Netizen Cybersecurity Bulletin: 1 August 2018 Edition

In this issue:

In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.

  • Fake Websites Pushing Adware
  • Ransomware Net Attackers Over $6 Million
  • Mid-Summer/Back-to-School Security Tips
  • How can Netizen Help?

Fake Websites Pushing Adware

Fake websites are no stranger to a threat actor’s toolkit. Feigning legitimacy and earning user’s trust makes it all the more easy to steal sensitive and important information. These sites, in particular, are pushing Adware. Adware is a type of malware that automatically displays advertisements whenever a user is online. This can prove detrimental to computer performance as it puts stress on the central processing unit (CPU) constantly running these ads.

The sites that are being spoofed are Keepass, 7Zip, and Audacity just to name a few. Applications downloaded from any of these sites also downloads InstallCore (the source of the adware). On top of the ads being annoying, the advertisements showing up could be malicious in and of themselves; installing cryptocurrency miners, viruses, trojans, etc.  Being that these are ads, the motive is profit driven.

Recommendations:

Staying vigilant and watching where you browse is always a best practice. We recommend avoiding the following websites:

  • unetbootin.org
  • unetbootin.net
  • notepad2.com
  • keepass.com

These are only the English speaking sites afflicted; there are many others from European countries that are malicious as well.

Another good practice is if you are going to download from any site (yes, even if they are a reputable one), to scan the files with up to date antivirus software. You can also upload files to VirusTotal as well which is known for detecting threats.

Ransomware Net Attackers Over $6 Million

Threats of ransomware are still prevalent to this day, and continue to command a multi-million dollar black market business for criminals. A prominent ransomware variant called SamSam has been found to have extorted over 233 victims for a total of over $6 million dollars. Researchers have found that the Bitcoin addresses owned by the attackers of this ransomware variant still continue to net around $300,000 per month. The addresses are spread across 130 unique addresses which have received ransom payments from victims.

The SamSam ransomware is known to be spread by specifically selecting targets and infecting the systems manually. The attack is usually carried out by using brute-force attacks or use of stolen credentials gained from the dark web in order to compromise a system through remote desktop. The ransomware is then deployed throughout the network by exploiting vulnerabilities of other systems. This entire process is manual and does not rely on any worm or virus capabilities to spread itself through the network.

Ransomware is used to encrypt the system’s data, in which the attackers can demand a huge ransom payment in excess of $50,000 worth of Bitcoin for the decryption keys to the data. Some variants ensure that the most valuable data is encrypted first, then moves on to the rest of the system.

Recommendations:

  • Keep up-to-date backups and ensure a consistent backup schedule.
  • Enforce multi-factor authentication whenever possible.
  • Allow access to the Windows Remote Desktop Protocol only to those who need it.
  • Monitor the integrity of files on your servers.

Mid-Summer/Back-To-School Security Tips

As we enter August, many people are thinking of Back-To-School.  Whether you’re planning a vacation or planning for your child’s dorm room, you mustn’t let your guard down regarding security.

Recommendations:

The Cloud is safe, right?

The Cloud is as safe as anyone’s hard drive, which means you need to take steps to keep your data safe. Cloud data is stored on large servers, and no matter how much physical security the server room has, it can be defeated instantly if your personal device isn’t secure. Keep your laptops and mobile devices updated to the latest Operating System patches, and only download apps from the approved App Stores (i.e., Google Play, iTunes) to help prevent being infected by malware, which could access your cloud data.

Also, do not forget your anti-virus.  Too many people put off updating their anti-virus which leaves them vulnerable to new attacks.  Regardless, hackers are creating new attacks every day, so you need a firewall, antispyware, antiphishing and other security tools.

Consider: If you use your devices to conduct financial business, shouldn’t your devices be as secure as possible?

The Password is…

Everyone knows you’re supposed to use strong passwords, and yet every year there are lists of the most popular passwords include ‘123456’, ‘123456789’, ‘qwerty’, ‘letmein’ and even ‘starwars.’  Every online account you have should have a strong, long password made of a combination of symbols, letters, and numbers. Very important: Use a different password for each account.

A good, strong password is at least 8-12 characters in length. It is also made up of both upper case and lower-case letters, symbols and numbers. Example: “yCvc8m!v&Xb3”. However, a phrase will do too. Such as iLike1ceCream!

Using two-factor authentication on every account – particularly your financial accounts – will ensure your data stays secure. This way, even if your password gets into the wrong hands, the hacker can’t get in unless they also have access to your smartphone.  By the way – your smartphone has a PIN, too, right?  Preferably one that is longer than 4 digits.

My New Device is Safe, Right?

Many believe a new device, right from the manufacturer, is perfectly safe. This isn’t true. Androids and Macs need antivirus just like PCs need antivirus. And right out of the box, all devices operating systems, browsers and software should be updated.

Further, that connected TV, Smart Speaker, Refrigerator, or any other Internet of Things (IoT) device is not guaranteed secure. Always isolate IoT devices on your wifi network to a separate or guest network.  Remember the adage: ‘The Sin IoT stands for Security.’

How can Netizen help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.  We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company.

ISO

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s