Aug 31, 2017 | Cybersecurity News, Internet Security News, Web Filtering
Earlier this year, the NeutrinoPOS banking Trojan source code was leaked, leading to several new variants of malware being created, the latest being Jimmy Nukebot. In contrast to its predecessor, which was used to steal bank card information, the latest version has lost that functionality.
However, Jimmy Nukebot can perform a wide range of malicious functions, serving as a downloader for a wide range of malicious payloads. The malware also acts as a backdoor which will allow the actors behind the new malware to monitor activity an infected device.
Security researchers at Kaspersky Lab have analysed Jimmy Nukebot infections and have seen the malware download a wide range of modules including Monero cryptocurrency mining malware, web-injects similar to those used in NeutrinoPOS, and various other modules that modify the functions of the malware. The malware can take screenshots of an infected device and exfiltrate data and could download any malicious payload onto an infected device.
Publication of the source code of malware results in an increase in its popularity. With the malware used in more attacks, the probability of it being detected is much higher. In order to evade detection, considerable modification to the malware is required. This could well be the reason why so many changes have been made to the latest iteration. The authors of Jimmy Nukebot took the original source code of the NeutrinoPOS banking Trojan and totally restructured the malware. The way the new malware has been constructed also makes static analysis much more complicated.
The new features of the malware make it a formidable threat. Jimmy Nukebot is able to learn about the system on which it is installed and use that information for exploitation, tailoring the payload it delivers based on its environment rather than performing a pre-set malicious activity immediately upon infection.
Since the malware passively collects information and responds accordingly, it is unlikely to trigger AV alerts and may remain undetected. Organizations that have the malware installed are therefore unlikely to be aware that their systems have been compromised.
Protecting against threats such as this requires advanced malware defences, although as with most malware infections, they occur as a result of the actions of end users such as opening infected email attachments, clicking hyperlinks in emails or visiting websites that silently download malware.
Improving security awareness of employees will go a long way toward preventing malware from being installed. Coupled with an advanced spam filter to block email-based threats, a web filter to block redirects to exploit kits, regular patching, the enforced use of strong passwords, and advanced anti-malware technology, organisations can protect themselves against malware threats.
Aug 31, 2017 | Cybersecurity News, Internet Security News
Downloading apps from non-official sources potentially places users at risk, but Google Play Store malware infected apps do exist. Google has controls in place to prevent malicious apps from being uploaded to its app store, but those controls are not always 100% effective. Choosing to download apps only from official stores is no guarantee that the apps will be free from malware.
Security researchers recently discovered around 300 apps offered through the Google Play store that appear to be legitimate programs, yet are infected with malware that add infected devices to a large botnet. The botnet was being used to launch distributed denial of service attacks (DDoS) on websites.
The botnet, dubbed WireX, comprises of tens of thousands of Android devices that are being used in highly damaging cyberattacks. Devices started to be infected in early July, with a steady rise in additions over the following weeks. Even though numbers of compromised devices grew steadily in July, the botnet was only discovered in early August when the WireX botnet started to be used in small scale DDoS attacks.
Since then, larger attacks have taken place, mostly targeting the hospitality sector. Those attacks have clogged websites with junk traffic preventing legitimate users from accessing the sites. Some of WireX DDoS attacks involved as many as 160,000 unique IPs. Since devices could conceivably be used to attack websites with multiple addresses, the size of the botnet has been estimated to be around 70,000 devices.
The growth of the botnet was soon attributed to malicious apps, with researchers discovering around 300 Google Play Store malware infected apps. Google has now disabled those apps and is in the process of removing them from devices.
The apps included video players, battery boosters, file managers and ringtones. The apps were not simply malware, as users would undoubtedly attempt to delete the apps if they failed to perform their advertised functions. The apps all worked and users who downloaded the apps were unaware that their devices were being used for malicious purposes. The malware used a ‘headless browser’ which was able to perform the functions of a standard browser, without displaying any information to the user allowing the actors behind the malware to operate undetected.
When the devices were needed for DDoS attacks, they would receive commands from their C2 server to attack specific websites.
Multiple security vendors including Akamai, RiskIQ, Flashpoint and Cloudflare collaborated and succeeded in taking down the WireX botnet. Without that collaboration, the botnet would still be active today and may not have been detected.
Aug 24, 2017 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Network Security, Web Filtering
The Neptune Exploit kit is being used to turn computers into cryptocurrency miners, with traffic directed to the exploit kit using a hiking-themed malvertising campaign.
Exploit kit activity has fallen this year, although these web-based attacks still pose a significant threat. Exploit kits are web-based toolkits that probe browsers and plugins for vulnerabilities that can be exploited to download malware. Simply visiting a website hosting an exploit kit is all it takes for malware to be silently downloaded.
Protecting against exploit kit attacks requires browsers, plugins and extensions to be kept 100% up to date. However, even updated browsers can be vulnerable. Exploit kits can also include exploits for zero-day vulnerabilities that have not yet been patched.
Acceptable usage policies can help organizations to prevent exploit kit attacks, although website visitors are often redirected to malicious sites from legitimate websites. One of the main ways this happens is the use of malvetisements. Many high traffic websites include advertising blocks that display third-party adverts. The advertising networks serve adverts which are displayed on member sites, with the site owners earning money from ad impressions and click throughs.
While the advertising networks have measures in place to vet advertisers, oftentimes cybercriminals succeed in submitting malicious adverts. Those adverts are then pushed out and displayed on legitimate websites. Clicking one of those malicious adverts will see the user directed to a webpage hosting the exploit kit.
Exploit kits are used to download Trojans, ransomware and other malicious code, although the Neptune exploit kit is being used to download cryptocurrency miners. Infection will see computers’ processing power used to mine the Monero cryptocurrency. Infection will result in the infected computer’s resources being hogged, slowing down the performance of the machine.
The latest Neptune exploit kit campaign uses hiking club-related adverts to drive traffic to landing pages hosting the Neptune exploit kit, which in turn uses HTML and Flash exploits to download malware. These adverts closely mimic genuine domains. FireEye reports that one such campaign mimics the genuine website highspirittreks[.]com using the domain highspirittreks[.]club. Other campaigns offer a service to convert Youtube videos to MP3 files. The imageryused in the adverts is professional and the malvertising campaigns are likely to fool many web surfers.
The exploits used in the latest campaign are all old, therefore, protecting against attacks simply requires plugins and browsers to be updated. The main exploits take advantage of flaws in Internet Explorer – CVE-2016-0189, CVE-2015-2419, CVE-2014-6332 – and Adobe Flash – CVE-2015-8651, CVE-2015-7645.
Having a computer turned into a cryptocurrency miner may not be the worst attack scenario, although exploit kits can rapidly switch their payload. Other exploit kits are being used to deliver far more damaging malware, which will be downloaded silently without the user’s knowledge. Consequently, organizations should take precautions.
In addition to prompt patching and updating of software, organizations can improve their defences against exploit kits by implementing a web filtering solution such as WebTitan.
WebTitan can be configured to block all known malicious sites where drive-by downloads take place and can prevent malvertisements from directing end users to webpages hosting these malicious toolkits.
To find out more about WebTitan and how it can improve your organization’s security posture, contact the TitanHQ team today.
Aug 23, 2017 | Cybersecurity Advice, Cybersecurity News, Internet Privacy, Internet Security News, Network Security, Web Filtering
India’s Central Board of Secondary Education is urging all CBSE affiliated schools to take action to improve safety for students, including implementing school web filtering technology to keep students safe online.
The Internet is home to an extensive range of potentially harmful material that can have a major impact on young developing minds. Parents can take action to keep their children safe at home by using parental control filters. However, students must receive similar or greater levels of protection while at school.
School web filtering technology can prevent students from deliberately or accidentally viewing obscene material such as pornography, child pornography or images of child abuse and other categories of potentially harmful website content. CBSE has warned school boards that when students access this material it is “detrimental to themselves, their peers and the value system.” School web filtering technology should also be implemented to prevent students from engaging in illegal activities online via school IT devices.
CBSE affiliates schools have been advised to develop guidelines for safe Internet use and make this information available to students and display the rules prominently. However, without school web filtering technology, these policies would be easy to ignore. A technological solution ensures students wishing to engage in illegal activities online, or view harmful website content, will be prevented from doing so.
Prevention is only one aspect of Internet control. Schools should also set up a monitoring system to discover when individuals are attempting to bypass Internet usage policies. A web filtering solution should therefore have the capability to generate reports of attempted accessing of prohibited material to allow schools to take action. Schools have also been advised to sensitize parents about safety norms and even go as far as suggesting disciplinary action be taken when children are discovered to have attempted to access inappropriate material.
While many school systems around the world have implemented school web filtering technology, CBSE is advising affiliated schools in India to go one step further and restrict Internet content by age groups. Schools should set filtering controls by user groups and restrict access to age-inappropriate websites. Web filtering solutions such as WebTitan allows controls to be easily set for different user groups. The solution can be used to set separate filtering controls for staff and students of differing ages with ease.
Other Internet controls that have been suggested include the rapid blocking usernames/passwords when children leave school, using antivirus solutions to reduce the risk of malware infections, using firewalls to prevent cyberattacks and the theft of children’s sensitive information, and for staff to avoid posting images and videos of their students online.
School Web Filtering Technology from TitanHQ
The benefits of implementing school web filtering technology are clear, but choosing the most cost-effective controls can be a challenge. Appliance based web filters involve a significant initial cost, there is ongoing maintenance to consider, the need for on-site IT support in many cases, and as the number of Internet users increases, hardware upgrades may be necessary.
TitanHQ offers a more cost-effective and easy to manage solution – The 100% cloud-based web filter, WebTitan. WebTitan Cloud and WebTitan Cloud for WiFi make filtering the Internet a quick and easy process. To start filtering the Internet and protecting students from harmful web content, all that is required is to point your DNS to WebTitan. Once that simple change has been made you can be filtering the Internet in minutes.
Both solutions can be easily configured to block different categories of website content, such as pornography, file sharing websites, gambling and gaming websites and other undesirable website content. The solutions support blacklists, allowing phishing and malware-infected sites to be easily blocked along with all webpages identified by the Internet Watch Foundation as containing images of child abuse and child pornography.
These powerful web filtering solutions require no software updates or patching. All updates are handled by TitanHQ. Once acceptable Internet usage policies have been set via the intuitive web-based control panel, maintenance only requires occasional updates such as adding legitimate webpages to whitelists. Even blacklists are updated automatically.
WebTitan also supports remote learning. All students’ devices can be protected while connected to a school’s wired or wireless network. To extend protection beyond the school gates, a WebTitan On-The-Go (OTG) roaming agent can be installed on devices. This will ensure that the content filtering policy will apply no matter where that device connects to the Internet.
If you are keen to implement school web filtering technology for the first time or are unhappy with your current provider, contact the TitanHQ team today and register for your no-obligation Free Trial and see the benefits of WebTitan for yourself before making a decision about a purchase.
Aug 16, 2017 | Web Filtering
Internet filtering laws in the United States are mostly introduced at the state level, although federal legislation has been introduced for schools and libraries – The Children’s Internet Protection Act (CIPA).
Typically, Internet filtering laws in the United States are concerned with protecting minors. Laws apply to schools and libraries, although some states also require publicly funded institutions to apply controls to block the accessing of pornography, obscene and other harmful material by minors.
However, legislation is now being considered to force vendors or suppliers of Internet-enabled devices to implement Internet filtering technology by default. The aim is not to prevent adults from accessing pornographic material on their personal devices, only to ensure that there are some controls in place. That means all vendors/suppliers of Internet-enabled devices will be required to implement a web filtering control, with the new device owners required to opt in if they wish to view pornography. Opting in must be done in writing and requires proof of age.
Consumers will also be required to pay a fee to have the Internet filtering software removed. In South Carolina, legislation has been proposed that would require consumers to pay $20 to have the pornography block removed. The legislation was filed with the South Carolina General Assembly in December 2016. Similar legislation was also proposed in Utah in 2016.
Federal Internet Filtering Laws in the United States
At the federal level, all schools and libraries are required to comply with CIPA and implement web filters to prevent minors from accessing obscene material, pornographic images, images of child abuse, and other potentially harmful material if they wish to apply for discounts under the E-rate program or accept Library Services and Technology Act grants. If organizations choose not to apply for those grants or receive E-rate discounts, Internet filtering laws in the United States do not apply, at least at the federal level.
State-Level Legislation on Internet Controls
Internet filtering laws in the United States are applied at the state level and usually concern K12 schools and public libraries. Not all states require Internet filters to be applied. Some only require policies to be introduced to restrict access.
Individual states that have introduced legislation requiring schools and libraries to implement web filters or policies to control the content that can be accessed by minors are summarized in the table below. Since state laws often change, it is strongly advisable to consult your state department for updates to state legislation.
When policies are required to control access, schools and libraries may prefer to use a software or cloud-based solution to provide a greater level of protection. State laws are only concerned with ensuring the minimum level of Internet safety for minors when venturing online.
Quick Reference Guide Detailing U.S. States with Internet Filtering Laws (2017)
| State |
Schools |
Libraries |
| Arizona |
Yes (Technology) |
Yes (Technology or policies) |
| Arkansas |
Yes (Policies) |
Yes (Policies) |
| California |
No |
Yes (Policies) |
| Colorado |
Yes (Policies) |
Yes (Policies) |
| Delaware |
No |
Yes (Policies) |
| Georgia |
Yes (Policies) |
Yes (Policies) |
| Idaho |
Yes (Policies and Technology) |
Yes (Policies) |
| Indiana |
No |
Yes (Policies) |
| Iowa |
No |
Yes (Policies)* |
| Kansas |
Yes (Technology) |
Yes (Technology) |
| Kentucky |
Yes (Policies) |
Yes (Policies) |
| Louisiana |
Yes (Policies) |
No |
| Maryland |
No |
Yes (Policies) |
| Massachusetts |
Yes (Policies or Technology) |
No (Policies or Technology) |
| Michigan |
No |
Yes (Technology) |
| Minnesota |
No |
Yes (Technology)** |
| Missouri |
Yes (Technology) |
Yes (Technology) |
| New Hampshire |
Yes (Policies) |
No (Policies) |
| New York |
No |
Yes (Policies) |
| Ohio |
Yes (Technology)*** |
No |
| Pennsylvania |
Yes (Technology) |
Yes (Technology) |
| Rhode Island |
Yes (Policies) |
No |
| South Carolina |
Yes (Policies) |
No (Under evaluation) |
| South Dakota |
Yes (Policies or Technology) |
No |
| Tennessee |
Yes (Policies) |
No |
| Utah |
Yes (Policies) |
Yes (Policies or Technology) |
| Virginia |
Yes (Technology) |
Yes (Policies) |
* Libraries that apply for and receive funding through the Enrich Iowa Program
** Public libraries receiving state funding must also apply filtering controls to prevent adults from accessing obscene material including child pornography.
*** Home schooled students must also be provided with a filtering device or service
The following states have introduced legislation that requires Internet service providers to offer web filtering services to allow state residents to protect children from accessing potential harmful website content
- Louisiana
- Maryland
- Nevada
- Texas
- Utah
Disclaimer
Internet filtering laws in the United States are subject to change. The Internet filtering laws in the United States detailed on this page are for information purposes only. Schools and libraries should consult their state/education departments for details of the laws that apply in their state.
Aug 11, 2017 | Cybersecurity Advice
Law firm hacking incidents are up and recent attacks have shown cybersecurity best practices for law firms are not being adhered to. Unless cybersecurity defenses are improved, it is too easy for hackers to gain access to sensitive data.
Cybercriminals have their sights firmly set on lawyers, or more specifically, the treasure trove of highly sensitive data stored on their computers and networks. Data that in the wrong hands could be used for blackmail.
Clients share highly sensitive information with their legal teams. Lawyers store company secrets, employment contracts and PII, banking details, financial projections, medical records, and naturally information about current and future lawsuits. All of this information is highly valuable to hackers and can be used for blackmail, sold to competitors, or used for all manner of nefarious purposes. It is therefore no surprise that hackers want to attack law firms and that they are increasingly doing just that.
Cyberattacks are not only about stealing data. It can also be lucrative to prevent lawyers from gaining access to their clients’ files. Ransomware attacks on law firms can result in sizable payments for the keys to unlock the encryption.
For the most part, malware and ransomware attacks on law firms are entirely preventable. Simply adopting standard cybersecurity best practices for law firms will prevent the majority of attacks.
One recent ransomware attack on a Providence law firm resulted in a ransom payment of $25,000 being made to the attackers to regain access to the firm’s data. The incident is also a good example of how damaging those attacks can be. Even though payment was made, the law firm lost access to its files for three months, essentially preventing the firm from conducting any business. Lost billings alone cost the firm around $700,000.
Malware and ransomware attacks on law firms are common, although they are underreported for obvious reasons. One incident that was covered in the press was the malware attack on DLA Piper. The attack involved NotPetya, the wiper malware that caused chaos for many organizations around the globe in June. DLA Piper lost access to its data causing huge losses. Losses that are likely to be in the millions.
Part of the problem, especially for smaller law firms, is the high cost of cybersecurity protections. Many law firms simply do not have the budget to cover the cost. They cannot afford to hire skilled cybersecurity professionals to protect their computers and networks, scan for security vulnerabilities and patch and update software. However, the good news is that adopting standard cybersecurity best practices for law firms does not cost big bucks, but it will help firms improve their security posture.
The DLA Piper cyberattack shows that it is not only small law firms that are not following cybersecurity best practices for law firms. Microsoft issued a patch to fix the vulnerability that was exploited by both WannaCry and NotPetya more than two months before the attacks occurred. If the firm had patched promptly, the attack would have been prevented.
Protecting against all cyberattacks is not straightforward, especially with the number of connected devices now used by law firms. However, by adopting the cybersecurity best practices for law firms below and it is possible to reduce risk to an acceptable level.
Cybersecurity Best Practices for Law Firms
Adopting these cybersecurity best practices for law firms will make it harder for hackers to break through defenses and for simple errors to result in costly data breaches.
- Conduct weekly checks of all software to ensure the latest versions are installed and check for patches and apply them promptly
- Ensure that ALL sensitive data is backed up using the 3-2-1 approach. 3 copies of data, on two types of media, with one copy stored securely off site
- Ensure all staff undergo security awareness training covering phishing, social engineering and other threats
- Develop a password policy that requires the use of strong passwords. Enforce password changes regularly
- Consider encryption for all sensitive data
- Use two-factor authentication
- Use an advanced spam filtering solution to reduce spam and block malicious messages
- Employ a next-generation firewall
- Ensure all computers are running supported operating systems and are set to update automatically
- Implement a web filtering solution to block access to all sites known to host malware and exploit kits and to block links to phishing websites
- Develop a data breach response plan – When a breach occurs, fast action can greatly reduce the damage caused
- Engage the services of a third-party security firm to conduct risk analyses to identify vulnerabilities and perform penetration tests
- Consider outsourcing cybersecurity to a managed service provider that will ensure systems, software and security are effectively managed and all vulnerabilities are addressed
- Consider cybersecurity insurance – Only 23% of law firms have purchased cybersecurity insurance according to Logicforce.
