Nov 30, 2015 | Cybersecurity Advice, Cybersecurity News, Internet Security News
Kaspersky Lab has made a number of web security predictions for 2016, alerting IT security professionals to what the company’s security experts believe next year has in store. The company has listed some of the biggest security threats that are expected over the coming year.
Kaspersky Lab is one of the leading anti-virus and anti-malware software developers, and is a supplier of one of the two AV engines at the heart of WebTitan Web filtering solutions.
The Kaspersky web security predictions for 2016 include opinions gained from over 40 of the company’s leading experts around the globe. The web security predictions for 2016 can be used by IT professionals as a guide to where the next cyberattack could come from.
The Biggest Cyberattacks of 2014 and 2015
Last year saw numerous high profile attacks on some of the world’s best known brands. Around this time last year, Sony was hacked and its confidential data was posted online, causing much embarrassment and considerable financial loss. Some of the biggest names in retail in the U.S. were attacked in 2014 including Target and Home Depot.
The start of this year saw attention switch to health insurers. In February, Anthem Inc. was attacked. The records of 78.8 million insurance subscribers were stolen. News of a cyberattack at Premera BlueCross closely followed. 11 million subscriber records were compromised in that attack. Later in the year, Excellus BlueCross BlueShield discovered hackers had potentially stolen the records of approximately 10 million subscribers. Healthcare providers were also hit. UCLA Health System suffered a data breach that exposed the records of 4.5 million patients.
The U.S. Government was also targeted this year. The Office of Personnel Management was hacked and, while the perpetrators have not been identified, the attackers are believed to be government-backed hackers based in China. Over 22 million records were potentially stolen in that cyberattack. The IRS was also hacked and 300,000 individuals were affected.
37 million highly confidential records were obtained from internet dating website Ashley Maddison, and Hacking Team – a somewhat controversial provider of spyware – was also hacked. 40 GB of its data was dumped online for all to see.
Many of these attacks were highly sophisticated, but were made possible after employees fell for spear phishing emails.
Web Security Predictions for 2016
Hackers have been developing ever more sophisticated methods of breaking through security defenses to gain access to confidential data, to sabotage systems, or to hold companies and individuals to ransom by taking control of their data. Phishing and social engineering techniques are often used. While these are likely to continue, Kaspersky Lab experts believe hackers are likely to concentrate on stealthier techniques over the coming 12 months. The company’s experts believe there will be a growth in silent attacks that are difficult for security professionals to detect. The main web security predictions for 2016 are listed below:
APT Attacks to come to an end
Advanced Persistent Threats have proved popular with hackers, yet Kaspersky believe these attacks will soon come to an end. Instead, hackers are expected to conduct more drive-by attacks using stealthy memory-based malware. Memory based malware is not downloaded but resides in the memory where it cannot be easily detected. While the injection of malicious code into the RAM of a computer could only previously be used for short term infections, new techniques have been developed that are capable of surviving a reboot. These are likely to grow in popularity over the coming year.
Off-the-shelf malware use to increase
Rather than criminals paying hackers to develop new exploits, there is expected to be an increase in off-the-shelf malware attacks. Instead of developing new malware from scratch, existing malware will be used and tweaked to avoid detection. There is no need to reinvent the wheel when malware exists that can be used or rented out cheaply. The malware will just be made stealthier and more difficult to detect.
Alternative payment systems will be targeted
Financial cyberattacks will continue, and banks and financial institutions will be targeted. Expect a rise in attacks on alternative finance providers and payment systems such as AndroidPay, SamsungPay and ApplePay.
No end to extortion and mafia-style tactics
Not all hackers are motivated by money. Kaspersky has predicted a rise in the number of hacktivist attacks, which aim to shame the rich and famous. Attacks will continue to be conducted on companies that have caused offense. The attack on Ashley Madison and the 2014 hacking of Sony being good examples. Some hackers will use the threat of publishing data to extort money from victims, others will just be keen to sabotage companies. The use of ransomware is also expected to increase, with companies large and small targeted with increasing regularity.
Nov 26, 2015 | Cybersecurity News, Internet Security News
Under normal circumstances the Amazon data breach risk is kept to a minimal level. The global online retailer is estimated to have generated $38.42 billion in gross profits between September 2014 and September 2015, and such deep pockets mean the company can invest heavily in cybersecurity protections.
With a company as large as Amazon, excellent data breach risk management strategies are essential. The company is a huge target for cybercriminals and a successful cyberattack has potential to make a dent in its profits. If customer data are obtained by criminals, those customers may choose to buy from an alternative retailer in the future.
Amazon data breach risk discovered in time to prevent a successful hack?
This week, a security scare has forced the company to reset some users’ passwords. It is not clear whether a data breach has actually been suffered, but the retailer certainly believes the risk to be credible as Amazon passwords were not requested to be changed. The company forced a reset.
Amazon.com announced that this was “a precautionary measure” to prevent a cyberattack from occurring. The company believes passwords were “improperly stored” or had been transmitted to the company using a method that could “potentially expose [the password] to a third party.”
The company has sent emails to all affected account holders advising them that they will need to specify a new password when then next login. No announcement was made about the number of users affected.
This is not the first time that Amazon has had a major security scare. In 2010, hackers managed to break through its security defenses and compromised a number of user’s passwords. In that instance, users were warned that their accounts had been compromised.
The Amazon data breach scare could affect more than just your Amazon account
It is not clear whether passwords were actually obtained by a third party. Because of the doubt surrounding the reason for the forced change, any individual that receives an email telling them their password has been reset should also change their passwords on all other online accounts if the accounts can be accessed using the same password.
Many consumers share passwords across multiple platforms, but password sharing is inadvisable. Many online accounts use an email address as the login name. If a password is shared across platforms, one data breach could result in all user accounts being compromised.
Amazon data breach risk management: Two-factor authentication now added
One of the easiest ways to improve protection is to introduce two-factor authentication. Many companies only insist on one factor to authenticate users: A password. Two-factor authentication involves an additional element to verify that the person attempting access is the genuine account holder.
Many global companies have now introduced two-factor authentication; although some have only done this recently. In some cases, the additional security measure was deemed necessary after a data breach was suffered. Twitter being one of the best examples. Google uses two factor authentication for its accounts, as does Facebook. This month, Amazon data breach risk management policies were changed to include two-factor authentication on user accounts. It is not clear why it took the company so long to introduce this enhanced security measure. All users should add it, especially in light of this recent security scare.
Nov 25, 2015 | Cybersecurity News, Internet Security News, Network Security
You would think that a brand new computer would be secure, aside from requiring a few updates to software after being taken out of the box, but a Dell root certificate security flaw means even brand new Dell laptop computer could be compromised within seconds of being connected to the Internet. Understandably, corporate customers and consumers alike are in uproar over the eDellRoot certificate security flaw that was recently discovered.
The security flaw was revealed by Dell as part of the company’s remote assistance support service. In order for Dell to “streamline” support for users, the company installed a self-signed root certificate on at least two models of Dell laptop computers – the Inspiron 5000 series and the company’s XPS 15 laptop.
Unfortunately, the root certificate is installed in the Windows root store along with the certificate’s private key. Any individual with a modicum of technical skill could obtain the key and use it to sign fake SSL/TLS certificates. In fact, the key is publicly available on the internet so it is easy to obtain. This means that anyone using one of the aforementioned Dell laptops could visit a HTTPS-enabled website in the belief that the connection is secure, when in fact it may not be.
It would be possible for hackers to view data shared between the secure website and the Dell laptop. If the laptop is used to access a banking website via an open Wi-Fi network or the Internet is accessed via a hacked router, someone could listen in on that connection. Users could compromise their personal bank account information, passwords, or login credentials used to access their employer’s network.
Any company that has purchased either of the above Dell laptops could potentially be placing their entire network at risk. If a BYOD is in operation, personal Dell laptops are a huge risk to data security.
Not only could hackers eavesdrop on secure internet connections, it is possible that the Dell root certificate security flaw could be used to install malware on devices undetected. Since the certificate can be faked, it is possible that system drivers or software could be installed which fool the operating system into thinking they have come from a trusted developer. Even if a warning is issued, users may think it is safe to install a program because it appears to have been created by Dell.
Dell desktops, servers, and other laptops may contain the Dell root certificate security flaw
The extent of the problem is currently unclear, but the Dell root certificate security flaw may not be confined to two specific laptop models. All laptops, servers, and desktops sold by Dell could potentially be affected. The eDellRoot certificate is installed by Dell Foundation Services (DFS) and the application is not confined to the Inspiron 5000 and XPS 15 laptops. According to one source, the security flaw has also been found on the Dell Venue Pro. Dell says the root certificate was only installed on hardware since August 2015.
A few days after the discovery of the Dell root certificate flaw, another one was discovered by Duo Security. This certificate was only present on a small number of systems around the world, although that Dell root certificate was discovered on a SCADA (supervisory control and data acquisition) system.
It doesn’t end there. A third has been discovered. The DSDTestProvider certificate is installed by an application called Dell System Detect or DSD. This is not shipped with Dell hardware. Instead it is downloaded onto computers and laptops by users. If they visit the Dell support website they are asked to install the detection tool.
Dell Root Certificate Security Fix Released
Users are able to remove the eDellRoot certificate using a tool that has hastily been released by Dell. However, at the time of writing, there is no tool to remove the DSDTestProvider certificate. Any user of a Dell computer, server, or laptop should therefore keep up to date with eDellRoot and DSDTestProvider news and should check the Dell support website frequently for further information.
Extreme caution should be exercised when accessing apparently secure websites, and users should not access secure sites from open Wi-Fi networks until the Dell root certificate security flaw has been fixed.
According to ARS, security expert Kenn White was able to use the publicly available security key to create a secure HTTPS test site using the certificate. When he visited the site it flagged no warnings that the certificate could not be trusted when he used Internet Explorer, Microsoft Edge, and Google Chrome browsers. The only browser that recognized the certificate as being suspect was Firefox.
Nov 23, 2015 | Internet Security News, Web Filtering
Are you prepared for the official start of Christmas shopping season? Will you be starting your Xmas shopping on Black Friday? If you can’t resist a bargain, and can’t wait until Cyber Monday, take care! There are many fake Black Friday deals being advertised and you may end up becoming a victim of an online scam.
Fake Black Friday deals aplenty
Black Friday follows Thanksgiving Day in the United States, and it officially marks the first day of the Christmas shopping season. It is also a day when online criminals try to take advantage of Christmas shoppers. There will be plenty of genuine bargains, as Black Friday discounts are offered by most major retailers. Unfortunately for shoppers, there are plenty of fake Black Friday deals being advertised online. Picking out the real deals from the fake ones is not quite as easy as it used to be. Scammers are getting good at creating highly realistic offers and fake websites. Furthermore, scammers are getting sneaky and have launched fake Android Apps, and are now sending texts containing phishing links and fake phone lines.
Fake Amazon app will steal your passwords, make calls, and send texts
One of the scams already being sent offers a golden opportunity: The chance to beat the online crowds and grab a bargain before everyone else. Download this app and you will get to the front of the virtual queue and get all the Amazon Black Friday deals, days early.
Instead of launching an Amazon app when you start it, after downloading the fake Amazon app it will launch an app called com.android.engine. If you grant permission, as many people who download the app will, you give the app permission to view virtually everything on your phone, make calls, send texts, and see the data you enter via your phone. Deleting the app will make no difference. To avoid this scam and others like it, only download apps from Google Play store; never from third party sites.
Beware of texts warning of suspicious account activity
Scammers may love email to deliver phishing links and malware-ridden attachments via email, but some are now resorting to text messages. Texts are sent warning of a security breach, account hack, or other need to call a support line. The number provided will be answered by a scammer who will attempt to relieve you of your credit card information or bank account details, or will attempt to gather information that can be used in a future phishing attack.
Fake stores offering fake Black Friday deals
Social media websites advertise amazing discounts and many fake Black Friday deals. Spam emails are sent in the millions with fantastic “too good to be true” offers. Many of these are fake Black Friday deals designed to get you to part with your credit card number. When browsing the Internet, you may have pop-up adverts appear with links to these websites or they may appear in Ad blocks on legitimate websites.
Some of these adverts will direct you to online stores that you may never have heard of; yet the discounts do tempt many visitors to make a purchase. Any goods ordered will not be received and credit cards will be charged repeatedly.
Before making any purchase, take a few minutes to verify the company’s identity, address, and location. Don’t be afraid to give the store a call. It is better to be safe than sorry.
Your order can’t be delivered
Next week you may receive an email telling you your order cannot be delivered. Your purchases are unlikely to be specified in the email, only a link to the delivery company’s website. You will be asked to make alternative arrangements to collect your order or provide an alternative date when you will be home.
The links direct users to phishing websites aimed at getting visitors to divulge sensitive information. Delivery receipts and invoices are also sent via email. These contain malware, and opening the files will see your computer compromised. Be especially wary of PDF files, JPEGs, ZIP, and EXE files. Many file attachments have the suffixes masked to fool users into opening them. They contain malware such as keyloggers, or will allow hackers to take control of your device.
Only make purchases from stores offering a secure HTTPS connection
To avoid phishing and other malicious websites, use your common sense. If a deal sounds too good to be true it probably is. Before you make a purchase, check the website has a padlock next to the URL and the web address starts with HTTPS.
This is not a guarantee that the website is genuine, as security certificates can be faked. But it will give you a better idea if the website can be trusted. Also never make any purchase while connected to the Internet via an open Wi-Fi network. You never know who might be eavesdropping on your session.
If you want to protect against fake Black Friday deals, or keep your work network secure and free from malware, consider installing a web filtering solution. It will take the guesswork out of online purchases, and will block phishing websites, popups, and malicious adverts. Coupled with an anti-spam solution to catch malicious emails, you will be better protected from online scammers and cyberattacks.
Nov 20, 2015 | Cybersecurity Advice, Internet Security News
Online shoppers now have the option of using Amazon two-factor authentication on their accounts to improve security. Any users concerned about the number of cyberattacks being suffered by large retailers should take advantage of the new security measure and add Amazon two-factor authentication to their Amazon account at the earliest possible opportunity.
It is not clear exactly when the retail giant implemented the new security feature, as an announcement was not made; however, some users started to notice the option this week. At the present moment in time it is not a mandatory security measure to use, but it is strongly advisable to add it to your account.
Large retailers are big targets for cybercriminals. Retailers such as Amazon may have invested millions or even hundreds of millions in data security solutions and cybersecurity protections, but no company is impervious to attack. One thing that is certain is a great many cybercriminals will attempt to break through Amazon cybersecurity defenses. The company’s colossal database of customer information would be a sizeable reward for all the effort. The retail giant has an estimated 244 million customers. 244 million credit card numbers could be sold for a considerable sum of money.
Why Amazon two-factor authentication doesn’t offer 100% security
It would be nice to live in a world where it is impossible to be hacked or have one’s account details compromised. Unfortunately, but there is no such thing as a 100% secure account because no system is totally foolproof. Two-factor authentication does however get pretty close and, even better, it is easy for companies to implement and straightforward for customers to activate.
Most of the global retailers and major internet brands use two-factor authentication for user accounts; although for some reason (only known to Amazon) the retail giant has refrained from adding this additional security measure until now. It is not a mandatory security measure and will not be added to accounts automatically. If users want enhanced account security, they can access their account settings and turn it on.
How to Add Amazon two-factor authentication to your account
Making your Amazon account more secure is a simple process. You will need to login to your account and access your account settings. The option is located in the “Your Account” dropdown menu in the upper right hand side of your screen. You will need to scroll to the “Change Account Settings” option, and at the bottom of the list click on “Edit” to the right of the “Advanced Account Settings” section.
You will be directed to the Amazon two-step authentication page. You just need to click on the “get started” option. If you enter your mobile phone number, you will be sent a code which will need to be added into your account settings. Once this has been done, no one other than yourself will be able to access your account even if your password is compromised. Unless a criminal also has your phone of course.
Retailers are being attacked with increasing regularity, so this additional security measure is strongly recommended. Target was targeted, Home Depot was hacked, and Amazon may well be the next major retailer to suffer a significant data breach. This additional security control will offer greater protection.
Nov 18, 2015 | Cybersecurity News, Internet Security News, Network Security, Web Filtering
If a user in your organization accidentally installs keylogging malware onto his or her computer, every keystroke entered on that computer – including login names and passwords – could be sent directly to hackers’ command and control servers.
This nightmare scenario could involve the exposure of a limited amount of sensitive data; however, if the malware has been installed on multiple computers, and the infections have not been discovered for a number of days or weeks, a considerable amount of data could be obtained by criminals.
Keylogging malware infection discovered by OH Muhlenberg Community Hospital
A hospital in Kentucky recently discovered that not only have multiple computers been infected with keylogging malware, those infections occurred in 2012. For three years, every keystroke entered on each of those computers was recorded and transmitted to the hackers responsible for the attack.
The computers in question were used by healthcare providers, employees, and contractors. Due to the length of time the computers were infected, it is not even possible to ascertain the data that may have been exposed and copied. Patient health information was entered, Social security numbers, health insurance information and other highly sensitive Protected Health Information. Providers would have entered their Drug Enforcement Administration numbers, state license numbers, National Provider Identifiers and other sensitive data.
Employees who logged into healthcare systems using the computers, could have had their login credentials recorded. Access to web services similarly would have involved credentials being compromised.
Such an extensive, long term keylogging malware infection could place many patients at risk of suffering identity theft or fraud, and physicians could have their identities stolen. Criminals could have used the data to commit medical fraud, insurance fraud or file false tax returns. The fallout from this cyberattack could therefore be considerable, and may cost the hospital dearly.
The danger of keylogging malware
Once keylogging malware has been installed on a computer, any data entered via the keyboard can be recorded. That information is then exfiltrated to a hacker’s server until communications with unauthorized IP addresses is blocked. In the case of the hospital, the malware was only discovered after a tip-off was received by the FBI. Agents had noticed suspicious communications between the hospital and third party servers. When the alert was issued and a security audit performed, a number of computers were discovered to have been infected.
Even when cybersecurity protections are installed, it is unfortunately all too easy for these to be bypassed. All it takes is for one user to inadvertently install malware. In the majority of cases, this action will not be noticed by the person responsible. No warning is issued about a potential infection and no flags raised by anti-virus software.
How are keyloggers installed on computers?
How can a hospital that has invested in cybersecurity defenses be attacked and fail to notice for three years? If regular scans of the hospital’s computers had been conducted, the infections may have been identified sooner. However, not all keylogging malware is easy to detect. Hackers are developing ever more sophisticated malware that is capable of evading detection.
There are a number of ways the malware could have been installed without being detected by anti-virus and anti-malware software. Since multiple computers were infected, it suggests that either an insider had installed the keylogging malware on multiple machines, via a USB for instance, or that multiple members of staff had fallen for a phishing campaign.
Phishing emails are sent out in the millions in the hope that some individuals will respond and download malware. Multiple infections suggest that an organization has been targeted using spear phishing emails. These are emails that are sent to a particular group of individuals within an organization. The subjects are researched and links to malicious websites are sent that are likely to entice the users to click. They are then directed to websites containing malicious code that installs files on their computers. Keylogging malware can also be installed via infected email attachments.
By targeting users, hackers and other cybercriminals are able to bypass robust security controls. Users are the weakest link, and it is far easier to target them than break through multi-million-dollar security defenses.
Cost-effective protection against phishing emails and malicious websites
There are two cost-effective solutions that can prevent staff members falling for phishing campaigns that install keylogging malware. The first works by ensuring phishing emails are never delivered to an organization’s employees. If the emails are blocked and are not delivered, they will not be able to respond. A powerful anti-spam solution will catch the vast majority of spam and phishing emails. In the case of SpamTitan, over 99.7% of spam emails will be captured.
Since hackers and spammers are constantly changing their tactics, and new malware is continually being developed, it is not possible for all spam emails to be captured 100% of the time. Occasionally, even the most powerful Anti-Spam software will miss the occasional email.
To ensure staff members do not respond to a request to visit a malicious website or open a malware-infected email attachment, it is essential to provide training. Training will help end users to identify the occasional spam email that sneaks past a spam filter.
An anti-spam solution will not prevent a user from clicking on a social media link to a malicious website. Ad networks can similarly contain links to malicious sites. Clicking on one of those links could result in keylogging malware being downloaded.
The second cost-effective solution to offer protection from phishing websites is web filtering software. A web filter can be implemented that will prevent adverts from being displayed or potentially harmful websites from being visited. WebTitan offers these protections and will keep end users safe when surfing the Internet. If end users cannot visit phishing websites and other dangerous sites, they will be prevented from inadvertently installing malware.
Alongside other cybersecurity protections, and the development of internal policies covering internet and email usage, organizations can reduce the probability that a cyberattack will be successful. If regular malware and virus scans are also conducted, when computers are infected, the severity of the security breach will be reduced.
