Categories:
Category : Security

How Quickly Cyber Criminals Can Take Over

In a recent BBC article, they explain how easy it is for cyber criminals to take over a vulnerable server. And don’t think they aren’t targeting little guys, because they are using automated tools, you’re just as vulnerable as a Fortune 100 company for many attacks.

A test was done by a company that does cyber security to see how quickly a new server with vulnerabilies would be found out and exploited. Withing two hours of putting the server online, bots had found it, and laid siege to the network. Then within 15 seconds, they “Owned the network”

The articles states:


Within 15 seconds of getting access, the bot:

  • sought out and exploited several known vulnerabilities
  • scanned the network to which the server was connected
  • stole and dumped credentials for other vulnerable machines
  • created new user accounts for its creators to use

“It completely owned the network in an automated fashion,” said Mr Rustici.


If that doesn’t get your attention, I don’t know what will.

Full Article Here: http://www.bbc.com/news/technology-43788337

Ransomeware Still a Big Problem

In a recent article from the BBC, they discuss the fact that ransomware is still a huge problem, accounting for 40% of successful breaches. Not only that, but the criminals are targeting small firms too! [See Article Link Below]

So, what can you do about?

  1. Make sure your employees are well trained in how to detect spam in the email.
    • Basically don’t click links you didn’t request or aren’t expecting.
  2. Make sure your firewall is properly maintained
    • Ports should be closed if not needed
    • VPN’s should require two-factor authentication and password complexity
  3. Keep Anti-Virus working on your computers
  4. Have someone to call if you need help.
    • Have a trusted person you can discuss potential threats or weirdness with. Build a relationship now before you’re in a crisis. If you wait for a crisis, you will be needy and depending on who you talk with, you may buy a lot more than you need.

 

http://www.bbc.com/news/technology-43713037

2018 Cyber Crime Update

2017 was a crazy year for cyber crime and cyber security. WannaCry hit every continent and most modern countries (See image below), reminding us that bad guys were out there and were just an IP ping away.

So, what should we expect from 2018? Less ransomware, more IoT attacks, and more memory and chip attacks. According to SonicWall’s 2018 Cyber Threat Report, there is a global arms race going on that businesses like yours and mine are getting caught in. “Governments, enterprises and individuals are in the crosshairs of a global cyber arms race,” says Bill Conner, CEO of Sonicwall.

The Risks to Business

He goes on to say that cyber related risks are becoming a top risk for businesses: “The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns.” and Lloyd’s of Lundon (massive insurance agency) agrees with them “There are substantial insurance gaps, as a majority of cyber risks are not covered by any form of insurance,” says Lloyd’s of London CEO Inga Beale. “Just like natural catastrophes, cyber events such as hacker attacks or internet failures can cause severe impact on businesses and economies.”

So be ready, make sure you have an updated firewall in place that is properly setup, antivirus on your computers, a good password manager, and cross your fingers…

Countries infected by WannaCry

BitCoin Mining: Warning to the miners

If you are mining Bitcoins, you may want to reconsider. A new study from RWTH Aachen University shows that the ledger used to verify transactions includes illegal content, such as child abuse imagery. The ledger is stored locally on the miner’s computer, and because that content is on your computer, you are liable for it…. We’re still in the beginning of Bitcoin, don’t get too carried away.

Study: https://fc18.ifca.ai/preproceedings/6.pdf

Why You Need to Clean Up your Computer

The Norton Community recently posted a good blog on why you should clean up your computers [See Blog Here]. Here’s a brief summary on what you need to do and why it matters:

Why you need to:

  1. Outdated and unused software can be a vulnerability to cyber criminals
  2. Have a clear backup system will help you recover from hardware failures and viruses easily and efficiently
  3. Being aware of what’s supposed to be on your computer, will help you realize when there’s something you didn’t ask for
    1. These programs could be sucking up your resources (at best), or (at worst) doing malicious things
  4. Keeping programs and operating systems up to date helps to keep your computer secure from known threats

What to do:

  1. Clean up unused programs
    1. Go into your “control panel” –> “programs and features” and look over all the programs you have installed and delete programs you no longer need, or that you don’t think are supposed to be there.
    2. You can sort this by “Publisher” or “Installed On” to see what’s recently come through.
    3. Typically, anything that says “Toolbar” is a good idea to just delete. Just use the built-in toolbar from Chrom or Opera
  2. Look into your backup software ( if you don’t have one, check out ShadowProtect, they have good reviews and a decent pricepoint)
    1. Has it been running effectively?
    2. Is it working the way it should?
  3. Checkout your Anti-Virus/Anti-Malware
    1. If you’re a single user, Windows Defender (Free and built-in) should be just fine. If you’re an enterprise, you’ll want something more robust
    2. Is the AV/AM updating regularly?
    3. Has their been any threats detected?
  4. Check your Windows Updates
    1. Have they updated successfully?
    2. When was the last time you checked?
  5. Run your defragmentation
    1. Good idea if you feel your PC slowing, or you have used a lot of data. This won’t work if you have a solid-state drive, but those are super fast anyway and can’t get fragmented (or, technically, they are already fragmented but it doesn’t matter).

Security Alert: “Locky” Crytpolocker Virus

10 OTIwMDExODMxOS5qcGc=NBC and several other news organizations reported Wednesday in an article about an encryption virus that has hit several U.S. Hospitals and crippled them so much so that they are seeking to pay the perpetrators to unlock their data.  This is a staggering reality that saddens and angers me as an IT security professional.

What is an encryption virus?

Cyber attackers have developed a virus that will silently work through all common documents contained on your hard drive  and encrypt them beyond recognition.  Basically this means that all the 1’s and 0’s that make up your document files are scrambled according to a complex equation that makes reordering them almost impossible without a unique code.  Once this process is complete and all your data is scrambled, you’re notified of this and asked to provide a sum of money to get the code to unscramble your data.  There is typically a timeframe of 48 hours or something before the code is lost for good.

What can you do to prevent this?

Like any cyber attack, it usually requires you to open something.  Be very careful of what emails you’re opening, or what windows you respond to on the Internet.  As noted in the NBC article above, viruses usually hide themselves as PDF’s in emails posing as invoices.  Many people think invoices are important and will often open them without question.

What can you do once infected?

Once this data is encrypted there is really no hope of unscrambling it.  Your options are to pay the ransom, or in the best case retrieve the data from backup and tell the cyber attackers to bug off.  I recommend the latter.

How should I respond.

The article above is saddening for two reasons.  1: Because of the devastation caused for everyone involved in cleaning up the mess.  The panic, the anger, the loss of time and money are all things that organization, especially hospitals, don’t need to suffer.  2: because the hospitals in the article are considering paying the ransom.  This is funding terrorism and furthering the research and development by cyber attackers for more sophisticated attacks.   If no one paid, the hours of development and administration that goes into supporting this kind of cyber-criminal activity would be useless and these programmers would move on.  But some people pay large sums of money because they panic, and they didn’t have a plan when the attack hit.

We come across encryption viruses every so often on a business network.  So far we have had our customers critical and server shared data back within the hour.  We then take the desktop or laptop that was infected and totally rebuild it for the person to have them back up and running in a safe environment within 24 hours.  At Velox Systems, we spend a lot of time and energy making sure our customers have good backups at several points throughout the day so we know that if the unthinkable happened, we can get our customer back up and running in a reasonable time to sustain business.

 

 

 

VIRUS, MALWARE, TROJAN, WORM… SO WHAT’S THE DIFFERENCE?

There are several types of threats out there that you probably hear about on a regular basis from the new media, social media, or internet forums. There are two basic categories to this, viruses and malware. Of course, by its definition viruses are malicious software and therefore could be considered malware, but in technical nomenclature we single out viruses as their own category.

The truth is that in the last five years, malware has become much more prominent than computer viruses and we see it more and more every day. So what is the difference between a Virus and Malware?

A Virus is a self-replicating software that causes your system to malfunction and tries to copy itself to other systems on your network to destroy as much as possible. Viruses are spread through email, network connections, and black-market websites.

Malware is software that is aimed at making the developer money. Malware can log your keystrokes such as when you log into a banking account. Malware can collect sensitive data on the network, or it can try to get you to provide sensitive information by prompting you. This information is then packaged and sent back to the developer for their use to exploit you, advertise to you, or otherwise spam you with further money-making schemes.

So what can you do to prevent attacks?

  • Stay away from any questionable sites that harbor viruses and malware. Any site that offers information for illegal or inappropriate activity are a source for malicious software. These include hacking sites, pirating sites, torrents, adult sites, “free” TV episodes or movies, etc.
  • NEVER provide your credit card information or banking account information to any software application on your system.
  • ALWAYS make sure your banking website looks exactly as you expect. If you see any strange images or spelling, it is probably not authentic.
  • If you ever notice suspicious behavior on your system, please contact the helpdesk immediately.

Avoid email-borne virus

Several customers have reported getting an email containing a Dropbox link. These emails are coming from people they know. This is likely a result of the senders email being hacked and used to send malicious email to the victim’s address book on behalf of the spammer.

Two things you need to watch out for:

  1. AVImageBe very cautious opening an email containing a link to Dropbox.  This is a common means of getting you to download malicious software
  2. Don’t be a victim of this kind of attack!  Ensure your email password is complex for services such as Gmail, Microsoft email, Hotmail, etc.  Check out our post on password security published last year: PASSWORDS EXPLAINED – WHY SHOULD MY PASSWORDS BE COMPLEX?

A FALSE SENSE OF SECURITY: BUSINESS CONTINUITY VS DISASTER RECOVERY

A False Sense of Security: Business Continuity vs Disaster Recovery

ANYONE CAN PROMISE DISASTER RECOVERY, BUT WHAT’S YOUR BUSINESS CONTINUITY PLAN?

At Velox Systems, we know our customers trust us to power and protect their most valuable assets and data.  This doesn’t just mean we promise a backup of critical data, it means that we fight to provide business continuity when disaster hits.

For instance, if your current IT System Administrator is performing a backup every night using the standard server backup software what happens when disaster actually strikes?

Will you data be recoverable? Only from the previous day.  If disaster hits at the end of the day, all collective changes over the last 6-8 hours will be lost

How soon will you be able to get the company running again? If you experience a total hardware failure of the server, you’re looking at days to replace the hardware and then hours to re-construct the server software and re-load the data. 

Many organizations can’t afford this kind of down time.  You see, it’s not about how much data you’re backing up, or even how often.  It’s about your plan to resume business operations after the disaster strikes.  This is where we focus our attention

Velox Systems offers several levels of Business Continuity solutions depending on the needs and budget of your organization.  We can provide operation recovery times in as little as just a few hours from a system-wide disaster event.

PASSWORDS EXPLAINED – WHY SHOULD MY PASSWORDS BE COMPLEX?

How would I ever remember a password like “e$K7e*lx”?  How important is your password, really?  The greatest data security systems in the world can only keep you as secure as the strength of your password used to gain access to your sensitive data.  This is why the big data storage organizations require you to choose a “Strong” password.

HOW DO THEY DETERMINE A “STRONG” PASSWORD?

Why is it that 8 characters, one upper case letter, one lowercase letter, and one number are the security standard?

If a desktop computer was given the task of breaking the below passwords, here’s how long it would take:

PASSWORD

CRACK TIME

golf 0.0000 seconds – Favorite hobby
10081975 0.025 – Birthday
fluffy23 11 minutes – Dog’s name with a number
F2luf3fy 15 hours – Dog’s name with capitol and numbers sprinkled
F2luf3f*y 275 days – Add a symbol and make it 9 characters
F2luf3f~y 1 year – Instead, add a symbol that isn’t part of the number keys

WHY DO I GET LOCKED OUR AFTER A CERTAIN NUMBER OF FAILED ATTEMPTS?

Many portals will block your account or your Internet address for 15 minutes after 3-5 failed attempts.  This prevents human efforts from breaking your password manually, but there are computer algorithms that can get around this.

WHY AM I BEING ASKED TO CHANGE MY PASSWORD?

If a computer can crack a 9-character complex password in 1 year, then changing your password often would make a successful crack statistically impossible.  This is why sometimes you’re asked to change your password every ninety days

SO HOW CAN I HAVE A SECURE PASSWORD, AND BE ABLE TO REMEMBER IT?

Take the example above of the dog’s name.  Choose some word that has meaning to you, that is also obscure and few people would relate to you.  Then sprinkle in a few numbers, symbols, and uppercase letters.  Get the word to be 8 characters or greater and then be prepared to change it from time to time for highest security.

WHAT ABOUT PASSWORD LOCKERS LIKE ROBOFORM?

We don’t recommend using password recording software.  It definitely makes life simpler, but you security is only as reliable as the software you’re using.  Also, it makes your mind lazy and you’re more likely to forget important passwords if your recording software is unavailable or crashes.