Internet Security News
Our Internet security news features the latest press releases from the world´s largest online security companies with details of the latest threats to be aware of and, unfortunately, Internet security news relating to significant data breaches. While some organizations will be grateful for the advanced warning of an online threat – and details of how to protect themselves against it – for some the warnings will come too late.
Consequently it is recommended to be protected against all manner of online threats with an email filter and web filter from TitanHQ. Our Internet security solutions prevent users from accessing unsafe sites via phishing emails and malvertising, and from visiting websites that are vulnerable to exploit kits and malware. As many organizations already using TitanHQ solutions would agree, it is better to be safe than sorry.
Nov 20, 2015 | Cybersecurity Advice, Internet Security News
Online shoppers now have the option of using Amazon two-factor authentication on their accounts to improve security. Any users concerned about the number of cyberattacks being suffered by large retailers should take advantage of the new security measure and add Amazon two-factor authentication to their Amazon account at the earliest possible opportunity.
It is not clear exactly when the retail giant implemented the new security feature, as an announcement was not made; however, some users started to notice the option this week. At the present moment in time it is not a mandatory security measure to use, but it is strongly advisable to add it to your account.
Large retailers are big targets for cybercriminals. Retailers such as Amazon may have invested millions or even hundreds of millions in data security solutions and cybersecurity protections, but no company is impervious to attack. One thing that is certain is a great many cybercriminals will attempt to break through Amazon cybersecurity defenses. The company’s colossal database of customer information would be a sizeable reward for all the effort. The retail giant has an estimated 244 million customers. 244 million credit card numbers could be sold for a considerable sum of money.
Why Amazon two-factor authentication doesn’t offer 100% security
It would be nice to live in a world where it is impossible to be hacked or have one’s account details compromised. Unfortunately, but there is no such thing as a 100% secure account because no system is totally foolproof. Two-factor authentication does however get pretty close and, even better, it is easy for companies to implement and straightforward for customers to activate.
Most of the global retailers and major internet brands use two-factor authentication for user accounts; although for some reason (only known to Amazon) the retail giant has refrained from adding this additional security measure until now. It is not a mandatory security measure and will not be added to accounts automatically. If users want enhanced account security, they can access their account settings and turn it on.
How to Add Amazon two-factor authentication to your account
Making your Amazon account more secure is a simple process. You will need to login to your account and access your account settings. The option is located in the “Your Account” dropdown menu in the upper right hand side of your screen. You will need to scroll to the “Change Account Settings” option, and at the bottom of the list click on “Edit” to the right of the “Advanced Account Settings” section.
You will be directed to the Amazon two-step authentication page. You just need to click on the “get started” option. If you enter your mobile phone number, you will be sent a code which will need to be added into your account settings. Once this has been done, no one other than yourself will be able to access your account even if your password is compromised. Unless a criminal also has your phone of course.
Retailers are being attacked with increasing regularity, so this additional security measure is strongly recommended. Target was targeted, Home Depot was hacked, and Amazon may well be the next major retailer to suffer a significant data breach. This additional security control will offer greater protection.
Nov 18, 2015 | Cybersecurity News, Internet Security News, Network Security, Web Filtering
If a user in your organization accidentally installs keylogging malware onto his or her computer, every keystroke entered on that computer – including login names and passwords – could be sent directly to hackers’ command and control servers.
This nightmare scenario could involve the exposure of a limited amount of sensitive data; however, if the malware has been installed on multiple computers, and the infections have not been discovered for a number of days or weeks, a considerable amount of data could be obtained by criminals.
Keylogging malware infection discovered by OH Muhlenberg Community Hospital
A hospital in Kentucky recently discovered that not only have multiple computers been infected with keylogging malware, those infections occurred in 2012. For three years, every keystroke entered on each of those computers was recorded and transmitted to the hackers responsible for the attack.
The computers in question were used by healthcare providers, employees, and contractors. Due to the length of time the computers were infected, it is not even possible to ascertain the data that may have been exposed and copied. Patient health information was entered, Social security numbers, health insurance information and other highly sensitive Protected Health Information. Providers would have entered their Drug Enforcement Administration numbers, state license numbers, National Provider Identifiers and other sensitive data.
Employees who logged into healthcare systems using the computers, could have had their login credentials recorded. Access to web services similarly would have involved credentials being compromised.
Such an extensive, long term keylogging malware infection could place many patients at risk of suffering identity theft or fraud, and physicians could have their identities stolen. Criminals could have used the data to commit medical fraud, insurance fraud or file false tax returns. The fallout from this cyberattack could therefore be considerable, and may cost the hospital dearly.
The danger of keylogging malware
Once keylogging malware has been installed on a computer, any data entered via the keyboard can be recorded. That information is then exfiltrated to a hacker’s server until communications with unauthorized IP addresses is blocked. In the case of the hospital, the malware was only discovered after a tip-off was received by the FBI. Agents had noticed suspicious communications between the hospital and third party servers. When the alert was issued and a security audit performed, a number of computers were discovered to have been infected.
Even when cybersecurity protections are installed, it is unfortunately all too easy for these to be bypassed. All it takes is for one user to inadvertently install malware. In the majority of cases, this action will not be noticed by the person responsible. No warning is issued about a potential infection and no flags raised by anti-virus software.
How are keyloggers installed on computers?
How can a hospital that has invested in cybersecurity defenses be attacked and fail to notice for three years? If regular scans of the hospital’s computers had been conducted, the infections may have been identified sooner. However, not all keylogging malware is easy to detect. Hackers are developing ever more sophisticated malware that is capable of evading detection.
There are a number of ways the malware could have been installed without being detected by anti-virus and anti-malware software. Since multiple computers were infected, it suggests that either an insider had installed the keylogging malware on multiple machines, via a USB for instance, or that multiple members of staff had fallen for a phishing campaign.
Phishing emails are sent out in the millions in the hope that some individuals will respond and download malware. Multiple infections suggest that an organization has been targeted using spear phishing emails. These are emails that are sent to a particular group of individuals within an organization. The subjects are researched and links to malicious websites are sent that are likely to entice the users to click. They are then directed to websites containing malicious code that installs files on their computers. Keylogging malware can also be installed via infected email attachments.
By targeting users, hackers and other cybercriminals are able to bypass robust security controls. Users are the weakest link, and it is far easier to target them than break through multi-million-dollar security defenses.
Cost-effective protection against phishing emails and malicious websites
There are two cost-effective solutions that can prevent staff members falling for phishing campaigns that install keylogging malware. The first works by ensuring phishing emails are never delivered to an organization’s employees. If the emails are blocked and are not delivered, they will not be able to respond. A powerful anti-spam solution will catch the vast majority of spam and phishing emails. In the case of SpamTitan, over 99.7% of spam emails will be captured.
Since hackers and spammers are constantly changing their tactics, and new malware is continually being developed, it is not possible for all spam emails to be captured 100% of the time. Occasionally, even the most powerful Anti-Spam software will miss the occasional email.
To ensure staff members do not respond to a request to visit a malicious website or open a malware-infected email attachment, it is essential to provide training. Training will help end users to identify the occasional spam email that sneaks past a spam filter.
An anti-spam solution will not prevent a user from clicking on a social media link to a malicious website. Ad networks can similarly contain links to malicious sites. Clicking on one of those links could result in keylogging malware being downloaded.
The second cost-effective solution to offer protection from phishing websites is web filtering software. A web filter can be implemented that will prevent adverts from being displayed or potentially harmful websites from being visited. WebTitan offers these protections and will keep end users safe when surfing the Internet. If end users cannot visit phishing websites and other dangerous sites, they will be prevented from inadvertently installing malware.
Alongside other cybersecurity protections, and the development of internal policies covering internet and email usage, organizations can reduce the probability that a cyberattack will be successful. If regular malware and virus scans are also conducted, when computers are infected, the severity of the security breach will be reduced.
Nov 16, 2015 | Cybersecurity Advice, Internet Security News, Web Filtering
Think you have to open an infected email attachment or download a file to your computer to acquire a malware infection? Not with the latest memory based malware. Drive-by attacks are taking place that do not need any user-interaction. These file-less malware infections use malware that resides in the computer memory, and RAM memory is not scanned by most anti-virus programs.
The good news is attacks of this nature are rare. The bad news is the malware is being increasingly used by cybercriminals.
Fortunately, malware that resides in the memory doesn’t survive a reboot. Unfortunately, by the time your computer is rebooted, you may have already lost your sensitive data. How often do you reboot? At the end of your working day? That could potentially give a hacker a full 8 hours to record your keystrokes or download files to your computer. A lot of damage can be done in 8 hours.
There is another problem. Hackers are now creating memory-based malware that actually survives a reboot. The malware has been configured to hook into an API. When the computer is restarted, the malware is reloaded back into the RAM.
Memory-based malware exploits security vulnerabilities in outdated software
If a user is convinced to visit a malicious website, or responds to a spam email containing a link to one of those sites as part of a phishing campaign, their computer can be infected almost immediately. A user is usually directed to a web page containing an exploit kit: The Angler exploit kit for example. Code on the website probes the users’ browser for security vulnerabilities. Security vulnerabilities in Adobe Flash or Adobe Reader could be exploited, or Java, Silverlight or any number of plug-ins that the user has installed.
However, instead of the vulnerability being used to download a file to the hard drive, code is inserted into the memory. This does not trigger an Anti-Virus program because no files are downloaded to the computer. This allows the hacker to perform a drive-by cyberattack, stealing information quickly and silently. That information could include login names, passwords, bank account information, or anything entered via the keyboard.
These types of cyberattacks are not new. They have been possible for a long time, but cybercriminals have not favored memory based malware. Unfortunately, memory based malware is being used in exploit kits that are widely available online.
Sometimes a fast and stealthy attack is preferable to a long-term malware infection. If the aim is to avoid detection at all costs, then this is one of the easiest ways to gather intel or data without setting off any alarms. High-profile targets such as governments could be targeted, and they would be none the wiser as next to no trace of an attack is left by memory based malware.
Is an attack inevitable? Can nothing be done to prevent the installation of memory based malware?
The solution is not anti-virus software, but to prevent users from visiting a website that contains the exploit kit. It may not be possible to prevent a drive-by attack once a malicious site has been visited, but it is possible to avoid visiting that site in the first place. Hackers must still direct a user to the malicious site in order for an attack to be possible. There must also be security vulnerabilities in the browser that can be exploited.
To protect your computer from memory-based malware, you must ensure that your web browser and software are kept up to date with the latest security patches. As for avoiding malicious websites that contain the exploit, a web filtering solution should be used. A web filter can block users from visiting malicious sites, or from web ads from being displayed. Website adverts are often used as a method of getting users to visit a malicious website.
Phishing and spam emails containing links to malicious sites can be prevented from being delivered using a powerful spam filtering solution. SpamTitan Technologies offers both solutions. SpamTitan Anti-Spam software protects users by blocking spam emails from being delivered, while WebTitan software can be configured to prevent users from visiting malicious websites.
The threat landscape may be constantly changing, and new exploits used to compromise computers and steal data, but fortunately the risk can be effectively managed.
Nov 12, 2015 | Cybersecurity Advice, Internet Security News, Web Filtering
If you want your employees to browse the Internet safely you should try to restrict access to websites that have a valid SSL certificate. It is now common knowledge that SSL certification means a website is secure and can be trusted; but is that true?
Does a SSL Certificate mean a website is safe to use? The answer is a definite no. The HTTPS or a SSL certificate alone is not a guarantee that the website is secure and can be trusted.
Many people believe that a SSL Certificate means a website is safe to use. Just because a website has a certificate, or starts with HTTPS, does not guarantee that it is 100% secure and free from malicious code. It just means that the website is probably safe. In the vast majority of cases the sites will be. Just not always.
Unfortunately, phishers and other cyber criminals have discovered how to exploit trust in SSL certificates. Some phishing websites have valid SSL certificates in place. This means even when you think your employees have been restricted to safe websites, they are still not protected from phishing sites. Relying on a block on sites that do not use SSL certification is a mistake, and potentially a very costly one.
It is a good idea to restrict access to unsecure websites, but further protections will be required if you want to be sure that your employees and your network are properly protected.
Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo.
Book Free DemoWhat is a SSL Certificate?
In short, an SSL Certificate is a file that permanently binds a key to a company’s website. When an SSL certificate is installed on a company’s web server, connections with that website will be secure. Information will be sent via port 443 using the https protocol.
SSL Certificates are used by websites to secure sessions with web browsers. You will be able to tell which websites have an SSL certificate in place because they will have a padlock next the web address. This means that the connection with that website is via a secure connection. The information you enter when connected to the website can be used with confidence, and most importantly, it gives an indication that the site is not malicious.
The SSL Certificate lets a website visitor know that the site is trustworthy and informs those who look that the site belongs to a specific organization. It is important never to enter credit card details or bank information if a website does not have a valid SSL certificate. That would be an unacceptable risk to take.
Facebook, Twitter, and Google use SSL certification. When you visit those sites you will see a padlock next to the URL. If you click on the padlock, you will see the owner of the site and will know that ownership has been verified.
Some phishing websites have obtained SSL Certificates – How is this possible?
Unfortunately, phishing websites with SSL certificates are becoming more common. Many certificate authorities do not have a particularly strict vetting process. There have recently been a number of banking websites set up that use the certificates even though the sites are not genuine.
One recent scam involved the Halifax Bank in the UK. A phishing website was set up using a variation of the real website which is halifax-online.co.uk. The phishing site in question was halifaxonline-uk (do not visit this website). A very similar name, that would likely fool many account holders. Similar scams have been operated using variants of PayPal, and even Symantec has issued 30-day certificates to phishing websites.
The certificates are valid for long enough to allow a phishing campaign to be conducted. The phisher can then repeat the process with a different website, hosted with a different provider with a different SSL certificate.
Unfortunately, these certificates are one of the main ways of checking whether a website can be trusted. With a domain name that looks close enough to the real thing and an SSL Certificate and a padlock, many visitors will be fooled into thinking the website is genuine. When they enter in their login information, the data will be recorded by the site owner and can be used to login to the real website.
Some certificate authorities are better than others and can be trusted more, but unless they can all be trusted it makes a mockery of the SSL certificate. Unfortunately, all the SSL certificate does is confirm that the certificate owner owns the website, not that the particular website can be trusted.
WebTitan offers the additional protection your business needs to ensure access to malicious websites is blocked. See how with a FREE WebTitan demo.
Book Free DemoBlocking access to websites without a valid SSL Certificate
A website with a valid SSL certificate means the website can be trusted more than a site without one. All employers should implement controls restricting access to websites that do not have a valid SSL Certificate, or at least configure settings to alert the user that they are about to connect to a website with an invalid certificate or without one entirely.
It is a simple process to block access to websites that do not have a valid SSL certificate. You can do this through your browser settings or you can modify the hosts file for instance. The former option would be fine for individuals or small businesses with just a few computers. It is not practical do this if you have 1,000 computers, run BYOD, or if your end users have multiple browsers installed.
Make your life easier by implementing a cost effective web filtering solution
By far the easiest solution to protect yourself and your network is to use a web filtering tool. There are many to choose from, but WebTitan from SpamTitan Technologies is one of the best and a highly cost effective solution for SMEs.
Since some disreputable sites have SSL certificates in place, it can be virtually impossible for end users to tell if they are safe or at risk. WebTitan offers the additional protection your business needs to ensure access to malicious websites is blocked, phishing scams are avoided and malware is not downloaded. Without a powerful web filter in place, blocking access to malicious websites will be an uphill battle, and it will only be a matter of time before your network is compromised.
Try WebTitan DNS Filtering for Free today
Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo.
Book Free DemoNov 10, 2015 | Cybersecurity News, Internet Security News, Network Security, Web Filtering
Critical security vulnerabilities in browser plugins have been widely reported in recent months. As soon as one has been found and patched, more are discovered. Zero-day Adobe Flash vulnerabilities (Shockwave Flash) have been some of the most publicized, due to the sheer volume discovered in 2015.
Earlier this year a number of companies pulled the plug on the Flash plugin, deeming it not to be worth the security risk. While it was once the most commonly used way of displaying videos and animations on webpages, the critical vulnerabilities that have been discovered have made it simply too risky to use. There have been many calls for Flash to be retired.
Google Chrome and Firefox stopped supporting Adobe Flash and many companies are moving over to HTML5 which offers the ability to display the same multimedia items without requiring a browser plugin to be used. One of the main problems with a plugin from a security perspective, is it will only be secure if the latest version is installed. Even then, as we have seen with the sheer number of security vulnerabilities found in Adobe Flash, the latest version many not be very secure at all.
If a user has not updated the plugin to the latest version, and an older version is still in use, criminals will be able to take advantage. A visitor to a website containing malware could result in the vulnerabilities being exploited. Exploit kits can be used by hackers to probe for security vulnerabilities in browsers to find out which software can be exploited. Other Adobe plugins can be exploited, such as PDF Reader.
Numerous critical security vulnerabilities in browser plugins discovered
It is not only Adobe plugins that are a problem of course, others company’s plugins also contain vulnerabilities that can be exploited. Even HTML5, which is seen by many as a more secure way of showing multimedia items on websites than Flash, is far from immune and also contains security vulnerabilities. No plugin is even required with HTML5.
In mid-October, Oracle released a security update for its Java software to deal with over twenty new security vulnerabilities that had been discovered. Oracle announced that an update was necessary on all computers as “all but one of those flaws may be remotely exploitable without authentication”. That means that a hacker could potentially exploit the vulnerabilities on any computer with an older version of Java installed, without the need to use a password.
Once critical security vulnerabilities in browser plugins have been announced and details of the flaws released online, the information is out there and available to hackers. Assuming hackers have not already discovered the vulnerabilities themselves.
A website link may not be as genuine as it appears (hovering your mouse arrow over it will not reveal a potentially malicious link!)
There are easy ways to check to see if a web link is legitimate or if the text has been changed so that it appears genuine. If you hover your mouse arrow over the link, the correct URL will be displayed. If end users get into the habit of checking every link before clicking, it will become second nature. Many phishing websites and other nasty web pages can thus be avoided.
Unfortunately, it is not always that simple. There are ways to make a URL appear genuine, even when the mouse arrow is used to check the link.
Some Japanese characters appear to be very similar to a forward slash, while certain Cyrillic characters are displayed as letters. This makes links appear genuine, and can be virtually impossible to spot. If one of these characters is present in a link and is displayed as a standard letter, the webpage could be a fake but would be indistinguishable from the genuine page.
An apparently genuine link could well be a link to a webpage containing malware. Many malicious websites can probe for critical security vulnerabilities in browser plugins.
These worrying issues were recently discussed at the SC Congress in New York, with Salesforce.com’s product security director Angelo Prado and senior product security engineer Xiaoran Wang demonstrating these and other worrying security flaws. They pointed out a particularly scary feature in HTML5 that allows a link to automatically download a file to a computer without the user being taken to the webpage used to host the file.
Protection is required and vigilance is key to avoid becoming a victim
The latest discoveries may make it exceptionally difficult to tell if a link is genuine. Even changing from the security flaw ridden Flash to HTML5 will not necessarily make the Internet a safer place. Fortunately, it is possible to take steps to ensure that end users are better protected, and stopped from visiting malicious websites. That said, it is essential that critical security vulnerabilities in browser plugins are addressed.
IT professionals should also install a web filtering solution such as WebTitan. Links can be blocked and users stopped in their tracks before they reach a malicious website. This type of protection is vital for businesses, schools, colleges and charities.
A visit to a malicious website can result in keyloggers being installed that can record and send passwords and login credentials to a hacker’s command and control center. Devices can become part of botnets and be used to send out huge volumes of spam emails, or computers could be hijacked and used for Bitcoin mining. Worse still, an infected computer, tablet, or Smartphone could be used to launch an attack on a corporate network.
It is also essential to be more security conscious. It may be difficult, or even impossible, to identify all online threats (and those delivered via email or social media networks), but many are obvious if you know what to look for. Staff training on security threats and online/email best practices must be provided if networks are to be kept secure.
It really does pay to take the advice offered by the FBI. Stop. Think. Connect. If in doubt. Do not connect. This should now be a common practice that is second nature. The current volume of data breaches now being reported suggest that for many employees it is not.
Nov 9, 2015 | Cybersecurity Advice, Cybersecurity News, Internet Security News
British mobile phone and broadband provider TalkTalk discovered it had been hacked late last month; however further information has emerged that suggests TalkTalk hacking scams are increasing in number. Over a million customers’ data are apparently being offered for sale on the dark net, with criminals already using the data to defraud victims.
Over four million customers were believed to have been affected by the hacking scandal at first, although not all of the company’s customers are now understood to have been affected.
A criminal investigation was launched a few days after the hack was discovered. Initial reports suggested an Islamic terrorist group from Russia were behind the attack, having publically claimed responsibility. This claim appears to be false.
The Metropolitan Police Cyber Crime Unit acted fast and just a few days after the attack was announced, a 15-year old teenage boy was arrested in Northern Ireland on suspicion of being behind the attack. A few days later, a second arrest was made, this time a 16-year old boy from West London. A 20-year old was arrested in Staffordshire in connection with the hack, and now a fourth individual has been arrested: A 16-year old boy from Norwich has been detained.
1.2 million email addresses obtained by the hackers
The official figures released by TalkTalk are much lower than the initial estimates, but the hack still ranks as one of the biggest UK hacking scandals to be reported in recent years.
A statement released by the company revealed that approximately 1.2 million email addresses had been obtained in the attack, customer names and phone numbers were also stolen, and 21,000 bank account numbers and sort codes were accessed, presumed stolen. A later press release indicated that 156,959 individuals had been affected, and the earlier figure was “bits of data,” including email addresses, names, and phone numbers.
Credit card numbers were compromised, but since they did not contain complete numbers there does not appear to be a risk of them being used inappropriately. However, that is not to say that the data will be useless. Phishers may well devise campaigns to obtain the remaining digits from unwary TalkTalk customers.
It is not clear how the attack was performed as reports have not been confirmed, but it would appear that the attack was made using a blind SQL injection which exploited a vulnerability in a video on a page of the TalkTalk website. The specific vulnerability was not disclosed, although Adobe Flash has been found to contain vulnerabilities that could be exploited by SQL injection. These vulnerabilities were addressed in a recent patch issued by Adobe. SQL injection is the insertion of code that allows access to be gained to a company database. It is a very common technique used by hackers to gain access to corporate databases.
What is clear is that the security staff were distracted dealing with a DDoS (Distributed Denial of Service) attack that was conducted by one of the team of hackers. A DDoS attack bombards a company’s website with huge volumes of traffic, overwhelming it. This is made possible by using systems that have been compromised with a Trojan or have been infected by a botnet.
It would appear that while TalkTalk was dealing with the DDoS attack, the criminals were able to gain access to the company’s data by exploiting the website security vulnerability. A report in the Daily Mail indicates one of the team of hackers behind the attack made a mistake and accidentally disconnected from a service that was being used to hide his real IP address.
Some sources have reported that a ransom demand was issued in which £80,000 was demanded in Bitcoin. If the ransom was not paid the criminals behind the attack would release the data or sell it on dark net websites to criminals. That appears to have already happened, with at least one individual appearing to have clocked up over 500 sales via dark net marketplace, AlphaBay.
Another online criminal was reportedly negotiating a deal to sell details of 500,000 accounts on the dark net, and claimed to have over a million records in his possession.
Businessinsider.com.au claims to have had been in contact with individuals who claim there were part of the attack, with figures of 1.3 million records mentioned. When asked why they carried out the attack, one person claimed it was for “sh*ts and giggles”, another for “lolz”, and “purely to like, own the ISP.” One of the persons behind the attack said it wasn’t for the money. The claim that a ransom was demanded were also denied.
While the total number of records exposed is not clear, and none of the reports from conversations with those claiming to have had a part in it have been confirmed, what is clear is that the security in place at TalkTalk was poor in some cases. One of the boys claims that one account had a password with just three digits. One quote obtained by Business Insider, from an individual operating under the name “Vamp”, claimed that the security in place was “terrible, that’s being honest with you, horrible.”
Reports in the press suggest that the vulnerability was shared, and between 20 and 25 people had access – although 5 individuals were reportedly behind the attack, including two in the UK and two in the U.S.
Beware of TalkTalk hacking scams
TalkTalk hacking scams have already been reported, with some customers having complained about being bombarded with phone calls following the security breach, as criminals attempt to use the contact information obtained to defraud victims. One victim was called after apparently having his internet connection slowed down, and was directed to a website, presumably containing malicious code.
TalkTalk hacking scams could be launched via email since 1.2 million email addresses were compromised in the attack. Phishing campaigns are often used by criminals to get users to reveal sensitive information, visit malicious websites or install malware on computers. The type of information obtained by the hackers, and subsequently sold to online criminals, could easily be used to launch highly convincing campaigns.
All of the company’s customers are advised to be exceptionally cautious, and not to reveal any personal information over the telephone, Internet or via email. TalkTalk hacking scams could be in operation for many months to come so it is vital that all customers remain vigilant and be on their guard.
Being hacked can have serious implications for a brand
A data breach such as this can have a major effect on an organization. Customers will lose trust in the brand, and it is difficult to regain trust once it has been lost. Many of the company’s 4 million customers are expected to change mobile phone/broadband provider as a result.
This is a highly competitive market and there will be no shortage of competitors looking to snap up new customers as a result of the security breach. Following the news of the hack, the company’s share price fell by 10%.
It will not be known for many weeks or months how much of an effect this, and other TalkTalk hacking scams, will have on the company’s brand image, but what is certain is it will certainly have a major financial impact. Many customers are also likely to lose out as scammers seek to take advantage.
Nov 3, 2015 | Cybersecurity News, Internet Security News
A new security report issued by leading Anti-Virus firm Kaspersky Labs has highlighted the growing mobile malware risk, with Adware (intrusive mobile advertising) seeing a huge increase since last quarter.
The third quarter report shows a 3.1% increase in the number of new mobile malware programs discovered by Kaspersky Labs’s Q1, 2015 figures, with a 1.1% increase since last quarter. In total, Kaspersky products detected 323,374 new mobile malware threats over the past three months. The mobile malware risk appears to be growing.
Only a small increase in mobile malware was recorded since last quarter, but the same cannot be said of mobile malware installation packages. 1,583,094 new installation packages were detected in Q3, which is one and a half times the total discovered in Q2.
There have been some significant changes in the types of mobile malware discovered, with some vectors seeing a fall in prevalence. Trojan Downloaders, Backdoors, Trojans, Trojan-Spy’s and Trojan-SMS’s all decreased in prevalence in Q3. The most significant reduction was in Trojan-Spy and Trojan-SMS malware, which dropped by 1.6 and 1.9 percentage points respectively.
However, the biggest drop since last quarter was recorded for RiskTool, which fell by 16.6 percentage points since the last quarterly report was issued. The RiskTool category includes legitimate mobile programs which are not malicious in nature, but can be manipulated by hackers. This makes them particularly risky to have installed on mobile devices. These programs are capable of terminating processes (such as security applications), hiding processes from the user, and concealing files within the Android system.
There were marginal increases in Trojan-Dropper, Trojan-Banker and Trojan-Ransom detections. The biggest rise by a considerable margin was Adware. Mobile Adware jumped from 19% of detections in Q2 to 52.2% in Q3: An increase of 33.2 percentage points.
Huge Hike in AdWare Highlights Increasing Mobile Malware Risk
Cybercriminals manage to install malware on mobile devices, but how do they actually make money from those infections? Many items of malware log keystrokes and capture passwords and logins used to access Internet banking websites but, the majority of mobile threats involve monetization via advertising. This quarter over half of all mobile malware threats came from Adware.
While the main form of monetization comes from the adverts served, that does not mean that is the only threat to users. Adverts are certainly annoying, and can contain links to malicious websites, but there could well be much worse things happening on your mobile device.
Malware is installed that can root the device and elevate privileges. Hackers can then take full control of the entire device. With superuser privileges, hackers can make changes which even the user of the device would not be able to make. Once this happens, it can be nigh on impossible to eradicate the malware and take back control of the device. It may also be virtually impossible to tell if a device has actually been attacked.
This quarter, the malicious software capable of doing this accounted for over half of the most popular malware items affecting mobile devices. The most common malicious program recorded by Kaspersky Labs, by some distance, was DangerousObject.Multi.Generic. This malware item accounted for 46.6% of attacks. The next biggest threat came from Trojan.AndroidOS.Rootnik.d which accounted for 9.9% of attacks in Q3.
How did Kaspersky Labs Produce the Report?
The latest Kaspersky report was compiled from data collected from the Kaspersky Security Network (KSN), which includes multiple anti-malware products and components. Kaspersky collected data from over 213 countries from users who had provided consent to send data from their devices to KSN. This global information exchange allows current threats to be accurately monitored. Data sharing is vital in the fight against cybercrime.
Countering the Mobile Malware Risk
Anti-Virus software such as that produced by Kaspersky Labs can be used to reduce the mobile malware risk and prevent mobile devices from being attacked. An additional control that should be considered, especially by companies allowing the use of personal devices in the workplace, is to install a web filtering solution to prevent users from accessing websites known to contain malware. This will reduce the mobile malware risk considerably.
SpamTitan web filtering software offers excellent protection and compliments AV software programs. The web filter prevents users from visiting risky websites, even when phishing links are clicked.It is one of the best ways to reduce mobile malware risk levels, although to reduce mobile malware risk to a minimal level, a multi-layered risk management strategy should be adopted.
Oct 29, 2015 | Cybersecurity News, Internet Security News
Operators of websites running on the popular Joomla CMS have been alerted to a remote takeover risk following the discovery of a critical Joomla vulnerability. Approximately 2.8 million websites use the Joomla Content Management System, with the CMS second only to WordPress in terms of market share.
Joomla version 3.4.5 has now been released and contains a patch to plug the security hole that has existed for close to two years, although any site still running on previous versions will be particularly vulnerable to attack. Should a hacker successfully exploit the vulnerability, it would be able to obtain administrator privileges for the website, allowing full control to be handed over to the hacker. It would be possible for all data and content to be stolen and for the owner of the website and all other site users to be locked out.
The vulnerability, discovered by Trustwave SpiderLabs, affects version 3.2 and above and can be exploited using a hacking technique known as SQL injection. All users of versions 3.2 to 3.4.4 are at risk since this critical Joomla vulnerability affects as core module of the CMS, not an extension. Two other security flaws were also patched by the new release.
SQL injection is a common technique used by hackers to gain access to websites. The attacks are conducted by entering in SQL commands into text fields on the front end of website. These commands are misinterpreted by the web application. Instead of treating the input as plaintext, it is interpreted as executable code. As such, if the right commands are entered, the websites can be hijacked. Numerous cyberattacks have been successfully conducted using this very straightforward technique, including the recent hack of mobile and broadband provider TalkTalk.
Critical Joomla vulnerability can be used to gain access to the administrator control panel
Once access has been gained, files can be downloaded including confidential customer information. Since Joomla is used to create e-commerce websites, customers who have previously purchased products through Joomla websites could have their confidential information stolen.
This critical vulnerability can be exploited to extract a browser cookie which can be used to provide the attacker with administrator privileges. If that cookie is loaded into the browser, the hacker can gain access to the back end of the website and can access the administrator control panel. The code required to exploit the vulnerability has already been posted online.
It is therefore imperative that all administrators of Joomla sites update their website software immediately and patch the critical Joomla vulnerability in order to secure their sites.
The importance of updating software patches as soon as they are released
Zero-day vulnerabilities are frequently discovered in popular website applications and content management systems. A failure to install patches promptly leaves websites particularly vulnerable to attack. Code used to exploit the vulnerabilities can easily be found online, and is commonly shared by hackers, white hat and black hat – via online hacking and software development communities. Once an announcement has been made, there will be many amateur and professional hackers willing to exploit the vulnerability. Should that happen, data can be deleted, access rights changed, and customer data stolen.
Oct 27, 2015 | Cybersecurity News, Internet Security News
Organizations face a growing risk of sensitive data being compromised by ad injection malware. The latest figures released by Google suggest that an organization employing 100 individuals is likely to have at least five computers infected with ad injection malware.
This form of malware causes adverts to be displayed to the user that would not normally appear when visiting websites. The malware infects their browsers and results in annoying adverts being displayed, some of which contain links to legitimate retailers. Others contain much more sinister content. With little control exerted over the individuals placing the ads, cybercriminals are able to take advantage and place adverts containing links to malicious websites.
However, that is not the only security risk. When the malware infects a browser it causes changes to how websites are displayed. A connection to a website would be secured under normal circumstances, preventing third parties eavesdropping on the session. Unfortunately, when a browser is infected, the process used to encrypt the connection is broken. Sessions are no longer encrypted, and any data entered by the user could potentially be seen by a hacker or cybercriminal monitoring their connection.
When accessing a webpage via an open Wi-Fi network, an eavesdropper could quite easily listen in on the session. Usernames and passwords could be revealed as well as other confidential information.
Lenovo laptops were pre-installed with ad injection software
Potentially a user could avoid having their browser infected with the malware, but not if they bought a Lenovo laptop. Even brand new, straight-out-of-the-box laptops had been “infected”. In this case, by Lenovo. They have been shipping brand new laptops with legitimate software installed that inserts adverts into Google searches. The software in question is called Superfish and it functions as an image search engine.
Superfish is able to show adverts by using a root certificate which replaces a trusted website’s security with its own. This is how it is able to display adverts. Unfortunately, the security used by Superfish can easily be cracked. In fact, it already has been, so any Lenovo computer with Superfish installed cannot be used to securely browse the Internet. On an open Wi-Fi network, even a secure website such as an online banking site would not be secure.
Anyone not wishing to lose their privacy could uninstall Superfish. Unfortunately, if the software is uninstalled the security hole remains. The owner of the laptop will be permanently at risk of having their privacy violated and their internet surfing monitored. A problem for any employer allowing Lenovo laptops to be used for BYOD.
Google takes action to protect Chrome users
This type of “malware” is not new of course. The problem is the number of new applications and browser extensions that allow this form of advertising. Google has recently removed approximately 200 Chrome extensions from its web store that are capable of injecting ads into otherwise secure sites. Unfortunately, Google has discovered approximately 34,000 standalone applications that are able to inject ads when users browse the internet. There are approximately 50K Chrome extensions that allow ad injection according to Google researchers.
The solution for now, for employers at least, is to ensure that they do not use open Wi-Fi networks in the workplace. This will prevent any eavesdropping even if a user’s browser has been infected. BYOD participants should be instructed on the risk of using open Wi-Fi networks and told never to use their devices to access work accounts using public Wi-Fi hotspots.
May 20, 2014 | Cybersecurity News, Internet Security News
May is not yet over. There are still seven months to go before 2015 arrives, yet Internet security experts are already calling 2014 the year of the data breach. The situation is bad and it is expected to get worse. Before the year draws to a close, many millions of Internet and email users will discover they have had their computers infected with viruses or have become victims of Internet fraud.
The U.S. Healthcare industry has been hit particularly hard this year. In February, Anthem Inc. discovered a hacker had infiltrated its computer network and stole 78.8 million insurance records. Just days later, Premera Blue Cross, another U.S health insurer, uncovered a similar cyber attack that exposed the records of 11 million subscribers. The month of February was just over halfway through, but more confidential healthcare records had been exposed than in the whole of 2012 and 2013 combined.
Then there was the cyberattack on Target. Up until February 1, Bloomberg BusinessWeek calculated the retailer had spent approximately $61 million to cover data breach resolution costs. All three of these data breaches were suffered by large organizations who had invested heavily in data and network security systems. Yet despite the investment they still suffered massive data breaches.
What makes the Target data breach stand out though is the fact that the company’s security system actually detected the intrusion. For some reason, Target decided to do nothing about it. To state the obvious, this was a mistake. So far over 100 separate lawsuits have been filed against the retailer, in the most part citing negligence for failing to protect customer data and not taking action quickly enough when the breach was discovered.
The attack exposed the records of over 110 million customers and the banks have already been forced to spend in excess of $200 million as a result. When the lawsuits are resolved, the final cost of the data breach doesn’t even bear thinking about. Typically, data breach victims seek damages of around $1,000 a head.
Then there was Heartbleed. For those who somehow missed it, this was one of the biggest and potentially most serious security vulnerabilities ever discovered. It would appear that the bug was identified in time to allow companies to prevent it from being exploited. However, that is difficult to ascertain with any degree of certainty. If the security vulnerability was exploited, there would be no way of telling whether data had been stolen.
The cost of plugging this security hole was considerable. Companies were forced to take rapid action to secure their networks and computers before hackers could take advantage. The same cannot be said of consumers. It would appear that little has been done to protect against the bug. Following the announcement very few individuals have even changed their passwords or taken other steps to protect themselves. A recent survey conducted by MarketWatch indicates that little has been done because consumers are not even aware of the Heartbleed bug. Half of those surveyed had never even heard of it, let alone the actions they need to take to protect themselves from attack.
Many of the major data breaches suffered this year did not actually occur in 2014. Hackers first gained access to networks last year or even earlier. This was the case with Anthem, Premera, and also Neiman Marcus, another major data breach uncovered this year. That attack was also discovered in February 2014, which could become known as “the month of the data breach”.
For the past eight months, Neiman Marcus’s systems have been open to hackers. Such a breach should have triggered the company’s security system. Which it would have approximately 60,000 times had that security feature not been inadvertently turned off. Suspicious server activity was unfortunately not being monitored.
These data breaches have proved very costly indeed. According to the Ponemon Institute, the cost of resolving data breaches has increased again this year making matters worse for companies attacked by hackers.
Security systems are excellent, but what about the security staff?
It is all very well installing multi-million-dollar cybersecurity defenses, but if skilled staff are not employed to interpret the data, when networks are infiltrated by hackers intrusions may not be discovered until many months later. This was certainly the case at Neiman Marcus, but also at Target. Had the system been checked, Target would have been made aware that its defenses had been turned off. It took a full post-breach audit to determine this was the case. This should have been checked on a regular basis. Doing so may not have prevented the breach, but it could have reduced the damage caused.
The problem for many IT departments, CISOs and CIOs is a lack of funding. Organizations appreciate that money must be allocated to counter the cybersecurity threat, but too little is being spent. This was highlighted by the Ponemon Institute study. Respondents indicated that a doubling of the security budget is necessary to counter the threat, install better security, allow audits to take place, and to employ the staff necessary to monitor systems for signs of attack. If security budgets do not increase, data breaches certainly will.
Apr 15, 2014 | Internet Security News, Social Media, Web Filtering
The Heartbleed security vulnerability was announced recently and had IT security professionals rapidly taking action to plug security holes. System passwords were changed and alerts sent to end users telling them to do the same.
Heartbleed is a highly serious data security vulnerability that was discovered in the OpenSSL cryptographic software library. It is so called because it affects a SSL extension commonly known as Heartbeat. Over half a million websites are believed to have been affected by the Heartbleed vulnerability.
The Internet is normally secured with SSL/TLS encryption. This allows information to be exchanged securely by a wide range of Internet applications, including Instant Messaging (IM) services, email, and even Virtual Private Networks (VPNs). Unfortunately, the Heartbleed bug allows anyone to steal passwords even with SSL/TLS encryption in place. According to American cryptographer Bruce Schneier, Heartbleed is a potentially catastrophic security vulnerability. He recently said, “On the scale of one to 10, this is an 11.”
IT departments have been frantically issuing alerts to change passwords
Sensitive data is protected by passwords; however, Heartbleed has potentially allowed passwords to be compromised. The security vulnerability may have only just been discovered, but it has existed for at least two years. Hackers are not understood to have used the vulnerability to gain access to sensitive data, but it is actually rather difficult to tell even if they have. As a security measure, IT staff have been sending emails to all users advising them to change their passwords just in case.
Unfortunately, they are not the only individuals sending password change requests to users. Online scammers have been piggybacking on the major data security event and have been sending emails of their own. Conveniently, also including links to allow users to rapidly address the huge security hole.
Any individual who has heard about the security issue will be keen to protect themselves against hackers and cyber criminals. Emails telling them to change their passwords are likely to be clicked. Unfortunately, clicking those links will take users to a website where they enter their current passwords. By doing so they will be giving them to criminals. They may think they are protecting themselves, but their actions will be doing the exact opposite.
Beware of Heartbleed Protection Scams
Piggybacking on major news events is a common tactic used by phishers to get computer users to reveal their sensitive information. News of a major IT security flaw is music to phishers’ ears. Computer users are fearful of a cyber attack and phishers play on those fears. The response rate to emails of this nature is typically high.
Many IT professionals have been busy securing their networks and have performed security audits to address the latest vulnerability and search for others that may exist. Software companies are taking advantage and are offering products that will perform full system security checks. After all, there is no better time to boost sales than when the public is keen to improve online security.
Scammers have been taking advantage by sending links to websites that will perform security checks. The scam emails and adverts appear genuine. They offer a free system check to determine whether vulnerabilities exist and they have even promised to clean systems and install the required patches to secure devices. By accepting these checks, users will just be guaranteeing their devices are compromised. It is therefore a time to be extremely vigilant for online scams. Efforts must be made to check that any request to improve security is actually genuine before it is accepted
How to Beat the Scammers, Spammers and Phishers
Fortunately, it is relatively easy to avoid becoming a victim of one of these scams. Receiving an email with a link or an attachment will not automatically compromise a computer. Action is required by the user for that to happen. If the phishing email is deleted, so is the threat. However, not all users know how to identify a phishing email. If one does reach an inbox, a user may end up infecting their computer or, worse still, the network to which that computer connects.
It is important to give computer users the information they need to protect themselves. They must be advised of the tell-tale signs of a phishing email. Only then will they know how to determine if an email is genuine. Training is therefore important, and now is a good time to ensure that the staff is well informed.
It is also an ideal time to install some additional safeguards to prevent spam and scam emails from reaching users’ inboxes. SpamTitan Technologies offers two excellent security solutions. The first is a robust and highly effective spam filter that prevents spam and scam emails from being delivered. The second solution prevents users from clicking links to scammers websites.
SpamTitan web filtering works like a business version of a parental control filter. Instead of just blocking gambling, dating, and pornographic websites from being visited, it also blocks users from visiting known phishing websites and even genuine websites that have been infected with malware.
By installing both of these anti-phishing solutions, IT professionals can sleep easy. The Heartbleed vulnerability will still need to be addressed, but they will be able to relax a little knowing that end users will not be falling for the myriad of piggybacking phishing campaigns that have been developed over the past few days since the Heartbleed announcement was made.
Apr 8, 2014 | Cybersecurity News, Internet Security News
Consumers are spending less in bricks and mortar stores, and more people are looking for goods and services online. On top of this some major retailers have suffered data breaches which have tarnished their reputation. For Target, the data breaches it suffered have had a serious impact. Sales have been lost to competitors as a result.
According to a Cowen & Co.’s tracking survey, there has been a decrease in customer satisfaction. The survey indicates there has been a fall in satisfaction in the overall shopping experience and ratings for customer service have also declined.
The data show that reputation and brand image do have an impact on shoppers’ behavior. They will go elsewhere if they do not trust a retailer.
Target is one of the biggest retailers in the United States. What would be the impact on a small to medium sized organization? Would it be possible to weather the storm after a massive data breach has been suffered?
Data Breaches Can Cost SMBs Dearly!
The cost of a data breach can be considerable. The Ponemon Institute has recently quantified this. In a recent survey, 850 executives were asked about reputation damage following a data breach. 44% of respondents said it would take between 10 months and 2 years to recover from damage to reputation following a data breach. For some companies the effect will be felt for much longer. If they manage to stay in business that long!
Not all breaches have the same effect on a company’s reputation. Consumers are aware that security breaches are now a fact of life, but they are likely to be unforgiving if their Social Security numbers, credit card numbers, or bank account details are obtained by criminals.
The potential financial losses for a company can be considerable. Ponemon’s study suggested that brand image damage can cost between $184 million and $330 million. Best case scenario? You are likely to lose 12% of your brand’s value.
Your Competitors are Waiting to Take Advantage
All companies are likely to suffer a data breach of some description, yet many are ill prepared to deal with a security breach when it occurs. If a breach response plan is developed prior to a security incident being suffered, this can reduce the damage caused.
It is possible to win back the trust of customers after a breach, but it can be a long and difficult process. It is not actually clear whether a company’s reputation can ever fully recover. After all, today’s marketplace is particularly unforgiving. There is simply too much competition and plenty of competitors who will be ready to take advantage.
If your reputation is damaged, it will have an impact on your bottom line. Customers will change brands and there will be class-action lawsuits filed as plaintiffs try to recover damages. Revenues are likely to fall, and regulators may also issue costly financial penalties.
Fortunately, there are a number of actions that can be taken to reduce the risk of a data breach being suffered. Should the unthinkable happen, they can also reduce the severity of the breach. Think of data security investment as an investment in your brand image. That must be protected at all times.
Mar 4, 2014 | Internet Security News, Web Filtering
Web visitors can be ultra-cautious and avoid websites that commonly contain malware. Don’t visit pornographic, gaming, betting, file-sharing, and streaming websites, and you will be able to reduce the risk of encountering malware. However, that doesn’t mean that you will never come across phishing websites and malware-ridden webpages.
Even very large, reputable websites are sometimes infected. How large? How about Yahoo: One of the biggest search engines and webmail providers on the Internet. Recently Yahoo was found to contain adverts that attempted to install malware on users’ computers.
Code was installed that examined users’ computers and checked to find out if the latest Java version was installed. Earlier versions of Java contained vulnerabilities that could be exploited. The latest version has fixed the security holes, but many users have not yet installed the latest version.
It is estimated that as many as 2 million people visited Yahoo and had their computers infected. A great many more individuals would also have had their computers compromised had they visited the website instead of Google. In this case, the individuals behind the infections – malvertisers – were putting users’ computers to work performing bitcoin calculations: a very profitable business if you have 2 million or more computers at your disposal.
Of course this is nothing new. Many websites are infected with malware. They just are usually not as big as Yahoo. However, hackers are getting bolder, and are now succeeding in infecting large websites with very good security measures in place.
Advertising networks are increasingly being infiltrated by malvertisers
Legitimate advertisers use advertising networks to syndicate their adverts across many thousands of websites. They are able to put their adverts in front of tens of millions of potential purchasers. Malvertisers, individuals or disreputable companies, are now doing the same. They make their adverts look respectable and get accepted by an advertising network. However, their ads contain links to malware-ridden websites, or code that probes for security vulnerabilities in users’ computers. They then inject their malware and put it to work.
Unfortunately, it is not a difficult process. In fact one doesn’t even need to be a hacker in order to do this. All that is required is an exploit kit that can be rented online. Take the Black Hole exploit kit for example. Using this kit, online criminals are able to inject code into the web browsers of site visitors. The renting of exploit kits is now commonplace and developers will even show people how to use the exploit kits to achieve their aims. Even people with very little knowledge of programming are able to use the kits to infect computers with malware.
The threat from these wannabe online criminals is considerable. If your company’s employees visit websites while at work, they could inadvertently click on an advert that directs them to a site containing malware, or one with advertising code on the page that probes for vulnerabilities. Even viewing an advert may result in a computer being infected.
There is a solution that protects against rogue adverts
There may be a high risk of infection, but that doesn’t mean that the risk cannot be effectively managed. In fact, managing risk is surprisingly easy. All that is required is software that contains an ad-blocker, and there is plenty of choice (NoScript, AdBlock and ScriptSafe for example). All of these are capable of blocking adverts and, if no adverts are displayed, users will not be able to click on malvertiser’s adverts.
Unfortunately, with all of these ad-blockers there is a problem. First of all, they are all browser-specific. That means every browser in an organization will need to have the ad-blocker installed to offer protection. They are also only available as plug-ins. This poses another problem for Sys Admins. Plug-ins are only safe if the latest version is installed, and updates are frequently released. Even these “safe” plug-ins contain vulnerabilities that can be exploited.
That means that every browser on every computer that connects to the network must have the plug-ins installed and then be frequently updated. On a small network of 20 computers this would be a considerable task. On a network with 1,000 desktop computers, 500 laptop computers, numerous tablets and mobile phones, it could potentially be a full time job for a small team of Sys Admins. Not a very practical solution it has to be said.
Is there a less labor-intensive alternative?
Fortunately, there is. The solution is to install a web filtering solution that contains an Ad-blocker. SpamTitan web filtering solutions for the enterprise contain an ad-blocker that will block adverts on all users’ devices, which includes mobile devices as well as desktops. A Sys Admin can configure the web filter to protect all users, but the software is not only about blocking adverts.
SpamTitan’s web filter will also prevent users from visiting websites known to contain malware and will block undesirable content such as pornography, gambling and file-sharing sites. SpamTitan’s web filter has been developed to give Sys Admins an exceptional level of control. Permissions can be set for the entire organization, groups of users or individuals.
A user in the IT department could be allowed to view any site, while a member of the accounts department could be prevented from visiting virtually all websites. Different web filtering settings can even be assigned for different times of the day, if required.
Such a granular approach is important as each member of staff may require different levels of access. Social media websites could be blocked for all members of staff except those in the marketing and IT departments for example.
Having all of these controls could potentially require a Sys Admin to spend hours learning how to operate the system, and weeks configuring it. Not with SpamTitan. The controls are intuitive, easy to set up, there is no steep learning curve, and configuring users’ settings is a relatively quick process. Protecting a network from malware, and users from viewing undesirable content, has never been easier.
Jan 8, 2014 | Internet Security News, Network Security, Web Filtering
Certain types of websites are known to contain malware and carry a high risk of infecting visitors. Video streaming websites, those providing adult content, and sites run by individuals who lack an understanding of basic security controls. However, it is not only these websites that carry a risk of infecting visitors with malware. Even large sites – we are talking Yahoo and YouTube here – have allowed malware to be installed. How is this possible with websites that generate huge revenues can also be infected?
The problem is not the websites themselves, but the content that is displayed on them. Malware is delivered indirectly, via the ad networks site owners sign up to or fail to block. There are a lot of unscrupulous advertisers out there, and many do not vet their customers very well. Some ad networks allow anyone to sign up. They also serve just about any kind of advert, even those containing malware or malicious links. Any visitor to those sites could potentially have their device infected. If one of those visitors is an employee of yours, your network could be in serious trouble.
Ad networks can allow malware to be delivered to users’ devices
An advert on a website could direct the visitor to a phishing website or one that contains multiple pieces of malware. That is not to say that the advertisers are deliberately phishing for information or want to infect visitors. They may not even be aware that their websites have been hijacked by hackers.
Advertising is often a necessary evil to make websites profitable. Without advertisers, many websites would simply go out of business. To generate revenue, site owners place code on their websites that third party servers can access. Adverts are then shown to visitors to that website via text, image, or even video ads. Those third party servers potentially syndicate adverts to tens of thousands of websites, including many legitimate and well known websites.
With the potential to send adverts to so many websites, ad networks are frequently targeted by cybercriminals. If they are successful, their malware can be very quickly syndicated and placed in front of tens or hundreds of thousands of individuals. In some cases, millions.
You may have even seen some of these adverts. Have you been served an advert that tells you that your system requires an urgent update? Your JavaScript is out of date? You can only view the content on the website if you download this security patch? A high percentage of these adverts are fake, and will install malware or malicious code on your computer.
Even if the ads direct you to a legitimate website, they often result in pop up browser windows being launched which can slow down your computer. Those pop ups may also contain links to many dangerous websites.
As a system administrator do you want your company’s employees to be presented with adverts telling them to update their software themselves?
What can IT managers do to prevent networks being compromised by employees
Recent research conducted by Cisco Systems has revealed that employees and other Internet users are much more likely to suffer a malware infection as a result of shopping online at legitimate websites than they are by visiting file sharing websites. How much more likely? 21 times apparently, according to Cisco Systems researchers.
Hackers often target industry and business websites and infect them with malware. This is because business network infiltration can be extremely profitable. These websites are often targeted through the ad networks they use to generate additional revenue from their sites.
As an IT Manager you will be expected to protect your network from malware. Due to the high risk of third party ads serving malware, is the answer to block all third party adverts from being displayed? Many IT security pros do just that, and block adverts. These individuals believe there is actually no benefit at all to be gained from allowing the adverts to be shown. They just add an unnecessary risk to surfing the Internet. They also waste bandwidth and employees time.
Blocking third party adverts from being displayed is straightforward. A firewall policy can be introduced to prevent the adverts from being displayed. This functionality is also included with WebTitan’s enterprise content filtering solutions. With the latter, certain types of website can also be blocked to protect employers and employees. It is also possible to block adverts and even apply specific controls for certain groups of users or even individual employees.
You may feel ad blocking is an unnecessary restriction and would prefer to instruct members of staff not to click on the website adverts. Unfortunately, there will always be one employee who breaks the rules and that could result in malware being delivered. Are you prepared to take that risk?
Dec 17, 2013 | Internet Security News, Web Filtering
In September, WebTitan launched a competition offering charities the chance to win a free WebTitan Cloud Security Solution to keep their networks protected when workers access the Internet and email.
The solution is highly effective at preventing users from inadvertently accessing web contact that could cause networks or computers to be infected with malware, while protecting users from objectionable content. It also allows an organization to see what websites individual workers are attempting to access. For charitable organizations the WebTitan Cloud Security Solution offers exceptional protection, and can prevent data breaches and costly cyberattacks.
The competition attracted a great many entries. All that was required to enter was for the participant to be a charity, and provide a brief answer to a very simple question: Why the organization would benefit from winning a free WebTitan Cloud Security Solution
The WebTitan Cloud Competition Winner Is… Touch Life of Uganda
The first prize in the competition was well worth winning: A WebTitan Cloud web security license valued at $8,000!
The prize could not have gone to a worthier winner. Touch Life is a Non-Government Organization (NGO) operating in Uganda. The charitable organization performs important and incredibly valuable work, assisting families that have been torn apart by war, famine, disease, and have been forced to live a life of extreme poverty. The charity empowers those families to take control of their lives and gives them hope.
In an ideal world, the websites of charities would be exempt from cyberattacks. Yet sadly their websites are no different to global corporations earning profits in the billions. Cybercriminals often conduct random campaigns, and the reality is charities are often targeted simply for having poor security controls. If there is money to be made from attacking a website, those websites will be attacked. In fact, cybercriminals often take advantage of natural disasters, famine, and war to obtain donations intended to help victims.
However, the Internet is vital for charities to spread news about the excellent work they perform and attract donations. Without those donations they could not continue with their missions. It is therefore essential that the websites have cybersecurity protections in place to protect from attack and ensure that donations make it to the victims, rather than be diverted to cover data breach costs. WebTitan Cloud security offers that protection.
Second Prize awarded to… New Zealand’s Framework Mental Health and Intellectual Disability Service
The second prize in our Cloud Security Competition was a brand new iPad. The winner of the prize is Framework of New Zealand, a provider of mental health and intellectual disability services in the Greater Auckland region. The organization conducts important work and helps to improve the lives of the mentally and physically disabled, teaching them a range of vocational skills, offering training, education and support. The charitable organization was first established in 1984 and has helped thousands of individuals lead more fulfilling lives.
Additional prizes have been awarded to a number of competition participants. A $50 Amazon voucher has now been sent to NGOs around the world, including Australia’s YMCA.
We would like to take this opportunity to thank all participants in our Cloud Competition and encourage all charities to check our blog frequently for news of further competitions. Be sure to sign up to receive our blog posts to make sure you never miss a chance to win. Our blog posts will also keep you abreast of the latest security threats to allow you to protect your websites, networks and data from cybercriminals.
May 23, 2013 | Cybersecurity News, Internet Security News, Social Media
Twitter, like many other social media platforms, is a target for hackers and cybercriminals. The company has recently become the victim of a number of cybersecurity incidents that have resulted in the account names and passwords of users being obtained by criminals.
Each attack spells bad news for the company, and even worse news for users of platform. They face an increased risk of suffering identity theft and fraud as a result of having their login credentials compromised. Twitter security measures were simply not good enough to prevent a data breach from occurring.
Twitter security bolstered with two-factor authentication
To address the situation, Twitter security has been improved with two-factor authentication. This is an important security measure to implement as it makes it harder for accounts to be hacked.
Two-factor authentication uses two means of identification to help ensure that accounts are only accessed by the correct individuals. In addition to entering a username and a password, Twitter now requires an extra element to verify the identity of the person trying to access an account.
A number of websites and online services have now added two-factor authentication to provide better protection for users of their online services. Google, for instance, added two-factor authentication in 2010.
Google’s reputation would be tarnished if it was hacked. The company proactively added the security measure to offer more protection to its account holders. Users of its services must supply a mobile phone number when opening an account. A unique code is then sent by SMS to the phone when a new device tries to access the account. Users can alternatively choose to have an email alert sent to advise them when a new device is used to access the account. This ensures that if someone tries to login to an account on an unknown device, they will be prevented from gaining access, even if they supply the correct login name and password.
This is a vital security measure to keep accounts secure and it has been adopted by a number of websites and social media platforms, although it appears to have taken a major data breach for Twitter security to have been improved with this fundamental security protection.
Social media accounts contain a considerable amount of data about the user. Should a criminal be able to gain access to an account, they would be able to gather a considerable amount of personal information that could be used to conduct a highly effective spear phishing campaign.
Two recent high-profile cyberattacks involved compromised Twitter accounts. They affected the UK’s Guardian newspaper and the American Associated Press. Hackers gained access to the accounts and released links to fake news items. Since the messages came from a trusted source, and contained click-bait links, the fake websites received hundreds of thousands of visitors.
The links were to fake articles detailing explosions at the White House – a potential terrorist attack – and a fake story about President Obama. Unsurprisingly, when news of the hacks emerged stock prices plummeted.
Oftentimes, the hacking of a company’s social media accounts causes permanent damage to the brand image. The compromising of a social media account could even allow hackers to launch further attacks, especially if passwords are shared across multiple platforms.
Two-Factor Authentication – An Essential Security Control
If you want to improve the security of your website or online services, setting up two-factor authentication is one of the best protections to implement.
Login names are easily obtained by cybercriminals, and passwords can all too easily be guessed. Many people still use “password” for example, or their data of birth. 1234567890 is also a surprisingly common password and one that is very easily guessed.
Enforcing secure passwords is essential. Force users to include capital letters, numbers, and special characters when creating passwords. Then add a second step that needs to be completed. Make sure the user registers an email address or a mobile phone number, and then verify these by sending an email or SMS text.
Whenever an access attempt occurs using a different device to that used during the registration process, a code should be sent via email or SMS. If that code cannot be provided by the user, the account should be blocked.
This will ensure that even if a password is obtained by a cybercriminal, access to the account will not be possible unless the person has also managed to gain access to the email account used to register, or has the victim’s mobile phone.
Apr 24, 2013 | Internet Security News, Social Media
Twitter has suffered two major security breaches that have exposed the login credentials of hundreds of thousands of its users. In response to the incident, a number of additional security controls have been considered. The best solution was deemed to be the addition of a two-step authentication process.
This will not guarantee another data breach will be prevented, but it will make sure that it becomes a lot harder for hackers to gain access to login credentials. The new controls are likely to put off all but the most skilled and determined cybercriminals from attacking Twitter in the future. There will be much easier targets they can attack.
Two-step authentication is an important security control. In order to create an account, a user must sign up and create a login name and a password. The second step in the process, which will shortly be added to Twitter, is the requirement to have a code sent to an email address, mobile phone or the Twitter app.
The additional control will log the user’s device. If another device is used to login, another code will be sent to the app, phone or email account used to register. If the code is not entered, access to the account will not be permitted.
Wired.com has recently reported that Twitter is in the process of testing the new security measure before making it live. Once testing has been completed it will be rolled out to all accounts. This will not come a moment too soon. Cybercriminals are targeting social media networks, and if security measures are inadequate, data breaches will be suffered.
Social Media Networks are an Attractive Target for Cybercriminals
The networks are a big target for hackers and cybercriminals. The data stored in user accounts can be considerable. The data can be used to conduct highly effective spear phishing campaigns. With detailed information about each user, those campaigns can be very convincing.
Criminals can use stolen data to craft emails that the user is likely to respond to. They can find out who their contacts are, and make an email appear that it has been sent by a friend. That makes it far more likely that the target will click a phishing link or open an infected attachment.
Not only that, passwords are often shared across websites. Many people use the same password for Twitter as they do for their online banking and for work. One single password could potentially give a criminal access to much more than a social media account.
Phishing emails are being sent with increasing regularity
In the first half of 2012, phishing attacks are estimated to have increased by 19%. Many criminals still use email as the vector of choice, but many are now targeting social media networks. Criminals are finding it is easier to use Facebook and Twitter to get users to click on links to phishing websites. People even unwittingly share phishing links with their friends, helping the attacker infect more machines and steal more passwords.
Phishers are targeting individuals, but many are after a much bigger prize. If a user’s work computer is compromised, it can allow access to be gained to a corporate network. In fact, businesses are now being increasingly targeted using phishing campaigns.
These campaigns are far more sophisticated than in years gone by. The emails and social media posts are much harder to identify, and many employees are convinced to (unwittingly) download malware and viruses.
Unfortunately, many businesses are still not addressing the risk and have failed to implement adequate security controls. Some employees have not even been trained how to identity a phishing email!
Unless greater investment goes on improving security protections, and further training is provided to the staff, it will only be a matter of time before a network is compromised, customer data is stolen, and corporate secrets sold to the highest bidder.
Apr 17, 2013 | Cybersecurity News, Internet Security News
Terrorist attacks are occurring with increasing regularity around the world, but it is still rare for one to happen on American soil. However, on Monday an attack took place at the Boston Marathon. The tragedy claimed the lives of three people.
It is at times like this that vigilance must be increased. Criminals often use events such as this to infect computers with malware. Big news events are often used to lure victims into clicking on links to websites infected with malware or convince them to open malware-infected email attachments. The Boston bombing is no exception. Criminals have seized the opportunity already and have started sending emails about the tragedy which contain links to infected sites.
SpamTitan is alerted when spam and phishing emails are captured. The quarantine reports are collected and analyzed, and some of the recent crop of captured messages contain titles such as “Explosion at Boston Marathon” and “Boston Explosion Caught on Video.” When news breaks, people want to find out what has happened, and images and videos of the event are sought online. Videos of the Boston bombing are being searched for on Google and social media, and emails including links to videos are likely to be clicked.
Anyone clicking one of the links in the emails will be directed to YouTube where a range of videos are listed. No harm is immediately caused.
However, after 60 seconds the visitor will be notified of a file called “boston.avi____exe”, and are asked to download it. If the file is run, it will install malware which will connect to servers in three locations: Argentina, Taiwan and Ukraine. Data from the infected machine will then be sent to those servers. SpamTitan software will prevent the email from being delivered using a variety of methods, thus protecting the user. Individuals without this software installed are unlikely to even be aware that their computers have been compromised.
Be wary about emails containing news alerts
Cybercriminals often use news events to spread malware and gain access to computers and servers. Each major news story, whether it is a terrorist attack, election result, natural disaster or celebrity wedding, will see numerous phishing and spam campaigns launched. Many of these campaigns see emails sent out randomly, often in the millions.
Any company that does not have a spam filtering solution in place is likely to see many of these emails delivered, and all it takes is for one end user to click on a link and download a file for a network to be compromised. It is not only malware that is a problem.
There have been a number of new websites registered in the past two days related to the Boston bombing. New domains have been purchased by individuals looking to capitalize on the attack. Some have been bought and are currently just parked. Some individuals have purchased the domains to prevent them from being used by scammers. Others have been activated and are seeking donations to help the families of the victims. Of course, any donations made through those websites will just go into the criminal’s pocket.
In addition to installing a spam filter to catch email spam, and employing a web filter to block links to malicious websites, be sure to adopt the following best practices and make sure that staff members do the same:
Don’t become another victim of a scam!
- Check the email address of the person sending the email even if it appears to be from someone you know
- Never click on a link in an email unless you are sure that link is genuine
- Do not open attachments contained in emails from strangers
- Be wary about opening attachments sent from friends. Their account may have been compromised or they may not realize they are sending an infected file
- Never open executable files (those that end with .exe)
- Never respond to an email request for money. If you want to donate, do so via a trusted, registered charity. Always visit the website via the search engines, not the link contained in the email
- Make sure a charity is registered before making a donation
- Be wary of any email sent to you containing information about a news event – who is sending it? How did they get your email address?
- Do not forward or share suspicious emails or links
Feb 20, 2013 | Internet Security News, Network Security
Bring Your Own Device (BYOD) is increasing in popularity. Employers love it: They can leverage the power of Smartphones, tablets and laptops, without having to pay the huge cost of supplying the devices to all staff members. BYOD can lead to a major increase in productivity, improve efficiency, and the devices facilitate better collaboration. They make communication so much easier.
That said, they do raise a number of security concerns, so much so that many security experts believe the acronym should stand for “Bring Your Own Doom”, or “Breach Your Own Data.” By running such a scheme are you just introducing unnecessary data security risks? Would it be better to bite the bullet and supply mobile devices to exercise greater control?
Employees are not necessarily careful with corporate data stored on their devices
Employees engage in risky online behavior. They fail to implement even basic security controls on their own devices and are prone to losing them. If the devices are used to store corporate data, this is a major security risk.
Even with the risks posed by allowing the devices to be used at work, a Fortinet survey recently revealed 74% of organizations in the United States have adopted BYOD.
The survey was conducted on 3,800 employees, half of whom believed bringing their own devices to work was a basic human right. In actual fact is it a privilege. The figures would be surprising were it not for the fact that all of the respondents were in their early twenties, many of whom had only just started their first job.
Young adults, often referred to as Generation Y, are tech-savvy and have grown up in an environment with a myriad of electronic devices at their disposal. They are heavily reliant on this technology. This is good news as it means they are able to use a wide range of devices competently; they know their way around a computer and are easy to train. On the downside they are perhaps too reliant on their mobile devices and use them too much to communicate. Take those devices away and they are at a loss.
Employers have realized that this technical expertise can be leveraged to improve efficiency in the workplace. They are also the CEOs, CISOs and senior executives of the future, and their understanding of how technology can be used in the workplace is far better than current industry heads. Their knowledge of technology can be used to increase profits, connect with customers, and tap into new, lucrative markets.
It is no surprise that even with the considerable security risks, Generation Y is encouraged to use mobile electronic devices at work. There are, after all, great benefits to be had. Companies that do not allow use of the devices could well find themselves falling behind their competitors.
What is the real cost of BYOD?
Improved efficiency and productivity does come at a cost. BYOD has a major drawback. It can make it far easier for hackers and malicious outsiders (and insiders) to gain access to corporate data. This is a major problem, especially for smaller organizations that lack the big budgets of the likes of Sony, Microsoft, IBM and Facebook. They cannot devote as much money to improving cybersecurity defenses.
Large companies may be targets for cybercriminals and hacktivists, but smaller businesses are now being targeted with increasing regularity. The data they store may not be worth as much, but it is far easier to gain access to. Small to medium-sized businesses are fast becoming the primary targets for many online criminals.
How robust are your BYOD Internet and email security controls?
Interestingly, the Fortinet study revealed that 66% of respondents thought it was their own responsibility to keep their devices secure. Only 22% believed device security was the responsibility of their employer. While it is good news that BYOD participants believe they should take care of their mobiles and ensure they are kept secure, this does not let organizations off the hook. If the devices are not properly controlled and managed, they could all too easily lead to a data breach.
One problem highlighted by the research is Generation Y is happy to break the rules. Policies can be put in place, but it does not mean they will be followed 100% of the time. One of the most effective ways of managing BYOD is to focus on BYOD participants rather than the devices that are used to connect to corporate networks. A user-centric approach has been shown to work very well. If the user is effectively managed, they are empowered to keep their devices secure.
That said, security controls must be implemented by an organization. Policies must be developed covering data security, and users must be reminded of the risks posed by the devices.
Dec 12, 2012 | Internet Security News, Web Filtering
It is now possible to search the internet more securely and also avoid objectionable content without having to install a web filtering solution or parental controls. Google has added greater protection to its search engine to filter out undesirable webpages. Users of Google.com will no longer have the option of choosing a moderate level of content. The choice is now a yes or no. They can “filter explicit content” or not, and account holders can also lock the setting in place.
This will undoubtedly please many parents who will be able to easily add a filter to prevent their children from being displayed content of an adult nature, but not everyone is happy. The news broke via Reddit and many internet users have reacted angrily over the censorship that is now placed on searches by Google SafeSearch.
Google SafeSearch is not sufficient protection for businesses, schools and colleges
The major search engines are well aware that there are a lot of websites containing adult or otherwise explicit content on the Internet and most now offer an option to filter search results to prevent certain sites from being displayed. When set to their various safe modes, they will limit the search results for general search terms. This is fine for home use but it is not sufficient protection for schools, colleges and business use.
The function can be used of course, but it will need to be set on each individual computer or browser, and the controls are easy to navigate around. They will only prevent content from inadvertently being displayed in the search results. If a student or member of staff wants to access explicit content, it is easy to bypass the controls or turn them off.
Oftentimes these filters are overactive and prevent some legitimate websites from being displayed. It may not be possible for students or teachers to view classic literature or works of art. Some will be deemed to be sexually explicit. The answer in this case is not to use the search engine functions to filter content, but to employ a powerful web filtering solution such as WebTitan.
WebTitan allows a system administrator to fine tune the web filter to ensure that adult and other objectionable content cannot be viewed on a school, college or business network. There is no bypassing the controls. The sites will not be viewable. The filter is highly flexible and can be fine-tuned with ease to suit an organization’s needs. System administrators will also be able to see who is attempting access to certain websites that are not permitted under Internet usage policies.
This will not only protect students and employees from viewing content that is inappropriate; it will also help employers avoid legal action.
It is not just an individual that faces legal action from inappropriate online activity
If an employee accesses illegal content, that individual is likely to face criminal charges. However, an employer who does not take steps to prevent the content from being viewed could face legal action. Criminal charges may not be filed, but it is possible claims for damages will be filed.
A court case in New Jersey has highlighted the risk. In the case of Doe v. XYC Corp., a company was sued for damages after an innocent third party discovered child pornography images on a work computer. An employee of the company had downloaded them and was dealt with accordingly, but a legal case was filed against the employer none the less.
The employer may not always be found to be liable, but it is possible that legal claims will be filed. The negative publicity from such a case can be particularly damaging for a company. Questions will be asked about why efforts were not made to prevent that sort of content from being viewable in the workplace.
If you want to play it safe and have total control over what your employees/students can access via a work or college computer, a web filtering solution should be employed. You should not rely on the search engines to filter out explicit content.
