Security News

Cyber-attacks cost affected small business an average of A 10,000 in 2017 – a 56% increase over 2016 said Norton by Symantec.

Its Norton SMB Cyber Security Survey Australia 2017 reveals 23% of Small to Medium businesses had a cyber-attack last year.

Some 37% of SMBs don’t think they would remain in business if denied critical information for just one week.

“Cyber attacks have the potential to significantly affect how a business operates. How it is perceived by customers, particularly in the event of lengthy downtime or a data breach is vital. Cyber attacks have the power to cripple SMBs, regardless of industry,” said Mark Gorrie, Director, Norton Business Unit, Symantec Pacific Region.

Ransomware is still the preferred method of cyber-attack

Given data is so valuable and lack of effective backup it is not surprising that ransomware affected 10% of SMBs and 16% paid.

Interestingly 22% of SMBs that had experienced a cyber-attack before were more likely to pay the ransom.

Back-up or crack-up

Only 32% of SMBs bother to regularly backup valuable data. Let’s not even discuss whether its real back-up that works – tested, replicable, restorable and stored off-site.

But the message is getting through – back up ‘continuously’ to an off-site location and back-up both the operating environment and data so that a restore is quick.

Internet security is no longer a luxury

Sign-ups for internet (cloud) based security protection was up 19% to 87%.

Internet security sign-ups to prevent potential threats was 60%. Some 34% believed it was simply good business practice.

Older business operators (50-59 years) were more likely to implement internet security solutions as part of good business practice.

Password protection of company devices (laptops, PCs, tablets and smartphone) was up in 2017 (80-88%). This compares to 72-82% in 2016.

There were fewer opportunities for compromise/access of sensitive information by unauthorised persons. Fewer micro-and-small business operators accessed financial data from a mobile (36%) or personal device (46%) compared to those surveyed in 2016.

A scam in sheep’s clothing

Phishing (54%) remains the primary point of cyber-attack. But, hacking (36%) is next – if a computer is exposed to the internet hackers can find and try to penetrate it.

Employees stealing, losing or compromising data was way down – education is working.

Public Wi-Fi is dangerous

40% now use VPN’s with public Wi-Fi. A further 35% will not use Public open Wi-Fi but look for coffee shops etc., that require a password.

But that leaves 25% without protection in a public Wi-Fi minefield.

Norton says you can reduce cyber-attacks

  • Don’t wait for a cyber-attack – go on the defensive and harden your cybersecurity by installing cybersecurity software
  • Invest in comprehensive backup – not a USB or external hard disk
  • Keep equipment patched and up-to-date. Too many cyber-attacks use old vulnerabilities.
  • Get employees involved – cybersecurity is everyone’s business if they want a business to employ them
  • Use strong passwords. Never share and never use convenient, obvious passwords.
  • Think about your risk and investigate if cyber insurance is a good idea

“As the financial and operational impact of cyber attacks become harder for SMBs to ignore, business owners and operators are beginning to knuckle down and get the basics right. From using passwords, two-step verification and back up, to the more complex tasks of regulating access to Company data. With the introduction of Australia’s new mandatory data breach disclosure laws, we expect more Australian SMBs will go from seeing cybersecurity as a ‘nice to have’ to a critical piece in securing the future success of their business,” said Gorrie.

 

The information contained in this website is for general information purposes only. The information is gathered from Gadget Guy while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

The U.S. National Counterintelligence and Security Center (NCSC) has started to distribute informative materials ranging from brochures to videos to privately held companies around the country promoting increased awareness of rising cybersecurity threats from nation-state actors.

“Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data, and compromising supply chains,” stated NCSC Director William Evanina.

Evanina also said that “The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars.”

The campaign provides detailed info on the growing threat from foreign state hackers

NCSC is an Office of the Director of National Intelligence center, and it is designed to provide counterintelligence and security expertise in several areas, ranging from insider threat and supply chain risk management to personnel security.

To fight against this growing threat, NCSC decided to provide the U.S. private sector with the information it needs to understand and defend against cyber intrusions initiated by foreign governments.

 

Private sector also warned of rising foreign threat in December

This follows a statement made by Bill Priestap, Assistant Director, Counterintelligence Division of the FBI before the Senate Judiciary Committee in December 2018:

Many American businesses are just now starting to understand the new environment in which they are operating. The continued proliferation of cyber hacking tools and human intelligence capabilities means that this environment will only become more hostile and more treacherous for our companies. Our businesses face competitors in the form of aforeign enterprises assisted or directed by extremely capable intelligence and security services.

The materials distributed by the NCSC to raise awareness among private sector companies are part of a campaign dubbed “Know the Risk, Raise Your Shield.”

Moreover, the disseminated materials cover a wide range of subjects, from supply chain risks, spear-phishing, and social engineering, to economic espionage, social media deception, foreign travel risks, and mobile device safety.

The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

A massive malware outbreak that last week infected nearly half a million computers with cryptocurrency mining malware in just a few hours was caused by a backdoored version of popular BitTorrent client called MediaGet.

Dubbed Dofoil (also known as Smoke Loader), the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mine Electroneum digital coins for attackers using victims’ CPU cycles. Dofoil campaign that hit PCs in Russia, Turkey, and Ukraine on 6th March was discovered by Microsoft Windows Defender research department and blocked the attack before it could have done any severe damages.

At the time when Windows Defender researchers detected this attack, they did not mention how the malware was delivered to such a massive audience in just 12 hours. However, after investigation Microsoft revealed that the attackers targeted the update mechanism of MediaGet BitTorrent software to push its trojanized version (mediaget.exe) to users’ computers.

A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe. The new mediaget.exe program has the same functionality as the original but with additional backdoor capability,” the Microsoft researchers explain in their blog.

Researchers believe MediaGet that signed update.exe is likely to be a victim of the supply chain attack, similar to CCleaner bug that infected over 2.3 million users with the backdoored version of the software in September 2017.

 

Also, in this case, the attackers signed the poisoned update.exe with a different certificate and successfully passed the validation required by the legitimate MediaGet.

The dropped update.exe is a packaged InnoSetup SFX which has an embedded trojanized mediaget.exe, update.exe. When run, it drops a trojanized unsigned version of mediaget.exe.”

Once updated, the malicious BitTorrent software with additional backdoor functionality randomly connects to one (out of four) of its command-and-control (C&C) servers hosted on decentralized Namecoin network infrastructure and listens for new commands.

It then immediately downloads CoinMiner component from its C&C server, and start using victims’ computers mine cryptocurrencies for the attackers.

Using C&C servers, attackers can also command infected systems to download and install additional malware from a remote URL.

The researchers found that the trojanized BitTorrent client, detected by Windows Defender AV as Trojan:Win32/Modimer.A, has 98% similarity to the original MediaGet binary.

Microsoft says behavior monitoring and AI-based machine learning techniques used by its Windows Defender Antivirus software have played an important role to detect and block this massive malware campaign.

 

 

The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

There are some best practices you can employ to help safeguard your data, such as installing software to block web-tracking technologies and carefully vetting the apps that you use on Facebook.

An academic researcher at Cambridge University built an app called thisisyourdigitallife, which offered to pay Facebook users to take a personality test and agree to share that data for academic use. About 270,000 people participated in the study – enough to extract information on tens of millions of Facebooks users.

How did Cambridge Analytica get data on 50 million people when only 270,000 people had agreed to hand over their information to a third party? Facebook said people who downloaded the app gave consent for the app to collect limited information about their friends whose privacy settings were set to allow it.

That information was eventually paid for by Cambridge Analytica, the voter profiling company that worked with the Trump campaign.

 

OK, so what do I do now?

There is a multipronged approach you can take to protect yourself from data-harvesting apps and programs. That includes tools you can install in your browser and settings you can tweak on Facebook. Here’s a rundown of what you should do:

  • Audit your Facebook apps. If you used Facebook to sign in to a third-party website, game or app, those services may continue to access your personal data. On Facebook, go to the settings page and click on the Apps tab to see which apps are connected to your account. From there, you can take a closer look at the permissions you granted to each app to see what information you are sharing. Remove any apps that you find suspicious or no longer use.
  • Audit your Facebook privacy settings. If you are concerned about what details apps can see about you and your Facebook friends, now is a good time to check your privacy settings and minimize the information you share publicly. For example, you can make sure that only your friends can see your Facebook posts, or that only you can see your friends list.
  • Read privacy policies. When you sign up for a new app or web tool, the company typically asks you to agree to its terms of service. Make it a habit to peruse the terms and pay particular attention to the privacy policy. If you see language that suggests your data could be shared in a way that makes you uncomfortable, don’t use the program.
  • Install a tracker blocker. There are add-ons that you can install in your browser that try to block trackers embedded on websites. But be aware that in some cases, they will make parts of websites work improperly.

Here’s a primer on how tracking works, to give you a sense of why blockers are important: When you engage with an app on Facebook, it may plant a tracker in your web browser, like a cookie, that collects information from you. Even when you close out of the app, the tracker can continue to follow your activities, like the other sites you visit or the people you interact with through status updates, according to Michael Priem, chief executive of Modern Impact, an advertising firm in Minneapolis.

“It doesn’t go away after you’ve stopped looking at the ad,” he said.

  • Install an ad blocker. Another way to block trackers is to prevent ads from loading altogether. Ad blockers are also add-ons that you can install for your browser on your mobile device or computer. Mobile ads are fully functioning programs, and they sometimes include malware that harvest some of your data. Even the largest websites do not have tight control over the ads that appear on their sites — and sometimes malicious code can appear inside their ad networks.
  • Clear your browsing data. Periodically, you can clear your cookies and browsing history. Apple, Google and Microsoft have published instructions on how to clear data for their browsers Safari, Chrome and Internet Explorer. That will temporarily delete cookies and trackers, though they will probably reappear over time.
  • Be wary of unknown brands. Even if you read the privacy policies, you still may have to take them with a grain of salt. In the case of the thisisyourdigitallife app, the fine print said the information would be collected for academic use, not commercial purposes. So think twice before sharing information with unfamiliar companies or organizations. (Then again, the researcher came from Cambridge University, one of the world’s top schools – so who can you really trust?)

 

The information contained in this website is for general information purposes only. The information is gathered from Channel News Asia while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

The IETF has been analyzing proposals for TLS 1.3 since 2014; the final release is the result of the work on 28 drafts.

The Internet Engineering Task Force (IETF) has finally announced the approval of TLS 1.3, the new version of the Transport Layer Security traffic encryption protocol. The TLS protocol was designed to allow client/server applications to communicate over the Internet in a secure way preventing message forgery, eavesdropping, and tampering, TLS 1.2 and TLS 1.3 are different; the new version introduces many major features to improve performance and to make the protocol more resilient to certain attacks such as the ROBOT technique.

 

Below is the description of one of the most important changes introduced with TLS 1.3:

  • The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy. Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms. The ciphersuite concept has been changed to separate the authentication and key exchange mechanisms from the record protection algorithm (including secret key length) and a hash to be used with the key derivation function and HMAC.
  • A 0-RTT mode was added, saving a round-trip at connection setup for some application data, at the cost of certain security properties.
  • Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
  • All handshake messages after the ServerHello are now encrypted. The newly introduced EncryptedExtension message allows various extensions previously sent in clear in the ServerHello to also enjoy confidentiality protection from active attackers.
  • The key derivation functions have been re-designed. The new design allows easier analysis by cryptographers due to their improved key separation properties. The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is used as an underlying primitive.
  • The handshake state machine has been significantly restructured to be more consistent and to remove superfluous messages such as ChangeCipherSpec (except when needed for middlebox compatibility).
  • Elliptic curve algorithms are now in the base spec and new signature algorithms, such as ed25519 and ed448, are included. TLS 1.3 removed point format negotiation in favor of a single point format for each curve.
  • Other cryptographic improvements including the removal of compression and custom DHE groups, changing the RSA padding to use RSASSA-PSS, and the removal of DSA.
  • The TLS 1.2 version negotiation mechanism has been deprecated in favor of a version list in an extension. This increases compatibility with existing servers that incorrectly implemented version negotiation.
  • Session resumption with and without server-side state as well as the PSK-based ciphersuites of earlier TLS versions have been replaced by a single new PSK exchange.

TLS 1.3 deprecates old cryptographic algorithms entirely, this is the best way to prevent the exploiting of vulnerabilities that affect the protocol and that can be mitigated only when users implement a correct configuration.

Information security training researchers discovered several critical issues in the protocol that have been exploited in attacks.

The OpenSSL Project announced support for TLS 1.3 when it unveiled OpenSSL 1.1.1, which is currently in alpha.

One of the problems when dealing with TLS is the role of so-called middleboxes, many companies need to inspect the traffic for security purposes and TLS 1.3 makes it very hard.

The answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks. Some of these middleboxes implemented TLS 1.2 incorrectly and now that’s blocking browsers from releasing TLS 1.3. However, simply blaming network appliance vendors would be disingenuous.

As per tests conducted by the IETF working group in December 2017, there was around a 3.25 percent failure rate of TLS 1.3 client connections.

 

The information contained in this website is for general information purposes only. The information is gathered from Security Newspaper while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.