by Felicien | Jul 31, 2019 | Education
How familiar are you with all of the types of cyber attacks your company can become a victim of?
The list of companies who have faced a cyber attack recently is long and growing longer. Equifax, British Airways, Cathay Pacific to name just a few. In 2018 alone, the Ponemon Institute measured the costs of these data breaches at $3.86 million per incident globally. Recently, a cybersecurity trends discussion for 2019 with Check Point stated that it would be another year of hard-hitting cybersecurity attacks and breaches.
Security companies such as Check Point, a multinational provider of combined hardware and software products for security, is based in Israel. And they are searching for new ways to better secure IT. Their global chief of threat detection, Orli Gan, states that the solution will come from manufacturers, law enforcement and government, not from companies like Check Point. The cybersecurity company predicts that every company will become a victim of a cyber attack in 2019.
Gan stated to Verdict: “You can just choose whatever name you want, any company in the world and they either were, or are, or will be hit by a cyber attack.”
Fastest Growing Crime is Cyber Crime
When comparing cybercrime in 2019 to the popular heist film series Ocean’s 11, Gan stated that cybercrime is far more lucrative and less risky way to make money than a heist. Cyber attacks come in two formats:
Attacks that are to make money
Attacks to make a point (hacktivism)
When the cyber attacks are instigated by nation-states, they are morally ambiguous. It’s hard to know who is the good guy or bad guy.
Cyber Attacks by Nation-States
September 2018 – Check Point discovered an Iranian state-sponsored mobile surveillance operation against Iran’s own citizens called “Domestic Kitten.” Iran claimed that the attack was begun in 2016 and was using decoy content to get people to download mobile apps with embedded spyware. Those apps then collected sensitive information about targeted citizens including Kurdish, Turkish and ISIS supporters.
Lazarus, North Korean cyber hackers, are also politically motivated. In September 2018, a report showed that its worldwide attacks on U.S. and South Korean websites including Sony looked to be funded by the Kim Jong-Un regime.
2016 Election hacking in the U.S. from Russia caused concerns for democracy in several countries.
In October 2018, the UK government reported that Russian military intelligence was the actor behind a string of cyberattacks.
As a result, cybercrime experts advised to strengthen cybersecurity capabilities instead of using political sanctions. Despite warnings, it looks as if Russia will attempt cyberattacks in 2019 and 2020 elections.
Cryptomining Overtaking Ransomware
Routine, day-to-day cyber attacks are designed to earn money for the cyber criminals. This is becoming more used than ransomware which was bigger in 2017. One virus, WannaCry ransomware virus, infected computers in businesses, hospitals and schools in 150 countries.
“We see a quite steady decline in 2018 in the use of ransomware. It’s definitely not gone but it’s slightly more targeted these days towards companies that are more likely to pay significant amounts of money for the data they stand to lose,” Gan reported.
Instead, cryptomining is on the rise into 2019. This malware allows cyber criminals to hijack the victim’s central processing unit (CPU) to mine crypto currency, using up to as much as 65 percent of the CPU’s power. This type of attack was the leading attack in 2018, with 42 percent of global organisations hit between January and September, over double the 20.5 percent hit in the second half of 2017. The opposite of a ransomware attack, cryptomining is a stealth crime as it’s perceived by victims. Criminals like it more than ransomware, because it’s easy to begin, hard to trace, and has a long-term earning potential.
Crypto Currency Monero
The top three most common malwares seen in 2018 were crypto miners mining the Monero currency, says Check Point. Monero is preferred over Bitcoin because unlike the more well-known cryptocurrency, Monero is effectively untraceable and can use typical computer hardware very effectively for mining, while Bitcoin requires custom-made and optimised chips.
The cryptocurrency Monero has privacy features that cloak its transactions. When someone sends you Monero, you can’t tell who sent it. If you send Monero the recipient will not know who it is from. Bitcoin isn’t anonymous; people can trace every Bitcoin block, address and transaction. Bitcoin is not truly anonymous, so people can search for and trace every Bitcoin block, transaction and address.
Phishing in 2019
Phishing, one of the most common online fraud tactics, can easily get ahold of private information including credit card details, usernames, and passwords through email. In the third quarter of 2018, RSA detected 38,196 fraud attacks worldwide including phishing scams. Even with an awareness of phishing, many people still fall for these fraudulent attacks to get personal information. These crimes increase during the holiday season when many people are online shopping, especially Black Friday (Friday after American Thanksgiving) and Cyber Monday (Monday after American Thanksgiving). Without the proper malware attachments, these phishing emails often slip through other cyber defences. In fact, cyber security company Agari found that 54 percent of email phishing attacks use a well-known brand’s name to deceive recipients including Amazon, Microsoft, and Bank of America.
How Can an Organisation Protect Itself?
If you own or work for a company looking to protect itself, there isn’t a single approach that will guarantee success.
“You have to understand the complexity of the problem, you have to address the different angles in different capacities, and you always have to have multiple advisories and engines that combined can give you that accuracy that you require from a product that you’re actually going to use. Accuracy is number one in order to be practical because when you’re not, the reality is that people in the organisation will start getting angry – ‘I needed that email but it was blocked by your security system,” according to Gan.
Can We Win the War Against Cyber Crime?
In summary, With the rapid development of technology, that question is difficult to answer. Check Point is skeptical that cyber security can eradicate cyber crime. Gan states that the solution should be a three-part defence that involves government regulation, law enforcement, and manufacturers. We must regulate manufacturers of electronic devices to require them to use operators that comply with security requirements. And law enforcement has to hunt down and punish cyber criminals.
Melvin Felicien,
A seasoned engineer, who focuses on security, effeciency and ensuring that technology is being used effectively within its defined scope
by Felicien | Jul 31, 2019 | Education
Check Your IoT: URGENT/11 Zero-Day Vulnerabilities Impacting 2 Billion Devices
It was only a matter of time before connected devices become a target. The current vulnerability allows remote attackers to gain full control over IoT devices.
Security professionals have known that connected devices are a risk, but the latest news around the URGENT/11 vulnerabilities may surprise even the most hardened security professional. Over 2 billion connected devices are thought to be vulnerable, including a range of printers, VOIP phones, routers, medical equipment, firewalls, elevators and industrial controls. Any connected device that is running the VxWorks operating system created by Wind River has the potential to be affected, allowing users to remotely gain control over the device.
URGENT/11 Vulnerabilities
Dubbed “URGENT/11”, these security risks include six critical vulnerabilities connected with VxWorks 6.5 or higher that includes the IPnet stack. There are a few versions of the OS that may not be affected, according to security research firm Armis, such as their VxWorks Cert Edition and VxWorks 653. Whether devices are within the network perimeter or on the edge, they can still be leveraged for remote access directly into networks. The vast range of manufacturers of the devices at risk means the level of security at the device level is likely to vary dramatically between product types. Fortunately, Wind River Systems provided critical patches during a recent July 19 release, but that may not be enough to reduce the risk for organizations utilizing these connected devices.
What is VxWorks?
“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, vice president of research at Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses”. As an RTOS, or real-time operating system, VxWorks has generally been considered to be a stable solution for IoT and other interconnected devices with only 13 vulnerabilities reported in over 32 years of operation for the platform. Since it is only older versions of the RTOS that are vulnerable to attack, it’s thought that newer devices should be relatively safe and many affected devices are already reaching end-of-life. These devices are generally ones where chipsets only need to manage a few basic pieces of information, such as input/output operations, where little data processing is required.
How to Protect Your Business
While officials at VxWorks and Armis note that there are no indications that the URGENT/11 vulnerabilities have been exploited, the extreme disruption that could be caused within an organization is reason enough to warrant a proactive effort to protect your organization. Here are the recommended steps from Wind River security professionals and engineers:
Apply the recent patch immediately
Deploy specific firewall signatures/rules that will help mitigate the danger if patches cannot be applied immediately
You can view the full URGENT/11 whitepaper with a breakdown of the vulnerabilities and suggestions for remediation online. Experts note that the level of disruption could be significant, perhaps even rivaling the EternalBlue 2017 vulnerability or the WannaCry ransomware attack. In each of these instances, it was challenging for many small businesses to determine the best steps to move forward and protect their organization.
Partnering with an IT services firm helps ensure that your business is alert to this type of critical attack vector. Staying vigilant for vulnerabilities and quickly applying patches may mean the difference between a few hours of work patching devices or servers and months of remediation as you attempt to recover from a major attack.
by Felicien | Jul 30, 2019 | Education
Organization Shouldn’t Be Complicated
Out of all of Microsoft’s Office programs, Excel is one of the most universally used. What started out as a fairly basic spreadsheet program has evolved into a must-have business tool. However, the more you use Excel, the more data your workbooks will accumulate.
Keeping these workbooks organized and easy to navigate can be a challenge. We can help with that. Check out our short Excel: Tips and Techniques for Managing Workbooks training video, available to you free and on-demand.
Simply Click Here.
Watch at your leisure, and say goodbye to your Excel frustrations.
by Felicien | Jul 30, 2019 | Education
Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada
On July 29, 2019, Capital One reported that their customers’ confidential information was compromised. This includes the Social Security and bank account numbers of more than 100 million people and small businesses in the U.S., along with 6 million in Canada.
The McLean, Virginia-based bank discovered the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. They waited until July 29 to inform customers.
How Did The Hacker Get Into Capital One’s System?
According to court documents in the Capital One case, the hacker obtained this information by finding a misconfigured firewall on Capital One’s Amazon Web Services (AWS) cloud server.
Amazon said that AWS wasn’t compromised in any way. They say that the hacker gained access through a misconfiguration on the cloud server’s application, not through a vulnerability in its infrastructure.
Capital One says that they immediately fixed the configuration vulnerability that the individual exploited and promptly began working with federal law enforcement.
Who Breached Capital One’s Data?
Paige A. Thompson, a former software engineer in Seattle, is accused of stealing data from Capital One credit card applications.
Thompson was a systems engineer and an employee at Amazon Web Services from 2015 to 2016. In a statement, Amazon said that she left the company three years before the hack took place.
The FBI arrested Thompson on Monday, July 29 for the theft, which occurred between March 12 and July 17. Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an August 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.
What Information Was Compromised?
Thompson stole information including credit scores and balances plus the Social Security numbers of about 140,000 customers and 80,000 linked bank account numbers of their secured credit card customers. For Capital One’s Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised.
The largest category of information obtained was that of consumers and small businesses when they applied for one of Capital One’s credit card products from 2005 through early 2019.
Capital One said, some of this information included names, addresses, phone numbers, email addresses, dates of birth and self-reported income.
Other data obtained included credit scores, limits, balances and transaction data from a total of 23 days during 2016, 2017 and 2018.
This is one of the top 10 largest data breaches ever, according to USA TODAY research.
What Is Capital One Saying About The Breach?
They will offer free credit monitoring services to those affected. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual” but committed to investigating the hack fully.
They’ve set up a consumer website about the breach at www.capitalone.com/facts2019 that you should refer to if you’re worried that your information was compromised.
Capital One expects that this hack will cost them approximately $100 million to $150 million in 2019.
What Should Capital One Customers Do?
If you’re a Capital One customer, you should check your account online. You should also freeze your credit through each of the three main credit bureaus: Experian, Equifax and TransUnion.
It’s important to remain vigilant. Businesses should sign up for Dark Web Scanning to detect whether your confidential business information is there for cybercriminals to use.
Prevention is always the best remedy. Ask your IT provider to ensure your that your firewall is properly configured and to continuously remotely monitor your network for intrusions.
by Felicien | Jul 30, 2019 | Education
Major Fines for IT Data Breaches
Outdated machines, software or employee practices can lead to major security problems. These big companies faced painful fines for their IT mistakes.
As companies increase their online activity, data collection and eCommerce, the stakes will continue to rise. Companies that are lax, poorly prepared or sloppy are facing disastrous tech breaches. Equifax, Uber, TJX and Visa are just a few of the companies that have had to face hefty payouts for data breaches. The public relies on companies to act professionally and secure their information. Many companies that face a security breach or lost data will not be able to stay in business.
With a security breach, the customer’s trust is lost. Not only will the reputation harm business, but fixing the issue will cost more than preventing it. Fines and payouts will also add to that cost. And, the more consumers affected by a major problem in the company’s security, the more painful the clean up. You can’t afford to slack when it comes to IT security.
Equifax Data Breach Settlement of $700 Million
The infamous Equifax data breach of 2017 has lead to 147 million affected customers. The settlement announced by the credit reporting company included $175 million to 48 states, $300 million towards free credit monitoring services for the impacted customers and $100 million to the Consumer Financial Protection Bureau for civil penalties.
Federal Trade Commission (FTC) Chairman Joe Simons said, “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
Facebook Faces $5 Billion in Fines for Privacy Violations
The FTC smacked Facebook with a $5 billion fine for the Cambridge Analytica incident. This privacy violations fine was in response to personal data taken from over 87 million Facebook users to create more persuasive and personalized ads.
Uber Faces $148 Million in Fines for Covering Up Hacked Accounts
In 2016, Uber had over 57 million user accounts compromised–and then tried to cover it up by paying the perpetrator $100k. This lead to the largest data-breach payout at the time of $148 million because they broke data breach violation laws.
Anthem Faces $131 Million for Data Breach of Customers
When the US health insurer Anthem was hacked in 2015, over 79 million customers had their names, birthdates, social security numbers and medical IDs compromised. The company paid out $115 million in a class-action lawsuit in 2017 regarding the breach. The US Department of Health and Human Services fined them an additional $16 million for HIPAA (Health Insurance Portability and Accountability Act) violations.
TJX and Visa Pay Out $40.9 for Data Breach
When over 96 million credit and debit accounts were hacked in a widely-publicized data breach that lasted from 2003 to 2007, TJX promised pay outs. This came under the terms that 80% of card issuers agreed to the recovery offer and promised not to take further legal action. TJX agreed to fund the settlement as a resolution to those U.S. Visa holders with cards from taking further legal action. This amount was not part of the $256 million the company said it had budgeted to deal with the breach.
Texas Cancer Center Fined $4.3 Million for Unencrypted Equipment
Between 2012-2013, the University of Texas MD Anderson Cancer Center lost one unencrypted laptop when it was stolen from an employee’s house and two unencrypted USBs that contained sensitive patient data. The health information of over 33,500 individuals was compromised and the center faced a $4.3 million fine for HIPAA violations.
FMCNA Fined $3.5 Million for Five Data Breaches
In 2012, Fresenius Medical Care North America (FMCNA) was fined $3.5 million for HIPAA violations after five separate breaches in different company locations. The Office for Civil Rights noted that FMCNA could have avoided this with a thorough risk analysis to find the potential risks and vulnerabilities. Many of their breach problems included lacking security policies and failing to encrypt sensitive health data.
A good company will take proactive IT security measures with a great tech team. By outsourcing IT security through a managed IT service company, you can get the best security without hiring a team full-time. Your IT team will provide an audit of your company to help you find the places where your security, devices or practices might be a threat to your company. Ensure you are using the right equipment and your employees are trained to meet compliance standards, privacy laws, customer expectations and more so your company can succeed.
by Felicien | Jul 30, 2019 | Education
Phishing Attacks Target OAuth Credentials to Gain System Access
Discover how an increasingly popular authentication process, OAuth, can be exploited by hackers and wreak havoc on applications and access sensitive data.
What Is OAuth?
OAuth is a widely used framework that allows applications to share access to assets. It lets unrelated services and servers to allow authentication without sharing the initial single login credential. It’s often referred to as secure third-party user agent delegated authentication.
OAuth lets you access a resource — secure password-protected sections of a website, for example. Once the access is granted it remains in place until revoked, even if passwords or reset or 2-factor authentication changes.
It’s the technology that allows you to log in to a website or an app using Facebook or Google credentials. Instead of creating and using a password for, say, ESPN.com, you can log in using your Facebook account. Facebook, Google, Microsoft and Amazon are among those that use OAuth to allow access to other platforms as well as their own.
OAuth does not share password data across sites, but it does share the authorization tokens to confirm your identity.
What Is the Oauth Phishing Attack?
The OAuth tactic is unlike those used in traditional phishing attacks. By targeting the authorization tokens, hackers can essentially act as a compromised account holder throughout any platform on which the hacked person uses OAuth.
A hacker can create a simple app that is loaded into an email message. When users click on the phishing email, they can inadvertently allow access via the OAuth protocol.
“These techniques have been observed in sophisticated attacks in the past1 but are becoming easier to execute and are gaining in popularity,” notes a recent article.
What Can Attackers Do if a Phishing Attack Is Successful?
A successful phish attack lets a hacker do any number of things, depending on the resource to which access was granted. For example, if access is granted to your Microsoft Office or Office 365 account, a hacker could:
Search your mailboxes
Read your email messages
Download messages and any attachments
Search for keywords in your email and extract that data
Send messages on behalf of your account … to anyone
Access your contacts
Search shared drives like OneDrive and Sharepoint, read documents and download and extract files
Create malicious Outlook rules
Inject disruptive macros into stored Word documents
Create and install filtering and forwarding rules
Data accessed, reviewed and stolen can have severe consequences, as could macros and rules that make it difficult or impossible to use these common office productivity apps.
What Can Be Done to Defend Against a Phishing Attack?
More platforms are using OAuth to make it easier for customers or users to access information. That proliferation of uses means more opportunities for hackers. It’s likely that the number of OAuth phishing attacks is likely to grow.
The best defense against OAuth and other phishing attacks is awareness. Employees and other users need to be aware of the risks and potential outcomes of a phishing attack.
That means training and simulations that help users look for telltale signs of a phishing attack, such as poor grammar and spelling and the use of an unusual email address. Explaining how OAuth phishing attacks work also helps to raise awareness and let users take a skeptical approach to providing those credentials if something doesn’t feel right.
Your organization should also make it easier for employees to submit any suspect email messages that they believe are a phishing attempt.
Some other recommendations are:
Limit the number of third-party apps that can 3rd party apps that your network accepts
Disable any third-party apps across the organization that are unnecessary
To identify rare or suspicious instances, search for and monitor all consented applications
To reduce the likelihood and impact of an OAuth phishing attack, be sure to work with your managed IT services provider to ensure that training, anti-phishing solutions and monitoring are in place for your entire network.
