National Cyber Alert

cyber attack get protected CR-T

This is a National Cyber Alert! All systems behind a Hypertext Transfer Protocol Secure (HTTPS) interception product are potentially affected.

Detecting malware that Uses HTTPS CR-T

Detecting Malware that Uses HTTPS: 

As of 8:40am 3/16/2017, Homeland Security released a statement titled TA17-075A: HTTPS Interception Weakens TLS Security.

This is what is being reported concerning this National Cyber Alert:

“A recent report, The Security Impact of HTTPS Interception [2], highlighted several security concerns with HTTPS inspection products and outlined survey results of these issues. Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding client data, allowing the possibility of a MiTM attack. Furthermore, certificate-chain verification errors are infrequently forwarded to the client, leading a client to believe that operations were performed as intended with the correct server.” – Homeland Security

Contact CR-T to resolve and address these issues or with any questions relating to this matter.

 

Alert: Was Your Device One of Over a Million Breached By New Android Malware?

Gooligan is able to steal the authentication tokens that are required to access data contained in many of Google’s popular offerings, including Drive, Docs, Gmail, and the G Suite.

However, it would seem that, instead of extracting personally identifiable information, the culprits have elected to install malicious Google Play apps to generate fraudulent ad revenue. Reports have said that this modus operandi nets the attackers about $320,000 every month, and that Gooligan may be the biggest recorded breach of Android devices, ever.

This makes it all the more fortunate that Gooligan has, as of yet, shown no signs of stealing any of the data it could potentially have accessed. Google has even gone on record in their belief that, “The motivation… is to promote apps, not steal information.”

While Google has since removed the apps that include Gooligan from the Play Store, there could potentially be countless more similar threats, lurking in wait of their next victim. This means that, should your employees be able to access the Play Store on their work devices, your business could be a potential victim.

Therefore, every member of a business should be informed of the seriousness of clicking around mindlessly when using a business device. Institute a policy of only allowing business-related apps on company devices, and require any BYOD devices to be thoroughly vetted by IT.

Do you have a plan to prevent unauthorized applications from appearing on company devices? Let us know in the comments!

Hackers Use Social Media to Scam Employees Into Handing Over Company Data

Social media pushes users to share their information in online profiles that may (or may not) be viewable to the public. If the public includes hackers, they may attempt to use personal information like home addresses and email addresses for phishing scams. What social media sells people is that it’s “okay” to put your information online because it’s good to be social with your friends and others online. People have learned to trust social media, which may not be a good thing. Plus, since most of your employees likely have social media accounts, will they be putting your data at risk?

In other words, social media just becomes another outlet that can be used to stake out your organization’s data. Of course, you could always just block access to social media on your organization’s workstations, but employees can still use these services even while disconnected from your network via their mobile devices.

Hackers might role play as an employee’s long lost friend from the good old days and use the identity to extort money for “financial troubles.” Another option is that the hacker might try to make off with passwords, usernames, or other sensitive information. If accounts are compromised, it’s safe to assume that they are being compromised for a reason, like spreading threats via messages or malicious links.

Simply put: Social media is not to be trusted.

While businesses understand that social media can be a time sink for their employees, they don’t understand that it’s a legitimate threat that can become a major problem. The fact remains that Facebook users won’t suspect that threats are waiting on trusted websites–including social media–to infect their systems. Thus, you can never be too careful with your organization’s assets, and you need to educate your employees on how to identify threats of all kinds; and the more your business grows, the more likely one of your employees will slip up.

If your organization is nervous about network security, our trusted professionals would be happy to assist you. What you can start with is educating your staff on security best practices. Once they know how to identify threats (like those found on social media), you’ll need solutions designed to mitigate them. COMPANYNAME can equip your small business with enterprise-level solutions designed to optimize security. To learn more, reach out to us at PHONENUMBER.

A Zombified Botnet is as Scary as it Sounds

Botnets are often-malicious groups of computers that have been infected by a malware that allows for command-and-control functionality from a single-host server. Owners of infected computers often can’t tell that their system has been compromised and they don’t find out until it’s too late to do anything about it. The computers can then continue to spread the infection to as many systems as possible, or use the amount of traffic generated to perform a DDoS attack on a specified target. The infected computers relentlessly ping a website or server until it collapses beneath all of the traffic. Some hackers will even use botnets to generate massive revenue via click-throughs on website ads.

One of a botnet’s most dangerous traits is its accessibility. Anyone who wants to take advantage of a botnet can do so with relative ease. For the average user, DDoS-for-hire botnets are popular and available at a reasonable price. The most dangerous part of this is that they require practically no experience whatsoever, making even a would-be hacker a threat. These DDoS botnets have been estimated to be behind up to 40 percent of all attacks on networks.

It’s safe to say that those who partake in these attacks are usually out to make a bit of chaos, but more powerful, sophisticated botnets are used by government agencies and criminal organizations for various purposes. Attacks of this scale are much more expensive and difficult for the average hacker to use, and the resulting scale of the attack is a testament to this. These botnets can perform DDoS attacks that exceed several GB/second. Corero Network Security found that there has recently been a 25 percent increase in attacks of 10GB/second or higher–unnerving numbers, to say the least.

Rather than one of these immense state-sponsored botnets, you’ll probably be more likely to encounter a typical zombified botnet. Yet, even these are still dangerous, as a botnet will often be sent out into the wild to infect and subvert other computers. One potential use for these botnets is sending spam to spread malware, allowing for the infection of even more systems to bring into the botnet. As the botnet grows, the problem becomes more difficult to deal with.

Botnets and DDoS attacks in general can be challenging to protect against, but your business doesn’t have to face them alone. You can implement enterprise-level security solutions that are designed to keep malware-spreading spam out of your inbox, and with a remote monitoring and maintenance solution, you can have an outsourced pair of eyes on your network traffic at all times. This helps your business focus on operations rather than bracing from an incoming attack.

COMPANYNAME can provide your organization with the tools needed to keep these advanced threats at bay. To learn more, reach out to us at PHONENUMBER.

This Halloween, Dress Like a Hacker and Terrify Your IT Administrator

Tricks of this nature are categorized as social engineering, and unlike a child dressed as a ghoul on Halloween, scams of the social-engineering variety are much more difficult to spot. When it comes to protecting yourself from these targeted scams, it’s imperative that you know what to look for. Also, in the same way you check your kid’s trick-or-treat candy for anything that might be harmful, you need to view unsolicited digital communications with a degree of healthy skepticism.

Unfortunately, social engineering tactics like phishing scams work, which is why hackers increasingly use them. This begs the question; why is it that users so easily fall for these scams, even if they’re aware of the security risks? Researchers from the University of Erlangen-Nuremberg in Germany sought to find this out by studying the reasons why people click on malicious links.

The findings were presented by Zinaida Benenson at the most recent Black Hat convention in Las Vegas. Benenson attributed the “success” of a malicious link to the hacker’s ability to understand the circumstances of the scam, and personalizing the link to appeal to their victim. “By a careful design and timing of the message, it should be possible to make virtually any person to click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message content and context.”

Translation; even with proactive training and education, the best employee could potentially click on a link if doing so fits into their current interests or piques their curiosity. ZDNet uses the example of a partygoer who attended a recent event and then receives an email containing a link to photos of the party. Naturally, the user will want to click on the link, regardless of where it’s from. In this example, the hacker effectively appeals to the natural curiosity of what might be contained within; when coupled with such personalized context, it’s almost guaranteed that they’ll click it.

Another example would be an employee who’s experiencing technical trouble with a workstation. They’ll then receive an email from “tech support” suggesting they click on a link and download remote access software. If the employee is frustrated and they can’t get their PC to work properly, they will follow the email’s instructions for two reasons: 1) The context fits the situation, and 2) People tend to trust tech support.

Like the work it takes to create an impressive Halloween costume, these hacks rely on a level of preparation and cunning by the hackers. This kind of personalized attention makes social engineering scams particularly challenging to protect oneself against.

Essentially, the possibilities for you and your employees to be tricked by spear phishing attacks and end-user errors are limitless, so long as a hacker knows how to appeal to what a user cares about. At the end of the day, having a staff that knows how to spot a trick, and a network that’s free from scary threats, is the greatest treat a business owner can ask for.

Have a safe and Happy Halloween from all of us at COMPANYNAME.