IT Security

IT Security (9)

Office 365 Phishing Email

Office 365 users are now being targeted in a pretty convincing looking phishing attack. 

Phishing attacks, a common tactic used by cyber criminals to try to trick you into giving them your information, are nothing new. In fact, it's likely if your company has already been targeted by phishing (and if you haven't been, it's a matter of when - not if) and it's getting harder and harder to spot the malicious emails. 

The email appears to be an automated alert email from Microsoft saying the user's Office 365 account has been suspended and asks them to sign in to reactivate your account. While the email does look realistic, there are some major red flags. Let's take a look:

Android phones can be tracked without using their GPS or wi-fi data by studying their power use over time, a study has found.

A smartphone uses more power the further away it is from a cellular base and the more obstacles are in its way as it reaches for a signal.

Additional power use by other activities could be factored out with algorithms, the researchers found.

They created an app designed to collect data about power consumption.

"The malicious app has neither permission to access the GPS nor other location providers (eg cellular or wi-fi network)," the team - Yan Michalevsky, Dan Boneh and Aaron Schulman, from the computer science department at Stanford University, along with Gabi Nakibly, from Rafael Ltd - wrote in their paper.

"We only assume permission for network connectivity and access to the power data.

"These are very common permissions for an application, and are unlikely to raise suspicion on the part of the victim."

There are 179 apps currently available on Android app store Google Play that request this information, the team add.

Activity such as listening to music, activating maps, taking voice calls or using social media all drain the battery but this can be discounted due to "machine learning", the report says.

"Intuitively the reason why all this noise does not mislead our algorithms is that the noise is not correlated with the phone's location," it says.

"Therefore a sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise."

The tests were carried out on phones using the 3G network but did not measure signal strength as that data is protected by the device.

'Stuffed with sensors'

"With mobile devices now becoming ubiquitous, it is troubling that we are seeing so many ways in which they can be used to track us," said cyber-security expert Prof Alan Woodward, from Surrey University.

"I think people sometimes forget that smartphones are stuffed full of sensors from gyroscopes and GPS to the more obvious microphones and cameras.

"This latest work shows that even that basic characteristics (power consumption) has the potential to invade privacy if monitored in the right way," he added.

"We are approaching the point where the only safe way to use your phone is to pull the battery out - and not all phones let you do that."

Source: http://www.bbc.com/news/technology-31587621

Lenovo and the Superfish


This sounds like the title of a children’s book, but unfortunately the issue highlighted in the press this week is more concerning than a story. The pre-loading of the SuperFish software on the Lenovo machines introduced a vulnerability to users even before they unboxed their new laptop.

There are several issues with the pre-installed application, one is that it is an ad-injector which inserts adverts into your browser based on what you are searching for, and without being an expert at identifying these you might be directed to sites to purchase things without understanding why.

To do this more effectively, Superfish also installs a root certificate which allows them to see traffic on encrypted websites, like your banking website, that you might have considered private and secure.

This is a bit like me giving out the keys to your house and could be abused by other malicious people and used to capture passwords and other personal information.

AVG detects and removes the Superfish add-on. If you have attempted to download something it was bundled with then AVG would have detected and blocked it advising the user it was an ‘unwanted application’ and potentially harmful.

This means no part of it was ever installed – good for existing AVG users, but what about if you have purchased a Lenovo and then installed an anti-virus product, the risk here is that full removal of some parts are difficult to remove as they are embedded into the system.

This week Lenovo has been re-active to this anddeveloped a removal tool which you can download here. There are also manual instructions available should you want to do this yourself.

There is a much wider issue for consumers though, it’s becoming very difficult to know which products and manufacturers to trust and who is doing what with our data.

There are discussions in the tech industry on improving transparency so that consumers can once again have confidence in brands.

I believe that over the next few months we will see progress in a more coordinated effort by the security industry to protect users from these types of applications.

If you are at all concerned then be sure to run a full system scan from you Anti-Virus product and ensure that the updates have been run. If you’re running an expired product then either renew it or download the AVG AntiVirus Free solution here.

Source: http://now.avg.com/lenovo-and-the-superfish/

Several cyber take downs occurred this year when hackers infiltrated Home Depot, Michaels, iCloud, JP Morgan and the list just goes on. And while consumers and companies have been hit hard in 2014, our 2015 security predictions show that this will be the year of the cloud attack.

According to a recent IDC report, almost 90 percent of Internet spending (including mobile apps, big data and social media) will be on cloud-based technologies over the next six years.

While many companies are making the leap to the cloud, securing the cloud remains an ongoing challenge for IT departments. Smart cyber criminals know where the holes reside and view this space as a big target.

In 2015, a major cloud provider will be breached, compromising many of their customers’ data and in turn leaving hundreds of thousands of individuals vulnerable to follow-on threats. Following the breach, I predict the following will occur:

1. U.S. Congress will step up efforts to legislate better security protection in public clouds.
2. Consumer and shareholder outrage will lead to the sacking of several CEO’s and CISO’s and force the creation of internal cybersecurity task forces.
3. Enterprises will recognize the benefits of cloud-based malware protection as well as cloud-based cyber attacks.
4. Enterprises, government agencies and security vendors will begin to develop more effective collaboration and cooperation to combat the wave of cyber crime and cyber warfare.

With our 2015 security predictions in mind, what other theories do you have for this year’s security landscape?

Source: http://www.webroot.com/blog/2015/01/09/2015-security-predictions/

 

suspect-ddos-attack

Are you having problems with the home internet speed and with surprisingly high internet bills?

Maybe your router is one of the 120,000 used by Australians that is vulnerable to a new type of scam being leveraged by criminals who use them to launch cyber attacks.

The IT security firm Nominum discovered that as many as 24 million routers around the world are affected by a simple configuration issue that hackers can leverage.

The results of these hackers’ attacks are slowed internet speed and potential rise in the internet bills. The reason is that, through various techniques, small DNS query are turned into a much larger payload directed at the target network. The attacker composes a DNS request message of approximately 60 bytes to trigger delivery of a response message of approximately 4000 bytes to the target. The resulting amplification factor, approximately 70:1, significantly increases the volume of traffic the target receives, accelerating the rate at which the target's resources will be depleted. This is what is known as a distributed-denial-of-service (DDoS) system amplification attack.

Bruce Van Nice, a director at Nominum says “"People may see that their internet service starts to slow down either because their access connection is congested with traffic or because their home gateway is busy proxying these queries and forwarding huge answers back to a target. But they have no idea that their home router is potentially being bombarded with [these] queries.''

DNS amplification is one of the more popular attack types.  It's hard to defend against DDoS attacks. There are actually two separate issues: keeping your network from being attacked by others and hardening your machines so they can't be compromised and used in attacks.

The first step is to protect your own network against being attacked. This is hard to do, since any network is vulnerable to being overloaded by seemingly-legitimate traffic. Turning on ingress filtering will help screen out junk packets. In addition, there are a number of settings that you can adjust to harden it against common attacks. Here's what to do:

  1. Go to Microsoft's security bulletin site. Download all the pertinent patches that you don't already have installed.
  2. Configure your firewall to block traffic on any port you don't actually need.
  3. Review the TCP/IP hardening settings described in " Security Considerations for Network Attacks ". Apply them to any server which is exposed directly to the Internet.

Unfortunately, protecting your machines against attacks can be difficult because attackers keep changing their modus operandi. It's simpler to prevent your computers from becoming zombies and contributing to the DDoS problem.

For more information on how to protect your machine visit our website or contact us.

A research conducted by the anti-virus firm Avast has revealed that hackers use weak passwords just like everyone else. In fact after analysing a sample of nearly 40,000 passwords collected from years, Avast’s Antonín Hýža found that only 10 percent of passwords were "beyond normal capabilities of guessing or cracking." The researcher provided then some interesting statistics around hackers password choices.

"I looked at 40,000 samples of hackers’ passwords and found that nearly 2,000 were unique and 1,255 of those were in plain text. Another 346 passwords were easily cracked from MD5 hashes, because they were shorter than 9 characters. That gave me a total of 1,601 passwords and 300 hashes," Avast's Antonin Hyza said in a blog post.

Almost none of the unique passwords from the samples contained uppercase characters, despite regular warnings by security experts to use a mix of upper- and lowercase characters for passwords, furthermore the researcher discovered that the average hackers’ password has a maximum six characters, contain lower case letters and numbers and it’s derived from the English language.

Here below some chart from the Avast blog explain better how the hackers passwords usually are: (Source: Antonín Hýža, Avast Blog, https://blog.avast.com/2014/06/09/are-hackers-passwords-stronger-than-regular-passwords/)

“On the table below the occurrence of lower-case alpha characters used in passwords is displayed. The most used character is letter aand letters f, j, v, w, y, z are used very seldom. This is the largest set of characters so 38 occurrences of lower-case letter q is still more frequently used than the upper-case character set where S has 28 occurrences. In the special character set, lower-case q is used almost the same as most frequently used “.” with count of 42.”

Upper case lettersand their occurrence is displayed on the next table. They are all very rarely used and when they are, it is either the first letter in the password, or the entire word is written with upper case letters. Only a few passwords actually uses a combination of both upper and lower case.

The next table shows which special characters are preferred by hackers and how much they use them to improve passwords. The first character in this table is a space and it revealed one interesting thing: One or five spaces could be a pretty clever password, but not very secure as it gets tested right from the beginning. Not all special characters are listed below because ,  =  ~  |  [  ]  were not used at all.

 

Source: Antonín Hýža, Avast Blog, https://blog.avast.com/2014/06/09/are-hackers-passwords-stronger-than-regular-passwords/

Ebay on Wednesday released a warning to all its users to change their passwords following a security hack that compromised a database containing encrypted passwords and other non financial data.

Simultaneously the Ecommerce giant reassured its consumers that for the moment there are no evidence of any unauthorized activity or access to financial or credit card information, which they say are kept separately in encrypted format.

Ebay does not seem to be too concerned about this stolen personal information like postal addresses and dates of birth, as they assert the stolen identities could not be used to access other companies owned by the auction site, including PayPal or GumTree.

But others have different thought saying that the repercussions of this data theft could be felt for a long time after the break-in since we are dealing with identity theft.

The fact is that someone in now claiming to have a copy of the Ebay’s stolen database and is selling that for 1.45 bitcoin (£447) via the website Pastebin.

Ebay took two months to discover it had been hacked as no unusual activities were detected until May.  Apparently a couple of employees company identities were stolen in February, after that the compromised database, which included eBay customers’ names, encrypted passwords, email addresses, mail addresses, phone numbers, and dates of birth, was hacked between late February and early March.

Ebay realized the attack just recently after the repeated attempts to access a database that was restricted for the two identities.

Now some customers are complaining on eBay Community forums saying that they didn’t receive much information about the breach from eBay and have yet to get notifications by email, which the company has promised to do.

The good part is that apparently Paypal doesn’t seem involved in the security attack.

Nevertheless this is another warning call for organizations that need to take an very careful approach to internet security, hacker are more and more capable and keen to get sensible data.

With just under 3 months to go until Microsoft stops supporting Windows XP, it’s worth starting to plan what your business is going to do as the deadline draws nearer. That is, if you are still using it.

Perhaps you think that if you just continue as you are that “everything will be alright”, or have the attitude of “she’ll be fine mate, we’re careful”.

But if you’re approaching your business IT solutions in this way, it can be a nasty wake up call for you when issues arise and you can’t continue trading due to the loss of data or funds.

So here are some things to think about if your business still uses Windows XP:

Running a small to medium business can be daunting as you juggle staff, clients, products, suppliers, finances, and the list goes on.

While you’re busy doing all of the above and more, have you ever thought about your business security and the risks that can be posed by your ex-employees? Do you have an exit strategy for your business where staff are given an exit interview, keys handed in and then all computer access removed for them?

Feel free to contact us

 

Ask us a question about Fully Managed IT and the support we can offer your business.

TALK TO US TODAY

Our Partners

Go to top