the initiative has been expanded considerably. Now small and medium-sized businesses, corporations, and healthcare and educational institutions are assisted over the 31 days of October, with advice given to help develop policies, procedures, and implement technology to keep networks and data secure.
National Cyber Security Month Themes
2017 National Cyber Security Month focuses on a new theme each week, with resources provided to improve understanding of the main cybersecurity threats and explain the actions that can be taken to mitigate risk.
Week 1: Oct 2-6 – Simple Steps to Online Safety
It’s been 7 years since the STOP. THINK. CONNECT campaign was launched by the NCSA and the Anti-Phishing Workshop. As the name suggests, the campaign encourages users learn good cybersecurity habits – To assume that every email and website may be a scam, and to be cautions online and when opening emails. Week one will see more resources provided to help consumers learn cybersecurity best practices.
Week 2: Oct 9-13 – Cybersecurity in the Workplace
With awareness of cyber threats raised with consumers, the DHS and NCSA turn their attention to businesses. Employees may be the weakest link in the security chain, but that need not be the case. Education programs can be highly effective at improving resilience to cyberattacks. Week 2 will see businesses given help with their cyber education programs to develop a cybersecurity culture and address vulnerabilities. DHS/NCSA will also be promoting the NIST Cybersecurity Framework and explaining how its adoption can greatly improve organizations’ security posture.
Week 3: Oct 16-20 –Predictions for Tomorrow’s Internet
The proliferation of IoT devices has introduced many new risks. The aim of week three is to raise awareness of those risks – both for consumers and businesses – and to provide practical advice on taking advantage of the benefits of smart devices, while ensuring they are deployed in a secure and safe way.
Week 4: Oct 23-27 –Careers in Cybersecurity
There is a crisis looming – A severe lack of cybersecurity professionals and not enough students taking up cybersecurity as a profession. The aim of week 4 is to encourage students to consider taking up cybersecurity as a career, by providing resources for students and guidance for key influencers to help engage the younger generation and encourage them to pursue a career in cybersecurity.
Week 5: Oct 30-31 – Protecting Critical Infrastructure
As we have seen already this year, nation-state sponsored groups have been sabotaging critical infrastructure and cybercriminals have been targeting critical infrastructure to extort money. The last two days of October will see awareness raised of the need for cybersecurity to protect critical infrastructure, which will serve as an introduction to Critical Infrastructure Security and Resilience Month in November.
European Cyber Security Month
While National Cyber Security Month takes place in the United States, across the Atlantic, European Cyber Security Month is running in tandem. In Europe, similar themes will be covered with the aim of raising awareness of cyber threats and explaining the actions EU citizens and businesses can take to stay secure.
This year is the 5th anniversary of European Cyber Security Month – a collaboration between The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and public and private sector partners.
As in the United States, each week of October has a different theme with new resources and reports released, and events and activities being conducted to educate the public and businesses on cybersecurity.
European Cyber Security Month Themes
This year, the program for European Cyber Security Month is as follows:
Week 1: Oct 2-6 – Cybersecurity in the Workplace
A week dedicated to helping businesses train their employees to be security assets and raise awareness of the risks from phishing, ransomware, and malware. Resources will be provided to help businesses teach their employees about good cyber hygiene.
Week 2: Oct 9-13 – Governance, Privacy & Data Protection
With the GDPR compliance date just around the corner, businesses will receive guidance on compliance with GDPR and the NIS Directive to help businesses get ready for May 2018.
Week 3: Oct 16-20 – Cybersecurity in the Home
As more IoT devices are being used in the home, the risk of cyberattacks has grown. The aim of week 3 is to raise awareness of the threats from IoT devices and to explain how to keep home networks secure. Awareness will also be raised about online fraud and scams targeting consumers.
Week 4: Oct 23-27 – Skills in Cyber Security
The aim in week 4 is to encourage the younger generation to gain the cyber skills they will need to embark upon a career in cybersecurity. Educational resources will be made available to help train the next generation of cybersecurity professionals.
Use October to Improve Your Cybersecurity Defenses and Train Your Workforce to Be Security Titans
This Cyber Security Month, why not take advantage of the additional resources available and use October to improve your cybersecurity awareness and train your employees to be more security conscious.
When the month is over, don’t shelve cybersecurity for another 12 months. The key to remaining secure and creating a security culture in the workplace is to continue training, assessments, and phishing tests throughout the year. October should be taken as a month to develop and implement training programs and to work toward creating a secure work environment and build a cybersecurity culture in your place of work.
