Monday, 16 September 2013

Remote Desktop (RDP) Hacking 101: I can see your desktop from here!

Lately, we’ve seen an increase in reports of malware being installed via Remote Desktop Protocol (RDP). This is the powerful protocol which has been letting you view a Windows desktop “over the wire” on the other side of the globe (or back at your home from the office) for over a decade now. Sadly, while RDP can serve a variety of useful purposes ranging from remote “hands-on” support to configuring and running servers, in the wrong hands it can be a remote control weapon that enables bad actors to zombify your computer and have it do their bidding.
How could this happen? If your computer is “listening” for an RDP signal (typically over port TCP 3389), and it is connected to the Internet, it will respond when a remote user asks it if it’s alive. To the remote user, they will be presented with a login screen to your desktop, often without you noticing (especially if your computer is on and you just happen to be away from it). At this point, your computer will prompt them for a password – usually. If you have a poorly configured RDP setup on your computer though, it may just let them in. If it does, it’s just the beginning of your trouble.
What can RDP intruders do? If you have administrative privileges assigned to the user they login as, they can take your computer for an unfettered spin around the block, ranging from turning it off, rebooting it, installing software (including malware), or just having a look around to find documents of files with your critical personal information in them like banking, accounting, or other information and then spirit them off across the network to their own computers for nefarious purposes.
How do you stop all this? First thing is to know if you have RDP enabled. That’s easy to check from your Control Panel under System > Remote Settings > Remote Desktop (under Windows 7, other operating systems vary).
Windows 7 RDP blocking
Notice this test computer has Remote Desktop (RDP) disabled, which is fine for testing purposes, as nobody should be logging in remotely on this box. But if you choose to allow connections, take some time to define who you think should be connecting using the “Select Users” dialog box:
Notice the user that you are logged in as already has access (blanked out in example). When remote attackers come calling this could pose problems for an unwitting user who is logged in as Administrator. Very likely the bad guys will be looking to gain elevated access, and logging in as Administrator is a quick way to do that. If they can pair that valid User with an easy-to-guess password, they’ve got the keys to your computer’s crown jewels.
Recently, we’ve seen a spike in an RDP-based attacks using the Win32/Filecoder.NAH Trojan (also known as ACCDFISA) which attempts to encrypt files on your computer and extort money to pay the bad guys to unlock them.
Never mind the fact that it’s always a bad idea to send money to scammers in a scheme like this (especially via credit card, which virtually guarantees further fraud), the whole thing could be simply avoided by disabling the service if you don’t need it, and protecting it if you do.
Speaking of protection, aside from not using easily guessed usernames, a strong password would also go a long ways toward protecting the account. If hackers can programmatically “guess” your password because it’s based on a simple word – they will quite quickly. On the other hand, if it’s complex, meaning a combination of upper and lower case letters, numbers, and symbols (the longer the better), their task becomes much more daunting.
If you need to use RDP and are more technically inclined you can change the port on which RDP “listens” for connections (the default port is 3389). Microsoft has an article on how to do this in many versions of Windows. You can also find a range of possible solutions discussed on Stack Overflow.
And on the subject of remote desktop support, stay alert for those “Windows support” people who phone and ask you to install special remote access software to allow them to “fix” your computer. Falling for that scam can end badly. For more on that, take a look at David Harley’s article here.

Mobile Threat Monday: Downloading iOS 7 Before Release

Image via Flickr user Aidan
The latest version of Apple's mobile operating system, iOS 7, will launch on September 18. For owners of recent iPad, iPhone, and iPod Touch models, this will be a free over-the-air download that will only cost you time. Despite being free, pirated beta versions of iOS 7 are popular downloads on various Bittorrent websites. Perhaps it goes without saying, but trusting your device to a pirated operating system isn't a good idea.
Activation Errors
If you want a legal, Apple-approved copy of iOS 7 beta  you'll need to pony up $99 to the App Store gatekeepers. In exchange for your cash, Apple authorizes your device's UDID number and approves beta versions of iOS 7 for use on your device. There is, however, a weird little work-around that side-steps the UDID  authentication process so anyone can install iOS beta files.
There are scattered reports of unauthorized iOS 7 users suddenly finding themselves hit with strange activation errors, forcing them to downgrade back to iOS 6 and restore from backups. Whether or not this is Apple trying to maintain control of their betas isn't clear, but it sounds like a real headache. And an unnecessary one to boot!
Scams and Malware
Where there are illegal downloads there are scams, and iOS 7 is no different. Remember how you don't need to Apple to authorize your UDID to install iOS 7? Not everyone has received the memo, and people are apparently making a business of "authorizing" UDIDs of would-be iOS 7 users.
Of course that there's no guarantee that these UDID authorizers will deliver their goods, and we've seen similar scams for iOS 6 jailbreaking tools that parted victims from their money and personal information to boot. Scammers are particularly fond of catering to less-than-legal desires, since most victims won't report the crime out of fear they'll be punished themselves.
Even if you successfully purchase an activation from one of these sellers, your UDID is now tied to a developer account oustide of your control. Worse yet, if they have physical access to your device these "developers" wanted could install whatever apps they want. This is similar to how the Mactans malicious charging stations we saw at Black Hat work.
It's unlikely that pirated copies of iOS 7 beta will contain malware since the code is signed by Apple. That said, installing critical system files obtained from a shady Torrent website doesn't sound like a good idea to me. After all, jailbreaking iPhones has turned out to be a great way to introduce malware onto Apple devices.
"It's just crazy," said SecurityWatch contributor Neil Rubenking. "I mean, you wouldn't go to a shady east European website to download your Windows updates, would you?"
Just Wait!
Really, everyone could just save themselves a lot of trouble by waiting the two days until Apple drops the official release. I mean, come on: it's free! Why even worry about activation problems, scammers, and potential  malware when you can sleep two nights and wake up with a brand new operating system fully supported by the manufacturer.
Apple has thrived off the excitement generated by their announcements, and it's thrilling to get a glimpse of a highly anticipated product before it hits the streets. But in this case, it's safer to just wait until release.

A dream job at a luxury store? Nope – just a clever $1.5 million phishing scam

Six Nigerian men have gone on trial today in London for an alleged phishing scam where job offers at London’s exclusive Harrods department store were used as “bait”.
In total, the scam, referrred to as the “Gumtree fraud” due to the local job listings site used to trawl for victims, netted $1.5 million, the prosecution alleges.
The men have gone on trial at London’s central Old Bailey court today – accused of posting hundreds of fake job adverts for the luxurious department store, then asking applicants to download an “application form” from a recruitment agency, according to a report in the Daily Mail.
The fraudsters then installed a Trojan on their victims’ machines and stole amounts ranging from £400 to £4,700. The store was alerted when applicants complained that their computers had become infected after applying for jobs. The six men accused of distributing the malware are all IT graduates.
Walton Hornsby, prosecuting, said, “’It specifically targeted people looking for jobs. A decision was made someone applying for a job is perhaps more keen to cooperate and comply with any instructions given by someone that seems to be positively responding to their application by inviting them to download an application pack.In August and early September 2010 a number of adverts appeared on Gumtree advertising various jobs at Harrods, a rather attractive post.”
ESET Senior Research Fellow David Harley says, in a post discussing how to spot fake job offers, “At a time when the global economy is in crisis, there are all too many people solving their own employment and financial problems by scamming the unemployed, and job scams are an obvious way of grabbing their attention.”
Harley offers detailed tips – including clues in the wording of job offers, which may betray the fact that there is no job on offer at all.

NIST cybersecurity framework: Your insurance company is watching

If NIST came up with a new standard for cybersecurity, would your organization be insurable for cyber risks when measured against that standard? This was a leading topic of discussion in Dallas last week at the latest in a series of workshops attempting to fine tune the proposed NIST cybersecurity framework (we have discussed previous CSF meetings on We Live Security here and also here, plus a podcast here).
Cyber insurance was the topic of a panel moderated by Tom Finan of DHS and including Peter Foster, an insurance broker with the Willis Group, Mark Camillo of AIG, Toby Merrill of ACE USA, and Laurie Schwarz of Lockton. Here is how DHS regards cybersecurity insurance:
Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. The Department of Commerce has described cybersecurity insurance as an “effective, market-driven way of increasing cybersecurity” because it may help reduce the number of successful cyber attacks by promoting widespread adoption of preventative measures; encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection; and limiting the level of losses that companies face following a cyber attack.
Of course, NIST is a standards agency, not an insurance or enforcement agency. But NIST is within Commerce, and it does purport to provide standards which are widely accepted across an industry by, for example, insurance companies who are looking for some way to measure whether your business stacks up to the “gold standard” and charge you premiums accordingly. At the moment, many companies should be able to qualify for policies (according to at least one panelist), but insurance companies seem keenly interested in certain key indicators, like whether your corporate culture is proactive or reactive with respect to emerging security issues. Do you stay on top of change, or take a more passive stand-back-and-watch approach when it comes to security? The answers to these questions could factor into the rates you pay for cyber insurance (here’s an example of such insurance, offered by AIG, and by ACE USA).
When insurance companies interview you for a cybersecurity policy, you’ll want to convince them that you have a very firm grasp on where you are now, where you’re going next, and how you plan to prove all that. In general you’ll want to show that you’ve given your security posture some significant thought.
One panelist likes to ask prospective clients about their recent loss experiences. If they say they’ve had none, he winces suspiciously and digs deeper, probing how they know whether or not they have been breached, or whether they have a process in place to know at all.
But what exactly will be covered by cyber insurance? That is still less clear. For example, if there is a massive widespread event, say a cyber Katrina-style digital hurricane that wipes out a whole swath of technology services, who pays, for what, to whom, and under what circumstances? This is the capacity question, and just one of the questions DHS dove into regarding cybersecurity insurance  here.
And then there are the stock markets. Companies who insure financial transaction folks insure very, very large numbers of transactions. Think many trillions in not very many days. A mass digital train wreck in their world would certainly be uncomfortably scary (for them and us), and make the claims departments cringe.
Oh, and if there is a digital Katrina, you won’t see it coming on TV, preceded by pummeling downpours approaching landfall for half a day (or more), it will happen in seconds (maybe microseconds) with little warning, as in the recent ATM heists, where million-dollar-loss-hours may be the norm.
So what’s the maximum total impact insurance companies can be reasonably expected to handle? That’s a question the panel pondered. One panelist opined they could handle a $350 million dollar event, but probably not 10 of those at the same time. But insurance folks aren’t just sitting on their haunches. Insurance calculations are based on the size and type of data available, and there’s simply not enough yet to make all the actuarial calculations work, but they’re slowing getting there.
While the cyber insurance industry is in its infancy, breach victims don’t seem anxious to trot out every last detail of every breach to bolster actuarial tables, as a full dump of all the details may serve as unintended alarmist warnings to customers and users who want assurances that their data is protected. This is especially true when the competitor down the road doesn’t reveal details, thereby possibly courting favor in the marketplace, since they “appear” to be more safe. Would you trot out your organization’s details for all to see to make actuaries happy?
And what do you get for your coverage? One panelist highlighted seven different categories of “cybersecurity insurance”, ranging from physical loss, to reputation insurance, and a bevy of others. If your policy responds to a loss by sending you a stack of new servers, that may do little to assuage the total blow to your public image. And that’s the point: you really need comprehensive coverage, and may not even know how to assess what you need. And neither may your agent. Again, you’re not alone, as Insurance Journal points out here.
Whatever happens, NIST’s cybersecurity framework hopes to aid in the continuing discussions about insurability (and a host of other things) that will potentially affect those providing what can increasingly be considered critical parts of our national core infrastructure.

Brainwave-scanning hat could be most secure car key ever made

A brainwave scanner could be used as the ultimate biometric “car key” according to researchers at Tottori University – and even prevent carjackings, unlicensed drivers taking the wheel, or accidents caused by drivers falling asleep.
Biometric systems are being discussed widely at the moment, due to Apple’s inclusion of a fingerprint ID system in its new iPhone 5S.
But for certain systems, authentication methods such as iris scanners and fingerprint recognition are insufficient, Isao Nakanishi of the Graduate School of Engineering argues in a paper in  the International Journal of Biometrics.
Fingerprint and iris systems are “one time entry” authentication, Nakanishi argues – and for vehicles carrying valuable commodities or even public transport vehicles, this may not be sufficient.
“Measuring the driver’s brain waves continually – via sensors in the headgear of the driver’s headgear – would be straightforward and would allow authentication that could not be spoofed by an imposter,” the researchers write. “If the wrong brain waves are measured, the vehicle is safely immobilized.”
The system would scan the alpha-beta brain waves of the driver as they drove, to enture that they were in a fit condition to do so.
“Importantly, the ongoing authentication of drivers using their brain waves would facilitate a simple way to preclude starting the engine if the driver is intoxicated with drugs or alcohol, or even just too tired because their brain waves would not match their normal pattern under such circumstances,” the researchers write.
“If an imposter replaces the authenticated user in a hijacked car, for instance, such systems have no way of verifying that the person currently driving the car is the legitimate driver and that the hijacker hasn’t thrown the owner from the car or tied them up in the boot. An authentication system based on password entry or iris scanning that repeatedly checks that the driver is the legal driver of the vehicle would be not be safe.”
We recently reported on another biometric, your heartbeat, and according to Stephen Cobb, Senior Security Researcher with ESET, we may be on the verge of widespread deployment of biometrics. Says Cobb, “Successful implementation of biometrics in a segment leading product could bode well for consumer acceptance.” He adds, “I have been a fan of biometrics as an added authentication factor ever since I first researched multi-factor and 2FA systems 20 years ago, however, user adoption is very sensitive to performance; in other words the iPhone 5S could advance biometrics, or put a whole lot of people off biometrics.”
Earlier this year, UC Berkeley researchers suggested “brain wave” passwords could be an effective tool for unlocking PCs and other computer systems – with a failure rate of less than 1%.
“We find that brainwave signals, even those collected using low-cost non-intrusive EEG sensors in everyday settings, can be used to authenticate users with high degrees of accuracy,” said the researchers.
“Other than the EEG sensor, the headset is indistinguishable from a conventional Bluetooth headset for use with mobile phones, music players, and other computing devices,” the researchers said.

Deloitte hires FBI agent who oversaw probe into 9/11 attack

Deloitte & Touche LLP said on Monday it hired a former senior FBI official as its new director of security and privacy, as the firm seeks to help its client companies fight the threat from increasingly sophisticated computer hackers.
Mary E. Galligan, who supervised the FBI's investigation into the September 11 attacks during a more than 25 year career in law enforcement, will advise Fortune 500 companies on cyber security risks for Deloitte.
She began her role last week, Deloitte said.
Galligan joined the FBI in 1988 and most recently served as special agent in charge of the FBI New York Office's special operations and cyber division.
Deloitte is one of the world's biggest consulting firms that advises companies on cyber security and privacy issues.

Research indicates NSA Hacked Belgian Belgacom

The federal prosecutor confirms that Belgacom has filed for a digital intrusion. Complaint on July 19 The research points in the direction of international state-sponsored cyber espionage, sounds. Both the prosecutor and the privacy commission started an investigation into the matter.
After the complaint was the federal prosecutor launched an investigation against unknown.
The investigation revealed that multiple servers and workstations were infected. Given the technical complexity of the hacking and the scale of that happened, the study in the direction of international state-sponsored cyber espionage, sounds at the federal prosecution.
The hackers possessed by the prosecutor on major financial and logistical resources and used specific malware and advanced encryption techniques.
NSA Suspect?
Yet it is too short-sighted to behind the hacking hand of American intelligence to see NSA ', Eddy Willems, specialist internet security company G Data and director of the European Institute for Computer Antivirus Research (EICAR), remains cautious. "I do not exclude that the NSA is behind it, but I like to wait yet with a ruling on until I have seen the effective analysis of the virus, and that has not yet surfaced."
No sabotage
Based on the information available to the federal prosecutor's disposal was the hacking mainly focused on collecting strategic information and not to tamper or cause economic or other damage. Further research will tell.
The research is conducted by the FGP Brussels (Regional Computer Crime Unit) with support from the FCCU (Federal Computer Crime Unit) and specialized technical assistance of Defence (GISS - General Intelligence and Security Service of the Armed Forces).
Privacy Commission is also examining
The privacy commission launched its own investigation into the hacking, which mainly focuses on privacy infringements of Belgacom customers. 'President Want Debeuckelaere was brought last Saturday at the height of the case, "explains spokeswoman Eva Wiertz.
"The President has therefore decided, to investigate what happened. Exactly in partnership with Belgacom and the Belgian Institute for Postal Services and Telecommunications (BIPT), a research The research is needed to determine the extent to which there has been an infringement of the privacy of Belgacom customers.

Santander cyber bank robbers arrested by Met Police after plot to hack Surray Quays branch

Santander bank
The Metropolitan Police have charged four individuals with conspiring to hack a Santander bank branch in London.
The police confirmed arresting 12 men between the ages of 23 and 50 in a public statement on Saturday. Four of them appeared in court on Saturday and eight others are on bail pending further enquiries.
The men are believed to have conspired to hack the Surrey Quays Santander branch by attaching a keyboard video mouse (KVM) switch to a terminal. The tactic would let the criminals take control of the terminal from a remote location at a later date.
A Santander spokesperson confirmed that the bank is aware of the attack and arrests in a statement to V3, warning that IT breaches are a problem facing all high-street banks and that no information was compromised.
"Like all high-street banks, Santander works very closely with the police and other authorities to help prevent fraud. Through this co-operation, Santander was aware of the possibility of the attack connected to today's arrests. The attempt to fit the device to the computer in the Surrey Quays Branch was undertaken by a bogus maintenance engineer pretending to be from a third party," read the statement.
Santander's director of communications Jennifer Scardino added that by co-operating with the police the bank was able to thwart the criminals before they had the chance to steal any customer information.
"Santander alerted the Metropolitan Police about the threat posed by those arrested yesterday, and has worked closely with the police to help them gather the evidence required for the arrests. There was never any risk of access to our systems, customer data or funds," she said.
The attack is atypical as it required a member of the criminal gang to physically compromise the bank's security before hacking its network. Senior security researcher at Kaspersky Lab, David Emm, listed the attack as proof that banks and companies handling sensitive data must take physical security just as seriously as cyber security.
"The method used by the group was sophisticated, using both ‘low-tech' and ‘high-tech' methods, through the use of hardware and software. Hacking attempts to large organisations usually focus mainly on software, for example installing Trojans to infiltrate a vulnerable employee's computer within the organisation, thus giving the cyber criminal remote access to the company's infrastructure," he said.

"This attempt should remind organisations that a holistic approach needs to be taken toward security. It's not just the IT security methods that need to be scrutinised, but the people within the organisation as well. With a physical device being planted within the branch, it is clear that organisations need to keep an eye out for physical breaches, as well as software infiltrations."
Helping educate companies and financial institutions about cyber threats has been a key goal for the UK government and its ongoing Cyber Strategy. The GCHQ launched a new Cyber Incident Response initiative designed to offer companies and public-sector organisations assistance in the aftermath of cyber security attacks.

FBI admitted attack against the Freedom Hosting

FBI admitted publicly that the Bureau had compromised the Freedom Hosting, probably the most popular Tor hidden service operator company.
The news confirms the suspects raised after that a group of  Security researchers found a malicious script that takes advantage of a Firefox Zero-day to identify some users of the Tor anonymity network.
In an Irish court the FBI Supervisory Special Agent Brooke Donahue revealed that the FBI had control of the Freedom Hosting company to investigate on child pornography activities, Freedom Hosting was considered by US law enforcement the largest child porn facilitator on the planet.
FBI for its analysis exploited a Firefox Zero-day for Firefox 17 version that allowed it to track Tor users, it exploited a flaw in the Tor browser to implant a tracking cookie which fingerprinted suspects through a specific external server.
Mozilla confirmed the presence of the security vulnerability in Firefox 17 (MFSA 2013-53) , which is currently the extended support release (ESR) version of Firefox.
“Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.”
The exploit is based on a Javascript that is a tiny Windows executable hidden in a variable dubbed “Magneto”. Magneto code looks up the victim’s Windows hostname and MAC address and sends the information back to the FBI Virginia server exposing the victims’s real IP address. The script sends back the data with a standard HTTP web request outside the Tor Network.
Firefox Zero-day against Anonymity
Eric Eoin Marques, the 28-year-old Irishman owner and operator of Freedom Hostingis now awaiting extradition to the US where he could face 100 years in prison on child pornography charges. The new details emerged in press reports from a Thursday bail hearing in Dublin, where Marques, 28, is fighting extradition to America on the above charges. He was denied bail for the second time since his arrest in July. According law enforcement Marques might reestablish contact with co-conspirators, and further complicate the FBI probe.
Freedom Hosting owner
Freedom Hosting hosted hundreds of discutible websites, many of them used to conduct illegal activities taking advantage of the anonymity provided by Tor network. Tor network contains in fact many services that are used by cyber criminals for money laundering, exchanging of child porn material, renting for hacking services and sale of drugs and weapons.
Freedom Hosting offers hosting services to hacking sites such as  HackBB and at least 550 servers throughout Europe that distributed child porn content.
Donahue revealed that the Freedom Hosting  service hosted at least 100 child porn sites providing illegal content to thousands of users, and claimed Marques had visited some of the sites himself.
Eric Eoin Marques knew he hunted, apparently he already sent the earnings to his girlfriend over in Romania, the FBI is analyzing the Marques’s seized computer discovered that he had made inquiries about how to get a visa and entry into Russia, and residency and citizenship in the country.
Marques’s  made also searches for a US passport template and a US passport hologram star, probably he was planning an escape. In 2011 the group of hacktivist Anonymous also attached the F
reedom Hosting with a series of DDoS attacks after allegedly finding the firm hosted more that 90% of the child porn hidden services on the Tor network.
Court documents and FBI files released under the FOIA have described the CIPAV (Computer and Internet Protocol Address Verifier) as software the FBI can deliver through a browser exploit to gather information from the suspect’s machine and send it to on the server of the Bureau in Virginia.
The event is the confirmation that Tor network provides an extra layer of obfuscation but it must be clear it does not provide bulletproof online anonymity, various researches already that evidenced it

Hacker Group Responsible for Vodafone-attack

After the announcement of the data-harvesting at Vodafone Germany there is now a letter claiming responsibility for the attack, were copied from the data of 2 million people.
A hacker group called "Team_L4w", assumes the responsibility for the attack and stressed that the said by law enforcement suspects, in which a search was conducted, was innocent. The authors of the letter claiming to be self-conscious. The NSA and the Scotland Yard trying for years to expose it, but what is futile. "We know what we're doing! Is a graduate level are personnel on!" Write the hackers. However, we can not confirm whether the group is actually responsible.
According to information from Blogger Carsten Knobloch were published , Team_L4w also has data from the Vodafone Hack circulated on the Internet, this could not be confirmed, however. Earlier pastebin releases the self-proclaimed leader of the group, signed "B3n" arouse more doubts. "We suspect that they are freeloaders," Vodafone also told heise Security. An e-mail containing the letter did not get the company contrary to the allegations of the hacking group. Even the law enforcement agencies had been informed of this fact.
According to Vodafone people are also affected, which now do not have a current contract with the company. For tax purposes, the entity should save the master data of former customers. The server with this data it was thus separated from other infrastructure, that it contained no information about whether the records belong to the respective active or terminated contracts. Vodafone had decided to write to all affected persons at once to quickly as possible to inform everyone whose data was affected. It had former customers therefore receive the same letter as customers with active contracts.

UAE businesses on alert after Dh1m cyber heist

Abu Dhabi Police has issued a warning to companies in the UAE following a spate of cyber-attacks by international hackers.
Two recent cyber heists involving about Dh1million have left business wary because hackers are found to intercept communications of business deals that take place between local buyers and foreign suppliers to target funds.
Colonel Dr Rashid Mohammed Bourshid , Director, Criminal Investigation Department, said there are instances where hackers pose as suppliers and contact local businesses via email. And after taking them into confidence they begin siphoning of funds  by asking these firms to transfer money to their bank accounts.
One such fraudulent activity involved a restaurant, where the owner was cheated of $150,000 [Dh550,958]. The hacker gang contacted the owner via email and after learning that he was interested in buying a restaurant in Europe, they set into action. They made him transfer the amount in two installments.
Another incident involved a firm selling construction materials. An international hacking gang established contact with the owner of the firm and siphoned off $100,000 to East Asia. In this case, the hackers even forged the signature of the company owner and gained a power of attorney.
Colonel Dr. Bourshid urged businesses not to rely on email communications. In important and sensitive matters, firms must check facts thoroughly and make phone calls to prevent such acts, he added. He also reminded businesses to not share important information via email, change passwords regularly, use anti-virus software and download safe programs.