Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Tax Season Cybersecurity Tips

Nearly a year ago, in February 2017, the IRS issued a warning regarding phishing attacks targeting a broad range of companies. The scam involves a hacker impersonating an employee of a company, usually Tax Fraud Equifaxthe CEO, and sending an email asking for a list of employees and their W-2 forms. The hacker would then make fraudulent tax filings using the W-2 forms. The scam is similar to the traditional Business Email Compromise (BEC), which involves spoofing an employee account in order to direct wire transfers to fraudulent accounts. The scam was enormously successful.  And while the IRS is taking steps to prevent the use of this information for tax fraud, companies that fall victim to these scams may still be liable under data breach laws and for other identity fraud that can be committed using this data.

Below are five questions in-house counsel should be asking their information security team to mitigate their company’s risk.

  1. Do we transmit employee HR information, particularly Social Security numbers and W-2 or similar tax forms, by email? Is it possible to limit the transmission to a more secure method, such as through a restricted access cloud account with limited permissions for access and downloading?
  2. If we do transmit these files by email, do we require them to be encrypted or password-protected? (And if so, how are these passwords created and shared?)
  3. Do we have a policy in place about who can access, request, or receive this information? Do we have a “whitelist” of people who should have access? And do we require phone or other confirmation before transmitting such information?
  4. Do we have logging in place for where we store this information that would allow us to determine if there has been unauthorized access?
  5. Have we done a search for similar domain names to ours that could be easily spoofed?  (For example, if our domain is startup.com, do we also own stantup.com or slartup.com?) Are we aware of who owns addresses similar to ours?

Implementing just a few of these tools and policies can help reduce your company’s exposure to cybersecurity attacks.

Resource taken from: https://www.jdsupra.com/legalnews/cybersecurity-for-this-tax-season-62995/

Continue reading
0 Comments

2018 Winter Olympics Phishing Campaign Hides Evil Script in Image

winter olympics

According to researchers at McAfee, a new malware campaign is targeting organizations associated with the upcoming 2018 Winter Olympics in Pyeongchang, South Korea. This new technique is expected to make it into your users' inbox soon, so here is your heads-up. The attack is being delivered via phishing emails disguised as alerts from country's National Counter-Terrorism Center, with malicious Word documents attached. Future attacks could be using any social engineering tricks. Jonathan, from our friends at Barkly explained the technical background: "Once opened, the Word doc encourages readers to enable content. If they do, that triggers an embedded macro to launch PowerShell. Up to this point, this is nothing really new. But here's where things get interesting... Why this attack is different: What truly makes this campaign notable is its use of a brand new PowerShell tool called Invoke-PSImage that allows attackers to hide malicious scripts in the pixels of otherwise benign-looking image files, and later execute them directly from memory. Why that's dangerous: Not only does hiding the script inside an image file help it evade detection, executing it directly from memory is a fileless technique that generally won't get picked up by traditional antivirus solutions. No download necessary: Invoke-PSImage can be used to extract scripts from downloaded images or images hosted on the web. That means an attacker doesn't necessarily need to download an image onto a machine in order to get a script embedded inside it to run on that machine. In the case of this particular malware campaign, the image file is downloaded to the victim machine. Once extracted, the embedded script is passed to the Windows command line and executed via PowerShell. This attack is another troubling example of how attacks are evolving away from using malicious .exe's. In the past, we've seen many attacks abusing PowerShell follow a tried-and-true pattern: Spam email with Word attachment > Word attachment with embedded macro > Macro launches PowerShell script > PowerShell script downloads and executes malware .exe payload In these scenarios, traditional antivirus solutions have a chance of scanning and blocking the attack, but not until the very last step. Once the malware payload has been downloaded onto the device the AV might be able to block it, but only if the malware has been seen before and the AV has a signature it can refer to in order to identify it. In these scenarios, we've seen plenty of instances where the AV misses and the infection is successful. This new malware campaign presents an even worse scenario in which the AV doesn't have that opportunity: Spam email with Word attachment > Word attachment with embedded macro > Macro launches PowerShell script > PowerShell script extracts 2nd PowerShell script from image and executes it from memory > In-memory executed script gives attacker remote access and control With no malicious executable file to scan, this attack can easily succeed unless other protections are in place. Here are a few things you can do to reduce your risk of attacks like this:
• Train employees not to open email attachments from senders they don't know: They should be especially wary of Word documents that ask them to enable content/macros.
• Enforce stricter macro controls: For starters, consider blocking macros in Office files downloaded from the internet.
• Disable or restrict PowerShell: If PowerShell isn't being used for something vital on a machine, disable it. If it is being used for something vital, consider using PowerShell Constrained Language Mode. That will limit PowerShell to its most basic functionality and make many fileless attack techniques unusable."
We could not agree more! You need to create a security culture in your organization and these suggestions are important controls. This post is also at the KnowBe4 Blog, at the end it shows a great new way to create a security culture - at no cost:
https://blog.knowbe4.com/2018-winter-olympics-malware-campaign-hides-malicious-powershell-script-in-image

Continue reading
0 Comments

Employers beware: Wave of Phishing Scams Targeting Employee Paychecks

paycheck fraud photo

There is a new Direct Deposit phishing attack you need to watch out for. It's a sophisticated scam that starts with an official-looking email that asks you to click a link and access a website. Next, they ask you to confirm the data with your real username and password. Last, they use your info to access payroll portals, and reroute your direct deposit amounts to bank accounts owned by the bad guys. The lesson here is to never give anyone your credentials in response to an email... Think Before You Click! Employers may want to immediately take the following precautions to avoid security breaches as a result of these phishing scams:
• Alert your workforce to this scam.
• Direct employees to forward any suspicious requests to the information technology or human resources departments, rather than replying to the e-mail.
• Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any e-mail.
• Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
• Enforce (or, where necessary, establish) multifactor authentication requirements.
• Review and update the physical, technical and personnel-related measures taken to protect your sensitive information and data." Resource: https://www.lexology.com/library/detail.aspx?g=75685deb-06fc-4e47-a696-44843104f866

Continue reading
0 Comments

Staying Secure On The Road

While your network at home or at work may be secure, you should assume that any network you connect to while traveling cannot be trusted. Below are some simple tips that will go a long way protecting you and your data before you travel:

1. Identify which data you don’t need on any devices you are bringing with you and then remove it. This can significantly reduce the impact if your device is stolen, lost, etc.
travel safe2. Lock your mobile devices with a strong password or passcode to avoid anyone getting access to your information.
3. Install or enable software on your device so you can remotely track your location and even wipe it if it has been lost or stolen.
4. Update your devices, applications, and anti-virus software before leaving so that you are running the latest versions. Many cyber-attacks focus on systems with outdated software.
5. Do a complete backup of your devices prior to traveling. This way, if something does happen to them while traveling, you still have all of your original data in a secured location.
6. For international travel, check with your mobile service provider prior to leaving. Service providers often charge high rates for international data usage and you may wish to disable your cellular data capabilities while you’re away or purchase a local SIM card to allow for international travel.
7. Always ensure the physical safety of your devices while traveling by avoiding leaving them in plain sight such as in rental cars, taxis, etc for potential criminals to break in and grab your valuables.
8. Avoid using public wifi, especially in hotels, local coffee shops, or airports, as you never know who set them up or is accessing them. If you do use the wifi, ensure all of your online activity is encrypted or use a VPN (Virtual Private Network) which can encrypt all of your online activity when enabled.
9. Avoid using public computers, such as those found in hotel lobbies or cyber cafes to login to any accounts or to access sensitive information. Whenever possible, only use devices you can control and trust.
10. Knowledge is power! Share your knowledge of keeping your devices safe while on the road with friends, family and co-workers.

Resources taken from:
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201702_en.pdf

Continue reading
Recent comment in this post
MACAWI MACAWI
Technology is increasing day by day, and I think that because of cheap writing services everyone is having emergency. People are n... Read More
Saturday, 24 February 2018 19:03
1 Comment

Consumers worry about their data, but don't bother much with security

A recent worldwide consumer survey found a major disconnect between general fears about cybersecurity and the actions taken to protect not only their personal information, but their families from cyberattacks.

consumer blog

A McAfee survey of 6,400 people found that when it comes to online family safety, identity theft protection and the connected home many people either don't understand the risks or have simply not bothered to protect themselves.

When it comes to keeping track of what their children are doing online the survey found that almost one-third of parents do not monitor their kids online activities and device usage and 33 percent simply don't understand the risks well enough to explain all the potential dangers to their children. On the bright side 79 percent said they had talked to their kids about online safety.

Despite the many public hacks that compromised personally identifiable information that took place last year, only 37 percent of those surveyed use an identity monitoring service, although 67 percent claim to keep an eye on their various accounts to prevent identity theft.

The survey results surrounding the connected home offered an interesting mix of having about half the people being aware of the problems involved in remaining secure, but then again only half or so bothered to do anything to lock down their smart devices.

The most worrying statistic uncovered was that 44 percent of those surveyed leave their home network open and accessible to others, despite the fact that 63 percent said their biggest fear in this area is having their identity stolen through their home network.

The reason behind this lack of home network security is answered by the 53 percent who told McAfee that they are unsure how to secure their devices.

The survey consisted of 6,400 respondents from the U.S., UK, Australia, Germany, France and Singapore.

 

Resources: https://www.scmagazine.com/consumers-worry-about-their-data-but-dont-bother-much-with-security/article/734644/?DCMP=EMC-SCUS_Newswire_20180104&email_hash=5D5F08BA87AAE9B9AB6055F3032D5BB7&spMailingID=18772577&spUserID=MTM1OTIwMTIxNjMwS0&spJobID=1180237746&spReportId=MTE4MDIzNzc0NgS2 

Continue reading
0 Comments
TOP