PC PORTAL

Experienced. Trusted. Solutions.

IT Security

By

Cyber News Rundown: Infowars Hacked by Card Skimmers

Reading Time: ~2 min.

Infowars Online Site Compromised by MageCart Attack

Earlier this week, a security researcher found payment card-stealing scripts running on the Infowars online site. The scripts managed to stay active for nearly 24 hours. At least 1,600 users of the site may have been affected during this period, though many were returning customers who wouldn’t have had to re-enter their payment information into the compromised forms. As of writing, the malicious scripts being used by Magecart are active on nearly 100 other online stores, with almost 20% getting re-infected within a two-week period.

Scammers Syphon €19 Million From French Film Company

A lawsuit recently revealed that savvy scammers successfully took nearly €19 million through a series of unauthorized transfers from a spoofed personal email address of the company’s CEO. After requesting additional information from the scammers, who continued to provide highly-detailed documents suggesting their legitimacy, several payments were transferred from the company’s main cash pool with promises of a quick payback from the scammers.

Chinese Headmaster Caught Cryptomining on School’s Systems

The headmaster of a Chinese school was fired after staff discovered an excessively high power bill previously written off as a faulty HVAC system was actually caused by several cryptomining rigs running off the school’s electricity. The headmaster brought the mining machines into the school in mid-2017 and evaded blame for the excess power consumption until the physical proof was discovered. While it appears no other harm was done, cryptomining software can be dangerous, as you can never be sure nothing else is bundled with it.

New Botnet Exploits Unpatched Bug in Over 100,000 Devices

Researchers have been monitoring a relatively new botnet that is currently controlling over 100,000 devices, including 116 device types from multiple manufacturers. By taking advantage of well-known bugs within Universal Plug n Play, hackers can quickly take control of the device and begin monitoring traffic from outside of the network.

Cathay Pacific Airlines Cyberattack Occurred Over Several Months

After originally claiming a data breach had taken place last month, affecting 9.4 million customers, new findings have shown the attacks have been happening regularly since March. Even though local laws didn’t require the company to notify authorities regarding a data breach, it is still surprising that it has taken almost nine months to determine what data had been exposed and what hadn’t.

The post Cyber News Rundown: Infowars Hacked by Card Skimmers appeared first on Webroot Blog.

By

Cyber Monday: Big Savings, Big Risks

Reading Time: ~3 min.

What business owners and MSPs should know about the year’s biggest online retail holiday

It’s no secret that Black Friday and Cyber Monday are marked by an uptick in online shopping. Cyber Monday 2017 marked the single largest day of online sales to date, with reported sales figures upwards of $6.5 billion. Data from Webroot charted a 58 percent increase in traffic to shopping sites on that day. And while Black Friday originated as a day to tussle with your neighbors for deals in person, online retailers like Amazon and eBay wouldn’t be left out and have begun offering their own deals.

What’s less often discussed is the corresponding rise in cybercrime that accompanies these online retail holidays. Webroot noted a surge in phishing and fraud sites of 203 percent between November 19 and December 5, with the number of such sites peaking on Cyber Monday. Instances of spyware and adware also rose 57 percent during the busy holiday shopping period, again peaking on Cyber Monday.

The Problem with Cyber Monday

For business owners and those in IT, Cyber Monday likely means lost productivity as employees bargain hunt at work rather than actually work. (It’s interesting to note that, according to CNET, the first Cyber Monday in 2005 was intentionally made to fall on a weekday so workers could browse shopping sites on faster computers.) As our data shows, more than just a few hours of lost productivity are at stake.

Employees expose business owners to greater risks of phishing scams, ransomware, and other types of attack that could significantly lengthen downtimes for all employees, or even shutter a business completely. According to a Better Business Bureau study on cybercrime, more than half of businesses would cease to be profitable within a month if a ransomware attack were to lock them out of essential data.

What’s a Business Owner to Do about Cyber Monday?

Whether you’re a business owner or provide IT services, you’re likely to see employees or clients indulging in deals this Cyber Monday. But there are strategies for limiting your risk on November 26. As with much of cybersecurity, you can manage your policy for online shopping based on what you consider acceptable levels of risk.

With network-level protection it’s possible to block access to any sites categorized as “shopping,” while still whitelisting trusted domains. Our research shows Amazon, the Apple iTunes Store, and Walmart rounded out the top three most visited shopping sites last Cyber Monday, so employers may want to consider whitelisting those sites specifically, while still blocking less reputable ones. Webroot offers DNS protection with the ability to filter according to more than 80 categories, including gambling, adult content, and weapons, as well as shopping. Set a policy to block the shopping category this Cyber Monday, with your own tailored exceptions and presto, problem solved.

There are also other, less prohibitive strategies for protecting employees and clients, too. Tools like Webroot’s Web Classification and Reputation services forecast the risks of visiting more than 27 billion URLs, which can help user determine if that deal really is a little too good to be true. IP Reputation Services make a similar determination based on an IP’s risk score.

Real-Time phishing protection and hands-on phishing simulations can go a long way toward improving security, too. The surge in these types of attacks represents cybercriminals focus on the weakest element of a company’s IT security: the end users themselves. Catching phishing attacks before they’re clicked and teaching users to be vigilant about threats by using custom phishing templates are paramount to your business’s security posture.

So there are a variety of methods for limiting disruption from online shopping in the workplace, so business owners and managed service providers shouldn’t let Cyber Monday come and go without preparation. Employees will almost certainly be on an online hunt for deals and cybercriminals know it.

Focus on security now, before a user’s big savings end up costing you.

The post Cyber Monday: Big Savings, Big Risks appeared first on Webroot Blog.

By

The value in vulnerability assessments: closing gaps to improve security

Vulnerability assessments usually involve using automated tools such as Nessus or Qualys to carry out a passive scan of an organisation’s systems. The process produces a list of security gaps and ranks them in order of risk. It gives an organisation clear data to guide the process of deciding which issues to prioritise first based on budget, available resources, or likelihood of the threat.

If forewarned is forearmed, then the value of a vulnerability assessment is that it identifies weaknesses in your systems proactively. It’s different to a penetration test which not only finds security gaps but actively exploits them to replicate the damage a malicious attacker could do without the repercussions.

Why check for vulnerabilities?

Lately, we’re seeing organisations carry out vulnerability assessments, or get an independent provider to do it for them, much more frequently. I think there are two reasons for this. One is the increasing adoption of the ISO 27001 information security standard. We advise organisations that want to get certified or stay compliant to check for vulnerabilities at least twice a year and perform a penetration test at least once a year.

The second driver is – surprise, surprise – GDPR. Growing numbers of businesses and public sector agencies are now aware that they need to protect data. Checking for weak points can help them put safeguards in place to avoid breaches. In the event of a breach, an organisation may avoid heavier penalties if it can prove to the regulator that it has been carrying out vulnerability assessments and doing their due diligence. On the other hand, the authorities won’t look too kindly on breach victims that were running old operating systems with no security controls or patching mechanisms in place.

What to fix

I carry out vulnerability assessments every week, and many of the risks I find are very common. Many of them fall into the categories of medium or high risk. For example, many websites still use old versions of SSL or TLS for encrypting data transfers. Some people might assume that a brochure website doesn’t need this level of protection, but I think that’s a mistake. Even a static page may have a function that calls another function that talks to the database or another application. This is a relatively easy issue to fix, and it addresses a potentially large security hole.

Even for a brochure website, it’s worth doing this upgrade since it’s a big gain for relatively little effort. Implementing TLS carries little cost and eliminates a lot of potential weaknesses. Since SSL was deprecated, it’s a matter of changing to TLS 1.1 or 1.2 which in some cases is as simple as checking a box.

To upgrade or not to upgrade

Another common issue that vulnerability assessments will uncover is out of date software like Apache or OpenSSH. (I recently found one site using a five-year-old version of OpenSSH!) As with the risks I referred to above, fixing them is often a matter of clicking the ‘update’ button in the application.

Whether an organisation updates or not will depend on its attitude to risk. Some choose not to do so because they are concerned about affecting their production environment. Or, they might not have time and resources to test the stability of an application on the new version. I would always argue in favour of acting, but at the very least, a vulnerability assessment will highlight areas that you can rank in order of priority.

The length of time it takes to conduct the assessment will vary. It’s not necessarily as simple a calculation as adding up the number of IP addresses to check. I’ve seen three IP addresses take four hours to scan. It also depends what software the organisation uses, and whether it’s patched or unpatched.

Taking action afterwards

Let’s say the testing lasts a day. Writing the report then involves taking the findings from the automated scanning tool and translating that into language that will allow a client to weigh up its business risk. Some companies take the report and fix the issues that it covers. Some use it as a talking point with their software development teams, to make them aware of certain vulnerabilities. Best practice advises that those organisations run an assessment a few months later to check that any fixes they implemented were successful.

However, I’ve also seen the opposite, where I have carried out monthly vulnerability checks and the client chooses not to fix the issues that the report raises. That goes to the heart of security: making decisions based on the level of risk you’re prepared to bear. Good security practice suggests looking for weak points in your security before someone with malicious intentions does it for you.

 

The post The value in vulnerability assessments: closing gaps to improve security appeared first on BH Consulting.

By

UK NCSC chief highlights resilience as key to better security

Here’s a question for security professionals to ponder: why are we only ever a few clicks away from disaster? It’s inspired by a recent presentation in Dublin by Ciaran Martin, CEO of the UK National Cyber Security Centre. On a visit to Dublin earlier this month, the UK’s cybersecurity chief stressed the importance of building resilience into critical systems, and into security planning more generally.

Martin pointed out that the internet is fundamentally not designed to be secure. So, asking someone who isn’t a security expert to follow complicated advice, about using passwords for instance, is an unfair burden. “We rely on millions of citizens to do impossible things to ensure cybersecurity,” he argued.

“You have to assume that people are going to click on things; worry instead about what happens when the compromise happens,” he said. Part of this effort involves fixing things the user has very little control over, Martin said. “Whilst education and training are important, what we want to do – and this is open to debate – is to make sure the interventions are as far up the food chain as possible.”

In other words, those in charge of the Government’s social welfare payments system need to make sure it’s near-impossible for a criminal to defraud it for millions with a simple phishing email. Nor should it be possible for a single rogue individual to steal sensitive information without raising an alarm.

Damage control

Another part of a resilience strategy involves thinking about how much damage an attacker could do if they got into a system. That leads to building systems that don’t have an ‘off’ button. “Make it hard for an attacker to do systemic damage,” Martin said.

It also involves developing safe backup plans for when some part of the system isn’t available. Martin made an analogy with an air traffic control tower whose technical systems go offline. “The emphasis is not on recovering the system but [to prioritise] landing the planes in the old fashioned way,” Martin said.

The UK is already putting this approach into practice. The NCSC is working with the Bank of England while it phases out its legacy interbank payments clearance system. Part of the upgrade programme includes building in resilience, so a basic attack can’t bring down the entire system.

It’s encouraging to hear such a senior cybersecurity figure talk about the issue in these terms. Regular readers of this blog may remember Brian Honan talking about the need for resilience when developing cyber security strategies.

The post UK NCSC chief highlights resilience as key to better security appeared first on BH Consulting.

By

Cyber News Rundown: HSBC Data Breach

Reading Time: ~2 min.

Data Breach Nabs HSBC Account Info

HSBC has been monitoring some unauthorized access occurring over a ten-day period on their customer’s online accounts. During this time, attackers used credentials that were likely part of prior breaches to access numerous accounts. HSBC worked quickly to disable online access to any accounts that showed suspicious activity. The bank also began notifying potential victims of the incident and have taken additional steps in securing their online access points.

Latest Chrome Iteration Cracks Down on Annoyances

With the rollout of Google’s Chrome 71, the company is looking to enhance the user experience by blocking all advertisements on sites that have continued to allow the hosting of offensive material. Chrome 71 will also be more efficient at blocking phishing attacks and misleading pop-up notifications that may redirect users. Fortunately, sites that are flagged can check their status and are given 30 days to correct for offending content.

University Shuts Down Network Over Cryptomining

A Canadian University was forced to shut down its entire network after IT staff discovered a cryptocurrency miner operating illicitly on several university systems. While they are still unsure who installed the cryptominer, they have removed the software from the systems and brought the remainder of the networks back online. Along with slowly restoring the remaining services taken offline, the university also forced a password change for all current users.

Cardless ATMs Lead to Rise in Phishing Attacks

Several arrests in Ohio have recently revealed a new scam that leverages SMS phishing attacks to withdraw money from ATMs that don’t require the use of a bank card. By sending a victim’s smartphone an SMS message containing a link to “unlock” their accounts, they are redirected to a phony site that steals their credentials. The scam has netted the attackers nearly $68,000 over a two-week period.

Twitter Bitcoin Scammers Take Over Verified Accounts

Even as Twitter-based Bitcoin scams have slowed, a new Elon Musk spoof account has popped up with the usual offer to multiply any amount of Bitcoins received and return the inflated amount. This scammer may have the benefit of taking over a verified account, but modifications to the profile name and obvious spelling errors reveal its clearly not legitimate, though it does leave raise questions regarding the verification system’s security.

The post Cyber News Rundown: HSBC Data Breach appeared first on Webroot Blog.