Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

$18.6 Million Gone: Business Email Compromise at a Whole New Level

Business Email Compromise (BEC) is heavily tied to social engineering, where criminals con their way into victims' trust.email compromise 2019

And our team just came across an incredible example of BEC that takes this crime to a whole new level.

Chinese hackers steal $18.6 million in BEC scam

The Economic Times of India is reporting on an Italian company that had its operations in India taken for a ride through Business Email Compromiseand more:

The hackers sent emails to the head of Tecnimont Pvt Ltd, the Indian subsidiary of Milan-headquartered Tecnimont SpA, through an email account that looked deceptively similar to that of group CEO Pierroberto Folgiero, according to a police complaint, which ET has seen.

The hackers then arranged a series of conference calls to discuss a possible “secretive” and “highly confidential” acquisition in China. Several people played various roles during these calls, pretending to be the group.

The hackers convinced the India head that the money couldn’t be transferred from Italy due to regulatory issues.

So the Indian arm of this Italian company made three transfers to a Hong Kong bank over the course of a week in the fall of 2018: $5.6 million, $9.4 million, and $3.6 million.

The investigation has since revealed that those Hong Kong accounts were opened with fake identification documents and the money is gone.

Business Email Compromise, more sophisticated than ever

This topic really caught our attention because we just sat in on a SecureWorld web conference on NextGen Business Email Compromise.

This case proves the point made by KnowBe4 Security Awareness Advocate Erich Kron. He says a challenge for organizations now is that many underestimate the sophistication and urgency of these BEC attacks. 

"Sophisticated hackers have moved way beyond misspelled, poorly-formatted emails. Now, they turn the tables on employees, often by using fear as a trigger as if that person needs to act right now to avoid consequences for the organization or the employee."

And when you transfer $18.6 million in a week as part of a BEC scam, clearly, hackers created a sense of urgency.

Someday, someone will probably make a movie out of a heist like this. The orchestration, the planning, the conference calls full of criminals, one of whom even sounded like the company's CEO.

It is not only an incredible story. It's an incredible story of caution for CISOs, CFOs, and anyone who could be a money-making target at organizations around the globe.

The company fired its India chief and the head of accounts and finance because of the scam.

  0 Comments
0 Comments
Continue reading

End of Windows 7 Support Could Spark PC Boom

Microsoft to discontinue free support for the popular OS, forcing upgrades to Windows 10

The days of free support for Windows 7, one of the most popular commercial and consumer operating systems in the world, will end in January 2020. Businesses will have the windows7desktop 770x515option of buying extended support contracts or upgrading to Windows 10. And the upgrading could spark a boom in PC sales in 2019.

The Lowdown:  Microsoft announced that its free support and packing for Windows 7 will stop Jan. 14, 2020, ending five years of free maintenance and patching. Microsoft will offer business users Windows 7 Extended Security Updates (ESUs) on a per-user basis, with the price increasing annually until the operating system reaches its end of life. Microsoft Windows Virtual Desktop service customers will receive the ESU at no additional cost.

The Details:  In addition, Microsoft will stop providing support for Office 365 ProPlus running on Windows 7. Businesses can buy the ESU for the productivity package for an additional three years. Other products scheduled to have their free support end in 2020 include Exchange Server 2010, Windows Server 2008/R2, and Windows 7 for Embedded Systems.

The Impact:  Windows 10, the current Microsoft operating system, recently surpassed Windows 7 among desktop and notebook operating systems. Windows 10 has a 39 percent market share, while Windows 7 has 37 percent. In real numbers, this means more than 700 million personal computers running Windows 7 around the world need either ESUs or upgrades to Windows 10.

Background:  Microsoft made no secret of its plans to discontinue free patching and support for Windows 7. Demand for new PCs running Windows 10 increased in the second half of 2018. Unfortunately, https://channelnomics.com/2018/12/21/intel-chip-inventory-caught-short-by-unexpected-demand/'); return false;" style="margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; font-size: 15px; font-family: inherit; opacity: initial; color: rgb(0, 51, 55); text-decoration: none; transition: none 0s ease 0s; box-shadow: none;">a shortage of Intel Xeon and Core processors caused inventory shortfalls that blunted PC sales. Analysts anticipate those sales will rebound in 2019 as more businesses choose to refresh their PC fleets concurrent with an upgrade to Windows 10.

Channelnomics Point of View:  PC sales have steadily declined over the past seven years, mostly due to consumers switching their primary computing device to tablets and smartphones that run non-Windows operating systems. PC sales peaked in 2011 with more than 365 million units shipping. In 2018, PC shipments tallied just 254 million. The end of support for Windows 7 could prompt more businesses to refresh their PC fleets, opening tremendous opportunities for vendors and partners to cross-sell and upsell complementary products as well as managed and cloud services. The wild card in the equation is Intel, which is trying to ramp up processor production to meet demand.

Resource: https://www.channelnomics.com/2019/01/18/ptc-launches-program-to-help-industrial-iot-customers-get-faster-time-to-value/

  0 Comments
0 Comments
Continue reading

Is Your Business Prepared for a Winter Storm?

What would you do if your business was pummeled by a winter storm, causing power outages and prohibiting access from your office and clients? storm

Disaster recovery planning is an absolute must in a situation like this. It’s important to consider the impact a storm can have and to ensure you have a plan in place. Understand your vulnerabilities, safeguard against risks, and prepare for the worst.

Some things to consider to protect your business during a storm include preparing your building and ensuring there are no leaking pipes that may turn into a hazard with freezing temperatures, removing snow surrounding your building and on the roof, and obtaining a backup generator in case you lose power during the storm. For some more basic tips before and during a winter storm, head to Ready.gov.

If you’re interested in more information about how you ensure your business will not suffer during hazardous weather, check out our Natural Disaster Survival Guide for Businesses. This guide provides information about the risk levels and potential impact of various disasters, how disaster recovery planning can keep your business running, and more. Above all, stay safe during the storm!

Resource taken from: https://www.datto.com/blog/is-your-business-ready-for-a-winter-storm?utm_campaign=the-natural-disaster-survival-guide-for-businesses&utm_medium=Social&utm_source=203

  0 Comments
0 Comments
Continue reading

CES IoT security – Do You Know Who Your Home is Talking To?

There’s a digital treasure trove to be had in your home so you should take steps to protect it.

There isn’t a square meter of the show floor here at CES that doesn’t have some gadget connected to the internet. Whether tiny robots, your next house lighting controller, or new-fangled drink machine, it’s all connected. And while we’ve worked with multiple IoT manufacturers to help secure their devices once we discover vulnerabilities, the sprawl of potential vulnerable devices here is simply overwhelming.wpid Free Home Security Survey with Era.1501510987

For example, multiple vendors offer pieces of (or total) house control via audio. While it’s cool to have the house automatically open the curtains when you walk in and tell it to, there’s a potential downside. If someone could capture your voice, it’s easy to envision replay attacks where your house opens the doors, or those same windows so they can see what’s going on inside. This would be invaluable to would-be burglars before they attempt to break in, making sure nobody is home.

This sort of rush to market vibe runs amok here at CES – the idea that your company needs to display the latest thing to capture market share and development capital. Hopefully, security catches up along the way.

It’s easy to imagine things like whole-home ransomware, where rogue actors take over these automation systems, lock you out of them, then try to fleece you for money, and/or drain your bank account tied to a voice-activated ordering platform.

One company has a digital toothbrush that records your brushing patterns and develops trends over time. The dental industry and its insurers might view this granular information as a gold mine for marketing and determining insurance premiums. The question of privacy comes to the fore, as well as GDPR-style personal data conversations, in this case very personal. This, and other medical sensors displayed here walk a fine line, and privacy issues aside, a data leak would be most embarrassing and potentially damaging the victim and IoT provider.

As sensors become more central to the way we live, approach healthcare, and transport ourselves, the attack surface rises exponentially, especially as these sensors interface with the internet. It’s now possible to have digital spies in your house in whole new ways, but would you really know if they were?

There’s a digital treasure trove to be had in your home. At the center of it all is your home router. You know, the one you haven’t upgraded the firmware on (or there’s none available) since you bought it back in the day? Keeping track of this important digital intersection will become increasingly important, re-focusing the digital defense industry on defending your home network, which will become more complex and diverse than the corporate networks of yesteryear.

And while it’s probably not life threatening if one of those underwater robot fish they have here (really) for your low maintenance Koi pond motif goes berzerk, it might still be time to update your router and home security solutions to keep an eye out for rogue machines in your house. After all, you may not know that they’ve been revealing your deepest secrets, or if they soon will.

Resource: https://www.welivesecurity.com/2019/01/10/ces-iot-security-do-you-know-who-your-home-is-talking-to/ 

  0 Comments
0 Comments
Continue reading

Got an SMS offering $$$ refund? Don’t fall for it…

SMS, also known as text messaging, may be a bit of a “yesterday” technology……but SMS phishing is alive and well, and a good reminder that KISS really works.

If you aren’t familiar with the acronym KISS, it’s short for “keep it simple, stupid.”

Despite the rather insulting tone when you say the phrase out aloud, the underlying ideas work rather well in cybercrime.

Don’t overcomplicate things; pick a believable lie and stick to it; and make it easy for the victim to “figure it out” for themselves, so they don’t feel confused or pressurised anywhere along the way.

Here’s an SMS phish we received today, claiming to come from Argos, a well-known and popular UK catalogue merchant:

You have a refund of £245. Request refund and allow 3 days for it to appear in your account.
http://argos.co.uk.XXXXXXX.shop/login

The wording here probably isn’t exactly what a UK retailer would write in English (we’re not going to say more, lest we give the crooks ideas for next time!), but it’s believable enough.

That’s because SMS messages, of necessity, rely on a brief and direct style that makes it much easier to get the spelling and grammar right.

Ironically, after years of not buying anything from Argos, we recently purchased a neat new phone for our Android research from an Argos shop – the phone we mentioned in a recent podcast, in fact – so we weren’t particularly surprised or even annoyed to see a message apparently from the company.

We suspect that many people in the UK will be in a similar position, perhaps having done some Christmas shopping at a genuine Argos, or having tried to return an unwanted gift for a genuine refund.

The login link ought to be a giveaway, but the crooks have used an age-old trick that still works well: register an innocent looking domain name, such as online.example, and add the domain name you want to phish at the start.

This works because once you own the domain online.example, you automatically acquire the right to use any subdomain, all the way from http://www.online.example to some.genuine.domain.online.example.

Because we read from left-to-right, it’s easy to spot what looks like a domain name at the left-hand end of the URL and not realise that it’s just a subdomain specified under a completely unrelated domain.

These crooks chose the top-level domain (TLD) .shop, which is open for registrations from anywhere in the world.

Although .shop domains are generally a bit pricier than TLDs such as .com and .net, we found registrars with special deals offering cool-looking .shop names starting under $10.

 

 

What if you click through?

What harm in looking?

Well, the problem with clicking through is that you put yourself directly in harm’s way.

Visting the link provided takes you to a pretty good facsimile of the real Argos login page, shown below on the left (the real page is on the right):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

There’s not much fanfare, just a realistic clone of exactly the sort of content you’d expect to see, except for the lack of HTTPS and the not-quite-right domain name.

Getting free HTTPS certificates is pretty easy these days, so the crooks could have taken this extra step if they’d wanted.

Perhaps they were feeling lazy, or perhaps they figured that anyone who’d take care to check for the presence of a certificate might also click through to view the certificate, which would only serve to emphasise that it didn’t belong to Argos?

If you do fill in a username and password, then you have not only handed both of them to the crooks, but also embarked on a longer phishing expedition by the crooks, because the next page asks for more:

We didn’t try going any further than this, so we can’t tell you what the crooks might ask you next – but one thing is clear: by the time you get here, you’ve already given away far too much.

 

 

What to do?

  • Check the full domain name. Don’t let your eyes wander just because the server name you see in the link starts off correctly. What matters is how it ends.
  • Look for the padlock. These days, many phishing sites have a web security certificate so you will often see a padlock even on a bogus site. So the presence of a padlock doesn’t tell you much on its own. But the absence of a padlock is an instant warning saying, “Go no further!”
  • Don’t use login links in SMSes or emails. If you think you are getting a refund, find your own way to the merchant’s login page, perhaps via a bookmark, a search engine, or a printed invoice from earlier. It’s a bit slower than just clicking through but it’s way safer.
  0 Comments
0 Comments
Continue reading
TOP