Author Archives: Vic Levinson

Cyber awareness

You May Not Think You Need a Security Penetration Test – But You Absolutely Do

 

Humans are notoriously bad at calculating risk – which is part of the reason why our applications, servers, and endpoints keep getting hacked so often. It’s often difficult to keep up with patches and updates to mission-critical programs – and we let them go out-of-date. Many businesses believe they are too small and barely worth a hacker’s efforts so they install antimalware and antivirus and hope that is enough. On the other hand, many small businesses believe they’ve already spent so much on business IT security that it may not be worth investing in more.

Because of these various fallacies, a successful cyberattack will nearly always come as a surprise. Specifically, the surprise is the extent to which the attack is successful, and the damage that it does.

For example, you wouldn’t be surprised to learn about a convenience store robbery, but you might be surprised if a single robbery put a store out of business. A single cyberattack, however, can and will erase a small business – 60% of small businesses close forever six months after a single successful breach.

Similarly, you wouldn’t be surprised to learn about a bank robbery, but you’d be surprised if a single robbery were able to loot a bank’s entire vault. As the result of a single cyberattack, however, over 140 million social security numbers were stolen – accounting for nearly half the country.

Small Businesses Have IT Security Options

What do you do about this? You can buy new security projects until your budgets are exhausted (see: defense-in-depth), but that does nothing to help you if a single successful cyberattack can expose your entire customer base. Any successful security strategy must instead focus on eliminating the element of surprise. Business leaders must understand that:

Whether you’re a small business or a massive enterprise, no amount of security spending will make you safe from hackers.

Therefore, you should take pains to understand where your vulnerabilities lie, and how an attacker will choose to exploit them.

Some vulnerabilities will be fixable, and some won’t. The ones that are fixable should be fixed as soon as possible; if there are vulnerabilities that can’t easily be fixed, solution partners like Prime Telecommunications help small businesses architect security plan to ensure that you meet the gaps in security that enable cyberattacks to penetrate the network.

In technical terms, the disciplines that will allow you to achieve this state of awareness are known as vulnerability scanning, penetration testing, and risk management.

Vulnerability IT Scanning: Building the Foundation of Security Awareness

Your network runs countless applications. If these applications aren’t constantly updated, or if they aren’t updated correctly, they represent a crack in the edifice of your security. On the other hand, new vulnerabilities in these applications crop up on a regular basis. One security vendor now predicts that companies will discover one new zero-day (a previously unknown application vulnerability) per day by 2021.

A vulnerability scan will most likely use automated tools to crawl your internal and external network for unpatched vulnerabilities and tell you what needs to be brought up to date. Your internal network relies on a complex web of application dependencies. Applying a patch to one application may mean that the applications depending on it fail to work in an expected manner. In some cases, there is no easy fix. If your computers are vulnerable to Spectre, for example – a vulnerability affecting three billion computers – they are essentially un-patchable. The Spectre vulnerability cannot be patched.

On the other hand, the Spectre vulnerability is extremely hard to exploit.In order to determine which of your vulnerabilities must be patched – no matter the expense or difficulty – and which may be left alone, you will need to undergo a penetration test.

Vulnerability & Penetration Testing: Hacking for Good

The difference between vulnerability scanning and penetration testing is the difference between knowing that a vulnerability exists and knowing how an attacker would exploit it – or if an exploit is even possible.

Penetration tests are great for businesses because they are the truest example of how an actual attacker would approach them. Your pen tester will use the same tools and techniques that an attacker would use to:

  • Perform reconnaissance on your network
  • Find attack surfaces
  • Exploit vulnerabilities
  • Trace the path from your perimeter to your mission-critical data and applications

While many business leaders may have trepidation about letting an outsider take such a deep look into their organization, the opportunity presented by regular professional penetration tests cannot be understated. Given sufficient time, your penetration tester will almost certainly be able to find their way to critical or compromising data. Along the way, however, you’ll be able to answer questions such as:

  • How long will it take an attacker to go from my network perimeter to my data store?
  • What vulnerabilities in my network are most appealing to attackers?
  • What indicators of compromise (IOCs) will an attacker produce as they infiltrate my network?
  • Will my security operations center (SOC) be able to detect the attacker in any way?
  • When the attacker reaches their target, how much of my critical data will they be able to see?
  • As the attacker exfiltrates data, will there be any signs? How much data will an attacker be able to steal before they are caught?

Vulnerability testing takes a hard look at the vulnerabilities that exist on the network from within. Assessments can be required by regulation or third parties but should be considered a best and recommended business practice for all organizations. Vulnerability assessments measure organizations against over 10,000 possible vulnerabilities and provide a clear path to wellness. Vulnerability Assessments may uncover the need for additional actions such as penetration testing or other network services to improve and organization’s vulnerability profile.

Security risk evaluation : Mitigating Cyberattacks with Risk Assessment

Let’s say that a vulnerability scan indicates a vulnerability in your perimeter and that a penetration test indicates that this vulnerability could be exploited to reveal critical data. A risk assessment would give you a number of possibilities that would minimize you and your customers’ exposure to legal and criminal threats in case of a breach.

For example, a risk assessment could tell you to:

  • Immediately patch the vulnerability – if this temporarily breaks dependent applications, so be it.
  • Map the gap in your security and align an action such as encrypting the data behind it. If an attacker steals that data, it will be of no value to them.
  • Partner with a Security as a Service team that can monitor and proactivelymitigate attacks trough security tools and techniques to safeguard data that can’t be compromised (such as your client’s social security numbers).
  • These are just a few of the range of options that a risk assessment might offer, all of them varying in difficulty and expense.

Your potential courses of action in response to a potential vulnerability will vary a great deal based on the kind of data you’re protecting and the kind of attackers who may be out to get you. Some forms of personal data may be less sensitive than others – it’s bad if you lose a customer’s address or email, but much worse if you lose their credit card or social security number. Similarly, depending on your company’s profile, you are not able to afford a data breach if your company has certain compliance and regulatory laws it must uphold.

These recommendations and decisions are best guided by risk management professionals. With a skill set that’s one-part hacker and one-part lawyer, these individuals can help you maximize your protection from attackers while minimizing your risks under compliance regimes such as HIPAA, PCI-DSS, and the forthcoming GRPR.

By undergoing regular vulnerability scans, penetration tests, and risk assessments, you’ll massively reduce the likelihood of a damaging security breach. What’s more, you will be less likely to find yourself surprised by a security breach and you are more likely to understand your risk posture by proactively protecting your data to your acceptable security level.

Take the first step by reserving your security-risk evaluation. A Prime Telecommunications security expert will provide options and help you decide which type of security best practice will help you secure your data, mitigate risk and sleep better at night.


cyberattacks

Understanding the Different Types of Cyber Attacks

 

There are three kinds of businesses: those that have been attacked, those that are being attacked and those that are clueless and don’t know anything about cyber attacks.

In today’s high-tech world, we are constantly vulnerable to cybersecurity threats. The ability to identify different types of cyber attacks is a useful way to protect yourself.

There are several types of attacks that commonly occur on the Internet. These attacks include Denial of Service (DoS), Man in the Middle (MitM), phishing and spearphishing.

Denial of Service (DoS) Cyber Attacks

A denial of service attack overwhelms a system’s resources so that it cannot respond to service requests. This type of attack is launched from a large number of host machines infected by malicious software and controlled by the hacker.

Unlike other types of attacks, DoS attacks do not provide hackers with access to personal information. Usually, they are done simply for the satisfaction of causing harm to a company. The may also be launched by a competitor trying to damage the company’s business.

Common types of DoS attacks include:

There are various ways to protect against DoS attacks and the method you choose will vary depending on the type of attack you want to avoid. Firewalls can be useful in TCP SYN and ping-of-death attacks, while various types of filtering can protect against botnets. To protect against teardrop and smurf attacks, you will have to disable various components of your computer system.

Man in the Middle (MitM) Attacks

These attacks occur when the hacker inserts himself or herself between the communications of a client and a server. Session hijacking and Internet Protocol (IP) spoofing are both forms of cyber attacks where the attacker mimics an IP address so that the victim believes that he or she is communicating with a trusted source. The attacker can use this method to gain access to valuable information.

With these types of cyber attacks, encryption can be used to protect yourself. Encryption ensures that any communications come from a trusted source.

Replay attacks are also common MitM attacks. A hacker will save old messages and try to resend them at a later time, once again mimicking a trusted source. These attacks can be avoided by using session time stamps or nonce (a random number of character strings that changes with time).

Phishing and Spearphishing

Phishing involves an email that appears to be sent from a trusted source. However, it is actually delivered with the intent of gaining access to personal information or to panic the user into opening an attachment or clicking on a link.

Often, the attachment or link loads malicious software into the computer. Spearphishing is a similar type of attack, but is personalized to the chosen victim.

Protect Yourself through Common Sense and Sandboxing

Luckily, many attacks can usually be circumvented by using common sense. If you see an email that looks suspicious, stop before opening it. Analyze the email and the header. Hover over links to see where they will take you before clicking on them.

You can also use sandboxing to protect yourself. Testing an email in a sandbox environment allows you to safely open attachments and click on links without making yourself vulnerable to an invasion. Another option is to forward a suspicious email to your IT department for analysis.

Protecting your personal information on the Internet is not easy, but it can be done if you are familiar with the various types of threats and know how to avoid them. Stay safe!


Network RMM

Who’s Monitoring Your Network?

A business’ network is relied upon heavily for many daily functions, and there are many places problems can occur. According to CompTIA, four leading security concerns are attacks from ransomware and malware, viruses that can get into your network and destroy data, and hacking attacks from cybercriminals. Along with these, there is also the possibility of outages caused by poorly-functioning circuits, and these outages result in lost productivity and revenue. Network monitoring can find and resolve these problems before they cause damage. Read on to learn about the role of network monitoring.

Why You Should Monitor Your Network
Network monitoring is a proactive way of detecting threats to the security of your network, resolving them before they cause serious problems. This can save your company both time and money, when network monitoring is part of an overall managed services plan. Possible cyber attacks can be prevented, thereby protecting your company from data loss and compromise of reputation. Not only that, but circuit monitoring can find bottlenecks that slow down your system and cause data loss and leakage. Access to your network can be tracked, finding unauthorized access by former employees, or social media usage that consumes a great deal of bandwidth.

The Advantages of Remote Network Monitoring
By having your IT service provider monitor your network remotely, your business can rest easy knowing that issues are caught and fixed without a trip to your office and can be fixed before data is compromised or systems are slowed down. This helps keep IT costs down by preventing problems before they get out of hand. Your network is protected from viruses and malware because patches are kept up-to-date. Remote monitoring can help keep things running smoothly and enhance productivity by helping your business focus on long-term goals while resting easy about security.

Your network is crucial to the success of your business, and monitoring can help keep it secure. If you have questions, or need to set up a managed service plan including network monitoring, contact Prime Telecommunications today.


Keep your networks and users secure from internal and external threats

9 Signs That Your End Point Security is NOT up to Par

Take a look at this list. If any of these nine signs sound familiar, it’s time to re-evaluate your current endpoint protection.

1. Scans and updates slow your system to a crawl.
One of the leading complaints about endpoint
security is that it negatively impacts speed and
performance. Some endpoint security solutions
will indeed slow your systems and impact
productivity. When evaluating solutions, be sure
to check independent test results that measure
performance and system impact. Look for the lowest
numbers, which indicate light footprint solutions
that won’t affect speed or cause interruptions.

2. Employees complain about using
the antivirus solution.
If resentment builds up, employees will eventually
bypass the solution altogether on their
company-issued or bring-your-own devices,
which can affect both performance and
security for the whole network.

3. Your solution is underperforming.
It isn’t detecting viruses or other pieces of malware
or it’s flagging non-malicious files as malware; it
has a high footprint that equals slower scanning; it
creates AV storms on virtual machines or has high
bandwidth usage that bogs down the entire network.

4. Your solution alerts on too many files or
links that aren’t actually malicious.
Alerting on multiple files or links that are
not actually malicious results in a high
rate of so-called false positives.
Even one false positive can cause serious problems.
If an antivirus solution is configured to immediately
delete or quarantine infected files, a false positive
in an essential file can render the operating
system or crucial applications unusable.
Even if false positives don’t shut down your
system, each one requires an investigation
that wastes valuable IT resources.

5. Removing malicious files and dealing with false
positives is too complicated.
A 2017 study by the Ponemon Institute found that:
• Nearly half of all security alerts are false positives
• 3 out of 4 organizations report having more
difficulty managing endpoint security risks
• Organizations see false positives as the #1 “hidden”
cost of endpoint protection
You need a solution that delivers silent quarantines and
automatic removal of malicious files, not more work
for your IT team.

6. Infections come back after you’ve removed them.
This means the solution isn’t doing a good job of
cleaning or updating its detection often enough.

7. It’s difficult to manage the solution across all your
platforms and devices.
In today’s environments, you need a security solution
that’s easy to manage so the burden of protection is
minimal. Look for a endpoint security product that
includes remote administration, so you can control
your entire network of workstations, servers and
smartphones from a single location.

8. Security event alerts or pop-up prompts interrupt
presentations and sales demonstrations.
This impedes productivity. Every employee needs
uninterrupted computer access. This means having
a malware solution with a “silent” or “presentation”
mode that’s easy to use, as well as a dependable tool to
restore regular mode when the presentation is over.

9. Getting technical support and customer service is
inconvenient, or communicating with the vendor is
difficult.
If it’s challenging to get reliable, customer-oriented
support or you’re having any issues with call centers
outside the U.S., that will impact productivity for
IT teams and end users. It will also contribute to
frustrations that could lead employees to circumvent
your security solution, opening their devices—and your
network—to cyberattacks.

Sign up for a FREE Network Security Assessment

 

Are you at risk? Get a FREE Dark Web Search

 

Free Cyber Awareness Tool Kit

Airport computer use

Airport Travelers BEWARE of Data Security

This article appeared in Tech Republic. Since the summer is when a lot of people travel, a re-post and share is necessary.

Business travelers beware: Connecting your company device to airport Wi-Fi networks could open up a host of cybersecurity issues. While this is a risk on any insecure Wi-Fi network, some airports have more vulnerabilities than others, according to a Wednesday report from Coronet, and professionals should take extra caution when traveling through them.

It’s much easier for attackers to access and exploit data from devices connected to airport Wi-Fi than to do so within the confines of a well-protected office, the report noted. Hackers can use the poor cyber hygiene and insecure Wi-Fi at many airports to inject advanced network vulnerabilities like captive portals, Evil Twins, ARP poisoning, VPN gaps, honeypots, and compromised routers.

Any of these network vulnerabilities could allow an attacker to access credentials for Microsoft Office 365, G Suite, Dropbox, and other cloud apps, or to deliver malware to the device and the cloud, the report found. The attacks could also potentially give adversaries access to the entire organization, leading to damages like operational disruption and financial losses.

“Far too many U.S. airports have sacrificed the security of their Wi-Fi networks for consumer convenience,” Dror Liwer, Coronet’s founder and CISO, said in a press release. “As a result, business travelers in particular put not just their devices, but their company’s entire digital infrastructure at risk every time they connect to Wi-Fi that is unencrypted, unsecured or improperly configured. Until such time when airports take responsibility and improve their cybersecurity posture, the accountability is on each individual flyer to be aware of the risks and take the appropriate steps to minimize the danger.”

The report collected data from more than 250,000 consumer and corporate endpoints that traveled through the 45 busiest airports in the US over the course of five months, and analyzed the device vulnerabilities and Wi-Fi network risks to assign each airport a threat score. Coronet classified any score above 6.5 as unacceptable exposure.

Here are the least cybersecure airports in America, according to the report:

  1. San Diego International Airport, San Diego, CA (Score: 10)
  2. John Wayne Airport-Orange County Airport, Santa Ana, CA (Score: 8.7)
  3. William P Hobby Airport, Houston, TX (Score: 7.5)
  4. Southwest Florida International Airport, Fort Myers, FL (Score: 7.1)
  5. Newark Liberty International Airport, Newark, NJ (Score: 7.1)
  6. Dallas Love Field, Dallas, TX (Score: 6.8)
  7. Phoenix Sky Harbor International Airport, Phoenix, AZ (Score: 6.5)
  8. Charlotte Douglas International Airport, Charlotte, NC (Score: 6.4)
  9. Detroit Metropolitan Wayne County Airport, Detroit, MI (Score: 6.4)
  10. General Edward Lawrence Logan International Airport, Boston, MA (Score: 6.4)

In terms of the most secure airports, Chicago-Midway International Airport, Raleigh Durham International Airport, Nashville International Airport, and Washington Dulles International airport topped the list, the report found.

Do you want to see if your email credentials have been compromised? Get a free Dark Web scan from us!


Your employees

Why don’t your Employees Care About Cyber Security

Tags :

Category : Cyberawareness

Whether you realize or not, your employees are a critical part of your layered defense against phishing attacks, malware, ransomware, and more. So why aren’t they concerned?

In just about every news story you read today about another phishing attack, malware infection, ransomware attack, or data breach, there’s a part of the story that’s either covered or implied – a user was involved. The user – whether malicious, negligent, or unwitting – clicked on a link, opened an attachment, visited a webpage… something that allowed a cybercriminal access to execute their malicious actions.

And with attacks having devastating results, like the most recent ransomware attack on global shipper Cosco, that has brought operation to its knees, the question should be raised:

Why don’t employees care about CyberSecurity?

It all comes down to one reason: your company doesn’t have a security culture. In essence, they don’t care, because the organization hasn’t told them they need to care as part of their job. Hire someone to do accounts payable and what do they think their job is? To do accounts payable. That’s it, security is IT’s job, not theirs. But hire someone into accounts payable in an org that has a security culture, and they now do account payable, but are also constantly watching for cyberattacks, phishing scams, and the like.

So, what does it take to create a security culture?

I’m going to abbreviate the 10 tips to make your employees care about cybersecurity found over at TechRepublic down to just 3 high-level steps:

Make Employees Aware – The average employee doesn’t brush up on cyberattack methodologies on their own, you know. They need to be made aware that cyberthreats to the organization exist… and that they are the target.

Communicate Expectations – Beginning with their first day of employment, employees need to understand that the organization requires a level of employee vigilance when it comes to cyberthreats. Help employees to better understand how they are at risk at home and work – and how their actions can make the difference in both locations.
Train and Test Them – Using Security Awareness Training, employees need to regularly go through online training, with phishing testing used to identify where your organization’s weakest links are.

While there’s much more you can do to create a more formal security awareness program, the steps above provide the basics necessary to create a security culture.


UCAAS

3 Way Unified Communications Helps Your Business

UCAAS

 

Enterprise businesses have been known to have complex needs when it comes to their business communications.  But, thanks to the cloud and specifically unified communications as a service (UCaaS), enterprise businesses are able to take advantage of more efficient and cost-effective methods to integrate their communications and respective applications.

Here are a few 3 ways UCaaS solutions are proving they are equipped to handle the varying challenges of enterprise businesses.

Unifying Locations and Employees 

Enterprise organizations often struggled to unify their communications infrastructure in an affordable way.  With multiple locations and remote and traveling employees, keeping everyone connected was complicated. That is, before UCaaS entered the marketplace. As the workforce continues to be more mobile and distributed, the growing need for mobility and flexibility has driven the UCaaS market into even greater demand, especially for large businesses. UCaaS enables voice, fax, video conferencing, presence, chat, file and desktop sharing, and mobility both in and outside of the workplace. The workforce today thrives on this type of multi-channel communications and collaboration and UCaaS is the catalyst.  With every employee, service and feature unified onto the same system and accessible from any device, productivity and internal communications are drastically enhanced. With the most advanced UCaaS solutions where the user profiles lives in the cloud and are not tied to a specific device, employees are even able to move seamlessly between locations, enabling phones and workspaces to be shared interchangeably which drastically reduces equipment and IT support costs.

The Enhancement of Existing Technology Investments

Enterprise businesses are relying more on cloud services and third-party networks for their mission-critical applications. Almost every enterprise utilizes some form of a customer relationship management (CRM) solution. A huge advantage of UCaaS solutions is their ability to integrate seamlessly with leading CRM solutions that many of these businesses rely on.  This is a win-win for many reasons. Enterprise businesses not only improve their overall communications, but they enhance the functionality of their existing applications as well. Talk about ROI! Improving employee workflows and productivity, while at the same time providing a greater return on both technology investments. It doesn’t get much better than that.

Beyond CRM application investments, many enterprise businesses have legacy conference and meeting room systems in place. With locations all over the world and many enterprises involved in some type of acquisition and merger, having multiple disparate meeting room systems in place is a common result. The product of this costly and complicated challenge for many is having existing meeting room systems sitting idle collecting dust.  Fortunately, there is a cost-effective and simple resolution.  Advanced HD video, audio and web conferencing solutions that offer features like Room Connector can enable existing meeting room systems like Polycom, Cisco, Tandberg and Lifesize to communicate with one another, as well as with other commonly used devices like smartphones, laptops and tablets, all in the same virtual meeting.  Through the purchase of a few licenses,  meeting participants can share documents, collaborate, and chat with other offices and remote workers easily and efficiently utilizing existing technology investments. Coupling this with the advanced features of an entire UCaaS solution, the cost-effectiveness and boost in productivity and efficiency is off the charts.

Improving Productivity, Scalability and Business Continuity 

With UCaaS solutions, enterprise businesses can achieve a more cost-effective and productive way to communicate and collaborate.  By unifying all of the communications services, business applications and employees onto the same system, everything employees need and use is centralized in one place. The features of UCaaS systems are typically managed online through secure web portals, which enable access to features and the ability to make changes from any device, anywhere. This is especially beneficial for ensuring business continuity. Changes like routing calls, updating greetings, checking voicemails and conferencing can be enabled directly through the industry’s best online portals, ensuring that employees and customers can communicate regardless of the circumstances.  Scaling cost-effectively is another common concern for large organizations. Advanced UCaaS solutions have the ability to enable users, services and equipment to be added or removed at any time, giving enterprise businesses the ability to pay for only the services they need and the flexibility to scale to meet growing business demands.

UCaaS unifies the communications experience, connecting and integrating employees, locations, services and business applications. It’s no wonder that IDC predicts the global UCaaS market will top $35 billion by 2019. Enterprise businesses benefit greatly from this refined method of communications and collaboration and will be a large portion of this anticipated growth.


This week in Breach

This week’s Breach Report

Highlights from The Week in Breach:

– You’d better reboot your router… NOW!

– Nation states injecting malicious apps into play stores to steal your stuff.

– Malware infects healthcare system impacting 500,000 Marylanders.

– Time from detection to acknowledgment and response getting slower and slower and slower. 

It’s back to business as usual in the world of breach, and we are seeing no signs of it slowing down this summer. This week’s headlines have been dominated by targeted attacks of SOHO Routers.  “SOHO” was coined to describe “small office – home office” routers used to set up local area networks by small businesses. According to DHS, “The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilte malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices.” The initial exploit vector for this malware is currently unknown. Here is the link to US-CERT’s alert TA18-145A detailing the threat and what you should do the protect yourself from exploit!   


What we’re STILL listening to this week!

Security Now – Hosted by Steve Gibson, Leo Laporte

Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)

Small Business, Big Marketing – Australia’s #1 Marketing Show!


TeenSafe (Update)

Small Business Risk: High: App server hosted on AWS accessible by anyone without a password.
Exploit: AWS/Suspected Misconfiguration
Risk to Exploited Individuals: High: Even though less than 10,000 individuals were impacted, this is a highly vulnerable segment of the population. 

TeenSafe: The TeenSafe app allows parents access to their children’s web browser history, text messages (including deleted SMS and iMessages and messages on WhatsApp and Kik), call logs, and device location, plus lets them observe which third-party apps have been installed.

Date Occurred
Discovered
 Unknown, but accounts from past three months were compromised.
Date DisclosedMay 21, 2018
Data CompromisedHighly personal data including Apple IDs. The compromised data did not include photos, messages, or location data. The server stores parents’ email address used for their TeenSafe account and their child’s email address, the child’s device name, and the device’s identifier.
How it was CompromisedAt least one of the app’s servers, which are hosted by Amazon’s cloud service, was accessible by anyone without a password. The data, including passwords and user IDs, were reportedly stored in plaintext, even though TeenSafe claims on its website that it uses encryption to protect user data. TeenSafe requires two-factor authentication to be switched off for the app to work, so anyone with just a password can easily gain access to compromised accounts. The app is available for both iOS and Android and doesn’t require parents to seek their child’s consent for access to their phone.
Customers Impacted
Around 10,200 accounts from the past three months were compromised, though that number also includes duplicates.
Attribution/VulnerabilityUndisclosed at this time.

https://www.theverge.com/2018/5/21/17375428/teensafe-app-breach-security-data-apple-id

https://www.zdnet.com/article/teen-phone-monitoring-app-leaks-thousands-of-users-data/

Google Play

Small Business Risk: Low: Targeted nation state exploit.
Exploit: Mobile Device Malware Exploit
Risk to Exploited Individuals: High: Nation-state exploit targeting defectors.

North Korean Defectors / Google Play malware

Date Occurred
Discovered
The apps had been live in the Google Play store for three months — from January to March.
Date DisclosedMay 2018
Data Compromised
Google Play store has allegedly hosted at least three apps designed to collect data from specific individuals. Two of these apps were posing as security apps, while the third claimed to provide food ingredient information. But what they really did was steal information from devices and receive a certain code that allowed them to further access data like photos, contact lists, and even text messages.
How it was Compromised
A North Korean hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee. The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store.
Customers Impacted
By the time McAfee privately notified Google as to the existence of these apps, 100 folks had already downloaded them.
Attribution/VulnerabilityBack in January, McAfee noted that it had found malicious apps intended to infect North Korean journalists and defectors’ devices. The group behind these apps was subsequently named Sun Team and is apparently the same group behind these latest apps. The apps were all linked to the same developer email address. McAfee found that the words used in the control servers were common in North Korea. There was also a North Korean IP address discovered in a test log file of some Android devices connected to account used to send out the malware.

https://www.digitaltrends.com/mobile/mcafee-malware-google-play/

http://www.techtimes.com/articles/228100/20180520/north-korea-hackers-use-android-apps-with-malware-to-harass-defectors.htm

LifeBridge Health
Small Business Risk: 
Extreme: Malware designed to inject healthcare systems and extract PHI/PII.
Exploit: Server/Security Exploit with Malware Injection
Risk to Exploited Individuals: Extreme: Although data has not been validated for sale on the Dark Web, the extracted data included “lifelong” PII & PHI that can be used to profile and/or exploit an individual for decades.

Lifebridge Health 

Date Occurred
Discovered
The breach occurred more than a year ago; discovered May 18.
Date DisclosedMay 2018
Data Compromised
The breach could have affected patients’ registration information, billing information, electronic medical records, social security numbers and other data.
How it was CompromisedAn unauthorized person accessed the server through LifeBridge Potomac Professionals on Sept. 27, 2016. Malware infected the servers that host LifeBridge Potomac Professionals’ electronic medical records, and LifeBridge Health’s patient registration and billing systems.
 

Attribution/Vulnerability

Outside actors
Customers ImpactedMore than 500,000 Maryland patients.

https://healthitsecurity.com/news/data-on-500k-patients-exposed-in-lifebridge-healthcare-data-breach

T-Mobile
Small Business Risk: High: Website configuration error revealing customer data for anyone to exploit.
Exploit: Website, Database & Security Misconfiguration
Risk to Exploited Individuals: Moderate: A threat actor would really have to develop a targeted threat plan to fully exploit the exposed population.

T-Mobile

Date Occurred
Discovered
Research done by ZDNet indicates that this T-Mobile.com web data breach was likely active as far back as October of last year.
Date DisclosedApril, 2018
Data Compromised
Allowed people to access the following info easily by attaching a cell phone number to the end of the web address:

  • Customers’ full names
  • Their mailing addresses
  • Account PINs used as a security question for customer service phone support
  • Billing account numbers
  • Past due bill notices
  • Service suspension notices
  • Tax identification numbers (in some instances)

 

How it was Compromised
A website bug on T-Mobile.com allowed anyone with access to a web browser to run a phone number and determine the home address and account PIN of the customer to whom it belonged.
Attribution/VulnerabilityOutside actors / undisclosed at this time.

https://www.statesman.com/business/personal-finance/mobile-website-data-breach-exposed-customer-addresses-pins/Ht3PZSdXMJkEKlDnggh3EL/


What is Spear Phishing?

Spear Phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s actually cybercriminals attempting to steal confidential information.

A whopping 91% of cyberattacks and the resulting data breach begin with a “spear phishing” email, according to research from security software firm Trend Micro. This conclusively shows that end-users really are the weak link in IT security.

You may be wondering what it takes to send this type of attack. This is not trivial, and can only be done by someone trained in advanced hacking techniques. We will first take a look at the steps required to send an attack, and then we’ll look at steps to mitigate this threat. For the (simplified) attack steps I am freely borrowing from a great blog post by Brandon McCann, a well-known pentester.

I will try to keep this as non-technical as possible, but there will be a few terms you may have to look up. Here are the steps to begin with. We will go into all of these one by one and explain what they mean.

  • Identify Email Addresses
  • Antivirus Evasion
  • Egress Filtering
  • Spear Phishing Scenario
  • Sending The Emails
  • Harvesting Treasure

Identify Email Addresses

There are two ways you can send phishing campaigns: the first is ‘spray-and-pray’ which is a shotgun approach. Get as many email addresses from the organization you can, and send them all an email that they might click on. The second approach is decide what data you are after, then figure out who has access to that data, and specifically target those people. That is the spear phishing approach, and for instance LinkedIn is extremely useful during this targeting step.

There are several ways to get your hands on the email addresses from an organization. The one favored by the bad guys is using scripts to harvest email addresses from the large search engines. You’d be surprised how many emails you can get your hands on and how big your phishing attack surface is. KnowBe4 has a free service called the Email Exposure Check that provides your list of exposed email addresses as a one-time free service. Once you have the email addresses of the few people you are targeting you are ready for step two.

Egress Filtering

You need to make sure that you can get the information out of the organization you are attacking, so the payload you are sending with your attack needs to allow traffic to exit the organization. A popular payload is called ‘reverse_https’ because it creates an encrypted tunnel back to the metasploit server, which makes it very hard for security software like intrusion detection or firewalls to detect anything. For those products your exiting phishing data all looks like normal https traffic.

Spear Phishing Scenario

There are many articles written about this by now, and it’s the essence of social engineering end-users. If they haven’t had high-quality security awareness trainingthey are easy targets for spear phishers. The attacker does research on their targets, find out who they regularly communicate with, and sends a personalized email to the target that uses one or more of the 22 Social Engineering Red Flags to make the target click on a link or open an attachment. Just imagine you get an email from the email address of your significant other that has in the subject line: Honey, I had a little accident with the car, and in the body: I made some pictures with my smart phone, do you think this is going to be very expensive?”

Sending The Emails

You can raise a temporary mail server and blast away, but that mail server will not have a reputation score which will block a lot of email from getting in. A better solution is going to GoDaddy, purchase a valid domain name, use the free email server that comes with the domain and set it up, so that you automatically have an MX record created for you by GoDaddy. While you are at it, also do a Whois lookup and change the GoDaddy Whois information for your phishing domain. All that helps mail getting through, which you can send with any email client, or with a script.

Harvesting Treasure

Let’s assume that your target clicked on the link, and you were able to place a keylogger on their machine. Now it’s a matter of waiting for the hourly burst of keyboard data back to your server, and monitoring for the credentials you are after. Once you have those, it’s a matter of getting into the workstation, get all network password hashes, crack them and get elevated to administrator access to the whole network.

Preventing Successful Spear Phishing Attacks

Now, how to mitigate against attacks like this? First of all, you need all your defense-in-depth layers in place. Defending against attacks like this is a multi-layer approach. Make sure you have in place the following: an Email Gateway Spam Filter and/or a spam filter in your Exchange Server. Turn on the Outlook ‘Junk Email’ Filter, run different antivirus products on the workstation and the mailserver, have an active Intrusion Prevention Systems, use Web Proxy Servers, and ideally have deep-packet inspection Egress filtering, plus there are some more things you could add. The trick is to make it as hard as possible for the attacker to get through.

And now let’s look at some other tactics that will help prevent a successful attack:

  • Do not have a list of all email addresses of all employees on your website, use a web form instead.
  • Regularly scan the Internet for exposed email addresses and/or credentials, you would not be the first one to find one of your end-user’s username and password on a crime or porn site.
  • Enlighten your users about the dangers of leaving all kinds of personal information on social media sites.
  • Last but not least, you could go through all the steps above and start sending simulated attacks to all your end users, but why not use our fully automated service and let us help you with that? We provide security awareness training combined with pre- and post simulated phishing testing to make sure end users stay on their toes with security top of mind. Since 91% of successful attacks use spear phishing to get in, this will get you by far the highest ROI for your security budget, with visible proof the training works!

Keep your networks and users secure from internal and external threats

Best Practices in Cyber Security 2018

The cyberthreat landscape changes on a daily basis.  There is no one size fits all solution and there are no magic bullets. It has been said that the price of liberty is eternal vigilance. The same holds true for cyber security. There are four pillars of security- end point protection, perimeter protection, monitoring and end user vigilance.

They say that those who don’t learn from history are doomed to repeat it, and matters of cyber security are no exception. Threats will often follow trends, and so by reviewing what has happened in the past, we may be able to glean some insight into what will be important in the future.

If the first half of 2018 was any indication, there are a few things that will be of most concern to IT professionals and end users.

Ensure All Endpoints Have Appropriate Security Measures

It’s staggering to consider how many end points any given business could have, each providing a route in for threat actors. Between company-provided devices, personal mobile devices, and Internet of Things devices, there are plenty of opportunities for a company to be attacked.

As a result, as 2018 progresses, businesses must be aware of what threats exist, as well as better prepared to protect themselves against them. This includes strategies that ensure your organization’s digital protections are properly maintained while remaining cognizant of physical security best practices. Pairing encryption and access control, as well as mobile device management, can create a much safer environment for your data.

Cover your 6’s

Your network needs to have not just the firewall appliance – but a comprehensive suite of tools that can help you recognize suspicious behavior. It is more than just a static device. It has to be paired with analytical tools that can give you insight into your network. Additionally, an external firewall or web filtering service can protect you from unseen threats on a multitude of levels. It is not just hardware and software anymore. You need to have the resources available to alert you to threats, cut down the noise from repeated alerts and investigate areas that you should not be in yourself – e.g. the Dark Web.

Get Back to Basics With Security and End User Education – Cyberawareness Training

While it may sometimes be tempting to focus on the massive attacks and breaches that too-often dominate the headlines, no business can afford to devote their full attention to those vulnerabilities and overlook the more common threats. This is primarily because once they do, they become exponentially more vulnerable to these attacks through their lack of awareness and preparation.

Part of being prepared for the threats of the coming weeks and months is to make sure that your employees are also up to speed where security is concerned. Educating them on best practices before enforcing these practices can help to shore up any vulnerabilities you may have and maintain your network security. This includes restricting employee access to certain websites, requiring passwords of appropriate strength, and encouraging your employees to be mindful of exactly what they’re clicking on.

Continuing to Improve Security Measures

Finally, it is important to remember that implementing security features isn’t a one-time activity. Threats will grow and improve in order to overcome existing security measures, and so if they are going to remain effective, these security measures must be improved as well.

While regulatory requirements can provide an idea of what security a network should feature, they shouldn’t be seen as the endpoint. Instead, those requirements should be the bare minimum that you implement, along with additional measures to supplement them.

We are here to help. If you would like to explore the options of a completely managed firewall, DNS filtering, or cyber awareness training- we can assist. First- get a baseline of where your organization is at. We have a suite of FREE tools that can help show you your susceptibility to phishing, spoofing and whether your organization’s credentials are for sale on the Dark Web.  We can also do an onsite security assessment to analyze your network’s vulnerabilities.

For your free tools, please visit:  http://downloads.primetelecommunications.com/CyberAwareness-Free-Tools or give us a call at 847 329 8600.

We are your managed technology solutions professionals and are here to listen!

 

 


Click hear fool

Request your Free Network Evaluation