Sharing your Netflix password with a friend so they too can enjoy a vast catalogue of movies seems harmless enough. However, due to a recent ruling by judges of the Ninth Circuit of the United States Court of Appeals, this common action is now a federal crime.
Verizon has taken to publishing a compilation report analyzing data breach statistics with the help of industry partners, a report that is widely regarded as a must-read for the industry. A brief review of the latest edition’s executive summary revealed where information security vulnerabilities lie in industries worldwide and, even more helpfully, what shape those vulnerabilities took. The Data Breach Investigations Report, or DBIR, pulled no punches in outlining what kind of attacks happened in the past year, and how.
The DBIR has its own system of outlining breach types that divide events and incidents into nine categories. Information-based companies appeared predominantly in four of them, with helpful tricks to prevent such breaches from happening again.
Crimeware: Perhaps unsurprisingly, one of the industries crimeware targeted most was the information industry, with the DBIR citing a rise in ransomware (39 percent of all analyzed attacks in 2015 involved ransomware). While the scope the DBIR funnels under the Crimeware title is fairly large (“This covers any use of malware that doesn’t fall into a more specific pattern”), this by no means cheapens the risks - it arguably compounds them, as it only goes to show how many pieces of crimeware exist. To defend against them, the DBIR recommends frequent patches and backups as well as monitoring changes to configurations.
Web App Attacks: Considering that 95 percent of web app attacks were financially motivated in their reports, it’s no surprise that e-commerce platforms were among the most targeted by these intrusions. These attacks are often the result of a successful phishing campaign or the infiltration of a vulnerable site. The other side of web app attacks, content management system breaches, saw plenty of digital graffiti and the repurposing of infiltrated sites as phishing sites. To avoid this kind of breach, the DBIR again recommends timely patches to remove vulnerabilities, as well as utilizing two-factor authentication and input monitoring.
Cyber-espionage: Usually hunting for intellectual property, cyber-espionage attacks prefer sticking to tried-and-true methods of breaching networks, only utilizing more sophisticated methods if the simple ones don’t work. Therefore, at least in this case, basic protections may be enough to divert many of these attacks, and should not be bypassed in favor of more specialized protection. As far as avoiding issues further, keeping patches up-to-date and monitoring changes to configurations will help monumentally, as will isolating compromised devices and separating them from the rest of your network.
Miscellaneous Errors: This category took all of the “Whoops!” issues that lead to compromised security into one bundle to deal with them. While Verizon reports that 40 percent of them were caused by a server issue, many others were triggered by employee mistakes - a full 26 percent included sending a message filled with sensitive data to the wrong recipient. The DBIR suggests strengthened controls on your network as a possible way to keep away from errors, such as data loss prevention software to lock down sensitive info. Additionally, Verizon recommends thorough disposal procedures to any aged-out equipment, as well as to stay focused and learn from the mistakes from your past.
Helpful information, certainly, with all that and more being available for free download at the Verizon Enterprise webpage. But big picture - what takeaway can you not afford to leave on the table? Ultimately, an overwhelming percentage of incidents reported in the DBIR pointed blame, or at least prime responsibility, for many of the errors that led to security breaches to one thing: human error.
Between the willingness to exploit the natural fallacies of human nature by cyber criminals and the human tendency to make mistakes independently, human beings are placed solidly as the weakest link in any cyber security chain. So, if humans are the problem, what is the solution?
In short, vigilance. Strongly enforce best practices regarding security in the workplace, and follow them yourself as an example. Be aware of current trends in cyber security attacks, and prepare yourself and your company accordingly. Identify and install security measures that best fit your needs and abilities.
For help with any of this, be sure to call Info Advantage at (585) 254-8710 first. Our ranks of professionals are here to help you when you need guidance concerning your business’ security solutions. With Info Advantage, you have a much greater chance of being a success than being a statistic.
Security is one of the most important parts of running a business, especially today when organizations rely so heavily on their technology solutions. Some of the most dangerous threats lurk on a business’s network, watching and waiting for an opportunity to do some real damage. With the right preventative measures, your business can catch these threats in the act before they can accomplish their goals.
Defining Malware
Malware, or “malicious software,” is a blanket term for malicious code that’s designed to cause trouble for the machine that it infects. Malware can inject code into applications or execute viruses and trojans. One of the most common types of malware is called ransomware (perhaps you’ve heard of it), in which the files on a system are encrypted until a ransom is paid to the developer. Malware can have far-reaching and varied effects, so it’s best to keep such unpredictable threats off of your network in the first place.
Defining Rootkits
Just like malware, a rootkit is designed to install on a system. Unlike some types of malware, however, rootkits are designed to allow a hacker to gain control of the system while remaining undetected themselves. In particular, rootkits are dangerous due to their ability to subvert the software that’s supposed to find them, making it optimal to prevent rootkits from accessing your system in the first place.
Defining Trojans
In computing, a trojan is a malicious entity that allows a hacker access to a system through misleading the user. While the purpose can vary from data destruction to theft, trojans are often used to install backdoors and allow access to a system at a later date for the purpose of surveillance or espionage.
Preventative Security Measures
Just like how there are various types of threats, there are plenty of ways to keep your organization’s network safe from them. Here are just a few.
All of the above solutions can be found in what’s called a Unified Threat Management (UTM) solution, which is widely considered to be one of the most comprehensive and useful preventative measures to improve network security. To learn more about UTMs and other topics concerning network security, reach out to us at (585) 254-8710.
The Petya ransomware, a particularly vicious monster of a threat, has reared its ugly head once again, only this time, it’s not alone. Petya now comes bundled together with Mischa, yet another ransomware that works well alongside Petya. The ransomware is delivered via an inconspicuous email disguised as a job application, with a resume attached. Once the user downloads the file, Petya encrypts the files located on the device.
The original version of Petya had a signature attack that struck the master boot record, restricting access to it until a ransom was paid through a dark web payment portal. Of course, there was no guarantee that paying up would resolve the problem, so it was entirely possible that the ransomware could add insult to injury and not decrypt the files at all. Thankfully, Petya had a weakness, and professionals were able to exploit it and find a fix for the ransomware.
Not this time, though. Petya comes with Mischa, which is a more traditional ransomware that can be just as dangerous as its counterpart. Mischa blocks access to files until the user pays a ransom. The ransomware will then link to a Tor payment site that allows the user to pay up and decrypt their files. Mischa encrypts executable files, while leaving the Windows and browser folders untouched, which provides access to files containing payment instructions for the user.
Now, here’s the problem with this development. Petya could be prevented by refusing administrator access upon downloading the installer. Now, selecting “yes” will download Petya, while selecting “no” will install Mischa. Either way, you get a slap in the face.
Mischa’s payment site works in largely the same way as Petya’s. Once you input the authorization code provided by the ransomware, you need to purchase enough Bitcoins to pay for the ransom. The current exchange rate is approximately $875 per Bitcoin, so you might be shelling out some heavy-duty cash for this. Once the user has purchased enough Bitcoins, the malware will then provide the Bitcoin address where it must be sent.
Though researchers managed to find a way around Petya, no such workaround has been found for Mischa. This is a recurring theme for ransomware, which is often so difficult to remove, that it forces large enterprises to either restore a backup of their data, or pay the ransom, rather than lose access to their files completely. As with all cases of malware, we urge you to do your research, and contact Info Advantage at (585) 254-8710 before caving into hackers’ demands.
As with all threats that work, Petya and Mischa have plenty of copycats out there that attempt to replicate their success. Malwarebytes has identified another two-in-one ransomware called Satana that functions in a similar way, locking the master boot record and the complete file record. In comparison to Petya and Mischa, however, Satana will run both types of ransomware, rather than just install one or the other.
Malwarebytes reports that Satana is still in development and has flaws that can be exploited, but the thought of malware continuing to develop in this sense is a bit unnerving, especially for business owners that may not devote enough time and resources to security solutions. If your business is unsure of whether you can handle a ransomware infection, reach out to us at (585) 254-8710.
While security experts tend to focus the brunt of their discussions on desktop OS vulnerabilities, there are plenty of mobile malware threats that fly under the radar. One such malware is called Hummer; a trojan that installs unwanted apps and malware on a device, and can be found on over a million phones worldwide.
About Hummer
The Hummer malware family has increased over the past year. At its peak activity, Hummer infected nearly 1.4 million devices every day. It’s thought that Hummer originated in China, and it has been known to infect over 63,000 devices daily in China alone. Granted, the spread of infections has dramatically decreased, but this hasn’t stopped Hummer from infecting about 1,190,000 devices.
As reported by TechRepublic, here are the top five countries and the number of devices that are infected by the Hummer malware:
What It Does
Hummer roots devices that it infects, which can unlock the operating system and allow for administrator privileges. Once it has infiltrated the device and unlocked it, Hummer will install malware, unwanted applications, games, pornographic applications, and other malicious and annoying programs. Since Hummer roots the device, your traditional antivirus and anti-malware programs aren’t going to be enough to get rid of it.
Yet, perhaps the most dangerous part of this malware is that you can’t uninstall the unwanted apps. Well… you can, but the trojan will just reinstall the apps, which is both frustrating and a terrible use of your mobile data. Cheetah Mobile ran a test on the Hummer trojan and came to some shocking results: "In several hours, the trojan accessed the network over 10,000 times and downloaded over 200 APKs, consuming 2 GB of network traffic." It’s clear that you don’t want this malware installed on your device, as it could jack up your phone bill and become an immense annoyance.
How to Fix It
To make matters worse, wiping your device won’t even be enough to get rid of the trojan. Cheetah Mobile claims that the factory reset won’t remove it. Users could also flash their device, but this can get complicated, and we don’t recommend doing so if you have no clue what you’re doing.
Hummer isn’t the first mobile malware, and it certainly won’t be the last. Users of smartphones have to be just as cautious and vigilant as desktop users. To learn more about mobile malware and other threats, reach out to us at (585) 254-8710.
Augmented reality is a growing trend in the technology industry, and perhaps one of the best known uses of it today can be found in the extremely popular mobile device app, Pokemon Go. However, hackers have seized the opportunity to infect players who want to “catch ‘em all” with a backdoor called DroidJack - something that certainly won’t help gamers “be the very best.”
The Pokemon series has long been known as one of Nintendo’s most popular gaming franchises, and with the release of Pokemon Go, the series has finally made its way to everyday mobile device users. It’s currently ranked as the #1 most downloaded free app on the Apple Store, as well as the Google Play store. The game was such a hit that Nintendo’s stock increased exponentially overnight, and the app has over 26 million users worldwide - more than Tinder, Twitter, Google Maps, and other mobile apps.
However, like many extremely popular things, hackers have taken this and exploited it to do their bidding. Prior to the app’s release worldwide, many impatient fans downloaded the APK (Android application package) from third-party websites and “side-loaded” it onto their devices. This can only be done by going into Android’s settings and allowing app installation from unknown sources. Normally, this is a red flag for any security-minded mobile device user, as some malware is known to infect devices and download apps without the permission of the user; yet, some Pokemon fans just couldn’t wait, and downloaded the APK without thinking of the consequences; like downloading a backdoor.
Considering how many countries outside the United States, Australia, and New Zealand, are still waiting for access to Pokemon Go, many have chosen to just use the APK to get the app on their device, rather than wait for the official release. One particular source of the APK provides a modified version of Pokemon Go that, upon installation, installs a backdoor onto the device, which allows for remote access to the device and provides full control over the victim’s phone. The infected version of Pokemon Go is so well-done and inconspicuous that the user likely won’t know that their device has been infected. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.
Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png
When downloading any app, it’s crucial that you drive this best practice into the heads of your employees: be sure to pay attention to the permissions required by the apps that you download. For example, there’s no real reason why Pokemon Go would need to make phone calls, edit and send text messages, modify your contacts, and record audio. All of this is just asking for disaster. While exploitation of the APK hasn’t been observed in the wild, it represents a dangerous development in mobile applications, one which shows hackers taking advantage of wildly popular smartphone apps, and turning them into catalysts to spread their malware and influence.
There are two lessons to be learned. Don’t download apps from unknown sources, even if they’re just games, and make sure that your employees know what your policy on mobile apps is on your in-house network. Also, be sure to examine a new app’s permissions, and only download them from the Apple store or Google Play store. Among your millennial workforce, there may be many users of Pokemon Go, so it’s your responsibility to reach out to them, and educate them on these best practices.
After all, “Gotta catch ‘em all,” doesn’t refer to malware infections.
27 vulnerabilities: The amount of vulnerabilities that were resolved with the round of security patches in Microsoft’s latest Patch Tuesday. Windows, Microsoft Office, Internet Explorer, the Edge browser, and more, were all affected. It’s important to patch these vulnerabilities as soon as possible, especially if you haven’t done so already.
However, if you’ve already applied the latest security patches, you have little to fear. We thought we’d share some background information on the nature of the vulnerabilities, and why Microsoft had to patch them in the first place. If you haven’t yet applied these patches, it will be good to know what you’re exposing your systems to, and why it’s important to get them fixed.
For Microsoft Office, Internet Explorer, and Edge, they are critically in danger of being exploited remotely through web pages or Office documents. This could allow hackers to execute malicious code and do your business harm. Read more about these patches on Microsoft’s security bulletin:
Patch for Microsoft Office: MS16-099
Patch for Internet Explorer: MS16-095
Patch for Edge: MS16-096
Even more critical vulnerabilities were found to affect Windows, Microsoft Office, Skype, and Lync, which have to do with the Windows Graphics Component. This could allow hackers to execute malicious code through malicious web pages or documents.
Patch for Windows, Microsoft Office, Skype, and Lync: MS16-097
In another security bulletin, Microsoft claims that a critical remote code execution flaw exists in Windows PDF Library, which is bundled with Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, and Windows Server 2012 R2. This vulnerability affected Edge in a different way from usual, and allows attackers to take advantage of malicious PDF documents hosted on a website, and then trick users to loading the file within their Edge browser.
Patch for Windows PDF Library: MS16-102
Other patches that have been flagged by Microsoft as “important,” rather than “critical,” can be found below. However, it’s important to note that even if they aren’t critical, they certainly shouldn’t be ignored.
If you haven’t yet updated your system with these security patches, you should reach out to Info Advantage at (585) 254-8710. Our technicians will work with you to ensure that your systems are protected and patched against the myriad of threats that can be found both online and offline.
Of course, if you already have Info Advantage’s remote monitoring and maintenance services, chances are that your systems have already been patched. In fact, we apply the patches for any product of Microsoft, so that you don’t have to. It’s just one way that managed IT service can help your business stay focused on what really matters.
Your identity has quite a lot of value, especially in the wrong hands. Security firm ZoneAlarm put together some numbers in 2011 concerning identity fraud, and it even shocked us. Let's talk about a few of these statistics and what it means.
Hackers have always gone after industries that are profitable, or hold sensitive information that can be lucrative when sold under the table. As such, retailers that accumulate financial credentials are often hit by hacks. The entertainment industry is no different, and hackers continue to grow craftier in their pursuit of wealth and power. Not even Steam, the PC gamer’s most valuable software solution, is safe from the dangers of hacking attacks.
Which database management system is running on your company’s server units? For end users, it’s not something that they put a whole lot of thought into. However, if you completely overlook your Microsoft SQL Server, you may end up running an expired version that puts your data at risk. Case in point, SQL Server 2005, which Microsoft recently ended support for.
Hackers have proven that they will do whatever it takes to get to your valuable assets, even if it means taking advantage of physical objects that work alongside a specific frequency. As it turns out, this is exactly how hacking a garage door works, and all it takes is a decade-old communications device to capture the frequency and unlock any garage door that utilizes it.
Tag Cloud
Mobile? Grab this Article
Contact Us
Learn more about what Info Advantage
can do for your business.
Info Advantage
155 Sanford Street
Rochester, New York 14620
