Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

Alert (TA18-145A)

Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

Original release date: May 25, 2018

Systems Affected

  • Small office/home office (SOHO) routers
  • Networked devices
  • Network-attached storage (NAS) devices

Overview

Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.

DHS and FBI encourage SOHO router owners to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by email at CyWatch@fbi.gov. Each submitted report should include as much informaiton as possible, specifically the date, time, location, type of activity, number of people, the type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

Description

The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilter malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices. The initial exploit vector for this malware is currently unknown.

The malware uses a modular functionality on SOHO routers to collect intelligence, exploit LAN devices, and block actor-configurable network traffic. The malware can render a device inoperable, and has destructive functionality across routers, network-attached storage devices, and central processing unit (CPU) architectures running embedded Linux. The command and control mechanism implemented by the malware uses a combination of secure sockets layer (SSL) with client-side certificates for authentication and TOR protocols, complicating network traffic detection and analysis.

Impact

Negative consequences of VPNFilter malware infection include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware.

Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions of firmware, which often contain patches for vulnerabilities.

Rebooting affected devices will cause non-persistent portions of the malware to be removed from the system. Network defenders should ensure that first-stage malware is removed from the devices, and appropriate network-level blocking is in place prior to rebooting affected devices. This will ensure that second stage malware is not downloaded again after reboot.

While the paths at each stage of the malware can vary across device platforms, processes running with the name "vpnfilter" are almost certainly instances of the second stage malware. Terminating these processes and removing associated processes and persistent files that execute the second stage malware would likely remove this malware from targeted devices.

References

Revisions

  • May 25, 2018: Initial Version

Resource: https://www.us-cert.gov/ncas/alerts/TA18-145A 

  0 Comments
0 Comments
Continue reading

Traveling This Summer? Posting Your Travel Plans on Social Media Puts Your Security at Risk

Have you thought about what your boarding pass might say about you and what data might be leaking publicly on that piece of paper that you most likely discard in the seat pocket in front of you? Turns out it is most risky than you think.

What is PNR?

june 2018

PNR stands for “passenger name record”, which is a data rich record that’s generated every time you book a flight. This record is a 6 character alpha numeric code that aids in managing your booking through the airline’s website. It contains confidential information such as name, date of birth, passport details, car or hotel bookings, last 4 digits of the payment credit card, etc. So you may ask, how does this affect me and my security? Example below:

Imagine you are a hacker. You may know that I have just flown from London to Bangkok with British Airways, for example. You also know that my return flight is in two weeks, I flew economy and on the outbound a vegetarian meal was requested. You put the pieces together based on your travel history and craft the following email, acting as British Airways: “If you require a vegetarian meal for your return flight, please click the link below to “order it now”. As an important customer of ours, we would like to upgrade you to “business class” as well and to do so, please click the below link to accept the offer”.

With all of the accurate information mentioned, who wouldn’t click that link?

Unfortunately, the aviation sector, like many industries, has a lot of work of work to do when it comes to cybersecurity, but we as passengers also have a responsibility for our data, too. Let’s not make it easy for the bad guys.

What can we do to reduce this risk?

  • Don’t post pictures of your boarding pass or luggage tags online.
  • Try to avoid identifying which airline you are flying with in any social media posts. If I didn’t know which airline you were using it would take a lot longer and a lot more effort to go through trying each airline’s website flying that route to find the one you were using.
  • Destroy your boarding pass and luggage tags securely. Use a cross cut shredder ideally.  Keep them in your possession until you return home and you can dispose of them securely and certainly don’t leave them in the seat back in front of you on the plane!
  • Only give the airline the information it marks as essential when booking your flight. If it is not marked as a compulsory field then leave it blank.  Reduce the amount of personal information they hold on you in the first place.

Information taken from: https://red-goat.com/uncategorized/boarding_passes/

  0 Comments
0 Comments
Continue reading

So Your Company Wants to Adopt VoIP...... Is Your Network Ready to Make the Transition?

As it turns out, there are many potential benefits to switching to a VoIP telephone system. Below are some of the ways that making this change can decrease cost and time investments while increasing VOIP phoneproductivity for your business:

Low Cost Per Call:

A VoIP telephone system utilizes Internet Protocol to make calls. Instead of using telephone lines, all communication data is turned into packets and sent over the IP network. The IP network your business uses could be your Internet connection, a direct IP connection to your telephone service provider or a combination of both. 

Service Mobility:

On a traditional phone system, a line that runs to a home or business is assigned its own phone number. Any movement that takes place then becomes a trial of remembering the right codes or keys to dial on your phone. A lot of time can then be wasted by contacting phone companies to transfer services and phone numbers to new locations.

With a VoIP phone system, there are no physical limitations and you have the freedom to move as your business demands.

Versatility of Features:

Using VoIP phone systems allows you to multi-task with the most tech-savvy devices, allowing you to be the most productive you can be. Features such as voicemail to text and being able to forward messages and voicemail easily, and many more are available with VoIP phone systems. Because the VoIP service always goes with you, the features you find helpful can be added or subtracted with ease, allowing the system to grow with your business.

Simple Conference Calls:

Since all VoIP calls use a converged data network instead of dedicated phone lines, creating and participating in conference calls are made much easier.

Efficient Client Interaction:

In today’s global economy, businesses can be located anywhere which can mean frequent travel. This often means that meetings require travel. With a VoIP service, there is no reason to lose the ability to conduct important calls or to fail to forward essential documents.

Reliable in a Pinch:

A common worry that surfaces about VoIP is the fact that if the internet stops working, so does the ability to make calls. However, this doesn’t have to happen and like other features in VoIP phone systems, is incredibly flexible. The capability to choose where your calls are forwarded, and how, means that you also don’t have to lose productivity because of local power outages or weather-related events. If the office phone can’t be answered, your mobile device or laptop can.

 

Making the Right Decision for Your Business:

Understandably, any recommendation that requires wholesale shifts in how companies conduct business sounds too risky. Considering a move to a VoIP phone system can be confusing with all of the services and features that are available. It’s always best to have a knowledgeable, reliable VoIP partner at hand to assist you with major business decisions like this one. Contact us today to learn more about how we can assist you with your phone needs.

Resource taken from: https://www.atlantech.net/blog/the-top-6-benefits-of-moving-to-a-voip-telephone-system

  0 Comments
0 Comments
Continue reading

Social engineering: How Criminals Take Advantage of Human Behavior

What is social engineering?

Social engineers take advantage of human behavior to pull off a scam. If they want to gain entry to a building, they don't worry about a badge system. They'll just walk right in and confidently ask someone to help them get inside. And that firewall? It won't mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend or LinkedIn connection.

What are the bests ways to defend against social engineering?social media photo

  1. Train and train again when it comes to security awareness.Ensure that you have a comprehensive security awareness training program in place that is regularly updated to address both the general phishing threats and the new targeted cyberthreats. Remember, this is not just about clicking on links.
  2. Provide a detailed briefing “roadshow” on whaling and the latest online fraud techniques to key staff.Yes, include senior executives, but don’t forget anyone who has authority to make wire transfers or other financial transactions. Remember that many of the true stories involving fraud occur with lower-level staff who get fooled into believing an executive is asking them to conduct an urgent action — usually bypassing normal procedures and/or controls.
  3. Review existing processes, procedures and separation of duties for financial transfers and other important transactions such as sending sensitive data in bulk to outside entities. Add extra controls, if needed. Remember that separation of duties and other protections may be compromised at some point by insider threats, so risk reviews may need to be reanalyzed given the increased threats.
  4. Consider new policies related to “out of band” transactions or urgent executive requests.An email from the CEO’s Gmail account should automatically raise a red flag to staff, but they need to understand the latest techniques being deployed by the dark side. You need authorized emergency procedures that are well-understood by all.
  5. Review, refine and test your incident management and phish reporting systems. Run a tabletop exercise with management and with key personnel on a regular basis. Test controls and reverse-engineer potential areas of vulnerability.

Resource: https://www.csoonline.com/article/2124681/social-engineering/what-is-social-engineering.html

  0 Comments
0 Comments
Continue reading

Tax Season Cybersecurity Tips

Nearly a year ago, in February 2017, the IRS issued a warning regarding phishing attacks targeting a broad range of companies. The scam involves a hacker impersonating an employee of a company, usually Tax Fraud Equifaxthe CEO, and sending an email asking for a list of employees and their W-2 forms. The hacker would then make fraudulent tax filings using the W-2 forms. The scam is similar to the traditional Business Email Compromise (BEC), which involves spoofing an employee account in order to direct wire transfers to fraudulent accounts. The scam was enormously successful.  And while the IRS is taking steps to prevent the use of this information for tax fraud, companies that fall victim to these scams may still be liable under data breach laws and for other identity fraud that can be committed using this data.

Below are five questions in-house counsel should be asking their information security team to mitigate their company’s risk.

  1. Do we transmit employee HR information, particularly Social Security numbers and W-2 or similar tax forms, by email? Is it possible to limit the transmission to a more secure method, such as through a restricted access cloud account with limited permissions for access and downloading?
  2. If we do transmit these files by email, do we require them to be encrypted or password-protected? (And if so, how are these passwords created and shared?)
  3. Do we have a policy in place about who can access, request, or receive this information? Do we have a “whitelist” of people who should have access? And do we require phone or other confirmation before transmitting such information?
  4. Do we have logging in place for where we store this information that would allow us to determine if there has been unauthorized access?
  5. Have we done a search for similar domain names to ours that could be easily spoofed?  (For example, if our domain is startup.com, do we also own stantup.com or slartup.com?) Are we aware of who owns addresses similar to ours?

Implementing just a few of these tools and policies can help reduce your company’s exposure to cybersecurity attacks.

Resource taken from: https://www.jdsupra.com/legalnews/cybersecurity-for-this-tax-season-62995/

  0 Comments
0 Comments
Continue reading
TOP