Web Filtering
by G Hunt |
March 10, 2016 |
Cybersecurity Advice
Ransomware is not new; however, cybercriminals have been using the malicious software with increased frequency in recent months as a sure fire way of generating income. It is now essential to protect networks from ransomware due to the increased risk of attack. What Is Ransomware? Ransomware can be considered to be rogue security software. It uses the same encryption that companies are advised to use to protect their data from cyberattackers. It encrypts files to prevent them from being used or accessed. Encrypted files can only be unlocked with a security key. Attackers lock data and demand a ransom to provide the security key. Without the key, the files will remain locked forever. It is therefore important for organizations to take steps to protect networks from ransomware. The threat of attack is increasing and failure to take proactive steps to reduce risk could prove costly. Why are Ransomware Infections Increasing? Malware can be used to record keystrokes and gain login credentials to access bank accounts, or to create botnets that can be sold as a service. Corporate secrets can be sold to the highest bidder, or Social Security numbers, names, and dates of birth stolen and sold on to identity thieves. However, attacks of this nature take time and effort. Ransomware on the other hand gives criminals the opportunity to make a quick buck. Several hundred of them in fact. If a cybercriminal can infect a single machine with ransomware and lock that device, a ransom of between $300 to $500 can be demanded. The ransom must be paid using the virtually anonymous Bitcoin currency. Bitcoin can be bought, sold, traded, and spent without having to disclose any identifying information. Cybercriminals are able to demand ransoms with reasonable certainty that they will not be caught. Ransomware-as-a-service is being offered on underground networks, meaning cybercriminals do not need to be skilled hackers or programmers. For a payment of between 5% to 20% of the profits and a nominal download fee, criminals are able to use the malware to generate a significant income. Ransomware is lucrative. One of the most sophisticated strains of ransomware, CryptoWall, has been...
by G Hunt |
March 5, 2016 |
Cybersecurity News
As if IT security professionals didn’t have enough to worry about, Skycure has uncovered a new accessibility clickjacking proof of concept malware that could be used to spy on corporate and personal emails, as well as steal corporate data stored on mobile devices. The malware could be used to spy on all activity on an infected device, from recording emails composed via Gmail to details entered into website forms, mobile banking apps, corporate CRM systems, or messaging apps. In contrast to many mobile malware, this form does not require rooting the device and does not need many app permissions. The footprint left by the malware is incredibility difficult to identify and the user is unlikely to be aware that their device has been compromised. Clickjacking, also known as a UI redress attack, is the act of fooling a user into clicking on a hyperlink that is hidden in an interface underneath seemingly legitimate content. A user could be playing a mobile game and clicking on parts of the screen, yet unbeknown to them, would also be giving authorizations to a malicious mobile application. That could include any number of permissions, or could be used to authorize a download of malware onto the device. A typical example of clickjacking is where an attacker uses a fake X button which the user clicks to close an advert. If the X also closes a dialog box or an advert, the user is unlikely to be aware that anything untoward has occurred. Yet that X could also trigger a download or give a malicious app permission to access the microphone or all text entered on the device. Android 4.4 and Below Susceptible to Accessibility Clickjacking Accessibility clickjacking takes advantage of accessibility APIs, which were introduced in Android 1.6. The purpose of accessibility APIs is to make Android easier to use for people with disabilities, such as the visually impaired. The benefit is the APIs can perform a number of actions so the user doesn’t have to, but that is also the problem. These APIs have access to system-wide tools, and can interact with numerous interfaces. While these APIs are certainly beneficial, they are a potential security risk that can be exploited. The...
by G Hunt |
March 4, 2016 |
Cybersecurity News
Researchers at Kaspersky Lab say the recently discovered Android Triada Trojan is one of the most sophisticated Android malware variants yet to be discovered and that it rivals Windows-based malware for complexity. 6 out of 10 Android devices are estimated to be vulnerable to attack by the Triada Trojan. As if that is not bad enough, the malware runs silently and embeds itself in the Android system making it virtually impossible to detect. Nikita Buchka, a junior malware analyst at Kaspersky Lab, said “Once Triada is on a device, it penetrates almost all the running processes, and continues to exist in the memory only.” All of the processes remain hidden, both from the user and application. It has been discovered in the wild and has primarily been use to infect devices in Russia and Ukraine, suggesting that’s where its authors are based; although it has also been found in India and various other APAC countries. The malware is believed to infect devices via app downloads, in particular those downloaded from untrusted sources rather than the Google Play store. That said, in some cases infected apps have been found in Google Play app store. Kaspersky Lab researchers say the malware has been developed by “very professional” cybercriminals and suggest the developers are extremely experienced hackers with a deep understanding of the Android platform. Triada Trojan Capable of Monitoring All Phone Activity The Triada Trojan is capable of gaining access to all apps running on an infected device and can change the code of the app and monitor all activities on the phone. The malware can intercept SMS messages and reroute them, which is how the researchers believe the malware will make its developers money. They say the malware is likely being used to reroute in-app purchases and direct the funds to the attackers’ accounts. Not only is the Triada Trojan almost impossible to detect with the majority of Android anti-virus and anti-malware programs, even if it is detected, removing the Triada Trojan from an infected device is exceptionally difficult. Standard removal techniques will not succeed in ridding the device of all elements of the Triada Trojan. To disinfect an...
by G Hunt |
March 3, 2016 |
Cybersecurity News
A new report released by the Ponemon Institute suggests data breaches caused by mobile devices are not as rare as previously thought. Last year, Verizon released a data breach report suggesting that while mobile malware is increasing, it is not yet a major threat for attacks on organizations. Attacks are conducted, but they tend to target individuals. Are Corporate Data Breaches Caused by Mobile Devices? Verizon determined that only 1% of data breaches use mobile devices as an attack vector. The Ponemon report suggests the figure is far higher, with 67% of respondents claiming the use of mobile devices by employees was certain or likely to have resulted in a beach of sensitive corporate data. The Ponemon study, which was commissioned by security firm Lookout, set out to cast some light on enterprise mobile security risk. 588 IT security professionals employed by Global 2000 companies in the United States were asked about the threat from mobile devices. The report suggests there is a disconnect between IT departments and employees when it comes to the data that can be accessed using mobile devices. Many IT departments have implemented controls to limit data access via BYOD or corporate devices. However, employees still appear to be able to access corporate data none the less The study found significant discrepancies between the data IT departments said could be accessed, and the responses provided by employees. For instance, when both groups were asked about whether confidential or classified documents could be accessed, 33% of employees said access was possible compared to just 8% of IT security professionals. 19% of IT security professionals said mobile devices could not be used to access customer data, yet 43% of employees said the data were accessible via their mobiles. IT departments must therefore implement better controls to ensure mobile devices cannot be used to access sensitive data, or employees must be trained on the potential risks from using their mobile devices. Policies would also need to be developed to dictate what mobile devices can and cannot be used for. The Average Infected Mobile Device Costs Organizations $9,485 The report also looked...
by G Hunt |
February 25, 2016 |
Cybersecurity News
The source code of a nasty Android banking malware has been leaked via underground forums by an individual who appears to have purchased the malware from the developers. The malware is known by many names, although GM Bot is one of the most common. Others include Slempo, Bankosy, Acecard, and MazarBot. The code, which was encrypted, was posted on an underground forum and the poster said he would be willing to supply the password to decrypt the file to anyone who asked him, provided they were active members of the forum. He appears to have made good on the offer, although someone else appears to have distributed the password to other individuals. With a number of individuals now in possession of the decrypted file, more attacks using GM Bot can be expected. The source code was previously being sold for $500 via banking The malware family works using activity hijacking and can be used to attack users of Android 4.4 and below. The malware cannot be used on versions 5 and above, although that does mean that 65% of devices currently in use are susceptible GM Bot android banking malware attacks. Android Devices Running KitKat and Below Susceptible to The Android Banking Malware Activity hijacking is a technique used to log activities performed on a compromised device. In the case of this Android banking malware, it is used to record the login credentials entered into mobile banking apps. The user of a compromised device launches a banking app and enters their credentials; however, the malware uses an overlay above the actual app and all input is recorded and transmitted to the hacker. This Android banking malware is also able to intercept SMS messages, enabling the hackers to hijack authentication codes sent to the user’s device. The malware can also forward phone calls allowing hackers to bypass other security protections used by banks. Data can also be deleted from a compromised device, and it can also capture data entered via websites via the Chrome browser. This Android banking malware is also known to lock users’ devices giving attackers the time they need to pull off banking fraud. Security experts are predicting a wave of new attacks using GM Bot, but since...
by G Hunt |
February 24, 2016 |
Cybersecurity News
Security vulnerabilities in wireless devices can be exploited by hackers, but what about mousejacking wireless mice and hijacking wireless keyboards? According to a team of security researchers at Bastille, an IoT security start-up, the devices can be hijacked and used by hackers to steal data or compromise a network. Furthermore, in many cases the devices can be hijacked from up to 330 feet away. That’s far enough away for a hacker to be able to sit in his or her car outside a building and force a user to download malware. All a hacker is likely to need is about $15 of very readily accessible hardware say the researchers. Mousejacking – A New Concern for Security Professionals Bastille’s researchers looked at wireless mice and keyboards from major device manufacturers such as Logitech, Microsoft, Lenovo, HP, and Gigabyte. Since alerting the manufacturers to the risk of mousejacking and keyboard-jacking, some have released patches to address the vulnerabilities. For others, no patches have yet been developed leaving the devices vulnerable to attack. The problem does not appear to affect Bluetooth devices, but all other mice and keyboards that use a wireless dongle are potentially vulnerable. With basic hardware, including a software-defined radio, a hacker could scan for the frequencies used by wireless devices and identify targets. Once a target was identified, forged packets could be transmitted to the address of the target. While traffic sent between a wireless keyboard or mouse and the device’s dongle is encrypted, the dongle can still accept unencrypted commands, provided those keystrokes or clicks appear to come from its accompanying wireless mouse or keyboard. The researchers were able to inject keystrokes by sending unencrypted packets via the dongle that pairs with its wireless device. Mousejacking could potentially be used to download malware onto devices, although Bastille software engineer Marc Newlin has hypothesized that the flaw could be used by a hacker to set up a wireless hotspot on the device. That hotspot could then be used to exfiltrate data, even in the absence of a network connection. A command window could also be opened on the device...
by G Hunt |
February 22, 2016 |
Cybersecurity News
A hacker has compromised the official Linux Mint website and has linked the official Linux Mint ISO to a modified version hosted on a server in Bulgaria. The modified ISO contains malware that will allow the hackers to take control of the machines on which Linux Mint is installed. The Linux Mint cyberattack has impacted all individuals who downloaded the ISO on 20th February. The ISO included an IRC backdoor that will allow attackers access to all infected systems. The Linux Mint ISO hack was achieved by modifying a PHP script on the WordPress installation used on the site. The Linux/Tsunami-A malware connects to an IRC server and can receive instructions from the hacker behind the attack. The machine on which the malware is installed could be used as part of a DDoS attack, or the machine could have further malware downloaded to it. The backdoor had been installed in the 64-bit version of the Linux Mint 17.3 Cinnamon edition. While the 32-bit version does not appear to show any sign of an infection, the hacker responsible appears to have been attempting to install a backdoor in that ISO as well, as that file was also stored on the attacker’s server. The hacker responsible was reportedly trying to construct a botnet, although Mint Protect Leader Clement Lefebvre has said that the intentions of the hacker are not fully understood. The names of three individuals who are believed to be involved in the Linux Mint cyberattack have been obtained by Lefebvre’s team. They are associated with the website on which the modified ISO was hosted, although it is not clear at this stage whether an investigation into those individuals will be launched. That will depend on whether any further action is taken by the hacker, according to a blog post by Lefebvre. Linux Mint Cyberattack Compromised 71,000 User Accounts In addition to linking to a modified version of the ISO file, the forum database on the Linux website has also been compromised. The account details of all 71,000 individuals registered on the forum have been exposed. That database has been listed for sale for a reported 0.197 Bitcoin according to ZDNet. Fortunately, the Linux Mint cyberattack was discovered quickly...
by G Hunt |
February 21, 2016 |
Cybersecurity Advice
Nothing is certain in life apart from death and taxes, apart from tax season phishing scams which have started particularly early this year. Inboxes are already being flooded with phishing emails as cybercriminals attempt to file tax returns early. Not their own tax returns of course, but fraudulent claims on behalf of any email recipient who divulges their Social Security number and personal data to the scammers. Tax season phishing emails are sent out in the millions in the run up to the April 15, deadline. If a tax refund can be submitted before the victim, the criminals will receive the refund check. How to Spot Tax Season Phishing Scams Each year tax fraudsters develop new and ever more convincing phishing scams to get taxpayers to divulge their personal data and Social Security numbers. With these data, fraudsters can submit fake tax returns in the names of the victims. While phishing emails can be easy to spot in some cases, the fraudsters are now getting much better at crafting official looking emails that appear to have been set from the IRS. The emails use the same language that one would expect the IRS to use and the email templates use official logos. The emails contain links that have been masked to make the email recipient think they are being taken to an official website. Clicking on the link will fire up a browser window and the soon-to-be-victim will be taken to a website that looks official. Visitors will be asked to update their personal information, add their Social Security number, or even be requested to divulge their Self-Select PIN for the online tax portal. Divulging these data is almost certain to result in tax fraud. Tax Season Phishing Emails Are A Growing Concern Taxpayers have been warned to be ultra-cautious. More tax season phishing scams have been identified this year than in previous years, with tax-related phishing and malware scams up 400% year on year. IRS Commissioner John Koskinen warned that “Criminals are constantly looking for new ways to trick you out of your personal financial information so be extremely cautious about opening strange emails.” Tax season phishing scams are not only conducted via...
by G Hunt |
February 19, 2016 |
Cybersecurity News
Palo Alto Networks has announced the discovery of the Xbot Trojan; a new mobile security threat targeting users of Android Smartphones. Not only will the malware steal banking usernames and passwords, but it can also lock users’ devices and demand a ransom to unlock them. The new family of dual action malware acts as both a Trojan and ransomware, and is a double whammy for anyone who inadvertently downloads it to their Android phone. Xbot Trojan Family Capable of Multiple Acts of Maliciousness The new Xbot Trojan, which is believed to be of Russian origin, is capable of phishing for bank account information, targeting specific banking apps and conducting phishing attacks on users of Google Play. It displays fake notifications using the Google Play logo asking users to add in payment information, mimicking that used by the official Google Play app. Clicking on the notification will download a webpage asking users to enter their credit card number, expiry date, CVV number as well as the name of the card holder, their registered address, phone number, and a verified by via number or Mastercard SecureCode. The Xbot Trojan is also capable of intercepting two-factor authorization SMS messages. So far, Palo Alto has discovered fake webpages used by the malware to target customers of 7 different Australian banks, with the login interfaces closely mimicking those used by the legitimate apps. Users are asked to enter in their ID numbers and passwords. The malware does not compromise the legitimite banking apps, only mimics their interfaces. The C2 contacted by the malware can decide which faked app webpage to display, so it could easily be adapted to target other banks in other countries. Additionally, the Xbot Trojan is capable of encrypting the device on which it is installed. It displays an interface using WebView suggesting the device has been locked with CryptoLocker, and demands a ransom of $100 to unlock the device. The ransom must be paid via PayPal MoneyCash Card within 5 days. While the interface says that the user has no alternative but to pay the ransom to unlock the encrypted files, the encryption used is not particularly robust and files could potentially...
by G Hunt |
February 17, 2016 |
Cybersecurity News
A Google engineer has accidentally discovered a critical glibc security vulnerability that has existed since 2008. After committing several hours to hacking the vulnerability, Google engineers managed to come up with a fully working exploit that could be used to remotely control Linux devices. The glibc security vulnerability has been compared to the Shellshock security vulnerability uncovered in 2014 due to sheer number of hardware devices and apps that could potentially be affected. The security vulnerability came as a surprise to Google engineers who were investigating an error in an SSH application which caused a segmentation fault when trying to access a specific web address. It was only after a detailed investigation that they discovered the fault lay with glibc. Maintainers of glibc were contacted and alerted to the security vulnerability, but as it turns out they were already aware of the issue. It had been reported in July 2015 but had not been rated as a priority. That said, when Google contacted Red Hat, they confirmed they too had discovered the flaw and were working on a patch. Linux Devices at Risk from Critical Glibc Security Vulnerability While Windows, OS X, and Android devices are unaffected by the glibc security vulnerability, hundreds of thousands of hardware devices could potentially be affected. The security flaw affects most distributions of Linux and thousands of applications that use GNU C Library source code. All versions of glibc above 2.9 are affected. The code is used for Linux distributions used for a wide range of hardware, including routers. The vulnerability is a buffer overflow bug in a function that performs domain lookups: getaddrinfo() If hackers managed to replicate Google’s exploit they would be able take advantage of the vulnerability and remotely execute malicious code. The security vulnerability could be exploited when unpatched devices make queries to domain names or domain name servers controlled by attackers. Google engineers have been working with Red Hat to develop a patch to address the vulnerability, and by combining knowledge of the vulnerability they have been able to develop a fix for the flaw, and a patch...
by G Hunt |
February 11, 2016 |
Cybersecurity Advice
One of the main priorities for IT professionals in 2016 is securing Wi-Fi hotspots. The use of unsecured public Wi-Fi is notoriously risky. Cybercriminals spy on the activity taking place at WiFi hotspots, and it is at these Internet access points is where many man-in-the-middle attacks take place. The Dangers of Unsecured WiFi Preventing employees from using personally owned and work devices on unsecured Wi-Fi networks is a major challenge, but one that must be met in order to keep work networks free from malware. When employees use smartphones, tablets, and laptops to connect to unsecured Wi-Fi networks, there is a high risk that those devices may be compromised. Hotspots are frequently used to deliver malware to unsuspecting website visitors, and malicious software can subsequently be transferred to work networks. With personally owned devices increasingly used for private and work purposes, the risk of a work network malware infection is particularly high. The risks associated with unsecured Internet access points are well known, yet people still tend to still engage in risky behavior when accessing the Internet via these wireless networks. In a rush to take advantage of free Internet access, basic security best practices are all too often ignored. Devices are allowed to connect to Wi-Fi hotspots automatically and Wi-Fi hotspots are not checked to find out if they are genuine or have been spoofed. Security Professionals Concerned About Employees’ Use of Unsecured WiFi Networks A recent survey conducted by the Cloud Security Alliance indicates security professionals are very concerned about the use of unsecured WiFi networks. The Cloud Security Alliance is a collective of security professionals, businesses, and privacy and security organizations that are committed to raising awareness of cybersecurity best practices. The organization recently conducted a survey and asked 210 security professionals their opinions on the top threats to mobile computing in 2016. 2010 member organizations were polled and more than 8 out of 10 respondents (81%) said that the threat from unsecured WiFi access points was very real, and was one of the biggest mobile security risks...
by G Hunt |
February 5, 2016 |
Cybersecurity Advice
Organizations running WiFi networks are facing attacks from all angles. Many companies are choosing to implement web filters for WiFi networks to help mitigate risk from the growing number of malware variants that are being used to attack businesses via their WiFi networks. A new report issued by Bilbao-based antivirus software developer Panda Security, has revealed the extent of the problem. Last year, over 84 million new malware samples were identified, which equates to 27% of all malware previously identified. The proliferation in malware has been attributed, in part, to the rise in use of antivirus software and the effectiveness of those software programs. When a new malware is discovered, antivirus signatures are updated and shared with all antivirus software developers. In a very short space of time, all AV engines will block a particular malware. Hackers have respondent by using software that modifies malware slightly, allowing hundreds or thousands of variants to be released. An increased number of malware variants are needed in order to get past antivirus software programs, as many AV engines are capable of detecting malware that has been modified slightly. The more variants are used, the higher the probability of malware getting past security software. When Panda was formed in 1990, the company was detecting approximately 100 new malware variants a day. Today 230,000 new samples are discovered every day, on average. Trojans are the most common malware form, with the full breakdown of new malware variants detailed below: Malware Type % of new malware discovered in 2015 Trojans 51.45% Viruses 22.79% Worms 13.22% PUPs 10.71% Spyware 1.83% Blocking Malware with a Web Filtering Solution Malware is installed on user devices via a variety of different vectors. Spam email is one of the most common methods of malware delivery, but fortunately, one of the most straightforward to block. A robust anti-spam solution can be used to block the vast majority (over 99.7%) of spam emails from being delivered. Training users how to recognize malware can help to ensure that any rogue emails that get past the filter will be identified and deleted before any damage is...
by G Hunt |
February 4, 2016 |
Cybersecurity News
Two highly serious Netgear NMS300 ProSafe security vulnerabilities have been discovered that could be exploited by hackers to gain control of servers running the software, and/or download any file on the server on which the software is running. The Netgear NMS300 ProSafe network management system is used by many companies to configure and monitor their network devices. Netgear NMS300 ProSafe is popular with small to medium size businesses as the software is free to use on fewer than 200 devices. Recently Agile Information Security researcher Pedro Ribero discovered two critical Netgear NMS300 ProSafe security vulnerabilities. Netgear NMS300 ProSafe Security Vulnerabilities One of the vulnerabilities (CVE-2016-1525) allows remote code execution by an unauthenticated user via the Netgear NMS300 web interface. A hacker would be able to exploit this security flaw and upload and run java files with full system privileges, potentially gaining full control of the server on which the software is being run. The NMS300 system is used to manage a wide range of networked devices such as routers, switches, network-storage devices, wireless access points and firewalls. Not only could this vulnerability allow the configuration of these devices to be changed, it would also permit an attacker to install firmware updates on those devices. The second vulnerability (CVE-2016-1524) discovered by Ribeiro is an arbitrary file download, that would permit an authenticated user to download any file stored on the server that is being used to run NMS300. These Netgear NMS300 ProSafe security vulnerabilities are particularly serious and at the present time there is no patch available to plug the security flaws. Users can improve protection and prevent the Netgear NMS300 ProSafe security vulnerabilities from being exploited by restricting access to the web interface with new firewall rules to limit access. Ribeiro recommends never exposing Netgear NMS300 to the Internet or untrusted networks. Both vulnerabilities affect Netgear NMS300 versions 1.5.0.11, 1.5.0.2, 1.4.0.17 and 1.1.0.13
by G Hunt |
January 29, 2016 |
Cybersecurity Advice
A new report released by data privacy and security group Morrison and Foerster indicates the main privacy and security concerns of customers. Don’t Ignore the Privacy and Security Concerns of Customers If you ignore the privacy and security concerns of customers it is likely to have a significant effect on your bottom line. A new report recently released by Morrison and Foerster suggests that consumers are even more concerned about their privacy than four years ago. Furthermore, many will take action if they feel their privacy is not protected. The survey indicates more than one in three consumers have switched companies they do business with due to privacy concerns, and one in five would switch after a breach of their personal data. The company conducted a survey on 900 U.S. consumers in November, 2015. 35% of respondents said they had taken the decision switch companies or not buy products as a result of privacy concerns. When it came to a breach of personal information, 22% of individuals said they had taken the decision to stop purchasing products or had switched services as a result. According to the report, more educated individuals and higher earners were the most likely to stop doing business with a company as a result of a data breach. 28% of respondents educated to college degree level or higher said they would make the switch after a data breach compared to 18% of individuals without a college degree. For the upper income bracket, 33% said they stopped buying as a result of a data breach. That figure fell to 28% for the middle income bracket, and 17% for the low income bracket. When the company conducted the survey back in 2011, 54% of consumers said that privacy concerns affected their decision to make a purchase. In 2015, 82% of consumers said that privacy concerns influenced their purchasing decisions. Companies are not perfect, but consumers are intolerant of data breaches In 2011, 16% of consumers believed no business was perfect, and were therefore likely to overlook privacy issues and data breaches, whereas in 2015 the figure had fallen to 9%. The greatest concern is now the risk of identity theft, with the percentage of individuals worried...
by G Hunt |
January 28, 2016 |
Cybersecurity News
Ask anyone to name a basic security protection to prevent hackers from gaining access to a device or network, and the use of a secure password would feature pretty high up that list. However, even a tech giant the size of Lenovo can fail to implement secure passwords. Recent Lenovo SHAREit vulnerabilities have been discovered, one of which involves the use of a hard-coded password that ranks as one of the easiest to guess. Recently, SplashData published a list of the 25 worst passwords of 2015, and the one chosen by Lenovo is listed in position three between “password” and “qwerty.” To all intents and purposes, Lenovo may well not have bothered adding a password at all, such is the degree of security that the password offers. That password has also been hardcoded. In fact, the company didn’t actually bother with adding a password at all in one of the new SHAREit vulnerabilities. Four Lenovo SHAREit vulnerabilities have now been patche Lenovo SHAREit is a free cross-platform file transfer tool that allows the sharing of files across multiple devices, including PCs, tablets and Smartphones. Perhaps unsurprisingly, given Lenovo has been found to be installing irremovable software via Rootkit and shipping its laptops with pre-installed spyware, some security vulnerabilities exist in its SHAREit software. Four new Lenovo SHAREit vulnerabilities have been discovered showing some shocking security lapses by the Chinese laptop manufacturer. If the Lenoto SHAREit vulnerabilities are exploited, they could result in leaked information, integrity corruption, and security protocol bypasses, and be used for man-in-the-middle attacks. The hardcoding of the password 12345678, listed as CVE-2016-1491 by Core Security, is shocking. Configure Lenovo ShareIt for Windows to receive files, and 12345678 is set as the password for a Wi-Fi hotspot. The password is always the same and any system with a Wi-Fi Network could connect. According to Core Security, if the Wi-Fi network is on and connected, files can be browsed by performing an HTTP Request to the WebServer launched by Lenovo SHAREit, although they cannot be downloaded. (CVE-2016-1490). The third vulnerability, named...
by G Hunt |
January 27, 2016 |
Cybersecurity News
An Irish data security survey conducted in December, 2015., has revealed that a third of Irish companies have suffered a data breach in the past 12 months, highlighting the need for Irish companies to improve their security posture. ICS Irish data security survey indicates employees are the biggest risk 150 IT security professionals took part in the Irish Computer Society survey with 33% claiming their employer had suffered a data breach in the past 12 months. In 71% of cases, the data breaches occurred as a result of the actions of staff members. Perhaps unsurprisingly given the number of inadvertent data breaches that had been caused by staff members, 45% of respondents cited employee negligence as being the biggest single data security threat they faced. Protecting networks from errors made by employees is going to be one the biggest security challenges faced by Irish IT professionals in 2016. Other major security concerns highlighted by respondents included the increasing number of end user devices that are being used to store sensitive data, and the increasing threat of cyberattacks by hackers. Improving security posture by tackling the issue of employee negligence Employees are the weakest link in the security chain, but that is unlikely to change unless less technical members of staff are provided with training. It is essential that they are advised of the risk of cyberattacks and what they can personally do to lessen the chance of a data breach occurring. In many cases, some of the most fundamental data security measures are not so much ignored, but are just not understood by some members of staff. It may be common knowledge for instance, that 123456 does not make a very secure password, that email attachments from strangers should not be opened, and links to funny videos of cats on social media networks might not turn out to be as innocuous as they seem. Tackling the issue of (dare we say) employee data security stupidity is essential. It is far better to do this before a breach is suffered than afterwards. Proactive steps must be taken to improve understanding of cybersecurity risks, and what employees can do to reduce those risks. ICS Irish data...
by G Hunt |
January 25, 2016 |
Cybersecurity News
A security vulnerability has been discovered with FortiGuard network firewall appliances that could potentially be exploited by hackers. Should the FortiGuard SSH backdoor be exploited, a hacker would be able to gain full administrative privileges to Fortinet security appliances. FortiGuard SSH backdoor is an unintentional security vulnerability The FortiGuard SSH backdoor was not been installed by hackers, but is an unintentional security vulnerability in the FortiOS operating system. The FortiGuard SSH backdoor was discovered this month by a third party security researcher. An exploit for the security vulnerability has already been published, making it imperative that all users of FortiGuard firewall appliances install the latest version of the operating system. All users must ensure that their devices are running on FortiGuard version 5.2 or above. After the security vulnerability was announced Fortinet started an investigation to determine whether any other devices were affected. A statement released by Fortinet last week indicates that in addition to Fortinet FortiGuard, FortiAnalyzer, FortiCache, and FortiSwitch are also affected and contain the vulnerability. In order to prevent the backdoor from being exploited users have been advised to upgrade to version 3.0.8 of FortiCache, version 3.3.3 of FortiSwitch, and versions 5.0.12 or 5.2.5 of FortiAnalyzer. The FortiGuard SSH backdoor is a Secure Shell vulnerability. According to a Fortinet blog post, the security vulnerability has not been created by a malicious insider or outsider, but was an “unintentional consequence” of a feature of the operating system. The aim was to ensure “seamless access from an authorized FortiManager to registered FortiGate devices.” The vulnerability involves an undocumented account which has a hard-coded password. If it is not possible for users to immediately upgrade to the latest OS, Fortinet advises using a manual get around, which involves disabling SSH access and switching to a web-based management interface until the OS can be upgraded. Last month a security vulnerability was discovered in the ScreenOS operating system used by Juniper Networks. In that case, the...
by G Hunt |
January 21, 2016 |
Cybersecurity News
Many companies have responded to the threat of data theft by hackers by using encryption. If hackers do break through the security perimeter and gain access to computers or networks, customer data will not be exposed. However, the same cannot be said of employee data. A new security report suggests employee data theft is rife, and that the personal information of employees is much more likely to be stolen that customer data. Employee data theft is a real concern – Don’t forget to encrypt ALL sensitive data! A recent study has shown that when it comes to protecting intellectual property and the personal information of employees, mid-sized companies around the world fail to use the same stringent measures that they apply to customer data. The Sophos/Vanson Bourne study revealed that 43% of midsized companies – those employing between 100 and 2,000 members of staff – do not regularly encrypt human resources files. Human resources files usually contain sensitive information on employees: names, addresses, contact telephone numbers, dates of birth, emergency contact information, and government IDs such as Social Security numbers. These are exactly the kind of data sought by hackers. These data can easily be used to commit identity theft. The survey was conducted on respondents from Australia, Canada, Japan, Malaysia, and the United States indicating this is a global problem. In the United States, where ma high percentage of cyberattacks on midsized companies are taking place, 45% of companies appear not to be encrypting employee data, even though these companies face a high risk of employee data theft. Even financial data is left relatively unprotected. Almost a third of companies in the United States are not encrypting their financial data. It is not a case of encryption not being implemented at all by midsized companies. In the United States for example, 43% of midsized companies use encryption to some degree, while 44% claim they widely encrypt data. The figures are understandably lower for small organizations, in a large part due to the cost of encryption. 38% of small businesses widely encrypted data. Half of larger organizations used encryption for most data....
by G Hunt |
January 19, 2016 |
Web Filtering
There as a clear need for British libraries to implement web filtering solutions to restrict the content that can be accessed through library computers. However, as has been recently discovered, web filter implementation errors can all too easily result in important and valuable Internet content being blocked. Web filter implementation errors damage public access to content sought by vulnerable users Give a schoolboy a dictionary and it will not be long before the exact meaning of every cuss word will have been looked up. Provide totally free access to the Internet without the watchful eye of parents and it will not be long before access is used to access pornography and other objectionable content. The anonymity afforded by library computers allows objectionable content to be accessed, such as pornography, ISIS propaganda, and other web content and imagery that has potential to cause harm. Libraries are an extremely valuable resource, but the type of information that can be accessed does need to be controlled, according to some local authorities at least. The implementation of a web filtering solution was deemed to be an appropriate safeguard to prevent unsavory content from being accessed on library computers in Britain. The problem with using a web filter is how to prevent potentially damaging content from being accessed, while ensuring that those filters do not block access to acceptable content, especially content that many people may choose to access quite legitimately in a library. Content about sexual health for example. Many vulnerable individuals may not be able to access sexual health information at home. The sites that are accessed may be seen by family members for example. A teenager may want information about contraception, abortion, or sexually transmitted diseases, yet be unable to search for the information they need at home. They may want to access resources produced for the LGBT community. A library is an ideal place for this important information to be obtained. Information that may prevent these individuals from coming to harm. Data recently released by the Radical Librarians Collective indicates that web filter implementation errors have...
by G Hunt |
January 15, 2016 |
Cybersecurity News
New Android Smartphone malware has been identified that gets around the security systems used by banks and other financial institutions to keep customers protected. The malware is managing to intercept messages that are sent to customers’ Smartphones used as part of the bank’s two-factor authentication system. However, an update to the Android Smartphone malware means it is now capable of intercepting passcodes on more robust 2FA systems. Two-factor authentication is not infallible Two-factor authentication offers enhanced security for bank customers. Rather than relying on a username and a password, and additional factor is used to verify identity. A one-time passcode is sent to a user’s Smartphone and that passcode is then used to authorize a transaction. If the passcode is not entered the transaction cannot be made. The codes are sent to the Smartphone via SMS in most cases, although some banks use an automated voice call to deliver the passcode. This means that even if a user’s login credentials are obtained by a criminal they cannot be used to authorize a bank transfer unless the attacker has also managed to obtain the Smartphone of the account holder (or other device registered with the bank and used for two-factor authentication.) While two-factor authentication makes it harder for fraudulent transactions to be made, the system is not infallible. In fact, the account holder’s device does not even need to be stolen in order for a criminal to empty a bank account. If malware can be loaded onto the device that can intercept the SMS text this will allow an attacker in possession of the login credentials to make fraudulent transfers. Automated voice call passcode delivery intercepted by Android Smartphone malware SMS messages can be intercepted easily if malware is installed on a device. Because of this, some banks are moving away from SMS passcodes and are now favoring the delivery of codes via an automated voice message. However, the latest android Smartphone malware is capable of obtaining these passcodes as well. Android.Bankosy malware has been adapted to beat this system of passcode delivery. The malware will simply forward the voice call to the...
by G Hunt |
January 14, 2016 |
Cybersecurity Advice
Over the past four weeks we have seen numerous cybersecurity predictions for 2016 issued by security firms. Security experts are trying to determine which part of the now incredibly broad threat landscape will be most favored by cybercriminals in 2016. Some companies have made very specific cybersecurity predictions for 2016. They have come out with very bold claims, even predicting the presidential elections will be disrupted by a major cyberattack. Others believe 2015 will be broadly similar to 2015, with just an increase in ransomware attacks and even more massive data breaches suffered. What all of the cybersecurity predictions for 2016 have in common is that the next 12 months are expected to be tough for security professionals. The number and types of devices now connecting to corporate networks is broader than ever before. People are now far more likely to own and use three or more Internet-connected devices and use them on a regular basis. Alternative payment methods are being used more frequently. There is now more than ever to attack and too many devices and systems to keep secure. Unsurprisingly, no one appears to be claiming that 2016 will be easier than last year for cybersecurity professionals. Cybersecurity predictions for 2016 The attack surface is now incredibly broad, but where are cybercriminals most likely to strike? This is what we think. Here are cybersecurity predictions for 2016. IoT – expect attacks on the Internet of Things Let’s start with a bold prediction. The IoT is likely to come under attack this year. I say bold, but that is only in terms of the timescale. IoT devices will be attacked, shut down, altered, remotely controlled, and used as a launchpad for attacks on other devices. If a device is constantly connected to the Internet, it will only be a matter of time before an attack takes place. One problem with adding IoT technology is the manufacturers of the devices are not security experts. A washing machine that can be controlled via Wi-Fi or a Smartphone app, and can be switched on remotely while you are at work, has been designed first and foremost to wash clothes. It has then had IoT functionality bolted on. It has not...
by G Hunt |
January 11, 2016 |
Cybersecurity News
Hackers have potentially gained access to the data of hundreds of thousands of Time Warner Cable customers. The Time Warner Cable security breach was discovered by the FBI, which tipped off TWC last week. Affected individuals are now in the process of being notified. 320,000 customers potentially affected by Time Warner Cable security breach The Time Warner Cable security breach was announced on Wednesday last week. Scant information was initially provided to the media about the security breach and how customer data came to be stolen by cybercriminals. According to a statement released by the company, there has been no indication that the company’s computer systems were compromised in a cyberattack, and customers have only been advised to change their passwords as a precaution. The company advised customers via email as well as direct mail that their email addresses and passwords may have been compromised. Over the next few days, further information about the Time Warner Cable security breach was released. At first a statement said residential customers were affected across all markets. It later came to light that the data were stolen not from TWC, but from a third party who had access to customer information. Investigations into the TWC data breach are continuing, but at this present moment it would appear that the Time Warner Cable security breach only affects Roadrunner email accounts (rr.com). Customers have been directed to resources where they are provided with further information about how to identify a phishing attack. There is a possibility that affected individuals will be contacted via email by the data thieves in an attempt to obtain further information that can be used to commit identity theft or fraud. However, what will be particularly worrying for the victims is not the possibility that they may be subjected to future phishing campaigns but what confidential information they have in their email accounts. Email accounts may contain highly sensitive information about an individual which, in the wrong hands, could be used to cause considerable harm. The information in an email account could allow a cybercriminal to build up a highly detailed...
by G Hunt |
January 7, 2016 |
Cybersecurity News
On December 31, 2015, the British Broadcasting Company (BBC) suffered a cyberattack which resulted in all of its websites being taken offline for a number of hours. A hacking group operating under the name “New World Hacking” has now claimed responsibility for the BBC DDoS Cyberattack. BBC DDoS cyberattack conducted to test hacking group’s capabilities The BBC was chosen not because of some vendetta against the broadcaster, but as a test of the power of the hacking groups servers ahead of planned attacks on ISIS. The hackers behind the BBC DDoS cyberattack did not actually intend on taking down the BBC websites, but it turned out that the servers being used for the attack proved to be “quite strong,” according to one member of the group who came forward. ‘Quite strong’ is something of an understatement. The BBC DDoS cyberattack was the largest ever recorded, with traffic up to 660 Gbps, which corresponds to many tens of thousands of connections. The hackers took down the BBC website using the Bangstresser tool, and used two nodes of attack and “a few extra dedicated servers.” Before the BBC DDoS cyberattack, the largest ever recorded was a 334 Gbps attack on an Asian network operator last year. Attacks of this size are rare. Few manage more than 100 Gbps and when attacks of this magnitude occur they tend to be fairly short-lived, although while they are being conducted they can cause a substantial amount of damage. Many of the connections will be blocked by network filters, which are capable of identifying spoofed IP addresses, although by no means all. Attacks of this scale are likely to cause a serious amount of damage to enterprise networks. In this case, the hacktivists were only testing capabilities and the motivation for the attack appears to have been made clear; however not all hackers conduct DDoS attacks to disrupt web services or take down servers. All too often a DDoS attack is conducted as a smokescreen to distract IT staff while the real mission is completed. One part of a network is attacked, while other members of the group attempt to gain access to other parts of the network and install backdoors for subsequent attacks or steal data. This was...
by G Hunt |
January 6, 2016 |
Cybersecurity News
Last month, President Barack Obama put his signature to an Omnibus spending bill of $1.1 trillion which contained the Cybersecurity Information Sharing Act of 2015. The purpose of the act is to encourage the sharing of cybersecurity threat intel. The Obama administration believes this is essential in order for the country to win the war against cybercrime. Cybersecurity Information Sharing Act of 2015 signed into law The Cybersecurity Information Sharing Act of 2015 is a compromise bill that was penned after previous attempts to introduce legislation to force private sector companies to share cybersecurity threat intelligence failed to make it past the House and Senate. Instead, the Cybersecurity Information Sharing Act of 2015 facilitates the voluntary sharing of intelligence by removing some of the legal obstacles that have previously got in the way of data sharing. It has long been possible for private sector companies to share certain cybersecurity information with government organizations; however, many companies have failed to do so out of fear of legal action stemming from accidental antitrust violations and inadvertent violations of the private rights of individuals. There was also concern that some of the information required by the federal government could in fact be used against the organization sharing the information. Regulatory enforcement actions for example. The Cybersecurity Information Sharing Act of 2015 offers private companies immunity from private and government lawsuits, along with other claims that could potentially result from the sharing of cybersecurity intelligence. Sharing of cybersecurity intelligence and immunity from lawsuits The new law allows any person or private group to share cybersecurity information with the federal government. That information includes cyber threat indicators – information that describes the attributes of a threat – and defensive measures. Defensive measures are defined as actions, devices, signatures, techniques, or procedures that “detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.” Before any information is shared with the federal government it...
by G Hunt |
January 5, 2016 |
Cybersecurity News
It has been a long time coming, but Facebook has finally taken the decision to stop using Flash for video. The social media site is now using HTML5 for all videos served on the site. Facebook Flash video is no more, but Adobe Flash has not been totally abandoned yet, as it will still be used for Facebook games. Hackers can take some comfort from the fact that Farmville players will still be highly susceptible to attack. Facebook Flash Video Retired to Improve User Experience The move away from Facebook Flash video didn’t really require any explaining, although a statement released by Facebook said the move was required “to continue to innovate quickly and at scale, given Facebook’s large size and complex needs.” The move to HTML5 not only makes the social media site more secure, HTML5 improves the user experience. Videos play faster, there are fewer bugs, and HTML allows faster development. The social media network also plans to improve the user experience for the visually impaired using HTML5. The move appears to have been welcomed by Facebook users. Since changing over to HTML5, users have added more videos, registered more likes, and are spending more time viewing videos. The End of Adobe Flash is Nigh Unfortunately, it is not quite so easy for the Internet to be totally rid of Flash. The video platform has been used for so long it is still a major part of the web. However, its 10-year reign is now coming to an end. Google Chrome stopped supporting Flash last year and Amazon also banned the use of Flash for video last year. YouTube made the switch from Adobe Flash to HTML5 and with without Facebook’s 8 billion video views a day no longer being served through Flash, the majority of web videos will now be viewed without Adobe’s platform. Even Adobe appears to be trying to distance itself from its toxic product, having abandoned the name Flash in recent weeks. The company is attempting to deal with the huge number of zero day vulnerabilities as soon as they are discovered, and is patching them quickly, but it is fighting a losing battle. HTML5 provides everything that Flash offers in terms of functionality, minus the myriad of security holes. Security Risk...
by G Hunt |
December 30, 2015 |
Cybersecurity News
The Superfish scandal discovered to affect purchasers of new Lenovo laptops last year showed that ad injection software poses considerable risks to users. Ad injection software risk cannot be easily managed. Even brand new laptops can come installed with software designed to deliver ads to users. Unfortunately, programs such as Superfish can also be used by hackers to conduct man-in-the-middle attacks. Hackers can potentially exploit security vulnerabilities in ad injection software. In the case of Superfish, the software was pre-installed on Lenovo laptops. In order to serve ads, the software used a self-signed root certificate that generated certificates for secure HTTPS connections. The software substituted existing HTTPS certificates with its own in order to serve ads to users while they browsed the Internet. Unfortunately, if the password for ad injection software is discovered, as was the case with Superfish, HTTPS connections would no longer be secure. Hackers would be able to eavesdrop and steal user data. Man-in-the-middle (MiTM) techniques are increasing being used to serve adverts while users browse the Internet, but the ad injection software risk of hackers taking advantage is considerable. The software is capable of network layer manipulation, injection by proxy, and can alter DNS settings. These techniques are used to serve adverts, but this is outside the control of the browser and the user. Since these programs can be manipulated and exploited by hackers they also pose a considerable security risk, and one that the user is unable to easily address. Microsoft takes action to reduce ad injection software risk The ad injection software risk is considerable, so much so that Microsoft is taking action to tackle the problem. By doing this, Microsoft will hand back choice to the user. The company has updated its criteria for determining what software qualifies as Adware, and has recently announced it will be taking action to reduce risk to users and prevent unwanted behavior by Adware. Rather than the manufacturer of the equipment or developer of the Adware program dictating the browsing experience for users, Microsoft will be handing back control...
by G Hunt |
December 29, 2015 |
Cybersecurity News
With Internet use increasing in schools the UK government has taken the decision to make school web filters mandatory. The government has previously recommended that schools implement web filtering solutions, although many schools have not taken action to curb and monitor Internet use in classrooms. Consequently, children are still able to access adult and other potentially damaging content. The government is now going to get tougher on schools and will introduce legislation to force primary and secondary schools to filter online content. From September 2016, primary and secondary school children must also be educated about online safety. How School Web Filters Make the Internet Safer for Kids The main aim of mandatory school web filters is to prevent them from accessing online pornography at school and other potentially damaging content. The move will make it harder for religious extremists to radicalize children and it is hoped that the implementation of school web filters will help to reduce instances of cyber-bullying. Some evidence has emerged that shows UK school children who have tried to leave the country, or have travelled to Syria, have been able to access information about Daesh/IS from school computers. Ministers believe that action must be taken to prevent such material from being viewed at school, but to also identify individuals who are attempting to access such material. Greater efforts can then be made to tackle the issue before it is too late. Children must also be educated more about how to stay safe when using social media websites such as Facebook, Twitter, Snapchat, and Instagram. Proposals were published last week on the introduction of new measures to curb Internet usage in schools, which will include school web filters but also monitoring systems to identify individuals who are attempting to access illegal, dangerous, or inappropriate content. There is also concern that individuals will try to access the same material at home. To tackle that issue, the Department of Education has drafted new guidance for parents to help them keep their children safe at home. School web filters will prevent all adult content from being accessed from any...
by G Hunt |
December 24, 2015 |
Cybersecurity News
EU fines for privacy violations are likely to be issued to companies that fail to implement security measures to prevent their customers’ data from being stolen by cybercriminals. EU fines for privacy violations can be substantial, although the watchdogs that are able to issue them are limited. That is all about to change. The European Union has taken decisive action and will be penalizing companies that do too little to protect their customers. EU fines for privacy violations apply to any company doing business in EU countries Last week, negotiators met up in Strasbourg, France, and signed a new deal that will change data protection laws in the EU. It has taken some time for this update to take place, having first been discussed four years ago. There has been much debate about the level to which companies should be held responsible for data breaches, although finally all sides have come to an agreement that better protects consumers, make businesses more responsible, and will not interfere with efforts to bring cybercriminals to justice. The changes to the law will ensure that more companies are held accountable for their lack of security controls. With the threat of cyberattacks increasing, and a number of major attacks suffered by companies over the past few years, an overhaul of data protection laws in Europe was long overdue. Current legislation is somewhat patchy, offering limited protection for consumers. Companies in some industries can be fined up to 1 million Euros for privacy violations and the exposure of customer data, while others are allowed to escape without penalties. The new EU fines for privacy violations will not have a fixed limit. Fines for businesses who are hacked or otherwise expose customer data will be as high as 4% of a company’s global annual sales. The aim of the new law change is to give companies a considerable incentive to invest in cybersecurity protections to keep their customers’ data secure, and improve consumer trust. The law changes will also require companies doing business in any of the European Union’s 28 member states to disclose data breaches that have exposed consumer data. While privacy groups have welcomed the...
by G Hunt |
December 23, 2015 |
Cybersecurity News
According to security researchers, the recently discovered Juniper Networks security flaw could have been created by the NSA to spy on Juniper Network customers. Others claim it is the work of a foreign government, although the NSA is still implicated. Juniper Networks security flaw is a backdoor allowing customers’ information to be decrypted Juniper Networks has discovered an external third party has inserted code into its software that could be used as a backdoor, potentially allowing hackers to decrypt secure communications and spy on customers’ data. The networking equipment manufacturer’s corporate virtual private network (VPN) software was discovered to contain rogue code that allowed a security flaw to be exploited for the past three years. The Juniper Networks security flaw could have allowed the internal secure communications of customers to be viewed by hackers. The Juniper Networks security flaw would have allowed all VPN traffic to be monitored. Juniper Networks security flaw now patched? According to a statement released by Juniper Networks SVP and chief information officer, Bob Worrall, “Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.” If a customer had communications intercepted they would likely to see a log file entry saying “system” had logged in and had a password authenticated. However, it has been proposed that an individual with the skill to insert the code and exploit the flaw would likely also be able to remove traces of a successful login attempt. Consequently, it is not possible to tell with any degree of certainty whether the Juniper Networks security flaw has actually been exploited. That said, it would be odd for an individual or group of hackers to go to the trouble and expense of creating a sophisticated backdoor that allows secure communications to be monitored, and then not use it in the three years that it has existed. A patch has now been released to tackle the issue and all customers have been advised to upgrade the software immediately. Whether the patch actually fixes the security flaw is...
by G Hunt |
December 18, 2015 |
Cybersecurity News
A recently published 2015 security study has shown cyberattacks are pervasive and are likely to be suffered by virtually all organizations. However, IT security professionals have been taking proactive steps to reduce end user security risk and have also implemented better cybersecurity solutions to keep networks secure. Consequently, they feel much better able to deal with 2016 security threats. New 2015 security study indicates 80% of organizations have suffered a security incident this year Optimism appears to be high and many organizations believe they will be able to prevent security incidents from being suffered in 2016, which is great news. Unfortunately, that does not appear to have been the case this year. According to the Spiceworks study, 80% of respondents suffered a security incident in 2015. Even though 8 out of ten organizations admitted to being attacked this year, they do feel they will be better able to deal with whatever 2016 has in store. Seven out of ten respondents said they would be better equipped to deal with cybersecurity attacks in 2016. The reason for the optimism is an increased investment in both cybersecurity solutions and the provision of further training to members of staff. A more security conscious workforce means it will be much easier to prevent security breaches caused by malware infections, phishing attacks, and ransomware. The study indicated that 51% of companies were attacked by malware this year, while 38% suffered phishing attacks. Ransomware is a cause for concern and threats have been reported extensively in the media, yet only 20% of companies actually suffered a ransomware infection. Theft of corporate data only suffered by 5% of companies There have been numerous reports of data breaches being suffered in 2015, and hackers have been able to steal corporate data and tens of millions of consumer records, yet the survey indicates only 5% of respondents actually suffered data theft this year. 12% of companies reported instances of password theft during 2015. That said, it is still a major cause of concern. 37% of respondents said they were still worried about the theft of data and passwords. End user security risk...
by G Hunt |
December 17, 2015 |
Cybersecurity Advice
In the United States, healthcare phishing emails are being sent in increasing volume by cybercriminals looking for an easy entry point into insurance and healthcare providers’ networks. Healthcare employees are now being targeted with spear phishing emails as they are seen to be the weakest link in the security chain, resulting in HIPAA compliance breaches. It is after all, much easier to gain entry to a healthcare network or EHR system if malware is installed by nurses, physicians, or administrative staff than it is to find and exploit server and browser security vulnerabilities. It is even easier if a member of staff can be convinced to divulge their email account or network login credentials. Hackers and cybercriminals are devising more sophisticated healthcare phishing emails for this purpose. Clever healthcare phishing emails could fall any number of staff members Even well trained IT security professionals have been fooled into responding to phishing scams, so what chance do busy physicians, nurses, and members of the billing department have of identifying healthcare phishing emails? According to the Department of Health and Human Services’ Office for Civil Rights (OCR), employers will be held responsible if their staff fall for a phishing email, unless they have taken proactive steps to reduce the risk of that occurring. This week, OCR announced it arrived at a settlement with University of Washington Medicine for a 90,000-record data breach that occurred as a result of staff falling for healthcare phishing emails. The settlement involved UWM paying OCR $750,000. Small to medium-sized healthcare organizations could also be fined for members of staff accidentally installing malware. UWM may be able to cover such a substantial fine, but the average 1-10 physician practice would be unlikely to have that sort of spare cash available. Such a penalty could prove to be catastrophic. Why was such a heavy fine issued? The issue OCR had with UWM was not the fact that a data breach was suffered, but that insufficient efforts had been made to prevent the breach from occurring. U.S. healthcare legislation requires all healthcare organizations to conduct a...
by G Hunt |
December 16, 2015 |
Cybersecurity News
The latest data breach predictions by IDC analysts do not make for pleasant reading. If the data breach predictions turn out to be true, 1.5 billion individuals will be affected by data breaches in the next 5 years. Companies being targeted by cybercriminals looking to steal consumer data U.S. companies are being increasingly targeted by foreign cybercriminals. European businesses are similarly suffering more cyberattacks. In fact, companies all over the world are being attacked by criminals looking to gain access to consumer data. It is now no longer a case of whether a data breach will be suffered. It is now just a case of when a data breach will occur. Companies must therefore be prepared. They must implement a host of security defenses to prevent cyberattacks from occurring, and need to make it harder for hackers and other cybercriminals to gain access to sensitive data. Failure to take action and implement multi-layered cybersecurity defenses will see a data breach suffered sooner rather than later. A breach response plan must also be devised to limit the damage caused when an attack is successful. Data breach predictions for the next 5 years The number of data breaches being suffered by companies all around the world has grown considerably in recent years, and the situation is unlikely to change. Based on the current levels of attacks, and the volume of data now being stolen by cybercriminals, IDC analysts made some bleak data breach predictions this month. They expect that by the year 2020, a quarter of the world’s population will have had data exposed as a result of cyberattacks. That’s 1.5 billion individuals! IDC also predicts that consumers will increasingly take action when their data are exposed. In fact, we are already seeing consumers boycott brands that have suffered major cyberattacks. Many consumers who previously shopped at Target for instance, have switched retailers following the massive data breach suffered in 2013. In the UK, many consumers are switching broadband and mobile phone provider after TalkTalk was hacked by a group of teenagers this year. In the United States, there has been considerable fallout as a result of the massive data...
by G Hunt |
December 14, 2015 |
Cybersecurity News
A Twitter cyberattack has prompted the social media network to issue warnings to some users of the social media site. It would appear that attackers have attempted to gain access to the accounts of a limited number of individuals, but those attacks do not appear to have resulted in a breach of user data. Twitter cyberattack prompts warnings to be sent to site users The warnings appear to have only been sent to certain United States based users of the website. The emails warn users that foreign government-backed hackers are targeting the site and are attempting to steal user data. According to the warnings, user account data is not believed to have been obtained and, if it has, only a small amount of personal data would have been revealed. Twitter has offered some suggestions to any users that have been targeted to allow them to take action to reduce risk. They have been told they can switch to the Tor network to access their accounts, or it was suggested they tweet under a pseudonym. It would appear that the attackers responsible for the Twitter cyberattack are attempting to get the phone numbers, email addresses, and IP addresses. It is conceivable that the individuals were targeted to allow the hackers to send out tweets from the users’ accounts. The warning alerted users to a “small group of attackers” who are targeting the site. If another Twitter cyberattack is attempted, the social media site will send out a warning email to advise the affected party or parties of the attempted attack. Latest Twitter cyberattack appears not to be random The Twitter cyberattack appears to have targeted specific users of the website. The individuals and companies that the attackers have targeted are security experts or activists. Coldhak, a not-for-profit company dedicated to improving privacy, security, and freedom of speech, was one of the organizations that the hackers attacked. Twitter is currently conducting a full investigation into the attempted hacking of Twitter accounts. The warning indicates that the social media microblogging platform is being ultra-cautious and is alerting users as a proactive step to prevent a breach of customer data, as well as reducing the...
by G Hunt |
December 10, 2015 |
Cybersecurity News
According to the latest cybersecurity report from Osterman Research, retail industry cybersecurity risk is being seriously underestimated. There is false confidence in cybersecurity protections, and the risk of consumer and business data being exposed is considerable. Assessing retail industry cybersecurity risk The retail industry cybersecurity risk assessment was conducted on 125 large retailers during the month of November. The report indicates that even though security vulnerabilities have been identified, the retail industry is not taking the necessary steps to deal with those risks. Many security holes remain unplugged. In particular, risks associated with temporary workers are not being dealt with. Retailers bring in temporary workers at busy times such as in the run up to Christmas. However, they are introducing a considerable amount of risk when the do so because they are not monitoring the activity of those workers effectively. Many actually believe they are – which is even more worrying. Temporary workers are often provided with login credentials which are shared instead of giving each temporary worker a separate login. This eases the administrative burden on the IT department. Why create hundreds of new logins that will only be required for a short period of time? Simply give those workers low level privileges and any risk that is introduced will be minimal. Unfortunately, that may not necessarily be the case. The study showed that 61% of temporary retail floor workers were using shared logins. It is not known whether this is a short cut taken and the risk is known, or whether retailers are unaware of the dangers that the activity involves. Even temporary workers must be given access to some data assets, yet it is impossible for some retailers to identify assets that each of those workers are accessing. Furthermore, it is not only temporary workers that are being allowed to share login credentials. 21% of permanent workers are also sharing their login credentials. Retail industry cybersecurity risk is being seriously underestimated The research indicates that 62% of retailers believe they know everything their permanent workers are doing, and...
by G Hunt |
December 9, 2015 |
Cybersecurity News
Just over a month ago, researchers at Heimdal identified Cryptowall 4.0 ransomware; the latest incarnation of the nasty malware first discovered in September 2014. Since then, the malware has been further developed, with the third version discovered in January 2015. Now, Cryptowall 4.0 ransomware is threatening consumers and businesses alike. The latest version of the malware is even sneakier and more difficult to detect, and its file encryption goes much further. To make matters worse, Cryptowall 4.0 ransomware has been packed into the Angler exploit kit, making it easier for the vicious malware to be downloaded to devices. The Angler exploit kit takes advantage of vulnerabilities in browsers, making drive-by downloads possible. Any organization that has not installed the latest browser and plugin updates is at risk of having its files encrypted. Cryptowall 4.0 ransomware – The malware keeps on evolving to evade detection Last month, the Cyber Threat Alliance released new figures on the cost of Cryptowall infections. The criminals behind the malware have so far managed to extort $325 million from victims around the world. The latest version of the ransomware will see that extortion will continue. The bad news is, the latest version is likely to result in a much higher rate of infection. The money being ‘requested’ has also increased. Victims are no longer being asked for $300 to unlock their files. They are being urged to pay out $700 to unlock their files and keep their systems protected. Victims are given less choice with the latest version of the malware. Not only will their files be encrypted, in order to make it harder for victims to restore encrypted files from backups, the latest version also encrypts filenames. The aim is to confuse victims even more. It is, after all, hard to restore files if you don’t know which files need to be restored. Angler exploit kit used to infect computers with Cryptowall 4.0 ransomware The Angler exploit kit is particularly nasty. First of all, it is not only Cryptowall 4.0 ransomware that will be installed. Visitors to malicious websites will have a host of malware installed on their computers. The network security threat...
by G Hunt |
December 4, 2015 |
Cybersecurity News
The true cost of phishing attacks is difficult to calculate accurately, but the recent Target data breach settlement gives an indication of just how costly phishing attacks can be. The U.S. retailer has recently agreed to pay $39.4 million to resolve class-action claims made by banks and credit unions to recover the costs incurred as a result of the 2013 target data breach. The claims were made to try to recover some of the cost of re-issuing credit and debit cards to the 40 million or so customers that had their data stolen by hackers. The banks were also required to issue refunds to customers whose credit or debit cards had been fraudulently used after the 2013 Target data breach. The Target hack was financially motivated. The perpetrators of the crime sold data or fraudulently used credit card information and the personal details of customers. Approximately 110 million customers of Target may have suffered financial losses or had their identities stolen as a result of the 2013 Target data breach. The settlement will see Mastercard retailers paid $19.11 million, while $20.25 million will be paid to credit unions and banks. This is not the only Target data breach settlement reached this year. The retailer agreed to pay Visa card issuers $67 million in the summer, bringing the total card issuer settlement to $106.4 million; more than the $100 million paid Visa and Mastercard issuers by Heartland Payment Systems Inc. Heartland suffered a massive data breach in 2008 that exposed 100-million+ credit card numbers. The company had to pay out around $140 million in total to resolve the breach. The True Cost of Phishing Attacks The settlement could have been considerably higher. Target’s figures suggest that approximately 40 million credit card numbers were stolen by hackers in 2013. The settlement is therefore lower than $1 per credit card number exposed. In addition to paying $10 million to customers, Target also had to cover the cost of implementing a swathe of additional security measures after the cyberattack to prevent similar attacks from being suffered. One of the most expensive measures was the introduction of microchip-enabled card readers in its nationwide...
by G Hunt |
December 2, 2015 |
Cybersecurity News
Point of sale malware is not new. Cybercriminals have been using point of sale malware to steal credit card numbers from consumers for many years. Unfortunately for retailers, the threat of POS malware is growing. Highly sophisticated malware is being developed and used to obtain a wealth of information from retailers about their customers. That information is being used to commit identity theft and fraud. POS malware is also being used to obtain corporate data. Point of Sale Malware – The biggest data security threat for retailers Retailers are at risk of having point of malware installed throughout the year, but in the run up to Christmas the threat is greatest. It is the busiest time of year for shopping and hackers and other cybercriminals step up efforts to get their malware installed. Hackers are hoping for another big payoff before the year is out, and they are likely to get it. Over the Thanksgiving weekend, some of the most sophisticated malware ever seen was discovered. In some cases, the point of sale malware had been blocked. Many retailers were not so lucky. Unfortunately, identifying malware once it has been installed can be incredibly difficult, especially with the latest ModPOS malware. It is already responsible for providing millions of credit card numbers to hackers, and has caused millions of dollars of damage. The full extent of the infection is not yet known due to the stealthy nature of this new malware. ModPOS – The most worrying point of sale malware to be seen to date The new malware has been named ModPOS – short for Modular Point of Sale malware – and it is particularly dangerous, stealthy, and fiendishly difficult to identify once installed. Security experts have been surprised at the level of sophistication. An incredible amount of skill was required to produce malware as complex as ModPOS. It shows the level that criminals will go in order to obtain data and avoid detection. The malware has been developed to make it exceptionally difficult to identify, and it has clearly been designed with persistence in mind. Once installed, it can perform a wide range of functions; not only serving as a keylogger and card reader, but...
by G Hunt |
November 30, 2015 |
Cybersecurity Advice
Kaspersky Lab has made a number of web security predictions for 2016, alerting IT security professionals to what the company’s security experts believe next year has in store. The company has listed some of the biggest security threats that are expected over the coming year. Kaspersky Lab is one of the leading anti-virus and anti-malware software developers, and is a supplier of one of the two AV engines at the heart of WebTitan Web filtering solutions. The Kaspersky web security predictions for 2016 include opinions gained from over 40 of the company’s leading experts around the globe. The web security predictions for 2016 can be used by IT professionals as a guide to where the next cyberattack could come from. The Biggest Cyberattacks of 2014 and 2015 Last year saw numerous high profile attacks on some of the world’s best known brands. Around this time last year, Sony was hacked and its confidential data was posted online, causing much embarrassment and considerable financial loss. Some of the biggest names in retail in the U.S. were attacked in 2014 including Target and Home Depot. The start of this year saw attention switch to health insurers. In February, Anthem Inc. was attacked. The records of 78.8 million insurance subscribers were stolen. News of a cyberattack at Premera BlueCross closely followed. 11 million subscriber records were compromised in that attack. Later in the year, Excellus BlueCross BlueShield discovered hackers had potentially stolen the records of approximately 10 million subscribers. Healthcare providers were also hit. UCLA Health System suffered a data breach that exposed the records of 4.5 million patients. The U.S. Government was also targeted this year. The Office of Personnel Management was hacked and, while the perpetrators have not been identified, the attackers are believed to be government-backed hackers based in China. Over 22 million records were potentially stolen in that cyberattack. The IRS was also hacked and 300,000 individuals were affected. 37 million highly confidential records were obtained from internet dating website Ashley Maddison, and Hacking Team – a somewhat controversial provider of spyware –...
by G Hunt |
November 26, 2015 |
Cybersecurity News
Under normal circumstances the Amazon data breach risk is kept to a minimal level. The global online retailer is estimated to have generated $38.42 billion in gross profits between September 2014 and September 2015, and such deep pockets mean the company can invest heavily in cybersecurity protections. With a company as large as Amazon, excellent data breach risk management strategies are essential. The company is a huge target for cybercriminals and a successful cyberattack has potential to make a dent in its profits. If customer data are obtained by criminals, those customers may choose to buy from an alternative retailer in the future. Amazon data breach risk discovered in time to prevent a successful hack? This week, a security scare has forced the company to reset some users’ passwords. It is not clear whether a data breach has actually been suffered, but the retailer certainly believes the risk to be credible as Amazon passwords were not requested to be changed. The company forced a reset. Amazon.com announced that this was “a precautionary measure” to prevent a cyberattack from occurring. The company believes passwords were “improperly stored” or had been transmitted to the company using a method that could “potentially expose [the password] to a third party.” The company has sent emails to all affected account holders advising them that they will need to specify a new password when then next login. No announcement was made about the number of users affected. This is not the first time that Amazon has had a major security scare. In 2010, hackers managed to break through its security defenses and compromised a number of user’s passwords. In that instance, users were warned that their accounts had been compromised. The Amazon data breach scare could affect more than just your Amazon account It is not clear whether passwords were actually obtained by a third party. Because of the doubt surrounding the reason for the forced change, any individual that receives an email telling them their password has been reset should also change their passwords on all other online accounts if the accounts can be accessed using the same password. Many consumers share...
by G Hunt |
November 25, 2015 |
Cybersecurity News
You would think that a brand new computer would be secure, aside from requiring a few updates to software after being taken out of the box, but a Dell root certificate security flaw means even brand new Dell laptop computer could be compromised within seconds of being connected to the Internet. Understandably, corporate customers and consumers alike are in uproar over the eDellRoot certificate security flaw that was recently discovered. The security flaw was revealed by Dell as part of the company’s remote assistance support service. In order for Dell to “streamline” support for users, the company installed a self-signed root certificate on at least two models of Dell laptop computers – the Inspiron 5000 series and the company’s XPS 15 laptop. Unfortunately, the root certificate is installed in the Windows root store along with the certificate’s private key. Any individual with a modicum of technical skill could obtain the key and use it to sign fake SSL/TLS certificates. In fact, the key is publicly available on the internet so it is easy to obtain. This means that anyone using one of the aforementioned Dell laptops could visit a HTTPS-enabled website in the belief that the connection is secure, when in fact it may not be. It would be possible for hackers to view data shared between the secure website and the Dell laptop. If the laptop is used to access a banking website via an open Wi-Fi network or the Internet is accessed via a hacked router, someone could listen in on that connection. Users could compromise their personal bank account information, passwords, or login credentials used to access their employer’s network. Any company that has purchased either of the above Dell laptops could potentially be placing their entire network at risk. If a BYOD is in operation, personal Dell laptops are a huge risk to data security. Not only could hackers eavesdrop on secure internet connections, it is possible that the Dell root certificate security flaw could be used to install malware on devices undetected. Since the certificate can be faked, it is possible that system drivers or software could be installed which fool the operating system into thinking they...
by G Hunt |
November 23, 2015 |
Internet Security News
Are you prepared for the official start of Christmas shopping season? Will you be starting your Xmas shopping on Black Friday? If you can’t resist a bargain, and can’t wait until Cyber Monday, take care! There are many fake Black Friday deals being advertised and you may end up becoming a victim of an online scam. Fake Black Friday deals aplenty Black Friday follows Thanksgiving Day in the United States, and it officially marks the first day of the Christmas shopping season. It is also a day when online criminals try to take advantage of Christmas shoppers. There will be plenty of genuine bargains, as Black Friday discounts are offered by most major retailers. Unfortunately for shoppers, there are plenty of fake Black Friday deals being advertised online. Picking out the real deals from the fake ones is not quite as easy as it used to be. Scammers are getting good at creating highly realistic offers and fake websites. Furthermore, scammers are getting sneaky and have launched fake Android Apps, and are now sending texts containing phishing links and fake phone lines. Fake Amazon app will steal your passwords, make calls, and send texts One of the scams already being sent offers a golden opportunity: The chance to beat the online crowds and grab a bargain before everyone else. Download this app and you will get to the front of the virtual queue and get all the Amazon Black Friday deals, days early. Instead of launching an Amazon app when you start it, after downloading the fake Amazon app it will launch an app called com.android.engine. If you grant permission, as many people who download the app will, you give the app permission to view virtually everything on your phone, make calls, send texts, and see the data you enter via your phone. Deleting the app will make no difference. To avoid this scam and others like it, only download apps from Google Play store; never from third party sites. Beware of texts warning of suspicious account activity Scammers may love email to deliver phishing links and malware-ridden attachments via email, but some are now resorting to text messages. Texts are sent warning of a security breach, account hack, or other need to call a...
by G Hunt |
November 20, 2015 |
Cybersecurity Advice
Online shoppers now have the option of using Amazon two-factor authentication on their accounts to improve security. Any users concerned about the number of cyberattacks being suffered by large retailers should take advantage of the new security measure and add Amazon two-factor authentication to their Amazon account at the earliest possible opportunity. It is not clear exactly when the retail giant implemented the new security feature, as an announcement was not made; however, some users started to notice the option this week. At the present moment in time it is not a mandatory security measure to use, but it is strongly advisable to add it to your account. Large retailers are big targets for cybercriminals. Retailers such as Amazon may have invested millions or even hundreds of millions in data security solutions and cybersecurity protections, but no company is impervious to attack. One thing that is certain is a great many cybercriminals will attempt to break through Amazon cybersecurity defenses. The company’s colossal database of customer information would be a sizeable reward for all the effort. The retail giant has an estimated 244 million customers. 244 million credit card numbers could be sold for a considerable sum of money. Why Amazon two-factor authentication doesn’t offer 100% security It would be nice to live in a world where it is impossible to be hacked or have one’s account details compromised. Unfortunately, but there is no such thing as a 100% secure account because no system is totally foolproof. Two-factor authentication does however get pretty close and, even better, it is easy for companies to implement and straightforward for customers to activate. Most of the global retailers and major internet brands use two-factor authentication for user accounts; although for some reason (only known to Amazon) the retail giant has refrained from adding this additional security measure until now. It is not a mandatory security measure and will not be added to accounts automatically. If users want enhanced account security, they can access their account settings and turn it on. How to Add Amazon two-factor authentication to your account Making your...
by G Hunt |
November 18, 2015 |
Cybersecurity News
If a user in your organization accidentally installs keylogging malware onto his or her computer, every keystroke entered on that computer – including login names and passwords – could be sent directly to hackers’ command and control servers. This nightmare scenario could involve the exposure of a limited amount of sensitive data; however, if the malware has been installed on multiple computers, and the infections have not been discovered for a number of days or weeks, a considerable amount of data could be obtained by criminals. Keylogging malware infection discovered by OH Muhlenberg Community Hospital A hospital in Kentucky recently discovered that not only have multiple computers been infected with keylogging malware, those infections occurred in 2012. For three years, every keystroke entered on each of those computers was recorded and transmitted to the hackers responsible for the attack. The computers in question were used by healthcare providers, employees, and contractors. Due to the length of time the computers were infected, it is not even possible to ascertain the data that may have been exposed and copied. Patient health information was entered, Social security numbers, health insurance information and other highly sensitive Protected Health Information. Providers would have entered their Drug Enforcement Administration numbers, state license numbers, National Provider Identifiers and other sensitive data. Employees who logged into healthcare systems using the computers, could have had their login credentials recorded. Access to web services similarly would have involved credentials being compromised. Such an extensive, long term keylogging malware infection could place many patients at risk of suffering identity theft or fraud, and physicians could have their identities stolen. Criminals could have used the data to commit medical fraud, insurance fraud or file false tax returns. The fallout from this cyberattack could therefore be considerable, and may cost the hospital dearly. The danger of keylogging malware Once keylogging malware has been installed on a computer, any data entered via the keyboard can be recorded. That information...
by G Hunt |
November 17, 2015 |
Cybersecurity Advice
In order to manage cybersecurity risk effectively, data protection policies must be developed. However, a new research study conducted by risk and business consulting firm Protiviti, suggests that a third of companies have not yet developed data protection policies. When data protection policies have been implemented, many are insufficient and leave the company vulnerable to a cyberattack. Data protection policies are inadequate or non-existent in many cases Over 700 information security professionals and executives were polled and asked about their company’s efforts to keep data secure. Questions were asked about data retention, storage and secure disposal, as well as governance, privacy policies and a wide range of cybersecurity controls. It would appear that many firms were not managing cybersecurity risk effectively, leaving them vulnerable. Information security solutions may have been implemented, but basic controls such as the development and issuing of data protection policies had been neglected. When policies had been written and implemented, many were insufficient and did not cover even a fraction of the elements necessary to keep systems and data secure. Many security holes were allowed to persist. To manage cybersecurity risk, start at the top The board must become involved in cybersecurity decisions and should take a greater interest in keeping their organizations secure. Policies must be developed that set rules for the entire organization, and awareness of data and network security must be improved. All members of staff must be made aware of the current threat levels and a culture of security awareness developed. Best practices must be defined and all users monitored to make sure that those practices are being followed. The study indicates that board level involvement in cybersecurity issues is becoming more common, yet only 28% of survey respondents indicated there was a current high level of board engagement in such issues. What is even more worrying is there has actually been a fall of 2% in high-level engagement year on year. 15% of respondents said board engagement in cybersecurity matters was low, while a third said engagement was at a...
by G Hunt |
November 16, 2015 |
Cybersecurity Advice
Think you have to open an infected email attachment or download a file to your computer to acquire a malware infection? Not with the latest memory based malware. Drive-by attacks are taking place that do not need any user-interaction. These file-less malware infections use malware that resides in the computer memory, and RAM memory is not scanned by most anti-virus programs. The good news is attacks of this nature are rare. The bad news is the malware is being increasingly used by cybercriminals. Fortunately, malware that resides in the memory doesn’t survive a reboot. Unfortunately, by the time your computer is rebooted, you may have already lost your sensitive data. How often do you reboot? At the end of your working day? That could potentially give a hacker a full 8 hours to record your keystrokes or download files to your computer. A lot of damage can be done in 8 hours. There is another problem. Hackers are now creating memory-based malware that actually survives a reboot. The malware has been configured to hook into an API. When the computer is restarted, the malware is reloaded back into the RAM. Memory-based malware exploits security vulnerabilities in outdated software If a user is convinced to visit a malicious website, or responds to a spam email containing a link to one of those sites as part of a phishing campaign, their computer can be infected almost immediately. A user is usually directed to a web page containing an exploit kit: The Angler exploit kit for example. Code on the website probes the users’ browser for security vulnerabilities. Security vulnerabilities in Adobe Flash or Adobe Reader could be exploited, or Java, Silverlight or any number of plug-ins that the user has installed. However, instead of the vulnerability being used to download a file to the hard drive, code is inserted into the memory. This does not trigger an Anti-Virus program because no files are downloaded to the computer. This allows the hacker to perform a drive-by cyberattack, stealing information quickly and silently. That information could include login names, passwords, bank account information, or anything entered via the keyboard. These types of cyberattacks...
by G Hunt |
November 13, 2015 |
Cybersecurity Advice
Using a Mac is safer than using a computer running Windows. That’s not to say it is not possible to inadvertently install a virus or malware on a Mac. It is just that hackers tend to focus more on PCs. From a hacker’s perspective, it is better to try to infect as many devices as possible and more people own PCs than Apple devices. According to research conducted by IDC, sales of Macs have increased by just over 16% this year. However, while accurate figures are difficult to find, approximately 90% of computers use Windows software. This makes the operating system much more likely to be attacked. If you were a hacker would you concentrate on the 90%? That does not mean that Mac users are immune to attack: BlackHole RAT, OS X Pinhead, Mac Flashback, and Mac Defender all targeted Mac users. Mac users do face risks and must be cautious when using the Internet. They may not face such high risks, but they can just as easily fall for scams. Phishing websites will also work just as well on Macs users as they will on everyone else. That’s because phishing techniques are employed to fool the user of the device. It doesn’t matter what device is being used to access the Internet. New phishing scam alerts iTunes users to account limitations Mac users have recently been targeted by a campaign claiming iTunes accounts have been compromised. Most recently a phishing scam has been launched advising iTunes account holders that their accounts have been limited for security reasons. They are informed of this by email and are provided with a link. If the link is clicked they are directed to a scam site and must enter information to lift the account limitation. A number of data fields must be completed and a credit card number entered. This is an easy scam to identify as, even when accounts have been compromised, a service provider would not typically ask for a credit card number for identity verification. If in doubt, just access your Apple account directly and check to see if there is a problem with your account. Never use the link supplied in an email. Mac Internet scam reported offering urgent tech support A Mac internet scam warning was recently issued after the discovery of a...
by G Hunt |
November 12, 2015 |
Cybersecurity Advice
If you want your employees to browse the Internet safely you should try to restrict access to websites that have a valid SSL certificate. It is now common knowledge that SSL certification means a website is secure and can be trusted; but is that true? Does a SSL Certificate mean a website is safe to use? The answer is a definite no. The HTTPS or a SSL certificate alone is not a guarantee that the website is secure and can be trusted. Many people believe that a SSL Certificate means a website is safe to use. Just because a website has a certificate, or starts with HTTPS, does not guarantee that it is 100% secure and free from malicious code. It just means that the website is probably safe. In the vast majority of cases the sites will be. Just not always. Unfortunately, phishers and other cyber criminals have discovered how to exploit trust in SSL certificates. Some phishing websites have valid SSL certificates in place. This means even when you think your employees have been restricted to safe websites, they are still not protected from phishing sites. Relying on a block on sites that do not use SSL certification is a mistake, and potentially a very costly one. It is a good idea to restrict access to unsecure websites, but further protections will be required if you want to be sure that your employees and your network are properly protected. Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo. Book Free Demo What is a SSL Certificate? In short, an SSL Certificate is a file that permanently binds a key to a company’s website. When an SSL certificate is installed on a company’s web server, connections with that website will be secure. Information will be sent via port 443 using the https protocol. SSL Certificates are used by websites to secure sessions with web browsers. You will be able to tell which websites have an SSL certificate in place because they will have a padlock next the web address. This means that the connection with that website is via a secure connection. The information you enter when connected to the website can be used with confidence, and most importantly, it...
by G Hunt |
November 10, 2015 |
Cybersecurity News
Critical security vulnerabilities in browser plugins have been widely reported in recent months. As soon as one has been found and patched, more are discovered. Zero-day Adobe Flash vulnerabilities (Shockwave Flash) have been some of the most publicized, due to the sheer volume discovered in 2015. Earlier this year a number of companies pulled the plug on the Flash plugin, deeming it not to be worth the security risk. While it was once the most commonly used way of displaying videos and animations on webpages, the critical vulnerabilities that have been discovered have made it simply too risky to use. There have been many calls for Flash to be retired. Google Chrome and Firefox stopped supporting Adobe Flash and many companies are moving over to HTML5 which offers the ability to display the same multimedia items without requiring a browser plugin to be used. One of the main problems with a plugin from a security perspective, is it will only be secure if the latest version is installed. Even then, as we have seen with the sheer number of security vulnerabilities found in Adobe Flash, the latest version many not be very secure at all. If a user has not updated the plugin to the latest version, and an older version is still in use, criminals will be able to take advantage. A visitor to a website containing malware could result in the vulnerabilities being exploited. Exploit kits can be used by hackers to probe for security vulnerabilities in browsers to find out which software can be exploited. Other Adobe plugins can be exploited, such as PDF Reader. Numerous critical security vulnerabilities in browser plugins discovered It is not only Adobe plugins that are a problem of course, others company’s plugins also contain vulnerabilities that can be exploited. Even HTML5, which is seen by many as a more secure way of showing multimedia items on websites than Flash, is far from immune and also contains security vulnerabilities. No plugin is even required with HTML5. In mid-October, Oracle released a security update for its Java software to deal with over twenty new security vulnerabilities that had been discovered. Oracle announced that an update was necessary on all...
by G Hunt |
November 9, 2015 |
Cybersecurity Advice
British mobile phone and broadband provider TalkTalk discovered it had been hacked late last month; however further information has emerged that suggests TalkTalk hacking scams are increasing in number. Over a million customers’ data are apparently being offered for sale on the dark net, with criminals already using the data to defraud victims. Over four million customers were believed to have been affected by the hacking scandal at first, although not all of the company’s customers are now understood to have been affected. A criminal investigation was launched a few days after the hack was discovered. Initial reports suggested an Islamic terrorist group from Russia were behind the attack, having publically claimed responsibility. This claim appears to be false. The Metropolitan Police Cyber Crime Unit acted fast and just a few days after the attack was announced, a 15-year old teenage boy was arrested in Northern Ireland on suspicion of being behind the attack. A few days later, a second arrest was made, this time a 16-year old boy from West London. A 20-year old was arrested in Staffordshire in connection with the hack, and now a fourth individual has been arrested: A 16-year old boy from Norwich has been detained. 1.2 million email addresses obtained by the hackers The official figures released by TalkTalk are much lower than the initial estimates, but the hack still ranks as one of the biggest UK hacking scandals to be reported in recent years. A statement released by the company revealed that approximately 1.2 million email addresses had been obtained in the attack, customer names and phone numbers were also stolen, and 21,000 bank account numbers and sort codes were accessed, presumed stolen. A later press release indicated that 156,959 individuals had been affected, and the earlier figure was “bits of data,” including email addresses, names, and phone numbers. Credit card numbers were compromised, but since they did not contain complete numbers there does not appear to be a risk of them being used inappropriately. However, that is not to say that the data will be useless. Phishers may well devise campaigns to obtain the remaining digits from...
by G Hunt |
November 6, 2015 |
Cybersecurity News
Personal losses may not be suffered after responding to a phishing email sent to a work email address, but that does not mean an employer is the only victim. A U.S. stockbroker has just discovered that falling for a phishing campaign can result in loss of employment, as well as being barred from gaining employment as a stockbroker for a year. Responding to a phishing email can have serious consequences In this case, the ban was not issued for simply responding to a phishing email, but for the actions taken by the stockbroker. The phishing email response occurred last year, and resulted in $160,000 in funds being transferred from a client’s account into the bank account of a scammer. The stockbroker, David P. Santos, received an email that had apparently been sent by his client. However, the client did not make the transfer request. The email was sent by a hacker who had managed to gain access to the client’s email account. The email requested a transfer of funds to a third party bank. Santos obliged, but in order to do so, forged the signature of his client. He did this on 10 separate documents and made a series of transfers. According to a report issued by the Financial Industry Regulatory Authority (FINRA), in order to obtain the necessary funds, Santos liquidated holdings and conducted improper trades. The matter has recently been back in the news as it was incorrectly tied to another security incident at the bank involving the theft of a laptop computer. According to the Pioneer Bank of Troy, Santos’s former employer, the matters are totally unrelated. This may be an extreme example of an employee falling for a phishing scam, but the incident does highlight the need for employers to be vigilant, and to implement multi-layered security controls to protect against scam emails and phishing campaigns. Proven phishing prevention strategies to minimize risk If enough spam and phishing emails reach the inboxes of employees it is only a matter of time before someone responds and opens an infected attachment, visits a malware-ridden website, or exposes sensitive information to hackers. In some cases, even accountants fall for scams and make bank transfers from...
by G Hunt |
November 5, 2015 |
Cybersecurity Advice
A new study conducted by CompTIA has highlighted the risks that are being taken by end users, and suggest low awareness of security threats. End users’ lack of knowledge of basic security measures continually frustrates IT security professionals. End users are usually seen as the weakest link in the security chain, and the results of this study are unlikely to see many minds changed. The study also suggested the persons most likely to take risks and jeopardize security are in their early twenties: Gen Y. Gen Y Has Low Awareness of Security Threats One of the tests conducted was a relatively straightforward but ingenious test of risk awareness. CompTIA researchers dropped 200 unmarked thumb drives in locations that received high volumes of foot traffic. The researchers wanted to find out how many individuals would pick up the drives and plug them into their computers. Thumb drives can be purchased cheaply, but are extremely useful. Finding one in the street may be seen as a lucky find. However, plugging such a drive into a computer carries a huge risk. There is no knowing what software is installed on the drive, and simply plugging it into a computer could easily result in malware or viruses being installed. In this case, doing that just resulted in a pop up message being displayed which prompted the new owner of the thumb drive to send an email to the researchers to let them know that the device had been found and plugged in. In total, 17% of the 200 thumb drives resulted in a response being received by the researchers. Not all of the individuals who picked up the thumb drive will have responded to pop-up request to send an email to the study organizers, so the number of individuals who did plug in the drive may well have been higher. The company also conducted a survey to discover more about end user awareness of security threats. Over 1200 completed surveys were collected by the company, and the results show that many end users are taking considerable security risks. Those risks could result in laptops, computers, and mobile phones being compromised. If IT security professionals were worried about end user risk taking before, they are likely to be even more...
by G Hunt |
November 3, 2015 |
Cybersecurity News
A new security report issued by leading Anti-Virus firm Kaspersky Labs has highlighted the growing mobile malware risk, with Adware (intrusive mobile advertising) seeing a huge increase since last quarter. The third quarter report shows a 3.1% increase in the number of new mobile malware programs discovered by Kaspersky Labs’s Q1, 2015 figures, with a 1.1% increase since last quarter. In total, Kaspersky products detected 323,374 new mobile malware threats over the past three months. The mobile malware risk appears to be growing. Only a small increase in mobile malware was recorded since last quarter, but the same cannot be said of mobile malware installation packages. 1,583,094 new installation packages were detected in Q3, which is one and a half times the total discovered in Q2. There have been some significant changes in the types of mobile malware discovered, with some vectors seeing a fall in prevalence. Trojan Downloaders, Backdoors, Trojans, Trojan-Spy’s and Trojan-SMS’s all decreased in prevalence in Q3. The most significant reduction was in Trojan-Spy and Trojan-SMS malware, which dropped by 1.6 and 1.9 percentage points respectively. However, the biggest drop since last quarter was recorded for RiskTool, which fell by 16.6 percentage points since the last quarterly report was issued. The RiskTool category includes legitimate mobile programs which are not malicious in nature, but can be manipulated by hackers. This makes them particularly risky to have installed on mobile devices. These programs are capable of terminating processes (such as security applications), hiding processes from the user, and concealing files within the Android system. There were marginal increases in Trojan-Dropper, Trojan-Banker and Trojan-Ransom detections. The biggest rise by a considerable margin was Adware. Mobile Adware jumped from 19% of detections in Q2 to 52.2% in Q3: An increase of 33.2 percentage points. Huge Hike in AdWare Highlights Increasing Mobile Malware Risk Cybercriminals manage to install malware on mobile devices, but how do they actually make money from those infections? Many items of malware log keystrokes and capture passwords and logins used to...
by G Hunt |
November 2, 2015 |
Cybersecurity Advice
Liability for Employee Internet Usage: Can an Employer be Liable for an Employee’s Online Activity? There are numerous benefits to be gained from allowing employees access to the Internet. Information can be found quickly, contacts can be easily developed, new suppliers easily located, products purchased, research conducted and many more benefits can be realized. Unfortunately, the provision of Internet access to employees does occasionally lead to abuse. An employee could use the Internet to access personal gambling accounts and play online poker at work, or social media websites could be used excessively. Individuals can and do view pornography at work. Threats and disparaging comments may be posted online. You can also add the illegal file sharing, hacking of other corporations, and illegally accessing databases to that list. There are plenty of other ways of abusing Internet access and, if it is possible to be done, an employee somewhere will have already done it. The majority of these acts are committed only by a minority of employees. They rarely cause an employer, co-worker or other individual to come to any harm. However, this is not always necessarily the case. Should harm occur, or an employee breaks the law, the employer could be found to be liable for the employee’s actions. There have been a number of cases when employers have been found to be liable for the actions of employees, such as when actions have adversely affected work colleagues. Some of the most common reasons for lawsuits have been sexual harassment of co-workers, threats of violence, racial harassment, and discrimination. Respondeat superior – Employer Liability for the actions of an employee The legal term for vicarious liability of an employer for actions committed by an employee is Respondeat superior. This is nothing new. It has been written into the law for over 100 years. Today, Respondeat superior does not only apply to verbal actions, it also applies to actions committed using email and abuse of the Internet. It is not limited to actions against co-workers either. Liability for employee Internet usage may result from comments posted on forums. Typically, an employer would...
by G Hunt |
October 29, 2015 |
Cybersecurity News
Operators of websites running on the popular Joomla CMS have been alerted to a remote takeover risk following the discovery of a critical Joomla vulnerability. Approximately 2.8 million websites use the Joomla Content Management System, with the CMS second only to WordPress in terms of market share. Joomla version 3.4.5 has now been released and contains a patch to plug the security hole that has existed for close to two years, although any site still running on previous versions will be particularly vulnerable to attack. Should a hacker successfully exploit the vulnerability, it would be able to obtain administrator privileges for the website, allowing full control to be handed over to the hacker. It would be possible for all data and content to be stolen and for the owner of the website and all other site users to be locked out. The vulnerability, discovered by Trustwave SpiderLabs, affects version 3.2 and above and can be exploited using a hacking technique known as SQL injection. All users of versions 3.2 to 3.4.4 are at risk since this critical Joomla vulnerability affects as core module of the CMS, not an extension. Two other security flaws were also patched by the new release. SQL injection is a common technique used by hackers to gain access to websites. The attacks are conducted by entering in SQL commands into text fields on the front end of website. These commands are misinterpreted by the web application. Instead of treating the input as plaintext, it is interpreted as executable code. As such, if the right commands are entered, the websites can be hijacked. Numerous cyberattacks have been successfully conducted using this very straightforward technique, including the recent hack of mobile and broadband provider TalkTalk. Critical Joomla vulnerability can be used to gain access to the administrator control panel Once access has been gained, files can be downloaded including confidential customer information. Since Joomla is used to create e-commerce websites, customers who have previously purchased products through Joomla websites could have their confidential information stolen. This critical vulnerability can be exploited to extract a browser...
by G Hunt |
October 27, 2015 |
Cybersecurity News
Organizations face a growing risk of sensitive data being compromised by ad injection malware. The latest figures released by Google suggest that an organization employing 100 individuals is likely to have at least five computers infected with ad injection malware. This form of malware causes adverts to be displayed to the user that would not normally appear when visiting websites. The malware infects their browsers and results in annoying adverts being displayed, some of which contain links to legitimate retailers. Others contain much more sinister content. With little control exerted over the individuals placing the ads, cybercriminals are able to take advantage and place adverts containing links to malicious websites. However, that is not the only security risk. When the malware infects a browser it causes changes to how websites are displayed. A connection to a website would be secured under normal circumstances, preventing third parties eavesdropping on the session. Unfortunately, when a browser is infected, the process used to encrypt the connection is broken. Sessions are no longer encrypted, and any data entered by the user could potentially be seen by a hacker or cybercriminal monitoring their connection. When accessing a webpage via an open Wi-Fi network, an eavesdropper could quite easily listen in on the session. Usernames and passwords could be revealed as well as other confidential information. Lenovo laptops were pre-installed with ad injection software Potentially a user could avoid having their browser infected with the malware, but not if they bought a Lenovo laptop. Even brand new, straight-out-of-the-box laptops had been “infected”. In this case, by Lenovo. They have been shipping brand new laptops with legitimate software installed that inserts adverts into Google searches. The software in question is called Superfish and it functions as an image search engine. Superfish is able to show adverts by using a root certificate which replaces a trusted website’s security with its own. This is how it is able to display adverts. Unfortunately, the security used by Superfish can easily be cracked. In fact, it already has been, so any Lenovo...
by G Hunt |
October 1, 2015 |
Cybersecurity Advice
Visiting a coffee shop for a caffeine fix usually means having the opportunity to save some bandwidth by connecting to a free Wi-Fi network. In fact a coffee shop without free Wi-Fi is unlikely to be anywhere near as busy and those offering patrons the opportunity to connect to the Internet for free. Even airports, restaurants, shopping centers and many pubs allow visitors to connect to their Wi-Fi for free. Many freelance workers even head to cafes to a full day’s work, while others just check email or surf the Internet. The ability to connect to someone else’s Wi-Fi is convenient and saves money. However, as many people discover, it may not be quite as free as they think. Connecting to free Wi-Fi hotspots carries considerable risks. There may actually a considerable cost. Identity theft and the emptying of a bank account! The importance of a secure Wi-Fi connection Many free Wi-Fi networks allow any user within range to connect without even having to register. These open networks really are open to anyone, and that means open to criminals as well. When users connect to these networks they allow any individual who is also connected to see a considerable amount of their data. Should a person with the inclination and a modicum of technical skill choose to inspect network traffic, they could potentially see the websites that are visited, read the emails that are sent, and even view login names and passwords. Installing malware on every device that connects is also pretty straightforward. Not all Wi-Fi networks are open. Some coffee shops and free Wi-Fi hotspots require users to identify themselves. Access can only be gained if users logon. This requires the use of a token or password which is only provided to people who create accounts. These Wi-Fi networks use encryption that prevents data from being intercepted. That does not mean that these networks are entirely secure, only that additional security controls have been employed to make them safer. If operators of public Wi-Fi networks really want to protect their users from the myriad of viruses and malware on the Internet, additional security controls should be employed. One of the best options in this regard...
by G Hunt |
September 17, 2015 |
Cybersecurity Advice
Most system administrators have a rather long to-do list. As soon as one item is cleared, another two seem to take its place. Oftentimes there are simply not enough hours in the day to deal with all of the issues. There are software problems, hardware problems, user problems, and it can be hard to find time to be proactive instead of reactive. We would like to make your job easier and reduce the number of items on your future to-do lists. With this in mind we have listed five issues that you should avoid to prevent future headaches. They are basic, but that is why many system administrators forget them. Network Security No No’s Never host more than Windows Active Directory on a domain controller Active Directory looks after the identities and relationships of your network. It will allow you to provide all employees with SSO (Single Sign-On) access. However, it is important that Active Directory is isolated and the machine you use is not used for anything else. Don’t mix up your assets, as in the event of one being compromised, anything else hosted on the same machine is also likely to be affected. After all, hackers are likely to have a snoop around and see what else is running on a server they have managed to gain access to. Keep everything separate, and you will be limiting the damage that can be caused in the event of a security breach. Don’t access a workstation using your administrator credentials Your administrator login credentials, if compromised, would allow a malicious insider or outsider to gain access to systems where a lot of damage can be caused. If you login to a compromised workstation using your administrator login, you could be giving your access rights to a hacker. Cached login credentials are not difficult to obtain. Github offers code that will allow anyone to change Local Admin privileges to Domain Admin privileges. If that happens, a hacker really can unleash hell. Don’t ever reuse passwords One of the most elementary data security measures is to ensure passwords are impossible to guess. In the unlikely event that your password is guessed, or is somehow compromised, it is essential that the password cannot be used to access any other...
by G Hunt |
September 8, 2015 |
Cybersecurity Advice
There has been a lot of talk recently about Social Engineering scams, but what is social engineering?. Social engineering is a term used in social science to describe the psychological manipulation of people into taking a particular action and influencing large groups of people. It is a technique used for good and bad. Politicians and governments use social engineering, and advertisers are known to use social engineering to convince the public to purchase products. In recent months, most talk of social engineering has been about information security. Hackers and other online criminals are now using social engineering techniques to get Internet users to reveal their sensitive information, such as login names and passwords, and even credit card numbers and bank account details. The majority of large scale data breaches caused by hackers and malicious outsiders are usually discovered to include an element of social engineering. How can you protect yourself from being manipulated into revealing information? How can you protect yourself and your company from employees falling for social engineering scams? How is Social Engineering Used by Cybercriminals? The commonest methods employed by cybercriminals to manipulate users into taking certain actions are detailed below. Being aware of how social engineering is used will help you to protect yourself and your employees from becoming victims of scams and phishing campaigns. Abuses of Trust: Online criminals know that if they want to get something from people, it is far easier to get what they want if they pretend to be someone that person trusts. People are wary of strangers after all. If a total stranger came up to you in the street and asked for your PIN number or email address and password, you would naturally not tell them. However, on the Internet it is not always so easy to tell if someone is actually a stranger. Seemingly legitimate reasons are also provided for disclosing such information. Emails sent from colleagues, friends and family members If you receive an email from someone you trust, chances are you will be more likely to respond to a request than if the same email had been sent by a stranger. If a...
by G Hunt |
August 25, 2015 |
Cybersecurity Advice
Beware the threat from within: How to deal with insider threats IT security professionals and C-suiters are well aware of the threat from hackers. Cyberattacks have been all over the news recently. Major security breaches have resulted in millions of files being stolen. Patient health records have been targeted with the cyberattack on Anthem Inc., the largest ever healthcare data breach ever recorded. That cyberattack, discovered in February this year, involved the theft of 78.8 million health insurance subscriber records. Target was attacked last year and hackers managed to obtain the credit card details of an estimated 110 million customers. The finance industry was also hit hard in 2014, with 83 million J.P. Morgan Chase accounts compromised by hackers. Cybersecurity defenses naturally need to be put in place, monitored, and bolstered to deal with the ever changing threat landscape. However, it is important not to forget the threat from within. Malicious insiders can be just as dangerous, and often more so than hackers. Just ask the NSA. They know all too well how dangerous insiders can be. Edward Snowden managed to steal and release data that has caused considerable embarrassment. In his case, he wanted the world to know what the NSA was up to. The NSA had gone to great lengths to make sure that what occurred behind its walls stayed secret. Malicious insiders are often individuals who have been given access to patient and customer records, as well as the intellectual property of corporations, company secrets, product development information and employee databases. They are therefore potentially able to steal everything. The harm that can be caused by malicious insiders is therefore considerable. It is not just theft of data that is a problem. Insiders may use their access to computer systems to defraud their employers, destroy data, or install malware and ransomware. Unfortunately, tackling the threat from within is a much more difficult task than preventing external attacks. Bear in mind that insiders are not necessarily employees. They can include business partners and associates, contractors and past employees. Which insiders pose the biggest threat...
by G Hunt |
August 4, 2015 |
Cybersecurity Advice
Not all habits are bad. Sure you should ease up on the alcohol, give up smoking, and stop biting your nails, but make sure you take some time to develop some good habits. Take a look at the best practices below, ensure you perform them regularly, and before long they will become second nature. You will then be able to legitimately rank yourself alongside the best system administrators. Even better, you should find you have far fewer bad days and even some when everything runs smoothly without a hitch. Develop a ticket system and keep on top of requests You are likely to receive more requests for assistance than you can deal with in a single day. If you are regularly flooded with requests, some will invariably be forgotten. Sometimes you will deal with an issue only for a user to complain that you have not. It is useful to be able to prove that you have dealt with a problem in a timely manner. A ticketing system will allow you to do this, as well as help you prioritize tasks and never forget a single reported system or computer issue. Your system need not be expensive or complicated. If you work on your own in a small business, you can set up a very simple MS Access database to log all requests. Even a spreadsheet may suffice. A word document would also work. The important thing is that all requests are logged. If there is more than one system administrator employed in your company, it is probable that you may need to have a more complex system. Helpdesk software is likely to be required if you are having to deal with hundreds of requests. They will need to be allocated to staff members, and follow-ups will be required. Making sure all queries have been answered and all reported problems resolved will be a nightmare without such a system in place. Keep a log of your activity If you ever have to justify what you have spent all your time doing, your ticketing system is your friend. You can show the volume of requests you have received/resolved on a daily basis, and use that information to show that your time has been well spent. One clever way of reducing the requests you get is to log the requests and send the user (and his or her line manager) an email...
by G Hunt |
May 19, 2015 |
Cybersecurity News
When it comes to cyberattacks and the resultant data breaches, not all organizations are affected to the same extent. Larger organizations store greater quantities of data and a security breach may end up costing the company over $100 million to resolve, but such breaches are not suffered very often. In fact, when you compare the cost of breach resolution to the annual turnover of a company, the cost is actually very small indeed. Even the huge data breaches that have affected Sony and Target have not cost the companies very much in the grand scheme of things. Compared to the annual turnover of both companies, the costs incurred are very low. As low as 1% of total turnover. The security breaches will be embarrassing, but the actual losses can be easily absorbed. Benjamin Dean from Columbia University’s School of International and Public Affairs recently pointed out in a post that the cost to large companies may not be insignificant, but it is nowhere near as high as many people would believe. Consequently, there is little pressure on many large organizations to invest more heavily in cybersecurity defenses. This may not be true for heavily regulated industries such as finance and healthcare, where heavy fines can be issued for non-compliance with data security regulations, but for some companies the costs can be easily absorbed. Many of these companies are covered by insurance policies that pay for the majority of the cost and the resolution costs are tax-deductible. He points out that while there will be fallout as a result of a data breach, this may not be nearly as high as many companies are led to believe. Many Sony employees had their data exposed in the cyberattack but how many will leave their employment as a result? Sure, they will be unhappy, but will they leave in droves? Probably not. Customers may incur losses, but Sony will not have to cover the cost. How about cases of identity theft? Can a customer determine with any degree of certainty that they have become a victim because of the data breach at Target or Anthem, or any number of other companies that have suffered cyberattacks? In many cases, losses are not suffered by the company but by the...
by G Hunt |
May 14, 2015 |
Cybersecurity Advice
Hackers and malicious insiders are trying to break through security defenses to get their hands on sensitive data, but what data are they actually looking for? Which data needs to be better protected? There are federal laws that require physical, technical and administrative controls to be put in place to keep data secure. Fail to protect certain data types and there could be serious trouble, regardless of whether a hacker actually manages to compromise your network. Some data types are obvious, others less so. Credit card numbers, bank account information, Social Security numbers and healthcare data all require robust security measures to keep the information secure. Have you made sure that each of the following 9 data types have appropriate controls in place to prevent unauthorized individuals from gaining access. Financial Data The goal of many hackers and cyber criminals is to gain access to bank account information, and the logins and passwords used to access online accounts. Once they have this information they can use it to make transfers and empty accounts. Credit/debit card numbers are also sought in order to make online purchases and create fake cards. PIN numbers, if stored, along with answers to security questions must similarly be protected with robust controls. Medical Data The Health Insurance Portability and Accountability Act (HIPAA) requires all covered entities to put physical, technical and administrative controls in place to keep medical data secure. In the wrong hands, medical data can be used to discriminate and defame. It is also used in spear phishing campaigns, and used with other data to commit fraud. Failure to secure these data is a violation of HIPAA Rules, and financial penalties are sure to follow. Criminal charges can even be filed against individuals for failing to secure highly sensitive data. Driver’s License Numbers A valid driver’s license number can be used to create fake driving licenses. These are not only useful for people who are not legally allowed to drive, they can be used to obtain other forms of identification and commit identity theft and fraud. Student Data Student data is increasingly being sought by criminals...
by G Hunt |
February 11, 2015 |
Cybersecurity Advice
You are faced with an insurmountable problem: Your job requires you to keep the business secure from external attacks, and you must take action to deal with the threat from malicious insiders. It is your responsibility, and your job may well be on the line if something goes wrong and data is stolen, or your network is infected with a virus or malware. Unfortunately, you have not had a budget increase and cannot afford to purchase the software solutions necessary to protect your business from attack. This is a problem faced by many IT professionals. Management understands there is a risk and knows the risk is considerable, yet they expect you to work your magic with your hands tied behind your back. You are not a magician; so, if management wants to be properly protected, it is your job to convince the powers that be that you need a bigger budget. We know you have already tried this. What you therefore need to do is improve your communication skills. You need to find a way to convince the management that additional funding is absolutely essential. One of the best ways of doing this is to explain that security risk is actually business risk. You are not alone – 50% of IT professionals work with inadequate security measures IT department funding is almost always limited. It is not possible to purchase the highest quality equipment, the best possible security measures, and have enough staff members to perform all of the required work. So if you are stressed, are suffering a critical lack of funding, or are desperately understaffed – you are not alone. The situation has recently been assessed by the Ponemon Institute. Its latest survey probed IT security professionals and asked them about the level of security in their organization. It would appear that when it comes to cybersecurity protections, the management and IT department heads are often not on the same page. The survey was large. Over 5,000 IT professionals send back responses to the survey and more than 2,500 of those respondents said their cybersecurity measures were inadequate. The problem for many was the fact that the upper management simply did not understand just how important it was to improve...
by G Hunt |
January 7, 2015 |
Cybersecurity Advice
To put it mildly, 2014 was bad year for many IT security professionals. The number of threats to network security increased significantly, more computer systems were breached than in previous years, and more confidential records exposed than in the previous 12 months. The threat landscape is constantly changing, but 2014 saw incredible volumes of new malware released and a considerable number of zero day exploits succeed. Many IT security professional will be glad to see the back of 2014. Unfortunately, 2015 doesn’t look like it will be any better. Many predict it will even be worse. 2014 started badly with the discovery of a number of cyberattacks. Hackers had gained access to computer systems in 2013, or even earlier in many cases, but 2014 was when the attacks were discovered and a large volume of brown substance hit the fan. The discoveries were shocking. Incomprehensible amounts of data had been compromised and listed for sale. The country was still reeling from the cyberattack on Target, and then came the announcement of mega data breaches at Neiman Marcus and Home Depot. P.F. Chang’s had customer credit card details exposed from 33 of its restaurants, JP Morgan was affected by a major data breach, as was Michael’s. The healthcare industry was also badly hit. Community Health Systems suffered a major data breach exposing 4.5 million records and even the U.S. Postal service was targeted. 800,000 employee records were exposed in that attack. Then there was the attack on Sony. That data breach caused an incredible amount of damage, with the hacking group responsible not apparently looking for money. The attack was carried out by a group called “Guardians of the Peace,” supposedly located in North Korea and backed by Kim Jong-Un. As a result of the breach, Sony Pictures even stopped the Christmas release of the “The Interview” movie. The film parodied the North Korean leader and even depicted his death. The leader of the Democratic People’s Republic of Korea was reportedly none too happy about the film and the content of the movie was allegedly a motive behind the attack. Now that “The Year of the Data Breach” (as it has been dubbed) has finally come...
by G Hunt |
May 20, 2014 |
Cybersecurity News
May is not yet over. There are still seven months to go before 2015 arrives, yet Internet security experts are already calling 2014 the year of the data breach. The situation is bad and it is expected to get worse. Before the year draws to a close, many millions of Internet and email users will discover they have had their computers infected with viruses or have become victims of Internet fraud. The U.S. Healthcare industry has been hit particularly hard this year. In February, Anthem Inc. discovered a hacker had infiltrated its computer network and stole 78.8 million insurance records. Just days later, Premera Blue Cross, another U.S health insurer, uncovered a similar cyber attack that exposed the records of 11 million subscribers. The month of February was just over halfway through, but more confidential healthcare records had been exposed than in the whole of 2012 and 2013 combined. Then there was the cyberattack on Target. Up until February 1, Bloomberg BusinessWeek calculated the retailer had spent approximately $61 million to cover data breach resolution costs. All three of these data breaches were suffered by large organizations who had invested heavily in data and network security systems. Yet despite the investment they still suffered massive data breaches. What makes the Target data breach stand out though is the fact that the company’s security system actually detected the intrusion. For some reason, Target decided to do nothing about it. To state the obvious, this was a mistake. So far over 100 separate lawsuits have been filed against the retailer, in the most part citing negligence for failing to protect customer data and not taking action quickly enough when the breach was discovered. The attack exposed the records of over 110 million customers and the banks have already been forced to spend in excess of $200 million as a result. When the lawsuits are resolved, the final cost of the data breach doesn’t even bear thinking about. Typically, data breach victims seek damages of around $1,000 a head. Then there was Heartbleed. For those who somehow missed it, this was one of the biggest and potentially most serious security vulnerabilities ever...
by G Hunt |
April 15, 2014 |
Internet Security News
The Heartbleed security vulnerability was announced recently and had IT security professionals rapidly taking action to plug security holes. System passwords were changed and alerts sent to end users telling them to do the same. Heartbleed is a highly serious data security vulnerability that was discovered in the OpenSSL cryptographic software library. It is so called because it affects a SSL extension commonly known as Heartbeat. Over half a million websites are believed to have been affected by the Heartbleed vulnerability. The Internet is normally secured with SSL/TLS encryption. This allows information to be exchanged securely by a wide range of Internet applications, including Instant Messaging (IM) services, email, and even Virtual Private Networks (VPNs). Unfortunately, the Heartbleed bug allows anyone to steal passwords even with SSL/TLS encryption in place. According to American cryptographer Bruce Schneier, Heartbleed is a potentially catastrophic security vulnerability. He recently said, “On the scale of one to 10, this is an 11.” IT departments have been frantically issuing alerts to change passwords Sensitive data is protected by passwords; however, Heartbleed has potentially allowed passwords to be compromised. The security vulnerability may have only just been discovered, but it has existed for at least two years. Hackers are not understood to have used the vulnerability to gain access to sensitive data, but it is actually rather difficult to tell even if they have. As a security measure, IT staff have been sending emails to all users advising them to change their passwords just in case. Unfortunately, they are not the only individuals sending password change requests to users. Online scammers have been piggybacking on the major data security event and have been sending emails of their own. Conveniently, also including links to allow users to rapidly address the huge security hole. Any individual who has heard about the security issue will be keen to protect themselves against hackers and cyber criminals. Emails telling them to change their passwords are likely to be clicked. Unfortunately, clicking those links will take users to a...
by G Hunt |
April 8, 2014 |
Cybersecurity News
Consumers are spending less in bricks and mortar stores, and more people are looking for goods and services online. On top of this some major retailers have suffered data breaches which have tarnished their reputation. For Target, the data breaches it suffered have had a serious impact. Sales have been lost to competitors as a result. According to a Cowen & Co.’s tracking survey, there has been a decrease in customer satisfaction. The survey indicates there has been a fall in satisfaction in the overall shopping experience and ratings for customer service have also declined. The data show that reputation and brand image do have an impact on shoppers’ behavior. They will go elsewhere if they do not trust a retailer. Target is one of the biggest retailers in the United States. What would be the impact on a small to medium sized organization? Would it be possible to weather the storm after a massive data breach has been suffered? Data Breaches Can Cost SMBs Dearly! The cost of a data breach can be considerable. The Ponemon Institute has recently quantified this. In a recent survey, 850 executives were asked about reputation damage following a data breach. 44% of respondents said it would take between 10 months and 2 years to recover from damage to reputation following a data breach. For some companies the effect will be felt for much longer. If they manage to stay in business that long! Not all breaches have the same effect on a company’s reputation. Consumers are aware that security breaches are now a fact of life, but they are likely to be unforgiving if their Social Security numbers, credit card numbers, or bank account details are obtained by criminals. The potential financial losses for a company can be considerable. Ponemon’s study suggested that brand image damage can cost between $184 million and $330 million. Best case scenario? You are likely to lose 12% of your brand’s value. Your Competitors are Waiting to Take Advantage All companies are likely to suffer a data breach of some description, yet many are ill prepared to deal with a security breach when it occurs. If a breach response plan is developed prior to a security incident being suffered,...
by G Hunt |
March 14, 2014 |
Social Media
LinkedIn is one of the fastest growing social networks and is now used by employers to build contacts and find new customers and suppliers. The number of LinkedIn users has been swelling, and now the site boasts nearly 1 billion accounts. The professional network is an essential sales and marketing tool for many companies, and recruitment firms would find it very difficult to stay competitive without it. The website extends a company’s reach and can be used for a variety of purposes. Company news can be announced, new products marketed, new employees found, and the site contains many interesting industry articles, providing hints and tips for busy professionals. Many users now search LinkedIn for information before using the search engines. Companies now use the social network as well as their employees. In fact the boundary between the two has become somewhat blurred. For instance, if an individual spends personal time building up contacts, are those contacts connecting with the person or the company? In many cases it is a mixture of the two. So who actually owns those contacts? The employee or the employer? A recent court case in the UK sided with the company. However, without social media usage policies in place, a court case could go either way. Recruitment consultant discovers his LinkedIn contacts are not his own A recruitment consultant at Hays Recruitment had been building up contacts via his professional account. When he decided to leave his employer and set up his own business, he copied contacts to his personal account. These were people he had been dealing with frequently as his job demanded. Hays objected to this activity and took the ex-employee to court over the matter. The judge agreed with Hays and ruled that LinkedIn contacts built during employment at Hays be handed over. The employee was also required to disclose all of the emails that had been sent to those individuals. The employee, Mark Ions, maintained that by connecting with individuals they had disclosed their contact information and were no longer confidential. Hays maintain that Ions stole business contacts. This landmark case highlights the potential problems with the use of social...
by G Hunt |
March 4, 2014 |
Internet Security News
Web visitors can be ultra-cautious and avoid websites that commonly contain malware. Don’t visit pornographic, gaming, betting, file-sharing, and streaming websites, and you will be able to reduce the risk of encountering malware. However, that doesn’t mean that you will never come across phishing websites and malware-ridden webpages. Even very large, reputable websites are sometimes infected. How large? How about Yahoo: One of the biggest search engines and webmail providers on the Internet. Recently Yahoo was found to contain adverts that attempted to install malware on users’ computers. Code was installed that examined users’ computers and checked to find out if the latest Java version was installed. Earlier versions of Java contained vulnerabilities that could be exploited. The latest version has fixed the security holes, but many users have not yet installed the latest version. It is estimated that as many as 2 million people visited Yahoo and had their computers infected. A great many more individuals would also have had their computers compromised had they visited the website instead of Google. In this case, the individuals behind the infections – malvertisers – were putting users’ computers to work performing bitcoin calculations: a very profitable business if you have 2 million or more computers at your disposal. Of course this is nothing new. Many websites are infected with malware. They just are usually not as big as Yahoo. However, hackers are getting bolder, and are now succeeding in infecting large websites with very good security measures in place. Advertising networks are increasingly being infiltrated by malvertisers Legitimate advertisers use advertising networks to syndicate their adverts across many thousands of websites. They are able to put their adverts in front of tens of millions of potential purchasers. Malvertisers, individuals or disreputable companies, are now doing the same. They make their adverts look respectable and get accepted by an advertising network. However, their ads contain links to malware-ridden websites, or code that probes for security vulnerabilities in users’ computers. They then inject their malware and...
by G Hunt |
January 8, 2014 |
Internet Security News
Certain types of websites are known to contain malware and carry a high risk of infecting visitors. Video streaming websites, those providing adult content, and sites run by individuals who lack an understanding of basic security controls. However, it is not only these websites that carry a risk of infecting visitors with malware. Even large sites – we are talking Yahoo and YouTube here – have allowed malware to be installed. How is this possible with websites that generate huge revenues can also be infected? The problem is not the websites themselves, but the content that is displayed on them. Malware is delivered indirectly, via the ad networks site owners sign up to or fail to block. There are a lot of unscrupulous advertisers out there, and many do not vet their customers very well. Some ad networks allow anyone to sign up. They also serve just about any kind of advert, even those containing malware or malicious links. Any visitor to those sites could potentially have their device infected. If one of those visitors is an employee of yours, your network could be in serious trouble. Ad networks can allow malware to be delivered to users’ devices An advert on a website could direct the visitor to a phishing website or one that contains multiple pieces of malware. That is not to say that the advertisers are deliberately phishing for information or want to infect visitors. They may not even be aware that their websites have been hijacked by hackers. Advertising is often a necessary evil to make websites profitable. Without advertisers, many websites would simply go out of business. To generate revenue, site owners place code on their websites that third party servers can access. Adverts are then shown to visitors to that website via text, image, or even video ads. Those third party servers potentially syndicate adverts to tens of thousands of websites, including many legitimate and well known websites. With the potential to send adverts to so many websites, ad networks are frequently targeted by cybercriminals. If they are successful, their malware can be very quickly syndicated and placed in front of tens or hundreds of thousands of individuals. In some cases,...
by G Hunt |
December 17, 2013 |
Internet Security News
In September, WebTitan launched a competition offering charities the chance to win a free WebTitan Cloud Security Solution to keep their networks protected when workers access the Internet and email. The solution is highly effective at preventing users from inadvertently accessing web contact that could cause networks or computers to be infected with malware, while protecting users from objectionable content. It also allows an organization to see what websites individual workers are attempting to access. For charitable organizations the WebTitan Cloud Security Solution offers exceptional protection, and can prevent data breaches and costly cyberattacks. The competition attracted a great many entries. All that was required to enter was for the participant to be a charity, and provide a brief answer to a very simple question: Why the organization would benefit from winning a free WebTitan Cloud Security Solution The WebTitan Cloud Competition Winner Is… Touch Life of Uganda The first prize in the competition was well worth winning: A WebTitan Cloud web security license valued at $8,000! The prize could not have gone to a worthier winner. Touch Life is a Non-Government Organization (NGO) operating in Uganda. The charitable organization performs important and incredibly valuable work, assisting families that have been torn apart by war, famine, disease, and have been forced to live a life of extreme poverty. The charity empowers those families to take control of their lives and gives them hope. In an ideal world, the websites of charities would be exempt from cyberattacks. Yet sadly their websites are no different to global corporations earning profits in the billions. Cybercriminals often conduct random campaigns, and the reality is charities are often targeted simply for having poor security controls. If there is money to be made from attacking a website, those websites will be attacked. In fact, cybercriminals often take advantage of natural disasters, famine, and war to obtain donations intended to help victims. However, the Internet is vital for charities to spread news about the excellent work they perform and attract donations. Without those donations they...
by G Hunt |
December 15, 2013 |
Cybersecurity Advice
Without anti-phishing controls in place, your organization is likely to face a high risk of end users falling for scams. How good do you think your employees are at spotting phishing emails? How good are you at spotting phishing emails? Are you a Grammar-Nazi who can spot a misplaced semi-colon from 50 paces? Are you a former Spelling Bee champion or an amateur super-sleuth? Sometimes phishing emails are so obviously fake they are laughable. You would think that a scammer who goes to the trouble of sending out millions of emails claiming to be from a reputable company would actually check the spelling of the company name. Many don’t. Error-ridden phishing emails are common, and they are easy to identify. However, don’t believe for one second that all phishing campaigns are that easy to identify. I write about Internet security and I have nearly fallen for one in the past. Admittedly, it was a very convincing one and in the early days I was a little naïve! I tell you this as even the security conscious can fall for phishing campaigns from time to time. Sometimes scams and phishing emails are virtually impossible to distinguish from legitimate emails. Unless a software security solution is used, it is all too easy to inadvertently become a victim. It used to be a rarity to be emailed a phishing email that was convincing, free from errors, and looked like it had been sent by a legitimate company. Today, scammers are much wiser. They know that a little time spent preparing a campaign properly will result in far more clicks and even more victims. When you consider the money that can potentially be made from targeting business users, investing some time into creating highly convincing campaigns is well worth the investment. Spending a few hours or even a couple of days on a campaign could make the difference between getting no clicks and netting millions of dollars. Unsurprisingly, email spammers have realized this. Spear phishing emails are becoming increasingly common IT security professionals will be well aware that their end-users will be sent phishing emails that can be identified with one eye closed. These emails are sent out randomly in the millions. Fake...
by G Hunt |
June 5, 2013 |
Social Media
Ever since the advent of social media networks, employers have been trying to devise ways to prevent employees from using the sites in the workplace. Employers see the sites as a huge drain of the staff’s time and believe they are one of the biggest killers of productivity. It is true that a lot of time is spent on the websites instead of performing work duties, and some employees spend far too much time checking posts. However, new research has now been released suggesting social media site usage may not actually be that bad. In fact, there could even be major benefits for employers. Do you Ban Social Media Site Use at Work? You Could be Causing More Harm than Good! A new study conducted by Warwick Business School shows that banning the use of social media access in the workplace is more likely to kill productivity than allowing staff access. Any employer believing the opposite is true needs to have a rethink. Some downtime in the workplace is a good thing. Employees cannot work for 4 hours straight without a break and be expected to be as productive at the end of that 4-hour stretch as they were at the start. Taking a few minutes here and there to check Facebook can mean employees’ productivity actually increases. Warwick Business School’s Professor of Information Systems, Joe Nandhakumar, ran the investigative study. He believes that some workers are better at organizing their workflow if social media site access is allowed. Knowledge workers in particular can perform better at work if access is provided. Rather than social media being a distraction, Nandhakumar believes the opposite to be the case. Employers just need to find the positives and not concentrate on the negatives. He has also pointed out that the use of social media may be a new issue for employers to deal with, but they have faced a similar situation in the past with the use of email. That was thought to be a huge drain of time, yet evidence suggests that not to be the case. Take it back even further, and the use of the telephone was believed to be a killer of productivity. In actual fact, social media, email and the telephone make workers more productive, and allow them to achieve much more...
by G Hunt |
May 23, 2013 |
Cybersecurity News
Twitter, like many other social media platforms, is a target for hackers and cybercriminals. The company has recently become the victim of a number of cybersecurity incidents that have resulted in the account names and passwords of users being obtained by criminals. Each attack spells bad news for the company, and even worse news for users of platform. They face an increased risk of suffering identity theft and fraud as a result of having their login credentials compromised. Twitter security measures were simply not good enough to prevent a data breach from occurring. Twitter security bolstered with two-factor authentication To address the situation, Twitter security has been improved with two-factor authentication. This is an important security measure to implement as it makes it harder for accounts to be hacked. Two-factor authentication uses two means of identification to help ensure that accounts are only accessed by the correct individuals. In addition to entering a username and a password, Twitter now requires an extra element to verify the identity of the person trying to access an account. A number of websites and online services have now added two-factor authentication to provide better protection for users of their online services. Google, for instance, added two-factor authentication in 2010. Google’s reputation would be tarnished if it was hacked. The company proactively added the security measure to offer more protection to its account holders. Users of its services must supply a mobile phone number when opening an account. A unique code is then sent by SMS to the phone when a new device tries to access the account. Users can alternatively choose to have an email alert sent to advise them when a new device is used to access the account. This ensures that if someone tries to login to an account on an unknown device, they will be prevented from gaining access, even if they supply the correct login name and password. This is a vital security measure to keep accounts secure and it has been adopted by a number of websites and social media platforms, although it appears to have taken a major data breach for Twitter security to have been improved with...
by G Hunt |
April 24, 2013 |
Internet Security News
Twitter has suffered two major security breaches that have exposed the login credentials of hundreds of thousands of its users. In response to the incident, a number of additional security controls have been considered. The best solution was deemed to be the addition of a two-step authentication process. This will not guarantee another data breach will be prevented, but it will make sure that it becomes a lot harder for hackers to gain access to login credentials. The new controls are likely to put off all but the most skilled and determined cybercriminals from attacking Twitter in the future. There will be much easier targets they can attack. Two-step authentication is an important security control. In order to create an account, a user must sign up and create a login name and a password. The second step in the process, which will shortly be added to Twitter, is the requirement to have a code sent to an email address, mobile phone or the Twitter app. The additional control will log the user’s device. If another device is used to login, another code will be sent to the app, phone or email account used to register. If the code is not entered, access to the account will not be permitted. Wired.com has recently reported that Twitter is in the process of testing the new security measure before making it live. Once testing has been completed it will be rolled out to all accounts. This will not come a moment too soon. Cybercriminals are targeting social media networks, and if security measures are inadequate, data breaches will be suffered. Social Media Networks are an Attractive Target for Cybercriminals The networks are a big target for hackers and cybercriminals. The data stored in user accounts can be considerable. The data can be used to conduct highly effective spear phishing campaigns. With detailed information about each user, those campaigns can be very convincing. Criminals can use stolen data to craft emails that the user is likely to respond to. They can find out who their contacts are, and make an email appear that it has been sent by a friend. That makes it far more likely that the target will click a phishing link or open an infected attachment. Not...
by G Hunt |
April 17, 2013 |
Cybersecurity News
Terrorist attacks are occurring with increasing regularity around the world, but it is still rare for one to happen on American soil. However, on Monday an attack took place at the Boston Marathon. The tragedy claimed the lives of three people. It is at times like this that vigilance must be increased. Criminals often use events such as this to infect computers with malware. Big news events are often used to lure victims into clicking on links to websites infected with malware or convince them to open malware-infected email attachments. The Boston bombing is no exception. Criminals have seized the opportunity already and have started sending emails about the tragedy which contain links to infected sites. SpamTitan is alerted when spam and phishing emails are captured. The quarantine reports are collected and analyzed, and some of the recent crop of captured messages contain titles such as “Explosion at Boston Marathon” and “Boston Explosion Caught on Video.” When news breaks, people want to find out what has happened, and images and videos of the event are sought online. Videos of the Boston bombing are being searched for on Google and social media, and emails including links to videos are likely to be clicked. Anyone clicking one of the links in the emails will be directed to YouTube where a range of videos are listed. No harm is immediately caused. However, after 60 seconds the visitor will be notified of a file called “boston.avi____exe”, and are asked to download it. If the file is run, it will install malware which will connect to servers in three locations: Argentina, Taiwan and Ukraine. Data from the infected machine will then be sent to those servers. SpamTitan software will prevent the email from being delivered using a variety of methods, thus protecting the user. Individuals without this software installed are unlikely to even be aware that their computers have been compromised. Be wary about emails containing news alerts Cybercriminals often use news events to spread malware and gain access to computers and servers. Each major news story, whether it is a terrorist attack, election result, natural disaster or celebrity wedding, will see numerous...
by G Hunt |
April 7, 2013 |
Cybersecurity News
What is a hacker? Hackers are commonly referred to in print media and Internet reports, and are often viewed as either criminal masterminds intent of wreaking havoc and causing chaos, or bored (but highly skilled) teenagers with nothing better to do with this time. However, a hacker is just an individual who is familiar with computer software and who is able to find and exploit security weaknesses in computer systems. Should you conduct a search on the internet for HTML Injection, you would find a great many websites that explain how to use this technique to gain access to websites. If you were to follow the instructions, you would essentially be a hacker. Just, not a very good one. Not all hackers are bad, not all lack a conscience, and many are not motivated by money. Some are highly talented individuals who want recognition for their computer skills or just want to protest about something. Hackers have been known to break in just to prove a point. It is morally reprehensible that board members are taking huge amounts of cash out of the business, but are jeopardizing the privacy of their customers and leaving them exposed to Identity theft. Some companies even employ hackers to test their systems. These “ethical hackers” or “white hat hackers” perform an extremely valuable job. It is far better to have an employee attempt to hack a computer network to find vulnerabilities in order to fix them, rather than have a malicious outsider break in and steal data. Facebook has, and does, hire programmers for this purpose, and even runs an annual hack-a-thon. The rise of the everyday hacker The leading company in the field of application security testing, Veracode, produces an annual security report that assesses the state of software security. The company’s researchers investigate security trends and makes predictions about how vulnerabilities could potentially be exploited. In this year’s State of Software Security Report the company has predicted there will be a rise in the number of “everyday hackers” over the next few years. These “have-a-go-hackers” will not be highly skilled computer geniuses. They will be normal people who decide to have a go at hacking. As...
by G Hunt |
March 3, 2013 |
Cybersecurity Advice
Many people are willing to use the Internet to commit fraud. Identity thieves try to get website surfers to reveal their personal information, hackers break through defenses to steal credit card numbers and bank account information, and scammers head online in the tens of thousands. Saboteurs spread viruses and criminal gangs are using spear phishing campaigns to get the information they need to empty corporate bank accounts. The Internet can be a very dangerous place indeed. There were more than 1 million victims of online identity fraud in 2012 A recent study conducted by market research firm Javelin Strategy and Research, indicates more than 1 million victims of identity fraud were created in 2012 than the previous year. That means one in three Americans have now become victims of online fraud. An incredible 12.6 million people have been affected by online fraud in the United States alone. In fact, a new victim of identity fraud is created every three seconds. Cybercrime is extremely profitable. In 2012 alone, more than $21 billion was lost to cybercrime. People are engaging in high risk activities online One of the main reasons why we have experienced such a dramatic upturn in cases of identity fraud is a lack of security awareness. When connecting to the Internet, many individuals fail to realize they are entering a potentially dangerous place. Because of ignorance of the risks, many people fail to take precautions and do not protect themselves. Would you walk down a street in New York City waving a big bundle of cash in front of you? Would you leave your credit card in a phone booth? Of course not. Yet people do equally risky things online. They provide their bank account details to criminals and enter their credit card details into online forms without checking whether the website is legitimate. They even store all of their intimate information on their laptops, Smartphones and tablets, and then leave those devices in cafes, unlocked automobiles, on trains and on buses. These things can and do happen, but when it comes to online fraud, the biggest threat to security comes from social media websites. Social media websites carry a major risk of identity...
by G Hunt |
February 20, 2013 |
Internet Security News
Bring Your Own Device (BYOD) is increasing in popularity. Employers love it: They can leverage the power of Smartphones, tablets and laptops, without having to pay the huge cost of supplying the devices to all staff members. BYOD can lead to a major increase in productivity, improve efficiency, and the devices facilitate better collaboration. They make communication so much easier. That said, they do raise a number of security concerns, so much so that many security experts believe the acronym should stand for “Bring Your Own Doom”, or “Breach Your Own Data.” By running such a scheme are you just introducing unnecessary data security risks? Would it be better to bite the bullet and supply mobile devices to exercise greater control? Employees are not necessarily careful with corporate data stored on their devices Employees engage in risky online behavior. They fail to implement even basic security controls on their own devices and are prone to losing them. If the devices are used to store corporate data, this is a major security risk. Even with the risks posed by allowing the devices to be used at work, a Fortinet survey recently revealed 74% of organizations in the United States have adopted BYOD. The survey was conducted on 3,800 employees, half of whom believed bringing their own devices to work was a basic human right. In actual fact is it a privilege. The figures would be surprising were it not for the fact that all of the respondents were in their early twenties, many of whom had only just started their first job. Young adults, often referred to as Generation Y, are tech-savvy and have grown up in an environment with a myriad of electronic devices at their disposal. They are heavily reliant on this technology. This is good news as it means they are able to use a wide range of devices competently; they know their way around a computer and are easy to train. On the downside they are perhaps too reliant on their mobile devices and use them too much to communicate. Take those devices away and they are at a loss. Employers have realized that this technical expertise can be leveraged to improve efficiency in the workplace. They are also the CEOs, CISOs and...
by G Hunt |
January 3, 2013 |
Cybersecurity Advice
It will probably come as no surprise to discover the use of personal devices at work carries significant network security risks. Chances are your company may even have a BYOD policy in place that permits the use of personal devices in the workplace. In an effort to quantify the level of risk posed by the use of these devices, a survey was conducted by Virgin Business Media. Respondents were asked questions about BYOD and the potential pitfalls. Network security was one of the main worries, and alarmingly, 51% of respondents revealed they had already suffered a security breach as a result of personal devices being used to access corporate networks. The number of devices connecting to the network has an impact on the level of risk faced. The more devices that are allowed to connect, the greater the risk of one of those devices being used by a hacker to launch an attack on the network. Small to medium sized businesses tended to suffer fewer breaches as a result. The survey suggests 25% fewer. These figures should not be taken to mean that small businesses are unlikely to suffer a cyberattack or experience a security breach. The risk from mobile devices will be reduced, but cybercriminals are now attacking small businesses with increasing regularity. Small to medium sized businesses may not store such large volumes of data, and they may not be as valuable to criminals, but the security defenses used to protect networks are much easier to circumvent. SMEs also tend not to employ as highly skilled IT security staff as the likes of IBM, Facebook and Google. Take a Proactive Approach to Internet and Email Security Many small to medium sized enterprises only implement robust security controls after they have suffered a major security breach. Many CEOs believe that they will not be targeted by criminals and do not require particularly sophisticated defenses. Unfortunately, many attacks are random, so SMEs actually face the same threats as larger corporations. They may not be targeted by teams of foreign government-backed hackers, but they are at risk of attack by other hackers and Internet criminals. The FBI and National White Collar Crime Center formed the Internet...
by G Hunt |
December 18, 2012 |
Cybersecurity News
Unfortunately, IT security professionals have to deal with business managers. This is a problem that will never go away, but there is some good news. They may still be intent of slashing budgets and increasing the productivity of the workforce, but they are less keen about slashing IT department budgets. Many are now suggesting increases in operational budgets to deal with the increased risk of attack. We are also finally seeing CEOs making the decision to implement good security measures to protect against malicious insiders and hackers. The days of having “good enough” security measures may finally be coming to an end. Attitudes on cybersecurity are changing at last, in no small part due to the cost of not doing so being hammered home. Highly publicized cyberattacks have helped in this regard. So have reports of stock prices tumbling after security breaches are suffered. It is not only lone hackers that are attempting to break through firewalls and cybersecurity defenses. Groups of incredibly talented hackers are being recruited by nation states and are being put to work on highly sophisticated hacks on U.S. enterprises. With the backing of nation states, the threat level increases considerably. Robust defenses must be implemented to repel the attacks. Any organization that implements minimal cybersecurity defenses may as well place an advertisement in the Washington post inviting hackers to attack. Cybersecurity attacks have been receiving a lot more press, in no small part due to the huge volume of data that hackers have been able to obtain. Corporate secrets, company accounts, information on personnel, customer data, medical records, Social security numbers, and much more have all been obtained. This information is subsequently sold to the highest bidder or, in some cases, simply posted online for all to see. The potential damage caused can be catastrophic. Many small to medium sized businesses would not be able to survive such an attack, and even enterprise organizations feel the effect. The threat from these attacks has seen a much needed change in attitudes of the upper management and, while IT departments are not yet given all the money they need, the...
by G Hunt |
December 12, 2012 |
Internet Security News
It is now possible to search the internet more securely and also avoid objectionable content without having to install a web filtering solution or parental controls. Google has added greater protection to its search engine to filter out undesirable webpages. Users of Google.com will no longer have the option of choosing a moderate level of content. The choice is now a yes or no. They can “filter explicit content” or not, and account holders can also lock the setting in place. This will undoubtedly please many parents who will be able to easily add a filter to prevent their children from being displayed content of an adult nature, but not everyone is happy. The news broke via Reddit and many internet users have reacted angrily over the censorship that is now placed on searches by Google SafeSearch. Google SafeSearch is not sufficient protection for businesses, schools and colleges The major search engines are well aware that there are a lot of websites containing adult or otherwise explicit content on the Internet and most now offer an option to filter search results to prevent certain sites from being displayed. When set to their various safe modes, they will limit the search results for general search terms. This is fine for home use but it is not sufficient protection for schools, colleges and business use. The function can be used of course, but it will need to be set on each individual computer or browser, and the controls are easy to navigate around. They will only prevent content from inadvertently being displayed in the search results. If a student or member of staff wants to access explicit content, it is easy to bypass the controls or turn them off. Oftentimes these filters are overactive and prevent some legitimate websites from being displayed. It may not be possible for students or teachers to view classic literature or works of art. Some will be deemed to be sexually explicit. The answer in this case is not to use the search engine functions to filter content, but to employ a powerful web filtering solution such as WebTitan. WebTitan allows a system administrator to fine tune the web filter to ensure that adult and other objectionable content...
by G Hunt |
December 9, 2012 |
Cybersecurity Advice
The festive period is almost upon us and, aside from having to deal with the wave of Christmas and New Year cybersecurity threats, it is a time to relax, reflect on the major security events of the year, and plan for 2013. Lessons have been learned in 2012 and it is up to IT security professionals to ensure that the same mistakes are not made next year. 2013 is likely to see a wave of attacks, a great deal more threats, and many companies’ security defenses breached. Prepare adequately and your company is likely to avoid becoming another security breach statistic. Online Security Threats from 2012 2012 was an exciting year, certainly as far as data mobility was concerned. Many companies have enjoyed the benefits that come from being able to access data from any location; on any device. Unfortunately, so have cybercriminals. Widespread adoption of Bring Your Own Device (BYOD) schemes have made workforces much more productive, efficient, and happy. Unfortunately, mobile devices are being attacked with increasing regularity. Personal Smartphones, laptops, and tablets may represent the future of business, but they often lack the necessary security controls to ensure corporate networks remain protected. Cloud computing has also been adopted by many organizations, but not all have made sure their cloud applications are appropriately secured. There has been an explosion in the number of social media websites. Use of the sites are more popular than ever before, and so are the threats from using the sites. As user numbers have increased, so have the types of malware being developed to exploit users of Facebook, Twitter, Pinterest and the myriad of other sites that have enjoyed an increase in popularity. Up and coming platforms are being targeted as user numbers increase and established platforms such as Facebook and Twitter are honeypots for cybercriminals. Social media channels and mobile devices are likely to remain problematic for IT professionals charged with keeping their corporate networks secure. Unfortunately, IT security professionals have little control over personal devices, and it is very difficult to stop end users from using their social media accounts at...
by G Hunt |
December 3, 2012 |
Cybersecurity Advice
Small to Midsize Businesses (SMBs) have a lot to gain from joining the social media revolution, and even by allowing employees some personal Facetime at work. There are a number of drawbacks though, and some can be very serious. Many SMBs are well aware of the potential risks as evidenced by a recent survey conducted by Forrester. Businesses were sent surveys as part of the security study and were asked about social media risk. It was named as one of the biggest security concerns. If social media accounts are accessed at work, they pose a considerable risk to network security. There is a major risk of suffering a malware infection from social media websites. Accounts can be hijacked and there are issues with staff accessing inappropriate content or posting sensitive information about the company. Data leakage is a concern, and highly regulated industries face greater risks. Healthcare professionals could all too easily violate HIPAA rules. With all of these serious risks, why would any business permit members of staff to access personal social media accounts at work? Why not just implement a zero tolerance policy, and take action against any employee found to be using social media sites at work? Better still, social media sites could be blocked entirely to prevent all employees from having a sneaky peek at their Facebook accounts! There are benefits to be gained from allowing social media access in the workplace Social media access by employees is not all bad news. There are many positive benefits to be gained from allowing staff a little time to access their Facebook, Twitter and LinkedIn accounts at work. Even some YouTube time can be very beneficial. Here are four reasons why a total ban on social media use at work is not necessarily the best option for employers. A little social media access can improve the productivity of staff! Employees may be seen to “waste” a little time each day accessing Facebook or other social media websites at work, but the time is not necessarily totally wasted. In fact, some downtime can improve the productivity of employees. How productive would you be if you worked 8 hours straight each day without taking a break? You may be...
by G Hunt |
November 14, 2012 |
Social Media
The rise in popularity of social media websites such as Facebook, Twitter, LinkedIn and Google+ has had a significant impact on employers. Many employees would rather spend their entire working day on these websites than completing work duties. Many employees waste an extraordinary amount of time on Facebook, YouTube and similar websites. Employees will always find a way of wasting time, so the increase in use of social media at work is unsurprising. However, employers who ban employees from accessing the websites – such as by using a web content filter – may find that they are actually shooting themselves in the foot. Allowing employees to spend a little time on social media websites can actually be beneficial for a company, resulting in employees being happier at work. Happy staff are actually more productive. If an organization does not implement a total ban on employees accessing social media and social networking websites, it is essential that staff usage of the sites is monitored. Most employees will use the websites responsibly, but there will always some cases of social media abuse at work. The aim must be to keep that to a minimal level. Installing a Web Filter to Block Social Media Abuse at Work The installation of a web filter and Internet monitoring software lets employers block access to certain websites and monitor usage of others. Web filters can be configured to block a specific website for an entire organization, for groups, or for specific individuals. If an individual is excessively using social media at work, it may be appropriate to block them from accessing the sites from their work computer. Access to the websites can be made a privilege, which can be taken away if an individual is found to be abusing the good nature of their employer. Some employers prefer to ban all employees from using the websites, but there is a problem with this. This tells the staff that you do not trust them to be able to achieve a good balance. Also blocking social media usage at work can have a significant negative impact on staff morale. The more restrictions are put in place at work, the less happy staff members are likely to be, and unhappy staff means low...
by G Hunt |
November 13, 2012 |
Cybersecurity Advice
If you want to access the Internet, you will need a web browser. Unfortunately, the very program you use to gain access to the Net, access your email, and logon to social media sites and online bank accounts could be your downfall. A vulnerability in Firefox, Safari, Chrome or IE could be placing your data straight into the hands of hackers. Cyber criminals can – and do – take advantage of out of date web browsers to steal data and gain access to computers, mobiles, laptops, and tablets. It is therefore essential to ensure that your browser is kept up to date. Fail to install updates as soon as they are released and you could become the next data breach statistic. Insecure web browsers could leave you exposed to a cyberattack When you purchase a new device, chances are it will come with a browser preinstalled. You should bear in mind that when purchasing a new device, it is unlikely to come with the browser correctly configured, and you will most likely need to install the latest version. Updates are now being issued on a regular basis. Fail to keep your browser up to date and tweak the security settings is a recipe for disaster. Out of date or insecure browsers can result in malware, spyware, ransomware, and viruses being installed on your device without your knowledge. Even your anti-virus software program may not pick up the infection. Kaspersky Labs, one of the world’s leading providers of anti-virus software, has recently investigated browser security and has discovered almost a quarter of browsers are out of date. The company assessed the browsers of close to 10 million Internet users from all over the world in 2012, with the data drawn from the Cloud-based Kaspersky Security Network. Over 700 million browser launches were logged by Kaspersky during the period of study. Kaspersky Labs browser study produces worrying results Kaspersky Labs analyzed five different web browsers as part of the study and discovered 36 different versions in use. Only five versions were up to date and installed with the latest security patches. Users of Kaspersky Anti-virus solutions were reasonably well protected, with 77% using the latest version of their chosen browser....
by G Hunt |
October 31, 2012 |
Internet Security News
On November 1, 2012, SpamTitan Technologies will be releasing WebTitan 4.0, the latest version of the powerful web filtering solution for business customers. The new version includes a host of additional features to make it easier than ever before for system administrators to manage Internet usage in the workplace and protect their networks from malware, viruses and cyberattacks. The latest version includes new controls to manage bandwidth, with advanced reporting features, delegated administration, full transport authentication, and SNMP support. SpamTitan Technologies WebTitan 4.0 also boasts improved white labeling options. Proxy mode now offers full transparent authentication When developing WebTitan 4.0, product developers took on board comments from users and incorporated a host of new features to make management easier. The result is the most user-friendly version released to date and includes augmented controls to ensure businesses are better protected. WebTitan 4.0 offers full transparent authentication when using the product in proxy mode. Users are able to generate advanced reports, as opposed to previous versions when reporting options for transparent proxies was IP based. Administration functions can be easily configured New delegated administration functionality has been added to reduce the burden on system administrators. Now the administration of WebTitan can be passed over to any stakeholder in the organization. All controls can be easily configured and individual users can be granted reporting rights, policy management privileges with the option of setting reporting rights to allow individuals to issue Internet usage reports for specific users or user groups. When administrator rights have been configured, it is possible for reporting and policy management responsibilities to be delegated to individuals who have a better understanding of the best web filtering policies for specific groups of users, ensuring much improved cross-organizational participation. Ensure enough bandwidth is available for business-critical applications The latest version offers a host of improved corporate Internet policy functions to ensure that sufficient bandwidth...
by G Hunt |
October 15, 2012 |
Internet Security News
A recent survey conducted by SpamTitan Technologies indicates the vast majority of companies are prepared to terminate the contracts of employees for inappropriate social media use, such as exposing confidential data on social media networks. The corporate social media usage study showed that 87% of respondents would consider firing an employee for inappropriate social media use if company policies were violated. Only 16% of companies think social media use at work is acceptable The use of social media channels during work time is frowned upon by most companies. Many turn a blind eye to a little social media time during the working day, but only 16% of organizations taking part in the study said that they actually think it is acceptable for the staff to spend some time on Facebook, Twitter, LinkedIn and other social media networks. The threat of termination of employment contracts for misuse of social media, in particular the posting of confidential information or disparaging remarks about an employer, is not an empty one. According to a study conducted by Osterman Research, one company in six has already made the decision to terminate at least one employee’s contract for inappropriate use of social media in the workplace. With the rise in popularity of websites such as Facebook, Twitter and LinkedIn, it is understandable that members of staff with Internet access are tempted to spend a little of their working day checking their accounts. For many employers the main issue is not the loss of productivity that occurs as a result of inappropriate social media use. It is the security threat that inappropriate social media use introduces. Malware is rife on Facebook Social media websites are a honeypot for cybercriminals and malware is rife on the sites. Online criminals trawl Facebook, Twitter and LinkedIn looking for corporate data, while phishers seek information that can be used to conduct spear phishing campaigns. Twitter now has 145 million active users and Facebook has 845 million users around the world. Many of these users are accessing their accounts during working hours too. Osterman discovered that 36% of employees use part of their working day to check...
by G Hunt |
September 18, 2012 |
Cybersecurity Advice
Unsurprisingly, the launch of the iPhone 5s has had seen people queuing outside Apple stores for hours upon end in the hope they will be one of the first to get a new Apple device. Apple aficionados do get excited about the launch of a new device, and the Apple iPhone 5s is no exception. The company has reportedly sold 2 million units, and that was in the first 24 hours after the release. Interest in the devices has been so high that buying a new iPhone 5s means a long wait is required. Many early purchasers will have to wait a number of weeks before their new phone is delivered. Apple couldn’t make enough available for the launch. Unfortunately, cybercriminals are taking advantage and have launched a number of iPhone 5 phishing scams. Many iPhone 5 phishing scams have now been launched Cybercriminals also love Apple devices. In particular, the launch of a new Apple device. They take advantage of the hysteria and send huge volumes of spam and phishing emails to would-be purchasers, advising of special offers and discounts, must read information about the new device, and news of fake competitions. In the run up to the launch we have seen many new email scams aimed at Apple fans. Scammers have used the media hype surrounding the iPhone 5 launch to their advantage. Apple knows how to launch a new product. Few companies do it better in fact. In the run up to the launch, only a limited amount of information on the device was issued. Just enough to get Apple fans salivating. As the launch date drew closer, more information was released. They built interest in their product, anticipation was high, and when the launch date arrived, the product sold by the million. Scammers take advantage of the anticipation, supply shortages, and long wait times. Spam email campaigns have accompanied the launch of this year’s hottest new product, with a number of spam and phishing emails already captured by SpamTitan’s spam and web filtering software. Some of the iPhone 5 phishing scams include: Fake delivery notifications Phishing websites set up to coincide with the iPhone launch Fake special offers and discounts on the new iPhone 5s Bogus competitions to win a new iPhone We are...
by G Hunt |
July 19, 2012 |
Cybersecurity Advice
New research indicates the threat from phishing is growing at an alarming rate, with thousands of new malicious websites being created every week. Detection rates of new phishing sites are also increasing, thanks to new software introduced by the Anti-Phishing Working Group (APWG). APWG is a pan-industrial not-for-profit organization dedicated to improving Internet security. The organization works alongside law enforcement to reduce identity theft and make it harder for online criminals to operate. One of the ways it achieves its aims is by finding new websites set up by cybercriminals to obtain login names, passwords and other sensitive information from Internet surfers. A recent report issued by APWG shows an alarming rise in the number of new phishing websites, indicating cybercriminals are concentrating on this attack vector to obtain the data necessary to commit fraud and steal identities. In the month of February alone, 56,859 new phishing websites were detected. This rate of detection has not been achieved since August 2009. February’s count of new phishing websites was 1% higher than the organization’s August 2009 figures. While this suggests there has been a major increase in cybercriminal activity, the company’s new detection software may account for the rise in detection. That said, the threat from phishing is certainly growing. What does a phishing website look like? The reason that phishing websites are so dangerous is they look exactly the same as legitimate websites. Criminals are investing a considerable amount of time and money into creating spoof sites that are highly convincing. Big brand name websites are now being spoofed, with Amazon and E-bay just two of the major retail sites that have had fake versions created to fool users. It is not only the retail industry that is being affected. Criminals have created phishing websites that look the same as those of major banks and financial institutions. If users can be fooled for long enough to attempt to login to the websites, criminals will obtain their credentials and be able to make bank transfers. Huge sums of money can be transferred and withdrawn by criminals before the victims even...
by G Hunt |
July 10, 2012 |
Cybersecurity Advice
Social networking websites are here to stay. They may have been created to give people an easy way to stay in touch with friends, family and meet new people, but there are considerable benefits for businesses. In fact, any business that has not yet embraced the social media revolution is likely to be losing customers to competitors. However, social media use at work does carry security risks and employees may spend a lot of their working day posting status updates, reading articles, and communicating with their contacts. A study was recently conducted by Proskauer Rose that set out to explore some of the problems businesses are having with social media website use by employees. It would appear that social media access is not being effectively managed by some businesses, and employees are spending too much time accessing the likes of Facebook, LinkedIn, Twitter and Pinterest. Key findings of the Proskauer Rose social media study Social media misuse was reported as being a problem for 43.4% of respondents 3% of companies have taken disciplinary action against employees for misusing social networks Surprisingly, 45% of companies do not have a social media or Internet policy covering usage at work There are benefits to be gained from allowing employees to have some time each day to access the websites, should they wish to do so. Unfortunately, the drawbacks can outweigh the advantages if care is not taken and usage is not effectively managed. In addition to time being spent on the websites instead of work being performed, there is a considerable risk to network security. Malware and phishing schemes are rife on social media networks. Then there is the issue of wasted bandwidth. On the plus side, employee productivity can be increased by allowing some time to access accounts each day, and businesses can harness the potential of social media and get closer to their customers. Provided use is managed, the benefits can outweigh the disadvantages. The solution is to implement policies to control usage in addition to software solutions to block access if necessary. Protecting networks from attack and controlling social media use at work Simply implementing a ban on...
by G Hunt |
June 5, 2012 |
Cybersecurity Advice
Someone posts a comment about you or your company that is slanderous, racist, or simply causes offense. It may be possible to sue them for their actions. This is nothing new of course. However, what about if that comment is posted anonymously? That does not necessarily mean you cannot file a lawsuit and sue the poster for damages. An Idaho politician is doing just that. Anonymity is no protection any more. The Idaho Spokesman Review hosts a blog just like many newspapers. Blogs attract comments and sometimes spark heated debates between people with very different opinions. They attract visitors and are great for publicity, plus they have much a bigger reach than a newspaper. Sometimes comments are posted that cause offense. One blog commenter recently posted comments that seriously offended politician Tina Jacobson, chair of the Kootenai County Republican Central Committee. The comments, which were posted anonymously, are now the subject of a lawsuit in which Jacobson seeks $10,000 in damages. Only a couple of comments were posted by the person who identified themselves as “Almost a Bystander,” but that was enough for legal action to be taken. Jacobson had posted an article on the website and on February 14, 2012, the comments were added. They allege Jacobson had been embezzling funds: Serious allegations. The owners of the website promptly deleted the comments, together with the entire post. Whatever happened to free speech? The newspaper maintains that readers should be allowed to post comments on articles, and that it should not be necessary for individuals to identify themselves. The paper also does not believe that commenters should have their identities revealed if they have chosen to post anonymously. If the newspaper continues to protect the identity of “Almost a Bystander,” it is probable that the paper will have to cover the cost and pay the damages. The case could well set a precedent, which could have a serious effect on other newspapers, blogs and websites that allow comments to be posted anonymously. If the company hosts a website that allows social interaction, they may have to reveal the identities of anonymous comment posters. But to do that...
by G Hunt |
May 22, 2012 |
Network Security
Many employees want to use their personal devices in the workplace. Personally owned devices are usually faster than the desktops supplied by employers. Employees know how to use the operating system, they have the software they need already installed, and it allows them to be more flexible about when and where they work. These are all great benefits for employers. The power of new technology can be harnessed without expense, and productivity can increase. Some may believe technology vendors are the driving force behind BYOD. It is true that vendors have embraced the BYOD movement and are pushing for their new devices to be used in the workplace. However, it is employees that are really driving the movement. They want to use their own devices in the workplace as it makes their lives easier. Unfortunately for IT security professionals, keeping control of the devices is thought to be virtually impossible. The security risks introduced by personal tablets, Smartphones and laptops are numerous. BYOD is seen as a data security nightmare and a security breach just waiting to happen. But what are the risks introduced by the devices? Are they as problematic as security professionals believe? What are the problems with Bring Your Own Device (BYOD) programs? Many IT professionals dislike BYOD, but it is not only for data security reasons. Managing BYOD requires a considerable amount of planning and time. IT staff are usually pressed for time as it is, and that is without having to manage personally owned networked devices. Budget increases to manage BYOD are rarely sufficient and extra staff are often not employed to cope with the additional workload. Devices owned by employees must be allowed access to corporate networks. They are also used to store sensitive corporate data, yet those devices are taken outside the control of the company, used at home, taken to bars and are often lost or stolen. The devices can cause problems with compliance, especially in highly regulated industries. IT professionals must ensure data can be remotely erased, and protections are put in place to prevent the devices from being infected with malware. Another problem is how to make sure data...
by G Hunt |
March 20, 2012 |
Cybersecurity News
The threat posed by hackers and online criminals is very real, but reports of instances of cybercrime may not be very reliable. When cyberattacks are announced the data can be used to estimate the current threat level. Unfortunately, not all cybercrimes are reported by companies, and even IT departments are often unaware that employees have become victims of phishing campaigns. In certain industries, the reporting of cybersecurity incidents and data breaches is mandatory. Take the U.S healthcare industry for example. Legislation has been introduced – The Health Insurance Portability and Accountability Act (HIPAA) – which makes it a criminal offense not to report a breach of patient data. If an organization is discovered to have violated the HIPAA Breach Notification Rule, a heavy fine can be issued by the Department of Health and Human Services’ Office for Civil Rights. The Federal Trade Commission and state attorneys general can also issue fines. Criminal charges can also be filed against individuals for willful neglect of HIPAA Rules. Consequently, it is in the best interests of organizations to report cybersecurity incidents. The data breach reports submitted to the OCR can therefore be relied upon to be reasonably accurate, and it is possible to build up an accurate picture of the state of data security for the healthcare industry. However, not all industries are so well regulated. A similar data breach suffered by a software company or mining operation may see the organization keep the crime quiet. Announcing a security breach has potential to seriously tarnish a brand. If you had a choice between one company that had suffered a data breach that exposed sensitive customer data, and one that had not, which company would you choose (all other things being equal)? Should the reporting of cybersecurity breaches be mandatory for all businesses? Many privacy and security professionals believe it is essential to report cyber threats and security breaches as the sharing of information can be invaluable in the fight against cyber crime. Intel sharing could make the difference between a threat being rapidly neutralized and many other organizations suffering...
by G Hunt |
March 13, 2012 |
Cybersecurity Advice
You can purchase the most sophisticated software, implement multi-layered security systems, conduct regular system scans and use a host of other security products to keep your network protected from cyberattacks. Unfortunately, all it takes is for one individual to accidentally install malware and all of your good work has been undone. That individual is likely to be one of your company’s employees, not a hacker. Common sense is one of the best defenses You may not be able to install defenses that offer 100% protection against intrusions, insider threats, and malicious software, but we are sure you do your best with the resources you have available. You should install software systems to protect your network, email system and web browsers, but it is all too easy to forget that one of the best ways of protecting a computer, or the network it is connected to, is to use common sense. Unfortunately, when it comes to internet and web security, many employees have very little. Consequently, they must be taught how to act appropriately. Some employees think they have a very secure password, but oftentimes is nowhere near as secure as they believe. It doesn’t contain any special characters, it lacks capital letters, and while it does contain numbers, only a 1234 has been added on the end. If you do not instruct employees how to create secure passwords, they will not. You must also inform them that they must not share passwords across platforms. Sure, it is a pain remembering lots of different passwords, but if one is compromised they all will be. A recent survey conducted by Trusteer, a provider of fraud protection systems, highlighted how common this practice is. Their survey revealed that 73% of computer users use the same password to access their online bank account as they do for other online services. You may have installed a spam filter to reduce the risk of employees falling for a phishing email. The spam filter catches virtually all spam and dangerous emails, and places them in a quarantine folder. The risk of a malware infection via email will be reduced to the minimal level. Then not just one, but a number of employees go into the quarantine folder, and open...
by G Hunt |
February 21, 2012 |
Internet Security News
A new study recently published by Osterman Research indicates there are major Facebook malware risks that many companies are not aware of. Furthermore, those risks are very real. 24% of companies have discovered malware has affected their corporate Facebook pages. The risk of malware affecting corporate social media pages is considerable, with Facebook the main social media network that has been attacked by criminal gangs. LinkedIn and Twitter can also be risky, but only 7% of companies have had their Twitter and LinkedIn accounts infected. The problem could actually be far worse. The study revealed that many IT security professionals were not even aware if their social media accounts had been hacked or infected with malware because they never check. Employees social media use during working hours has increased significantly Researchers at Osterman discovered the use of social media sites by employees during working hours had increased significantly over the past year. The survey results revealed that 36% of employees of corporations were accessing their Facebook accounts during office hours. Last year the figure stood at just 28%. Use of Twitter during working hours is also increasing. Last year, 11% of employees were using Twitter at work, while this year the figure has risen to 17%. The same is true for LinkedIn, with employee use rising from 22% to 29% over the same period. Employees are a major risk to corporate network security It is clear is that social media accounts are being targeted by hackers and cybercriminals; and, as the sites grow in popularity, the problem is only likely to get worse. Furthermore, when employees access social media sites at work they could be placing corporate networks at risk. As more employees use social media sites during working hours, and more time is spent by individuals on those sites, the risk to data security increases. Personal information is being shared on the sites, but some employees are also sharing corporate information. Sometimes this is deliberate, other times potentially sensitive data is unwittingly shared. Criminals trawl social media websites looking for information to launch spear phishing campaigns A...
by G Hunt |
January 26, 2012 |
Social Media
Recent research shows that the use of social media websites at work is on the increase, with many employers seeing Facebook and Twitter usage at work as being particularly problematic. A new study from Palo Alto suggests that since 2010, the use of Facebook at work has tripled. Twitter use is also increasing, and at a far higher rate. The study showed that usage has increased by 700% during the same period. Facebook and Twitter usage at work: Is it really a problem? The increase in time spent on social networking websites is not all about employees accessing their personal accounts at work. Many companies have started using social media websites to connect with clients and customers. The sites are an incredibly useful way of getting closer to customers. Corporations can use social media to find out what customers really want and what they really think of the organization. They are now essential for many businesses, allowing customer service standards to be improved, while the sites can also be used to effectively promote goods and services. The latter is arguably far cheaper than TV adverts and newspaper and magazine adverts. Nowadays, it is actually a rarity for a business not to have a Facebook and Twitter account. In many cases, companies provide employees with a range of tools to manage social media accounts to send Tweets on Twitter or post content to Facebook. Social media introduces security risks There is no denying that social media is useful for businesses. In fact, having corporate accounts is now sometimes considered essential. Unfortunately, the use of these websites is not without risk. Operating a Facebook page and running a Twitter account potentially exposes a company to malware, viruses, and cyberattacks. The sites take up a lot of valuable bandwidth. Social media websites can also take up a huge amount of time and produce little in the way of additional revenue. The productivity of employees can be seriously reduced if they are spending too long accessing their personal accounts. While companies are using social media sites more, there is a concern that employees are spending too much time on the sites for non-work related matters. Many...
by G Hunt |
August 22, 2011 |
Social Media
Last week, SpamTitan issued a press release about its new social media cost calculator. The calculator was developed to help companies estimate the amount of man hours (and therefore money) they are losing as a result of employees accessing social media websites at work. The SpamTitan social media cost calculator has proved popular and attracted a great many online comments. Calculating the true cost of social media site use by employees In order to calculate the true cost of social media, SpamTitan took a close look at social media usage statistics. An average profile for a typical organization was created and data was extrapolated to provide an estimated annual cost. The results of the calculations showed that a typical company loses approximately $65,000 every year as a result of employees spending time checking and posting information on Facebook, Twitter, LinkedIn and the myriad of other social media and social networking websites. SpamTitan calculated that the figure corresponds to 5% of every employee’s salary being wasted on personal social media use. Many of the comments came from individuals who thought we were suggesting that all organizations should install a web filter and implement a company policy that bans the accessing of all social media sites at work. This was not our intention. There are advantages to allowing members of staff access to social media sites at work. There are also many disadvantages to banning access. Managers will be well aware that social media websites are being accessed by employees, and that employees spend a considerable amount of time those websites. What they perhaps do not know is how much time is spent, and how much this is costing them. That is information they need to know. Should social media site access be banned at work? Companies should make a decision about the use of social media at work. They will need to assess the benefits of allowing the staff some “Facetime”, and the disadvantages from the loss of access rights. There are also many legal considerations to consider and the accessing of these sites also raises a number of privacy and security concerns. Many organizations may like to ban the accessing of...
by G Hunt |
August 15, 2011 |
Internet Security News
There was a buying frenzy following the release of the new .xxx suffixed domains. Pornographers, Internet marketers and entrepreneurs competed to secure the hottest and rudest of them. The first of the .xxx websites have now gone live, there has been further talk about compartmentalization of the Internet, with the possibility of all pornographic websites being confined to those sites with a .xxx suffix. However, will the .xxx domains make web filtering pornography any easier? ICAN releases .xxx domains for sale The Internet Corporation for Assigned Names or ICANN as it is better known, created the new top-level Internet domain specifically for websites of an adult nature. The long term view was to eventually move all pornographic websites to the xxx domains. This could clean up the Internet and make it much easier for parents and businesses to block pornographic websites. It is, after all, much easier to block a single domain type than to implement web filtering to prevent all websites containing pornographic material from being viewed. IT security professionals and individuals who want to stop porn from being accessible via their computers, phones, and tablets could therefore just block the xxx extension. There is a problem of course. Owners of adult websites have been buying up new domain names in the thousands, but will they redirect their current .com, .co.uk, .org and .net sites to the new .xxx domains? Of course they won’t. They’ve just been given even more domain names to fill with pornography, and any redirects are likely to come from the .xxx domain names back to their main, well-established websites. Unless laws are introduced to force purveyors of adult content over to the new domains, the online adult entertainment industry will simply not make the switch. Some firms will undoubtedly activate their new xxx websites, but unless everyone does, the initiative will be seen to have failed and web filtering pornography will be no easier. Will the XXX domains make web filtering pornography any easier? Potentially, the creation of the new domain will make it easier to filter some adult sites, so it will make the job of web filtering a little easier....
