Thursday, 28 March 2013

Email security --- TIPS

Email security has become part of the job description for every employee. All it takes is one employee to cause a breach that opens up the entire company. For example, consider The New York Times: the recent breach by Chinese hackers was done via a phishing or spear phishing email. All that was necessary was that one email to be opened, and The New York Times network was accessible to the hackers. And once an attacker is behind the firewall, then the hacker can do anything.

Without proper training, it is easy for an employee to accidentally open and launch a window for a hacker. It is the duty of every personnel department to train new employees as to what to look for when receiving email messages. This information should be included in employee manuals and should also be posted on lunch room walls as reminders. With the volume of emails we all receive on a daily basis, it is very easy to forget that one of the emails could be a “Bomb” that could cause a breach. And a network breach can lead to data loss, loss of reputation, and denial of services for your employees and clients.

There are two types of phishing email messages: phishing and spear phishing. Phishing is a generic type of email that is sent to everyone in a company with the hope that someone will open the email and click on a link or open an attachment. There are no names attached to it, the subject line is generic, and the TO: line usually says recipients_not_disclosed. That’s a dead giveaway! Finally, the FROM line does not conform to corporate email standards.

The second form of phishing is called spear phishing. This type of email is more insidious. Someone or some organization has taken the time to find information about a specific employee and personalize an email message to make it look like it has been sent to that person from someone he or she knows. As a result, the email looks legitimate. This email is designed through a few methods. The attacker scours Facebook, LinkedIn, Twitter, and possibly financial information sites, such as, Hoovers. The hacker may make calls to a company’s receptionist to find other pertinent information regarding the email recipient, possibly email address and/or phone number. In bigger companies, they may even call the IT department and claim that they are the person of interest and forgot their email password and ask for it to be reset. Hopefully, there are policies in place with the IT department that make it impossible for someone to change a password without multifactor authentication (multiple types of ID must be given before the password can be changed – this is an issue for another post). Spear phishing emails are usually sent to management-level employees since they tend to have more network privileges.

Once again, even with spear phishing, the questions one must ask include: Are you expecting an email from this person and do you even know him or her? Is there a link in the body of the email? If yes, do not click on it. If you really must know what the link is, send it to the IT department or your security team and let them confirm if it is legitimate. Due to the speed of business these days, it may be difficult to remember what to look for, but it’s also difficult to recover from a breach. It can happen to anyone, don’t let it be you for your company’s sake.

Host computers should all have a good virus scanner to scan inbound emails and attachments. After that, here are some things to look for when determining if you’re looking at a phishing email. Does the email address in the FROM: line correspond to the corporate email layout? This may mean: last name first, or first name last. When a message is sent to you, are you expecting an email from that person or is the email coming from someone you don’t know? Look at the subject line of the email: Are there any misspellings in the subject line, and does it make sense?

Make it a policy to never click on live links within an email message. A live link (one that is colored and underlined) could look like a legitimate link but the actual link may send you somewhere else. If you really must know what the link is, copy and paste it into the notepad program.  

Sometimes emails arrive in your inbox under the guise of legitimacy. They appear to come from somewhere within your organization, but they’re not. An email arrives and asks to change your security credentials – but don’t be fooled. First of all, there should be a general announcement regarding this topic distributed company-wide to all users. It will be sent out by one person, not from “The Security Team.” Be aware of that. Emails regarding this sensitive issue must be sent by individuals, not groups, and an email sent by an internal employee will adhere to corporate email structure, fakes do not.

Many breaches come from an email that looks legitimate from an internal employee. So, look at the signature line at the bottom of the email. If it isn’t the standard signature line that your company uses for all emails, it’s probably suspect. I realize that checking an email to be sure that it’s real can be time-consuming, but the more you look for errors, the better you become at spotting them.

The larger a company is, the harder it is to remind employees about staying vigilant. But in the long run, what’s worse: reminders or hackers? You do the math.

New malware targeting point-of-sale (POS) systems and ATMs

A new malware targeting point-of-sale (POS) systems and ATMs has stolen payment card information from several US banks, researchers say. The author behind the malware appears to have links to a Russian cyber-crime gang. The malware scans the memory of point-of-sale systems and ATMs looking for credit card data, researchers from Russia-based security company Group-IB told SecurityWeek. The researchers believe the malware has already been used to steal data from credit and debit cards issued by major US banks, including Chase, Capital One, Citibank, and Union Bank of California.

Bluetooth Security

Many of us use and love Bluetooth technology. You can use it to send a document from your laptop to a printer in another room via a radio frequency. It’s easy to set up and convenient to use.
But you might want to think twice about what you use it for because that easy connection for you can also be an easy connection for a cybercreep.
1. You may be shouting out your information via your voice.
2. What makes Bluetooth easy to work for you, can make it open to someone to eavesdrop.
Have you ever been at a house where the baby monitor or the cordless phones pick up the neighbor’s conversations? This is sort of like that.
It’s also less about your actual Bluetooth itself and the fact that many people walk around with the Bluetooth enabled on their smartphone when they don’t use it which means it’s open for cybercreeps to Bluetooth their way in.
When you have Bluetooth turned on but not in use, you are basically broadcasting that your phone is on & available for other to Bluetooth to it!
A hacker can run a program on the computer that scans for Bluetooth connections. When they find one, bingo, they connect and they are in.
What do they take? Typically things like your address book, possibly your calendar, photos, using your phone to make long distance calls, or they may turn your phone into an impromptu speaker and listen to your conversations.
1. Turn your Bluetooth to “off” on devices such as your phone when not using the Bluetooth feature.
2. You can also look at your manufacturer settings to see if there is a “hidden” or “private” mode.
3. Refrain from sensitive and personal conversations using the Bluetooth device.

Internet slows down after DNS attack on Spamhaus

Hundreds of thousands of Britons are unsuspecting participants in one of the internet's biggest cyber-attacks ever – because their broadband router has been subverted.

Spamhaus, which operates a filtering service used to weed out spam emails, has been under attack since 18 March after adding a Dutch hosting organisation called Cyberbunker to its list of unwelcome internet sites. The service has "made plenty of enemies", said one expert, and the cyber-attack appeared to be retaliation.

A collateral effect of the attack is that internet users accustomed to high-speed connections may have seen those slow down, said James Blessing, a member of the UK Internet Service Providers' Association (ISPA) council.

"It varies depending on where you are and what site you're trying to get to," he said. "Those who are used to it being really quick will notice." Some people accessing the online streaming site Netflix reported a slowdown.

Spamhaus offers a checking service for companies and organisations, listing internet addresses it thinks generate spam, or which host content linked to spam, such as sites selling pills touted in junk email. Use of the service is optional, but thousands of organisations use it millions of times a day in deciding whether to accept incoming email from the internet.

Cyberbunker offers hosting for any sort of content as long, it says, as it is not child pornography or linked to terrorism. But in mid-March Spamhaus added its internet addresses to its blacklist.

In retaliation, the hosting company and a number of eastern European gangs apparently enlisted hackers who have in turn put together huge "botnets" of computers, and also exploited home and business broadband routers, to try to knock out the Spamhaus system.

"Spamhaus has made plenty of enemies over the years. Spammers aren't always the most lovable of individuals, and Spamhaus has been threatened, sued and [attacked] regularly," noted Matthew Prince of Cloudflare, a hosting company that helped the London business survive the attack by diverting the traffic.

Rather than aiming floods of traffic directly at Spamhaus's servers – a familiar tactic that is easily averted – the hackers exploited the internet's domain name system (DNS) servers, which accept a human-readable address for a website (such as and spit back a machine-readable one ( The hackers "spoofed" requests for lookups to the DNS servers so they seemed to come from Spamhaus; the servers responded with huge floods of responses, all aimed back at Spamhaus.

Some of those requests will have been coming from UK users without their knowledge, If somebody has a badly configured broadband modem or router, anybody in the outside world can use it to redirect traffic and attack the target – in this case, Spamhaus."

Many routers in the UK provided by ISPs have settings enabled which let them be controlled remotely for servicing. That, together with so-called "open DNS" systems online which are known to be insecure helped the hackers to create a flood of traffic.

"You can't stop a DNS flood by shutting down those [DNS] servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them."