Web Filtering

How to Protect Networks from Ransomware

Ransomware is not new; however, cybercriminals have been using the malicious software with increased frequency in recent months as a sure fire way of generating income. It is now essential to protect networks from ransomware due to the increased risk of attack.

What Is Ransomware?

Ransomware can be considered to be rogue security software. It uses the same encryption that companies are advised to use to protect their data from cyberattackers. It encrypts files to prevent them from being used or accessed. Encrypted files can only be unlocked with a security key. Attackers lock data and demand a ransom to provide the security key. Without the key, the files will remain locked forever. It is therefore important for organizations to take steps to protect networks from ransomware. The threat of attack is increasing and failure to take proactive steps to reduce risk could prove costly.

Why are Ransomware Infections Increasing?

Malware can be used to record keystrokes and gain login credentials to access bank accounts, or to create botnets that can be sold as a service. Corporate secrets can be sold to the highest bidder, or Social Security numbers, names, and dates of birth stolen and sold on to identity thieves. However, attacks of this nature take time and effort. Ransomware on the other hand gives criminals the opportunity to make a quick buck. Several hundred of them in fact.

If a cybercriminal can infect a single machine with ransomware and lock that device, a ransom of between $300 to $500 can be demanded. The ransom must be paid using the virtually anonymous Bitcoin currency. Bitcoin can be bought, sold, traded, and spent without having to disclose any identifying information. Cybercriminals are able to demand ransoms with reasonable certainty that they will not be caught.

Ransomware-as-a-service is being offered on underground networks, meaning cybercriminals do not need to be skilled hackers or programmers. For a payment of between 5% to 20% of the profits and a nominal download fee, criminals are able to use the malware to generate a significant income.

Ransomware is lucrative. One of the most sophisticated strains of ransomware, CryptoWall, has been estimated to have netted its developers around $325 million in profit. Considerably more in fact, since the CyberThreat Alliance figures were calculated in 2015.

It is not difficult to see the attraction of ransomware. Because of the effectiveness of ransomware campaigns, we are only likely to see even more infections in 2016. In fact, this year there have been a number of ransomware infections reported by companies who have failed to protect networks from ransomware infections, leaving them little alternative but to pay to have their data unlocked. The victims include schools, healthcare providers, and even law enforcement departments. All organizations need to protect networks from ransomware or they may be left with little choice but to pay a ransom to unlock their files.

Who Is Being Targeted with Ransomware?

In the majority of cases, individuals and businesses are not actually targeted. Ransomware is sent out randomly via spam email. Oftentimes, millions of emails are sent in a single campaign. It is a numbers game and a percentage of emails will be opened, a smaller number of machines will be infected, and organizations that have failed to protect networks from ransomware are likely to have to pay the ransom.

However, businesses are also being targeted by attackers as the money that can be demanded to unlock devices – and networks – is much higher. A business may decide to pay several thousand dollars to recover critical data. Hackers and cybercriminals know this and are targeting organizations with spear phishing emails designed to get users to visit malicious websites that download ransomware. Spam emails are also sent with the malware disguised as invoices or even image files.

How Much Are Cybercriminals Asking to Unlock Encrypted Devices?

While single users receive $500 demands, the same cannot be said of businesses. Attackers can demand whatever fee they want. In February, Hollywood Presbyterian Hospital felt that paying a $17,000 ransom was the most logical solution considering the cost of data loss, downtime, and the restoration of its systems. The effort required and the cost of rectifying an infection could exceed the ransom cost by several orders of magnitude.

Horry County school district in South Carolina paid a ransom of $8,500 to decrypt 25 servers. The FBI investigated and told the school it had no alternative but to pay the ransom if it wanted to recover its data. In 2015, the Tewkbury, Mass., Police Department was also forced to pay up after it suffered a CryptoLocker attack. While data could be restored from a backup, the most recent file was corrupted and the only viable backup was more than 18 months old. In late February, 2016., Melrose Police Department, Mass., also paid a ransom to unlock files.

Is There an Alternative to Paying A Ransomware Ransom?

Depending on the type of ransomware used by cybercriminals in their attack, it may be possible to unlock data without paying a ransom. In some cases, data may not actually be locked at all. Users may just be fooled into thinking that it is.

Scareware is used to fool users into thinking they have been attacked with ransomware, when in actual fact they have not. Paying the ransom will remove the scareware from the device, but since no files have been encrypted, it is possible to remove the malware without paying the ransom. Many security tools can be used. In fact, that is how the attackers often make their money. By selling victims a security tool to remove their own infection.

Kovtar ransomware is a little different. This malware locks a computer and displays a message that cannot be removed. A lock screen is used which is displayed on boot, which prevents the user from using their device. It resides in the registry, but can be removed without paying a ransom. It has been commonly used as a police scam, claiming the user had visited websites displaying child pornography, even though in all likelihood they did not. It displays an FBI or police department warning, and demands that a payment be made to avoid any further action.

However, ransomware that actually encrypts files is a different beast entirely. Encryption cannot be unlocked without a security key, although it may be possible to restore files from a backup or with a system restore. Provided of course that those files have not also been encrypted. Some ransomware encrypts the files needed to restore data from a backup, or the backup files themselves.

When files have been encrypted, even the FBI has advised individuals to pay the ransom. In 2015, Joseph Bonavolonta, FBI cybercrime chief in Boston, was quoted as saying, “To be honest, we often advise people just to pay the ransom.”

The FBI says that most ransomware attackers are true to their word and supply the keys. That is not necessarily the case though. The keys may not be supplied and the individual could receive a further demand. Some ransomware that has been tweaked has been broken, making it impossible to decrypt locked files. Paying the ransom in such cases would not allow data to be recovered. There is no guarantee that payment of a ransom will result in a working key being provided. It is therefore essential to implement a number of measures to protect networks from ransomware infections.

How to Protect Networks from Ransomware?

There are a number of strategies that can be adopted to protect networks from ransomware infections and to reduce the damage caused if security defenses are breached.

Perform Regular Backups

Performing daily and weekly backups is essential. This measure will not protect networks from ransomware, but it will reduce the damage cause if an infection occurs. Backups of data should ensure files can be recovered. However, backups cannot always be restored. Just as the Tewkbury Police Department. It is essential that backups are not stored on portable devices that are left connected to computers. Ransomware can encrypt portable drives and can scan and lock files on networks, not just on individual devices.

Use a Spam Filter

Ransomware is often spread via spam email. One of the best ways to protect networks from ransomware is to prevent spam email from being delivered. Using a robust spam filtering solution will ensure the majority of malicious emails are caught and quarantined to prevent them from being opened by end users.

SpamTitan blocks 99.9% of spam emails, greatly reducing the likelihood of employees infecting their computers and corporate networks with ransomware.

Train Staff How to Identify Malicious Emails

Staff training is essential and a great way of helping to protect networks from ransomware. Emails are occasionally delivered to inboxes even with a robust spam filter in place. Employees must therefore be made aware of the risk and taught best security practices to avoid compromising their network or infecting their devices. Employees should be told never to open an email attachment that has been sent from someone they do not know. They should always check the email address of the sender carefully. Unfortunately, ransomware is not only spread via spam emails and web-borne attacks are more difficult to identify.

Use WebTitan to Block Malicious Websites

Cybercriminals use malicious advertising – terms malvertising – to lure individuals onto malicious websites where drive-by ransomware downloads take place. These adverts are often placed on legitimate websites via third party advertising networks. Malicious links are also posted on social media networks. Phishing emails also contain links to malicious sites that download ransomware.

One of the best ways that businesses can reduce the risk of a web-borne attack and protect networks from ransomware infections is by limiting the websites that can be accessed via their Wi-Fi and hard-wired networks. Blocking websites known to contain malware, preventing the downloading of file types commonly associated with ransomware, and blocking third party adverts from being displayed can all greatly reduce risk. To do this, a web filter is required.

WebTitan Cloud for Wi-Fi and WebTitan Gateway can be used by businesses, schools, and operators of Wi-Fi networks to reduce the risk of a ransomware attack. WebTitan blocks users from engaging in risky online behaviors and visiting malicious websites. Regardless of the level of training provided to users of computer networks, it is not possible to eliminate risk entirely. Using a web filtering solution to protect networks from ransomware, along with staff training and a spam email filter can greatly improve security posture.

The cost of these protections for businesses, educational institutions, and healthcare organizations is likely to be far lower than the cost of paying a ransom.

Accessibility Clickjacking Proof of Concept Malware Uncovered

As if IT security professionals didn’t have enough to worry about, Skycure has uncovered a new accessibility clickjacking proof of concept malware that could be used to spy on corporate and personal emails, as well as steal corporate data stored on mobile devices.

The malware could be used to spy on all activity on an infected device, from recording emails composed via Gmail to details entered into website forms, mobile banking apps, corporate CRM systems, or messaging apps. In contrast to many mobile malware, this form does not require rooting the device and does not need many app permissions. The footprint left by the malware is incredibility difficult to identify and the user is unlikely to be aware that their device has been compromised.

Clickjacking, also known as a UI redress attack, is the act of fooling a user into clicking on a hyperlink that is hidden in an interface underneath seemingly legitimate content. A user could be playing a mobile game and clicking on parts of the screen, yet unbeknown to them, would also be giving authorizations to a malicious mobile application. That could include any number of permissions, or could be used to authorize a download of malware onto the device.

A typical example of clickjacking is where an attacker uses a fake X button which the user clicks to close an advert. If the X also closes a dialog box or an advert, the user is unlikely to be aware that anything untoward has occurred. Yet that X could also trigger a download or give a malicious app permission to access the microphone or all text entered on the device.

Android 4.4 and Below Susceptible to Accessibility Clickjacking

Accessibility clickjacking takes advantage of accessibility APIs, which were introduced in Android 1.6. The purpose of accessibility APIs is to make Android easier to use for people with disabilities, such as the visually impaired. The benefit is the APIs can perform a number of actions so the user doesn’t have to, but that is also the problem. These APIs have access to system-wide tools, and can interact with numerous interfaces. While these APIs are certainly beneficial, they are a potential security risk that can be exploited.

The accessibility clickjacking PoC malware identified by Skycure takes advantage of accessibility APIs, and by doing so can record virtually all activities performed on the device and perform actions without users’ consent.

The example provided involves a game that takes advantage of the accessibility feature, and gets the user to click on certain parts of the screen to progress to the next level. When a click is performed it gives a permission via the underlying software. In the example it gives an application permission to record all keystrokes entered via the Gmail app.

The researchers have warned that not only can this technique be used for keylogging, but a hacker could also use the technique to change admin settings, disable functions, encrypt the device, or delete files. All Android devices except 5.x and above are susceptible to accessibility clickjacking. That is 65% of all Android phones currently in circulation.

Triada Trojan: 60 Percent of Android Devices Vulnerable to Attack

Researchers at Kaspersky Lab say the recently discovered Android Triada Trojan is one of the most sophisticated Android malware variants yet to be discovered and that it rivals Windows-based malware for complexity. 6 out of 10 Android devices are estimated to be vulnerable to attack by the Triada Trojan. As if that is not bad enough, the malware runs silently and embeds itself in the Android system making it virtually impossible to detect. Nikita Buchka, a junior malware analyst at Kaspersky Lab, said “Once Triada is on a device, it penetrates almost all the running processes, and continues to exist in the memory only.” All of the processes remain hidden, both from the user and application.

It has been discovered in the wild and has primarily been use to infect devices in Russia and Ukraine, suggesting that’s where its authors are based; although it has also been found in India and various other APAC countries. The malware is believed to infect devices via app downloads, in particular those downloaded from untrusted sources rather than the Google Play store. That said, in some cases infected apps have been found in Google Play app store.

Kaspersky Lab researchers say the malware has been developed by “very professional” cybercriminals and suggest the developers are extremely experienced hackers with a deep understanding of the Android platform.

Triada Trojan Capable of Monitoring All Phone Activity

The Triada Trojan is capable of gaining access to all apps running on an infected device and can change the code of the app and monitor all activities on the phone. The malware can intercept SMS messages and reroute them, which is how the researchers believe the malware will make its developers money. They say the malware is likely being used to reroute in-app purchases and direct the funds to the attackers’ accounts.

Not only is the Triada Trojan almost impossible to detect with the majority of Android anti-virus and anti-malware programs, even if it is detected, removing the Triada Trojan from an infected device is exceptionally difficult. Standard removal techniques will not succeed in ridding the device of all elements of the Triada Trojan. To disinfect an infected phone, the user has to jailbreak the Android system and manually remove all of the components.

The new malware can only infect Android 4.4.4 Kitkat and below; however even though two new Android versions have since been released, the majority of Android devices run on Kitkat or earlier versions. 30% of devices run on version 4 or below, and those devices are particularly vulnerable to attack.

Kaspersky Lab researchers have previously warned that Trojans that gain superuser privileges and are being used to display advertising or install apps would eventually be used for far more malicious activities such as rooting malware. 11 different Android malware families are known to gain root access, and three of them work together – Ztorg, Gorpo and Leech. Those malware have collectively been identified as Triada.

The malware uses Zygote to launch application processes, which until the discovery of Triada, was only known to be possible as a proof of concept, and had not been exploited in the wild.

The researchers say that the new “Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats.”

Numerous Data Breaches Caused by Mobile Devices, Says New Report

A new report released by the Ponemon Institute suggests data breaches caused by mobile devices are not as rare as previously thought. Last year, Verizon released a data breach report suggesting that while mobile malware is increasing, it is not yet a major threat for attacks on organizations. Attacks are conducted, but they tend to target individuals.

Are Corporate Data Breaches Caused by Mobile Devices?

Verizon determined that only 1% of data breaches use mobile devices as an attack vector. The Ponemon report suggests the figure is far higher, with 67% of respondents claiming the use of mobile devices by employees was certain or likely to have resulted in a beach of sensitive corporate data.

The Ponemon study, which was commissioned by security firm Lookout, set out to cast some light on enterprise mobile security risk. 588 IT security professionals employed by Global 2000 companies in the United States were asked about the threat from mobile devices.

The report suggests there is a disconnect between IT departments and employees when it comes to the data that can be accessed using mobile devices. Many IT departments have implemented controls to limit data access via BYOD or corporate devices. However, employees still appear to be able to access corporate data none the less

The study found significant discrepancies between the data IT departments said could be accessed, and the responses provided by employees. For instance, when both groups were asked about whether confidential or classified documents could be accessed, 33% of employees said access was possible compared to just 8% of IT security professionals. 19% of IT security professionals said mobile devices could not be used to access customer data, yet 43% of employees said the data were accessible via their mobiles.

IT departments must therefore implement better controls to ensure mobile devices cannot be used to access sensitive data, or employees must be trained on the potential risks from using their mobile devices. Policies would also need to be developed to dictate what mobile devices can and cannot be used for.

The Average Infected Mobile Device Costs Organizations $9,485

The report also looked into the cost of data breaches caused by mobile devices. The average infected device was estimated to cost an organization an average of $9,485.

According to the report, mobile malware infections are a real concern. For any given company, many of the devices in use are already be infected with malware. The study suggested that “Of the 53,844 mobile devices in the average Global 2000 enterprise, 1,700 of those devices are infected by malware at any given time.”

When asked about the protections put in place to manage data access by employees, many companies had already implemented a number of safeguards to keep corporate data secure.

47% of organizations used whitelists and blacklists, 40% used mobile device management, while 45% used identity management. However, more than 4 out of 10 respondents said that none of those security measures were used by their organizations.

With the threat from mobile malware high, organizations need to devote more time and resources to mobile device security. Fortunately, this appears to be the case. The Ponemon report indicates that mobile security budgets are increasing and will represent 37% of the IT security budget next year. A considerable improvement on the current 16%.

Source Code of Android Banking Malware Leaked

The source code of a nasty Android banking malware has been leaked via underground forums by an individual who appears to have purchased the malware from the developers. The malware is known by many names, although GM Bot is one of the most common. Others include Slempo, Bankosy, Acecard, and MazarBot.

The code, which was encrypted, was posted on an underground forum and the poster said he would be willing to supply the password to decrypt the file to anyone who asked him, provided they were active members of the forum. He appears to have made good on the offer, although someone else appears to have distributed the password to other individuals. With a number of individuals now in possession of the decrypted file, more attacks using GM Bot can be expected. The source code was previously being sold for $500 via banking

The malware family works using activity hijacking and can be used to attack users of Android 4.4 and below. The malware cannot be used on versions 5 and above, although that does mean that 65% of devices currently in use are susceptible GM Bot android banking malware attacks.

Android Devices Running KitKat and Below Susceptible to The Android Banking Malware

Activity hijacking is a technique used to log activities performed on a compromised device. In the case of this Android banking malware, it is used to record the login credentials entered into mobile banking apps. The user of a compromised device launches a banking app and enters their credentials; however, the malware uses an overlay above the actual app and all input is recorded and transmitted to the hacker.

This Android banking malware is also able to intercept SMS messages, enabling the hackers to hijack authentication codes sent to the user’s device. The malware can also forward phone calls allowing hackers to bypass other security protections used by banks. Data can also be deleted from a compromised device, and it can also capture data entered via websites via the Chrome browser. This Android banking malware is also known to lock users’ devices giving attackers the time they need to pull off banking fraud.

Security experts are predicting a wave of new attacks using GM Bot, but since the hacker also posted details of how it can be installed and supplied a tutorial, hackers could use the information to develop new Android banking variants.

Mousejacking: Wireless Mice and Keyboards Found to be a Security Risk

Security vulnerabilities in wireless devices can be exploited by hackers, but what about mousejacking wireless mice and hijacking wireless keyboards? According to a team of security researchers at Bastille, an IoT security start-up, the devices can be hijacked and used by hackers to steal data or compromise a network. Furthermore, in many cases the devices can be hijacked from up to 330 feet away. That’s far enough away for a hacker to be able to sit in his or her car outside a building and force a user to download malware. All a hacker is likely to need is about $15 of very readily accessible hardware say the researchers.

Mousejacking – A New Concern for Security Professionals

Bastille’s researchers looked at wireless mice and keyboards from major device manufacturers such as Logitech, Microsoft, Lenovo, HP, and Gigabyte. Since alerting the manufacturers to the risk of mousejacking and keyboard-jacking, some have released patches to address the vulnerabilities. For others, no patches have yet been developed leaving the devices vulnerable to attack. The problem does not appear to affect Bluetooth devices, but all other mice and keyboards that use a wireless dongle are potentially vulnerable.

With basic hardware, including a software-defined radio, a hacker could scan for the frequencies used by wireless devices and identify targets. Once a target was identified, forged packets could be transmitted to the address of the target.

While traffic sent between a wireless keyboard or mouse and the device’s dongle is encrypted, the dongle can still accept unencrypted commands, provided those keystrokes or clicks appear to come from its accompanying wireless mouse or keyboard. The researchers were able to inject keystrokes by sending unencrypted packets via the dongle that pairs with its wireless device.

Mousejacking could potentially be used to download malware onto devices, although Bastille software engineer Marc Newlin has hypothesized that the flaw could be used by a hacker to set up a wireless hotspot on the device. That hotspot could then be used to exfiltrate data, even in the absence of a network connection. A command window could also be opened on the device and a network vulnerability introduced, or a rootkit could be installed.

Logitech has already issued a patch and Lenovo has addressed the vulnerability for all new devices, but its patch cannot be applied to existing devices and must be installed at the time of manufacture. Microsoft is looking into the reported vulnerability but a patch has not yet been issued. Some Dell devices can also be patched, but not all.

While an mousejacking attack would be complicated and difficult to pull off outside of a controlled environment, a skilled hacker in close proximity to a device could potentially conduct a mousejacking attack. Since mousejacking can be used up to 330 feet away from the device, that individual would not even need to be in the building.

Linux Mint Cyberattack: ISO Infected with Malware and Forum Accounts Stolen

A hacker has compromised the official Linux Mint website and has linked the official Linux Mint ISO to a modified version hosted on a server in Bulgaria. The modified ISO contains malware that will allow the hackers to take control of the machines on which Linux Mint is installed. The Linux Mint cyberattack has impacted all individuals who downloaded the ISO on 20th February.

The ISO included an IRC backdoor that will allow attackers access to all infected systems. The Linux Mint ISO hack was achieved by modifying a PHP script on the WordPress installation used on the site.

The Linux/Tsunami-A malware connects to an IRC server and can receive instructions from the hacker behind the attack. The machine on which the malware is installed could be used as part of a DDoS attack, or the machine could have further malware downloaded to it.

The backdoor had been installed in the 64-bit version of the Linux Mint 17.3 Cinnamon edition. While the 32-bit version does not appear to show any sign of an infection, the hacker responsible appears to have been attempting to install a backdoor in that ISO as well, as that file was also stored on the attacker’s server. The hacker responsible was reportedly trying to construct a botnet, although Mint Protect Leader Clement Lefebvre has said that the intentions of the hacker are not fully understood.

The names of three individuals who are believed to be involved in the Linux Mint cyberattack have been obtained by Lefebvre’s team. They are associated with the website on which the modified ISO was hosted, although it is not clear at this stage whether an investigation into those individuals will be launched. That will depend on whether any further action is taken by the hacker, according to a blog post by Lefebvre.

Linux Mint Cyberattack Compromised 71,000 User Accounts

In addition to linking to a modified version of the ISO file, the forum database on the Linux website has also been compromised. The account details of all 71,000 individuals registered on the forum have been exposed. That database has been listed for sale for a reported 0.197 Bitcoin according to ZDNet.

Fortunately, the Linux Mint cyberattack was discovered quickly and action taken to prevent further malicious copies of the ISO being downloaded. The Linux website has been taken offline while the issue is fixed.

All individuals who downloaded the ISO from the official website have been advised to check to see if their version has been hacked. It is possible to determine whether the ISO has been hacked by checking its MD5 signature by running “md5sum yourfile.iso”, using the name of the downloaded ISO and checking this against the valid signatures posted on the Linux Mint website.

All individuals who have an account on forums.linuxmint.com have had their username, email address, private messages, and encrypted copies of their password exposed. Users have been advised to change their passwords immediately.

IRS Warns of Wave of Tax Season Phishing Scams

Nothing is certain in life apart from death and taxes, apart from tax season phishing scams which have started particularly early this year. Inboxes are already being flooded with phishing emails as cybercriminals attempt to file tax returns early. Not their own tax returns of course, but fraudulent claims on behalf of any email recipient who divulges their Social Security number and personal data to the scammers.

Tax season phishing emails are sent out in the millions in the run up to the April 15, deadline. If a tax refund can be submitted before the victim, the criminals will receive the refund check.

How to Spot Tax Season Phishing Scams

Each year tax fraudsters develop new and ever more convincing phishing scams to get taxpayers to divulge their personal data and Social Security numbers. With these data, fraudsters can submit fake tax returns in the names of the victims.

While phishing emails can be easy to spot in some cases, the fraudsters are now getting much better at crafting official looking emails that appear to have been set from the IRS.

The emails use the same language that one would expect the IRS to use and the email templates use official logos. The emails contain links that have been masked to make the email recipient think they are being taken to an official website. Clicking on the link will fire up a browser window and the soon-to-be-victim will be taken to a website that looks official.

Visitors will be asked to update their personal information, add their Social Security number, or even be requested to divulge their Self-Select PIN for the online tax portal. Divulging these data is almost certain to result in tax fraud.

tax-season-phishing-scams

 

Tax Season Phishing Emails Are A Growing Concern

Taxpayers have been warned to be ultra-cautious. More tax season phishing scams have been identified this year than in previous years, with tax-related phishing and malware scams up 400% year on year.

IRS Commissioner John Koskinen warned that “Criminals are constantly looking for new ways to trick you out of your personal financial information so be extremely cautious about opening strange emails.”

Tax season phishing scams are not only conducted via email. In fact, phone scams have previously been one of the commonest ways that criminals obtain the information they need to submit fraudulent tax returns; however, the use of phishing emails is growing.

For the 2014 tax year, the IRS received 1,361 reports of phishing and malware schemes in the run up to the April deadline. That total has already been surpassed and February is not yet over. 1,389 reports have already been received. The January total was 254 higher than for the 2014 tax year, with 363 incidents reported by February 16, which is 162 more than the total for the entire month of February last year.

IRS Tax Season Phishing Emails Used to Deliver Malware

While criminals are attempting to phish for personal data, that is not the only consequence of clicking on a malicious link. The websites used by the cybercriminals behind these phishing scams are loaded with malware. Those malware enable cybercriminals to log keystrokes on infected computers and gain access to far more data than Social Security numbers. Bank account logins and passwords can be obtained, access to email accounts, and much more.

Tax Professionals Are Being Targeted with Phishing Scams

It is not only the public that must be vigilant and on the lookout for tax season phishing scams. Tax professionals are also being targeted by cybercriminals using similar schemes. The aim is to get accountants and tax advisers to reveal their online credentials such as their IRS Tax Professional PTIN System logins.

The IRS advice is to be vigilant and report any suspected phishing email. The IRS does not typically request data via email and does not initiate contact with taxpayers via email, text message, or social media channels. If an email is received asking for a link to be clicked or an attachment to be opened, it is likely to be a scam and should be reported to the IRS.

Dual Action Xbot Trojan Steals Passwords and Locks Android Devices

Palo Alto Networks has announced the discovery of the Xbot Trojan; a new mobile security threat targeting users of Android Smartphones. Not only will the malware steal banking usernames and passwords, but it can also lock users’ devices and demand a ransom to unlock them. The new family of dual action malware acts as both a Trojan and ransomware, and is a double whammy for anyone who inadvertently downloads it to their Android phone.

Xbot Trojan Family Capable of Multiple Acts of Maliciousness

The new Xbot Trojan, which is believed to be of Russian origin, is capable of phishing for bank account information, targeting specific banking apps and conducting phishing attacks on users of Google Play. It displays fake notifications using the Google Play logo asking users to add in payment information, mimicking that used by the official Google Play app.

Clicking on the notification will download a webpage asking users to enter their credit card number, expiry date, CVV number as well as the name of the card holder, their registered address, phone number, and a verified by via number or Mastercard SecureCode. The Xbot Trojan is also capable of intercepting two-factor authorization SMS messages.

So far, Palo Alto has discovered fake webpages used by the malware to target customers of 7 different Australian banks, with the login interfaces closely mimicking those used by the legitimate apps. Users are asked to enter in their ID numbers and passwords. The malware does not compromise the legitimite banking apps, only mimics their interfaces.

The C2 contacted by the malware can decide which faked app webpage to display, so it could easily be adapted to target other banks in other countries.

Additionally, the Xbot Trojan is capable of encrypting the device on which it is installed. It displays an interface using WebView suggesting the device has been locked with CryptoLocker, and demands a ransom of $100 to unlock the device. The ransom must be paid via PayPal MoneyCash Card within 5 days.

While the interface says that the user has no alternative but to pay the ransom to unlock the encrypted files, the encryption used is not particularly robust and files could potentially be recovered without paying the ransom.

The Xbot Trojan is also an information stealer and can collect and exfiltrate phone contacts to its C2 server. It can also intercept all SMS messages that are sent following its installation.

Xbot Trojan is the Latest Incarnation of Aulrin?

The Xbot Trojan uses activity hijacking, which is the launching of a malicious activity instead of the intended one when a user attempts to open an app. While the user will believe they are using the correct application, such as a banking app, they will actually just be handing over their banking credentials to the hackers behind the malware. So far, Palo Alto has discovered 22 Android apps in the new Xbot Trojan family.

Palo Alto researchers believe the malware is a successor to the Aulrin Trojan, which first appeared in 2014. While both Trojans contain some of the same resource files, and have similar code structures, their modes of action differ. Aulrin used the .NET framework and Lua, whereas the Xbot Trojan uses Javascript via Mozilla’s Rhino framework. Palo Alto researchers believe that the Aulrin malware was simply rewritten in a different language.

The first samples of the malware appeared in late spring last year, but since then new variants have appeared that are increasing in complexity, making them harder to detect.

The good news, unless you live in Russia or Australia, is the infections have so far been confined to those countries. The bad news is that the malware’s flexible infrastructure means it could very easily be adapted to target other Android apps.

7-Year Critical Glibc Security Vulnerability Discovered

A Google engineer has accidentally discovered a critical glibc security vulnerability that has existed since 2008. After committing several hours to hacking the vulnerability, Google engineers managed to come up with a fully working exploit that could be used to remotely control Linux devices. The glibc security vulnerability has been compared to the Shellshock security vulnerability uncovered in 2014 due to sheer number of hardware devices and apps that could potentially be affected.

The security vulnerability came as a surprise to Google engineers who were investigating an error in an SSH application which caused a segmentation fault when trying to access a specific web address. It was only after a detailed investigation that they discovered the fault lay with glibc.

Maintainers of glibc were contacted and alerted to the security vulnerability, but as it turns out they were already aware of the issue. It had been reported in July 2015 but had not been rated as a priority. That said, when Google contacted Red Hat, they confirmed they too had discovered the flaw and were working on a patch.

Linux Devices at Risk from Critical Glibc Security Vulnerability

While Windows, OS X, and Android devices are unaffected by the glibc security vulnerability, hundreds of thousands of hardware devices could potentially be affected. The security flaw affects most distributions of Linux and thousands of applications that use GNU C Library source code. All versions of glibc above 2.9 are affected.

The code is used for Linux distributions used for a wide range of hardware, including routers. The vulnerability is a buffer overflow bug in a function that performs domain lookups: getaddrinfo()

If hackers managed to replicate Google’s exploit they would be able take advantage of the vulnerability and remotely execute malicious code. The security vulnerability could be exploited when unpatched devices make queries to domain names or domain name servers controlled by attackers.

Google engineers have been working with Red Hat to develop a patch to address the vulnerability, and by combining knowledge of the vulnerability they have been able to develop a fix for the flaw, and a patch has now been released. It is essential that the patch is applied as soon as possible to ensure that the vulnerability cannot be exploited.

Updating to the latest version of glibc may be a fairly straightforward process. Linux servers can be patched by downloading the update, although things may not be quite so straightforward for some applications, which will need to be recompiled with the new library code. This could potentially result in a number of devices remaining vulnerable for some time.

Now that the vulnerability has been announced, hackers will be attempting to develop an exploit. Google has published a proof of concept, although obviously not full details of its weaponized exploit. The exploit is apparently not straightforward, which should buy Linux administrators a little time and allow them to check systems and ensure that affected hardware devices are patched.

Securing Wi-Fi Hotspots Can Give Your Company A Big Competitive Advantage

One of the main priorities for IT professionals in 2016 is securing Wi-Fi hotspots. The use of unsecured public Wi-Fi is notoriously risky. Cybercriminals spy on the activity taking place at WiFi hotspots, and it is at these Internet access points is where many man-in-the-middle attacks take place.

The Dangers of Unsecured WiFi

Preventing employees from using personally owned and work devices on unsecured Wi-Fi networks is a major challenge, but one that must be met in order to keep work networks free from malware.

When employees use smartphones, tablets, and laptops to connect to unsecured Wi-Fi networks, there is a high risk that those devices may be compromised. Hotspots are frequently used to deliver malware to unsuspecting website visitors, and malicious software can subsequently be transferred to work networks. With personally owned devices increasingly used for private and work purposes, the risk of a work network malware infection is particularly high.

The risks associated with unsecured Internet access points are well known, yet people still tend to still engage in risky behavior when accessing the Internet via these wireless networks. In a rush to take advantage of free Internet access, basic security best practices are all too often ignored. Devices are allowed to connect to Wi-Fi hotspots automatically and Wi-Fi hotspots are not checked to find out if they are genuine or have been spoofed.

Security Professionals Concerned About Employees’ Use of Unsecured WiFi Networks

A recent survey conducted by the Cloud Security Alliance indicates security professionals are very concerned about the use of unsecured WiFi networks. The Cloud Security Alliance is a collective of security professionals, businesses, and privacy and security organizations that are committed to raising awareness of cybersecurity best practices.

The organization recently conducted a survey and asked 210 security professionals their opinions on the top threats to mobile computing in 2016. 2010 member organizations were polled and more than 8 out of 10 respondents (81%) said that the threat from unsecured WiFi access points was very real, and was one of the biggest mobile security risks in 2016.

The Importance of Securing WiFi Hotspots

Many organizations that operate a network of Wi-Fi hotspots have yet to implement security measures to keep users of those networks secure. Those Wi-Fi access points are made available to customers in bars, restaurants, hotels, airport lounges, sporting venues, and on public transport such as busses and trains.

Guests are allowed to connect to those networks, yet little is done to police the activity that takes place over the network. Consequently, the door is left open for cybercriminals to conduct attacks.

Failing to provide even a basic level of security is a big mistake. If patrons suffer malware infections, data loss, identity theft, or other forms of fraud as a result of accessing the internet at a particular location, they are likely never to return.

With IT professionals now educating their staff members about the dangers of using unsecured WiFi access points, businesses that offer secure WiFi access are likely to attract far greater numbers of customers than those that do not.

There is a cost associated with securing WiFi hotspots of course. However, what must be considered is the amount of business that will be lost as a result of not securing WiFi hotspots. The cost of implementing security measures is likely to be much lower in the long run.

Securing WiFi Hotspots with WebTitan Cloud for WiFi

A business offering customers wireless Internet access used to have to purchase additional hardware or software in order to secure WiFi access points. Not only was there a cost associated with adding a security solution, implementing that solution was a complex task that required skilled staff and many man-hours.

Providing a secure browsing environment for customers would mean getting them to download software to the device used to access the Internet. That is hardly a practical solution for a bar or restaurant where quick and easy access to the internet is required by customers.

WebTitan offers a much easier solution that makes securing WiFi hotspots a quick and easy task. Since WebTitan Cloud for WiFi is a 100% cloud-based security solution, it requires no additional hardware and no software installations. Any user can connect to a WiFi network and benefit from a secure browsing environment, regardless of the device they use to connect.

Setting up a WiFi web filtering security solution is also fast and painless, and doesn’t require much in the way of technical expertise. Simply change the DNS settings and point them to WebTitan, and a secure browsing environment will be available to customers in a matter of minutes.

Websites known to contain malware can be easily blocked, users can be prevented from downloading files types frequently associated with malware, and web content can be filtered to stop users from engaging in questionable internet activity such as viewing pornography. Securing WiFi hotspots couldn’t be any easier.

If you are interested in securing WiFi hotspots run by your company, contact WebTitan today to find out just how easy and cost effective it can be to offer your clients a secure browsing environment.

 

US Sales +1 813 304 2544

UK/EU Sales +44 203 808 5467

IRL +353 91 54 55 00

or email us at info@webtitan.com

Explosion in Malware Makes Web Filters for WiFi Networks Essential

Organizations running WiFi networks are facing attacks from all angles. Many companies are choosing to implement web filters for WiFi networks to help mitigate risk from the growing number of malware variants that are being used to attack businesses via their WiFi networks.

A new report issued by Bilbao-based antivirus software developer Panda Security, has revealed the extent of the problem. Last year, over 84 million new malware samples were identified, which equates to 27% of all malware previously identified.

The proliferation in malware has been attributed, in part, to the rise in use of antivirus software and the effectiveness of those software programs. When a new malware is discovered, antivirus signatures are updated and shared with all antivirus software developers. In a very short space of time, all AV engines will block a particular malware.

Hackers have respondent by using software that modifies malware slightly, allowing hundreds or thousands of variants to be released. An increased number of malware variants are needed in order to get past antivirus software programs, as many AV engines are capable of detecting malware that has been modified slightly. The more variants are used, the higher the probability of malware getting past security software.

When Panda was formed in 1990, the company was detecting approximately 100 new malware variants a day. Today 230,000 new samples are discovered every day, on average.

Trojans are the most common malware form, with the full breakdown of new malware variants detailed below:

Malware Type% of new malware discovered in 2015
Trojans51.45%
Viruses22.79%
Worms13.22%
PUPs10.71%
Spyware1.83%

 Blocking Malware with a Web Filtering Solution

Malware is installed on user devices via a variety of different vectors. Spam email is one of the most common methods of malware delivery, but fortunately, one of the most straightforward to block. A robust anti-spam solution can be used to block the vast majority (over 99.7%) of spam emails from being delivered. Training users how to recognize malware can help to ensure that any rogue emails that get past the filter will be identified and deleted before any damage is caused.

Blocking malware from being installed via malicious websites can be more difficult. Hackers use exploit kits to probe for security vulnerabilities in browsers and browser plug-ins, and deliver malware in drive-by attacks without the knowledge of website visitors. Social engineering tactics are used to fool users into downloading malware, and malicious software can be installed on legitimate websites or placed on adverts displayed by those websites.

One of the best protections to implement to ensure users’ devices are not infected with malware is a web filter. A web filter will restrict access to websites known to contain malware, as well as categories of websites where malware is most likely to be located. As well as protecting users from objectionable website content such as pornography or religious extremist material, it will also keep their devices safe and free from Trojans, viruses, worms and other malicious software.  A web filtering solution can be a highly effective protection against malware as part of a multi-layered security system.

Web Filters for Wi-Fi Networks Keep Internet Users Secure

One of the ways enterprises are keeping their wireless networks secure is by using web filters for WiFi networks. WiFi networks are particularly risky and need to be secured. Due to the risk of using wireless networks, many customers avoid networks that are unsecured.

Installing software solutions on individual devices that connect to wireless networks is far from ideal. Many companies have BYOD policies that permit the use of personal devices at work, and it would not be practical to install web filtering software solutions on each and every device used to connect to the network. In a coffee shop or hotel, this would simply not be possible.

The easy solution is to use DNS-based web filtering solutions, as they do not require the installation of any software on users’ devices. All that is required to run DNS-based web filtering is a simple change to the DNS server addresses on the company’s router.

Any user with a modicum of technical knowhow would be able to bypass a DNS-based web filter and access blocked content, although with some minor configuration changes to the router, users can be prevented from using any other DNS servers other that the one with the web filtering solution in place.

TitanHQ web filters for WiFi networks

TitanHQ’s web filters for WiFi networks offer highly granular controls. WebTitan Cloud for WiFi networks can be fine-tuned to suit any organization’s needs, allowing light control of Internet use to highly restrictive Internet filtering.

No software installations are required thanks to the 100% cloud-based system, and no additional hardware is required. Only very minor changes need to be made to point DNS servers to the correct location, and after basic parameters are set, WebTitan’s web filters for WiFi networks will be up and running.

It may not be possible to eliminate the risk of a malware attack, but with WebTitan Cloud for WiFi, risk can be reduced to a low and acceptable level.

Key benefits of WebTitan web filters for WiFi networks

  • Create a family-friendly, safe and secure web browsing environment.
  • Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
  • Filter by keyword and keyword score.
  • Filter content in 200 languages.
  • No hardware or software installations required
  • Suitable for static and dynamic IPs
  • No impact on broadband speed
  • Suitable for use with multiple routers
  • No limits on access points or users
  • Scalable solution for businesses large and small
  • Block access to inappropriate website content
  • Block phishing attacks and malware and ransomware downloads
  • Integrate the solution into existing billing, auto provisioning and monitoring systems through a suite of APIs
  • Manage access points through a single web-based administration panel.
  • Easy delegation of the management of access points
  • Schedule and run reports on demand with real time-views of Internet activity and extensive drill down reporting.
  • World class customer service
  • Highly competitive pricing and a fully transparent pricing policy

 

Find out more about the benefits of installing web filters for WiFi networks by calling TitanHQ today

Serious Netgear NMS300 ProSafe Security Vulnerabilities Discovered

Two highly serious Netgear NMS300 ProSafe security vulnerabilities have been discovered that could be exploited by hackers to gain control of servers running the software, and/or download any file on the server on which the software is running.

The Netgear NMS300 ProSafe network management system is used by many companies to configure and monitor their network devices. Netgear NMS300 ProSafe is popular with small to medium size businesses as the software is free to use on fewer than 200 devices.

Recently Agile Information Security researcher Pedro Ribero discovered two critical Netgear NMS300 ProSafe security vulnerabilities.

Netgear NMS300 ProSafe Security Vulnerabilities

One of the vulnerabilities (CVE-2016-1525) allows remote code execution by an unauthenticated user via the Netgear NMS300 web interface. A hacker would be able to exploit this security flaw and upload and run java files with full system privileges, potentially gaining full control of the server on which the software is being run.

The NMS300 system is used to manage a wide range of networked devices such as routers, switches, network-storage devices, wireless access points and firewalls. Not only could this vulnerability allow the configuration of these devices to be changed, it would also permit an attacker to install firmware updates on those devices.

The second vulnerability (CVE-2016-1524) discovered by Ribeiro is an arbitrary file download, that would permit an authenticated user to download any file stored on the server that is being used to run NMS300.

These Netgear NMS300 ProSafe security vulnerabilities are particularly serious and at the present time there is no patch available to plug the security flaws. Users can improve protection and prevent the Netgear NMS300 ProSafe security vulnerabilities from being exploited by restricting access to the web interface with new firewall rules to limit access.  Ribeiro recommends never exposing Netgear NMS300 to the Internet or untrusted networks.

Both vulnerabilities affect Netgear NMS300 versions 1.5.0.11, 1.5.0.2, 1.4.0.17 and 1.1.0.13

What are the Main Privacy and Security Concerns of Customers?

A new report released by data privacy and security group Morrison and Foerster indicates the main privacy and security concerns of customers.

Don’t Ignore the Privacy and Security Concerns of Customers

If you ignore the privacy and security concerns of customers it is likely to have a significant effect on your bottom line.

A new report recently released by Morrison and Foerster suggests that consumers are even more concerned about their privacy than four years ago. Furthermore, many will take action if they feel their privacy is not protected. The survey indicates more than one in three consumers have switched companies they do business with due to privacy concerns, and one in five would switch after a breach of their personal data.

The company conducted a survey on 900 U.S. consumers in November, 2015. 35% of respondents said they had taken the decision switch companies or not buy products as a result of privacy concerns. When it came to a breach of personal information, 22% of individuals said they had taken the decision to stop purchasing products or had switched services as a result.

According to the report, more educated individuals and higher earners were the most likely to stop doing business with a company as a result of a data breach. 28% of respondents educated to college degree level or higher said they would make the switch after a data breach compared to 18% of individuals without a college degree.

For the upper income bracket, 33% said they stopped buying as a result of a data breach. That figure fell to 28% for the middle income bracket, and 17% for the low income bracket.

When the company conducted the survey back in 2011, 54% of consumers said that privacy concerns affected their decision to make a purchase. In 2015, 82% of consumers said that privacy concerns influenced their purchasing decisions.

Companies are not perfect, but consumers are intolerant of data breaches

In 2011, 16% of consumers believed no business was perfect, and were therefore likely to overlook privacy issues and data breaches, whereas in 2015 the figure had fallen to 9%.

The greatest concern is now the risk of identity theft, with the percentage of individuals worried about thieves stealing their identity jumping from 24% in 2011 to 52% in 2015.

The survey shows that not only must companies do more to earn the trust of consumers, they must also do more, and be seen to be doing more, to safeguard the data they store on consumers, especially Social Security numbers, passwords and personal IDs, payment card information, and user IDs, passwords and account information.

How to improve your security posture and prevent data breaches

It is essential to implement multi-layered security systems to prevent cyberattacks. For businesses, one of the biggest problems is how to stop employees from inadvertently compromising a network. Security training is therefore essential. Employees must be advised of security risks and given regular training to help avoid scams, malicious websites, and told how to identify phishing emails.

It is essential that risky behavior is eradicated. Internet and BYOD policies must be introduced that cover the acceptable uses of the devices, and the sites that are permitted to be accessed at work. However, not all employees will adhere to those policies. For maximum protection it is strongly advisable to implement a solution that reduces the risk of malware downloads.

A web filtering solution is essential I this regard. A web filter can block malicious websites and reduce the risk of malware infections, while also being configured to protect end users from malvertising.

A patch management policy must be implemented and software updates installed promptly to prevent zero-day security vulnerabilities from being exploited.

Anti-virus and anti-malware software must be used. A different engine for servers and end users is a wise precaution to maximize the probability of malware and viruses from being installed.

It is now an inevitability that a data breach will be suffered at some point in time, but reducing the likelihood of that happening is essential. It is important to pay attention to the privacy and security concerns of customers. Show consumers how dedicated you are to protecting their privacy, and implement a wide range of controls to prevent a data breach and you will reduce the risk of losing customers to better protected organizations.

Lenovo SHAREit Vulnerabilities Include Third Worst Password

Ask anyone to name a basic security protection to prevent hackers from gaining access to a device or network, and the use of a secure password would feature pretty high up that list. However, even a tech giant the size of Lenovo can fail to implement secure passwords. Recent Lenovo SHAREit vulnerabilities have been discovered, one of which involves the use of a hard-coded password that ranks as one of the easiest to guess.

Recently, SplashData published a list of the 25 worst passwords of 2015, and the one chosen by Lenovo is listed in position three between “password” and “qwerty.” To all intents and purposes, Lenovo may well not have bothered adding a password at all, such is the degree of security that the password offers. That password has also been hardcoded.

In fact, the company didn’t actually bother with adding a password at all in one of the new SHAREit vulnerabilities.

Four Lenovo SHAREit vulnerabilities have now been patche

Lenovo SHAREit is a free cross-platform file transfer tool that allows the sharing of files across multiple devices, including PCs, tablets and Smartphones. Perhaps unsurprisingly, given Lenovo has been found to be installing irremovable software via Rootkit and shipping its laptops with pre-installed spyware, some security vulnerabilities exist in its SHAREit software.

Four new Lenovo SHAREit vulnerabilities have been discovered showing some shocking security lapses by the Chinese laptop manufacturer. If the Lenoto SHAREit vulnerabilities are exploited, they could result in leaked information, integrity corruption, and security protocol bypasses, and be used for man-in-the-middle attacks.

The hardcoding of the password 12345678, listed as CVE-2016-1491 by Core Security, is shocking. Configure Lenovo ShareIt for Windows to receive files, and 12345678 is set as the password for a Wi-Fi hotspot. The password is always the same and any system with a Wi-Fi Network could connect.

According to Core Security, if the Wi-Fi network is on and connected, files can be browsed by performing an HTTP Request to the WebServer launched by Lenovo SHAREit, although they cannot be downloaded. (CVE-2016-1490).

The third vulnerability, named CVE-2016-1489, is the transfer of files in plain text via HTTP without encryption. A hacker could not only view those files but also modify the content.

The fourth SHAREit vulnerability, CVE-2016-1492, concerns SHAREit for Android. When configured to receive files, an open Wi-Fi HotSpot is created and no password is set. If a hacker were to connect, the transferred files could be intercepted.

Core Security did disclose the Lenovo SHAREit vulnerabilities privately in October last year to allow a patch to be developed. Now that the patch has been issued to plug the vulnerabilities, Core Security has published the details.

Irish Data Security Survey Reveals 2016 Data Security Concerns

An Irish data security survey conducted in December, 2015., has revealed that a third of Irish companies have suffered a data breach in the past 12 months, highlighting the need for Irish companies to improve their security posture.

ICS Irish data security survey indicates employees are the biggest risk

150 IT security professionals took part in the Irish Computer Society survey with 33% claiming their employer had suffered a data breach in the past 12 months. In 71% of cases, the data breaches occurred as a result of the actions of staff members.

Perhaps unsurprisingly given the number of inadvertent data breaches that had been caused by staff members, 45% of respondents cited employee negligence as being the biggest single data security threat they faced. Protecting networks from errors made by employees is going to be one the biggest security challenges faced by Irish IT professionals in 2016.

Other major security concerns highlighted by respondents included the increasing number of end user devices that are being used to store sensitive data, and the increasing threat of cyberattacks by hackers.

Improving security posture by tackling the issue of employee negligence

Employees are the weakest link in the security chain, but that is unlikely to change unless less technical members of staff are provided with training. It is essential that they are advised of the risk of cyberattacks and what they can personally do to lessen the chance of a data breach occurring. In many cases, some of the most fundamental data security measures are not so much ignored, but are just not understood by some members of staff.

It may be common knowledge for instance, that 123456 does not make a very secure password, that email attachments from strangers should not be opened, and links to funny videos of cats on social media networks might not turn out to be as innocuous as they seem.

Tackling the issue of (dare we say) employee data security stupidity is essential. It is far better to do this before a breach is suffered than afterwards. Proactive steps must be taken to improve understanding of cybersecurity risks, and what employees can do to reduce those risks.

ICS Irish data security survey respondents indicated the best way of improving data protection knowledge is by conducted formal training sessions. 57% of respondents said this was the best approach to deal with data security knowledge gaps.

Fortunately, the level of training being provided to staff is increasing, not only for end users but also data security staff. However, there is clearly still a long way to go. Only 56% of respondents said they had received the right level of training on how to achieve the objectives set up their organizations.

The full findings of the Irish data security survey will be made available at the Association of Data Protection Officers National Data Protection Conference, taking place on January 27/28 in Ballsbridge, Dublin.

FortiGuard SSH Backdoor Identified

A security vulnerability has been discovered with FortiGuard network firewall appliances that could potentially be exploited by hackers. Should the FortiGuard SSH backdoor be exploited, a hacker would be able to gain full administrative privileges to Fortinet security appliances.

FortiGuard SSH backdoor is an unintentional security vulnerability

The FortiGuard SSH backdoor was not been installed by hackers, but is an unintentional security vulnerability in the FortiOS operating system. The FortiGuard SSH backdoor was discovered this month by a third party security researcher. An exploit for the security vulnerability has already been published, making it imperative that all users of FortiGuard firewall appliances install the latest version of the operating system. All users must ensure that their devices are running on FortiGuard version 5.2 or above.

After the security vulnerability was announced Fortinet started an investigation to determine whether any other devices were affected. A statement released by Fortinet last week indicates that in addition to Fortinet FortiGuard, FortiAnalyzer, FortiCache, and FortiSwitch are also affected and contain the vulnerability.

In order to prevent the backdoor from being exploited users have been advised to upgrade to version 3.0.8 of FortiCache, version 3.3.3 of FortiSwitch, and versions 5.0.12 or 5.2.5 of FortiAnalyzer.

The FortiGuard SSH backdoor is a Secure Shell vulnerability. According to a Fortinet blog post, the security vulnerability has not been created by a malicious insider or outsider, but was an “unintentional consequence” of a feature of the operating system. The aim was to ensure “seamless access from an authorized FortiManager to registered FortiGate devices.” The vulnerability involves an undocumented account which has a hard-coded password.

If it is not possible for users to immediately upgrade to the latest OS, Fortinet advises using a manual get around, which involves disabling SSH access and switching to a web-based management interface until the OS can be upgraded.

Last month a security vulnerability was discovered in the ScreenOS operating system used by Juniper Networks. In that case, the backdoor had been inserted by a malicious insider or outsider. The code would allow a hacker to gain full administrative privileges to NetScreen firewall devices and view encrypted data sent via VPN networks.

Are You Protected Against Employee Data Theft?

Many companies have responded to the threat of data theft by hackers by using encryption. If hackers do break through the security perimeter and gain access to computers or networks, customer data will not be exposed. However, the same cannot be said of employee data. A new security report suggests employee data theft is rife, and that the personal information of employees is much more likely to be stolen that customer data.

Employee data theft is a real concern – Don’t forget to encrypt ALL sensitive data!

A recent study has shown that when it comes to protecting intellectual property and the personal information of employees, mid-sized companies around the world fail to use the same stringent measures that they apply to customer data.

The Sophos/Vanson Bourne study revealed that 43% of midsized companies – those employing between 100 and 2,000 members of staff – do not regularly encrypt human resources files. Human resources files usually contain sensitive information on employees: names, addresses, contact telephone numbers, dates of birth, emergency contact information, and government IDs such as Social Security numbers. These are exactly the kind of data sought by hackers. These data can easily be used to commit identity theft.

The survey was conducted on respondents from Australia, Canada, Japan, Malaysia, and the United States indicating this is a global problem.

In the United States, where ma high percentage of cyberattacks on midsized companies are taking place, 45% of companies appear not to be encrypting employee data, even though these companies face a high risk of employee data theft. Even financial data is left relatively unprotected. Almost a third of companies in the United States are not encrypting their financial data.

It is not a case of encryption not being implemented at all by midsized companies. In the United States for example, 43% of midsized companies use encryption to some degree, while 44% claim they widely encrypt data. The figures are understandably lower for small organizations, in a large part due to the cost of encryption. 38% of small businesses widely encrypted data. Half of larger organizations used encryption for most data.

Companies are not applying safeguards evenly and are leaving gaping security holes. It is not only the threat of employee data theft that is being underestimated. Many organizations are not encrypting data they send to the cloud. Only 47% claimed to encrypt “some files” sent to the cloud and just 39% encrypt all data sent to the cloud. However, 84% of respondents claimed to be worried about cloud security.

Why is encryption not being universally applied?

The survey probed respondents to find out why data encryption is not being used. Four out of ten organizations claimed this was due to budgetary constraints. Three out of ten said it was because of performance trade-offs and a similar number said it was an issue with how to actually encrypt data. Interestingly almost 20% of respondents claimed that encryption wasn’t actually effective at protecting sensitive data.

There is also a commonly held belief that encryption is complex, or cannot easily be implemented. While this was certainly the case a few years ago when full disk encryption was the only option, this is now no longer the case. Encryption technology has advanced considerably in recent years. Companies should therefore take a fresh look at encryption and take steps to prevent employee data theft and the exposure and theft of their intellectual property.

Hackers steal data for financial gain. Employee data theft should be a concern, as should the theft of intellectual property. These data have considerable value. It is not just customer data that can be used to commit fraud or be sold on the black market.

Web Filter Implementation Errors Blocking Important Content

There as a clear need for British libraries to implement web filtering solutions to restrict the content that can be accessed through library computers. However, as has been recently discovered, web filter implementation errors can all too easily result in important and valuable Internet content being blocked.

Web filter implementation errors damage public access to content sought by vulnerable users

Give a schoolboy a dictionary and it will not be long before the exact meaning of every cuss word will have been looked up. Provide totally free access to the Internet without the watchful eye of parents and it will not be long before access is used to access pornography and other objectionable content.

The anonymity afforded by library computers allows objectionable content to be accessed, such as pornography, ISIS propaganda, and other web content and imagery that has potential to cause harm. Libraries are an extremely valuable resource, but the type of information that can be accessed does need to be controlled, according to some local authorities at least.

The implementation of a web filtering solution was deemed to be an appropriate safeguard to prevent unsavory content from being accessed on library computers in Britain. The problem with using a web filter is how to prevent potentially damaging content from being accessed, while ensuring that those filters do not block access to acceptable content, especially content that many people may choose to access quite legitimately in a library. Content about sexual health for example.

Many vulnerable individuals may not be able to access sexual health information at home. The sites that are accessed may be seen by family members for example. A teenager may want information about contraception, abortion, or sexually transmitted diseases, yet be unable to search for the information they need at home. They may want to access resources produced for the LGBT community. A library is an ideal place for this important information to be obtained. Information that may prevent these individuals from coming to harm.

Data recently released by the Radical Librarians Collective indicates that web filter implementation errors have resulted in much of this important content being blocked, even though this is exactly the sort of content that libraries exist to provide. The problem is not the use of web filters, but web filter implementation errors and a lack of intelligent oversight, according to the collective.

Web filtering policies should be developed to allow anonymous unblocking of legitimate websites

Library officials have implemented web filtering solutions, but have done so with a top-down filtering policy. This has resulted in valuable and important content being blocked by the filters. The data came from a study of over 200 local authorities and showed content that should be permitted under acceptable use policies was being blocked.

If solutions are used to filter the Internet there will naturally be some websites that are accidentally blocked, just as some sites containing objectionable content may still be accessible. It may not be a case of web filter implementation errors being made. A web filter does require some fine-tuning and a few false positives and false negatives are to be expected. The problem in Britain appears to involve more than just a few websites, indicating web filer implementation errors have been made.

Another problem is that individuals trying to access blocked content do not request libraries to unblock websites out of embarrassment or fear.

When a web filter is used, it is vital that policies are developed to permit users to request access to a particular website if it can be legitimately viewed under the library’s allowable usage policy. However, due to the sensitive nature of some information, sexual health matters for instance, users should be able to make that request without fear of repercussions. Allowing requests to be submitted anonymously could help in this regard.

Android Smartphone Malware Beating 2FA

New Android Smartphone malware has been identified that gets around the security systems used by banks and other financial institutions to keep customers protected. The malware is managing to intercept messages that are sent to customers’ Smartphones used as part of the bank’s two-factor authentication system. However, an update to the Android Smartphone malware means it is now capable of intercepting passcodes on more robust 2FA systems.

Two-factor authentication is not infallible

Two-factor authentication offers enhanced security for bank customers. Rather than relying on a username and a password, and additional factor is used to verify identity. A one-time passcode is sent to a user’s Smartphone and that passcode is then used to authorize a transaction. If the passcode is not entered the transaction cannot be made. The codes are sent to the Smartphone via SMS in most cases, although some banks use an automated voice call to deliver the passcode.

This means that even if a user’s login credentials are obtained by a criminal they cannot be used to authorize a bank transfer unless the attacker has also managed to obtain the Smartphone of the account holder (or other device registered with the bank and used for two-factor authentication.)

While two-factor authentication makes it harder for fraudulent transactions to be made, the system is not infallible. In fact, the account holder’s device does not even need to be stolen in order for a criminal to empty a bank account. If malware can be loaded onto the device that can intercept the SMS text this will allow an attacker in possession of the login credentials to make fraudulent transfers.

Automated voice call passcode delivery intercepted by Android Smartphone malware

SMS messages can be intercepted easily if malware is installed on a device. Because of this, some banks are moving away from SMS passcodes and are now favoring the delivery of codes via an automated voice message. However, the latest android Smartphone malware is capable of obtaining these passcodes as well.

Android.Bankosy malware has been adapted to beat this system of passcode delivery. The malware will simply forward the voice call to the attacker, unbeknown to the victim. This is possible because Android.Bankosy is capable of enabling silent mode on the phone so the user is not aware that a call is being received. If the attacker has the login credentials, a transaction can be initiated. The voice call is redirected to the attacker, and that code is then used to complete the transaction.

Cybersecurity Predictions for 2016

Over the past four weeks we have seen numerous cybersecurity predictions for 2016 issued by security firms. Security experts are trying to determine which part of the now incredibly broad threat landscape will be most favored by cybercriminals in 2016.

Some companies have made very specific cybersecurity predictions for 2016. They have come out with very bold claims, even predicting the presidential elections will be disrupted by a major cyberattack. Others believe 2015 will be broadly similar to 2015, with just an increase in ransomware attacks and even more massive data breaches suffered.

What all of the cybersecurity predictions for 2016 have in common is that the next 12 months are expected to be tough for security professionals.

The number and types of devices now connecting to corporate networks is broader than ever before. People are now far more likely to own and use three or more Internet-connected devices and use them on a regular basis. Alternative payment methods are being used more frequently. There is now more than ever to attack and too many devices and systems to keep secure. Unsurprisingly, no one appears to be claiming that 2016 will be easier than last year for cybersecurity professionals.

Cybersecurity predictions for 2016

The attack surface is now incredibly broad, but where are cybercriminals most likely to strike? This is what we think. Here are cybersecurity predictions for 2016.

IoT – expect attacks on the Internet of Things

Let’s start with a bold prediction. The IoT is likely to come under attack this year. I say bold, but that is only in terms of the timescale. IoT devices will be attacked, shut down, altered, remotely controlled, and used as a launchpad for attacks on other devices. If a device is constantly connected to the Internet, it will only be a matter of time before an attack takes place.

One problem with adding IoT technology is the manufacturers of the devices are not security experts. A washing machine that can be controlled via Wi-Fi or a Smartphone app, and can be switched on remotely while you are at work, has been designed first and foremost to wash clothes. It has then had IoT functionality bolted on. It has not been designed with security at the core of the design.

Surely a washing machine is not going to be used to attack a corporation you may say. Well, a Smart heating and air conditioning system was used to attack Target and gain access to the credit card numbers of its customers. Hackers are certainly looking at IoT devices and are probing for weaknesses. Security needs to be first rate, but unfortunately in many cases it is not.

Crypto-ransomware evolution will continue – Increase in ransomware attacks to be expected

Over the past 12 months crypto-ransomware attacks have increased significantly. Cybercriminals are now developing new malware capable of locking computers with powerful encryption.

The encryption cannot be cracked. The devices can only be unlocked using a security key. That key is held by the attackers. A ransom is demanded by cybercriminals and it must be paid before the key is released. Ransoms are demanded in Bitcoin because the currency is next to impossible to trace.

Developing crypto-ransomware is a lucrative business and that is unlikely to change any time soon. At present, ransomware is sent via mass spam email and the victims are not really targeted. The aim is to infect as many devices as possible. More infections equal more ransoms.

What we are likely to see over the course of the next 12 months is an increase in the ransom amount demanded and a more targeted approach adopted. Businesses are likely to be targeted and crypto-ransomware used to hold companies ransom. Companies are likely to be able to pay more than individuals.

We also expect ransomware to make the jump over to OS X, and to a lesser extent iOS. Cybercriminals would love to start charging Mac prices!

Apple owners to come under attack

That neatly leads us on to Apple. Users of Macs and iPhones have had it too good for too long. Hackers have not been too bothered about Mac users in the past, as there are greater rewards to be had from writing malware to target the masses. Consequently, the majority of malware targets Windows-based devices. Apple’s market share has been too small to warrant the development of Apple-specific malware. That is now changing.

Apple’s market share is increasing. As more people make the switch to Apple, it will be more lucrative for criminals to develop malware to target OS X devices. Over the course of the last year we have seen new malware created specifically for Apple devices. The volume is still small in comparison to malware that infects Windows-based devices, but we can expect Apple to come under attack in 2016.

Increase in memory resident malware

Hackers are getting better at obfuscation. They are developing ever more complex ways of hiding malware to evade detection. One of the main problems faced by malware authors comes from the fact that if a file is downloaded to a computer it can be found.

However, if malicious code is injected into the memory of a computer and no files downloaded, it is very difficult to detect. Memory-resident malware is more difficult for hackers to create, but many are now developing new fileless malware in order to evade detection for longer.

Until now memory-resident malware has been short-lived. It only survives until the device is rebooted. However, we are now seeing new forms that are simply reloaded into the memory when the computer is rebooted. We can expect to see even more memory-resident malware attacks in 2016 as the use of fileless malware grows.

Major healthcare industry attacks will take place

In 2015, cybercriminals targeted the healthcare industry with increased vigor. Massive data breaches were suffered, the likes of which the industry had never before seen. Anthem was attacked last year and 78.8 million healthcare records were stolen. An attack on Premera BlueCross exposed 11 million records, and Excellus suffered a 10-million record data breach. These massive cyberattacks used to be a rarity. In fact, up until 2014 the largest U.S. healthcare data breach affected just 4.9 million individuals.

The healthcare industry has been slow to implement new technology and many security weaknesses remain. They are now being exploited with increasing regularity. Since the value of data stored by health insurers and healthcare providers is so high, and the volumes of Social Security numbers, health data, and personal information so large, successful attacks can be extremely profitable. Where there is profit, and poor security there will be cyberattacks. These massive breaches will therefore continue in 2016.

Attacks on employees to increase in 2016

Employees are the weakest link in the security chain and hackers and cybercriminals are well aware of this. They target employees to gain access to corporate networks, with phishing one of the easiest ways to gain access to corporate data. These attacks have proved to be highly successful and have resulted in huge volumes of data being obtained by criminals. Some of the largest data breaches of the last two years have started with phishing campaigns. The attacks on Sony, Target, and Anthem for example.

Employers are getting better at blocking phishing emails and employees are now being trained to identify them, but these attacks will continue and will become more targeted and sophisticated.

As more employees work from home, we expect them to be targeted there instead of work. Their home computers and personal devices will be used to gain access to corporate networks. They tend to have more security weaknesses. Those weaknesses are likely to be exploited with increasing frequency.

Do you agree with our cybersecurity predictions for 2016? What do you think the biggest threat will be over the next 12 months?

Time Warner Cable Security Breach Impacts 320,000 Customers

Hackers have potentially gained access to the data of hundreds of thousands of Time Warner Cable customers. The Time Warner Cable security breach was discovered by the FBI, which tipped off TWC last week. Affected individuals are now in the process of being notified.

320,000 customers potentially affected by Time Warner Cable security breach

The Time Warner Cable security breach was announced on Wednesday last week. Scant information was initially provided to the media about the security breach and how customer data came to be stolen by cybercriminals.

According to a statement released by the company, there has been no indication that the company’s computer systems were compromised in a cyberattack, and customers have only been advised to change their passwords as a precaution. The company advised customers via email as well as direct mail that their email addresses and passwords may have been compromised.

Over the next few days, further information about the Time Warner Cable security breach was released. At first a statement said residential customers were affected across all markets. It later came to light that the data were stolen not from TWC, but from a third party who had access to customer information.

Investigations into the TWC data breach are continuing, but at this present moment it would appear that the Time Warner Cable security breach only affects Roadrunner email accounts (rr.com).

Customers have been directed to resources where they are provided with further information about how to identify a phishing attack. There is a possibility that affected individuals will be contacted via email by the data thieves in an attempt to obtain further information that can be used to commit identity theft or fraud.

However, what will be particularly worrying for the victims is not the possibility that they may be subjected to future phishing campaigns but what confidential information they have in their email accounts. Email accounts may contain highly sensitive information about an individual which, in the wrong hands, could be used to cause considerable harm.

The information in an email account could allow a cybercriminal to build up a highly detailed knowledge of an individual. That information could then be used to conduct a phishing campaign or cyberattack on that individual’s contacts.

Last year, Ping Identity conducted a survey on 1,000 enterprise employees in the United States and discovered that almost two thirds of respondents shared passwords between work and personal accounts. Data in personal email accounts could also potentially be used to conduct phishing campaigns on employees with a view to gaining access to their employer’s computer network.

As a precaution against fraudulent use of any information, all affected customers should change their email password promptly. It would also be a wise move for any individual who has a roadrunner email account to also change their password, even if a breach notice letter or email is not received.

TWC is America’s second largest cable company and serves 16 million customers across 29 states.

BBC DDoS Cyberattack Caused by New World Hacking

On December 31, 2015, the British Broadcasting Company (BBC) suffered a cyberattack which resulted in all of its websites being taken offline for a number of hours. A hacking group operating under the name “New World Hacking” has now claimed responsibility for the BBC DDoS Cyberattack.

BBC DDoS cyberattack conducted to test hacking group’s capabilities

The BBC was chosen not because of some vendetta against the broadcaster, but as a test of the power of the hacking groups servers ahead of planned attacks on ISIS. The hackers behind the BBC DDoS cyberattack did not actually intend on taking down the BBC websites, but it turned out that the servers being used for the attack proved to be “quite strong,” according to one member of the group who came forward.

‘Quite strong’ is something of an understatement. The BBC DDoS cyberattack was the largest ever recorded, with traffic up to 660 Gbps, which corresponds to many tens of thousands of connections. The hackers took down the BBC website using the Bangstresser tool, and used two nodes of attack and “a few extra dedicated servers.” Before the BBC DDoS cyberattack, the largest ever recorded was a 334 Gbps attack on an Asian network operator last year.

Attacks of this size are rare. Few manage more than 100 Gbps and when attacks of this magnitude occur they tend to be fairly short-lived, although while they are being conducted they can cause a substantial amount of damage. Many of the connections will be blocked by network filters, which are capable of identifying spoofed IP addresses, although by no means all. Attacks of this scale are likely to cause a serious amount of damage to enterprise networks.

In this case, the hacktivists were only testing capabilities and the motivation for the attack appears to have been made clear; however not all hackers conduct DDoS attacks to disrupt web services or take down servers. All too often a DDoS attack is conducted as a smokescreen to distract IT staff while the real mission is completed. One part of a network is attacked, while other members of the group attempt to gain access to other parts of the network and install backdoors for subsequent attacks or steal data. This was demonstrated recently by the attack on UK Broadband and mobile phone service provider TalkTalk.

Who are New World Hacking?

New World Hacking is an American group of 12 hackers – 8 men and 4 women – that was formed in 2012. The group has conducted numerous campaigns against terrorist organizations in the past, as well as on other groups and individuals that the hackers deem to be unpleasant or whose views or actions are contrary to the group’s beliefs.

New World Hacking has previously conducted large-scale DDoS attacks and has taken down websites run by members of the Ku Klux Klan, as well as websites depicting child pornography. Other targets include Donald Trump. That attack occurred at the same time as the BBC DDoS cyberattack and resulted in the presidential candidate’s website being taken offline for five hours. The group targeted Trump because of his recent “racist rhetoric.”

The group was also active after the recent Paris terrorist attacks and attempted to identify social media accounts used by ISIS.

The main target of New World Hacking is ISIS. The group is now planning to use its servers for attacks on ISIS websites, and those of ISIS supporters. The group claims to have a list of targets that it plans to attack in the very near future.

A member of the group going by the name of Ownz told the BBC “We realize sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists?” The group aims to unmask ISIS, stop its spread, and end the propaganda.

Cybersecurity Information Sharing Act of 2015 Signed into Law

Last month, President Barack Obama put his signature to an Omnibus spending bill of $1.1 trillion which contained the Cybersecurity Information Sharing Act of 2015. The purpose of the act is to encourage the sharing of cybersecurity threat intel. The Obama administration believes this is essential in order for the country to win the war against cybercrime.

Cybersecurity Information Sharing Act of 2015 signed into law

The Cybersecurity Information Sharing Act of 2015 is a compromise bill that was penned after previous attempts to introduce legislation to force private sector companies to share cybersecurity threat intelligence failed to make it past the House and Senate. Instead, the Cybersecurity Information Sharing Act of 2015 facilitates the voluntary sharing of intelligence by removing some of the legal obstacles that have previously got in the way of data sharing.

It has long been possible for private sector companies to share certain cybersecurity information with government organizations; however, many companies have failed to do so out of fear of legal action stemming from accidental antitrust violations and inadvertent violations of the private rights of individuals. There was also concern that some of the information required by the federal government could in fact be used against the organization sharing the information. Regulatory enforcement actions for example.

The Cybersecurity Information Sharing Act of 2015 offers private companies immunity from private and government lawsuits, along with other claims that could potentially result from the sharing of cybersecurity intelligence.

Sharing of cybersecurity intelligence and immunity from lawsuits

The new law allows any person or private group to share cybersecurity information with the federal government. That information includes cyber threat indicators – information that describes the attributes of a threat – and defensive measures. Defensive measures are defined as actions, devices, signatures, techniques, or procedures that “detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.”

Before any information is shared with the federal government it must first be stripped of personal information relating to specific individuals or information that would allow specific individuals to be identified.

The Cybersecurity Information Sharing Act of 2015 allows companies to share intel primarily with the Department of Homeland Security, although a host of government agencies such as the Departments of Commerce, Energy, and Justice. The information would also be shared with the Department of Defense, which includes the NSA, as well as the Office of the Director of National Intelligence.

The US Attorney General and Secretary of Homeland Security will prepare and publish guidelines to aid organizations with the identification of information that qualifies as a cyber threat indicator. Assistance will also be provided to help organizations identify the information that must be removed prior to sharing to avoid violating privacy laws.

Seven National Guard Cyberprotection teams will be set up and active by the start of 2020 to help deal with new cybersecurity threats. Those teams will be spread across 23 states and will be capable of rapidly mobilizing soldiers and airmen to assist U.S. Cyber Command.

FaceBook Flash Video Retired: Social Media Network Switches to HTML5

It has been a long time coming, but Facebook has finally taken the decision to stop using Flash for video. The social media site is now using HTML5 for all videos served on the site. Facebook Flash video is no more, but Adobe Flash has not been totally abandoned yet, as it will still be used for Facebook games. Hackers can take some comfort from the fact that Farmville players will still be highly susceptible to attack.

Facebook Flash Video Retired to Improve User Experience

The move away from Facebook Flash video didn’t really require any explaining, although a statement released by Facebook said the move was required “to continue to innovate quickly and at scale, given Facebook’s large size and complex needs.” The move to HTML5 not only makes the social media site more secure, HTML5 improves the user experience. Videos play faster, there are fewer bugs, and HTML allows faster development. The social media network also plans to improve the user experience for the visually impaired using HTML5.

The move appears to have been welcomed by Facebook users. Since changing over to HTML5, users have added more videos, registered more likes, and are spending more time viewing videos.

The End of Adobe Flash is Nigh

Unfortunately, it is not quite so easy for the Internet to be totally rid of Flash. The video platform has been used for so long it is still a major part of the web. However, its 10-year reign is now coming to an end. Google Chrome stopped supporting Flash last year and Amazon also banned the use of Flash for video last year. YouTube made the switch from Adobe Flash to HTML5 and with without Facebook’s 8 billion video views a day no longer being served through Flash, the majority of web videos will now be viewed without Adobe’s platform.

Even Adobe appears to be trying to distance itself from its toxic product, having abandoned the name Flash in recent weeks. The company is attempting to deal with the huge number of zero day vulnerabilities as soon as they are discovered, and is patching them quickly, but it is fighting a losing battle. HTML5 provides everything that Flash offers in terms of functionality, minus the myriad of security holes.

Security Risk from Adobe Flash too High

Flash is well known for being a hackers dream as the software platform contains more holes than a sieve. Early last month a new patch was released to address 78 CVE-classified security vulnerabilities, 75 of which were totally separate. This, it has to be said, is an insane amount of security vulnerabilities to discover and address in a single patch. Adobe was quick to point out that it has not received reports of those vulnerabilities being used in the wild, but this has done little to address security fears about Flash.

The risk of drive-by malware attacks is simply too high with Flash. All it takes is for one malicious Flash based advert to be sneaked onto a site, and any visitor with a Flash browser plugin enabled could be automatically infected.

Even with the 78 vulnerabilities now addressed, Adobe Flash is far from secure. In fact, even the early December mega patch was not enough. Adobe was forced to issue yet another update on December 28 to address a number of new critical security vulnerabilities that had been uncovered. The total number of Flash security vulnerabilities addressed in 2015 is now estimated to be 316.

With YouTube ditching Flash and Facebook Flash video no more, the demise of Adobe Flash has surely been hastened.

Ad Injection Software Risk Addressed by Microsoft

The Superfish scandal discovered to affect purchasers of new Lenovo laptops last year showed that ad injection software poses considerable risks to users. Ad injection software risk cannot be easily managed. Even brand new laptops can come installed with software designed to deliver ads to users.  Unfortunately, programs such as Superfish can also be used by hackers to conduct man-in-the-middle attacks.

Hackers can potentially exploit security vulnerabilities in ad injection software. In the case of Superfish, the software was pre-installed on Lenovo laptops. In order to serve ads, the software used a self-signed root certificate that generated certificates for secure HTTPS connections. The software substituted existing HTTPS certificates with its own in order to serve ads to users while they browsed the Internet. Unfortunately, if the password for ad injection software is discovered, as was the case with Superfish, HTTPS connections would no longer be secure. Hackers would be able to eavesdrop and steal user data.

Man-in-the-middle (MiTM) techniques are increasing being used to serve adverts while users browse the Internet, but the ad injection software risk of hackers taking advantage is considerable. The software is capable of network layer manipulation, injection by proxy, and can alter DNS settings. These techniques are used to serve adverts, but this is outside the control of the browser and the user.  Since these programs can be manipulated and exploited by hackers they also pose a considerable security risk, and one that the user is unable to easily address.

Microsoft takes action to reduce ad injection software risk

The ad injection software risk is considerable, so much so that Microsoft is taking action to tackle the problem. By doing this, Microsoft will hand back choice to the user. The company has updated its criteria for determining what software qualifies as Adware, and has recently announced it will be taking action to reduce risk to users and prevent unwanted behavior by Adware.

Rather than the manufacturer of the equipment or developer of the Adware program dictating the browsing experience for users, Microsoft will be handing back control to the user. Microsoft’s policies now demand that “programs that create advertisements in browsers must only use the browsers’ supported extensibility model for installation, execution, disabling, and removal.”

Not only will Superfish-style programs be banned by Microsoft, by March 31, 2016 any programs that are detected will be detected and removed.

School Web Filters to Become Mandatory Under New Proposals

With Internet use increasing in schools the UK government has taken the decision to make school web filters mandatory. The government has previously recommended that schools implement web filtering solutions, although many schools have not taken action to curb and monitor Internet use in classrooms. Consequently, children are still able to access adult and other potentially damaging content.

The government is now going to get tougher on schools and will introduce legislation to force primary and secondary schools to filter online content. From September 2016, primary and secondary school children must also be educated about online safety.

How School Web Filters Make the Internet Safer for Kids

The main aim of mandatory school web filters is to prevent them from accessing online pornography at school and other potentially damaging content. The move will make it harder for religious extremists to radicalize children and it is hoped that the implementation of school web filters will help to reduce instances of cyber-bullying.

Some evidence has emerged that shows UK school children who have tried to leave the country, or have travelled to Syria, have been able to access information about Daesh/IS from school computers. Ministers believe that action must be taken to prevent such material from being viewed at school, but to also identify individuals who are attempting to access such material. Greater efforts can then be made to tackle the issue before it is too late. Children must also be educated more about how to stay safe when using social media websites such as Facebook, Twitter, Snapchat, and Instagram.

Proposals were published last week on the introduction of new measures to curb Internet usage in schools, which will include school web filters but also monitoring systems to identify individuals who are attempting to access illegal, dangerous, or inappropriate content. There is also concern that individuals will try to access the same material at home. To tackle that issue, the Department of Education has drafted new guidance for parents to help them keep their children safe at home.

School web filters will prevent all adult content from being accessed from any computer connected to a school network. Websites known to promote IS could also be blocked, along with other potentially harmful content. Children must be allowed Internet access at school as it is now an essential part of their education, but they must only be permitted to use the Internet responsibly. Greater efforts must be made to prevent children from being exploited, radicalized, groomed or recruited by extremists.

The new proposals are to be discussed over the next two months and a consultation will take place, after which the proposals will go to the vote. If adopted, enforcing school web filters will come under the remit of Ofsted.

Sky Implements Automatic Web Filtering to Block Online Pornography

School web filters are only one measure that is required to keep children safe. Protecting minors at home is another matter. Guidance can be given to parents, but that does not mean that all parents will read that information and take action to prevent inappropriate Internet usage at home. Sky Broadband is now planning to do its bit. From 2016, all new customers will be automatically prevented from accessing online pornography at home. New customers will be required to opt in rather than opt out if they want to view pornography. Any content with a rating of 13 years or above will also be automatically blocked until 9pm. At present, new customers are prompted to pick which elements of the Internet will be blocked by Sky web filters when they first access the internet.

Sky will also be backdating this new measure. A statement issued by Sky Broadband indicated this will be applied to all customers who have “joined since November 2013 and have not turned on Sky Broadband Shield”. According to Ofcom, only 30-40 percent of Sky customers have activated its web filter. Other broadband providers are being urged to follow suit. Currently only 6% of BT Broadband customers have implemented parental controls.

New EU Fines for Privacy Violations Up to 4 PC of Annual Sales

EU fines for privacy violations are likely to be issued to companies that fail to implement security measures to prevent their customers’ data from being stolen by cybercriminals. EU fines for privacy violations can be substantial, although the watchdogs that are able to issue them are limited. That is all about to change. The European Union has taken decisive action and will be penalizing companies that do too little to protect their customers.

EU fines for privacy violations apply to any company doing business in EU countries

Last week, negotiators met up in Strasbourg, France, and signed a new deal that will change data protection laws in the EU. It has taken some time for this update to take place, having first been discussed four years ago. There has been much debate about the level to which companies should be held responsible for data breaches, although finally all sides have come to an agreement that better protects consumers, make businesses more responsible, and will not interfere with efforts to bring cybercriminals to justice.

The changes to the law will ensure that more companies are held accountable for their lack of security controls. With the threat of cyberattacks increasing, and a number of major attacks suffered by companies over the past few years, an overhaul of data protection laws in Europe was long overdue.

Current legislation is somewhat patchy, offering limited protection for consumers. Companies in some industries can be fined up to 1 million Euros for privacy violations and the exposure of customer data, while others are allowed to escape without penalties.

The new EU fines for privacy violations will not have a fixed limit. Fines for businesses who are hacked or otherwise expose customer data will be as high as 4% of a company’s global annual sales. The aim of the new law change is to give companies a considerable incentive to invest in cybersecurity protections to keep their customers’ data secure, and improve consumer trust.

The law changes will also require companies doing business in any of the European Union’s 28 member states to disclose data breaches that have exposed consumer data. While privacy groups have welcomed the changes, business groups have not been quite so complimentary.

New EU fines for privacy violations to come into effect in 2018

According to EU Justice Commissioner Vera Jourova, “These new pan-European rules are good for citizens and good for businesses.” She also pointed out in a statement issued after the announcement of the conclusion of the negotiations that consumers and businesses stand to “profit from clear rules that are fit for the digital age, that give strong protection and at the same time create opportunities and encourage innovation.”

It will take a further two years for the new laws to come into effect, with the new EU fines for privacy violations expected to start being issued in 2018.

Juniper Networks Security Flaw Caused by NSA Claim Researchers

According to security researchers, the recently discovered Juniper Networks security flaw could have been created by the NSA to spy on Juniper Network customers. Others claim it is the work of a foreign government, although the NSA is still implicated.

Juniper Networks security flaw is a backdoor allowing customers’ information to be decrypted

Juniper Networks has discovered an external third party has inserted code into its software that could be used as a backdoor, potentially allowing hackers to decrypt secure communications and spy on customers’ data.

The networking equipment manufacturer’s corporate virtual private network (VPN) software was discovered to contain rogue code that allowed a security flaw to be exploited for the past three years. The Juniper Networks security flaw could have allowed the internal secure communications of customers to be viewed by hackers. The Juniper Networks security flaw would have allowed all VPN traffic to be monitored.

Juniper Networks security flaw now patched?

According to a statement released by Juniper Networks SVP and chief information officer, Bob Worrall, “Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.”

If a customer had communications intercepted they would likely to see a log file entry saying “system” had logged in and had a password authenticated. However, it has been proposed that an individual with the skill to insert the code and exploit the flaw would likely also be able to remove traces of a successful login attempt. Consequently, it is not possible to tell with any degree of certainty whether the Juniper Networks security flaw has actually been exploited.

That said, it would be odd for an individual or group of hackers to go to the trouble and expense of creating a sophisticated backdoor that allows secure communications to be monitored, and then not use it in the three years that it has existed.

A patch has now been released to tackle the issue and all customers have been advised to upgrade the software immediately. Whether the patch actually fixes the security flaw is debatable. Some suggest it does not tackle the vulnerability at all, and certainly does not entirely fix the problem.

Government agencies investigate: NSA implicated

The code insertion is being investigated by the FBI, Department of Homeland Security, and the White House National Security Council has also taken an interest.

Junipers’ clients include the U.S. Defense Department, FBI, Justice Department, and the U.S. Government. The sophisticated nature of the hack, together with the types of customers Juniper has, has led many to believe the code insertion is the work of foreign government-backed hackers.

However, not all security experts agree. Some believe that far from Russia, North Korea, or China being behind the hack, it could actually have come from within. Ralf-Philipp Weinmann, CEO of German security research company Comsecuris, has suggested that this could well be the work of the NSA.

He claims the Juniper Networks security flaw was a re-purposed decryption backdoor that had been inserted by the NSA more than a decade ago, albeit indirectly. The Dual_EC encryption algorithm that the NSA had lobbied to be included in encryption standards after discovering a flaw that could be exploited made the hack to be possible.

While the NSA could have inserted the code, even if it didn’t it could certainly have exploited it and used it to eavesdrop.

While the U.S. government, FBI, and others investigate and attention is focused on who may have been able to gain access to highly confidential U.S. data, it should be noted that the U.S. is not the only country that has many high profile customers using Juniper Networks ScreenOS firewalls. The firewalls are popular in Arab countries and the security flaw could have been used by the United States, Israel, UK, and others to eavesdrop on secret communications of Arab states.

End User Security Risk Being Addressed According to 2015 Security Study

A recently published 2015 security study has shown cyberattacks are pervasive and are likely to be suffered by virtually all organizations. However, IT security professionals have been taking proactive steps to reduce end user security risk and have also implemented better cybersecurity solutions to keep networks secure. Consequently, they feel much better able to deal with 2016 security threats.

New 2015 security study indicates 80% of organizations have suffered a security incident this year

Optimism appears to be high and many organizations believe they will be able to prevent security incidents from being suffered in 2016, which is great news. Unfortunately, that does not appear to have been the case this year. According to the Spiceworks study, 80% of respondents suffered a security incident in 2015.

Even though 8 out of ten organizations admitted to being attacked this year, they do feel they will be better able to deal with whatever 2016 has in store. Seven out of ten respondents said they would be better equipped to deal with cybersecurity attacks in 2016.

The reason for the optimism is an increased investment in both cybersecurity solutions and the provision of further training to members of staff. A more security conscious workforce means it will be much easier to prevent security breaches caused by malware infections, phishing attacks, and ransomware.

The study indicated that 51% of companies were attacked by malware this year, while 38% suffered phishing attacks. Ransomware is a cause for concern and threats have been reported extensively in the media, yet only 20% of companies actually suffered a ransomware infection.

Theft of corporate data only suffered by 5% of companies

There have been numerous reports of data breaches being suffered in 2015, and hackers have been able to steal corporate data and tens of millions of consumer records, yet the survey indicates only 5% of respondents actually suffered data theft this year. 12% of companies reported instances of password theft during 2015. That said, it is still a major cause of concern. 37% of respondents said they were still worried about the theft of data and passwords.

End user security risk main cause for concern among IT security professionals?

The study revealed what is keeping IT security professionals awake at night, and for the vast majority it is the threat posed by end users. IT security professionals can invest heavily in security defenses to keep hackers at bay, yet all the effort can be undone by the actions of a single employee. 48% of respondents were concerned about end users installing software on their work devices or the use of unauthorized technology.  80% claimed the biggest data security challenge was reducing end user security risk.

IT security pros also rated devices by the level of risk they posed to network security.

Riskiest network connected devices:

  • Laptops: 81%
  • Desktops: 73%
  • Smartphones: 70%
  • Tablets: 63%
  • IoT Devices: 50%

Measures have been taken to reduce end user security risk

IT security professionals are well aware that it can be a nightmare preventing end users from doing stupid things that result in their devices and corporate networks being compromised. Fortunately, they have realized there is a very simple and effective proactive step that can be taken to reduce end user security risk. That is to provide staff with security training.

The IT department can implement a wide range of sophisticated defenses to prevent security incidents, but if end users install malware on the network, respond to a phishing campaign, or give their login credentials out to a scammer, it will all be for nothing.

Respondents realized there is no use complaining about the risk that end users pose. Action must be taken to reduce end user security risk. By providing training on current threats and network security risks, the staff can be empowered to take action to keep their network secure.

Training employees to be more security conscious and instructing them how to identify scams and avoid malware is a highly effective strategy for reducing network security risk. The study revealed that 73% of IT security professionals have enforced end user data security policies and regular end user security training is now being provided by 72% of IT security pros.

Healthcare Phishing Emails Can Result in Business Crippling Fines

In the United States, healthcare phishing emails are being sent in increasing volume by cybercriminals looking for an easy entry point into insurance and healthcare providers’ networks. Healthcare employees are now being targeted with spear phishing emails as they are seen to be the weakest link in the security chain, resulting in HIPAA compliance breaches.

It is after all, much easier to gain entry to a healthcare network or EHR system if malware is installed by nurses, physicians, or administrative staff than it is to find and exploit server and browser security vulnerabilities. It is even easier if a member of staff can be convinced to divulge their email account or network login credentials. Hackers and cybercriminals are devising more sophisticated healthcare phishing emails for this purpose.

Clever healthcare phishing emails could fall any number of staff members

Even well trained IT security professionals have been fooled into responding to phishing scams, so what chance do busy physicians, nurses, and members of the billing department have of identifying healthcare phishing emails?

According to the Department of Health and Human Services’ Office for Civil Rights (OCR), employers will be held responsible if their staff fall for a phishing email, unless they have taken proactive steps to reduce the risk of that occurring.

This week, OCR announced it arrived at a settlement with University of Washington Medicine for a 90,000-record data breach that occurred as a result of staff falling for healthcare phishing emails. The settlement involved UWM paying OCR $750,000.

Small to medium-sized healthcare organizations could also be fined for members of staff accidentally installing malware. UWM may be able to cover such a substantial fine, but the average 1-10 physician practice would be unlikely to have that sort of spare cash available. Such a penalty could prove to be catastrophic.

Why was such a heavy fine issued?

The issue OCR had with UWM was not the fact that a data breach was suffered, but that insufficient efforts had been made to prevent the breach from occurring. U.S. healthcare legislation requires all healthcare organizations to conduct a comprehensive, organization-wide risk assessment to identify potential security vulnerabilities. In this case, University of Washington Medicine had not done this. A risk assessment was conducted, but it did not cover all subsidiaries of the organization, in particular, the medical center whose employee was fooled by the phishing email.

Healthcare phishing emails are such a major data security risk that efforts must be made to reduce the risk to an acceptable level. Had a risk assessment been conducted, the phishing risk would have been identified, and action could have been taken to prevent the breach.

OCR would not expect organizations to always be able to prevent employees from responding to healthcare phishing emails. OCR does expect healthcare organizations to make an effort to reduce risk, such as advising staff members about the threat from healthcare phishing emails, in addition to providing basic data security training at the very least.

Addressing the data security risk from healthcare phishing emails

Since the risk of cyberattack via phishing emails is considerable, healthcare organizations of all sizes must take proactive steps to mitigate the risk of employees falling for the email scams. Staff members must be informed of the very real danger from phishing, and the extent to which cybercriminals are using the attack vector to compromise healthcare networks.

They must be told to be vigilant, as well as being instructed what to look for. Training on phishing email identification must be provided, and in order to satisfy auditors, a signature must be obtained from each member of stall to confirm that training has been received.

Staff members should also have their ability to identify healthcare phishing emails put to the test. They should be sent dummy phishing emails with email attachments and fake phishing links to see if they respond appropriately. If they respond incorrectly after training has been provided, further help with phishing email identification must be given. These processes should also be documented in case auditors come knocking.

Due to the considerable risk of a healthcare phishing attack, and the ease at which networks can be compromised, additional protections must also be employed.  Small to medium-sized healthcare organizations that can ill afford a regulatory fine should make sure automated anti-phishing solutions are put in place.

These protections do not need to be expensive. There are cost effective solutions that can be employed that will reduce risk to a minimal and acceptable level. If training is provided and anti-phishing controls have been employed, OCR and other regulatory bodies would be less likely to fine an organization if a phishing-related data breach is suffered.

Deven McGraw, OCR Deputy Director for Health Information Privacy, recently pointed out that it is not possible to totally eliminate risk, but it is possible to reduce risk to an acceptable level. That is what OCR wants to see.

Automated solutions to reduce risk from healthcare phishing emails

To reduce the risk of members of staff responding to phishing campaigns, a powerful email spam solution must be implemented. Anti-spam solutions such as SpamTitan are cost-effective, easy to configure and maintain, and will block 99.98% of all spam emails. If phishing emails are not delivered, staff members cannot respond to them.

An anti-spam solution will not stop members of staff visiting malicious websites when surfing the Internet. Links to these malicious websites are often located in website adverts, on legitimate sites that have been hijacked by hackers, or contained in social media posts. To protect networks from these attack vectors, a web filtering solution should be employed.

WebTitan blocks users from visiting sites known to host malware. The anti-phishing solution can also be used to restrict Internet access to work-related websites. This will greatly reduce the risk from drive-by malware downloads and phishing websites.

Access rights can be configured on an organization-wide level to block malware-hosting sites. Group level privileges can be set to prevent social media networks from being accessed, for example. This control allows certain groups to have access to social media networks for work purposes, while reducing risk that comes from personal use. Individual access rights can also be set if required.

Summary

Provide training to the staff, block email spam and phishing emails from being delivered, and implement a web filter to manage web-borne risks, and not only will it be possible to keep networks and email accounts secure, heavy regulatory fines are likely to be avoided.

Data Breach Predictions: 25% of World Population Will Have Data Exposed by 2020

The latest data breach predictions by IDC analysts do not make for pleasant reading. If the data breach predictions turn out to be true, 1.5 billion individuals will be affected by data breaches in the next 5 years.

Companies being targeted by cybercriminals looking to steal consumer data

U.S. companies are being increasingly targeted by foreign cybercriminals. European businesses are similarly suffering more cyberattacks. In fact, companies all over the world are being attacked by criminals looking to gain access to consumer data. It is now no longer a case of whether a data breach will be suffered. It is now just a case of when a data breach will occur.

Companies must therefore be prepared. They must implement a host of security defenses to prevent cyberattacks from occurring, and need to make it harder for hackers and other cybercriminals to gain access to sensitive data. Failure to take action and implement multi-layered cybersecurity defenses will see a data breach suffered sooner rather than later. A breach response plan must also be devised to limit the damage caused when an attack is successful.

Data breach predictions for the next 5 years

The number of data breaches being suffered by companies all around the world has grown considerably in recent years, and the situation is unlikely to change. Based on the current levels of attacks, and the volume of data now being stolen by cybercriminals, IDC analysts made some bleak data breach predictions this month.

They expect that by the year 2020, a quarter of the world’s population will have had data exposed as a result of cyberattacks. That’s 1.5 billion individuals!

IDC also predicts that consumers will increasingly take action when their data are exposed. In fact, we are already seeing consumers boycott brands that have suffered major cyberattacks. Many consumers who previously shopped at Target for instance, have switched retailers following the massive data breach suffered in 2013.

In the UK, many consumers are switching broadband and mobile phone provider after TalkTalk was hacked by a group of teenagers this year. In the United States, there has been considerable fallout as a result of the massive data breaches suffered by Anthem Inc., and Premera Blue Cross. Customers have switched their health insurance to companies that they believe will take better care of their health data.

Data Breach predictions for healthcare organizations

Many cybercriminals have switched from targeting retailers for credit card data to healthcare providers and insurers for Social Security numbers and health information. The value of health data is much higher than credit card information. Once a credit card has been stolen, consumers rapidly shut down their accounts. Credit card companies are on the lookout for suspicious activity and block cards quickly. Healthcare data and Social Security numbers on the other hand can be used for months or even years before identity theft and fraud are discovered. Cybercriminals can use healthcare data and SSNs to defraud individuals and obtain tens of thousands of dollars before fraud is even detected.

The value of healthcare data, combined with the relatively poor defenses put in place by many healthcare organizations, has seen cybercriminal activity increase. The volume of healthcare data breaches has grown considerably over the past few years. Those data breaches are unlikely to stop in the foreseeable future. IDC’s healthcare data breach predictions for next year are bleak. Its analysts expect one in three Americans to have their healthcare data stolen in 2016.

113 million healthcare patients had their data exposed in 2015

The company’s data breach predictions are unlikely to be far off the mark. According to figures from the United States Department of Health and Human Services’ Office for Civil Rights, the agency charged with policing healthcare organizations, over 154 million healthcare patients and health insurance subscribers have had their healthcare data exposed since data breach reports were made public in 2009.

Almost 113 million of those healthcare records were exposed this year. That’s 73% of the total number of breach victims created in the last 7 years! If anything, IDC’s healthcare data breach predictions are overly conservative!

Twitter Cyberattack Prompts Warning of Government-Backed Hacking Campaign

A Twitter cyberattack has prompted the social media network to issue warnings to some users of the social media site. It would appear that attackers have attempted to gain access to the accounts of a limited number of individuals, but those attacks do not appear to have resulted in a breach of user data.

Twitter cyberattack prompts warnings to be sent to site users

The warnings appear to have only been sent to certain United States based users of the website. The emails warn users that foreign government-backed hackers are targeting the site and are attempting to steal user data. According to the warnings, user account data is not believed to have been obtained and, if it has, only a small amount of personal data would have been revealed.

Twitter has offered some suggestions to any users that have been targeted to allow them to take action to reduce risk. They have been told they can switch to the Tor network to access their accounts, or it was suggested they tweet under a pseudonym.

It would appear that the attackers responsible for the Twitter cyberattack are attempting to get the phone numbers, email addresses, and IP addresses. It is conceivable that the individuals were targeted to allow the hackers to send out tweets from the users’ accounts.

The warning alerted users to a “small group of attackers” who are targeting the site. If another Twitter cyberattack is attempted, the social media site will send out a warning email to advise the affected party or parties of the attempted attack.

Latest Twitter cyberattack appears not to be random

The Twitter cyberattack appears to have targeted specific users of the website. The individuals and companies that the attackers have targeted are security experts or activists. Coldhak, a not-for-profit company dedicated to improving privacy, security, and freedom of speech, was one of the organizations that the hackers attacked.

Twitter is currently conducting a full investigation into the attempted hacking of Twitter accounts. The warning indicates that the social media microblogging platform is being ultra-cautious and is alerting users as a proactive step to prevent a breach of customer data, as well as reducing the potential damage caused by an attack.

Both Facebook and Google have recently sent out warnings to users of their services alerting them to suspicious account activity. Those warnings alerted users to activity by foreign government-backed hacking groups. It would appear that Twitter is taking a leaf out of their books.

This is not the first Twitter cyberattack of course. In February 2013, Twitter reset the passwords of 250,000 users after hackers compromised accounts and gained user names, passwords, and other sensitive data. In 2010, the social media site was attacked and Japanese users of the site were directed to porn websites when attempting to access their Twitter accounts.

Retail Industry Cybersecurity Risk is Seriously Underestimated

According to the latest cybersecurity report from Osterman Research, retail industry cybersecurity risk is being seriously underestimated. There is false confidence in cybersecurity protections, and the risk of consumer and business data being exposed is considerable.

Assessing retail industry cybersecurity risk

The retail industry cybersecurity risk assessment was conducted on 125 large retailers during the month of November. The report indicates that even though security vulnerabilities have been identified, the retail industry is not taking the necessary steps to deal with those risks.

Many security holes remain unplugged. In particular, risks associated with temporary workers are not being dealt with. Retailers bring in temporary workers at busy times such as in the run up to Christmas. However, they are introducing a considerable amount of risk when the do so because they are not monitoring the activity of those workers effectively. Many actually believe they are – which is even more worrying.

Temporary workers are often provided with login credentials which are shared instead of giving each temporary worker a separate login. This eases the administrative burden on the IT department. Why create hundreds of new logins that will only be required for a short period of time? Simply give those workers low level privileges and any risk that is introduced will be minimal. Unfortunately, that may not necessarily be the case.

The study showed that 61% of temporary retail floor workers were using shared logins. It is not known whether this is a short cut taken and the risk is known, or whether retailers are unaware of the dangers that the activity involves. Even temporary workers must be given access to some data assets, yet it is impossible for some retailers to identify assets that each of those workers are accessing.

Furthermore, it is not only temporary workers that are being allowed to share login credentials. 21% of permanent workers are also sharing their login credentials.

Retail industry cybersecurity risk is being seriously underestimated

The research indicates that 62% of retailers believe they know everything their permanent workers are doing, and 50% claimed to know what data their temporary workers are accessing. Worryingly, when asked if their IT departments can identify specific systems that individual permanent employees have accessed, 92% said they could. This is clearly not the case in reality.

The study indicated that 70% of retailers gave access to corporate systems to permanent members of retail floor staff. 7% said that permanent workers had accessed systems they were not supposed to and 3% said temporary workers had done the same.

Those figures may actually be much higher as 14% of respondents didn’t know if their permanent workers had inappropriately accessed data. 26% couldn’t tell if their temporary workers were accessing data they shouldn’t. Given the potential gains to be made from gaining access to retail networks, criminals may even be tempted to take a holiday job simply to access to retail systems.

Security awareness training is also not being provided frequently enough. 60% of respondents only conducted training once or twice a year. If workers are not being kept abreast of the retail industry cybersecurity risk, they will not be able to take action to reduce that risk.

Even with the major data breaches and cyberattacks that have recently been suffered by major U.S. retailers, security vulnerabilities persist. Unfortunately, it would appear that retail IT professionals actually appear to believe they are doing a good job. If the measure of how well retail industry cybersecurity risk is being managed is whether or not a retailer has suffered a major data breach, then the industry is in pretty good shape. Unfortunately for the retail industry, if risk is not effectively managed, data breaches are likely to be suffered sooner rather than later.

Cryptowall 4.0 Ransomware Now in Angler Exploit Kit

Just over a month ago, researchers at Heimdal identified Cryptowall 4.0 ransomware; the latest incarnation of the nasty malware first discovered in September 2014. Since then, the malware has been further developed, with the third version discovered in January 2015.

Now, Cryptowall 4.0 ransomware is threatening consumers and businesses alike. The latest version of the malware is even sneakier and more difficult to detect, and its file encryption goes much further. To make matters worse, Cryptowall 4.0 ransomware has been packed into the Angler exploit kit, making it easier for the vicious malware to be downloaded to devices.

The Angler exploit kit takes advantage of vulnerabilities in browsers, making drive-by downloads possible. Any organization that has not installed the latest browser and plugin updates is at risk of having its files encrypted.

Cryptowall 4.0 ransomware – The malware keeps on evolving to evade detection

Last month, the Cyber Threat Alliance released new figures on the cost of Cryptowall infections. The criminals behind the malware have so far managed to extort $325 million from victims around the world. The latest version of the ransomware will see that extortion will continue. The bad news is, the latest version is likely to result in a much higher rate of infection. The money being ‘requested’ has also increased. Victims are no longer being asked for $300 to unlock their files. They are being urged to pay out $700 to unlock their files and keep their systems protected.

Victims are given less choice with the latest version of the malware. Not only will their files be encrypted, in order to make it harder for victims to restore encrypted files from backups, the latest version also encrypts filenames. The aim is to confuse victims even more. It is, after all, hard to restore files if you don’t know which files need to be restored.

Angler exploit kit used to infect computers with Cryptowall 4.0 ransomware

The Angler exploit kit is particularly nasty. First of all, it is not only Cryptowall 4.0 ransomware that will be installed. Visitors to malicious websites will have a host of malware installed on their computers. The network security threat is therefore considerable.

First of all, victims have to deal with Pony. Pony is installed and gallops around gathering information. It will steal login credentials and transmit the data back to the hacker’s command and control center. Attackers are looking for more than just a $700 ransom. What they are really after is access to content management systems and web servers.

A redirect will result in Angler being dropped, which will identify security vulnerabilities that can be exploited. Angler can incorporate new zero-day vulnerabilities and has been designed to be particularly difficult to detect. Angler will then install Cryptowall 4.0 ransomware.

Greater need to install a powerful web filter to prevent infection

Unfortunately, the use of the Angler exploit kit means end users do not need to download and install Cryptowall 4.0 ransomware manually – or open a malicious email attachment. Drive-by downloads will install the malware automatically if the user visits a website infected with malicious code.

Organizations can spread the news of the latest incarnation of Cryptowall to the workforce, and issue instructions to end users to instruct them to take greater care. However, since casual Internet surfing could result in computers being infected, greater protection is required.

Some end users will take risks and will ignore instructions. It is therefore a wise move to install software solutions to minimize the risk of infection by drive-by downloads. The cost of doing so will be much lower than the cost of dealing with multiple Cryptowall 4.0 ransomware infections.

WebTitan web filtering solutions are an ideal choice. They offer system administrators a host of powerful controls to prevent end users from visiting malicious websites and unwittingly infecting computers and networks. The software offers highly granular controls, allowing individuals or groups to have Internet access controlled. Protection against malware can be vastly improved without impacting critical business processes. WebTitan allows sys admins to block web adverts from being displayed, limit access to social media networks and certain website types, as well as sites known to contain malware and malicious code.

The inclusion of Cryptowall in the Angler exploit kit makes the installation of a web filtering solution less of an option and more of a necessity.

Essential security controls to reduce the risk of a Cryptowall 4.0 infection:

Conduct regular backups of your data – If you are infected, you must be able to restore all your files or you will have to pay the ransom.

Never store usernames and passwords on a computer – These can be read and transmitted to hackers.

Do not open unfamiliar email attachments – Even if an attachment looks safe, unless you are 100% sure of its authenticity, do not download or open it.

Install a spam filtering solution – make sure all email spam is quarantined and not opened.

Keep anti-virus solutions up to date – Virus definitions must be 100% up to date. Ensure that an AV solution is used that will detect Cryptowall 4.0 ransomware.

Install patches as soon as they are released – Your system must be kept up to date. It will be scanned for vulnerabilities that can be exploited.

Cost of Phishing Attacks Highlighted by Target Data Breach Settlement

The true cost of phishing attacks is difficult to calculate accurately, but the recent Target data breach settlement gives an indication of just how costly phishing attacks can be. The U.S. retailer has recently agreed to pay $39.4 million to resolve class-action claims made by banks and credit unions to recover the costs incurred as a result of the 2013 target data breach.

The claims were made to try to recover some of the cost of re-issuing credit and debit cards to the 40 million or so customers that had their data stolen by hackers. The banks were also required to issue refunds to customers whose credit or debit cards had been fraudulently used after the 2013 Target data breach.

The Target hack was financially motivated. The perpetrators of the crime sold data or fraudulently used credit card information and the personal details of customers. Approximately 110 million customers of Target may have suffered financial losses or had their identities stolen as a result of the 2013 Target data breach.

The settlement will see Mastercard retailers paid $19.11 million, while $20.25 million will be paid to credit unions and banks. This is not the only Target data breach settlement reached this year. The retailer agreed to pay Visa card issuers $67 million in the summer, bringing the total card issuer settlement to $106.4 million; more than the $100 million paid Visa and Mastercard issuers by Heartland Payment Systems Inc. Heartland suffered a massive data breach in 2008 that exposed 100-million+ credit card numbers. The company had to pay out around $140 million in total to resolve the breach.

The True Cost of Phishing Attacks

The settlement could have been considerably higher. Target’s figures suggest that approximately 40 million credit card numbers were stolen by hackers in 2013. The settlement is therefore lower than $1 per credit card number exposed.

In addition to paying $10 million to customers, Target also had to cover the cost of implementing a swathe of additional security measures after the cyberattack to prevent similar attacks from being suffered. One of the most expensive measures was the introduction of microchip-enabled card readers in its nationwide stores.

Then there was the damage to the company’s reputation. Many consumers have stopped using Target and have switched to other retailers. The total cost of the 2013 data breach may not be known for some months or years.

The 2013 Target data breach started with employees responding to phishing emails. Those employees did not even work for Target, at least not directly. The individuals who fell for the phishing scam worked for a contractor: an HVAC company used by the retailer.

Small to Medium Sized Businesses Face a High Risk of Phishing Attacks

Heating, ventilation, and air conditioning subcontractor, Fazio Mechanical Services, was the company hackers used to gain access to Target’s network. Login credentials were stolen from the company that allowed the attackers an easy route into Target’s network.

Organizations often give limited network access to subcontractors to allow them to remotely access IT systems, either to perform maintenance, firmware or software upgrades, monitor performance, or check energy consumption and tweak systems.

If hackers can break through the defenses of the smaller companies, they can steal login credentials that will allow them to gain a foothold that can be used to attack the systems that subcontractors remote into. That is where the big prize is: a database containing hundreds of thousands – or even millions – of confidential records.

Don’t Cover the Cost of Phishing Attacks: Pay for Anti-Phishing Solutions!

Regardless of the size of your organization, it is essential to put protections in place to make it as hard as possible for hackers to penetrate defenses. Phishing is one of the commonest techniques used to steal login credentials, so it is therefore essential that controls are put in place to limit phishing risk.

Anti-phishing measures include anti-spam solutions that block phishing emails from being delivered to inboxes. If malicious attachments are identified and quarantined, less reliance is placed on staff to spot phishing campaigns. Not all attacks come via email. Malicious websites may be visited by employees and malware can be downloaded. Implementing a web filtering solution will help employers to manage phishing risk and prevent these websites from being visited by the staff. Malicious adverts can also be prevented from being displayed to employees. They are increasingly being used by hackers to direct people to phishing sites.

The cost of phishing attacks is considerable, but those attacks can often be blocked. It is much more cost-effective to implement anti-phishing solutions than to cover the cost of phishing attacks when they do occur; and occur they will.

Point of Sale Malware Threatens U.S. Retailers

Point of sale malware is not new. Cybercriminals have been using point of sale malware to steal credit card numbers from consumers for many years. Unfortunately for retailers, the threat of POS malware is growing. Highly sophisticated malware is being developed and used to obtain a wealth of information from retailers about their customers. That information is being used to commit identity theft and fraud. POS malware is also being used to obtain corporate data.

Point of Sale Malware – The biggest data security threat for retailers

Retailers are at risk of having point of malware installed throughout the year, but in the run up to Christmas the threat is greatest. It is the busiest time of year for shopping and hackers and other cybercriminals step up efforts to get their malware installed. Hackers are hoping for another big payoff before the year is out, and they are likely to get it.

Over the Thanksgiving weekend, some of the most sophisticated malware ever seen was discovered. In some cases, the point of sale malware had been blocked. Many retailers were not so lucky. Unfortunately, identifying malware once it has been installed can be incredibly difficult, especially with the latest ModPOS malware. It is already responsible for providing millions of credit card numbers to hackers, and has caused millions of dollars of damage. The full extent of the infection is not yet known due to the stealthy nature of this new malware.

ModPOS – The most worrying point of sale malware to be seen to date

The new malware has been named ModPOS – short for Modular Point of Sale malware – and it is particularly dangerous, stealthy, and fiendishly difficult to identify once installed. Security experts have been surprised at the level of sophistication. An incredible amount of skill was required to produce malware as complex as ModPOS. It shows the level that criminals will go in order to obtain data and avoid detection.

The malware has been developed to make it exceptionally difficult to identify, and it has clearly been designed with persistence in mind. Once installed, it can perform a wide range of functions; not only serving as a keylogger and card reader, but also a tool for network reconnaissance. It is not just large U.S. retailers that will be affected. This point of sale malware may be used to infect multiple targets. If protections are not put in place to prevent infection, the potential for damage is considerable.

Security analysts first saw elements of this POS malware three years ago, but it has been subsequently developed further. It is difficult to even estimate the extent of infection due to the nature of the malware. The level of obfuscation is impressive.

It has taken some of the world’s leading cybersecurity analysts a considerable amount of time to identify this point of sale malware, and even longer to reverse engineer it. It is, to put it simply, the most complex and sophisticated point of sale malware ever discovered. iSight Partners’ senior director Steve Ward has been reported as saying it is “POS malware on steroids.” ModPOS is the result of an extraordinary amount of time, money, and development. Every aspect of the malware has been painstakingly developed to avoid detection. Every kernel driver is effectively a rootkit.

Investment by criminals in this malware is unprecedented but, then again, the rewards for that investment are likely to be as well. If a major retailer is infected, and many will be, every one of their customers’ data could potentially be obtained. The potential gains for investors in the development of this malware are likely to be off the chart.

Highly functional malware that reads cards, steals corporate data, and much more

The malware can act as a keylogger, recording all data entered by employees. It will serve as a card scraper and will read the credit and debit card details of every customer who pays via point of sale systems. The malware will simply read the card details from the memory. Even EMV terminals may not offer protection.

Data are exfiltrated to hackers’ command and control centers, but it is not even clear what data are being transmitted. The malware encrypts each transmission twice, with 128 bit and 256-bit encryption. As if that wasn’t enough, the data of each customer require a different security key to decrypt them.

The shell code used is virtually a full program in itself. According to one iSight security expert, the shell code contained approximately 600 different functions. And that is just one piece. There are many more than one in this malware. All of the different modules operate in kernel mode, making them exceptionally difficult to identify. Furthermore, the malware is not being sold via darknet marketplaces. It is being kept secret and used by the criminal gang that paid for its development. The gang behind ModPOS has effectively paid for a license to print money.

The methods being used to distribute this point of sale malware are not known, and there is no fix for the threat actor. At the present time, there is a high risk of infection, and no single defense mechanism that can be employed to prevent an attack. So far, approximately 80 major retailers have been warned to be on high alert.

Reducing the risk of point of sale malware infections

Since the threat actor is not known, retailers and other organizations should be ultra-cautious and supplement their defenses to prevent attacks from being successful. Additional measures to enhance security include:

Conversion to EMV terminals – If data is not encrypted it can be read by the malware. The memory must also be encrypted, not only stored data.

Protect all systems, not just POS – The malware contains many modules, and its full capabilities are not fully known. It is not just credit card details that are at risk. All corporate data must be protected.

Implement email filtering solutions – The malware may be delivered via spam and bulk email. Infected attachments and phishing links may be used. It is essential that robust anti-spam solutions are implemented to prevent infection.

Web filtering is essential – The executable file responsible for installing the malware must not be downloaded to any device. Blocking known malware websites and potentially malicious website adverts will help to reduce the risk of ModPOS attacks.

Instruct staff to be highly vigilant – Regardless of the software systems used to improve security defenses, employees will always be a weak link. Staff should be trained and warned to be ultra-cautious, and instructed how to spot potentially malicious emails, websites, and phishing campaigns.

Kaspersky Lab Makes Web Security Predictions for 2016

Kaspersky Lab has made a number of web security predictions for 2016, alerting IT security professionals to what the company’s security experts believe next year has in store. The company has listed some of the biggest security threats that are expected over the coming year.

Kaspersky Lab is one of the leading anti-virus and anti-malware software developers, and is a supplier of one of the two AV engines at the heart of WebTitan Web filtering solutions.

The Kaspersky web security predictions for 2016 include opinions gained from over 40 of the company’s leading experts around the globe. The web security predictions for 2016 can be used by IT professionals as a guide to where the next cyberattack could come from.

The Biggest Cyberattacks of 2014 and 2015

Last year saw numerous high profile attacks on some of the world’s best known brands. Around this time last year, Sony was hacked and its confidential data was posted online, causing much embarrassment and considerable financial loss. Some of the biggest names in retail in the U.S. were attacked in 2014 including Target and Home Depot.

The start of this year saw attention switch to health insurers. In February, Anthem Inc. was attacked. The records of 78.8 million insurance subscribers were stolen. News of a cyberattack at Premera BlueCross closely followed. 11 million subscriber records were compromised in that attack. Later in the year, Excellus BlueCross BlueShield discovered hackers had potentially stolen the records of approximately 10 million subscribers. Healthcare providers were also hit. UCLA Health System suffered a data breach that exposed the records of 4.5 million patients.

The U.S. Government was also targeted this year. The Office of Personnel Management was hacked and, while the perpetrators have not been identified, the attackers are believed to be government-backed hackers based in China. Over 22 million records were potentially stolen in that cyberattack. The IRS was also hacked and 300,000 individuals were affected.

37 million highly confidential records were obtained from internet dating website Ashley Maddison, and Hacking Team – a somewhat controversial provider of spyware – was also hacked. 40 GB of its data was dumped online for all to see.

Many of these attacks were highly sophisticated, but were made possible after employees fell for spear phishing emails.

Web Security Predictions for 2016

Hackers have been developing ever more sophisticated methods of breaking through security defenses to gain access to confidential data, to sabotage systems, or to hold companies and individuals to ransom by taking control of their data. Phishing and social engineering techniques are often used. While these are likely to continue, Kaspersky Lab experts believe hackers are likely to concentrate on stealthier techniques over the coming 12 months. The company’s experts believe there will be a growth in silent attacks that are difficult for security professionals to detect. The main web security predictions for 2016 are listed below:

APT Attacks to come to an end

Advanced Persistent Threats have proved popular with hackers, yet Kaspersky believe these attacks will soon come to an end. Instead, hackers are expected to conduct more drive-by attacks using stealthy memory-based malware. Memory based malware is not downloaded but resides in the memory where it cannot be easily detected. While the injection of malicious code into the RAM of a computer could only previously be used for short term infections, new techniques have been developed that are capable of surviving a reboot. These are likely to grow in popularity over the coming year.

Off-the-shelf malware use to increase

Rather than criminals paying hackers to develop new exploits, there is expected to be an increase in off-the-shelf malware attacks. Instead of developing new malware from scratch, existing malware will be used and tweaked to avoid detection. There is no need to reinvent the wheel when malware exists that can be used or rented out cheaply. The malware will just be made stealthier and more difficult to detect.

Alternative payment systems will be targeted

Financial cyberattacks will continue, and banks and financial institutions will be targeted. Expect a rise in attacks on alternative finance providers and payment systems such as AndroidPay, SamsungPay and ApplePay.

No end to extortion and mafia-style tactics

Not all hackers are motivated by money. Kaspersky has predicted a rise in the number of hacktivist attacks, which aim to shame the rich and famous. Attacks will continue to be conducted on companies that have caused offense. The attack on Ashley Madison and the 2014 hacking of Sony being good examples. Some hackers will use the threat of publishing data to extort money from victims, others will just be keen to sabotage companies. The use of ransomware is also expected to increase, with companies large and small targeted with increasing regularity.

Amazon Data Breach Risk: Precautions Taken to Protect Customers

Under normal circumstances the Amazon data breach risk is kept to a minimal level. The global online retailer is estimated to have generated $38.42 billion in gross profits between September 2014 and September 2015, and such deep pockets mean the company can invest heavily in cybersecurity protections.

With a company as large as Amazon, excellent data breach risk management strategies are essential. The company is a huge target for cybercriminals and a successful cyberattack has potential to make a dent in its profits. If customer data are obtained by criminals, those customers may choose to buy from an alternative retailer in the future.

Amazon data breach risk discovered in time to prevent a successful hack?

This week, a security scare has forced the company to reset some users’ passwords. It is not clear whether a data breach has actually been suffered, but the retailer certainly believes the risk to be credible as Amazon passwords were not requested to be changed. The company forced a reset.

Amazon.com announced that this was “a precautionary measure” to prevent a cyberattack from occurring. The company believes passwords were “improperly stored” or had been transmitted to the company using a method that could “potentially expose [the password] to a third party.”

The company has sent emails to all affected account holders advising them that they will need to specify a new password when then next login. No announcement was made about the number of users affected.

This is not the first time that Amazon has had a major security scare. In 2010, hackers managed to break through its security defenses and compromised a number of user’s passwords. In that instance, users were warned that their accounts had been compromised.

The Amazon data breach scare could affect more than just your Amazon account

It is not clear whether passwords were actually obtained by a third party. Because of the doubt surrounding the reason for the forced change, any individual that receives an email telling them their password has been reset should also change their passwords on all other online accounts if the accounts can be accessed using the same password.

Many consumers share passwords across multiple platforms, but password sharing is inadvisable. Many online accounts use an email address as the login name. If a password is shared across platforms, one data breach could result in all user accounts being compromised.

Amazon data breach risk management: Two-factor authentication now added

One of the easiest ways to improve protection is to introduce two-factor authentication. Many companies only insist on one factor to authenticate users: A password. Two-factor authentication involves an additional element to verify that the person attempting access is the genuine account holder.

Many global companies have now introduced two-factor authentication; although some have only done this recently. In some cases, the additional security measure was deemed necessary after a data breach was suffered. Twitter being one of the best examples. Google uses two factor authentication for its accounts, as does Facebook. This month, Amazon data breach risk management policies were changed to include two-factor authentication on user accounts. It is not clear why it took the company so long to introduce this enhanced security measure. All users should add it, especially in light of this recent security scare.

Dell Root Certificate Security Flaws Discovered

You would think that a brand new computer would be secure, aside from requiring a few updates to software after being taken out of the box, but a Dell root certificate security flaw means even brand new Dell laptop computer could be compromised within seconds of being connected to the Internet. Understandably, corporate customers and consumers alike are in uproar over the eDellRoot certificate security flaw that was recently discovered.

The security flaw was revealed by Dell as part of the company’s remote assistance support service. In order for Dell to “streamline” support for users, the company installed a self-signed root certificate on at least two models of Dell laptop computers – the Inspiron 5000 series and the company’s XPS 15 laptop.

Unfortunately, the root certificate is installed in the Windows root store along with the certificate’s private key. Any individual with a modicum of technical skill could obtain the key and use it to sign fake SSL/TLS certificates. In fact, the key is publicly available on the internet so it is easy to obtain. This means that anyone using one of the aforementioned Dell laptops could visit a HTTPS-enabled website in the belief that the connection is secure, when in fact it may not be.

It would be possible for hackers to view data shared between the secure website and the Dell laptop. If the laptop is used to access a banking website via an open Wi-Fi network or the Internet is accessed via a hacked router, someone could listen in on that connection. Users could compromise their personal bank account information, passwords, or login credentials used to access their employer’s network.

Any company that has purchased either of the above Dell laptops could potentially be placing their entire network at risk. If a BYOD is in operation, personal Dell laptops are a huge risk to data security.

Not only could hackers eavesdrop on secure internet connections, it is possible that the Dell root certificate security flaw could be used to install malware on devices undetected. Since the certificate can be faked, it is possible that system drivers or software could be installed which fool the operating system into thinking they have come from a trusted developer. Even if a warning is issued, users may think it is safe to install a program because it appears to have been created by Dell.

Dell desktops, servers, and other laptops may contain the Dell root certificate security flaw

The extent of the problem is currently unclear, but the Dell root certificate security flaw may not be confined to two specific laptop models. All laptops, servers, and desktops sold by Dell could potentially be affected. The eDellRoot certificate is installed by Dell Foundation Services (DFS) and the application is not confined to the Inspiron 5000 and XPS 15 laptops. According to one source, the security flaw has also been found on the Dell Venue Pro. Dell says the root certificate was only installed on hardware since August 2015.

A few days after the discovery of the Dell root certificate flaw, another one was discovered by Duo Security. This certificate was only present on a small number of systems around the world, although that Dell root certificate was discovered on a SCADA (supervisory control and data acquisition) system.

It doesn’t end there. A third has been discovered. The DSDTestProvider certificate is installed by an application called Dell System Detect or DSD. This is not shipped with Dell hardware. Instead it is downloaded onto computers and laptops by users. If they visit the Dell support website they are asked to install the detection tool.

Dell Root Certificate Security Fix Released

Users are able to remove the eDellRoot certificate using a tool that has hastily been released by Dell. However, at the time of writing, there is no tool to remove the DSDTestProvider certificate. Any user of a Dell computer, server, or laptop should therefore keep up to date with eDellRoot and DSDTestProvider news and should check the Dell support website frequently for further information.

Extreme caution should be exercised when accessing apparently secure websites, and users should not access secure sites from open Wi-Fi networks until the Dell root certificate security flaw has been fixed.

According to ARS, security expert Kenn White was able to use the publicly available security key to create a secure HTTPS test site using the certificate. When he visited the site it flagged no warnings that the certificate could not be trusted when he used Internet Explorer, Microsoft Edge, and Google Chrome browsers. The only browser that recognized the certificate as being suspect was Firefox.

Watch Out for Fake Black Friday Deals

Are you prepared for the official start of Christmas shopping season? Will you be starting your Xmas shopping on Black Friday? If you can’t resist a bargain, and can’t wait until Cyber Monday, take care! There are many fake Black Friday deals being advertised and you may end up becoming a victim of an online scam.

Fake Black Friday deals aplenty

Black Friday follows Thanksgiving Day in the United States, and it officially marks the first day of the Christmas shopping season. It is also a day when online criminals try to take advantage of Christmas shoppers. There will be plenty of genuine bargains, as Black Friday discounts are offered by most major retailers. Unfortunately for shoppers, there are plenty of fake Black Friday deals being advertised online. Picking out the real deals from the fake ones is not quite as easy as it used to be. Scammers are getting good at creating highly realistic offers and fake websites. Furthermore, scammers are getting sneaky and have launched fake Android Apps, and are now sending texts containing phishing links and fake phone lines.

Fake Amazon app will steal your passwords, make calls, and send texts

One of the scams already being sent offers a golden opportunity: The chance to beat the online crowds and grab a bargain before everyone else. Download this app and you will get to the front of the virtual queue and get all the Amazon Black Friday deals, days early.

Instead of launching an Amazon app when you start it, after downloading the fake Amazon app it will launch an app called com.android.engine. If you grant permission, as many people who download the app will, you give the app permission to view virtually everything on your phone, make calls, send texts, and see the data you enter via your phone. Deleting the app will make no difference. To avoid this scam and others like it, only download apps from Google Play store; never from third party sites.

Beware of texts warning of suspicious account activity

Scammers may love email to deliver phishing links and malware-ridden attachments via email, but some are now resorting to text messages. Texts are sent warning of a security breach, account hack, or other need to call a support line. The number provided will be answered by a scammer who will attempt to relieve you of your credit card information or bank account details, or will attempt to gather information that can be used in a future phishing attack.

Fake stores offering fake Black Friday deals

Social media websites advertise amazing discounts and many fake Black Friday deals. Spam emails are sent in the millions with fantastic “too good to be true” offers. Many of these are fake Black Friday deals designed to get you to part with your credit card number. When browsing the Internet, you may have pop-up adverts appear with links to these websites or they may appear in Ad blocks on legitimate websites.

Some of these adverts will direct you to online stores that you may never have heard of; yet the discounts do tempt many visitors to make a purchase. Any goods ordered will not be received and credit cards will be charged repeatedly.

Before making any purchase, take a few minutes to verify the company’s identity, address, and location. Don’t be afraid to give the store a call. It is better to be safe than sorry.

Your order can’t be delivered

Next week you may receive an email telling you your order cannot be delivered. Your purchases are unlikely to be specified in the email, only a link to the delivery company’s website. You will be asked to make alternative arrangements to collect your order or provide an alternative date when you will be home.

The links direct users to phishing websites aimed at getting visitors to divulge sensitive information. Delivery receipts and invoices are also sent via email. These contain malware, and opening the files will see your computer compromised. Be especially wary of PDF files, JPEGs, ZIP, and EXE files. Many file attachments have the suffixes masked to fool users into opening them. They contain malware such as keyloggers, or will allow hackers to take control of your device.

Only make purchases from stores offering a secure HTTPS connection

To avoid phishing and other malicious websites, use your common sense. If a deal sounds too good to be true it probably is. Before you make a purchase, check the website has a padlock next to the URL and the web address starts with HTTPS.

This is not a guarantee that the website is genuine, as security certificates can be faked. But it will give you a better idea if the website can be trusted. Also never make any purchase while connected to the Internet via an open Wi-Fi network. You never know who might be eavesdropping on your session.

If you want to protect against fake Black Friday deals, or keep your work network secure and free from malware, consider installing a web filtering solution. It will take the guesswork out of online purchases, and will block phishing websites, popups, and malicious adverts. Coupled with an anti-spam solution to catch malicious emails, you will be better protected from online scammers and cyberattacks.

Amazon Two-Factor Authentication: Enhanced Data Security Measure Added

Online shoppers now have the option of using Amazon two-factor authentication on their accounts to improve security. Any users concerned about the number of cyberattacks being suffered by large retailers should take advantage of the new security measure and add Amazon two-factor authentication to their Amazon account at the earliest possible opportunity.

It is not clear exactly when the retail giant implemented the new security feature, as an announcement was not made; however, some users started to notice the option this week. At the present moment in time it is not a mandatory security measure to use, but it is strongly advisable to add it to your account.

Large retailers are big targets for cybercriminals. Retailers such as Amazon may have invested millions or even hundreds of millions in data security solutions and cybersecurity protections, but no company is impervious to attack. One thing that is certain is a great many cybercriminals will attempt to break through Amazon cybersecurity defenses. The company’s colossal database of customer information would be a sizeable reward for all the effort. The retail giant has an estimated 244 million customers. 244 million credit card numbers could be sold for a considerable sum of money.

Why Amazon two-factor authentication doesn’t offer 100% security

It would be nice to live in a world where it is impossible to be hacked or have one’s account details compromised. Unfortunately, but there is no such thing as a 100% secure account because no system is totally foolproof. Two-factor authentication does however get pretty close and, even better, it is easy for companies to implement and straightforward for customers to activate.

Most of the global retailers and major internet brands use two-factor authentication for user accounts; although for some reason (only known to Amazon) the retail giant has refrained from adding this additional security measure until now. It is not a mandatory security measure and will not be added to accounts automatically. If users want enhanced account security, they can access their account settings and turn it on.

How to Add Amazon two-factor authentication to your account

Making your Amazon account more secure is a simple process. You will need to login to your account and access your account settings. The option is located in the “Your Account” dropdown menu in the upper right hand side of your screen.  You will need to scroll to the “Change Account Settings” option, and at the bottom of the list click on “Edit” to the right of the “Advanced Account Settings” section.

You will be directed to the Amazon two-step authentication page. You just need to click on the “get started” option. If you enter your mobile phone number, you will be sent a code which will need to be added into your account settings. Once this has been done, no one other than yourself will be able to access your account even if your password is compromised. Unless a criminal also has your phone of course.

Retailers are being attacked with increasing regularity, so this additional security measure is strongly recommended. Target was targeted, Home Depot was hacked, and Amazon may well be the next major retailer to suffer a significant data breach. This additional security control will offer greater protection.

Keylogging Malware Infection Discovered by Kentucky Hospital

If a user in your organization accidentally installs keylogging malware onto his or her computer, every keystroke entered on that computer – including login names and passwords – could be sent directly to hackers’ command and control servers.

This nightmare scenario could involve the exposure of a limited amount of sensitive data; however, if the malware has been installed on multiple computers, and the infections have not been discovered for a number of days or weeks, a considerable amount of data could be obtained by criminals.

Keylogging malware infection discovered by OH Muhlenberg Community Hospital

A hospital in Kentucky recently discovered that not only have multiple computers been infected with keylogging malware, those infections occurred in 2012. For three years, every keystroke entered on each of those computers was recorded and transmitted to the hackers responsible for the attack.

The computers in question were used by healthcare providers, employees, and contractors. Due to the length of time the computers were infected, it is not even possible to ascertain the data that may have been exposed and copied. Patient health information was entered, Social security numbers, health insurance information and other highly sensitive Protected Health Information. Providers would have entered their Drug Enforcement Administration numbers, state license numbers, National Provider Identifiers and other sensitive data.

Employees who logged into healthcare systems using the computers, could have had their login credentials recorded. Access to web services similarly would have involved credentials being compromised.

Such an extensive, long term keylogging malware infection could place many patients at risk of suffering identity theft or fraud, and physicians could have their identities stolen. Criminals could have used the data to commit medical fraud, insurance fraud or file false tax returns. The fallout from this cyberattack could therefore be considerable, and may cost the hospital dearly.

The danger of keylogging malware

Once keylogging malware has been installed on a computer, any data entered via the keyboard can be recorded. That information is then exfiltrated to a hacker’s server until communications with unauthorized IP addresses is blocked. In the case of the hospital, the malware was only discovered after a tip-off was received by the FBI. Agents had noticed suspicious communications between the hospital and third party servers. When the alert was issued and a security audit performed, a number of computers were discovered to have been infected.

Even when cybersecurity protections are installed, it is unfortunately all too easy for these to be bypassed. All it takes is for one user to inadvertently install malware. In the majority of cases, this action will not be noticed by the person responsible. No warning is issued about a potential infection and no flags raised by anti-virus software.

How are keyloggers installed on computers?

How can a hospital that has invested in cybersecurity defenses be attacked and fail to notice for three years? If regular scans of the hospital’s computers had been conducted, the infections may have been identified sooner. However, not all keylogging malware is easy to detect. Hackers are developing ever more sophisticated malware that is capable of evading detection.

There are a number of ways the malware could have been installed without being detected by anti-virus and anti-malware software. Since multiple computers were infected, it suggests that either an insider had installed the keylogging malware on multiple machines, via a USB for instance, or that multiple members of staff had fallen for a phishing campaign.

Phishing emails are sent out in the millions in the hope that some individuals will respond and download malware. Multiple infections suggest that an organization has been targeted using spear phishing emails. These are emails that are sent to a particular group of individuals within an organization. The subjects are researched and links to malicious websites are sent that are likely to entice the users to click. They are then directed to websites containing malicious code that installs files on their computers. Keylogging malware can also be installed via infected email attachments.

By targeting users, hackers and other cybercriminals are able to bypass robust security controls. Users are the weakest link, and it is far easier to target them than break through multi-million-dollar security defenses.

Cost-effective protection against phishing emails and malicious websites

There are two cost-effective solutions that can prevent staff members falling for phishing campaigns that install keylogging malware. The first works by ensuring phishing emails are never delivered to an organization’s employees. If the emails are blocked and are not delivered, they will not be able to respond. A powerful anti-spam solution will catch the vast majority of spam and phishing emails. In the case of SpamTitan, over 99.7% of spam emails will be captured.

Since hackers and spammers are constantly changing their tactics, and new malware is continually being developed, it is not possible for all spam emails to be captured 100% of the time. Occasionally, even the most powerful Anti-Spam software will miss the occasional email.

To ensure staff members do not respond to a request to visit a malicious website or open a malware-infected email attachment, it is essential to provide training. Training will help end users to identify the occasional spam email that sneaks past a spam filter.

An anti-spam solution will not prevent a user from clicking on a social media link to a malicious website. Ad networks can similarly contain links to malicious sites. Clicking on one of those links could result in keylogging malware being downloaded.

The second cost-effective solution to offer protection from phishing websites is web filtering software. A web filter can be implemented that will prevent adverts from being displayed or potentially harmful websites from being visited. WebTitan offers these protections and will keep end users safe when surfing the Internet. If end users cannot visit phishing websites and other dangerous sites, they will be prevented from inadvertently installing malware.

Alongside other cybersecurity protections, and the development of internal policies covering internet and email usage, organizations can reduce the probability that a cyberattack will be successful. If regular malware and virus scans are also conducted, when computers are infected, the severity of the security breach will be reduced.

Manage Cybersecurity Risk with Data Protection Policies

In order to manage cybersecurity risk effectively, data protection policies must be developed. However, a new research study conducted by risk and business consulting firm Protiviti, suggests that a third of companies have not yet developed data protection policies. When data protection policies have been implemented, many are insufficient and leave the company vulnerable to a cyberattack.

Data protection policies are inadequate or non-existent in many cases

Over 700 information security professionals and executives were polled and asked about their company’s efforts to keep data secure. Questions were asked about data retention, storage and secure disposal, as well as governance, privacy policies and a wide range of cybersecurity controls. It would appear that many firms were not managing cybersecurity risk effectively, leaving them vulnerable.

Information security solutions may have been implemented, but basic controls such as the development and issuing of data protection policies had been neglected. When policies had been written and implemented, many were insufficient and did not cover even a fraction of the elements necessary to keep systems and data secure. Many security holes were allowed to persist.

To manage cybersecurity risk, start at the top

The board must become involved in cybersecurity decisions and should take a greater interest in keeping their organizations secure. Policies must be developed that set rules for the entire organization, and awareness of data and network security must be improved. All members of staff must be made aware of the current threat levels and a culture of security awareness developed. Best practices must be defined and all users monitored to make sure that those practices are being followed.

The study indicates that board level involvement in cybersecurity issues is becoming more common, yet only 28% of survey respondents indicated there was a current high level of board engagement in such issues. What is even more worrying is there has actually been a fall of 2% in high-level engagement year on year. 15% of respondents said board engagement in cybersecurity matters was low, while a third said engagement was at a medium level, better than in previous years.

You must identify the most critical assets to effectively manage cybersecurity risk

In order to protect assets, they must first be identified. This may sound obvious, but many companies are unsure what their critical assets are according to the study. A number of companies had failed to identify the data that cybercriminals were most likely to try to obtain. Appropriate protections were therefore not being put in place to keep the most sensitive data secure.

Confidence in repelling cyberattacks is low

The majority of organizations are not particularly confident that a targeted attack could be repelled, even though cybersecurity protections had been put in place. Companies were believed to be better at protecting their assets and keeping sensitive data secure than in recent years, although considerable efforts still need to be made.

According to the researchers, a lack of confidence is actually good news, as it should spur companies to keep on developing their security protections.

Memory Based Malware: No User Download Required

Think you have to open an infected email attachment or download a file to your computer to acquire a malware infection? Not with the latest memory based malware. Drive-by attacks are taking place that do not need any user-interaction. These file-less malware infections  use malware that resides in the computer memory, and RAM memory is not scanned by most anti-virus programs.

The good news is attacks of this nature are rare. The bad news is the malware is being increasingly used by cybercriminals.

Fortunately, malware that resides in the memory doesn’t survive a reboot. Unfortunately, by the time your computer is rebooted, you may have already lost your sensitive data. How often do you reboot? At the end of your working day? That could potentially give a hacker a full 8 hours to record your keystrokes or download files to your computer. A lot of damage can be done in 8 hours.

There is another problem. Hackers are now creating memory-based malware that actually survives a reboot. The malware has been configured to hook into an API. When the computer is restarted, the malware is reloaded back into the RAM.

Memory-based malware exploits security vulnerabilities in outdated software

If a user is convinced to visit a malicious website, or responds to a spam email containing a link to one of those sites as part of a phishing campaign, their computer can be infected almost immediately. A user is usually directed to a web page containing an exploit kit: The Angler exploit kit for example. Code on the website probes the users’ browser for security vulnerabilities. Security vulnerabilities in Adobe Flash or Adobe Reader could be exploited, or Java, Silverlight or any number of plug-ins that the user has installed.

However, instead of the vulnerability being used to download a file to the hard drive, code is inserted into the memory. This does not trigger an Anti-Virus program because no files are downloaded to the computer. This allows the hacker to perform a drive-by cyberattack, stealing information quickly and silently. That information could include login names, passwords, bank account information, or anything entered via the keyboard.

These types of cyberattacks are not new. They have been possible for a long time, but cybercriminals have not favored memory based malware. Unfortunately, memory based malware is being used in exploit kits that are widely available online.

Sometimes a fast and stealthy attack is preferable to a long-term malware infection. If the aim is to avoid detection at all costs, then this is one of the easiest ways to gather intel or data without setting off any alarms. High-profile targets such as governments could be targeted, and they would be none the wiser as next to no trace of an attack is left by memory based malware.

Is an attack inevitable? Can nothing be done to prevent the installation of memory based malware?

The solution is not anti-virus software, but to prevent users from visiting a website that contains the exploit kit. It may not be possible to prevent a drive-by attack once a malicious site has been visited, but it is possible to avoid visiting that site in the first place. Hackers must still direct a user to the malicious site in order for an attack to be possible. There must also be security vulnerabilities in the browser that can be exploited.

To protect your computer from memory-based malware, you must ensure that your web browser and software are kept up to date with the latest security patches. As for avoiding malicious websites that contain the exploit, a web filtering solution should be used. A web filter can block users from visiting malicious sites, or from web ads from being displayed. Website adverts are often used as a method of getting users to visit a malicious website.

Phishing and spam emails containing links to malicious sites can be prevented from being delivered using a powerful spam filtering solution. SpamTitan Technologies offers both solutions. SpamTitan Anti-Spam software protects users by blocking spam emails from being delivered, while WebTitan software can be configured to prevent users from visiting malicious websites.

The threat landscape may be constantly changing, and new exploits used to compromise computers and steal data, but fortunately the risk can be effectively managed.

New Mac Internet Scam Warning Issued

Using a Mac is safer than using a computer running Windows. That’s not to say it is not possible to inadvertently install a virus or malware on a Mac. It is just that hackers tend to focus more on PCs. From a hacker’s perspective, it is better to try to infect as many devices as possible and more people own PCs than Apple devices.

According to research conducted by IDC, sales of Macs have increased by just over 16% this year. However, while accurate figures are difficult to find, approximately 90% of computers use Windows software. This makes the operating system much more likely to be attacked. If you were a hacker would you concentrate on the 90%?

That does not mean that Mac users are immune to attack: BlackHole RAT, OS X Pinhead, Mac Flashback, and Mac Defender all targeted Mac users.

Mac users do face risks and must be cautious when using the Internet. They may not face such high risks, but they can just as easily fall for scams. Phishing websites will also work just as well on Macs users as they will on everyone else. That’s because phishing techniques are employed to fool the user of the device. It doesn’t matter what device is being used to access the Internet.

New phishing scam alerts iTunes users to account limitations

Mac users have recently been targeted by a campaign claiming iTunes accounts have been compromised. Most recently a phishing scam has been launched advising iTunes account holders that their accounts have been limited for security reasons.

They are informed of this by email and are provided with a link. If the link is clicked they are directed to a scam site and must enter information to lift the account limitation. A number of data fields must be completed and a credit card number entered.

This is an easy scam to identify as, even when accounts have been compromised, a service provider would not typically ask for a credit card number for identity verification.

If in doubt, just access your Apple account directly and check to see if there is a problem with your account. Never use the link supplied in an email.

Mac Internet scam reported offering urgent tech support

A Mac internet scam warning was recently issued after the discovery of a new tech support scam. A woman visited a webpage which flashed a warning that her Mac had been infected with malware. She was required to call a phone number to call to speak with tech support. On calling the number she was told she was speaking to an Apple employee, and she was required to pay for tech support to remove the infection. When asked for payment she tried to pay by AMEX, but was told American Express could not be used. This alerted her to the scam. Apple doesn’t have a problem taking AMEX as payment.

If you are warned of a virus infection, you can always visit an Apple store. They will be able to confirm if your Mac has really been infected.

Mac Internet scam warning! Your Mac is Infected with Malware!

Phishing scams targeting Mac users are far more common than malware infections targeting their devices, but malware is always a risk no matter what device is used. However, this year Apple has been targeted. A Mac Internet scam warning was issued earlier this year, again relating to Mac malware infections.

The scam is common with PC users, especially those using illegal file sharing websites, streaming services, and porn sites. However, a number of legitimate websites have been hijacked and are displaying pop-up windows announcing a virus infection has been detected.

The warnings come as a shock to Mac users and many will be convinced to click on the links. They direct the user to malicious websites offering fast and effective disinfection using Anti-Virus/Anti-Malware solutions. A click of a link will download a program called MacDefender that will conduct a full system scan.

The MacDefender Anti-Virus program is nothing of the sort. Instead of removing malware from the Mac, it is a form of malware. The fake Anti-Virus software appears to conduct a scan of the system and identifies apps that have been infected.  Popup windows are launched to porn sites and other websites as a scare tactic.

In order to remove the infections, the user is required to purchase a license for the software. To do that a credit card is required. Once the license has been purchased the program stops launching browser windows. It also advises the user that the malware has been removed.

Unfortunately for the victim, they have just given their credit card details to the scammers. Card purchase can be made and the criminals can run up thousands of dollars of debt.

No matter what device you use to access the Internet or email, you are always at risk of falling for a phishing scam or inadvertently installing malware. Fortunately, the risk can be easily managed. WebTitan is available for Windows and OS X, and offers protection from malware, malicious websites and phishing campaigns.

To find out how WebTitan can protect you and your company’s employees, call the sales support team today.

Does a SSL Certificate Mean a Website is Safe to Use?

If you want your employees to browse the Internet safely you should try to restrict access to websites that have a valid SSL certificate. It is now common knowledge that SSL certification means a website is secure and can be trusted; but is that true?

Does a SSL Certificate mean a website is safe to use? The answer is a definite no. The HTTPS or a SSL certificate alone is not a guarantee that the website is secure and can be trusted.

Many people believe that a SSL Certificate means a website is safe to use. Just because a website has a certificate, or starts with HTTPS, does not guarantee that it is 100% secure and free from malicious code. It just means that the website is probably safe. In the vast majority of cases the sites will be. Just not always.

Unfortunately, phishers and other cyber criminals have discovered how to exploit trust in SSL certificates. Some phishing websites have valid SSL certificates in place. This means even when you think your employees have been restricted to safe websites, they are still not protected from phishing sites. Relying on a block on sites that do not use SSL certification is a mistake, and potentially a very costly one.

It is a good idea to restrict access to unsecure websites, but further protections will be required if you want to be sure that your employees and your network are properly protected.

Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo.
Book Free Demo

What is a SSL Certificate?

In short, an SSL Certificate is a file that permanently binds a key to a company’s website. When an SSL certificate is installed on a company’s web server, connections with that website will be secure. Information will be sent via port 443 using the https protocol.

SSL Certificates are used by websites to secure sessions with web browsers. You will be able to tell which websites have an SSL certificate in place because they will have a padlock next the web address. This means that the connection with that website is via a secure connection. The information you enter when connected to the website can be used with confidence, and most importantly, it gives an indication that the site is not malicious.

The SSL Certificate lets a website visitor know that the site is trustworthy and informs those who look that the site belongs to a specific organization. It is important never to enter credit card details or bank information if a website does not have a valid SSL certificate. That would be an unacceptable risk to take.

Facebook, Twitter, and Google use SSL certification. When you visit those sites you will see a padlock next to the URL. If you click on the padlock, you will see the owner of the site and will know that ownership has been verified.

Some phishing websites have obtained SSL Certificates – How is this possible?

Unfortunately, phishing websites with SSL certificates are becoming more common. Many certificate authorities do not have a particularly strict vetting process. There have recently been a number of banking websites set up that use the certificates even though the sites are not genuine.

One recent scam involved the Halifax Bank in the UK. A phishing website was set up using a variation of the real website which is halifax-online.co.uk. The phishing site in question was halifaxonline-uk (do not visit this website). A very similar name, that would likely fool many account holders. Similar scams have been operated using variants of PayPal, and even Symantec has issued 30-day certificates to phishing websites.

The certificates are valid for long enough to allow a phishing campaign to be conducted. The phisher can then repeat the process with a different website, hosted with a different provider with a different SSL certificate.

Unfortunately, these certificates are one of the main ways of checking whether a website can be trusted. With a domain name that looks close enough to the real thing and an SSL Certificate and a padlock, many visitors will be fooled into thinking the website is genuine. When they enter in their login information, the data will be recorded by the site owner and can be used to login to the real website.

Some certificate authorities are better than others and can be trusted more, but unless they can all be trusted it makes a mockery of the SSL certificate. Unfortunately, all the SSL certificate does is confirm that the certificate owner owns the website, not that the particular website can be trusted.

WebTitan offers the additional protection your business needs to ensure access to malicious websites is blocked. See how with a FREE WebTitan demo.
Book Free Demo

Blocking access to websites without a valid SSL Certificate

A website with a valid SSL certificate means the website can be trusted more than a site without one. All employers should implement controls restricting access to websites that do not have a valid SSL Certificate, or at least configure settings to alert the user that they are about to connect to a website with an invalid certificate or without one entirely.

It is a simple process to block access to websites that do not have a valid SSL certificate. You can do this through your browser settings or you can modify the hosts file for instance. The former option would be fine for individuals or small businesses with just a few computers. It is not practical do this if you have 1,000 computers, run BYOD, or if your end users have multiple browsers installed.

Make your life easier by implementing a cost effective web filtering solution

By far the easiest solution to protect yourself and your network is to use a web filtering tool. There are many to choose from, but WebTitan from SpamTitan Technologies is one of the best and a highly cost effective solution for SMEs.

Since some disreputable sites have SSL certificates in place, it can be virtually impossible for end users to tell if they are safe or at risk. WebTitan offers the additional protection your business needs to ensure access to malicious websites is blocked, phishing scams are avoided and malware is not downloaded. Without a powerful web filter in place, blocking access to malicious websites will be an uphill battle, and it will only be a matter of time before your network is compromised.

Try WebTitan DNS Filtering for Free today

Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo.
Book Free Demo

Critical Security Vulnerabilities in Browser Plugins

Critical security vulnerabilities in browser plugins have been widely reported in recent months. As soon as one has been found and patched, more are discovered. Zero-day Adobe Flash vulnerabilities (Shockwave Flash) have been some of the most publicized, due to the sheer volume discovered in 2015.

Earlier this year a number of companies pulled the plug on the Flash plugin, deeming it not to be worth the security risk. While it was once the most commonly used way of displaying videos and animations on webpages, the critical vulnerabilities that have been discovered have made it simply too risky to use. There have been many calls for Flash to be retired.

Google Chrome and Firefox stopped supporting Adobe Flash and many companies are moving over to HTML5 which offers the ability to display the same multimedia items without requiring a browser plugin to be used. One of the main problems with a plugin from a security perspective, is it will only be secure if the latest version is installed. Even then, as we have seen with the sheer number of security vulnerabilities found in Adobe Flash, the latest version many not be very secure at all.

If a user has not updated the plugin to the latest version, and an older version is still in use, criminals will be able to take advantage. A visitor to a website containing malware could result in the vulnerabilities being exploited. Exploit kits can be used by hackers to probe for security vulnerabilities in browsers to find out which software can be exploited. Other Adobe plugins can be exploited, such as PDF Reader.

Numerous critical security vulnerabilities in browser plugins discovered

It is not only Adobe plugins that are a problem of course, others company’s plugins also contain vulnerabilities that can be exploited. Even HTML5, which is seen by many as a more secure way of showing multimedia items on websites than Flash, is far from immune and also contains security vulnerabilities. No plugin is even required with HTML5.

In mid-October, Oracle released a security update for its Java software to deal with over twenty new security vulnerabilities that had been discovered. Oracle announced that an update was necessary on all computers as “all but one of those flaws may be remotely exploitable without authentication”. That means that a hacker could potentially exploit the vulnerabilities on any computer with an older version of Java installed, without the need to use a password.

Once critical security vulnerabilities in browser plugins have been announced and details of the flaws released online, the information is out there and available to hackers. Assuming hackers have not already discovered the vulnerabilities themselves.

A website link may not be as genuine as it appears (hovering your mouse arrow over it will not reveal a potentially malicious link!)

There are easy ways to check to see if a web link is legitimate or if the text has been changed so that it appears genuine. If you hover your mouse arrow over the link, the correct URL will be displayed. If end users get into the habit of checking every link before clicking, it will become second nature. Many phishing websites and other nasty web pages can thus be avoided.

Unfortunately, it is not always that simple. There are ways to make a URL appear genuine, even when the mouse arrow is used to check the link.

Some Japanese characters appear to be very similar to a forward slash, while certain Cyrillic characters are displayed as letters. This makes links appear genuine, and can be virtually impossible to spot. If one of these characters is present in a link and is displayed as a standard letter, the webpage could be a fake but would be indistinguishable from the genuine page.

An apparently genuine link could well be a link to a webpage containing malware. Many malicious websites can probe for critical security vulnerabilities in browser plugins.

These worrying issues were recently discussed at the SC Congress in New York, with Salesforce.com’s product security director Angelo Prado and senior product security engineer Xiaoran Wang demonstrating these and other worrying security flaws. They pointed out a particularly scary feature in HTML5 that allows a link to automatically download a file to a computer without the user being taken to the webpage used to host the file.

Protection is required and vigilance is key to avoid becoming a victim

The latest discoveries may make it exceptionally difficult to tell if a link is genuine. Even changing from the security flaw ridden Flash to HTML5 will not necessarily make the Internet a safer place. Fortunately, it is possible to take steps to ensure that end users are better protected, and stopped from visiting malicious websites. That said, it is essential that critical security vulnerabilities in browser plugins are addressed.

IT professionals should also install a web filtering solution such as WebTitan. Links can be blocked and users stopped in their tracks before they reach a malicious website. This type of protection is vital for businesses, schools, colleges and charities.

A visit to a malicious website can result in keyloggers being installed that can record and send passwords and login credentials to a hacker’s command and control center. Devices can become part of botnets and be used to send out huge volumes of spam emails, or computers could be hijacked and used for Bitcoin mining. Worse still, an infected computer, tablet, or Smartphone could be used to launch an attack on a corporate network.

It is also essential to be more security conscious. It may be difficult, or even impossible, to identify all online threats (and those delivered via email or social media networks), but many are obvious if you know what to look for. Staff training on security threats and online/email best practices must be provided if networks are to be kept secure.

It really does pay to take the advice offered by the FBI. Stop. Think. Connect. If in doubt. Do not connect. This should now be a common practice that is second nature. The current volume of data breaches now being reported suggest that for many employees it is not.

Customers Warned of TalkTalk Hacking Scams as Data are Sold on Dark Net Websites

British mobile phone and broadband provider TalkTalk discovered it had been hacked late last month; however further information has emerged that suggests TalkTalk hacking scams are increasing in number. Over a million customers’ data are apparently being offered for sale on the dark net, with criminals already using the data to defraud victims.

Over four million customers were believed to have been affected by the hacking scandal at first, although not all of the company’s customers are now understood to have been affected.

A criminal investigation was launched a few days after the hack was discovered. Initial reports suggested an Islamic terrorist group from Russia were behind the attack, having publically claimed responsibility. This claim appears to be false.

The Metropolitan Police Cyber Crime Unit acted fast and just a few days after the attack was announced, a 15-year old teenage boy was arrested in Northern Ireland on suspicion of being behind the attack. A few days later, a second arrest was made, this time a 16-year old boy from West London. A 20-year old was arrested in Staffordshire in connection with the hack, and now a fourth individual has been arrested: A 16-year old boy from Norwich has been detained.

1.2 million email addresses obtained by the hackers

The official figures released by TalkTalk are much lower than the initial estimates, but the hack still ranks as one of the biggest UK hacking scandals to be reported in recent years.

A statement released by the company revealed that approximately 1.2 million email addresses had been obtained in the attack, customer names and phone numbers were also stolen, and 21,000 bank account numbers and sort codes were accessed, presumed stolen. A later press release indicated that 156,959 individuals had been affected, and the earlier figure was “bits of data,” including email addresses, names, and phone numbers.

Credit card numbers were compromised, but since they did not contain complete numbers there does not appear to be a risk of them being used inappropriately. However, that is not to say that the data will be useless. Phishers may well devise campaigns to obtain the remaining digits from unwary TalkTalk customers.

It is not clear how the attack was performed as reports have not been confirmed, but it would appear that the attack was made using a blind SQL injection which exploited a vulnerability in a video on a page of the TalkTalk website. The specific vulnerability was not disclosed, although Adobe Flash has been found to contain vulnerabilities that could be exploited by SQL injection. These vulnerabilities were addressed in a recent patch issued by Adobe. SQL injection is the insertion of code that allows access to be gained to a company database. It is a very common technique used by hackers to gain access to corporate databases.

What is clear is that the security staff were distracted dealing with a DDoS (Distributed Denial of Service) attack that was conducted by one of the team of hackers. A DDoS attack bombards a company’s website with huge volumes of traffic, overwhelming it. This is made possible by using systems that have been compromised with a Trojan or have been infected by a botnet.

It would appear that while TalkTalk was dealing with the DDoS attack, the criminals were able to gain access to the company’s data by exploiting the website security vulnerability. A report in the Daily Mail indicates one of the team of hackers behind the attack made a mistake and accidentally disconnected from a service that was being used to hide his real IP address.

Some sources have reported that a ransom demand was issued in which £80,000 was demanded in Bitcoin. If the ransom was not paid the criminals behind the attack would release the data or sell it on dark net websites to criminals.  That appears to have already happened, with at least one individual appearing to have clocked up over 500 sales via dark net marketplace, AlphaBay.

Another online criminal was reportedly negotiating a deal to sell details of 500,000 accounts on the dark net, and claimed to have over a million records in his possession.

Businessinsider.com.au claims to have had been in contact with individuals who claim there were part of the attack, with figures of 1.3 million records mentioned. When asked why they carried out the attack, one person claimed it was for “sh*ts and giggles”, another for “lolz”, and “purely to like, own the ISP.” One of the persons behind the attack said it wasn’t for the money. The claim that a ransom was demanded were also denied.

While the total number of records exposed is not clear, and none of the reports from conversations with those claiming to have had a part in it have been confirmed, what is clear is that the security in place at TalkTalk was poor in some cases. One of the boys claims that one account had a password with just three digits. One quote obtained by Business Insider, from an individual operating under the name “Vamp”, claimed that the security in place was “terrible, that’s being honest with you, horrible.”

Reports in the press suggest that the vulnerability was shared, and between 20 and 25 people had access – although 5 individuals were reportedly behind the attack, including two in the UK and two in the U.S.

Beware of TalkTalk hacking scams

TalkTalk hacking scams have already been reported, with some customers having complained about being bombarded with phone calls following the security breach, as criminals attempt to use the contact information obtained to defraud victims. One victim was called after apparently having his internet connection slowed down, and was directed to a website, presumably containing malicious code.

TalkTalk hacking scams could be launched via email since 1.2 million email addresses were compromised in the attack. Phishing campaigns are often used by criminals to get users to reveal sensitive information, visit malicious websites or install malware on computers. The type of information obtained by the hackers, and subsequently sold to online criminals, could easily be used to launch highly convincing campaigns.

All of the company’s customers are advised to be exceptionally cautious, and not to reveal any personal information over the telephone, Internet or via email. TalkTalk hacking scams could be in operation for many months to come so it is vital that all customers remain vigilant and be on their guard.

Being hacked can have serious implications for a brand

A data breach such as this can have a major effect on an organization. Customers will lose trust in the brand, and it is difficult to regain trust once it has been lost. Many of the company’s 4 million customers are expected to change mobile phone/broadband provider as a result.

This is a highly competitive market and there will be no shortage of competitors looking to snap up new customers as a result of the security breach. Following the news of the hack, the company’s share price fell by 10%.

It will not be known for many weeks or months how much of an effect this, and other TalkTalk hacking scams, will have on the company’s brand image, but what is certain is it will certainly have a major financial impact. Many customers are also likely to lose out as scammers seek to take advantage.

Stockbroker Loses Job for Responding to a Phishing Email

Personal losses may not be suffered after responding to a phishing email sent to a work email address, but that does not mean an employer is the only victim. A U.S. stockbroker has just discovered that falling for a phishing campaign can result in loss of employment, as well as being barred from gaining employment as a stockbroker for a year.

Responding to a phishing email can have serious consequences

In this case, the ban was not issued for simply responding to a phishing email, but for the actions taken by the stockbroker. The phishing email response occurred last year, and resulted in $160,000 in funds being transferred from a client’s account into the bank account of a scammer.

The stockbroker, David P. Santos, received an email that had apparently been sent by his client. However, the client did not make the transfer request. The email was sent by a hacker who had managed to gain access to the client’s email account. The email requested a transfer of funds to a third party bank.

Santos obliged, but in order to do so, forged the signature of his client. He did this on 10 separate documents and made a series of transfers. According to a report issued by the Financial Industry Regulatory Authority (FINRA), in order to obtain the necessary funds, Santos liquidated holdings and conducted improper trades.

The matter has recently been back in the news as it was incorrectly tied to another security incident at the bank involving the theft of a laptop computer. According to the Pioneer Bank of Troy, Santos’s former employer, the matters are totally unrelated.

This may be an extreme example of an employee falling for a phishing scam, but the incident does highlight the need for employers to be vigilant, and to implement multi-layered security controls to protect against scam emails and phishing campaigns.

Proven phishing prevention strategies to minimize risk

If enough spam and phishing emails reach the inboxes of employees it is only a matter of time before someone responds and opens an infected attachment, visits a malware-ridden website, or exposes sensitive information to hackers. In some cases, even accountants fall for scams and make bank transfers from corporate accounts.

There are a number of measures employers can take to reduce the risk from spam and phishing emails. If no action is taken, it is just a matter of time before users fall for a scam. Once that happens, a network can be compromised or fraudulent bank transfers made.

Develop a culture of security awareness in the workplace

  • Ensuring all new employees receive security awareness training as part of their induction program
  • Conducting regular refresher training to keep data privacy and security matters fresh in the mind
  • Place notices of the latest security threats on company noticeboards
  • Issue email alerts warning of current threats, new scam emails and phishing campaigns as soon as they are discovered

Purchase software solutions to reduce the risk of employees falling for phishing scams

  • Invest in a robust and effective spam filter to prevent spam and phishing emails from being delivered
  • Employ a web filtering solution to stop employees visiting known malware-infected websites

Check for intrusions and malicious software that has bypassed security controls

  • Use Anti-Virus software and ensure virus definitions are set to update automatically.
  • Schedule full system scans during periods of low network activity
  • Install Anti-Malware software, keep definitions updated, and regularly schedule malware scans
  • Use an AV engine to protect end users and a separate one for servers. Two engines will maximize the chance of catching all viruses and malware

Awareness of Security Threats is a Cause for Concern

A new study conducted by CompTIA has highlighted the risks that are being taken by end users, and suggest low awareness of security threats. End users’ lack of knowledge of basic security measures continually frustrates IT security professionals. End users are usually seen as the weakest link in the security chain, and the results of this study are unlikely to see many minds changed. The study also suggested the persons most likely to take risks and jeopardize security are in their early twenties: Gen Y.

Gen Y Has Low Awareness of Security Threats

One of the tests conducted was a relatively straightforward but ingenious test of risk awareness. CompTIA researchers dropped 200 unmarked thumb drives in locations that received high volumes of foot traffic. The researchers wanted to find out how many individuals would pick up the drives and plug them into their computers.

Thumb drives can be purchased cheaply, but are extremely useful. Finding one in the street may be seen as a lucky find. However, plugging such a drive into a computer carries a huge risk. There is no knowing what software is installed on the drive, and simply plugging it into a computer could easily result in malware or viruses being installed.

In this case, doing that just resulted in a pop up message being displayed which prompted the new owner of the thumb drive to send an email to the researchers to let them know that the device had been found and plugged in. In total, 17% of the 200 thumb drives resulted in a response being received by the researchers. Not all of the individuals who picked up the thumb drive will have responded to pop-up request to send an email to the study organizers, so the number of individuals who did plug in the drive may well have been higher.

The company also conducted a survey to discover more about end user awareness of security threats. Over 1200 completed surveys were collected by the company, and the results show that many end users are taking considerable security risks. Those risks could result in laptops, computers, and mobile phones being compromised. If IT security professionals were worried about end user risk taking before, they are likely to be even more worried now.

Numerous questions were asked; however, the most worrying statistics for security professionals is the volume of individuals who use the same passwords for personal accounts as they do for their work computers. The study revealed 38% of respondents did this, while 36% used their work email address for personal accounts.

Gen Y end users were most likely to take risks, with 40% saying that they would pick up and use a flash drive they found in the street, and 94% of respondents connect either their laptop computer or mobile to public Wi-Fi networks. Nearly seven out of ten individuals said they use their laptops for work purposes or to handle work-related data and 6 out of ten employees used employer-supplied mobile devices for personal applications.

While IT security professionals reading the CompTIA’s statistics may break out in a cold sweat at the excessive risks being taken by end users, there is a solution. That is to provide more security awareness training to staff. End users may be the weakest link, but with training, risk can be managed.If awareness of security threats increases, organizations will be better protected from cyberattacks.

Less than half of respondents reported having received any cyber security training, so consequently awareness of security threats was understandably low. Employees were not aware of the level of risk they were talking. Unless end users are shown how to be more security conscious, risky behavior is unlikely to decrease.

Mobile Malware Risk Increase Shown by New Kaspersky Report

A new security report issued by leading Anti-Virus firm Kaspersky Labs has highlighted the growing mobile malware risk, with Adware (intrusive mobile advertising) seeing a huge increase since last quarter.

The third quarter report shows a 3.1% increase in the number of new mobile malware programs discovered by Kaspersky Labs’s Q1, 2015 figures, with a 1.1% increase since last quarter.  In total, Kaspersky products detected 323,374 new mobile malware threats over the past three months. The mobile malware risk appears to be growing.

Only a small increase in mobile malware was recorded since last quarter, but the same cannot be said of mobile malware installation packages.  1,583,094 new installation packages were detected in Q3, which is one and a half times the total discovered in Q2.

There have been some significant changes in the types of mobile malware discovered, with some vectors seeing a fall in prevalence. Trojan Downloaders, Backdoors, Trojans, Trojan-Spy’s and Trojan-SMS’s all decreased in prevalence in Q3. The most significant reduction was in Trojan-Spy and Trojan-SMS malware, which dropped by 1.6 and 1.9 percentage points respectively.

However, the biggest drop since last quarter was recorded for RiskTool, which fell by 16.6 percentage points since the last quarterly report was issued. The RiskTool category includes legitimate mobile programs which are not malicious in nature, but can be manipulated by hackers. This makes them particularly risky to have installed on mobile devices. These programs are capable of terminating processes (such as security applications), hiding processes from the user, and concealing files within the Android system.

There were marginal increases in Trojan-Dropper, Trojan-Banker and Trojan-Ransom detections. The biggest rise by a considerable margin was Adware. Mobile Adware jumped from 19% of detections in Q2 to 52.2% in Q3: An increase of 33.2 percentage points.

Huge Hike in AdWare Highlights Increasing Mobile Malware Risk

Cybercriminals manage to install malware on mobile devices, but how do they actually make money from those infections? Many items of malware log keystrokes and capture passwords and logins used to access Internet banking websites but, the majority of mobile threats involve monetization via advertising. This quarter over half of all mobile malware threats came from Adware.

While the main form of monetization comes from the adverts served, that does not mean that is the only threat to users. Adverts are certainly annoying, and can contain links to malicious websites, but there could well be much worse things happening on your mobile device.

Malware is installed that can root the device and elevate privileges. Hackers can then take full control of the entire device. With superuser privileges, hackers can make changes which even the user of the device would not be able to make. Once this happens, it can be nigh on impossible to eradicate the malware and take back control of the device. It may also be virtually impossible to tell if a device has actually been attacked.

This quarter, the malicious software capable of doing this accounted for over half of the most popular malware items affecting mobile devices. The most common malicious program recorded by Kaspersky Labs, by some distance, was DangerousObject.Multi.Generic. This malware item accounted for 46.6% of attacks. The next biggest threat came from Trojan.AndroidOS.Rootnik.d which accounted for 9.9% of attacks in Q3.

How did Kaspersky Labs Produce the Report?

The latest Kaspersky report was compiled from data collected from the Kaspersky Security Network (KSN), which includes multiple anti-malware products and components. Kaspersky collected data from over 213 countries from users who had provided consent to send data from their devices to KSN. This global information exchange allows current threats to be accurately monitored. Data sharing is vital in the fight against cybercrime.

Countering the Mobile Malware Risk

Anti-Virus software such as that produced by Kaspersky Labs can be used to reduce the mobile malware risk and prevent mobile devices from being attacked. An additional control that should be considered, especially by companies allowing the use of personal devices in the workplace, is to install a web filtering solution to prevent users from accessing websites known to contain malware. This will reduce the mobile malware risk considerably.

SpamTitan web filtering software offers excellent protection and compliments AV software programs. The web filter prevents users from visiting risky websites, even when phishing links are clicked.It is one of the best ways to reduce mobile malware risk levels, although to reduce mobile malware risk to a minimal level, a multi-layered risk management strategy should be adopted.

Liability for Employee Internet Usage

Liability for Employee Internet Usage: Can an Employer be Liable for an Employee’s Online Activity?

There are numerous benefits to be gained from allowing employees access to the Internet. Information can be found quickly, contacts can be easily developed, new suppliers easily located, products purchased, research conducted and many more benefits can be realized.

Unfortunately, the provision of Internet access to employees does occasionally lead to abuse. An employee could use the Internet to access personal gambling accounts and play online poker at work, or social media websites could be used excessively. Individuals can and do view pornography at work. Threats and disparaging comments may be posted online. You can also add the illegal file sharing, hacking of other corporations, and illegally accessing databases to that list.

There are plenty of other ways of abusing Internet access and, if it is possible to be done, an employee somewhere will have already done it.

The majority of these acts are committed only by a minority of employees. They rarely cause an employer, co-worker or other individual to come to any harm. However, this is not always necessarily the case. Should harm occur, or an employee breaks the law, the employer could be found to be liable for the employee’s actions.

There have been a number of cases when employers have been found to be liable for the actions of employees, such as when actions have adversely affected work colleagues. Some of the most common reasons for lawsuits have been sexual harassment of co-workers, threats of violence, racial harassment, and discrimination.

Respondeat superior – Employer Liability for the actions of an employee

The legal term for vicarious liability of an employer for actions committed by an employee is Respondeat superior. This is nothing new. It has been written into the law for over 100 years. Today, Respondeat superior does not only apply to verbal actions, it also applies to actions committed using email and abuse of the Internet. It is not limited to actions against co-workers either. Liability for employee Internet usage may result from comments posted on forums.

Typically, an employer would only be liable for an act committed by an employee while furthering the purpose of an employer. For instance, if an employee of the marketing department was posting links to a company website via Internet forums, an employer could be found liable for harm caused to a third party if those links defamed the character of a third party or were deemed to be slanderous.

In recent years, Internet abuse by employees does not necessarily have to have been conducted to further the purposes of an individual employee. Simply providing an employee with the opportunity to cause harm may come back on the employer. It doesn’t even matter if the employer is aware of the activity in many cases, it will not protect them from liability for employee Internet usage.

How can employers protect against liability under Respondeat superior?

There are four easy ways that employers can protect themselves from liability stemming from employees misusing the internet at work. The first is one of the simplest measures and the cheapest to implement. The other three controls involve software solutions.

Implement clear policies covering acceptable uses of the Internet and email at work

This measure is the simplest to implement, yet even this basic control has not been put in place by many SMEs. If an employer has not written clear and precise policies on allowable uses of the Internet and email in the workplace, employees cannot be expected to know whether they are committing acts that the company finds unacceptable.

If an employee is not informed that an activity is unacceptable they cannot be expected to guess. Accessing pornography at work and being fired for doing so could see that decision overturned in an employment tribunal if the employee was not informed that accessing porn would result in the immediate termination of his or her work contract. It is also essential that a signed copy of Internet usage policies is obtained from each employee.

Implement a system that monitors Internet and email usage in the workplace

Policies are only the first step. There must be a method of monitoring access to the Internet, otherwise there will be no way of telling if employees are adhering to company policies. It may not be necessary to constantly monitor Internet access, but regular audits should be conducted. Any individual found to have abused access rights must be subject to disciplinary procedures. There is no point implementing policies that are not enforced.

Liability for employee Internet usage is more likely if a web filter is not employed to control Internet access

Many employers choose not to take chances and restrict the websites that can be viewed in the workplace. There are many methods of achieving this, such as setting rules in browsers or on proxy servers used to access the Internet. Many of these methods can be implemented cheaply, and some without any cost other than the time it takes to set them up.

In some cases, the man-hours required to set up these rules makes it impractical. It is often far quicker, easier, and more cost effective to employ a powerful web filter. This will allow a system administrator to centrally control Internet access for individuals, groups, or the entire organization. A web filtering solution with a high degree of granularity will allow a wide range of controls to be applied for different roles within an organization and can be used to restrict access to pornography for the whole organization, limit the time that can be spent on social media websites, and set specific privileges for each individual if required.

Use an Anti-Spam solution to prevent email abuse at work

Internet abuse must be tackled, but it is important not to forget email. Email is used by virtually every company employee and is just as easy to abuse. It is difficult to control the content of messages to protect employees from sexual harassment, but it is possible to prevent individuals from emailing certain file types outside the company.

Anti-Spam products include a filter to protect users from incoming spam, but products such as SpanTitan also offer control over outgoing emails. The spam filter can be configured to prevent individuals from using company email accounts to conduct personal spamming campaigns.

If you put the controls in place to prevent Internet and email abuse, monitor activity, and make sure Internet and email usage polices are in place, it is possible to protect the business from liability. Liability for employee Internet usage will be avoided. It will be the employee, not the employer, that is likely to be found liable.

Critical Joomla Vulnerability Discovered

Operators of websites running on the popular Joomla CMS have been alerted to a remote takeover risk following the discovery of a critical Joomla vulnerability. Approximately 2.8 million websites use the Joomla Content Management System, with the CMS second only to WordPress in terms of market share.

Joomla version 3.4.5 has now been released and contains a patch to plug the security hole that has existed for close to two years, although any site still running on previous versions will be particularly vulnerable to attack. Should a hacker successfully exploit the vulnerability, it would be able to obtain administrator privileges for the website, allowing full control to be handed over to the hacker. It would be possible for all data and content to be stolen and for the owner of the website and all other site users to be locked out.

The vulnerability, discovered by Trustwave SpiderLabs, affects version 3.2 and above and can be exploited using a hacking technique known as SQL injection. All users of versions 3.2 to 3.4.4 are at risk since this critical Joomla vulnerability affects as core module of the CMS, not an extension. Two other security flaws were also patched by the new release.

SQL injection is a common technique used by hackers to gain access to websites. The attacks are conducted by entering in SQL commands into text fields on the front end of website. These commands are misinterpreted by the web application. Instead of treating the input as plaintext, it is interpreted as executable code. As such, if the right commands are entered, the websites can be hijacked. Numerous cyberattacks have been successfully conducted using this very straightforward technique, including the recent hack of mobile and broadband provider TalkTalk.

Critical Joomla vulnerability can be used to gain access to the administrator control panel

Once access has been gained, files can be downloaded including confidential customer information. Since Joomla is used to create e-commerce websites, customers who have previously purchased products through Joomla websites could have their confidential information stolen.

This critical vulnerability can be exploited to extract a browser cookie which can be used to provide the attacker with administrator privileges. If that cookie is loaded into the browser, the hacker can gain access to the back end of the website and can access the administrator control panel. The code required to exploit the vulnerability has already been posted online.

It is therefore imperative that all administrators of Joomla sites update their website software immediately and patch the critical Joomla vulnerability in order to secure their sites.

The importance of updating software patches as soon as they are released

Zero-day vulnerabilities are frequently discovered in popular website applications and content management systems. A failure to install patches promptly leaves websites particularly vulnerable to attack. Code used to exploit the vulnerabilities can easily be found online, and is commonly shared by hackers, white hat and black hat – via online hacking and software development communities. Once an announcement has been made, there will be many amateur and professional hackers willing to exploit the vulnerability. Should that happen, data can be deleted, access rights changed, and customer data stolen.

Google Tackles Ad Injection Malware Threat

Organizations face a growing risk of sensitive data being compromised by ad injection malware. The latest figures released by Google suggest that an organization employing 100 individuals is likely to have at least five computers infected with ad injection malware.

This form of malware causes adverts to be displayed to the user that would not normally appear when visiting websites. The malware infects their browsers and results in annoying adverts being displayed, some of which contain links to legitimate retailers. Others contain much more sinister content. With little control exerted over the individuals placing the ads, cybercriminals are able to take advantage and place adverts containing links to malicious websites.

However, that is not the only security risk. When the malware infects a browser it causes changes to how websites are displayed. A connection to a website would be secured under normal circumstances, preventing third parties eavesdropping on the session. Unfortunately, when a browser is infected, the process used to encrypt the connection is broken. Sessions are no longer encrypted, and any data entered by the user could potentially be seen by a hacker or cybercriminal monitoring their connection.

When accessing a webpage via an open Wi-Fi network, an eavesdropper could quite easily listen in on the session. Usernames and passwords could be revealed as well as other confidential information.

Lenovo laptops were pre-installed with ad injection software

Potentially a user could avoid having their browser infected with the malware, but not if they bought a Lenovo laptop. Even brand new, straight-out-of-the-box laptops had been “infected”. In this case, by Lenovo. They have been shipping brand new laptops with legitimate software installed that inserts adverts into Google searches. The software in question is called Superfish and it functions as an image search engine.

Superfish is able to show adverts by using a root certificate which replaces a trusted website’s security with its own. This is how it is able to display adverts. Unfortunately, the security used by Superfish can easily be cracked. In fact, it already has been, so any Lenovo computer with Superfish installed cannot be used to securely browse the Internet. On an open Wi-Fi network, even a secure website such as an online banking site would not be secure.

Anyone not wishing to lose their privacy could uninstall Superfish. Unfortunately, if the software is uninstalled the security hole remains. The owner of the laptop will be permanently at risk of having their privacy violated and their internet surfing monitored. A problem for any employer allowing Lenovo laptops to be used for BYOD.

Google takes action to protect Chrome users

This type of “malware” is not new of course. The problem is the number of new applications and browser extensions that allow this form of advertising. Google has recently removed approximately 200 Chrome extensions from its web store that are capable of injecting ads into otherwise secure sites. Unfortunately, Google has discovered approximately 34,000 standalone applications that are able to inject ads when users browse the internet. There are approximately 50K Chrome extensions that allow ad injection according to Google researchers.

The solution for now, for employers at least, is to ensure that they do not use open Wi-Fi networks in the workplace. This will prevent any eavesdropping even if a user’s browser has been infected. BYOD participants should be instructed on the risk of using open Wi-Fi networks and told never to use their devices to access work accounts using public Wi-Fi hotspots.

Your Favorite Coffee Shop Filters its Coffee, but not Internet Access

Visiting a coffee shop for a caffeine fix usually means having the opportunity to save some bandwidth by connecting to a free Wi-Fi network. In fact a coffee shop without free Wi-Fi is unlikely to be anywhere near as busy and those offering patrons the opportunity to connect to the Internet for free.

Even airports, restaurants, shopping centers and many pubs allow visitors to connect to their Wi-Fi for free. Many freelance workers even head to cafes to a full day’s work, while others just check email or surf the Internet. The ability to connect to someone else’s Wi-Fi is convenient and saves money. However, as many people discover, it may not be quite as free as they think. Connecting to free Wi-Fi hotspots carries considerable risks. There may actually a considerable cost. Identity theft and the emptying of a bank account!

The importance of a secure Wi-Fi connection

Many free Wi-Fi networks allow any user within range to connect without even having to register. These open networks really are open to anyone, and that means open to criminals as well. When users connect to these networks they allow any individual who is also connected to see a considerable amount of their data. Should a person with the inclination and a modicum of technical skill choose to inspect network traffic, they could potentially see the websites that are visited, read the emails that are sent, and even view login names and passwords. Installing malware on every device that connects is also pretty straightforward.

Not all Wi-Fi networks are open. Some coffee shops and free Wi-Fi hotspots require users to identify themselves. Access can only be gained if users logon. This requires the use of a token or password which is only provided to people who create accounts. These Wi-Fi networks use encryption that prevents data from being intercepted. That does not mean that these networks are entirely secure, only that additional security controls have been employed to make them safer.

If operators of public Wi-Fi networks really want to protect their users from the myriad of viruses and malware on the Internet, additional security controls should be employed. One of the best options in this regard is a web filter (often referred to as an Internet filter or content filter).

The importance of installing a web filter to protect users

A web filter will restrict the websites that can be visited while connected to a network. Many businesses have web filters in place to restrict the websites that employees can access while at work. Many homes have a parental filter in place that stops children (and adults!) from accessing pornographic content, gambling websites, dating sites and other types of website that contain inappropriate or potentially harmful content.

Coffee shops and cafes rarely have these web filters in place. They may filter the coffee, but they certainly do not filter the Internet. This means visitors could access pornographic material, gambling sites, and streaming services, and many of those websites contain really dangerous material – malware, viruses, and malicious code that could result in the users’ devices being infected. In some cases, their device could be compromised to the point that all data entered could be transmitted to a hacker.

Insecure or secure Wi-Fi – The choice is yours

When setting up a Wi-Fi network, the system administrator or operator of that network has a choice: Secure or insecure. The reality is that there is very little difference in terms of time when setting up a secure or insecure network, but there is a world of difference for users.

Even if an insecure network is chosen and kept totally separate from other networks, there is a risk that the insecure Wi-Fi network will be used by hackers to launch an attack on other networks that have been secured. Insecure Wi-Fi should therefore never be chosen.

Would you want your patrons or employees to be infected? What impact would that have on your business?

Are you waving a flag and shouting at hackers to come and attack your network?

Set up an insecure network and you might as well place a sign above your door saying hackers welcome! Attack our visitors and steal from our employees!

Fail to protect your network and your employees and loyal customers could have their privacy violated, devices compromised, and their most sensitive information revealed. The decision not to secure Wi-Fi, which is illegal in some parts of the world, could also be leaving you wide open to a lawsuit. It could also seriously damage your brand’s reputation and end up driving customers away.

Providing the public with free Wi-Fi access? Make sure you…….

Set up a secure password

An insecure password does not really offer much more protection than an open network. If your password is easy to guess, hackers will guess correctly before very long. Don’t use your shop name, use numbers and letters, include capital letters and even some symbols. Never use a name with a date appended to the end, or a number sequence such as 1234. Also do not use common words with a few specific characters replaced with numbers. You may think they are hard to guess, but not for a bot that tries many different common combinations.

Block the content that can be accessed through your network

Would you like a child to accidentally see the screen of someone viewing hardcore pornography while connected to your network? Would you like to deal with law enforcement officers when they visit you to find out why one your visitors are downloading terrorist manuals from your establishment? Of course not!

The answer is to restrict the content that can be viewed, and to do that you need to install a web filter such as WebTitan Wi-Fi. Its low cost, easy to set up, and it will restrict the websites that can be accessed through your network.

Filtering Wi-Fi should be as important to you as filtering your water and coffee. More so in fact. It protects you and it protects your customers. If your focus is providing a quality service for your customers, the provision of a web filter is essential. It could be the difference between a customer visiting your establishment or going to a more secure competitor.

5 Security Errors Often Made by System Administrators

Most system administrators have a rather long to-do list. As soon as one item is cleared, another two seem to take its place. Oftentimes there are simply not enough hours in the day to deal with all of the issues. There are software problems, hardware problems, user problems, and it can be hard to find time to be proactive instead of reactive.

We would like to make your job easier and reduce the number of items on your future to-do lists. With this in mind we have listed five issues that you should avoid to prevent future headaches. They are basic, but that is why many system administrators forget them.

Network Security No No’s

Never host more than Windows Active Directory on a domain controller

Active Directory looks after the identities and relationships of your network. It will allow you to provide all employees with SSO (Single Sign-On) access. However, it is important that Active Directory is isolated and the machine you use is not used for anything else. Don’t mix up your assets, as in the event of one being compromised, anything else hosted on the same machine is also likely to be affected. After all, hackers are likely to have a snoop around and see what else is running on a server they have managed to gain access to. Keep everything separate, and you will be limiting the damage that can be caused in the event of a security breach.

Don’t access a workstation using your administrator credentials

Your administrator login credentials, if compromised, would allow a malicious insider or outsider to gain access to systems where a lot of damage can be caused. If you login to a compromised workstation using your administrator login, you could be giving your access rights to a hacker. Cached login credentials are not difficult to obtain. Github offers code that will allow anyone to change Local Admin privileges to Domain Admin privileges. If that happens, a hacker really can unleash hell.

Don’t ever reuse passwords

One of the most elementary data security measures is to ensure passwords are impossible to guess. In the unlikely event that your password is guessed, or is somehow compromised, it is essential that the password cannot be used to access any other systems, servers or workstations. Setting different access passwords for everything is a pain, but it is an essential security measure.

Don’t leave default logins active

Default logins are often exploited. Many can be obtained with a very quick search on the Internet. This applies for all networked devices, routers, and equipment. It is usually the first thing that will be attempted in order to gain access. How easy is this? Take hospital drug pumps as an example. There have been instances of patients searching online for the manufacturer’s website, obtaining the default login details, and then logging in to up their morphine doses. If patients can do it, it would not be too hard for a hacker.

Never, ever use an open Wi-Fi network

In a business environment, it is not possible to justify using an open Wi-Fi network. The risks that insecure Wi-Fi creates are simply too high. If you need to provide guest access, set up a guest login and password and make sure it is changed regularly. You may get a few complaints, but not as many as you will get when your system is compromised, data is exfiltrated, or heaven forbid, data is deleted or encrypted with ransomware.

Summary

It may be more convenient to share passwords, allow anyone to access Wi-Fi, share servers and use the same login to access everything, but it is a recipe for disaster. If anything goes wrong, and it eventually will, you must ensure that the damage caused is limited as far as is possible. Convenience should never jeopardize system security.

Beware of Social Engineering Scams

There has been a lot of talk recently about Social Engineering scams, but what is social engineering?. Social engineering is a term used in social science to describe the psychological manipulation of people into taking a particular action and influencing large groups of people. It is a technique used for good and bad. Politicians and governments use social engineering, and advertisers are known to use social engineering to convince the public to purchase products.

In recent months, most talk of social engineering has been about information security. Hackers and other online criminals are now using social engineering techniques to get Internet users to reveal their sensitive information, such as login names and passwords, and even credit card numbers and bank account details. The majority of large scale data breaches caused by hackers and malicious outsiders are usually discovered to include an element of social engineering.

How can you protect yourself from being manipulated into revealing information? How can you protect yourself and your company from employees falling for social engineering scams?

How is Social Engineering Used by Cybercriminals?

The commonest methods employed by cybercriminals to manipulate users into taking certain actions are detailed below. Being aware of how social engineering is used will help you to protect yourself and your employees from becoming victims of scams and phishing campaigns.

Abuses of Trust:

Online criminals know that if they want to get something from people, it is far easier to get what they want if they pretend to be someone that person trusts. People are wary of strangers after all. If a total stranger came up to you in the street and asked for your PIN number or email address and password, you would naturally not tell them. However, on the Internet it is not always so easy to tell if someone is actually a stranger. Seemingly legitimate reasons are also provided for disclosing such information.

Emails sent from colleagues, friends and family members

If you receive an email from someone you trust, chances are you will be more likely to respond to a request than if the same email had been sent by a stranger. If a family member sent you a link asking you to click, you may not even think twice before you click your mouse.

If your best friend, brother or sister sends you a URL saying, “You have got to see this, it is so funny!” You click the link, you see a video, and you wonder what on earth they were thinking about. The video wasn’t very funny at all!

Unfortunately, the reason the link was sent was not because it contained side-splitting humor, it was because clicking on the link caused malware being downloaded to your computer. The email was, of course, not sent from the person you thought it was, but by a hacker who was pretending to be someone you know.

It is not just “must see” images, jokes and videos that are sent. Many emails are sent that manipulate individuals by taking advantage of compassion or a desire to help a friend or family member in need. Emails are supposedly sent from individuals that find themselves in a spot of bother. A friend traveling abroad has had his wallet stolen and is stuck and can’t get home. He needs money transferred so he can buy a plane ticket to get home. In actual fact he is on the beach, and a hacker has gained access to his email account, not his wallet.

Phishing: Manipulating people into revealing confidential information

There has been a huge increase in the volume of phishing emails being sent in recent years. This is because these social engineering scams can be incredibly effective. They are used to get individuals to reveal highly confidential information that under normal circumstances they would never divulge.

Some of the most common social engineering scams used by online criminals to obtain sensitive information are detailed below. Be particularly wary if you receive one of these emails:

Urgent Charity Donation Required

Nothing brings out the scammers faster than a natural disaster. When people are suffering, have lost their homes, been flooded or hit by a hurricane, criminals take advantage and try to take their share of donations. If you get an email request money to help people in need, don’t respond to the email. Find the website of the charity and make a donation directly through the website or follow the instructions listed on the website. Don’t click the link provided. Criminals do not care about taking money from the needy, hence the huge volume of social engineering scams after a natural disaster.

You have won a prize draw, lottery or other prize

Don’t let the thrill of potentially receiving a large sum cash get the better of common sense. In order to win a prize draw, you first need to have entered. Don’t call the number supplied in the email and do not visit the link. You will need to supply bank information for a transfer (or your credit card details). There will only be one winner, and it will not be you.

Package or mail cannot be delivered

Courier companies do send emails informing you that you were out and they have not been able to deliver a parcel, but are you actually expecting one? Even if you have a birthday approaching or Christmas is just around the corner, do not respond to the email request directly. Use the tracking/consignment number to check, but check via the company website by entering in the URL into your browser. The links contained in emails could take you to a phishing website, and the information you enter will be collected by criminals.

Upcoming Elections – Party donations required

Want to do your bit for the Democrats or Republicans? Does the Green Party urgently need your cash for their campaign? Want to show your support for Labor or the Conservatives? Good on you! Just make sure that your donation goes to the right place. For that, you must find the official website and follow the instructions provided. Never click on a link in an email. Social engineering scams are very common in the run up to elections.

Summary of Good Practices to Avoid Social Engineering Scams

These tips will reduce the likelihood of you falling for social engineering scams. You need to be security aware and always be cautious about revealing any information, opening attachments or clicking on links.

  • The first rule to avoid becoming a victim of a phishing campaign is never to click on an email link
  • The second rule avoid becoming a victim of a phishing campaign is never to click on an email link
  • Stop and think before you respond to any email request
  • If you are not 100% sure of the genuineness of an email, mark it as junk or delete it
  • If you are at work, and think an email may be a scam, seek advice from your IT department
  • If you are asked to reveal login information or other sensitive data, report it. Do not respond
  • If you want to respond to a request for a donation, search on google and find the official site. Get information on how to make a donation. Don’t trust the information provided in the email
  • Never open an email attachment unless you are 100% sure it is legitimate
  • If you have accidentally fallen for a scam (or think you may have) seek professional advice immediately, and change all of your passwords.

How to Deal with Insider Threats: A Common Sense Approach

Beware the threat from within: How to deal with insider threats

IT security professionals and C-suiters are well aware of the threat from hackers. Cyberattacks have been all over the news recently. Major security breaches have resulted in millions of files being stolen. Patient health records have been targeted with the cyberattack on Anthem Inc., the largest ever healthcare data breach ever recorded. That cyberattack, discovered in February this year, involved the theft of 78.8 million health insurance subscriber records.

Target was attacked last year and hackers managed to obtain the credit card details of an estimated 110 million customers. The finance industry was also hit hard in 2014, with 83 million J.P. Morgan Chase accounts compromised by hackers.

Cybersecurity defenses naturally need to be put in place, monitored, and bolstered to deal with the ever changing threat landscape. However, it is important not to forget the threat from within. Malicious insiders can be just as dangerous, and often more so than hackers. Just ask the NSA. They know all too well how dangerous insiders can be. Edward Snowden managed to steal and release data that has caused considerable embarrassment. In his case, he wanted the world to know what the NSA was up to. The NSA had gone to great lengths to make sure that what occurred behind its walls stayed secret.

Malicious insiders are often individuals who have been given access to patient and customer records, as well as the intellectual property of corporations, company secrets, product development information and employee databases. They are therefore potentially able to steal everything. The harm that can be caused by malicious insiders is therefore considerable.

It is not just theft of data that is a problem. Insiders may use their access to computer systems to defraud their employers, destroy data, or install malware and ransomware. Unfortunately, tackling the threat from within is a much more difficult task than preventing external attacks.

Bear in mind that insiders are not necessarily employees. They can include business partners and associates, contractors and past employees.

Which insiders pose the biggest threat

Unfortunately, any employee can steal corporate secrets and data; but the potential for damage increases as privilege levels increase. In a hospital, a physician may only have access to his or her caseload of patients. It may be possible for that physician to access the records of other patients of the facility, but not without triggering alarms. Those alarms may not be klaxons, but a flag would be raised that would alert anyone checking access logs that there may be some inappropriate activity.

A member of the IT department may have the highest level of privileges, and could potentially access huge quantities of data. One member of the IT department may not have access to everything, but in theory – and sometimes in practice – they could elevate their privileges for long enough to gain access to the data they require.

Recent research conducted by the United States Computer Emergency Readiness Team (CERT) shows that half of insider security breaches are conducted by individuals who have access to data. These individuals already have the authority to access systems containing valuable data. If you do not deal with insider threats, it is only a matter of time before a security breach is suffered.

It can be difficult to identify insider threats. Some say “it’s always the quiet ones,” but in reality, there is no way of being 100% certain which employees will steal data or sabotage systems. There are many potential reasons why an individual may decide to steal or delete data. Employers must therefore be aware of the risk and take action to mitigate that risk as far as is possible.

CERT research is useful in this regard. Studies have shown that that security breaches and data theft are most likely to occur in the time leading up to an employee leaving employment, and shortly after that employee has left – typically, a month either side of leaving a company.

As soon as an employee hands in his or her notice, place alerts on their accounts and conduct audits. If a worker is disgruntled or is unhappy at work, this could be a sign that they are looking for employment elsewhere and it would be wise to keep a close check on data access. It is a wise precaution to lower account privileges shortly before an employee leaves and to ensure that access is blocked as soon as they do. Many companies are a little lax when it comes to closing accounts and may not block access immediately.

Fortunately, risk can be managed. Adopt the following best practices to help you deal with insider threats and you will limit the opportunity for an insider to steal or delete data. You will also limit the damage that can be caused.

Best practices to deal with insider threats

  • Minimum necessary information – Only give access to data critical for an individual to perform regular work duties
  • Provide temporary access as appropriate – If tasks need to be conducted to perform atypical duties, temporarily escalate privileges to allow the task to be conducted and then lower those privileges when the task has been completed
  • Monitor access to resources – Implement a system that monitors and logs access to data and regularly audit access logs to check for inappropriate activity
  • Control access to physical resources – Restrict access to confidential files, stored backups, old computer equipment, and servers. Keep them under lock and key.
  • Separation of duties – Restrict access as far as is possible: Do not assign full access to one individual, only allow part of a system to be accessed by a single employee. Use Privileged Access Management (PAM). This will limit the damage that can be caused.
  • Implement policies and controls – Make sure these are communicated to all staff members.
  • Restrict file transfers – As far as is possible, put controls in place to prevent data from being copied or exfiltrated. Prevent certain file types from being emailed outside the company and block peer-to-peer file sharing websites
  • Encryption – Employ encryption for all stored data and control who is able to unencrypt files. Always protect data at its source.

Habits Developed by the Best System Administrators

Not all habits are bad. Sure you should ease up on the alcohol, give up smoking, and stop biting your nails, but make sure you take some time to develop some good habits. Take a look at the best practices below, ensure you perform them regularly, and before long they will become second nature. You will then be able to legitimately rank yourself alongside the best system administrators. Even better, you should find you have far fewer bad days and even some when everything runs smoothly without a hitch.

Develop a ticket system and keep on top of requests

You are likely to receive more requests for assistance than you can deal with in a single day. If you are regularly flooded with requests, some will invariably be forgotten. Sometimes you will deal with an issue only for a user to complain that you have not. It is useful to be able to prove that you have dealt with a problem in a timely manner. A ticketing system will allow you to do this, as well as help you prioritize tasks and never forget a single reported system or computer issue.

Your system need not be expensive or complicated. If you work on your own in a small business, you can set up a very simple MS Access database to log all requests. Even a spreadsheet may suffice. A word document would also work. The important thing is that all requests are logged.

If there is more than one system administrator employed in your company, it is probable that you may need to have a more complex system. Helpdesk software is likely to be required if you are having to deal with hundreds of requests. They will need to be allocated to staff members, and follow-ups will be required. Making sure all queries have been answered and all reported problems resolved will be a nightmare without such a system in place.

Keep a log of your activity

If you ever have to justify what you have spent all your time doing, your ticketing system is your friend. You can show the volume of requests you have received/resolved on a daily basis, and use that information to show that your time has been well spent.

One clever way of reducing the requests you get is to log the requests and send the user (and his or her line manager) an email detailing the request received and the likely timescale for resolution. If a manager is involved, you may find the number of requests you are given will decrease. A formal request process and confirmation procedure is a wonderful way of cutting back on many of the requests for support that are usually sent to the desk of a Sys Admin.

Be proactive and avoid power/cooling issues

Overheating servers and power fluctuations cause many headaches and waste a lot of a Sys Admin’s time. It sounds obvious, and it is, but managing power and ensuring server rooms are effectively cooled are well worth the effort. Being proactive in this regard will save a great deal of time in the long run.

Power issues can be largely solved by installing an Uninterrupted Power Supply unit (UPS) on each of your servers. When purchasing a UPS, make sure it has sufficient power to last for an hour and that it will shut down the server properly, not just give up when it runs out of juice. The latter is particularly important as it will ensure files are not corrupted and will mean fewer reboots are required.

Are your routers, switches and servers locked away in a closet without any cooling systems installed? If you work in a small organization, this may well be the case. If your equipment frequently overheats, consider investing in a small air conditioning unit. Does your server overheat frequently at the weekend, yet is fine in the week? Oftentimes, air con systems are shut down at the weekend when there is no one in the office. A separate unit will solve this problem, just make sure it vents into the ceiling.

Monitor your network and devices connected to it

It is vital to monitor your network and systems. This will allow you to take action before they crash and services are lost. Install a system to monitor everything, and then install a system to monitor your monitoring system. Get the system to send you alerts, and you can prevent a lot of problems from occurring and avoid time consuming (and expensive) system outages.

If your Monday mornings are usually spent dealing with system crashes that have accumulated over the weekend, you can make the start of the week a lot easier if you put a monitoring system in place. Do you have a service level agreement in place with your ISP? If so, you may be able to add in a monitoring function on your switches and router as part of your service level agreement. This may not be possible though if you have a highly complex system or atypical network configuration. Fortunately, in most cases, monitoring systems are inexpensive, yet can save a lot of time, money, and hair loss from stress.

Cut back on time consuming manual chores

Repeating the same tasks over and over again wastes and extraordinary amount of time, plus each time a task is performed there is the possibility of mistakes being made. Use the automation and scripting controls on servers and other devices, and updates and installations can be performed automatically.

If you use Powershell for instance, Windows 2012 Server support will be streamlined. It may take a little time to set up, but it will save you hours in the long run. If you cannot do this, create a detailed checklist containing all of the settings for different applications to reduce the possibility of errors being made.

Don’t let users waste your time

OK, this is much easier said than done, but there are ways to reduce the time spent dealing with user issues. For instance, create a website page that lists the correct contact numbers and persons responsible for dealing with particular IT problems. Remember that users are non-technical individuals, so the language used must also be non-technical. “Server problems” rather than “Windows NT problems” for example.

Instruct all users visit the webpage before contacting you. You can then place updates on the webpage that may answer many of their questions. Also include a self-help section. (have you tried turning your computer off and on again?)

Include sections for changing passwords and the common problems you are asked to deal with that can easily be resolved by following a simple set of instructions. You will find the volume of helpdesk calls will reduce considerably. Also create a login banner to advise of maintenance schedules etc., to avoid being bombarded with calls when a planned outage takes place.

Get involved in the business

It is your job to deal with technical aspects of the business, yet you will need to be aware of how the business operates. In order to get authorization for IT upgrades or new equipment, it helps if you can explain, concisely, why the purchases are necessary, the impact they will have on the business, and the consequences if purchases are not made. Work on your communication skills and learn how to communicate effectively with non-technical staff members. It requires practice, and a great deal of patience sometimes, but it will make your life easier in the long run.

Business Size and Network Security Threat are Inversely Proportional

When it comes to cyberattacks and the resultant data breaches, not all organizations are affected to the same extent. Larger organizations store greater quantities of data and a security breach may end up costing the company over $100 million to resolve, but such breaches are not suffered very often. In fact, when you compare the cost of breach resolution to the annual turnover of a company, the cost is actually very small indeed.

Even the huge data breaches that have affected Sony and Target have not cost the companies very much in the grand scheme of things. Compared to the annual turnover of both companies, the costs incurred are very low. As low as 1% of total turnover. The security breaches will be embarrassing, but the actual losses can be easily absorbed.

Benjamin Dean from Columbia University’s School of International and Public Affairs recently pointed out in a post that the cost to large companies may not be insignificant, but it is nowhere near as high as many people would believe.

Consequently, there is little pressure on many large organizations to invest more heavily in cybersecurity defenses. This may not be true for heavily regulated industries such as finance and healthcare, where heavy fines can be issued for non-compliance with data security regulations, but for some companies the costs can be easily absorbed.

Many of these companies are covered by insurance policies that pay for the majority of the cost and the resolution costs are tax-deductible.

He points out that while there will be fallout as a result of a data breach, this may not be nearly as high as many companies are led to believe. Many Sony employees had their data exposed in the cyberattack but how many will leave their employment as a result? Sure, they will be unhappy, but will they leave in droves? Probably not.

Customers may incur losses, but Sony will not have to cover the cost. How about cases of identity theft? Can a customer determine with any degree of certainty that they have become a victim because of the data breach at Target or Anthem, or any number of other companies that have suffered cyberattacks?

In many cases, losses are not suffered by the company but by the banks. The data breaches that have affected Target and Home Depot are estimated to have cost the providers of credit and debit cards, not the retailers. The cost of replacing the stolen cards has been estimated to have cost credit unions around $60 million in September. Those costs were covered by the credit unions, not the retailers.

The same cannot be said for small to medium sized businesses

The larger the corporation, the easier it is for losses to be absorbed, but when it comes to small to medium sized businesses the losses from a data breach can be catastrophic. Will movie-goers avoid a Sony Entertainment film because of the data breach? Unlikely. Will customers change to a rival printing company because their preferred provider has breached their financial data? Much more likely.

For SMBs it is essential to invest in robust data security systems. The loss of customers will really be felt, and many SMBs do not have the budgets to cover data breach insurance premiums. The resolution costs, in many cases, simply cannot be absorbed.

Data breaches do not affect all departments equally

If you work in IT security, you will be very keen to get a budget increase to protect your company’s systems. If a breach is suffered, your department will have to perform a great deal of extra work. You are likely to be blamed for allowing the breach to happen. You may even be criticized for failing to explain the risks adequately.

It is therefore in your best interests to implement the best possible security controls to protect the business, but often getting the funding is problematic. Cybercriminals are developing ever more sophisticated methods of breaking through defenses and consequently the defenses that must be installed must also be sophisticated. That usually means they cost a lot of money. Getting a sufficient budget to cover the cost can therefore be a difficult task.

To make it easier, you will need to know how managers assess budget requests.

Risk Analysis – How managers decide on budgets

Before a potentially expensive cybersecurity measure is given the go-ahead, a cost analysis will be performed. Managers will assess threats separately and will calculate the Annualized Rate of Occurrence (ARO) – the probability that security will be breached in any given year. Then they will calculate the costs from such a breach: The Single Loss Expectancy or SLO. Multiply both of those figures and they will arrive at the Annual Loss Expectancy (ALO). Based on that figure, a decision will be made about the best way to deal with the threat and whether it is worthwhile doing so.

There are a number of measures that can be put in place to address the risk. These will also be assessed:

Risk Mitigation

The biggest costs fall into this category. These include installing robust firewalls, anti-virus and anti-malware solutions, spam and web filters, and employee training.

Risk Transference

It may be possible to reduce the cost of dealing with a breach, and this may prove to be more cost effective than installing security measure to reduce risk. An insurance policy may be purchased so the company doesn’t have to cover the full cost of a security breach.

Risk Avoidance

It may be possible to reduce risk by preventing certain activities from taking place. For instance, banning the use of social media websites at work to combat the threat from malware. Sometimes risk cannot be avoided. Maintaining an online presence is essential, so a company cannot remove the risk of a data breach by not operating a corporate website.

Risk Deterrents

These measures can be cheap and effective. Legal disclaimers and internal policies can be developed to tackle insider theft. They may warn of prosecution for anyone found to be inappropriately accessing corporate data. This may be sufficient to put some individuals off snooping.

Risk Acceptance

Some risks cannot be avoided and must be accepted. However, a company must be aware of the risk in order to make a decision about whether it can be accepted, as well as the cost of mitigating that risk and the potential for damage.

It is essential that security professionals are consulted before these calculations are made. Their input will be required to gain an accurate estimate of the probable costs and level of risk faced.

If you, as an IT security professional, can provide accurate figures that can be used in the cost/benefit analysis, your company will be able to determine which security measures are essential and will allocate budgets accordingly.

Make sure you are an asset to your company and create your own risk analysis. As an IT security professional, you are in the best position to do this. If budgets are subsequently not forthcoming, it will not be your department that is blamed when security breaches are suffered.

Securing Data: What Data are Sensitive and Must be Better Protected?

Hackers and malicious insiders are trying to break through security defenses to get their hands on sensitive data, but what data are they actually looking for? Which data needs to be better protected?

There are federal laws that require physical, technical and administrative controls to be put in place to keep data secure. Fail to protect certain data types and there could be serious trouble, regardless of whether a hacker actually manages to compromise your network.

Some data types are obvious, others less so. Credit card numbers, bank account information, Social Security numbers and healthcare data all require robust security measures to keep the information secure. Have you made sure that each of the following 9 data types have appropriate controls in place to prevent unauthorized individuals from gaining access.

Financial Data

The goal of many hackers and cyber criminals is to gain access to bank account information, and the logins and passwords used to access online accounts. Once they have this information they can use it to make transfers and empty accounts. Credit/debit card numbers are also sought in order to make online purchases and create fake cards. PIN numbers, if stored, along with answers to security questions must similarly be protected with robust controls.

Medical Data

The Health Insurance Portability and Accountability Act (HIPAA) requires all covered entities to put physical, technical and administrative controls in place to keep medical data secure. In the wrong hands, medical data can be used to discriminate and defame. It is also used in spear phishing campaigns, and used with other data to commit fraud. Failure to secure these data is a violation of HIPAA Rules, and financial penalties are sure to follow. Criminal charges can even be filed against individuals for failing to secure highly sensitive data.

Driver’s License Numbers

A valid driver’s license number can be used to create fake driving licenses. These are not only useful for people who are not legally allowed to drive, they can be used to obtain other forms of identification and commit identity theft and fraud.

Student Data

Student data is increasingly being sought by criminals in order to commit fraud and identity theft. Universities and schools are required to protect data under the Federal Educational Rights and Privacy Act (FERPA), which restricts the individuals who are allowed to access student records. Personal data, education information and test results must all be protected. Student Social Security numbers and dates of birth are highly sought after and often targeted by hackers.

Social Security Numbers

Social Security numbers (together with a limited amount of personal information) can be used to commit medical fraud, file false tax returns and steal identities. They are highly sought after by cyber criminals and often sold on darknet websites for big money. The SSNs of minors are particularly valuable, as they can be used for longer before fraud is identified. Social Security numbers are also covered by HIPAA rules and numerous other state and federal laws.

Health Insurance ID numbers

With health insurance information criminals are able to file claims for medical services that are not provided, and allow criminals to make fraudulent insurance claims. This data are highly sensitive and must be kept secure.

Intellectual Property Data

Your company’s secrets, product development information, computer codes, bespoke software, new product designs and blueprints are highly valuable to competitors. If your company has an edge, or is developing a new product or service, a competitor could use these data to develop similar products, and even bring a product to market first.

Human Resources Data

Human resources databases contain detailed information on employees such as salary information, bonuses, and confidential personal data. Criminals seek personal information of individuals in order to conduct convincing spear phishing campaigns. These data can also be used to blackmail individuals and discriminate.

Communications Data

Emails can contain highly sensitive information. When hackers gain access to an email account, they can obtain personal information, company secrets, and even many of the above data types. If an email account is compromised, it can be used to spread viruses and malware. Telephone records and text messages are also valuable.

Data must be secured at rest and in motion

Controls must be put in place to secure all forms of these data, whether they are in Word documents, PDFs, JPEGS, spreadsheets, EHRs or other databases. Just as paper files must be shredded when they are no longer required, the same applies to electronic data. Records must be securely and permanently erased when no longer required. It must not be possible to reconstruct any of these data once deleted.

It is essential to protect stored data, especially if it is housed on portable devices such as zip drives, laptop computers, portable hard drives and Smartphones. These devices are all too easily misplaced, lost or stolen. Data encryption should be considered to protect all stored sensitive data. Data must similarly be protected when in transit. Emails should be encrypted, as should SMS messages. A number of companies provide SMS and email encryption services to allow communications to be sent securely, with authentication controls to ensure only the desired recipient can view the messages.

Business Risk and Security Risk Should Be Discussed in the Same Context

You are faced with an insurmountable problem: Your job requires you to keep the business secure from external attacks, and you must take action to deal with the threat from malicious insiders. It is your responsibility, and your job may well be on the line if something goes wrong and data is stolen, or your network is infected with a virus or malware.

Unfortunately, you have not had a budget increase and cannot afford to purchase the software solutions necessary to protect your business from attack.

This is a problem faced by many IT professionals. Management understands there is a risk and knows the risk is considerable, yet they expect you to work your magic with your hands tied behind your back.

You are not a magician; so, if management wants to be properly protected, it is your job to convince the powers that be that you need a bigger budget. We know you have already tried this. What you therefore need to do is improve your communication skills. You need to find a way to convince the management that additional funding is absolutely essential. One of the best ways of doing this is to explain that security risk is actually business risk.

You are not alone – 50% of IT professionals work with inadequate security measures

IT department funding is almost always limited. It is not possible to purchase the highest quality equipment, the best possible security measures, and have enough staff members to perform all of the required work. So if you are stressed, are suffering a critical lack of funding, or are desperately understaffed – you are not alone.

The situation has recently been assessed by the Ponemon Institute. Its latest survey probed IT security professionals and asked them about the level of security in their organization. It would appear that when it comes to cybersecurity protections, the management and IT department heads are often not on the same page.

The survey was large. Over 5,000 IT professionals send back responses to the survey and more than 2,500 of those respondents said their cybersecurity measures were inadequate. The problem for many was the fact that the upper management simply did not understand just how important it was to improve network security. Sure they understood there was a risk of attack, but they didn’t understand just how serious that risk was.

If a cyberattack occurs, it is their fault right? Unfortunately, you may have explained risk until you became blue in the face, but how well did you communicate?

A survey conducted two years ago by Ponemon suggests that when it comes to communicating with management, IT security professionals often have problems. In fact, 64% of IT staff were discovered not to have effectively communicated the seriousness of the threats, or had only started to communicate them properly following a data breach. Nearly half of the IT professionals taking part in the 2013 survey said communication between the IT department and management was “poor, nonexistent or adversarial”.

IT budgets rarely reflect the seriousness of security risks

When budgets for IT security are calculated, they are rarely sufficient to allow all risks to be effectively neutralized. Spending is often misaligned with the needs of the business. According to the Ponemon study, only 11% of the average security budget is devoted to protecting the application layer. Interestingly, 37% of organizations believe that the application layer poses the businesses threat to data security.

Why is this the case? According to Larry Ponemon, founder and CEO of the Ponemon Institute, it is because management has not been provided with the right information. He says that few organizations have actually performed a full security audit and that security risks have therefore not been identified. As a result, management is not aware of the level or risk, and budgets are not set accordingly.

Any organization that fails to invest in IT security is likely to have to cover far higher costs in the long term. Take Target for example. The money spent on resolving its data breach is far higher than the cost of implementing solutions that would have prevented the attack from being possible in the first place. The company now has to cover the cost of data breach resolution, in addition to investing in better security. The expected cost of the Target data breach is expected to top $1 billion!

If security intelligence technologies are implemented, companies are much better equipped to detect intrusions and contain attacks when they do occur. According to the study, the security breach resolution cost savings are, on average, $1.6 million less when security intelligence technologies are implemented prior to a security breach occurring.

IT security should not be an afterthought. Proper investment will see more security breaches prevented and the cost of resolution significantly reduced. It is therefore essential to communicate the need for investment. The most effective way to get your voice heard is to provide facts and figures to back up your argument and to explain security risk in the context of the financial cost, operational problems that will be suffered, and the likely damage to the company’s reputation if a breach is suffered.

Security tools are not cheap. Understand the business drivers that generate the funds that will cover the cost of security software and become more effective at communicating credible risk. Give management the information it needs to understand why greater investment is needed. You are then likely to be given the funding you need to effectively manage security risk.

SpamTitan’s Cybersecurity Predictions for 2015

To put it mildly, 2014 was bad year for many IT security professionals. The number of threats to network security increased significantly, more computer systems were breached than in previous years, and more confidential records exposed than in the previous 12 months.

The threat landscape is constantly changing, but 2014 saw incredible volumes of new malware released and a considerable number of zero day exploits succeed. Many IT security professional will be glad to see the back of 2014. Unfortunately, 2015 doesn’t look like it will be any better. Many predict it will even be worse.

2014 started badly with the discovery of a number of cyberattacks. Hackers had gained access to computer systems in 2013, or even earlier in many cases, but 2014 was when the attacks were discovered and a large volume of brown substance hit the fan.

The discoveries were shocking. Incomprehensible amounts of data had been compromised and listed for sale. The country was still reeling from the cyberattack on Target, and then came the announcement of mega data breaches at Neiman Marcus and Home Depot. P.F. Chang’s had customer credit card details exposed from 33 of its restaurants, JP Morgan was affected by a major data breach, as was Michael’s. The healthcare industry was also badly hit. Community Health Systems suffered a major data breach exposing 4.5 million records and even the U.S. Postal service was targeted. 800,000 employee records were exposed in that attack.

Then there was the attack on Sony. That data breach caused an incredible amount of damage, with the hacking group responsible not apparently looking for money. The attack was carried out by a group called “Guardians of the Peace,” supposedly located in North Korea and backed by Kim Jong-Un. As a result of the breach, Sony Pictures even stopped the Christmas release of the “The Interview” movie. The film parodied the North Korean leader and even depicted his death. The leader of the Democratic People’s Republic of Korea was reportedly none too happy about the film and the content of the movie was allegedly a motive behind the attack.

Now that “The Year of the Data Breach” (as it has been dubbed) has finally come to an end, it is a time to look forward to the New Year. Unfortunately, many industry experts have predicted an increase in the number of hacking incidents over the coming 12 months. 2015 is unlikely to be any better for IT security professionals.

The reason? Despite efforts being made by many organizations to address security vulnerabilities, many still exist. We are also no longer dealing with individual hackers operating out of bedrooms in their parents’ houses. International groups of hackers are targeting organizations in the United States and  are receiving funding from foreign governments. Some of the world’s most talented hackers are being funded to attack the United States, U.K., and just about every other company in the Western world.

So with the increasing threat, how is it possible to defend against cyberattacks, block malware, and beat malicious insiders. Fortunately, there have been a number of lessons learned from the data breaches suffered in 2014. Security trends have been identified and it is possible to implement a range of security solutions to prevent corporate networks from attack. Being forewarned is being forearmed! Here are SpamTitan’s cybersecurity predictions for 2015

Cybersecurity Predictions for 2015

Expect more mega data breaches

The more data that is held by an organization, the bigger target it becomes. The aim of many hacking groups is not to obtain money, but to use cyberattacks to cause financial havoc. Successful cyberattacks cause companies to incur incredible losses and can affect the financial markets. The data breaches have a huge effect on the economy, one of the aims of foreign-government backed hacking groups. These attacks will not only continue; they are likely to get a lot worse.

Healthcare and education sectors will be major targets

Expect to see data breaches the like of which have never been seen before. The financial and retail sectors will continue to be targeted, but 2015 is likely to see healthcare and education hit particularly hard. Student and medical records are particularly valuable to cybercriminals. The data contained in medical and student records can be used to commit a multitude of fraud: medical fraud, insurance fraud, and tax fraud for example. Identities can be stolen allowing credit to be obtained in the victims’ names. Universities were targeted in 2014, as were healthcare institutions. Expect more of the same in 2015.

Email will continue to be used as an attack vector

Virtually everyone now has an email account. Many have a separate email address for work and for personal use. Email is one of the easiest ways of getting in contact with people, and spammers are well aware how easy it is to get an account holder to click on a link to a malicious website, or to open an email attachment that has been infected with malware.

Email is used to “phish” for sensitive information that allows criminals to gain access to credit card numbers and bank accounts. Computers and mobile phones can all too easily be compromised, and the potential rewards for criminals are high. Phishing emails and other spam and scam emails are expected to increase during 2015.

Vulnerabilities in web applications will be targeted

2014 saw a number of zero day vulnerabilities discovered in popular software applications and we can expect more of the same in 2015. There was Heartbleed, which was a potentially catastrophic vulnerability. Shellshock was also particularly worrisome. It is likely that these are just the tip of a very large iceberg.

At first it was thought that these security vulnerabilities had not been found and exploited by hackers. Unfortunately, this would appear not to be the case. The hack of healthcare provider Community Health Systems exposed 4.5 million patient records. It is believed that the cyberattack was made possible because of Heartbleed.

Attacks on mobile devices are likely to increase

Ownership of Smartphones and tablets has increased considerably and so has the volume of personal data stored on those devices. Smartphones permit the user to access email accounts, bank accounts and social media networks. Many people track their movements using the devices and record exercise data. If a device can be accessed, a considerable amount of personal data can be obtained.

Unfortunately, many of the applications downloaded to the devices contain numerous security vulnerabilities. Even the platforms themselves (Android and iOS) contain many security holes. Hackers and cybercriminals are well aware that mobile devices can contain a goldmine of data and, with the increasing popularity of Bring Your Own Device (BYOD) schemes, mobiles can even be used to launch attacks on corporate networks. Expect mobile devices to be implicated in more corporate security breaches and millions of users’ data to be plundered in 2015.

The threat landscape is constantly changing and there are more malicious attacks being reported than ever before. The seriousness of those attacks has also increased. Consequently, organizations must invest more heavily in network and cybersecurity defenses. The companies that fail to increase cybersecurity spending are likely to become the next targets.

2014: The Year of the Data Breach

May is not yet over. There are still seven months to go before 2015 arrives, yet Internet security experts are already calling 2014 the year of the data breach. The situation is bad and it is expected to get worse. Before the year draws to a close, many millions of Internet and email users will discover they have had their computers infected with viruses or have become victims of Internet fraud.

The U.S. Healthcare industry has been hit particularly hard this year. In February, Anthem Inc. discovered a hacker had infiltrated its computer network and stole 78.8 million insurance records. Just days later, Premera Blue Cross, another U.S health insurer, uncovered a similar cyber attack that exposed the records of 11 million subscribers. The month of February was just over halfway through, but more confidential healthcare records had been exposed than in the whole of 2012 and 2013 combined.

Then there was the cyberattack on Target. Up until February 1, Bloomberg BusinessWeek calculated the retailer had spent approximately $61 million to cover data breach resolution costs. All three of these data breaches were suffered by large organizations who had invested heavily in data and network security systems. Yet despite the investment they still suffered massive data breaches.

What makes the Target data breach stand out though is the fact that the company’s security system actually detected the intrusion. For some reason, Target decided to do nothing about it. To state the obvious, this was a mistake. So far over 100 separate lawsuits have been filed against the retailer, in the most part citing negligence for failing to protect customer data and not taking action quickly enough when the breach was discovered.

The attack exposed the records of over 110 million customers and the banks have already been forced to spend in excess of $200 million as a result. When the lawsuits are resolved, the final cost of the data breach doesn’t even bear thinking about. Typically, data breach victims seek damages of around $1,000 a head.

Then there was Heartbleed. For those who somehow missed it, this was one of the biggest and potentially most serious security vulnerabilities ever discovered. It would appear that the bug was identified in time to allow companies to prevent it from being exploited. However, that is difficult to ascertain with any degree of certainty. If the security vulnerability was exploited, there would be no way of telling whether data had been stolen.

The cost of plugging this security hole was considerable. Companies were forced to take rapid action to secure their networks and computers before hackers could take advantage. The same cannot be said of consumers. It would appear that little has been done to protect against the bug. Following the announcement very few individuals have even changed their passwords or taken other steps to protect themselves.  A recent survey conducted by MarketWatch indicates that little has been done because consumers are not even aware of the Heartbleed bug. Half of those surveyed had never even heard of it, let alone the actions they need to take to protect themselves from attack.

Many of the major data breaches suffered this year did not actually occur in 2014. Hackers first gained access to networks last year or even earlier. This was the case with Anthem, Premera, and also Neiman Marcus, another major data breach uncovered this year. That attack was also discovered in February 2014, which could become known as “the month of the data breach”.

For the past eight months, Neiman Marcus’s systems have been open to hackers. Such a breach should have triggered the company’s security system. Which it would have approximately 60,000 times had that security feature not been inadvertently turned off. Suspicious server activity was unfortunately not being monitored.

These data breaches have proved very costly indeed. According to the Ponemon Institute, the cost of resolving data breaches has increased again this year making matters worse for companies attacked by hackers.

Security systems are excellent, but what about the security staff?

It is all very well installing multi-million-dollar cybersecurity defenses, but if skilled staff are not employed to interpret the data, when networks are infiltrated by hackers intrusions may not be discovered until many months later. This was certainly the case at Neiman Marcus, but also at Target. Had the system been checked, Target would have been made aware that its defenses had been turned off. It took a full post-breach audit to determine this was the case. This should have been checked on a regular basis. Doing so may not have prevented the breach, but it could have reduced the damage caused.

The problem for many IT departments, CISOs and CIOs is a lack of funding. Organizations appreciate that money must be allocated to counter the cybersecurity threat, but too little is being spent. This was highlighted by the Ponemon Institute study. Respondents indicated that a doubling of the security budget is necessary to counter the threat, install better security, allow audits to take place, and to employ the staff necessary to monitor systems for signs of attack. If security budgets do not increase, data breaches certainly will.

Life After Heartbleed: Are Online Scammers Winning the War?

The Heartbleed security vulnerability was announced recently and had IT security professionals rapidly taking action to plug security holes. System passwords were changed and alerts sent to end users telling them to do the same.

Heartbleed is a highly serious data security vulnerability that was discovered in the OpenSSL cryptographic software library. It is so called because it affects a SSL extension commonly known as Heartbeat. Over half a million websites are believed to have been affected by the Heartbleed vulnerability.

The Internet is normally secured with SSL/TLS encryption. This allows information to be exchanged securely by a wide range of Internet applications, including Instant Messaging (IM) services, email, and even Virtual Private Networks (VPNs). Unfortunately, the Heartbleed bug allows anyone to steal passwords even with SSL/TLS encryption in place. According to American cryptographer Bruce Schneier, Heartbleed is a potentially catastrophic security vulnerability. He recently said, “On the scale of one to 10, this is an 11.”

IT departments have been frantically issuing alerts to change passwords

Sensitive data is protected by passwords; however, Heartbleed has potentially allowed passwords to be compromised. The security vulnerability may have only just been discovered, but it has existed for at least two years. Hackers are not understood to have used the vulnerability to gain access to sensitive data, but it is actually rather difficult to tell even if they have. As a security measure, IT staff have been sending emails to all users advising them to change their passwords just in case.

Unfortunately, they are not the only individuals sending password change requests to users. Online scammers have been piggybacking on the major data security event and have been sending emails of their own. Conveniently, also including links to allow users to rapidly address the huge security hole.

Any individual who has heard about the security issue will be keen to protect themselves against hackers and cyber criminals. Emails telling them to change their passwords are likely to be clicked. Unfortunately, clicking those links will take users to a website where they enter their current passwords. By doing so they will be giving them to criminals. They may think they are protecting themselves, but their actions will be doing the exact opposite.

Beware of Heartbleed Protection Scams

Piggybacking on major news events is a common tactic used by phishers to get computer users to reveal their sensitive information. News of a major IT security flaw is music to phishers’ ears. Computer users are fearful of a cyber attack and phishers play on those fears. The response rate to emails of this nature is typically high.

Many IT professionals have been busy securing their networks and have performed security audits to address the latest vulnerability and search for others that may exist. Software companies are taking advantage and are offering products that will perform full system security checks. After all, there is no better time to boost sales than when the public is keen to improve online security.

Scammers have been taking advantage by sending links to websites that will perform security checks. The scam emails and adverts appear genuine. They offer a free system check to determine whether vulnerabilities exist and they have even promised to clean systems and install the required patches to secure devices. By accepting these checks, users will just be guaranteeing their devices are compromised. It is therefore a time to be extremely vigilant for online scams. Efforts must be made to check that any request to improve security is actually genuine before it is accepted

How to Beat the Scammers, Spammers and Phishers

Fortunately, it is relatively easy to avoid becoming a victim of one of these scams. Receiving an email with a link or an attachment will not automatically compromise a computer. Action is required by the user for that to happen. If the phishing email is deleted, so is the threat. However, not all users know how to identify a phishing email. If one does reach an inbox, a user may end up infecting their computer or, worse still, the network to which that computer connects.

It is important to give computer users the information they need to protect themselves. They must be advised of the tell-tale signs of a phishing email. Only then will they know how to determine if an email is genuine. Training is therefore important, and now is a good time to ensure that the staff is well informed.

It is also an ideal time to install some additional safeguards to prevent spam and scam emails from reaching users’ inboxes. SpamTitan Technologies offers two excellent security solutions. The first is a robust and highly effective spam filter that prevents spam and scam emails from being delivered. The second solution prevents users from clicking links to scammers websites.

SpamTitan web filtering works like a business version of a parental control filter. Instead of just blocking gambling, dating, and pornographic websites from being visited, it also blocks users from visiting known phishing websites and even genuine websites that have been infected with malware.

By installing both of these anti-phishing solutions, IT professionals can sleep easy. The Heartbleed vulnerability will still need to be addressed, but they will be able to relax a little knowing that end users will not be falling for the myriad of piggybacking phishing campaigns that have been developed over the past few days since the Heartbleed announcement was made.

Will Your Brand Image Survive a Data Breach?

Consumers are spending less in bricks and mortar stores, and more people are looking for goods and services online. On top of this some major retailers have suffered data breaches which have tarnished their reputation. For Target, the data breaches it suffered have had a serious impact. Sales have been lost to competitors as a result.

According to a Cowen & Co.’s tracking survey, there has been a decrease in customer satisfaction. The survey indicates there has been a fall in satisfaction in the overall shopping experience and ratings for customer service have also declined.

The data show that reputation and brand image do have an impact on shoppers’ behavior. They will go elsewhere if they do not trust a retailer.

Target is one of the biggest retailers in the United States. What would be the impact on a small to medium sized organization? Would it be possible to weather the storm after a massive data breach has been suffered?

Data Breaches Can Cost SMBs Dearly!

The cost of a data breach can be considerable. The Ponemon Institute has recently quantified this. In a recent survey, 850 executives were asked about reputation damage following a data breach. 44% of respondents said it would take between 10 months and 2 years to recover from damage to reputation following a data breach. For some companies the effect will be felt for much longer. If they manage to stay in business that long!

Not all breaches have the same effect on a company’s reputation. Consumers are aware that security breaches are now a fact of life, but they are likely to be unforgiving if their Social Security numbers, credit card numbers, or bank account details are obtained by criminals.

The potential financial losses for a company can be considerable. Ponemon’s study suggested that brand image damage can cost between $184 million and $330 million. Best case scenario? You are likely to lose 12% of your brand’s value.

Your Competitors are Waiting to Take Advantage

All companies are likely to suffer a data breach of some description, yet many are ill prepared to deal with a security breach when it occurs. If a breach response plan is developed prior to a security incident being suffered, this can reduce the damage caused.

It is possible to win back the trust of customers after a breach, but it can be a long and difficult process. It is not actually clear whether a company’s reputation can ever fully recover. After all, today’s marketplace is particularly unforgiving. There is simply too much competition and plenty of competitors who will be ready to take advantage.

If your reputation is damaged, it will have an impact on your bottom line. Customers will change brands and there will be class-action lawsuits filed as plaintiffs try to recover damages. Revenues are likely to fall, and regulators may also issue costly financial penalties.

Fortunately, there are a number of actions that can be taken to reduce the risk of a data breach being suffered. Should the unthinkable happen, they can also reduce the severity of the breach. Think of data security investment as an investment in your brand image. That must be protected at all times.

LinkedIn Contact Ownership Case Highlights Need for Social Media Usage Policies

LinkedIn is one of the fastest growing social networks and is now used by employers to build contacts and find new customers and suppliers. The number of LinkedIn users has been swelling, and now the site boasts nearly 1 billion accounts. The professional network is an essential sales and marketing tool for many companies, and recruitment firms would find it very difficult to stay competitive without it.

The website extends a company’s reach and can be used for a variety of purposes. Company news can be announced, new products marketed, new employees found, and the site contains many interesting industry articles, providing hints and tips for busy professionals. Many users now search LinkedIn for information before using the search engines.

Companies now use the social network as well as their employees. In fact the boundary between the two has become somewhat blurred. For instance, if an individual spends personal time building up contacts, are those contacts connecting with the person or the company? In many cases it is a mixture of the two. So who actually owns those contacts? The employee or the employer? A recent court case in the UK sided with the company. However, without social media usage policies in place, a court case could go either way.

Recruitment consultant discovers his LinkedIn contacts are not his own

A recruitment consultant at Hays Recruitment had been building up contacts via his professional account. When he decided to leave his employer and set up his own business, he copied contacts to his personal account. These were people he had been dealing with frequently as his job demanded.

Hays objected to this activity and took the ex-employee to court over the matter. The judge agreed with Hays and ruled that LinkedIn contacts built during employment at Hays be handed over. The employee was also required to disclose all of the emails that had been sent to those individuals.

The employee, Mark Ions, maintained that by connecting with individuals they had disclosed their contact information and were no longer confidential. Hays maintain that Ions stole business contacts.

This landmark case highlights the potential problems with the use of social media accounts at work. Many companies actively encourage employees to the use LinkedIn to build up contacts, but then claim that those contacts are confidential and cannot be used by the employee for personal purposes.

Court cases such as this are likely to become much more common as the use of professional social networking sites increases. Another case went to the courts in July of last year. Whitmar Publications discovered that some former employees had used the company’s LinkedIn network to market the services of a rival business. Again the courts ruled in favor of the company. The former employees had breached an implied duty of good faith by using the list.

Other problems can arise from the use of the professional network. What happens if an employee of a company wants to find a new job? Can an employee upload a CV and tick the career opportunities box indicating he or she is in the market for a job?

The matter was taken before the courts recently, although the ruling did not exactly clear up the matter. While employed at BG Group, HR manager John Flexman indicated on his LinkedIn CV that he was assisting his current employer reduce its attrition rate. This was deemed to be a breach of confidentiality by BG Group. The company also claimed Flexman had breached its social media usage policies by indicating he was in the market for a job.

BG Group demanded that Flexman remove all details of the company from his profile, other than the company name and his job title. Flexman did not agree. The situation deteriorated and Flexman eventually felt he had no alternative but to resign. He then claimed constructive dismissal. In this case the court ruled in favor of the employee.

Social media usage policies must be developed by businesses

Some companies may have already introduced social media usage policies to cover the use of personal Facebook and Twitter accounts in the workplace, banning staff from spending company time accessing their own accounts. These legal cases highlight the importance of developing comprehensive policies covering all uses of social media websites at work, including contacts that are developed as a result of employment.

Employees must be informed about contact ownership. Any information that is in the public domain – i.e. could be found in a business directory or phone book – cannot be classed as confidential information. However, other information that has been obtained by employees during employment is different. This includes the email addresses of those contacts and their direct dial telephone numbers.

Since LinkedIn is a relatively new website, and legislation on employment law has yet to be introduced to address the issue, there are many gray areas; in particular, when personal accounts are used by an employee. Employers are advised to ensure that LinkedIn accounts are set up and maintained by the company, and employees are not told to create their own accounts for work purposes. All contact information then belongs to the company not the employee.

Policies on the use of LinkedIn and other social media websites should be clearly stated. These could be included with general Internet and email usage policies that are issued to all employees.

Social media usage policies are required to cover use and ownership of accounts, but it is important not to ignore the security aspect. Employees must also be told about acceptable use of the sites from a data security perspective, and instructed what can be uploaded and downloaded to accounts.

Malvertising Warning: Beware of Apparently Safe Websites

Web visitors can be ultra-cautious and avoid websites that commonly contain malware. Don’t visit pornographic, gaming, betting, file-sharing, and streaming websites, and you will be able to reduce the risk of encountering malware.  However, that doesn’t mean that you will never come across phishing websites and malware-ridden webpages.

Even very large, reputable websites are sometimes infected. How large? How about Yahoo: One of the biggest search engines and webmail providers on the Internet. Recently Yahoo was found to contain adverts that attempted to install malware on users’ computers.

Code was installed that examined users’ computers and checked to find out if the latest Java version was installed. Earlier versions of Java contained vulnerabilities that could be exploited. The latest version has fixed the security holes, but many users have not yet installed the latest version.

It is estimated that as many as 2 million people visited Yahoo and had their computers infected. A great many more individuals would also have had their computers compromised had they visited the website instead of Google. In this case, the individuals behind the infections – malvertisers – were putting users’ computers to work performing bitcoin calculations: a very profitable business if you have 2 million or more computers at your disposal.

Of course this is nothing new. Many websites are infected with malware. They just are usually not as big as Yahoo. However, hackers are getting bolder, and are now succeeding in infecting large websites with very good security measures in place.

Advertising networks are increasingly being infiltrated by malvertisers

Legitimate advertisers use advertising networks to syndicate their adverts across many thousands of websites. They are able to put their adverts in front of tens of millions of potential purchasers. Malvertisers, individuals or disreputable companies, are now doing the same. They make their adverts look respectable and get accepted by an advertising network. However, their ads contain links to malware-ridden websites, or code that probes for security vulnerabilities in users’ computers. They then inject their malware and put it to work.

Unfortunately, it is not a difficult process. In fact one doesn’t even need to be a hacker in order to do this. All that is required is an exploit kit that can be rented online. Take the Black Hole exploit kit for example. Using this kit, online criminals are able to inject code into the web browsers of site visitors. The renting of exploit kits is now commonplace and developers will even show people how to use the exploit kits to achieve their aims. Even people with very little knowledge of programming are able to use the kits to infect computers with malware.

The threat from these wannabe online criminals is considerable. If your company’s employees visit websites while at work, they could inadvertently click on an advert that directs them to a site containing malware, or one with advertising code on the page that probes for vulnerabilities. Even viewing an advert may result in a computer being infected.

There is a solution that protects against rogue adverts

There may be a high risk of infection, but that doesn’t mean that the risk cannot be effectively managed. In fact, managing risk is surprisingly easy. All that is required is software that contains an ad-blocker, and there is plenty of choice (NoScript, AdBlock and ScriptSafe for example). All of these are capable of blocking adverts and, if no adverts are displayed, users will not be able to click on malvertiser’s adverts.

Unfortunately, with all of these ad-blockers there is a problem. First of all, they are all browser-specific. That means every browser in an organization will need to have the ad-blocker installed to offer protection. They are also only available as plug-ins. This poses another problem for Sys Admins. Plug-ins are only safe if the latest version is installed, and updates are frequently released. Even these “safe” plug-ins contain vulnerabilities that can be exploited.

That means that every browser on every computer that connects to the network must have the plug-ins installed and then be frequently updated. On a small network of 20 computers this would be a considerable task. On a network with 1,000 desktop computers, 500 laptop computers, numerous tablets and mobile phones, it could potentially be a full time job for a small team of Sys Admins. Not a very practical solution it has to be said.

Is there a less labor-intensive alternative?

Fortunately, there is. The solution is to install a web filtering solution that contains an Ad-blocker. SpamTitan web filtering solutions for the enterprise contain an ad-blocker that will block adverts on all users’ devices, which includes mobile devices as well as desktops. A Sys Admin can configure the web filter to protect all users, but the software is not only about blocking adverts.

SpamTitan’s web filter will also prevent users from visiting websites known to contain malware and will block undesirable content such as pornography, gambling and file-sharing sites. SpamTitan’s web filter has been developed to give Sys Admins an exceptional level of control. Permissions can be set for the entire organization, groups of users or individuals.

A user in the IT department could be allowed to view any site, while a member of the accounts department could be prevented from visiting virtually all websites. Different web filtering settings can even be assigned for different times of the day, if required.

Such a granular approach is important as each member of staff may require different levels of access. Social media websites could be blocked for all members of staff except those in the marketing and IT departments for example.

Having all of these controls could potentially require a Sys Admin to spend hours learning how to operate the system, and weeks configuring it. Not with SpamTitan. The controls are intuitive, easy to set up, there is no steep learning curve, and configuring users’ settings is a relatively quick process. Protecting a network from malware, and users from viewing undesirable content, has never been easier.

An Increasing Number of Legitimate Sites are Being Used to Deliver Malware

Certain types of websites are known to contain malware and carry a high risk of infecting visitors. Video streaming websites, those providing adult content, and sites run by individuals who lack an understanding of basic security controls. However, it is not only these websites that carry a risk of infecting visitors with malware. Even large sites – we are talking Yahoo and YouTube here – have allowed malware to be installed. How is this possible with websites that generate huge revenues can also be infected?

The problem is not the websites themselves, but the content that is displayed on them. Malware is delivered indirectly, via the ad networks site owners sign up to or fail to block. There are a lot of unscrupulous advertisers out there, and many do not vet their customers very well. Some ad networks allow anyone to sign up. They also serve just about any kind of advert, even those containing malware or malicious links. Any visitor to those sites could potentially have their device infected. If one of those visitors is an employee of yours, your network could be in serious trouble.

Ad networks can allow malware to be delivered to users’ devices

An advert on a website could direct the visitor to a phishing website or one that contains multiple pieces of malware. That is not to say that the advertisers are deliberately phishing for information or want to infect visitors. They may not even be aware that their websites have been hijacked by hackers.

Advertising is often a necessary evil to make websites profitable. Without advertisers, many websites would simply go out of business. To generate revenue, site owners place code on their websites that third party servers can access. Adverts are then shown to visitors to that website via text, image, or even video ads. Those third party servers potentially syndicate adverts to tens of thousands of websites, including many legitimate and well known websites.

With the potential to send adverts to so many websites, ad networks are frequently targeted by cybercriminals. If they are successful, their malware can be very quickly syndicated and placed in front of tens or hundreds of thousands of individuals. In some cases, millions.

You may have even seen some of these adverts. Have you been served an advert that tells you that your system requires an urgent update? Your JavaScript is out of date? You can only view the content on the website if you download this security patch? A high percentage of these adverts are fake, and will install malware or malicious code on your computer.

Even if the ads direct you to a legitimate website, they often result in pop up browser windows being launched which can slow down your computer. Those pop ups may also contain links to many dangerous websites.

As a system administrator do you want your company’s employees to be presented with adverts telling them to update their software themselves?

What can IT managers do to prevent networks being compromised by employees

Recent research conducted by Cisco Systems has revealed that employees and other Internet users are much more likely to suffer a malware infection as a result of shopping online at legitimate websites than they are by visiting file sharing websites. How much more likely? 21 times apparently, according to Cisco Systems researchers.

Hackers often target industry and business websites and infect them with malware. This is because business network infiltration can be extremely profitable. These websites are often targeted through the ad networks they use to generate additional revenue from their sites.

As an IT Manager you will be expected to protect your network from malware. Due to the high risk of third party ads serving malware, is the answer to block all third party adverts from being displayed? Many IT security pros do just that, and block adverts. These individuals believe there is actually no benefit at all to be gained from allowing the adverts to be shown. They just add an unnecessary risk to surfing the Internet. They also waste bandwidth and employees time.

Blocking third party adverts from being displayed is straightforward. A firewall policy can be introduced to prevent the adverts from being displayed. This functionality is also included with WebTitan’s enterprise content filtering solutions. With the latter, certain types of website can also be blocked to protect employers and employees. It is also possible to block adverts and even apply specific controls for certain groups of users or even individual employees.

You may feel ad blocking is an unnecessary restriction and would prefer to instruct members of staff not to click on the website adverts. Unfortunately, there will always be one employee who breaks the rules and that could result in malware being delivered. Are you prepared to take that risk?

WebTitan Announces Winner of its Cloud Security Competition

In September, WebTitan launched a competition offering charities the chance to win a free WebTitan Cloud Security Solution to keep their networks protected when workers access the Internet and email.

The solution is highly effective at preventing users from inadvertently accessing web contact that could cause networks or computers to be infected with malware, while protecting users from objectionable content. It also allows an organization to see what websites individual workers are attempting to access. For charitable organizations the WebTitan Cloud Security Solution offers exceptional protection, and can prevent data breaches and costly cyberattacks.

The competition attracted a great many entries. All that was required to enter was for the participant to be a charity, and provide a brief answer to a very simple question: Why the organization would benefit from winning a free WebTitan Cloud Security Solution

The WebTitan Cloud Competition Winner Is… Touch Life of Uganda

The first prize in the competition was well worth winning: A WebTitan Cloud web security license valued at $8,000!

The prize could not have gone to a worthier winner. Touch Life is a Non-Government Organization (NGO) operating in Uganda. The charitable organization performs important and incredibly valuable work, assisting families that have been torn apart by war, famine, disease, and have been forced to live a life of extreme poverty. The charity empowers those families to take control of their lives and gives them hope.

In an ideal world, the websites of charities would be exempt from cyberattacks. Yet sadly their websites are no different to global corporations earning profits in the billions. Cybercriminals often conduct random campaigns, and the reality is charities are often targeted simply for having poor security controls. If there is money to be made from attacking a website, those websites will be attacked. In fact, cybercriminals often take advantage of natural disasters, famine, and war to obtain donations intended to help victims.

However, the Internet is vital for charities to spread news about the excellent work they perform and attract donations. Without those donations they could not continue with their missions. It is therefore essential that the websites have cybersecurity protections in place to protect from attack and ensure that donations make it to the victims, rather than be diverted to cover data breach costs. WebTitan Cloud security offers that protection.

Second Prize awarded to… New Zealand’s Framework Mental Health and Intellectual Disability Service

The second prize in our Cloud Security Competition was a brand new iPad. The winner of the prize is Framework of New Zealand, a provider of mental health and intellectual disability services in the Greater Auckland region. The organization conducts important work and helps to improve the lives of the mentally and physically disabled, teaching them a range of vocational skills, offering training, education and support. The charitable organization was first established in 1984 and has helped thousands of individuals lead more fulfilling lives.

Additional prizes have been awarded to a number of competition participants. A $50 Amazon voucher has now been sent to NGOs around the world, including Australia’s YMCA.

We would like to take this opportunity to thank all participants in our Cloud Competition and encourage all charities to check our blog frequently for news of further competitions. Be sure to sign up to receive our blog posts to make sure you never miss a chance to win. Our blog posts will also keep you abreast of the latest security threats to allow you to protect your websites, networks and data from cybercriminals.

Anti-Phishing Controls: Protecting End Users from Phishing Campaigns

Without anti-phishing controls in place, your organization is likely to face a high risk of end users falling for scams. How good do you think your employees are at spotting phishing emails?

How good are you at spotting phishing emails? Are you a Grammar-Nazi who can spot a misplaced semi-colon from 50 paces? Are you a former Spelling Bee champion or an amateur super-sleuth?

Sometimes phishing emails are so obviously fake they are laughable. You would think that a scammer who goes to the trouble of sending out millions of emails claiming to be from a reputable company would actually check the spelling of the company name. Many don’t. Error-ridden phishing emails are common, and they are easy to identify.

However, don’t believe for one second that all phishing campaigns are that easy to identify. I write about Internet security and I have nearly fallen for one in the past. Admittedly, it was a very convincing one and in the early days I was a little naïve!

I tell you this as even the security conscious can fall for phishing campaigns from time to time. Sometimes scams and phishing emails are virtually impossible to distinguish from legitimate emails. Unless a software security solution is used, it is all too easy to inadvertently become a victim.

It used to be a rarity to be emailed a phishing email that was convincing, free from errors, and looked like it had been sent by a legitimate company. Today, scammers are much wiser. They know that a little time spent preparing a campaign properly will result in far more clicks and even more victims.

When you consider the money that can potentially be made from targeting business users, investing some time into creating highly convincing campaigns is well worth the investment. Spending a few hours or even a couple of days on a campaign could make the difference between getting no clicks and netting millions of dollars. Unsurprisingly, email spammers have realized this.

Spear phishing emails are becoming increasingly common

IT security professionals will be well aware that their end-users will be sent phishing emails that can be identified with one eye closed. These emails are sent out randomly in the millions. Fake PayPal receipts, Better Business Bureau warnings, potential lawsuits, and requests for money to help victims of natural disasters. These emails are very common. Unfortunately, they claim many victims. If they didn’t, the spammers would stop sending them.

However, there has been an alarming rise in spear phishing emails in recent months. These are more worrying as they have been expertly written and use personal information gained from the recipient to convince them to click on a link or open an attachment. They can even appear as if they have been sent by a friend, or contain information that has been gained from a social media account.

Sometimes an email will be sent to a number of individuals in a company. Other times the email targets one person. In the case of the latter, these insidious emails can be highly effective. An attacker gains access to the target’s Facebook account, either by being accepted as a friend, viewing pages that have been indexed in the search engines, or by guessing passwords. Then information posted to the user’s account can be used to construct a convincing email.

For example, you attended a school function, such as a sports day, and you post some pictures to your Facebook account. If someone had access to your account or could view your pictures (a friend of a friend of a friend for example) and they then sent you an email with a JPEG attachment, would you be likely to open it if they said they enjoyed speaking to you at the event and said they had attached a great picture of your child? How about if they mentioned your son by name? All of that information could be easily gained from Facebook without even having your password!

Simple anti-phishing controls will protect your network from spear phishing campaigns

Fortunately, defending against well researched and expertly written phishing emails is not difficult. There are a number of anti-phishing controls that can be used to prevent the emails from being delivered, as well as controls to stop users from visiting phishing websites.

The first line of defense is to prevent the emails from being delivered. To do that you need to install a spam filter, such as that offered by SpamTitan. SpamTitan Anti-Spam solutions prevent 99.98% of spam and scam emails from being delivered. It is one of the best anti-phishing controls you can implement to protect your workers and network.

Secondly, all members of staff, from the CEO down, should receive security awareness training so they know how to identify a phishing email. Training need not involve day-long courses. A little information can go a very long way. It is better to have face to face training but an email explaining how a phishing email can be identified is better than nothing. Remember to put training to the test by sending staff members fake phishing emails to see how their training is being applied at work. This will identify the weakest links, and further training can be provided.

Thirdly, it is possible to block users from clicking links to malware-infected websites. Employ a web filter and these and other potentially dangerous links can be blocked. SpamTitan’s web filtering solutions are ideal for this.

Along with Anti-Virus software and Anti-malware protection, users can be properly protected by using anti-phishing controls. All small to medium businesses should use each of the above solutions to minimize risk. A little investment in anti-phishing security measures can safe a fortune in data breach remediation costs. It could also prevent ransomware and other potentially catastrophic malware infections.

New Research Indicates Social Media Site Use Does Not Kill Productivity

Ever since the advent of social media networks, employers have been trying to devise ways to prevent employees from using the sites in the workplace. Employers see the sites as a huge drain of the staff’s time and believe they are one of the biggest killers of productivity. It is true that a lot of time is spent on the websites instead of performing work duties, and some employees spend far too much time checking posts. However, new research has now been released suggesting social media site usage may not actually be that bad. In fact, there could even be major benefits for employers.

Do you Ban Social Media Site Use at Work? You Could be Causing More Harm than Good!

A new study conducted by Warwick Business School shows that banning the use of social media access in the workplace is more likely to kill productivity than allowing staff access. Any employer believing the opposite is true needs to have a rethink. Some downtime in the workplace is a good thing.

Employees cannot work for 4 hours straight without a break and be expected to be as productive at the end of that 4-hour stretch as they were at the start. Taking a few minutes here and there to check Facebook can mean employees’ productivity actually increases.

Warwick Business School’s Professor of Information Systems, Joe Nandhakumar, ran the investigative study. He believes that some workers are better at organizing their workflow if social media site access is allowed. Knowledge workers in particular can perform better at work if access is provided.

Rather than social media being a distraction, Nandhakumar believes the opposite to be the case. Employers just need to find the positives and not concentrate on the negatives. He has also pointed out that the use of social media may be a new issue for employers to deal with, but they have faced a similar situation in the past with the use of email. That was thought to be a huge drain of time, yet evidence suggests that not to be the case. Take it back even further, and the use of the telephone was believed to be a killer of productivity. In actual fact, social media, email and the telephone make workers more productive, and allow them to achieve much more during their working day.

Social media use has been shown to increase productivity

If employers believe that employees should be spending 100% of their working day dealing with working matters, they will naturally see social media use as a drain on productivity. However, employees are not necessarily goofing off when they access Facebook. Many check the sites intermittently while performing work duties. The younger generation especially is particularly skilled at multi-tasking, and can keep an eye on Twitter, update Facebook, send emails and answer the phone at the same time.

These workers are able to cope with highly varied workloads, and banning social media use may actually kill productivity. Without some entertainment provided by Facebook, workers become bored, less productive, and less willing to work hard for their employers. Taking a short break from work can actually help to increase mental focus when they are working.

Studies have shown that it is not possible for people to concentrate for more than an hour at a time. Others suggest 45 minutes is more realistic, or even 20 minutes depending on which study you read. What is clear is concentration drops off after time, and simply taking 5 minutes an hour to check Twitter will actually have a positive effect. Workers will also be more creative and efficient. Clear benefits in certain industries.

Market research firm Ipsos was contracted by Microsoft to conduct a study into social media usage in the workplace. The study showed that 46% of workers felt that they were more productive if they took a few minutes off to check Facebook. There were some surprising differences between workers from different countries. Workers in India for example, found they were much more productive at work if their employers allowed some social media time. 71% of respondents from the Indian subcontinent agreed they were more productive if allowed access to Facebook, Twitter and other popular social media websites

The best approach? Use common sense!

There will always be workers who are overactive on social media websites and spend more time on those sites than they do working. Clearly these employees must be advised that the time they spend on the sites is unacceptable. However, not all workers will abuse the good nature of an employer.

How can social media site use be managed? There are some technical solutions that are highly beneficial in this regard, not just for curbing social media use, but also preventing personal Internet use from becoming problematic.

By installing a web filter – such as SpamTitan – the use of social media websites can be blocked entirely. A better tactic is to block access to the sites at specific times of the day. By doing this an employer can be more relaxed about usage of the sites, yet still ensure that employees are controlled. An example would be to block use of the sites during busy times, or in the mornings and directly after lunchtime.

The management can decide on an acceptable level and then configure the web filter accordingly. Controls can even be defined by employee or department. The marketing department and other groups of individuals who need to be creative could be set different limits than other workers in the business.

Data entry staff may need a break every few hours. Providing some access could therefore improve the level of work that is achieved each day. With a configurable web filter, employers can easily experiment and find the right balance. This may take a little time, but if it results in improvements to productivity and efficiency, this will be of great benefit to the organization.

Twitter Security Improvements Announced: Two-Step Authentication Added

Twitter, like many other social media platforms, is a target for hackers and cybercriminals. The company has recently become the victim of a number of cybersecurity incidents that have resulted in the account names and passwords of users being obtained by criminals.

Each attack spells bad news for the company, and even worse news for users of platform. They face an increased risk of suffering identity theft and fraud as a result of having their login credentials compromised. Twitter security measures were simply not good enough to prevent a data breach from occurring.

Twitter security bolstered with two-factor authentication

To address the situation, Twitter security has been improved with two-factor authentication. This is an important security measure to implement as it makes it harder for accounts to be hacked.

Two-factor authentication uses two means of identification to help ensure that accounts are only accessed by the correct individuals. In addition to entering a username and a password, Twitter now requires an extra element to verify the identity of the person trying to access an account.

A number of websites and online services have now added two-factor authentication to provide better protection for users of their online services. Google, for instance, added two-factor authentication in 2010.

Google’s reputation would be tarnished if it was hacked. The company proactively added the security measure to offer more protection to its account holders. Users of its services must supply a mobile phone number when opening an account. A unique code is then sent by SMS to the phone when a new device tries to access the account. Users can alternatively choose to have an email alert sent to advise them when a new device is used to access the account. This ensures that if someone tries to login to an account on an unknown device, they will be prevented from gaining access, even if they supply the correct login name and password.

This is a vital security measure to keep accounts secure and it has been adopted by a number of websites and social media platforms, although it appears to have taken a major data breach for Twitter security to have been improved with this fundamental security protection.

Social media accounts contain a considerable amount of data about the user. Should a criminal be able to gain access to an account, they would be able to gather a considerable amount of personal information that could be used to conduct a highly effective spear phishing campaign.

Two recent high-profile cyberattacks involved compromised Twitter accounts. They affected the UK’s Guardian newspaper and the American Associated Press. Hackers gained access to the accounts and released links to fake news items. Since the messages came from a trusted source, and contained click-bait links, the fake websites received hundreds of thousands of visitors.

The links were to fake articles detailing explosions at the White House – a potential terrorist attack – and a fake story about President Obama. Unsurprisingly, when news of the hacks emerged stock prices plummeted.

Oftentimes, the hacking of a company’s social media accounts causes permanent damage to the brand image. The compromising of a social media account could even allow hackers to launch further attacks, especially if passwords are shared across multiple platforms.

Two-Factor Authentication – An Essential Security Control

If you want to improve the security of your website or online services, setting up two-factor authentication is one of the best protections to implement.

Login names are easily obtained by cybercriminals, and passwords can all too easily be guessed. Many people still use “password” for example, or their data of birth. 1234567890 is also a surprisingly common password and one that is very easily guessed.

Enforcing secure passwords is essential. Force users to include capital letters, numbers, and special characters when creating passwords. Then add a second step that needs to be completed. Make sure the user registers an email address or a mobile phone number, and then verify these by sending an email or SMS text.

Whenever an access attempt occurs using a different device to that used during the registration process, a code should be sent via email or SMS. If that code cannot be provided by the user, the account should be blocked.

This will ensure that even if a password is obtained by a cybercriminal, access to the account will not be possible unless the person has also managed to gain access to the email account used to register, or has the victim’s mobile phone.

Will Two-Step Authentication Prevent Another Twitter Security Breach?

Twitter has suffered two major security breaches that have exposed the login credentials of hundreds of thousands of its users. In response to the incident, a number of additional security controls have been considered. The best solution was deemed to be the addition of a two-step authentication process.

This will not guarantee another data breach will be prevented, but it will make sure that it becomes a lot harder for hackers to gain access to login credentials. The new controls are likely to put off all but the most skilled and determined cybercriminals from attacking Twitter in the future. There will be much easier targets they can attack.

Two-step authentication is an important security control. In order to create an account, a user must sign up and create a login name and a password. The second step in the process, which will shortly be added to Twitter, is the requirement to have a code sent to an email address, mobile phone or the Twitter app.

The additional control will log the user’s device. If another device is used to login, another code will be sent to the app, phone or email account used to register. If the code is not entered, access to the account will not be permitted.

Wired.com has recently reported that Twitter is in the process of testing the new security measure before making it live. Once testing has been completed it will be rolled out to all accounts. This will not come a moment too soon. Cybercriminals are targeting social media networks, and if security measures are inadequate, data breaches will be suffered.

Social Media Networks are an Attractive Target for Cybercriminals

The networks are a big target for hackers and cybercriminals. The data stored in user accounts can be considerable. The data can be used to conduct highly effective spear phishing campaigns. With detailed information about each user, those campaigns can be very convincing.

Criminals can use stolen data to craft emails that the user is likely to respond to. They can find out who their contacts are, and make an email appear that it has been sent by a friend. That makes it far more likely that the target will click a phishing link or open an infected attachment.

Not only that, passwords are often shared across websites. Many people use the same password for Twitter as they do for their online banking and for work. One single password could potentially give a criminal access to much more than a social media account.

Phishing emails are being sent with increasing regularity

In the first half of 2012, phishing attacks are estimated to have increased by 19%. Many criminals still use email as the vector of choice, but many are now targeting social media networks. Criminals are finding it is easier to use Facebook and Twitter to get users to click on links to phishing websites. People even unwittingly share phishing links with their friends, helping the attacker infect more machines and steal more passwords.

Phishers are targeting individuals, but many are after a much bigger prize. If a user’s work computer is compromised, it can allow access to be gained to a corporate network. In fact, businesses are now being increasingly targeted using phishing campaigns.

These campaigns are far more sophisticated than in years gone by. The emails and social media posts are much harder to identify, and many employees are convinced to (unwittingly) download malware and viruses.

Unfortunately, many businesses are still not addressing the risk and have failed to implement adequate security controls. Some employees have not even been trained how to identity a phishing email!

Unless greater investment goes on improving security protections, and further training is provided to the staff, it will only be a matter of time before a network is compromised, customer data is stolen, and corporate secrets sold to the highest bidder.

Boston Bombing Video Used to Infect Computers with Malware

Terrorist attacks are occurring with increasing regularity around the world, but it is still rare for one to happen on American soil. However, on Monday an attack took place at the Boston Marathon. The tragedy claimed the lives of three people.

It is at times like this that vigilance must be increased. Criminals often use events such as this to infect computers with malware. Big news events are often used to lure victims into clicking on links to websites infected with malware or convince them to open malware-infected email attachments. The Boston bombing is no exception. Criminals have seized the opportunity already and have started sending emails about the tragedy which contain links to infected sites.

SpamTitan is alerted when spam and phishing emails are captured. The quarantine reports are collected and analyzed, and some of the recent crop of captured messages contain titles such as “Explosion at Boston Marathon” and “Boston Explosion Caught on Video.” When news breaks, people want to find out what has happened, and images and videos of the event are sought online. Videos of the Boston bombing are being searched for on Google and social media, and emails including links to videos are likely to be clicked.

Anyone clicking one of the links in the emails will be directed to YouTube where a range of videos are listed. No harm is immediately caused.

However, after 60 seconds the visitor will be notified of a file called “boston.avi____exe”, and are asked to download it. If the file is run, it will install malware which will connect to servers in three locations: Argentina, Taiwan and Ukraine. Data from the infected machine will then be sent to those servers. SpamTitan software will prevent the email from being delivered using a variety of methods, thus protecting the user. Individuals without this software installed are unlikely to even be aware that their computers have been compromised.

Be wary about emails containing news alerts

Cybercriminals often use news events to spread malware and gain access to computers and servers. Each major news story, whether it is a terrorist attack, election result, natural disaster or celebrity wedding, will see numerous phishing and spam campaigns launched. Many of these campaigns see emails sent out randomly, often in the millions.

Any company that does not have a spam filtering solution in place is likely to see many of these emails delivered, and all it takes is for one end user to click on a link and download a file for a network to be compromised. It is not only malware that is a problem.

There have been a number of new websites registered in the past two days related to the Boston bombing. New domains have been purchased by individuals looking to capitalize on the attack. Some have been bought and are currently just parked. Some individuals have purchased the domains to prevent them from being used by scammers. Others have been activated and are seeking donations to help the families of the victims. Of course, any donations made through those websites will just go into the criminal’s pocket.

In addition to installing a spam filter to catch email spam, and employing a web filter to block links to malicious websites, be sure to adopt the following best practices and make sure that staff members do the same:

Don’t become another victim of a scam!

  • Check the email address of the person sending the email even if it appears to be from someone you know
  • Never click on a link in an email unless you are sure that link is genuine
  • Do not open attachments contained in emails from strangers
  • Be wary about opening attachments sent from friends. Their account may have been compromised or they may not realize they are sending an infected file
  • Never open executable files (those that end with .exe)
  • Never respond to an email request for money. If you want to donate, do so via a trusted, registered charity. Always visit the website via the search engines, not the link contained in the email
  • Make sure a charity is registered before making a donation
  • Be wary of any email sent to you containing information about a news event – who is sending it? How did they get your email address?
  • Do not forward or share suspicious emails or links

Predicted Increase in Everyday Hackers: Security Threat to Increase

What is a hacker?

Hackers are commonly referred to in print media and Internet reports, and are often viewed as either criminal masterminds intent of wreaking havoc and causing chaos, or bored (but highly skilled) teenagers with nothing better to do with this time.

However, a hacker is just an individual who is familiar with computer software and who is able to find and exploit security weaknesses in computer systems. Should you conduct a search on the internet for HTML Injection, you would find a great many websites that explain how to use this technique to gain access to websites.  If you were to follow the instructions, you would essentially be a hacker. Just, not a very good one.

Not all hackers are bad, not all lack a conscience, and many are not motivated by money. Some are highly talented individuals who want recognition for their computer skills or just want to protest about something. Hackers have been known to break in just to prove a point. It is morally reprehensible that board members are taking huge amounts of cash out of the business, but are jeopardizing the privacy of their customers and leaving them exposed to Identity theft.

Some companies even employ hackers to test their systems. These “ethical hackers” or “white hat hackers” perform an extremely valuable job. It is far better to have an employee attempt to hack a computer network to find vulnerabilities in order to fix them, rather than have a malicious outsider break in and steal data. Facebook has, and does, hire programmers for this purpose, and even runs an annual hack-a-thon.

The rise of the everyday hacker

The leading company in the field of application security testing, Veracode, produces an annual security report that assesses the state of software security. The company’s researchers investigate security trends and makes predictions about how vulnerabilities could potentially be exploited.

In this year’s State of Software Security Report the company has predicted there will be a rise in the number of “everyday hackers” over the next few years. These “have-a-go-hackers” will not be highly skilled computer geniuses. They will be normal people who decide to have a go at hacking. As previously mentioned, there is a lot of information on the internet, and many techniques do not require a great deal of computer skill to pull it off.

A “SQL injection” search on Google will reveal 1.74 million search results. Not all of those websites will give step by step instructions on how to do it, but some do. Currently, according to the Veracode security report, 32% of web applications contain security flaws that could be exploited by SQL injection.  These flaws are not hard to identify, and are actually quite easy to fix. Many companies do not even test for them.

Hacking is increasing and data breaches are occurring much more frequently

More than half of data breaches are caused by hackers breaking into systems to steal data (or stealing data once they have broken into a system for other reasons). In 2011 and 2012, Veracode calculated that 52% of data breaches came as a result of web intrusions.

Interestingly, software is now being installed to tackle these vulnerabilities and far fewer security holes typically exist. The problem is more people are now looking for vulnerabilities to exploit.

Veracode found that unsecure software was the largest root cause of data loss. Its researchers discovered that 70% of software used by organizations does not even comply with enterprise data security policies.

Unless organizations take a more proactive approach and address these vulnerabilities as a priority, hackers will exploit the security holes and sabotage systems, hold companies to ransom, and steal data. To prevent data breaches, action must be taken and taken fast.

Tips to Help Organizations Identify Online Identity Fraud Threats

Many people are willing to use the Internet to commit fraud. Identity thieves try to get website surfers to reveal their personal information, hackers break through defenses to steal credit card numbers and bank account information, and scammers head online in the tens of thousands. Saboteurs spread viruses and criminal gangs are using spear phishing campaigns to get the information they need to empty corporate bank accounts. The Internet can be a very dangerous place indeed.

There were more than 1 million victims of online identity fraud in 2012

A recent study conducted by market research firm Javelin Strategy and Research, indicates more than 1 million victims of identity fraud were created in 2012 than the previous year. That means one in three Americans have now become victims of online fraud. An incredible 12.6 million people have been affected by online fraud in the United States alone. In fact, a new victim of identity fraud is created every three seconds.

Cybercrime is extremely profitable. In 2012 alone, more than $21 billion was lost to cybercrime.

People are engaging in high risk activities online

One of the main reasons why we have experienced such a dramatic upturn in cases of identity fraud is a lack of security awareness. When connecting to the Internet, many individuals fail to realize they are entering a potentially dangerous place. Because of ignorance of the risks, many people fail to take precautions and do not protect themselves.

Would you walk down a street in New York City waving a big bundle of cash in front of you? Would you leave your credit card in a phone booth? Of course not. Yet people do equally risky things online. They provide their bank account details to criminals and enter their credit card details into online forms without checking whether the website is legitimate. They even store all of their intimate information on their laptops, Smartphones and tablets, and then leave those devices in cafes, unlocked automobiles, on trains and on buses.

These things can and do happen, but when it comes to online fraud, the biggest threat to security comes from social media websites.

Social media websites carry a major risk of identity fraud

Most of us have done it. Uploaded a photo to Facebook, posted intimate details of our personal lives, accepted a request from a “friend” we barely know. Some people post virtually every aspect of their lives online: What they had for breakfast or cooked for dinner, where they have been, who they bank with, etc. All of this information is incredibly valuable. Just ask Facebook. The company doesn’t charge users for having an account. Facebook makes money from selling your data to advertisers. They are not the only people who are interested to find out about you. Identity thieves also want your information.

It is easy to get a name from a social media account, also an address. Your birth date is not hard to obtain. What other information have you posted online since you joined Facebook and Twitter?

If someone had access to your accounts, do you think you would be an easy or hard target for an identity thief? How about the complexity of your password? Is that shared across websites? Is it easy to guess if someone knows the name of your pet? Or your child’s date of birth?

The fact is that most people are easy targets and engage in risky behavior. Even celebrities are major targets for hackers and thieves and have had their accounts hijacked. There is a lot of information in cyberspace about you that can easily be obtained by a hacker or criminal with a little time and a modicum of skill.

Fortunately, it doesn’t take much effort to protect yourself. All you need to do is adopt some basic “best practices” when using social media websites and while surfing the net.

Best practice tips to avoid becoming a victim of identity fraud

With a new case of identity fraud happening every three seconds it is vital that you take steps to protect your identity. Otherwise it will only be a matter of time before you become a victim. Possibly only 3 seconds!

Don’t reveal your private and confidential information on Facebook or Twitter

Think before posting. Does the information in your post reveal a little too much about you? Do you trust ALL of your Facebook friends? Do you even know the people who follow you on Twitter? Is your post appropriate for everyone on your friend list? Ask yourself these questions and make sure you use your restricted lists carefully and regularly check your Facebook privacy settings.

Have you made yourself an easy target?

Have you locked all of your devices with a password? Do you store passwords and login information on your computer? Are those files protected with a password? Do you ever access PayPal or your bank accounts via an insecure network? Do you always check that a website starts with https:// (not http://) before entering sensitive information? Remember, the Internet can be a dangerous place!

A Play Store mobile app is not necessarily safe

When you download an app to your mobile phone, do you read the list of data that you are giving that app access to? Do you trust the manufacturer of that app to keep your data secure? It is a pain reading all of the small print, but make sure you know what data you are potentially providing.

Your Smartphone is an encyclopedia of information

Be careful about the data you share online via your Smartphone, and for heaven sake don’t leave it anywhere where it can be stolen. In case of theft, you may compromise your entire email account, your WhatsApp conversations, access to your bank account and much more. Make sure you use a strong password, activate the lock function, don’t automatically connect to Wi-Fi networks and never leave Bluetooth on when it is not necessary.

Mobile phones are insecure

Be exceptionally careful about divulging any information via a mobile phone. That means text messages and phone calls, not only apps and Internet sites. Before disclosing information ask yourself why does the person or company need it? Who are they? How will your data be used? Are you volunteering data? If so, why?

How quickly would you know that you had become a victim of online fraud?

Do you check your bank account frequently? How about PayPal? Your credit card balance? How long would thieves have before you realized you had become a victim. It is not only financial information that can be used to commit fraud. Do you check your health insurance Explanation of Benefits (EoB) statements for signs of fraudulent insurance claims? Do you obtain free annual credit reports from Experian, Equifax and TransUnion?

It is easy to become a victim of online fraud but many people do not regularly check to find out if they have become a victim.

You have become a victim of online fraud! What do you do?

A quick response can limit the damage caused. Act fast.

  • Call your bank and credit card provider and place a credit freeze on your accounts
  • Change all of your passwords
  • Report social media account hacking to the provider of the service
  • Obtain credit reports to find out how badly you have been affected

Report all cases of online fraud to the relevant government and law enforcement agencies.

BYOD: Breach Your Own Data or Bring Your Own Device to Work?

Bring Your Own Device (BYOD) is increasing in popularity. Employers love it: They can leverage the power of Smartphones, tablets and laptops, without having to pay the huge cost of supplying the devices to all staff members. BYOD can lead to a major increase in productivity, improve efficiency, and the devices facilitate better collaboration. They make communication so much easier.

That said, they do raise a number of security concerns, so much so that many security experts believe the acronym should stand for “Bring Your Own Doom”, or “Breach Your Own Data.” By running such a scheme are you just introducing unnecessary data security risks? Would it be better to bite the bullet and supply mobile devices to exercise greater control?

Employees are not necessarily careful with corporate data stored on their devices

Employees engage in risky online behavior. They fail to implement even basic security controls on their own devices and are prone to losing them. If the devices are used to store corporate data, this is a major security risk.

Even with the risks posed by allowing the devices to be used at work, a Fortinet survey recently revealed 74% of organizations in the United States have adopted BYOD.

The survey was conducted on 3,800 employees, half of whom believed bringing their own devices to work was a basic human right. In actual fact is it a privilege. The figures would be surprising were it not for the fact that all of the respondents were in their early twenties, many of whom had only just started their first job.

Young adults, often referred to as Generation Y, are tech-savvy and have grown up in an environment with a myriad of electronic devices at their disposal. They are heavily reliant on this technology. This is good news as it means they are able to use a wide range of devices competently; they know their way around a computer and are easy to train. On the downside they are perhaps too reliant on their mobile devices and use them too much to communicate. Take those devices away and they are at a loss.

Employers have realized that this technical expertise can be leveraged to improve efficiency in the workplace. They are also the CEOs, CISOs and senior executives of the future, and their understanding of how technology can be used in the workplace is far better than current industry heads. Their knowledge of technology can be used to increase profits, connect with customers, and tap into new, lucrative markets.

It is no surprise that even with the considerable security risks, Generation Y is encouraged to use mobile electronic devices at work. There are, after all, great benefits to be had. Companies that do not allow use of the devices could well find themselves falling behind their competitors.

What is the real cost of BYOD?

Improved efficiency and productivity does come at a cost. BYOD has a major drawback. It can make it far easier for hackers and malicious outsiders (and insiders) to gain access to corporate data. This is a major problem, especially for smaller organizations that lack the big budgets of the likes of Sony, Microsoft, IBM and Facebook. They cannot devote as much money to improving cybersecurity defenses.

Large companies may be targets for cybercriminals and hacktivists, but smaller businesses are now being targeted with increasing regularity. The data they store may not be worth as much, but it is far easier to gain access to. Small to medium-sized businesses are fast becoming the primary targets for many online criminals.

How robust are your BYOD Internet and email security controls?

Interestingly, the Fortinet study revealed that 66% of respondents thought it was their own responsibility to keep their devices secure. Only 22% believed device security was the responsibility of their employer.  While it is good news that BYOD participants believe they should take care of their mobiles and ensure they are kept secure, this does not let organizations off the hook. If the devices are not properly controlled and managed, they could all too easily lead to a data breach.

One problem highlighted by the research is Generation Y is happy to break the rules. Policies can be put in place, but it does not mean they will be followed 100% of the time. One of the most effective ways of managing BYOD is to focus on BYOD participants rather than the devices that are used to connect to corporate networks. A user-centric approach has been shown to work very well.  If the user is effectively managed, they are empowered to keep their devices secure.

That said, security controls must be implemented by an organization. Policies must be developed covering data security, and users must be reminded of the risks posed by the devices.

Business Networks at Risk from Personal Devices

It will probably come as no surprise to discover the use of personal devices at work carries significant network security risks. Chances are your company may even have a BYOD policy in place that permits the use of personal devices in the workplace.

In an effort to quantify the level of risk posed by the use of these devices, a survey was conducted by Virgin Business Media. Respondents were asked questions about BYOD and the potential pitfalls. Network security was one of the main worries, and alarmingly, 51% of respondents revealed they had already suffered a security breach as a result of personal devices being used to access corporate networks.

The number of devices connecting to the network has an impact on the level of risk faced. The more devices that are allowed to connect, the greater the risk of one of those devices being used by a hacker to launch an attack on the network. Small to medium sized businesses tended to suffer fewer breaches as a result. The survey suggests 25% fewer.

These figures should not be taken to mean that small businesses are unlikely to suffer a cyberattack or experience a security breach. The risk from mobile devices will be reduced, but cybercriminals are now attacking small businesses with increasing regularity. Small to medium sized businesses may not store such large volumes of data, and they may not be as valuable to criminals, but the security defenses used to protect networks are much easier to circumvent. SMEs also tend not to employ as highly skilled IT security staff as the likes of IBM, Facebook and Google.

Take a Proactive Approach to Internet and Email Security

Many small to medium sized enterprises only implement robust security controls after they have suffered a major security breach. Many CEOs believe that they will not be targeted by criminals and do not require particularly sophisticated defenses. Unfortunately, many attacks are random, so SMEs actually face the same threats as larger corporations. They may not be targeted by teams of foreign government-backed hackers, but they are at risk of attack by other hackers and Internet criminals.

The FBI and National White Collar Crime Center formed the Internet Crime Complaint Center (IC3) as a single point of contact for victims of internet crime. IC3 receives reports from businesses and individuals who have become victims of online criminals. In 2011, IC3 received over 400,000 separate complaints from small to medium sized companies that had become victims of online criminal activity. The threat of attack is actually very real.

Given the high risk and the increase in internet crime, business owners need to face the facts. It is no good burying your head in the sand and hoping that it will never happen. It is time to implement security defenses to ensure that it doesn’t.

You may not want to introduce BYOD and have to deal with the risks, but if you do want to leverage the benefits of personal mobile devices and want to enjoy the increase in efficiency and productivity that BYOD promises, you will have to make sure appropriate security measures are installed. Otherwise you could be making your network a lot easier to breach.

Cybersecurity Attacks have given CEOs a Rude Awakening

Unfortunately, IT security professionals have to deal with business managers. This is a problem that will never go away, but there is some good news. They may still be intent of slashing budgets and increasing the productivity of the workforce, but they are less keen about slashing IT department budgets. Many are now suggesting increases in operational budgets to deal with the increased risk of attack.

We are also finally seeing CEOs making the decision to implement good security measures to protect against malicious insiders and hackers. The days of having “good enough” security measures may finally be coming to an end. Attitudes on cybersecurity are changing at last, in no small part due to the cost of not doing so being hammered home. Highly publicized cyberattacks have helped in this regard. So have reports of stock prices tumbling after security breaches are suffered.

It is not only lone hackers that are attempting to break through firewalls and cybersecurity defenses. Groups of incredibly talented hackers are being recruited by nation states and are being put to work on highly sophisticated hacks on U.S. enterprises. With the backing of nation states, the threat level increases considerably. Robust defenses must be implemented to repel the attacks. Any organization that implements minimal cybersecurity defenses may as well place an advertisement in the Washington post inviting hackers to attack.

Cybersecurity attacks have been receiving a lot more press, in no small part due to the huge volume of data that hackers have been able to obtain. Corporate secrets, company accounts, information on personnel, customer data, medical records, Social security numbers, and much more have all been obtained. This information is subsequently sold to the highest bidder or, in some cases, simply posted online for all to see.

The potential damage caused can be catastrophic. Many small to medium sized businesses would not be able to survive such an attack, and even enterprise organizations feel the effect. The threat from these attacks has seen a much needed change in attitudes of the upper management and, while IT departments are not yet given all the money they need, the situation is certainly improving.

A recent survey conducted by ESG research suggests information security situational awareness and strategy is something that business leaders are getting much more involved with, according to 29% of respondents. This is a major improvement year on year. Furthermore, 40% of respondents said that over the past year, the executive management has become “somewhat more engaged” with these matters.

As more mega data breaches are reported in the news, and the true cost of resolving security incidents is calculated, we can expect engagement to increase more. Bigger IT security budgets should also be allocated to improve protection.  

Avoid Legal Liability and Web Threats by Investing in Internet Security

It is now possible to search the internet more securely and also avoid objectionable content without having to install a web filtering solution or parental controls. Google has added greater protection to its search engine to filter out undesirable webpages. Users of Google.com will no longer have the option of choosing a moderate level of content. The choice is now a yes or no. They can “filter explicit content” or not, and account holders can also lock the setting in place.

This will undoubtedly please many parents who will be able to easily add a filter to prevent their children from being displayed content of an adult nature, but not everyone is happy. The news broke via Reddit and many internet users have reacted angrily over the censorship that is now placed on searches by Google SafeSearch.

Google SafeSearch is not sufficient protection for businesses, schools and colleges

The major search engines are well aware that there are a lot of websites containing adult or otherwise explicit content on the Internet and most now offer an option to filter search results to prevent certain sites from being displayed. When set to their various safe modes, they will limit the search results for general search terms. This is fine for home use but it is not sufficient protection for schools, colleges and business use.

The function can be used of course, but it will need to be set on each individual computer or browser, and the controls are easy to navigate around. They will only prevent content from inadvertently being displayed in the search results. If a student or member of staff wants to access explicit content, it is easy to bypass the controls or turn them off.

Oftentimes these filters are overactive and prevent some legitimate websites from being displayed. It may not be possible for students or teachers to view classic literature or works of art. Some will be deemed to be sexually explicit. The answer in this case is not to use the search engine functions to filter content, but to employ a powerful web filtering solution such as WebTitan.

WebTitan allows a system administrator to fine tune the web filter to ensure that adult and other objectionable content cannot be viewed on a school, college or business network. There is no bypassing the controls. The sites will not be viewable. The filter is highly flexible and can be fine-tuned with ease to suit an organization’s needs. System administrators will also be able to see who is attempting access to certain websites that are not permitted under Internet usage policies.

This will not only protect students and employees from viewing content that is inappropriate; it will also help employers avoid legal action.

It is not just an individual that faces legal action from inappropriate online activity

If an employee accesses illegal content, that individual is likely to face criminal charges. However, an employer who does not take steps to prevent the content from being viewed could face legal action. Criminal charges may not be filed, but it is possible claims for damages will be filed.

A court case in New Jersey has highlighted the risk. In the case of Doe v. XYC Corp., a company was sued for damages after an innocent third party discovered child pornography images on a work computer. An employee of the company had downloaded them and was dealt with accordingly, but a legal case was filed against the employer none the less.

The employer may not always be found to be liable, but it is possible that legal claims will be filed. The negative publicity from such a case can be particularly damaging for a company. Questions will be asked about why efforts were not made to prevent that sort of content from being viewable in the workplace.

If you want to play it safe and have total control over what your employees/students can access via a work or college computer, a web filtering solution should be employed. You should not rely on the search engines to filter out explicit content.

Data Security Threat Predictions for 2013

The festive period is almost upon us and, aside from having to deal with the wave of Christmas and New Year cybersecurity threats, it is a time to relax, reflect on the major security events of the year, and plan for 2013.

Lessons have been learned in 2012 and it is up to IT security professionals to ensure that the same mistakes are not made next year. 2013 is likely to see a wave of attacks, a great deal more threats, and many companies’ security defenses breached. Prepare adequately and your company is likely to avoid becoming another security breach statistic.

Online Security Threats from 2012

2012 was an exciting year, certainly as far as data mobility was concerned. Many companies have enjoyed the benefits that come from being able to access data from any location; on any device. Unfortunately, so have cybercriminals.

Widespread adoption of Bring Your Own Device (BYOD) schemes have made workforces much more productive, efficient, and happy. Unfortunately, mobile devices are being attacked with increasing regularity. Personal Smartphones, laptops, and tablets may represent the future of business, but they often lack the necessary security controls to ensure corporate networks remain protected. Cloud computing has also been adopted by many organizations, but not all have made sure their cloud applications are appropriately secured.

There has been an explosion in the number of social media websites. Use of the sites are more popular than ever before, and so are the threats from using the sites. As user numbers have increased, so have the types of malware being developed to exploit users of Facebook, Twitter, Pinterest and the myriad of other sites that have enjoyed an increase in popularity.

Up and coming platforms are being targeted as user numbers increase and established platforms such as Facebook and Twitter are honeypots for cybercriminals. Social media channels and mobile devices are likely to remain problematic for IT professionals charged with keeping their corporate networks secure. Unfortunately, IT security professionals have little control over personal devices, and it is very difficult to stop end users from using their social media accounts at work.

As cybercriminals start using new attack vectors with increasing regularity, security professionals must be alert to the new risks. Listed below are our security threat predictions for 2013. some of the trends that are likely to develop further over the course of the coming year.

Security Threat Predictions for 2013

SQL Injection attacks will continue to increase

There was a rise in the number of successful cyberattacks last year, many of which involved SQL injection – the use of Structured Query Language to gain access to corporate databases. Hackers were able to use this technique to hack into web servers and obtain user names and passwords from corporate databases.

Small to medium size companies are particularly vulnerable as they often do not have the resources available to address all vulnerabilities that can be exploited by SQL injection. However, even very large companies are at risk. In 2012, Wurm Online, a hugely popular online multi-player game, was hacked using SQL injection resulting in the site being taken offline. Yahoo Voices was also hacked using this technique and over 450,000 user logins were obtained by hackers. This attack was caused by “union-based SQL injection”. These attacks were made possible as basic web server mistakes had been made by the companies in question. Both attacks were avoidable.

Ransomware attacks will increase

The past 12 months have seen a rise in cyberattacks using ransomware. Users are fooled into installing malware on computers and networks which subsequently encrypts all company data. Company operations have ground to a halt, with no data accessible without a security key. Those keys will only be provided by the criminals if a ransom is paid. Companies have found they have no choice but to pay the criminals to unencrypt their data. In 2012, a number of hacked GoDaddy websites were discovered to be infecting users with ransomware.

Defenses against this type of malware must be improved. Install spam and web filters to prevent users from installing this malware, and ensure that all data is backed up and policies are developed to recover backed up files. A data breach response plan should be developed to ensure business-critical data is restored promptly.

Increase in amateur cybercriminals using attack toolkits

As we saw this year, you do not need to be a hacking genius to pull off a successful cyberattack. It is possible to rent an attack toolkit with a host of premium features to make it easy to use by virtually anyone. The Black Hole exploit kit is a good example.

Investment in these kits has helped improve their usability and many now include APIs, scriptable web services, reporting interfaces, and even mechanisms to protect the users of the toolkits. By improving the quality of the kits, talented computer programmers have been able to increase the number of individuals able to launch attacks on corporations. There is no shortage of takers, and the investment spent has been well rewarded. Expect more individuals to use these kits and the volume of email malware to increase.

Less damage from security vulnerability exploits

Security vulnerabilities are being discovered with increasing regularity and this is enabling security holes to be plugged before they can be exploited. Protection against exploits is also improving and the next 12 months is likely to see even more advancements in this area. A number of protections have already been developed and implemented to prevent attacks of this nature, such as address space layout randomization, sandboxing, data execution protection (DEP) and trusted boot mechanisms. It is expected to become harder for hackers to exploit security vulnerabilities, although the risk of attack will certainly not be eradicated.

New privacy and security challenges that need to be addressed

The rise in popularity of mobile devices, and the adoption of BYOD by many organizations, has seen data security risk increase substantially. Mobile devices contain numerous security flaws. The devices can be used to track victims with GPS systems and near field communication (NFC) allowing criminals to physically locate their targets. The growth in social media applications for mobile devices is likely to see even more devices compromised. Expect 2013 to see a wave of new attacks on mobile devices and security vulnerabilities in new technologies exploited.

Do you agree with our security threat predictions for 2013?

SMBs Beware: Social Media Use Can Cost you Dearly!

Small to Midsize Businesses (SMBs) have a lot to gain from joining the social media revolution, and even by allowing employees some personal Facetime at work. There are a number of drawbacks though, and some can be very serious.

Many SMBs are well aware of the potential risks as evidenced by a recent survey conducted by Forrester. Businesses were sent surveys as part of the security study and were asked about social media risk. It was named as one of the biggest security concerns.

If social media accounts are accessed at work, they pose a considerable risk to network security. There is a major risk of suffering a malware infection from social media websites. Accounts can be hijacked and there are issues with staff accessing inappropriate content or posting sensitive information about the company. Data leakage is a concern, and highly regulated industries face greater risks. Healthcare professionals could all too easily violate HIPAA rules.

With all of these serious risks, why would any business permit members of staff to access personal social media accounts at work? Why not just implement a zero tolerance policy, and take action against any employee found to be using social media sites at work? Better still, social media sites could be blocked entirely to prevent all employees from having a sneaky peek at their Facebook accounts!

There are benefits to be gained from allowing social media access in the workplace

Social media access by employees is not all bad news. There are many positive benefits to be gained from allowing staff a little time to access their Facebook, Twitter and LinkedIn accounts at work. Even some YouTube time can be very beneficial. Here are four reasons why a total ban on social media use at work is not necessarily the best option for employers.

A little social media access can improve the productivity of staff!

Employees may be seen to “waste” a little time each day accessing Facebook or other social media websites at work, but the time is not necessarily totally wasted. In fact, some downtime can improve the productivity of employees. How productive would you be if you worked 8 hours straight each day without taking a break? You may be able to do it for a few days each week, but burnout awaits those who try to do too much.

Recent research shows that allowing workers access to their social media accounts can actually increase productivity, and not just a little. A study conducted by the Harvard Business Review showed that productivity increases of 20-25% are possible with a little Facetime allowed each day. Employees can actually get answers to questions much more quickly by using social media and professional networking websites than trawling through websites!

LinkedIn can be used to find new staff members, or encourage the best people to apply for a job. If business accounts are opened and managed, it is much easier to connect with customers, and customer service standards can be improved. The cost of providing those services can also be reduced thanks to social media. The websites are also a great way of communicating with customers and staff.

Social media can give a business a competitive edge

There are reasons why the likes of Google and Facebook give their staff ping pong tables, napping chairs, video games and use bright and bold color schemes in their offices. They improve staff morale, they make employees happier at work and, consequently, staff complain less about having to work incredibly long hours.

OK, we are not saying you should turn your office into an amusement arcade, but allowing employees some time off to use social media sites is not that bad. It is a selling point as well, especially for Gen Y staff. They expect to be able to have some social media time at work.

You probably ban social media access at work, but your competitors might not. One of them almost certainly allows some Facetime at work. It could be the difference between attracting the best workers or just the mediocre ones!

Blocking access to social media websites is not easy

So you want to ban social media use at work. How do you plan to implement that ban? Just tell staff it is inappropriate to access the sites and then turn a blind eye to a little use? Get HR to bring employees in who access Twitter during work time? Purchase a web filter to block access?

A ban must be enforced, access to the sites needs to be monitored, and action taken against offenders. If you have a lapse in adherence to the policy, how will you deal with it? It could well be more trouble that it is worth!

If you operate a BYOD scheme and allow the use of personal laptops or tablets at work, you can’t ban employees from using their own devices to access social media websites outside of office hours. You will still need to implement policies covering use of the sites, even if they are blocked in the office.

Regardless of controls, if employees want to use social media, a ban will not stop them

Implementing a ban does not mean employees will stop using social media at work, it will just be harder to control. Even if you purchase a web filter, such as that offered by SpamTitan, and block access to the sites for all staff members, employees will still access their accounts if they want to. They will just use their Smartphones. You will then lose all control and it will be impossible to monitor how much time your employees are spending on the sites. In fact, a ban could well lead to employees taking more risks, or posting disparaging remarks about your company.

Instead of implementing a total ban, why not look for ways to leverage the use of social media websites, and develop policies to control usage. Even implement software solutions to minimize security risks and give you control over what is accessed via the websites.

How to Prevent Social Media Abuse at Work

The rise in popularity of social media websites such as Facebook, Twitter, LinkedIn and Google+ has had a significant impact on employers. Many employees would rather spend their entire working day on these websites than completing work duties. Many employees waste an extraordinary amount of time on Facebook, YouTube and similar websites.

Employees will always find a way of wasting time, so the increase in use of social media at work is unsurprising. However, employers who ban employees from accessing the websites – such as by using a web content filter – may find that they are actually shooting themselves in the foot. Allowing employees to spend a little time on social media websites can actually be beneficial for a company, resulting in employees being happier at work. Happy staff are actually more productive.

If an organization does not implement a total ban on employees accessing social media and social networking websites, it is essential that staff usage of the sites is monitored. Most employees will use the websites responsibly, but there will always some cases of social media abuse at work. The aim must be to keep that to a minimal level.

Installing a Web Filter to Block Social Media Abuse at Work

The installation of a web filter and Internet monitoring software lets employers block access to certain websites and monitor usage of others. Web filters can be configured to block a specific website for an entire organization, for groups, or for specific individuals. If an individual is excessively using social media at work, it may be appropriate to block them from accessing the sites from their work computer. Access to the websites can be made a privilege, which can be taken away if an individual is found to be abusing the good nature of their employer.

Some employers prefer to ban all employees from using the websites, but there is a problem with this. This tells the staff that you do not trust them to be able to achieve a good balance. Also blocking social media usage at work can have a significant negative impact on staff morale. The more restrictions are put in place at work, the less happy staff members are likely to be, and unhappy staff means low productivity.

The banning of social media site access at work isn’t always about stopping staff members from wasting time online instead of working. Use of the websites carries a data security risk. Phishers, scammers and spammers use Facebook and other social networking websites. If employees use the sites at work, view posts, click links or even download files from the sites, they could inadvertently install malware on their computers. If malware or viruses are installed, hackers and other cybercriminals could easily gain access to a corporate network and steal confidential data or gain access to corporate bank accounts.

It is therefore essential that actions are taken by employers to prevent social media abuse in the workplace, to prevent a fall in productivity and to ensure that risks are not taken by staff members that could potentially result in networks being compromised.

Tips to Prevent Social Media Abuse at Work

Purdy Fitzgerald Solicitors have recently issued some advice to organizations that are concerned about the use of social media websites by employees. Two of the most important elements have been detailed below:

1.      Monitor Employees’ Use of the Internet and Email in the Workplace

If employees are allowed access to the Internet at work, then the websites they visit must be monitored. The same applies to email. It is now standard practice to monitor Internet use at work to ensure that risky or dangerous sites are not visited. Websites containing offensive material must not be viewed and email must be monitored to make sure it is not being abused. To avoid social media abuse at work, site usage should be monitored, although care must be taken, especially if personal information is being entered into these websites. Data protection laws may apply.

The Article 29 Working Party, an advisory group comprising members of data protection authorities in the European Union, has produced a document which can help employers not fall foul of the law. Even though employees choose to use their work computer to access social media websites and send email, they have privacy rights. They have a legitimate expectation that employers will not violate those rights. That said, employers must take steps to prevent abuse, and they are allowed to do so by law. They are permitted to monitor the activities of employees to ensure their businesses are being run efficiently.

It is important that the right balance is achieved between monitoring computer usage to ensure employees do not abuse Internet access, but not to monitor to the point that employees’ privacy is violated.

2.      Develop Internet and Email Usage Policies to Prevent Social Media Abuse at Work

If access to the Internet is provided to staff members, they must be informed of company policies covering the use of the Internet; the websites that cannot be visited, what information can be entered on websites; the type of material that can and cannot be downloaded, and the acceptable use of social media and other web 2.0 sites.  These policies must be concise and easy to read, but should also be comprehensive.

Polices should cover chat rooms, blogging, social media websites, and the permitted and prohibited use of the Internet and email. Polices should also detail the types of devices that can be used to access email and the Internet.

There have been a number of cases of employees having had their contracts terminated due to Internet and email abuse at work. However, some of those employees have taken their cases to Employment tribunals. Employers who terminate work contracts for Internet and email abuse are likely to have those decisions overturned if they have not issued staff members with policies covering allowable and prohibited uses of the Internet. In some cases, employers have been found to have unfairly dismissed staff members and have had to pay damages simply because company policies on usage have not been explained.

What Should be Included in Social Media Policies?

Each company’s Internet, email and social media usage policies will be unique. When writing usage policies, each company must carefully assess the advantages and disadvantages of allowing employees to access social media websites, surf the net for personal reasons, and use email accounts to send personal email. The aim should be to restrict usage, but to make policies workable. It is important that all members of staff are provided with the policies and that they are put on display in a highly visible location.

Social media usage must be stated in the policies,and they should stipulate whether accessing websites such as Facebook is prohibited or permitted in moderation. Policies should detail which departments are permitted to use the sites and the allowable uses and general conduct of employees while on these websites should also be stated.

For instance, a policy may be put in place that prohibits employees from posting disparaging remarks about their employer on social media websites, or that employees are not permitted to upload material or download files from social media websites while at work.

Since everyone may have a different understanding of “social media” it is advisable to specify this in the usage polices. Employees may not think they are using the sites inappropriately, whereas managers may consider usage levels to equate to social media abuse at work.

It is also essential that usage policies advise employees of the consequences of breaching company rules. Employees conduct online should be treated in the same manner as general conduct in the workplace, and the disciplinary policies must similarly be stated. For instance, employees found to have viewed, downloaded, or even uploaded pornographic material while at work will face instant dismissal and termination of their work contract. Get your policies right and it will help you to prevent social media abuse at work. Fail to issue policies and you will be asking for trouble.

Internet Security Advice: Don’t Forget to Update Your Web Browser

If you want to access the Internet, you will need a web browser. Unfortunately, the very program you use to gain access to the Net, access your email, and logon to social media sites and online bank accounts could be your downfall.

A vulnerability in Firefox, Safari, Chrome or IE could be placing your data straight into the hands of hackers. Cyber criminals can – and do – take advantage of out of date web browsers to steal data and gain access to computers, mobiles, laptops, and tablets.

It is therefore essential to ensure that your browser is kept up to date. Fail to install updates as soon as they are released and you could become the next data breach statistic.

Insecure web browsers could leave you exposed to a cyberattack

When you purchase a new device, chances are it will come with a browser preinstalled. You should bear in mind that when purchasing a new device, it is unlikely to come with the browser correctly configured, and you will most likely need to install the latest version. Updates are now being issued on a regular basis.

Fail to keep your browser up to date and tweak the security settings is a recipe for disaster. Out of date or insecure browsers can result in malware, spyware, ransomware, and viruses being installed on your device without your knowledge. Even your anti-virus software program may not pick up the infection.

Kaspersky Labs, one of the world’s leading providers of anti-virus software, has recently investigated browser security and has discovered almost a quarter of browsers are out of date. The company assessed the browsers of close to 10 million Internet users from all over the world in 2012, with the data drawn from the Cloud-based Kaspersky Security Network. Over 700 million browser launches were logged by Kaspersky during the period of study.

Kaspersky Labs browser study produces worrying results

Kaspersky Labs analyzed five different web browsers as part of the study and discovered 36 different versions in use. Only five versions were up to date and installed with the latest security patches. Users of Kaspersky Anti-virus solutions were reasonably well protected, with 77% using the latest version of their chosen browser. Unfortunately, 23% were using out of date versions, making them vulnerable to a cyber attack or malware infection. Worse still, 8.5% of test subjects were still using versions that had long since become obsolete. Millions of individuals are therefore at risk of succumbing to web-borne threats.

The process of upgrading a browser to the latest version is a quick and straightforward process, and will ensure the user is better protected against hackers. Why are users not upgrading their browsers? There are many possible answers. Simply putting it off and forgetting is one of the main reasons; however, some users are fearful that they might lose data or bookmarks by updating. Others are worried about losing some of the features they like. Sometimes, the new versions contain bugs and make viewing the Internet that little bit harder (at least initially).

Unfortunately, the reality is that failing to update a browser will leave you vulnerable. It is therefore not really a choice but a necessity, certainly if you care about the security of your device, data stored on it, and the network it connects to.

SpamTitan Technologies WebTitan 4.0 Launch Imminent

On November 1, 2012, SpamTitan Technologies will be releasing WebTitan 4.0, the latest version of the powerful web filtering solution for business customers. The new version includes a host of additional features to make it easier than ever before for system administrators to manage Internet usage in the workplace and protect their networks from malware, viruses and cyberattacks.

The latest version includes new controls to manage bandwidth, with advanced reporting features, delegated administration, full transport authentication, and SNMP support. SpamTitan Technologies WebTitan 4.0 also boasts improved white labeling options.

Proxy mode now offers full transparent authentication

When developing WebTitan 4.0, product developers took on board comments from users and incorporated a host of new features to make management easier. The result is the most user-friendly version released to date and includes augmented controls to ensure businesses are better protected.

WebTitan 4.0 offers full transparent authentication when using the product in proxy mode. Users are able to generate advanced reports, as opposed to previous versions when reporting options for transparent proxies was IP based.

Administration functions can be easily configured

New delegated administration functionality has been added to reduce the burden on system administrators. Now the administration of WebTitan can be passed over to any stakeholder in the organization. All controls can be easily configured and individual users can be granted reporting rights, policy management privileges with the option of setting reporting rights to allow individuals to issue Internet usage reports for specific users or user groups.

When administrator rights have been configured, it is possible for reporting and policy management responsibilities to be delegated to individuals who have a better understanding of the best web filtering policies for specific groups of users, ensuring much improved cross-organizational participation.

Ensure enough bandwidth is available for business-critical applications

The latest version offers a host of improved corporate Internet policy functions to ensure that sufficient bandwidth is always available for business critical applications, with the option of setting quotas to prevent wastage. A host of Internet services are now available which can suck up bandwidth, such as video streaming, Internet radio and other media-rich applications.

These services can cause Internet access to slow considerably and often bottlenecks are created that reduce productivity. The new version has far greater granularity that allows users to allocate resources more efficiently and make considerable cost savings.

As Internet functions have evolved, the management of web filtering has become much more complex. Managing users and user groups can therefore be a major headache for system administrators. One of the main aims with the new release was to ease the administrative burden on system administrators. Web filtering can now be managed much more efficiently.

SpamTitan Technologies WebTitan 4.0 includes more complex functions, yet the user interface and controls are more intuitive and easier to learn. CEO of SpamTitan, Ronan Kavanagh, said the latest version has been created to “ensure our customers get the best end user web experience while organizations are fully protected from all malware as it emerges.”

The latest version makes it easier to add company branding to WebTitan. White label versions can be supplied to allow businesses to add their own branding and create a web filtering solution that matches the look of other systems used by their organization. Full SNMP support is also now included.

Competitive Pricing and a 30-Day No-Obligation Trial

Licenses for WebTitan 4.0 can be purchased to suit the needs of the business. There is no need to pay for IP addresses that will never be used. WebTitan 4.0 has a flexible banded pricing structure. Businesses can just pay for the number of end users who require Internet access.

The new version of WebTitan is now available for download with the option of a 30-day no obligation demo license for new customers.

The full licensed product starts from only $850 (WebTitan for Vmware 4.0 /WebTitan ISO). Previous purchasers with current licenses are able to upgrade to the latest version for no extra cost.

SpamTitan Technologies

SpamTitan Technologies is a provider of web filtering and email security solutions for the enterprise. The company, based in Galway, Ireland, offers a comprehensive suite of software options for small to medium sized organizations that offer protection from spam, phishing and other email and web-based data security threats. Customers can implement solutions that can be tailored to the unique needs of their businesses and receive excellent protection from malware, viruses, phishing, Trojans, and spambot attacks. Users can also be prevented from viewing undesirable web-content using WebTitan secure Internet filtering solutions.

The company uses next-generation virtualization software that can be easily implemented, operated and maintained, without the need for expensive and unwieldy hardware. The latest versions of the company’s popular software give system administrators excellent versatility and flexibility. The enhanced functionality and protection capabilities of WebTitan 4.0 can also be provided at an extremely competitive price.

1 in 6 Companies Have Fired Staff for Inappropriate Social Media Use

A recent survey conducted by SpamTitan Technologies indicates the vast majority of companies are prepared to terminate the contracts of employees for inappropriate social media use, such as exposing confidential data on social media networks. The corporate social media usage study showed that 87% of respondents would consider firing an employee for inappropriate social media use if company policies were violated.

Only 16% of companies think social media use at work is acceptable

The use of social media channels during work time is frowned upon by most companies. Many turn a blind eye to a little social media time during the working day, but only 16% of organizations taking part in the study said that they actually think it is acceptable for the staff to spend some time on Facebook, Twitter, LinkedIn and other social media networks.

The threat of termination of employment contracts for misuse of social media, in particular the posting of confidential information or disparaging remarks about an employer, is not an empty one. According to a study conducted by Osterman Research, one company in six has already made the decision to terminate at least one employee’s contract for inappropriate use of social media in the workplace.

With the rise in popularity of websites such as Facebook, Twitter and LinkedIn, it is understandable that members of staff with Internet access are tempted to spend a little of their working day checking their accounts. For many employers the main issue is not the loss of productivity that occurs as a result of inappropriate social media use. It is the security threat that inappropriate social media use introduces.

Malware is rife on Facebook

Social media websites are a honeypot for cybercriminals and malware is rife on the sites. Online criminals trawl Facebook, Twitter and LinkedIn looking for corporate data, while phishers seek information that can be used to conduct spear phishing campaigns.

Twitter now has 145 million active users and Facebook has 845 million users around the world. Many of these users are accessing their accounts during working hours too. Osterman discovered that 36% of employees use part of their working day to check Facebook and that figure has increased by 28% over the course of the past year. Twitter and LinkedIn are also being used at work. There has been a 6% jump in Twitter use and a 7% hike in LinkedIn use in the workplace over the course of the past 12 months.

With so much social media use, it is clear that any company that has yet to develop a policy on acceptable use of social media networks during working hours will have to do so soon. Interestingly, while almost one in nine companies would be prepared to fire an employee for inappropriate social media use, only 22% actually have a policy in place covering the use of social media sites at work.

Facebook, Twitter, LinkedIn and YouTube use carry major risks

The loss of productivity resulting from personal Internet time is considerable. A recent ISACA survey conducted on “Shopping on the Job” revealed that 40% of companies said the loss of productivity as a result of employees using websites for personal reasons was costing them at least $10,000 a year.

There is also the potential for damage to a company’s reputation. Take Domino’s Pizza for example. The company has just been forced to fire employees for posting a video of them playing with customer’s food at work. Even the clergy is not immune. A bishop was recently issued with a suspension for posting disparaging comments online – in this case the comments related to the Royal wedding of the Prince of Wales and Kate Middleton.

Perhaps the most damaging aspect of inappropriate social media use at work is the threat to corporate security. Facebook in particular is being used by unscrupulous individuals to spread viruses and malware. A link contained in a post about the latest viral video is sure to attract a lot of clicks. If that link directs people to a website containing malware, malicious software could easily be downloaded to a work computer. Installed malware could then be used to launch an attack on a corporate network.

How to control social media usage and protect corporate networks

There is no single solution to the problem of inappropriate social media use that can be adopted by all companies. Banning social media use entirely may be neither practical nor appropriate. Use of the networks can offer advantages, but the cons will outweigh the pros unless usage is monitored, managed and controlled. An Internet security policy is therefore essential to combat the increasing risk from viruses and malware. Companies are also advised to install a web filter. This will at least prevent users from visiting malware-ridden websites. It can also be used to block access to social media websites at work, should that be required.

Take Care: New iPhone 5 Phishing Scams Discovered

Unsurprisingly, the launch of the iPhone 5s has had seen people queuing outside Apple stores for hours upon end in the hope they will be one of the first to get a new Apple device. Apple aficionados do get excited about the launch of a new device, and the Apple iPhone 5s is no exception. The company has reportedly sold 2 million units, and that was in the first 24 hours after the release.

Interest in the devices has been so high that buying a new iPhone 5s means a long wait is required. Many early purchasers will have to wait a number of weeks before their new phone is delivered. Apple couldn’t make enough available for the launch. Unfortunately, cybercriminals are taking advantage and have launched a number of iPhone 5 phishing scams.

Many iPhone 5 phishing scams have now been launched

Cybercriminals also love Apple devices. In particular, the launch of a new Apple device. They take advantage of the hysteria and send huge volumes of spam and phishing emails to would-be purchasers, advising of special offers and discounts, must read information about the new device, and news of fake competitions. In the run up to the launch we have seen many new email scams aimed at Apple fans. Scammers have used the media hype surrounding the iPhone 5 launch to their advantage.

Apple knows how to launch a new product. Few companies do it better in fact. In the run up to the launch, only a limited amount of information on the device was issued. Just enough to get Apple fans salivating. As the launch date drew closer, more information was released. They built interest in their product, anticipation was high, and when the launch date arrived, the product sold by the million.

Scammers take advantage of the anticipation, supply shortages, and long wait times. Spam email campaigns have accompanied the launch of this year’s hottest new product, with a number of spam and phishing emails already captured by SpamTitan’s spam and web filtering software. Some of the iPhone 5 phishing scams include:

  • Fake delivery notifications
  • Phishing websites set up to coincide with the iPhone launch
  • Fake special offers and discounts on the new iPhone 5s
  • Bogus competitions to win a new iPhone

We are expecting many more over the coming weeks.

Not everyone is good at identifying a phishing email

If you are in charge of your company’s email security, or if you work in an IT department, you will probably have a very good understanding of spam and phishing emails and can probably identify even the most convincing campaign. Unfortunately, the same probably cannot be said of the end users in your company, many of whom will be so excited about the launch that they will click any email link about the new device.

There is a high risk of end users clicking on links to websites containing malware and of opening infected attachments. It is therefore a time to be ultra-cautious. If one employee falls for a scam, it will not just be their computer that is infected. They may inadvertently compromise your network.

In order to address the risk, employees must be warned about the new scams and training should be provided to make sure they know how to recognize spam, phishing emails and iPhone scams. Even if training has already been provided, it is a good time to send out some refresher emails. You may even want to test their knowledge and send out spoof phishing emails to find out just how many people click the links. This is the best way to determine if your training has been effective, and which employees need some extra tuition.

Have you fallen for one of the iPhone 5 phishing scams? Have you identified any new iPhone 5 phishing scams? Please let us know!

Thousands of New Phishing Websites Created Every Week

New research indicates the threat from phishing is growing at an alarming rate, with thousands of new malicious websites being created every week. Detection rates of new phishing sites are also increasing, thanks to new software introduced by the Anti-Phishing Working Group (APWG).

APWG is a pan-industrial not-for-profit organization dedicated to improving Internet security. The organization works alongside law enforcement to reduce identity theft and make it harder for online criminals to operate. One of the ways it achieves its aims is by finding new websites set up by cybercriminals to obtain login names, passwords and other sensitive information from Internet surfers.

A recent report issued by APWG shows an alarming rise in the number of new phishing websites, indicating cybercriminals are concentrating on this attack vector to obtain the data necessary to commit fraud and steal identities.

In the month of February alone, 56,859 new phishing websites were detected. This rate of detection has not been achieved since August 2009. February’s count of new phishing websites was 1% higher than the organization’s August 2009 figures. While this suggests there has been a major increase in cybercriminal activity, the company’s new detection software may account for the rise in detection. That said, the threat from phishing is certainly growing.

What does a phishing website look like?

The reason that phishing websites are so dangerous is they look exactly the same as legitimate websites. Criminals are investing a considerable amount of time and money into creating spoof sites that are highly convincing. Big brand name websites are now being spoofed, with Amazon and E-bay just two of the major retail sites that have had fake versions created to fool users.

It is not only the retail industry that is being affected. Criminals have created phishing websites that look the same as those of major banks and financial institutions. If users can be fooled for long enough to attempt to login to the websites, criminals will obtain their credentials and be able to make bank transfers. Huge sums of money can be transferred and withdrawn by criminals before the victims even realize.

The majority of the fake websites discovered by APWG were located in the United States. Over half of those websites used the brand names of large organizations to fool users into revealing their sensitive information. This is achieved by creating a website that looks very similar to the brand being spoofed, with the domain name also featuring the brand name.

Security software identifies phishing websites and neutralizes the threat

There may now be more phishing websites than ever before, but fortunately action is being taken. When new sites are identified, the companies hosting those sites are alerted and the websites are closed down. Hackers and other cyber criminals may be devising more sophisticated ways of obtaining sensitive information from businesses and consumers, but detection software is also becoming more sophisticated. Companies such as SpamTitan Technologies have devised software that can rapidly identify phishing websites, allowing the threat to be neutralized. However, the volume of these malicious sites is such that even with rapid identification, it is not possible to totally eliminate the threat they pose. All that can be done is to use a web filter to prevent Internet users from visiting these websites.

Employees are not reporting phishing emails and websites to their IT departments

Many companies have developed policies which require members of staff to report suspicious emails and websites to their IT departments. By sending a quick email, the IT department can ensure that the threat is neutralized. Unfortunately, despite these policies existing, they are not being followed by all members of staff.

SpamTitan conducted a survey earlier this year which revealed that 70% of organizations had suffered losses as a result of phishing and spear phishing emails that had not been reported to their IT department. If staff members receive security awareness training, and report attempted phishing attempts, the emails can be deleted promptly to neutralize the threat. A failure to report those emails is likely to see some members of staff fall for the scams.

Many of these phishing scams seek to obtain access to sensitive data in order to commit fraud against individuals. If criminals can gain access to a business network, they can potentially obtain sensitive information from the entire workforce. The loss of data and system downtime can cost companies millions of dollars. When customer or healthcare data is stolen, the costs of resolution can be even higher. Theft of customer and patient data can trigger a wave of class-action lawsuits and result in regulatory bodies issuing heavy financial penalties.

What is the solution?

The cost of data breach resolution is considerable, but it does not cost a small fortune to take proactive steps to reduce the likelihood of a data breach being suffered. If organizations are proactive and implement a range of security measures, the risk of cyberattacks and data breaches can be effectively managed.

It may not always be possible to prevent phishing emails from reaching inboxes, but it is essential that employees are security aware and know how to identify suspicious and malicious emails in case they are delivered. There must also be an easy way of reporting such emails so that prompt action can be taken to neutralize the threat.

What security measures can be implemented to reduce the risk of a data breach?

Robust, multi-layered security defenses can be implemented to protect data and networks from attack, although there is no single solution that will work for all organizations.

Some of the measures that can be implemented to keep networks and data secure include:

  • Encrypt all customer, client and patient data stored on networks
  • Devise a secure password policy and ensure that it is enforced
  • Make sure users change their passwords every 3 months
  • Conduct security awareness training
  • Issue cybersecurity bulletins to alert employees to new risks
  • Purchase a robust email spam filter to stop phishing emails from reaching inboxes
  • Use web filtering to restrict the websites that can be visited by employees
  • Perform regular risk assessments to identify new security vulnerabilities
  • Ensure anti-virus and anti-malware solutions are installed on all devices connected to a network
  • Make sure all software and virus/malware definitions are updated regularly
  • Conduct periodic security audits to check for malware and viruses that have inadvertently been installed

Don’t Block Social Media Accounts: Manage Access

Social networking websites are here to stay. They may have been created to give people an easy way to stay in touch with friends, family and meet new people, but there are considerable benefits for businesses. In fact, any business that has not yet embraced the social media revolution is likely to be losing customers to competitors.

However, social media use at work does carry security risks and employees may spend a lot of their working day posting status updates, reading articles, and communicating with their contacts.

A study was recently conducted by Proskauer Rose that set out to explore some of the problems businesses are having with social media website use by employees. It would appear that social media access is not being effectively managed by some businesses, and employees are spending too much time accessing the likes of Facebook, LinkedIn, Twitter and Pinterest.

Key findings of the Proskauer Rose social media study

  • Social media misuse was reported as being a problem for 43.4% of respondents
  • 3% of companies have taken disciplinary action against employees for misusing social networks
  • Surprisingly, 45% of companies do not have a social media or Internet policy covering usage at work

There are benefits to be gained from allowing employees to have some time each day to access the websites, should they wish to do so. Unfortunately, the drawbacks can outweigh the advantages if care is not taken and usage is not effectively managed.

In addition to time being spent on the websites instead of work being performed, there is a considerable risk to network security. Malware and phishing schemes are rife on social media networks. Then there is the issue of wasted bandwidth. On the plus side, employee productivity can be increased by allowing some time to access accounts each day, and businesses can harness the potential of social media and get closer to their customers.

Provided use is managed, the benefits can outweigh the disadvantages. The solution is to implement policies to control usage in addition to software solutions to block access if necessary.

Protecting networks from attack and controlling social media use at work

Simply implementing a ban on accessing the websites is rarely an effective strategy. Staff morale can fall, and end users will carry on accessing the websites if they want to. They may just use their Smartphones to do it instead. The best methods to use to keep networks secure and control access are:

Implement Web technology solutions to protect corporate networks

Many companies use a web filtering solution to prevent employees from accessing websites that are inappropriate for the workplace. Gambling websites for instance, pornography, and bans of file-sharing sites are common. It may be tempting to use web filters to block all social media websites as well, but this would prevent the company from maintaining a social media presence.

Some web filters offer much more granular controls. They can quickly and easily be configured to block certain user groups from accessing the websites.

SpamTitan Technologies offers such a solution. The web filter means that HR departments can work with IT to implement appropriate controls that allow employees some time to access the sites, while ensuring that the social media needs of the business can be met.

Role based settings can be implemented and can even be set by at an individual level. If misuse becomes a problem, an individual can lose the right to access the sites at work. If one employee misuses Facebook, the whole workforce, including those who use the sites responsibly, should not be penalized.

Implement an Internet and Social Media Usage Policy

Regardless of your decision on social media use at work, you must implement a policy to cover usage. Your policies should cover acceptable use of the Internet, the types of web content that cannot be viewed, and the repercussions for attempting to view objectionable or banned content. If you do not have policies in place, from a legal standpoint you may have difficulty taking action against individuals for inappropriate use.

It is important that Internet and social media restrictions are explained to staff members in terms of the risk they pose to the business. Restricting access is not only about ensuring time is spent productively. Cybercriminals are targeting businesses using malware, viruses and phishing campaigns. It is all also easy to inadvertently infect a computer with malware or become part of a botnet.

Develop policies to cover usage, explain the risks and they can be effectively managed without implementing an unpopular and counterproductive social media ban.

Anonymous Commenters Beware: Legal Action May be Taken

Someone posts a comment about you or your company that is slanderous, racist, or simply causes offense. It may be possible to sue them for their actions. This is nothing new of course. However, what about if that comment is posted anonymously? That does not necessarily mean you cannot file a lawsuit and sue the poster for damages. An Idaho politician is doing just that. Anonymity is no protection any more.

The Idaho Spokesman Review hosts a blog just like many newspapers. Blogs attract comments and sometimes spark heated debates between people with very different opinions. They attract visitors and are great for publicity, plus they have much a bigger reach than a newspaper. Sometimes comments are posted that cause offense.

One blog commenter recently posted comments that seriously offended politician Tina Jacobson, chair of the Kootenai County Republican Central Committee.

The comments, which were posted anonymously, are now the subject of a lawsuit in which Jacobson seeks $10,000 in damages. Only a couple of comments were posted by the person who identified themselves as “Almost a Bystander,” but that was enough for legal action to be taken. Jacobson had posted an article on the website and on February 14, 2012, the comments were added. They allege Jacobson had been embezzling funds: Serious allegations. The owners of the website promptly deleted the comments, together with the entire post.

Whatever happened to free speech?

The newspaper maintains that readers should be allowed to post comments on articles, and that it should not be necessary for individuals to identify themselves. The paper also does not believe that commenters should have their identities revealed if they have chosen to post anonymously.

If the newspaper continues to protect the identity of “Almost a Bystander,” it is probable that the paper will have to cover the cost and pay the damages. The case could well set a precedent, which could have a serious effect on other newspapers, blogs and websites that allow comments to be posted anonymously.

If the company hosts a website that allows social interaction, they may have to reveal the identities of anonymous comment posters. But to do that they would have to include that in their website terms and conditions. Revealing the identity of an anonymous individual could well result in that person suing the newspaper for damages. What do you think?

Is free speech a right only for people who choose to identify themselves?

Should a company be held responsible for comments posted by an individual who chooses to remain nameless?

What Do Employees Think of BYOD and is it Worth the Effort and Security Risk?

Many employees want to use their personal devices in the workplace. Personally owned devices are usually faster than the desktops supplied by employers. Employees know how to use the operating system, they have the software they need already installed, and it allows them to be more flexible about when and where they work.

These are all great benefits for employers. The power of new technology can be harnessed without expense, and productivity can increase.

Some may believe technology vendors are the driving force behind BYOD. It is true that vendors have embraced the BYOD movement and are pushing for their new devices to be used in the workplace. However, it is employees that are really driving the movement. They want to use their own devices in the workplace as it makes their lives easier.

Unfortunately for IT security professionals, keeping control of the devices is thought to be virtually impossible. The security risks introduced by personal tablets, Smartphones and laptops are numerous. BYOD is seen as a data security nightmare and a security breach just waiting to happen.

But what are the risks introduced by the devices? Are they as problematic as security professionals believe?

What are the problems with Bring Your Own Device (BYOD) programs?

  • Many IT professionals dislike BYOD, but it is not only for data security reasons. Managing BYOD requires a considerable amount of planning and time. IT staff are usually pressed for time as it is, and that is without having to manage personally owned networked devices. Budget increases to manage BYOD are rarely sufficient and extra staff are often not employed to cope with the additional workload.
  • Devices owned by employees must be allowed access to corporate networks. They are also used to store sensitive corporate data, yet those devices are taken outside the control of the company, used at home, taken to bars and are often lost or stolen.
  • The devices can cause problems with compliance, especially in highly regulated industries.
  • IT professionals must ensure data can be remotely erased, and protections are put in place to prevent the devices from being infected with malware.
  • Another problem is how to make sure data can be removed from the device when an employee leaves the company. Controls must therefore be put in place to ensure data can be deleted remotely, and access to corporate networks and data must be terminated.
  • If data is stored on the device, it must be configured to store personal data and work data separately. The IT department cannot remotely delete all data on the device. Some will belong to the user!

There are solutions to make BYOD work effectively. Work data can be stored in the cloud, instead of the device. This makes data management much easier. Policies can be developed to ensure security vulnerabilities are not allowed to develop. Management may be complicated, but software does exist to make the process much more straightforward and less labor intensive. Many software security solutions have been developed specifically for BYOD.

BYOD may require a considerable amount of planning, and will require budgets to be allocated to ensure the devices can be effectively managed; but, if the result is a happier and more productive workforce, the benefits than can be gained by employers are too numerous to ignore.

How Reliable are Reports of Cybercrime?

The threat posed by hackers and online criminals is very real, but reports of instances of cybercrime may not be very reliable. When cyberattacks are announced the data can be used to estimate the current threat level. Unfortunately, not all cybercrimes are reported by companies, and even IT departments are often unaware that employees have become victims of phishing campaigns.

In certain industries, the reporting of cybersecurity incidents and data breaches is mandatory. Take the U.S healthcare industry for example. Legislation has been introduced – The Health Insurance Portability and Accountability Act (HIPAA) – which makes it a criminal offense not to report a breach of patient data. If an organization is discovered to have violated the HIPAA Breach Notification Rule, a heavy fine can be issued by the Department of Health and Human Services’ Office for Civil Rights.

The Federal Trade Commission and state attorneys general can also issue fines. Criminal charges can also be filed against individuals for willful neglect of HIPAA Rules. Consequently, it is in the best interests of organizations to report cybersecurity incidents. The data breach reports submitted to the OCR can therefore be relied upon to be reasonably accurate, and it is possible to build up an accurate picture of the state of data security for the healthcare industry.

However, not all industries are so well regulated. A similar data breach suffered by a software company or mining operation may see the organization keep the crime quiet. Announcing a security breach has potential to seriously tarnish a brand.

If you had a choice between one company that had suffered a data breach that exposed sensitive customer data, and one that had not, which company would you choose (all other things being equal)?

Should the reporting of cybersecurity breaches be mandatory for all businesses?

Many privacy and security professionals believe it is essential to report cyber threats and security breaches as the sharing of information can be invaluable in the fight against cyber crime. Intel sharing could make the difference between a threat being rapidly neutralized and many other organizations suffering data theft. This is an ethical responsibility. Should it also be a legal responsibility as well?

The United States has been proactive in the fight against Internet crime. The government and law enforcement agencies are well aware of the importance of sharing intelligence in order to tackle the increasing cybercrime threat.

In 2000, the Federal Bureau of Investigation, the National White Collar Crime Center, and the Bureau of Justice Assistance formed a task force which was dedicated to fight Internet crime. The Internet Crime Complaint Center (IC3) serves as a centralized hub that receives complaints about Internet crime and processes threat intel received from American citizens and U.S businesses. All leads received are passed on to the appropriate federal and state-level law enforcement agencies. The data received by IC3 has been instrumental in bringing thousands of Internet criminals and fraudsters to justice.

IC3 also ensures that individuals and companies suffering losses as a result of the actions of online fraudsters have someone to contact to report the crime. Other countries have started to develop task forces that perform a similar function. Victims of cyber crime are being given a single point of contact to report fraud, scams, identity theft and online extortion, and the intelligence gathered can be used to bring the perpetrators of these crimes to justice.

Harsh Penalties await Online Fraudsters and Cybercriminals

In the United States, online criminal activity carries stiff penalties. New legislation is introduced regularly to increase the punishments for individuals who turn to the Internet to commit crimes.  These include:

Spamming: Under the CAN-SPAM Act, spamming is punishable with a minimum fine of $11,000. Depending on the method used to send email spam, the penalties can be much more severe. The use of spambots to collect email addresses can result in jail time, as can the unauthorized use of a computer to send spam emails.

Hacking: Hacking is a federal crime that carries stiff penalties. These are linked to the seriousness of the crime, but a spell of up to 20 years is jail is possible, as well as very heavy fines.

Identity Theft: The penalty for identity theft has recently been increased, with individuals able to be sentenced to 5 years in jail. Aggravated identity theft sentences must be served consecutively to any other sentence issued.

Make sure employees are aware of procedures to follow if a security incident is suffered

Employees falling for phishing campaigns – if they are even aware that they have – may also choose not to report the incident to their managers or IT departments. Individuals may be worried about looking stupid or, worse still, losing their jobs.

However, it is essential that all potential security incidents are reported internally. Organizations should make sure the staff is aware that the reporting of security breaches, email scams and phishing campaigns is essential to protect the business. Internal security policies must exist, and members of staff must be made aware of the correct actions to take if they have fallen for a scam, revealed sensitive information, or have received a suspicious email. Oftentimes, fast action can make the difference between huge financial losses being suffered and the threat being neutralized before any damage is caused.

While law enforcement bodies may need to be alerted to instances of identity theft and phishing campaigns, employees should have a single person within their company to whom security incidents can be reported. Every employee in an organization must be made aware of the urgency required and the individuals who must be alerted to suspicious emails and potential criminal activity. If the staff is security aware and acts appropriately, major cybersecurity losses can be prevented.

Network Security: A Common Sense Approach is Required

You can purchase the most sophisticated software, implement multi-layered security systems, conduct regular system scans and use a host of other security products to keep your network protected from cyberattacks. Unfortunately, all it takes is for one individual to accidentally install malware and all of your good work has been undone. That individual is likely to be one of your company’s employees, not a hacker.

Common sense is one of the best defenses

You may not be able to install defenses that offer 100% protection against intrusions, insider threats, and malicious software, but we are sure you do your best with the resources you have available. You should install software systems to protect your network, email system and web browsers, but it is all too easy to forget that one of the best ways of protecting a computer, or the network it is connected to, is to use common sense. Unfortunately, when it comes to internet and web security, many employees have very little. Consequently, they must be taught how to act appropriately.

Some employees think they have a very secure password, but oftentimes is nowhere near as secure as they believe. It doesn’t contain any special characters, it lacks capital letters, and while it does contain numbers, only a 1234 has been added on the end. If you do not instruct employees how to create secure passwords, they will not.

You must also inform them that they must not share passwords across platforms. Sure, it is a pain remembering lots of different passwords, but if one is compromised they all will be. A recent survey conducted by Trusteer, a provider of fraud protection systems, highlighted how common this practice is. Their survey revealed that 73% of computer users use the same password to access their online bank account as they do for other online services.

You may have installed a spam filter to reduce the risk of employees falling for a phishing email. The spam filter catches virtually all spam and dangerous emails, and places them in a quarantine folder. The risk of a malware infection via email will be reduced to the minimal level.

Then not just one, but a number of employees go into the quarantine folder, and open an excel spreadsheet that has been quarantined as it is actually malware. Sometimes common sense disappears entirely. One company discovered that is exactly how hackers managed to gain access to a corporate network in 2011.

Not all scams and phishing campaigns are easy to identify

Sometimes a clever campaign is devised by cybercriminals to phish for information. Social media websites contain many examples of these. The British Royal Wedding last year saw one cybercriminal launch an interesting campaign to help access accounts with two-factor authentication. The scam was launched on Facebook, and you may even have seen it, or something about it.

The page helped you create your “Royal Name”. All you needed to do was enter in the name of your first pet, your grandmother or grandfathers name, and the name of the street where you grew up. The result could have been Tiddles Arthur Beddington. Not a particularly amusing name it has to be said, but the creator of the campaign would find it funny. Not only would those answers be helpful when attempting to guess passwords, they are also the likely answers to security questions used to gain access to internet banking websites. If your password and login name had already been compromised, you could have just given full account access to a hacker.

The importance of providing common sense training on internet security

You either have some common sense or you don’t, but when it comes to internet security, there will always be one individual who appears to have none. Make sure all of your employees are trained on the basics of internet security. Some will not know to act in a secure manner online.

Study Highlights Facebook Malware Risks: 24% of Companies Affected

A new study recently published by Osterman Research indicates there are major Facebook malware risks that many companies are not aware of. Furthermore, those risks are very real. 24% of companies have discovered malware has affected their corporate Facebook pages.

The risk of malware affecting corporate social media pages is considerable, with Facebook the main social media network that has been attacked by criminal gangs. LinkedIn and Twitter can also be risky, but only 7% of companies have had their Twitter and LinkedIn accounts infected.

The problem could actually be far worse. The study revealed that many IT security professionals were not even aware if their social media accounts had been hacked or infected with malware because they never check.

Employees social media use during working hours has increased significantly

Researchers at Osterman discovered the use of social media sites by employees during working hours had increased significantly over the past year. The survey results revealed that 36% of employees of corporations were accessing their Facebook accounts during office hours. Last year the figure stood at just 28%.

Use of Twitter during working hours is also increasing. Last year, 11% of employees were using Twitter at work, while this year the figure has risen to 17%. The same is true for LinkedIn, with employee use rising from 22% to 29% over the same period.

Employees are a major risk to corporate network security

It is clear is that social media accounts are being targeted by hackers and cybercriminals; and, as the sites grow in popularity, the problem is only likely to get worse. Furthermore, when employees access social media sites at work they could be placing corporate networks at risk.

As more employees use social media sites during working hours, and more time is spent by individuals on those sites, the risk to data security increases. Personal information is being shared on the sites, but some employees are also sharing corporate information. Sometimes this is deliberate, other times potentially sensitive data is unwittingly shared.

Criminals trawl social media websites looking for information to launch spear phishing campaigns

A great deal of information is being posted on social media accounts. Some users choose to share their posts only with their nearest and dearest. However, friends of friends can also view posts in many cases, and even individuals who are careful about who they accept as friends, may find their content read by friends who have a much more carefree attitude when it comes to accepting new friend requests. Oftentimes, posts are made public and can be viewed via the search engines by anyone with Internet access.

Criminals are now using the wealth of information that is freely available on these social media sites to build up a considerable amount of knowledge on individuals. That information can then be used to launch highly convincing spear phishing campaigns. Those campaigns can result in user accounts being compromised, and malware being installed on the devices used to access the sites. If the site is accessed on a work computer, corporate networks could also be threatened.

Many Facebook posts contain links to phishing and malware-ridden websites

Facebook posts and pages contain useful information, details of great products, excellent jokes (occasionally), funny memes, and cool viral video content. Unfortunately, there are also links to very nasty websites. The content may be great, but they can be a serious security hazard. Just clicking on the links could result in malware being downloaded. The problem is, it can be very difficult to tell which websites malware-free and which should carry a public health hazard warning.

An administrative assistant may click on a link, but so could an account executive, IT security professional or even a CEO. All business users could potentially fall for a scam, or be convinced to visit a website as a result of reading a post, only to end up downloading a Trojan, keylogger or nasty piece of ransomware.

Many users are not particularly security aware and end up sharing passwords between personal online accounts. Unfortunately, many also use the same passwords to access their work computers as their own personal accounts.

Even when password policies exist that force employees to use strong passwords, if malware has been downloaded onto their work PC’s that contain keystroke loggers, even unguessable passwords will be revealed.  Once this information has been sent to hackers’ control and command center, attacks on corporate networks can easily be launched. Should the password and login of a member of the accounts department be obtained, company bank accounts could well be emptied.

Social media malware and phishing protection is essential

All users of corporate social media accounts must exercise caution when visiting social media websites and employees must take care not to inadvertently place their employer’s network at risk of a cyber attack. Due to the high security risk, it is essential that social media use (and email for that matter) is monitored closely.

Companies that develop policies covering the use of social media websites at work are likely to be better protected from malware. Employees must also receive training on acceptable uses of social media at work and must be informed of the potential risks and social media best practices. They may be using their personal accounts at work and this could impact work computers and networks. If they are not made aware of the risks, they are likely to continue to engage in risky online behavior.

Fortunately, there are a number of tools that can be used to reduce the risk of malware infections via social media websites. Spam filters can be used to protect users from phishing campaigns sent via email and web filters can be employed to prevent users from visiting websites that are known to be risky.

Alongside training of the staff on good security practices such as archiving old emails, risks can be kept to a minimal level. If little effort is put into security, and use of social media websites is not overseen, organizations will be leaving themselves wide open to cyberattacks. Those attacks are likely to cost far more to resolve than it would have cost to pay for security training and a spam and web filtering solution.

Facebook and Twitter Usage at Work: A Need for Web Filtering to Curb Usage?

Recent research shows that the use of social media websites at work is on the increase, with many employers seeing Facebook and Twitter usage at work as being particularly problematic. A new study from Palo Alto suggests that since 2010, the use of Facebook at work has tripled. Twitter use is also increasing, and at a far higher rate. The study showed that usage has increased by 700% during the same period.

Facebook and Twitter usage at work: Is it really a problem?

The increase in time spent on social networking websites is not all about employees accessing their personal accounts at work. Many companies have started using social media websites to connect with clients and customers. The sites are an incredibly useful way of getting closer to customers. Corporations can use social media to find out what customers really want and what they really think of the organization. They are now essential for many businesses, allowing customer service standards to be improved, while the sites can also be used to effectively promote goods and services. The latter is arguably far cheaper than TV adverts and newspaper and magazine adverts.

Nowadays, it is actually a rarity for a business not to have a Facebook and Twitter account. In many cases, companies provide employees with a range of tools to manage social media accounts to send Tweets on Twitter or post content to Facebook.

Social media introduces security risks

There is no denying that social media is useful for businesses. In fact, having corporate accounts is now sometimes considered essential. Unfortunately, the use of these websites is not without risk. Operating a Facebook page and running a Twitter account potentially exposes a company to malware, viruses, and cyberattacks. The sites take up a lot of valuable bandwidth. Social media websites can also take up a huge amount of time and produce little in the way of additional revenue. The productivity of employees can be seriously reduced if they are spending too long accessing their personal accounts.

While companies are using social media sites more, there is a concern that employees are spending too much time on the sites for non-work related matters. Many employees do spend a considerable amount of work time maintaining their own personal presence on Facebook, Twitter and Google+.

The researchers have acknowledged that employees do spend time on their own accounts, but say that much of the extra time spent on the sites is in fact work-related. Consequently, it has been suggested that employers should not be overly concerned about the rise in reported social media use at work.

While it is a fairly easy process to determine how long is spent on social media sites, it is not quite so easy to calculate how much time is spent on work-related matters and how long employees are spending on their own accounts. Any company concerned about personal use of social media accounts should develop clear policies on acceptable use of social media websites. That is arguably the easiest first step to take to address personal use.

Personal use of the sites must be monitored and managed, and it is vital that policies are developed to tackle personal use. That includes the time spent on the sites as well as the information that is posted. Facebook and Twitter usage at work is likely to be a problem if controls are not put in place to limit access, or if policies are not developed to determine acceptable levels of Facebook and Twitter usage at work.

Get the balance right and social media can be of great benefit to your business, but get it wrong and it will just be a huge drain on time, resources and money. It could also result in your systems being compromised. Social media sites contain a considerable amount of malware, and phishers use posts to trick users into revealing personal and corporate information.

Some employers may feel the security risk from Facebook and Twitter usage at work warrants a company-wide ban on site access in the workplace. If that is the case, a web filter is the easiest way to block usage. A flexible product will also allow usage for certain departments to ensure that corporate accounts can still be accessed, or can be used to block malware without blocking access to the actual websites.

Importance of Developing Web Filtering Policies to Tackle Social Media Site Use at Work

Last week, SpamTitan issued a press release about its new social media cost calculator. The calculator was developed to help companies estimate the amount of man hours (and therefore money) they are losing as a result of employees accessing social media websites at work. The SpamTitan social media cost calculator has proved popular and attracted a great many online comments.

Calculating the true cost of social media site use by employees

In order to calculate the true cost of social media, SpamTitan took a close look at social media usage statistics. An average profile for a typical organization was created and data was extrapolated to provide an estimated annual cost.

The results of the calculations showed that a typical company loses approximately $65,000 every year as a result of employees spending time checking and posting information on Facebook, Twitter, LinkedIn and the myriad of other social media and social networking websites. SpamTitan calculated that the figure corresponds to 5% of every employee’s salary being wasted on personal social media use.

Many of the comments came from individuals who thought we were suggesting that all organizations should install a web filter and implement a company policy that bans the accessing of all social media sites at work. This was not our intention. There are advantages to allowing members of staff access to social media sites at work. There are also many disadvantages to banning access. Managers will be well aware that social media websites are being accessed by employees, and that employees spend a considerable amount of time those websites. What they perhaps do not know is how much time is spent, and how much this is costing them. That is information they need to know.

Should social media site access be banned at work?

Companies should make a decision about the use of social media at work. They will need to assess the benefits of allowing the staff some “Facetime”, and the disadvantages from the loss of access rights. There are also many legal considerations to consider and the accessing of these sites also raises a number of privacy and security concerns.

Many organizations may like to ban the accessing of the websites; but, in reality, doing so is complicated. It is not possible to implement a web filter that blocks all social networking and social media sites for everyone in the organization. The marketing department will need to access those websites. The IT department may do too for work purposes. A company-wide ban may not be realistic.

Some employees may only spend a few minutes a day on the sites, or may access them when they do not have work duties to complete. Some may only use the websites during coffee breaks. Should those individuals be banned from using the sites when it doesn’t impact on their work duties?

Something else worth considering, is whether it is better to allow staff to use their work computers to access the sites than have employees access them surreptitiously on their Smartphones. Is it better to be able to monitor use of the sites?

One of the most workable solutions is to put policies in place covering the use of social media websites and to instruct employees that the use of the sites must be kept to a minimum. If used in moderation, social media site usage need not result in a major cost to the business. However, it must be possible to control use of the sites and, for that, a web filter can be highly beneficial.

Provided that the chosen web filtering solution is flexible, and can allow controls to be put in place for the entire organization, departments´ – or individuals´ – usage can be effectively controlled without implementing a blanket ban. The same web filter should can also be used to block other websites – those containing malware.

Would a social media site ban work in your organization? Would productivity fall further due to unhappy staff?

Will .XXX Domains Make Web Filtering Pornography Easier?

There was a buying frenzy following the release of the new .xxx suffixed domains. Pornographers, Internet marketers and entrepreneurs competed to secure the hottest and rudest of them. The first of the .xxx websites have now gone live, there has been further talk about compartmentalization of the Internet, with the possibility of all pornographic websites being confined to those sites with a .xxx suffix. However, will the .xxx domains make web filtering pornography any easier?

ICAN releases .xxx domains for sale

The Internet Corporation for Assigned Names or ICANN as it is better known, created the new top-level Internet domain specifically for websites of an adult nature. The long term view was to eventually move all pornographic websites to the xxx domains. This could clean up the Internet and make it much easier for parents and businesses to block pornographic websites. It is, after all, much easier to block a single domain type than to implement web filtering to prevent all websites containing pornographic material from being viewed. IT security professionals and individuals who want to stop porn from being accessible via their computers, phones, and tablets could therefore just block the xxx extension.

There is a problem of course. Owners of adult websites have been buying up new domain names in the thousands, but will they redirect their current .com, .co.uk, .org and .net sites to the new .xxx domains?

Of course they won’t. They’ve just been given even more domain names to fill with pornography, and any redirects are likely to come from the .xxx domain names back to their main, well-established websites.

Unless laws are introduced to force purveyors of adult content over to the new domains, the online adult entertainment industry will simply not make the switch. Some firms will undoubtedly activate their new xxx websites, but unless everyone does, the initiative will be seen to have failed and web filtering pornography will be no easier.

Will the XXX domains make web filtering pornography any easier?

Potentially, the creation of the new domain will make it easier to filter some adult sites, so it will make the job of web filtering a little easier. Advocates of the new domain claim that the creation of these sites is a step in the right direction. The .xxx domains will make it easier to filter adult content (and easier for people who want access to the sites to remember the correct suffix). At some point in the future, laws can be introduced to force adult content into an easily blocked section of the Internet.

However, cynics will quite rightly point out that current website owners who have invested a considerable amount of time, resources and money into promoting their .com sites and building links are not going to let all that effort and investment go to waste. The new domain suffix may therefore just have given pornographers the opportunity to create a lot more websites.

There is another problem. Many individuals and companies make a living out of buying up domain names in the thousands. These cybersquatters purchase domain names at a low price, at $10 a pop for instance, and then list them for sale for hundreds or thousands of dollars. They buy up existing companies’ brands and will only sell them on if their asking price is met. Many companies will therefore not be able to buy the .xxx equivalent of their current site.

Do you think the creation of the new domains will help with web filtering pornography any easier? Will Internet surfers still be bombarded with pornography?