Author Archives: Vic Levinson

This week in Breach

This week’s Breach Report

Highlights from The Week in Breach:

– You’d better reboot your router… NOW!

– Nation states injecting malicious apps into play stores to steal your stuff.

– Malware infects healthcare system impacting 500,000 Marylanders.

– Time from detection to acknowledgment and response getting slower and slower and slower. 

It’s back to business as usual in the world of breach, and we are seeing no signs of it slowing down this summer. This week’s headlines have been dominated by targeted attacks of SOHO Routers.  “SOHO” was coined to describe “small office – home office” routers used to set up local area networks by small businesses. According to DHS, “The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilte malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices.” The initial exploit vector for this malware is currently unknown. Here is the link to US-CERT’s alert TA18-145A detailing the threat and what you should do the protect yourself from exploit!   


What we’re STILL listening to this week!

Security Now – Hosted by Steve Gibson, Leo Laporte

Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)

Small Business, Big Marketing – Australia’s #1 Marketing Show!


TeenSafe (Update)

Small Business Risk: High: App server hosted on AWS accessible by anyone without a password.
Exploit: AWS/Suspected Misconfiguration
Risk to Exploited Individuals: High: Even though less than 10,000 individuals were impacted, this is a highly vulnerable segment of the population. 

TeenSafe: The TeenSafe app allows parents access to their children’s web browser history, text messages (including deleted SMS and iMessages and messages on WhatsApp and Kik), call logs, and device location, plus lets them observe which third-party apps have been installed.

Date Occurred
Discovered
 Unknown, but accounts from past three months were compromised.
Date DisclosedMay 21, 2018
Data CompromisedHighly personal data including Apple IDs. The compromised data did not include photos, messages, or location data. The server stores parents’ email address used for their TeenSafe account and their child’s email address, the child’s device name, and the device’s identifier.
How it was CompromisedAt least one of the app’s servers, which are hosted by Amazon’s cloud service, was accessible by anyone without a password. The data, including passwords and user IDs, were reportedly stored in plaintext, even though TeenSafe claims on its website that it uses encryption to protect user data. TeenSafe requires two-factor authentication to be switched off for the app to work, so anyone with just a password can easily gain access to compromised accounts. The app is available for both iOS and Android and doesn’t require parents to seek their child’s consent for access to their phone.
Customers Impacted
Around 10,200 accounts from the past three months were compromised, though that number also includes duplicates.
Attribution/VulnerabilityUndisclosed at this time.

https://www.theverge.com/2018/5/21/17375428/teensafe-app-breach-security-data-apple-id

https://www.zdnet.com/article/teen-phone-monitoring-app-leaks-thousands-of-users-data/

Google Play

Small Business Risk: Low: Targeted nation state exploit.
Exploit: Mobile Device Malware Exploit
Risk to Exploited Individuals: High: Nation-state exploit targeting defectors.

North Korean Defectors / Google Play malware

Date Occurred
Discovered
The apps had been live in the Google Play store for three months — from January to March.
Date DisclosedMay 2018
Data Compromised
Google Play store has allegedly hosted at least three apps designed to collect data from specific individuals. Two of these apps were posing as security apps, while the third claimed to provide food ingredient information. But what they really did was steal information from devices and receive a certain code that allowed them to further access data like photos, contact lists, and even text messages.
How it was Compromised
A North Korean hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee. The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store.
Customers Impacted
By the time McAfee privately notified Google as to the existence of these apps, 100 folks had already downloaded them.
Attribution/VulnerabilityBack in January, McAfee noted that it had found malicious apps intended to infect North Korean journalists and defectors’ devices. The group behind these apps was subsequently named Sun Team and is apparently the same group behind these latest apps. The apps were all linked to the same developer email address. McAfee found that the words used in the control servers were common in North Korea. There was also a North Korean IP address discovered in a test log file of some Android devices connected to account used to send out the malware.

https://www.digitaltrends.com/mobile/mcafee-malware-google-play/

http://www.techtimes.com/articles/228100/20180520/north-korea-hackers-use-android-apps-with-malware-to-harass-defectors.htm

LifeBridge Health
Small Business Risk: 
Extreme: Malware designed to inject healthcare systems and extract PHI/PII.
Exploit: Server/Security Exploit with Malware Injection
Risk to Exploited Individuals: Extreme: Although data has not been validated for sale on the Dark Web, the extracted data included “lifelong” PII & PHI that can be used to profile and/or exploit an individual for decades.

Lifebridge Health 

Date Occurred
Discovered
The breach occurred more than a year ago; discovered May 18.
Date DisclosedMay 2018
Data Compromised
The breach could have affected patients’ registration information, billing information, electronic medical records, social security numbers and other data.
How it was CompromisedAn unauthorized person accessed the server through LifeBridge Potomac Professionals on Sept. 27, 2016. Malware infected the servers that host LifeBridge Potomac Professionals’ electronic medical records, and LifeBridge Health’s patient registration and billing systems.
 

Attribution/Vulnerability

Outside actors
Customers ImpactedMore than 500,000 Maryland patients.

https://healthitsecurity.com/news/data-on-500k-patients-exposed-in-lifebridge-healthcare-data-breach

T-Mobile
Small Business Risk: High: Website configuration error revealing customer data for anyone to exploit.
Exploit: Website, Database & Security Misconfiguration
Risk to Exploited Individuals: Moderate: A threat actor would really have to develop a targeted threat plan to fully exploit the exposed population.

T-Mobile

Date Occurred
Discovered
Research done by ZDNet indicates that this T-Mobile.com web data breach was likely active as far back as October of last year.
Date DisclosedApril, 2018
Data Compromised
Allowed people to access the following info easily by attaching a cell phone number to the end of the web address:

  • Customers’ full names
  • Their mailing addresses
  • Account PINs used as a security question for customer service phone support
  • Billing account numbers
  • Past due bill notices
  • Service suspension notices
  • Tax identification numbers (in some instances)

 

How it was Compromised
A website bug on T-Mobile.com allowed anyone with access to a web browser to run a phone number and determine the home address and account PIN of the customer to whom it belonged.
Attribution/VulnerabilityOutside actors / undisclosed at this time.

https://www.statesman.com/business/personal-finance/mobile-website-data-breach-exposed-customer-addresses-pins/Ht3PZSdXMJkEKlDnggh3EL/


What is Spear Phishing?

Spear Phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s actually cybercriminals attempting to steal confidential information.

A whopping 91% of cyberattacks and the resulting data breach begin with a “spear phishing” email, according to research from security software firm Trend Micro. This conclusively shows that end-users really are the weak link in IT security.

You may be wondering what it takes to send this type of attack. This is not trivial, and can only be done by someone trained in advanced hacking techniques. We will first take a look at the steps required to send an attack, and then we’ll look at steps to mitigate this threat. For the (simplified) attack steps I am freely borrowing from a great blog post by Brandon McCann, a well-known pentester.

I will try to keep this as non-technical as possible, but there will be a few terms you may have to look up. Here are the steps to begin with. We will go into all of these one by one and explain what they mean.

  • Identify Email Addresses
  • Antivirus Evasion
  • Egress Filtering
  • Spear Phishing Scenario
  • Sending The Emails
  • Harvesting Treasure

Identify Email Addresses

There are two ways you can send phishing campaigns: the first is ‘spray-and-pray’ which is a shotgun approach. Get as many email addresses from the organization you can, and send them all an email that they might click on. The second approach is decide what data you are after, then figure out who has access to that data, and specifically target those people. That is the spear phishing approach, and for instance LinkedIn is extremely useful during this targeting step.

There are several ways to get your hands on the email addresses from an organization. The one favored by the bad guys is using scripts to harvest email addresses from the large search engines. You’d be surprised how many emails you can get your hands on and how big your phishing attack surface is. KnowBe4 has a free service called the Email Exposure Check that provides your list of exposed email addresses as a one-time free service. Once you have the email addresses of the few people you are targeting you are ready for step two.

Egress Filtering

You need to make sure that you can get the information out of the organization you are attacking, so the payload you are sending with your attack needs to allow traffic to exit the organization. A popular payload is called ‘reverse_https’ because it creates an encrypted tunnel back to the metasploit server, which makes it very hard for security software like intrusion detection or firewalls to detect anything. For those products your exiting phishing data all looks like normal https traffic.

Spear Phishing Scenario

There are many articles written about this by now, and it’s the essence of social engineering end-users. If they haven’t had high-quality security awareness trainingthey are easy targets for spear phishers. The attacker does research on their targets, find out who they regularly communicate with, and sends a personalized email to the target that uses one or more of the 22 Social Engineering Red Flags to make the target click on a link or open an attachment. Just imagine you get an email from the email address of your significant other that has in the subject line: Honey, I had a little accident with the car, and in the body: I made some pictures with my smart phone, do you think this is going to be very expensive?”

Sending The Emails

You can raise a temporary mail server and blast away, but that mail server will not have a reputation score which will block a lot of email from getting in. A better solution is going to GoDaddy, purchase a valid domain name, use the free email server that comes with the domain and set it up, so that you automatically have an MX record created for you by GoDaddy. While you are at it, also do a Whois lookup and change the GoDaddy Whois information for your phishing domain. All that helps mail getting through, which you can send with any email client, or with a script.

Harvesting Treasure

Let’s assume that your target clicked on the link, and you were able to place a keylogger on their machine. Now it’s a matter of waiting for the hourly burst of keyboard data back to your server, and monitoring for the credentials you are after. Once you have those, it’s a matter of getting into the workstation, get all network password hashes, crack them and get elevated to administrator access to the whole network.

Preventing Successful Spear Phishing Attacks

Now, how to mitigate against attacks like this? First of all, you need all your defense-in-depth layers in place. Defending against attacks like this is a multi-layer approach. Make sure you have in place the following: an Email Gateway Spam Filter and/or a spam filter in your Exchange Server. Turn on the Outlook ‘Junk Email’ Filter, run different antivirus products on the workstation and the mailserver, have an active Intrusion Prevention Systems, use Web Proxy Servers, and ideally have deep-packet inspection Egress filtering, plus there are some more things you could add. The trick is to make it as hard as possible for the attacker to get through.

And now let’s look at some other tactics that will help prevent a successful attack:

  • Do not have a list of all email addresses of all employees on your website, use a web form instead.
  • Regularly scan the Internet for exposed email addresses and/or credentials, you would not be the first one to find one of your end-user’s username and password on a crime or porn site.
  • Enlighten your users about the dangers of leaving all kinds of personal information on social media sites.
  • Last but not least, you could go through all the steps above and start sending simulated attacks to all your end users, but why not use our fully automated service and let us help you with that? We provide security awareness training combined with pre- and post simulated phishing testing to make sure end users stay on their toes with security top of mind. Since 91% of successful attacks use spear phishing to get in, this will get you by far the highest ROI for your security budget, with visible proof the training works!

Best Practices in Cyber Security 2018

The cyberthreat landscape changes on a daily basis.  There is no one size fits all solution and there are no magic bullets. It has been said that the price of liberty is eternal vigilance. The same holds true for cyber security. There are four pillars of security- end point protection, perimeter protection, monitoring and end user vigilance.

They say that those who don’t learn from history are doomed to repeat it, and matters of cyber security are no exception. Threats will often follow trends, and so by reviewing what has happened in the past, we may be able to glean some insight into what will be important in the future.

If the first half of 2018 was any indication, there are a few things that will be of most concern to IT professionals and end users.

Ensure All Endpoints Have Appropriate Security Measures

It’s staggering to consider how many end points any given business could have, each providing a route in for threat actors. Between company-provided devices, personal mobile devices, and Internet of Things devices, there are plenty of opportunities for a company to be attacked.

As a result, as 2018 progresses, businesses must be aware of what threats exist, as well as better prepared to protect themselves against them. This includes strategies that ensure your organization’s digital protections are properly maintained while remaining cognizant of physical security best practices. Pairing encryption and access control, as well as mobile device management, can create a much safer environment for your data.

Cover your 6’s

Your network needs to have not just the firewall appliance – but a comprehensive suite of tools that can help you recognize suspicious behavior. It is more than just a static device. It has to be paired with analytical tools that can give you insight into your network. Additionally, an external firewall or web filtering service can protect you from unseen threats on a multitude of levels. It is not just hardware and software anymore. You need to have the resources available to alert you to threats, cut down the noise from repeated alerts and investigate areas that you should not be in yourself – e.g. the Dark Web.

Get Back to Basics With Security and End User Education – Cyberawareness Training

While it may sometimes be tempting to focus on the massive attacks and breaches that too-often dominate the headlines, no business can afford to devote their full attention to those vulnerabilities and overlook the more common threats. This is primarily because once they do, they become exponentially more vulnerable to these attacks through their lack of awareness and preparation.

Part of being prepared for the threats of the coming weeks and months is to make sure that your employees are also up to speed where security is concerned. Educating them on best practices before enforcing these practices can help to shore up any vulnerabilities you may have and maintain your network security. This includes restricting employee access to certain websites, requiring passwords of appropriate strength, and encouraging your employees to be mindful of exactly what they’re clicking on.

Continuing to Improve Security Measures

Finally, it is important to remember that implementing security features isn’t a one-time activity. Threats will grow and improve in order to overcome existing security measures, and so if they are going to remain effective, these security measures must be improved as well.

While regulatory requirements can provide an idea of what security a network should feature, they shouldn’t be seen as the endpoint. Instead, those requirements should be the bare minimum that you implement, along with additional measures to supplement them.

We are here to help. If you would like to explore the options of a completely managed firewall, DNS filtering, or cyber awareness training- we can assist. First- get a baseline of where your organization is at. We have a suite of FREE tools that can help show you your susceptibility to phishing, spoofing and whether your organization’s credentials are for sale on the Dark Web.  We can also do an onsite security assessment to analyze your network’s vulnerabilities.

For your free tools, please visit:  http://downloads.primetelecommunications.com/CyberAwareness-Free-Tools or give us a call at 847 329 8600.

We are your managed technology solutions professionals and are here to listen!

 

 


phishing / a fish hook on computer keyboard with email sign / computer crime / data theft / cyber crime

Data breach. Customer information stolen.

 

Prime Telecommunications in cooperation with ID Agent is excited to offer this guest blog post from Megan Wells. Megan is a data journalist and content strategist at InvestmentZen who has written content on how data theft impacts Americans, technological interventions for personal and commercial finance and content for IBM and NASDAQ. With her examination of costs and the impact of Data Breaches, she shares how detrimental identity theft can be for businesses and their employees.

Data breach. Customer information stolen. Identity theft. Those words are enough to cause panic to a small business owner or manager. However well protected they think they are, they fail to realize that criminals on the Dark Web are one step ahead.

Many don’t understand what a data breach is and think it only happens to big companies like Equifax, Target and Home Depot. Yet, employee errors account for 30% of data breaches as the following examples show and small businesses have employees, right?

  1. A medical office employee emails patient data without encrypting the email.
  2. An employee attaches a document to an email that contains a customer’s SSN and account number.
  3. Malware enters a company’s servers through an internet download and steals customer and business data.
  4. A hacker breaks into the business network and downloads credit card data.
  5. A company laptop with customer information on it gets stolen.

Any company that stores customer information, regardless of size, is vulnerable and at risk for a data breach. And data breaches lead to identity theft for business owners and customers.

The negative press to a business from a data breach is bad enough. The risk of identity theft to customers and owners takes it to another level. Over $16 billion was stolen from consumers in 2016, roughly $1,300 per victim. While that amount may seem low (in perspective), the time involved is not. Theft caught early might take eight hours to resolve; for many, however, hundreds of hours are spent reclaiming their identity. Then there’s the person that never fully restores his or her identity–one in four victims faces this reality.
It’s in a business’ best interest to do everything possible to reduce its exposure to data breaches and the high cost of damage control (negative press, lost revenue, customer reparation). Businesses and consumers must work together to safeguard nonpublic, personal information. All our identities and millions of dollars are at stake.


Myth in technology

10 Everyday Technology Myths That Could Cost You Your Job

1.) MYTH: The more bandwidth I add, the better my voice quality and cloud performance should be… I will just change my COMCAST cable modem from 50 to 100 without spending a lot of extra money. It’s a cost-savings win.

If only we had a dollar for every time we have been told that a business decision maker (even in the IT department) decided to save money by relying on public cable (like COMCAST) to power their Internet and cloud applications by making a simple modem change from 50 to 100 without spending a lot of extra money. The problem with this thinking is simply that the quality of Internet that powers your business is often dependent upon the regulation of traffic on the network. In many of the situations, the first inclination is to go out and purchase the next tier of Internet speeds available. There are two fallacies with this statement:

  • Increased Internet speeds will improve your cloud and voice performance.
  • You will save money by using a public Internet provider in the process.

First, whether you are using 1 or 100 Megs of bandwidth, the call performance will be exactly the same regardless of the amount of speed you purchase. Why? Think of your Internet pipe as a street. There can only be so many cars on the street at one time or else the street becomes congested, bottlenecks occur, and everything comes to a halt. If your network is oversold—more Internet won’t help.

Secondly, once you hit the public Internet, all bets are off. While the public Internet can guarantee a certain Internet speed, those of you who rely on COMCAST during busy periods know that the speed of your Internet may vary by time of day and that’s simply because there are many users trying to access the same source. Comcast will claim that the speed is high, but the quality of your Internet is something different.

That’s when you head on over to Speedtest.net and run a speed test. Here’s another secret, if you are located near the source (data center) that Comcast uses to push out Internet, then your connection may be good. The farther you are from that source, or if there is other congestion on the Internet, your speed with vary.

You can solve this problem by implementing a traffic controller on the network that will monitor and maintain consistency for near and far locations and regulate the amount of bandwidth that your boss consumes while at work listening to Spotify. Let us know if you would like more information on how to do this. 

2.) MYTH: VoIP does not use a lot of bandwidth.

One of the first problems you will experience – out of the gates—if you choose to move your traditional PBX (on premises) phone system to the cloud is performance. Why? Because, contrary to widespread belief, VoIP does use bandwidth. One of the biggest challenges you will have to overcome is how to allocate the right amount of bandwidth to your Internet phone service.

But the real issue is not an abundance or deficiency in the quantity of bandwidth. The real issue is quality. When you are working with voice, it is important to prioritize quality over quantity. Adding more quantity will not change when what you are really looking for is a consistent, high-quality supply of Internet without interruption. Learn more.

Begin by asking any VoIP provider how they guarantee the quality of a call. Decide if you will have other services and applications running on the network that will require bandwidth and then work with a professional who can help you configure the right Quality of Service (QoS) settings so that you optimize your performance because VoIP uses a lot of bandwidth.”

3.) MYTH: I’m going to save money by ripping out my phone system and using a free version of Lync…

…My CFO and I both agree this is an effective way to save money.

While the individual price of products like Lync come in considerably lower than maybe a cloud-based phone system, performance of applications and voice calls over the Internet come at a price. To demonstrate, we recently worked with a client who had a solid network that was regularly monitored. The CIO wanted to reduce cost, so he/she decided to rip out the existing phone system and replace it with a less expensive version of Lync. What they did not account for was the Monday morning 1,000 employees who opened facebook right when the CEO was on an important call…long story short, the router could not save inferior quality voice performance; the network could not support and regulate the bandwidth to allocate the right amount to the CEO’s call. When the call is choppy or drops, the boss does not realize that its associated with the cloud performance because shortcuts and other inexpensive technologies cost you in performance when you least expect it.

4.) MYTH: Mac runs on a very secure operating system by Apple. For that reason, I don’t think I need any antivirus for my Mac.

The questions around whether Macs need antivirus software is not a new one, but the answer is changing. Long and short, while Macs are generally more secure than Windows, they are far from being immune to email and security hacks. Bottom line, there is no reason why a Mac cannot be targeted by cybercriminals.

The most obvious target is email. Cryptolocker and other cyber-attacks encrypt your system gaining access through (yep, you guessed it) email. Even more alarming is the fact that once access is gained, a cybercriminal can monitor your PC through your email and lock, steal or corrupt your data. At the end of the day, it seems smart to be safe rather than sorry.

5.) MYTH: I’m an Amazon Prime user, and I plan to save money by buying my computer from Amazon. I’ll just load my business applications on it when it arrives.

Unfortunately, it is not that easy. Daily we encounter smart technical people that purchase equipment like computers, routers, and firewalls at discounts shops like Best Buy and Amazon to earn points or save dollars. What those individuals don’t realize is that these items do not always come with the right version of Windows to work on your business network or lacks the ports and security software to ensure your system is secure. In fact, the money saved on equipment costs you down the road when you must hire an hourly IT professional to route VPN at home so that you can access QuickBooks on your server from the Internet. Technology must all work together.

6.) MYTH: Upper Management told us to migrate our servers and back-up to the cloud. That should be easy, right?

But here’s the rest of that statement: they don’t want to hear what infrastructure changes and cost are required to make this happen.

The cloud is cool, and it is a part of our future, but the cloud requires a retooling of existing infrastructure and systems to get top performance from high-quality Internet service, routers, and switches that can handle intelligent network management including things like bandwidth management, QoS, and proper security.

7.) MYTH: I work from home. I will just use my own WIFI router and provide visitors with the password only when needed…

…besides, it is such a pain to change the default passwords on routers, access points. It’s also worth remembering that the end user is always the weakest link. A hacked or compromised router (any device on the network) can be attacked in every known way. It can be used to spy, steal data, collect passwords and trick you into installing encrypted software. Now, image your companies network is being fed into your home WIFI router… just because something is working, doesn’t mean it is working right, or securely.

8.) MYTH: I got a great deal from COMCAST by adding security surveillance to the office.

In one innocent move, you have just made it more difficult for your IT guy to identify what not working when one of your many systems goes down.

For example, if you have Comcast managing the Internet, another resource managing your wireless, and yet another outside company managing your printers.

What happens when the printer stops working? Is it because…

  • …the printer is broken?
  • Maybe the Internet bandwidth is slow and that is impacting printing?
  • Maybe your Comcast service is allowing non-critical traffic that could be opening a security hole in your network?
  • Maybe you are experiencing DHCP conflicts on the network?

Whatever the case, this is no longer a quick fix. You have three different resources that must be called in and paid to troubleshoot the problem. We suggest you use one outsourced IT organization that can monitor, detect and prevent any and all the above from ever happening. Who wouldn’t want one call to make instead of three?  The best course of action is always to simplify with good products that are easy to use from a trusted provider.

9.) MYTH: I thought MPLS was included in the price.

Nope, you declined this offer when you changed your Internet providers and implemented your cloud network. This now means that once your Internet hits the public cloud, the performance of your cloud applications and all online systems are at the mercy of your local provider. If the network is overloaded, there is no quality assurance that the majority of your bandwidth will not be eaten up by employees using apps during working hours like Spotify, facebook, and Youtube. If you would have chosen the cloud Quality of Service overlay and added a cloud dashboard that monitors speeds and feeds, you would not be in this pickle. Going back to management and justifying costs because you declined an offer during implementation can be awkward.

10.) MYTH: I’m saving a lot of money by buying my printer and toner supplies at Office Depot.

Well… only at first. Consider this: If you buy a business printer at $1,200 with replacement toner at $300, you will not need to replace your toner until after 40,000 prints.

In option two, you buy the cheaper printer and toner at Office Depot, giving you 1,200 prints before you need to replace your toner at $99. Seems cheaper, right?

Wrong. After 120,000 prints, the Office Depot printer, while cheaper initially, would cost you a total of $7,899 over time ($99 printer; 100 toner replacements at $78 each). The business printer, for the same number of prints, will cost you $2,100 ($1,200 printer; 3 toner replacements at $300/each).

Do the math, the cheaper printer will eventually cost you $6,699 more. Your total cost of ownership should always be taken into consideration.

We hope you have found many of these myths useful in making your own future decision about technology. 2018 is right around the corner and if you would like to sit down with our team and plan your own 2018 Technology Roadmap, we are here to help. Many businesses find that the planning of resources and technology will save them thousands of dollars in unforeseen emergencies and unnecessary purchases.

Let us help you get the most out of your technology investment.


Meltdown and Spectre

How To Explain Meltdown And Spectre To Your C-Level and employees

OK, 2018 has just started and it has totally borked all networks in the whole world. That’s a fine mess we’re in to start off the year. 🙂

Meltdown and Spectre are CPU hardware design flaws that we techies understand. In a nutshell, Meltdown breaks the isolation between the user app and the OS, so the app can do a memory dump and steal any data in it. Spectre goes further. It breaks the isolation between apps. It’s harder to exploit but harder to mitigate.

However, how to explain this to your C-level and end-users is another story.

First thing to understand is that the vulnerable machine has to have malware running to exploit this vulnerability. And who are the most prone to let bad guys into their machine to start with? Right… users.

Another excellent reason to step them through new-school security awareness training immediately, because Meltdown and Spectre are going to be with us for a while.

We have just released our brand-new 2018 flagship 45-minute training module and a whole new batch of new videos from a new publisher.

I strongly recommend to not waste this crisis and require all staff to start the new year with a refresher awareness course, pretty much right away.

So now, how to explain this to everyone in your organization?

I suggest you send the following to your C-level execs and employees. You’re welcome to copy, paste, and/or edit:

“Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.

 

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

 

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.

 

So, What Are We Doing About This?

 

We need to update and patch all machines on the network. This is going to take some time, some of the patches are not even available yet. We also may have to replace some mission-critical computers to fix this.

In the meantime, we need you to be extra vigilant, with security top of mind and Think Before You Click.

 

[OPTIONAL] To help you stay safe online in the office and also at the house, please step through this new security awareness training module which will take you 45 minutes. Consider it an urgent “lunch & learn” because of this hardware bug.” (Thanks, Mr. Intel…)

Here is a good site with an FAQ and videos about this SNAFU, that you can refer people to if they want to know more. For instance, antivirus does not protect against this vulnerability.

This was written by Stu Sjouwerman, Founder and CEO, KnowBe4, Inc.

 


Phishing

86% of security pros worry about a phishing future where criminals are using Artificial Intelligence

A new survey by Webroot shows that 86% of security professionals worry that AI and ML (machine learning) technology could be used against them. And they are right, because it will and probably is already happening right now with fake celebrity sex videos.

The survey shows the US is an early adopter of AI for cyber security, with 87 percent of US professionals reporting their organizations are currently using AI as part of their security strategy.

Three quarters of cyber security professionals in the US believe that, within the next three years, their company will not be able to safeguard digital assets without AI. Overall, 99 percent believe AI could improve their organization’s cyber security.

Respondents identified key uses for AI including time-critical threat detection tasks, such as identifying threats that would have otherwise been missed and reducing false positive rates.

“There is no doubt about AI being the future of security as the sheer volume of threats is becoming very difficult to track by humans alone,” says Hal Lonas, chief technology officer at Webroot. More detail at Webroot’s Quarterly Threat Trendsreport.

AI is a game changer for better or for worse

This is the first time in history that AI has come up to the level predicted in Sci-Fi for decades. And some of the smartest people in the world are working on ways to tap AI’s immense power to do just that.

And some bad guys are using it to create fake celebrity sex videos. Yes, you read that right.

This is going to be the next wave of phishing emails that use social engineering to manipulate your users into opening an infected attachment.

With help from a face swap algorithm of his own creation using widely-available parts like TensorFlow and Keras, Reddit user “Deepfakes” tapped easily accessible materials and open-source code that anyone with a working knowledge of machine learning could use to create serviceable fakes.

“Deepfakes” has produced videos or GIFs of Gal Gadot (now deleted ), Maisie Williams, Taylor Swift, Aubrey Plaza, Emma Watson, and Scarlett Johansson, each with varying levels of success. None are going to fool the discerning watcher, but all are close enough to hint at a terrifying future.

After training the algorithm — mostly with YouTube clips and results from Google Images — the AI goes to work arranging the pieces on the fly to create a convincing video with the preferred likeness. That could be a celebrity, a co-worker, or an ex.  AI researcher Alex Champandard told Motherboard that any decent consumer-grade graphics card could produce these effects in hours. (THIS LINK IS NFSW!) 

So, picture this. (Or rather, don’t picture this!)

Your user gets a spear-phishing email based on their social media “likes and shares”, inviting them to see a celebrity sex video with.. you guessed it, their favorite movie star! Take it one step further and your user will be able to order fake celeb sex videos with any two (or more) celebrities of their liking and get it delivered within 24 hours for 20 bucks.

And a good chunk of these video downloads will come with additional malware like Trojans and Keyloggers that give the bad guys full pwnage. Yikes.

All the more reason to educate your users within an inch of their lives with new-school security awareness training that sends them frequent simulated tests using phishing emails, the phone, and txt to their smartphone.

We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks.


Oops

“123456” Remains Most Common Password Found in Data Dumps in 2017

For the second year in a row, “123456” remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers.

While having “123456” as your password is quite bad, the other terms found on a list of Top 100 Worst Passwords of 2017 are just as distressing and regretful.

Some of these include an extensive collection of sports terms (football, baseball, soccer, hockey, Lakers, jordan23, golfer, Rangers, Yankees), car brands (Mercedes, Corvette, Ferrari, Harley), and various expressions (iloveyou, letmein, whatever, blahblah).

But, by far, the list was dominated by names, with the likes of Robert (#31), Matthew (#32), Jordan (#33), Daniel (#35), Andrew (#36), Andrea (#38), Joshua (#40), George (#48), Nicole (#53), Hunter (#54), Chelsea (#62), Phoenix (#66), Amanda (#67), Ashley (#69), Jessica (#74), Jennifer (#76), Michelle (#81), William (#86), Maggie (#92), Charlie (#95), and Martin (#96), showing up on the list.

List compiled from five million leaked credentials
The list was put together by SplashData, a company that provides various password management utilities such as TeamsID and Gpass. The company said it compiled the list by analyzing over five million user records leaked online in 2017 and that also contained password information.

“Use of any of the passwords on this list would put users at grave risk for identity theft,” said a SplashData spokesperson in a press release that accompanied a two-page PDF document containing a list of the most encountered passwords.

This is because attackers use these same leaked records to build similar lists of leaked passwords, which they then assemble as “dictionaries” for carrying out account brute-force attacks.

Attackers will use the leaked terms, but they’ll also create common variations on these words using simple algorithms. This means that by adding “1” or any other character combinations at the start or end of basic terms, users aren’t improving the security of their password.”

Advising users on best password policies is simply stepping them through a good online training session like Creating Strong Passwords, and above all, staying away from the terms below.

1 – 123456 (rank unchanged since 2016 list)
2 – password (unchanged)
3 – 12345678 (up 1)
4 – qwerty (Up 2)
5 – 12345 (Down 2)
6 – 123456789 (New)
7 – letmein (New)
8 – 1234567 (Unchanged)
9 – football (Down 4)
10 – iloveyou (New)
11 – admin (Up 4)
12 – welcome (Unchanged)
13 – monkey (New)
14 – login (Down 3)
15 – abc123 (Down 1)
16 – starwars (New)
17 – 123123 (New)
18 – dragon (Up 1)
19 – passw0rd (Down 1)
20 – master (Up 1)
21 – hello (New)
22 – freedom (New)
23 – whatever (New)
24 – qazwsx (New)
25 – trustno1 (New)


Are you a good fit for the cloud?

Time for SD-WAN: Why MPLS Costs More than Money

Tags :

Category : SD WAN

The only truly scarce commodity in business is time. You can’t create time, so it must be spent wisely. The most successful organizations are ones that always find ways to be more efficient and productive with their time; leading to a low cost structure, high customer satisfaction and good employee morale.

Over the past 20 years, MPLS became entrenched as the gold-standard of WAN transport and many organizations have found a way to absorb the high cost and inefficiencies inherent in MPLS. Why? Because with technology, there’s a strong tendency to stay with what you already know so it’s no surprise that most organizations have not spent time looking to escape their MPLS WAN. But things are changing quickly.

The rise of cloud computing has exposed “real world” limitations of MPLS and created a new reality where it is draining knowledge worker productivity. Whether it’s a new site deployment, an employee running cloud applications, or an IT engineer configuring the network, MPLS is wasting your time. Successful organizations may be able to spend twice as much money to maintain the status quo with MPLS, but when you consider the new SD-WAN math, you save time and money. So the question is, What are you waiting for?

SD-WAN is about accelerating productivity.  SD-WAN enables your organization to collaborate and innovate at 10 times the speed of MPLS. Putting aside the 50% TCO savings from SD-WAN, the fact is cloud-driven organizations can’t afford to waste another minute waiting on MPLS.  Given the efficiency of SD-WAN it is no wonder that late 2017 marks the tipping point; according to IDC, the SD-WAN market is projected to grow to $8 billion in annual revenues by the year 2021.

3 Key Areas Where MPLS Is Wasting Your Time

1.) Site Deployments  First, MPLS circuits have notoriously long provisioning times. This delays new branch deployments hugely.  “There’s simply no fast way to deploy MPLS,” explains Futuriom Founder and Chief Analyst, Scott Raynovich, during a recent webinar presentation of his SD-WAN Growth Outlook. “It often takes months, not weeks or days.”

2.) Worker Productivity — With cloud applications on the rise, MPLS is unnecessarily slowing down day-to-day worker productivity. Cloud applications running over MPLS can be sluggish, disrupting the flow of productivity by causing workers to waste time waiting on their network instead of focusing on their tasks.  The two primary causes of slow cloud performance are relatively low MPLS bandwidth speeds, which is exacerbated by indirect routes connecting users to their cloud applications. “MPLS is designed to support point-to-point data centers, not cloud,” describes Raynovich. “Now you have people going out to the cloud with applications like Salesforce CRM, Box and Office365 and the performance of these applications is really the productivity of your business.”3.) Network Engineering Time — These MPLS deficiencies didn’t just spring up overnight, they are part of MPLS’s DNA. IT teams have been spending precious time combating these issues for years. Branch router complexity has been increasing and WAN optimization appliances are often inserted to overcome MPLS limitations. Maintaining the old WAN model requires specialized knowledge and hands-on configuration. Bottom line, your IT team is spending too much time supporting your MPLS network. An engineer’s time and expertise is highly valuable, so according to Raynovich the question is, “as a corporation, do you want this person spending their time on manual router configurations, or do you want to free them up to service customers or for projects that create even more value?”

SD-WAN Accelerates Innovation

Technology is now driving the business ecosystem, from internal teams, to supply chains, to customer interactions. At some level, every major business initiative relies on skilled IT personnel to connect, integrate and operate the software and systems that help you compete and win in the market.  To accelerate key initiatives, organizations must shift their best and brightest technology minds away from basic network operations functionality so they can focus on strategic, revenue-impacting technology initiatives.

SD-WAN simplifies branch networking through network function virtualization.  Centralized orchestration brings network automation and efficiency to a new level. SD-WAN performance and resiliency radically reduces the amount of IT time spent reacting to network outages and trouble tickets.  Network-as-a-Service offerings maximize IT time savings, providing a fully managed SD-WAN solution including solution design, network integration, ongoing branch orchestration and even the SDN overlay transport network to connect all your sites, users and applications.

SD-WAN Accelerates Productivity

When application performance is sluggish, it can interrupt the user’s stream-of-consciousness which brings productivity and innovation to a screeching halt. SD-WAN eliminates last-mile MPLS bottlenecks that leave users starving for bandwidth, enhancing throughput and productivity for everyone including remote offices, mobile workers and even IoT devices.

SD-WAN is an overlay technology that works with your existing technology ecosystem, powering the software, systems and connections you already use to run way, way faster. From the employee perspective, SD-WAN is a seamless and transparent productivity boost.  Existing employee workflows are accelerated because SD-WAN provides faster access to business-critical cloud services, with 10X the bandwidth speed and more direct, low-latency routes to power cloud applications.

SD-WAN Accelerates Growth

When multi-site organizations look to expand, they need to enter new markets and that leads to opening new sites in new territories. SD-WAN eliminates the long wait times for MPLS circuit deployments, so you won’t need to wait months to turn-up a new site.

SD-WAN provides customers the freedom to connect using any locally available circuits and/or carriers in the last-mile.  Versatility to use any Cable, DSL or even 4G/LTE connections allows new sites to be online in days. Once the last mile loops are installed, SD-WAN CPE are shipped overnight and remotely provisioned through a centralized orchestration portal in the time it that takes to grab a cup of coffee!


Digital Transformation

IT Forecast Calls for Digital Disruption

Driving Transformation with Software-Defined Networking

IT personnel and network engineers have a palpable feeling of uncertainty as a new set of challenges confront them. Digital transformation is turning business models on their heads. While enterprises take measures to bolster IT departments and gear up to adapt to the latest technologies, they face fundamental resistance from within.  Hardware-centric enterprise networks are based on static deployments, which makes configuration changes too slow and too costly.  These legacy networks were never designed to evolve at the pace which business requirements are changing today.

Security, staffing and skills training continuously weigh on IT budgets for all organizations, big and small. Now overlapping layers of emerging technologies such as the cloud and IoT have further added to the woes. It’s clear that enterprise networks have evolved beyond the basic mandate of connecting the head office to branches networks and data centers. CIOs and IT leaders are seeking innovative solutions that will consolidate and resolve some of the biggest IT challenges without increasing their budgets. Enterprises must align technology innovation with cloud performance and network security to preserve customer trust and brand reputation while building shareholder equity through this era of digital disruption.

The quest for foundational innovation is leading CIOs on a Journey to an SD-WAN (free white paper series!) where software-defined networking provides agility, security and cloud integration that propels the entire business ecosystem to a higher level of efficiency and performance. SD-WAN builds dynamic, scalable networks that simplify branch complexity while accelerating cloud applications.  This creates a strategic advantage that boosts worker productivity and empowers enterprise innovation, all without increasing IT spend.

Here’s a quick look at some of the top issues faced by enterprises and how SD-WAN is helping IT leaders to address them:

Migrating to Public and Private Clouds

Cloud networking continues to fundamentally transform the enterprise. According to a recent CIO.com article based on a Forrester Research survey of enterprise decision makers, all enterprises report they are implementing some form of cloud technology this year. While the survey indicates that 38% report they are focused on private clouds, and 32% are focused on public clouds, the majority of respondents (59%) say they’re adopting the hybrid cloud model. Conceptually, hybrid clouds combine the security and control of private clouds with the cost efficiency and scalability of public clouds.

The good news is that your users are evolving with new tools that make your organization more competitive and productive. The challenge is that IT departments are dealing with tremendous amounts of data as a seemingly endless supply of new devices and cloud-based applications continuously appear on the network. Hardware-based enterprise networks are not well suited for connecting users to the public cloud, and moving workloads into private clouds requires careful planning and skilled IT time. To make matters worse, those costly MPLS circuits seem to create a giant sucking sound on your IT budget every time someone even mentions the cloud.  In order to deliver optimal cloud user Quality of Experience (QoE), CIO’s need a solution that cost-effectively scales cloud access while providing granular control of bandwidth resources and application policies.

Where hardware-based networks struggle to adapt, cloud-delivered SD-WAN architectures handle network changes and application performance issues with ease and control. SD-WAN brings your network to the cloud, empowering the enterprise with the agility to dynamically migrate applications and workloads to whichever cloud computing model is the best fit.

Cloud Security and Performance

VINO SD-WAN provides a virtual overlay for the enterprise network, where centralized orchestration is based on business policy intent.  This gives IT leaders the flexibility to implement changes across the entire ecosystem without those costly delays they would face with a traditional hardware approach.  SD-WAN also leverages multiple low-cost broadband connections in ways that drastically boost the speeds, reliability and performance of cloud applications.

As new applications join the network ecosystem, VINO SD-WAN identifies them on-the-fly and automatically applies user-defined policy templates.  Traffic shaping and security rules are instantly enforced throughout your ecosystem to ensure that users get an optimized cloud experience.  Branch network resources can even be orchestrated by VINO SD-WAN to ensure all users and applications get their fair share of bandwidth according to your business intent.

VINO SD-WAN consolidates security policies into a single pane of glass.  All SD-WAN end points are authenticated and SD-WAN traffic is automatically encrypted from end-to-end.  Branch office networks can be securely segmented into VLANs that isolate traffic as required for regulatory compliance. VINO offers branch firewalls which are managed as Virtual Network Functions (VNFs), creating a Software-Defined Perimeter where security policies are centrally updated and dynamically distributed across your entire estate in just a few clicks.

Whether your applications are hosted in public or private clouds, VINO SD-WAN helps you deliver more bandwidth with lower TCO and embedded tools to boost quality, policy control and security.

Branch Network Efficiency

Traditional MPLS networks are carrier-dependent, which usually leads to long wait times as circuits are provisioned. Once your MPLS circuits are finally deployed, several hours of skilled IT time is usually required to configure the routers, firewalls and any WAN optimization appliances. The result is that new sites are costly to set up and deployment cycles take weeks or even months.

SD-WAN can reduce deployment times to about one week or even less.  The flexibility to use any broadband access connections means you’re no longer held hostage to carrier MPLS deployments timetables.  Most sites can get local broadband circuits turned up within a week, and the SD-WAN CPE device can be shipped overnight.  From there, the SD-WAN provisioning is a matter of minutes with centralized and automated installation that requires minimal skilled IT time on-site.

Cloud orchestration also enhances branch network visibility and control.  SD-WAN brings consistency to monitoring and management across all your sites regardless of the local carrier or access connection type.  SD-WAN orchestration provides analytics and visualizations that show real-time network and application performance.  As discussed in a related blog, Cisco ISR customers have big TCO savings potential in the 80% to 90% range with SD-WAN, which is partly due to the operational efficiency gains.  While all SD-WAN solutions can help accelerate site deployments and network management efficiency, the best way to free up skilled IT resources is through Network-as-a-Service solutions like VINO SD-WAN which include professional design and ongoing 24/7/365 support.

Secure Access for Mobile Workers and IoT

Smartphones and tablets are blurring the line between work and play, and new workforce collaboration tools are enabling higher productivity from remote and mobile workers. While legacy networks can provide secure access for these workers, the manual VPN configurations tend to drain IT resources. Beyond the basic challenge of keeping up with the rapid turnover rate of employee devices, the VPN tunnels are back-hauled which creates bandwidth wastage while crushing productivity and performance.

Meanwhile, analyst are projecting several billion internet connected “things” will be deployed within the next few years, which means IT teams need a network strategy that provides secure connections and bandwidth capacity at IoT scale. Talk of IoT may sound futuristic, but enterprise networks are already struggling to connect all the things that are here today. The first generation of things were computers, printers, VoIP phones and IP cameras. More recently, a new generation of WiFi enabled things have appeared in the form of various BYOD smartphones and wearable electronics than any employee, consultant or customer brings within range of your network SSID.

As these workforce mobility and IoT trends continue to accelerate, IT teams will need the agility and security of SD-WAN to meet the connectivity challenge. Through a secure cloud-overlay network architecture, VINO SD-WAN provides more direct access for remote workers and mobile IoT devices. For on-prem IoT deployments where many things connect to a local IoT gateway hub, SD-WAN provides high scalable bandwidth to backhaul traffic to the cloud.

Next Steps

Digital transformation is driving changes in applications and user behavior, which is in turn placing strain on IT leaders to quickly adapt the enterprise network to meet rapidly shifting requirements. This cycle is accelerating and legacy networks do not provide the scalability or agility necessary to meet the challenges and keep your workforce competitive.

Whichever way your cloud, workforce and IoT requirements evolve, the bandwidth requirements and the number of connected endpoints will continue to increase. It’s time to create a game plan for SD-WAN. Ideal solutions will support mobile workers and IoT devices while optimizing application quality-of-experience for both public and private clouds.  While SD-WAN orchestration enhances operational efficiency, consider Network-as-a-Service solutions to free up skilled IT resources to pursue your strategic digital transformation initiatives.