Email
security has become part of the job description for every employee. All
it takes is one employee to cause a breach that opens up the entire
company. For example, consider The New York Times: the recent
breach by Chinese hackers was done via a phishing or spear phishing
email. All that was necessary was that one email to be opened, and The
New York Times network was accessible to the hackers. And once an
attacker is behind the firewall, then the hacker can do anything.
Without
proper training, it is easy for an employee to accidentally open and
launch a window for a hacker. It is the duty of every personnel
department to train new employees as to what to look for when receiving
email messages. This information should be included in employee manuals
and should also be posted on lunch room walls as reminders. With the
volume of emails we all receive on a daily basis, it is very easy to
forget that one of the emails could be a “Bomb” that could cause a
breach. And a network breach can lead to data loss, loss of reputation,
and denial of services for your employees and clients.
There are two types of phishing email messages: phishing and spear
phishing. Phishing is a generic type of email that is sent to everyone
in a company with the hope that someone will open the email and click on
a link or open an attachment. There are no names attached to it, the
subject line is generic, and the TO: line usually says
recipients_not_disclosed. That’s a dead giveaway! Finally, the FROM line
does not conform to corporate email standards.
The second form of phishing is called spear phishing. This type of email
is more insidious. Someone or some organization has taken the time to
find information about a specific employee and personalize an email
message to make it look like it has been sent to that person from
someone he or she knows. As a result, the email looks legitimate. This
email is designed through a few methods. The attacker scours Facebook,
LinkedIn, Twitter, and possibly financial information sites, such as,
Hoovers. The hacker may make calls to a company’s receptionist to find
other pertinent information regarding the email recipient, possibly
email address and/or phone number. In bigger companies, they may even
call the IT department and claim that they are the person of interest
and forgot their email password and ask for it to be reset. Hopefully,
there are policies in place with the IT department that make it
impossible for someone to change a password without multifactor
authentication (multiple types of ID must be given before the password
can be changed – this is an issue for another post). Spear phishing
emails are usually sent to management-level employees since they tend to
have more network privileges.
Once again, even with spear phishing, the questions one must ask
include: Are you expecting an email from this person and do you even
know him or her? Is there a link in the body of the email? If yes, do
not click on it. If you really must know what the link is, send it to
the IT department or your security team and let them confirm if it is
legitimate. Due to the speed of business these days, it may be difficult
to remember what to look for, but it’s also difficult to recover from a
breach. It can happen to anyone, don’t let it be you for your company’s
sake.
Host computers should all have a good virus scanner to scan inbound
emails and attachments. After that, here are some things to look for
when determining if you’re looking at a phishing email. Does the email
address in the FROM: line correspond to the corporate email layout? This
may mean: last name first, or first name last. When a message is sent
to you, are you expecting an email from that person or is the email
coming from someone you don’t know? Look at the subject line of the
email: Are there any misspellings in the subject line, and does it make
sense?
Make it a policy to never click on live links within an email message. A
live link (one that is colored and underlined) could look like a
legitimate link but the actual link may send you somewhere else. If you
really must know what the link is, copy and paste it into the notepad
program.
Sometimes
emails arrive in your inbox under the guise of legitimacy. They appear
to come from somewhere within your organization, but they’re not. An
email arrives and asks to change your security credentials – but don’t
be fooled. First of all, there should be a general announcement
regarding this topic distributed company-wide to all users. It will be
sent out by one person, not from “The Security Team.” Be aware of that.
Emails regarding this sensitive issue must be sent by individuals, not
groups, and an email sent by an internal employee will adhere to
corporate email structure, fakes do not.
Many breaches come from an email that looks legitimate from an internal
employee. So, look at the signature line at the bottom of the email. If
it isn’t the standard signature line that your company uses for all
emails, it’s probably suspect. I realize that checking an email to be
sure that it’s real can be time-consuming, but the more you look for
errors, the better you become at spotting them.
The larger a company is, the harder it is to remind employees about
staying vigilant. But in the long run, what’s worse: reminders or
hackers? You do the math.
Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Thursday, 28 March 2013
New malware targeting point-of-sale (POS) systems and ATMs
A new malware targeting point-of-sale (POS) systems and ATMs
has stolen payment card information from several US banks, researchers
say. The author behind the malware appears to have links to a Russian
cyber-crime gang. The malware scans the memory of point-of-sale systems and ATMs looking
for credit card data, researchers from Russia-based security company Group-IB told SecurityWeek.
The researchers believe the malware has already been used to steal data
from credit and debit cards issued by major US banks, including Chase,
Capital One, Citibank, and Union Bank of California.
Bluetooth Security
Many of us use and love Bluetooth technology. You can use it to send a
document from your laptop to a printer in another room via a radio
frequency. It’s easy to set up and convenient to use.
But you might want to think twice about what you use it for because that easy connection for you can also be an easy connection for a cybercreep.
THE RISKS:
1. You may be shouting out your information via your voice.
2. What makes Bluetooth easy to work for you, can make it open to someone to eavesdrop.
Have you ever been at a house where the baby monitor or the cordless phones pick up the neighbor’s conversations? This is sort of like that.
It’s also less about your actual Bluetooth itself and the fact that many people walk around with the Bluetooth enabled on their smartphone when they don’t use it which means it’s open for cybercreeps to Bluetooth their way in.
When you have Bluetooth turned on but not in use, you are basically broadcasting that your phone is on & available for other to Bluetooth to it!
HOW THEY DO IT:
A hacker can run a program on the computer that scans for Bluetooth connections. When they find one, bingo, they connect and they are in.
WHAT THEY TYPICALLY STEAL:
What do they take? Typically things like your address book, possibly your calendar, photos, using your phone to make long distance calls, or they may turn your phone into an impromptu speaker and listen to your conversations.
Three TIPS TO PROTECT YOURSELF:
1. Turn your Bluetooth to “off” on devices such as your phone when not using the Bluetooth feature.
2. You can also look at your manufacturer settings to see if there is a “hidden” or “private” mode.
3. Refrain from sensitive and personal conversations using the Bluetooth device.
But you might want to think twice about what you use it for because that easy connection for you can also be an easy connection for a cybercreep.
THE RISKS:
1. You may be shouting out your information via your voice.
2. What makes Bluetooth easy to work for you, can make it open to someone to eavesdrop.
Have you ever been at a house where the baby monitor or the cordless phones pick up the neighbor’s conversations? This is sort of like that.
It’s also less about your actual Bluetooth itself and the fact that many people walk around with the Bluetooth enabled on their smartphone when they don’t use it which means it’s open for cybercreeps to Bluetooth their way in.
When you have Bluetooth turned on but not in use, you are basically broadcasting that your phone is on & available for other to Bluetooth to it!
HOW THEY DO IT:
A hacker can run a program on the computer that scans for Bluetooth connections. When they find one, bingo, they connect and they are in.
WHAT THEY TYPICALLY STEAL:
What do they take? Typically things like your address book, possibly your calendar, photos, using your phone to make long distance calls, or they may turn your phone into an impromptu speaker and listen to your conversations.
Three TIPS TO PROTECT YOURSELF:
1. Turn your Bluetooth to “off” on devices such as your phone when not using the Bluetooth feature.
2. You can also look at your manufacturer settings to see if there is a “hidden” or “private” mode.
3. Refrain from sensitive and personal conversations using the Bluetooth device.
Internet slows down after DNS attack on Spamhaus
Hundreds of thousands of Britons are unsuspecting participants in one of the internet's biggest cyber-attacks ever – because their broadband router has been subverted.
Spamhaus, which operates a filtering service used to weed out spam emails, has been under attack since 18 March after adding a Dutch hosting organisation called Cyberbunker to its list of unwelcome internet sites. The service has "made plenty of enemies", said one expert, and the cyber-attack appeared to be retaliation.
A collateral effect of the attack is that internet users accustomed to high-speed connections may have seen those slow down, said James Blessing, a member of the UK Internet Service Providers' Association (ISPA) council.
"It varies depending on where you are and what site you're trying to get to," he said. "Those who are used to it being really quick will notice." Some people accessing the online streaming site Netflix reported a slowdown.
Spamhaus offers a checking service for companies and organisations, listing internet addresses it thinks generate spam, or which host content linked to spam, such as sites selling pills touted in junk email. Use of the service is optional, but thousands of organisations use it millions of times a day in deciding whether to accept incoming email from the internet.
Cyberbunker offers hosting for any sort of content as long, it says, as it is not child pornography or linked to terrorism. But in mid-March Spamhaus added its internet addresses to its blacklist.
In retaliation, the hosting company and a number of eastern European gangs apparently enlisted hackers who have in turn put together huge "botnets" of computers, and also exploited home and business broadband routers, to try to knock out the Spamhaus system.
"Spamhaus has made plenty of enemies over the years. Spammers aren't always the most lovable of individuals, and Spamhaus has been threatened, sued and [attacked] regularly," noted Matthew Prince of Cloudflare, a hosting company that helped the London business survive the attack by diverting the traffic.
Rather than aiming floods of traffic directly at Spamhaus's servers – a familiar tactic that is easily averted – the hackers exploited the internet's domain name system (DNS) servers, which accept a human-readable address for a website (such as guardian.co.uk) and spit back a machine-readable one (77.91.248.30). The hackers "spoofed" requests for lookups to the DNS servers so they seemed to come from Spamhaus; the servers responded with huge floods of responses, all aimed back at Spamhaus.
Some of those requests will have been coming from UK users without their knowledge, If somebody has a badly configured broadband modem or router, anybody in the outside world can use it to redirect traffic and attack the target – in this case, Spamhaus."
Many routers in the UK provided by ISPs have settings enabled which let them be controlled remotely for servicing. That, together with so-called "open DNS" systems online which are known to be insecure helped the hackers to create a flood of traffic.
"You can't stop a DNS flood by shutting down those [DNS] servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them."
Spamhaus, which operates a filtering service used to weed out spam emails, has been under attack since 18 March after adding a Dutch hosting organisation called Cyberbunker to its list of unwelcome internet sites. The service has "made plenty of enemies", said one expert, and the cyber-attack appeared to be retaliation.
A collateral effect of the attack is that internet users accustomed to high-speed connections may have seen those slow down, said James Blessing, a member of the UK Internet Service Providers' Association (ISPA) council.
"It varies depending on where you are and what site you're trying to get to," he said. "Those who are used to it being really quick will notice." Some people accessing the online streaming site Netflix reported a slowdown.
Spamhaus offers a checking service for companies and organisations, listing internet addresses it thinks generate spam, or which host content linked to spam, such as sites selling pills touted in junk email. Use of the service is optional, but thousands of organisations use it millions of times a day in deciding whether to accept incoming email from the internet.
Cyberbunker offers hosting for any sort of content as long, it says, as it is not child pornography or linked to terrorism. But in mid-March Spamhaus added its internet addresses to its blacklist.
In retaliation, the hosting company and a number of eastern European gangs apparently enlisted hackers who have in turn put together huge "botnets" of computers, and also exploited home and business broadband routers, to try to knock out the Spamhaus system.
"Spamhaus has made plenty of enemies over the years. Spammers aren't always the most lovable of individuals, and Spamhaus has been threatened, sued and [attacked] regularly," noted Matthew Prince of Cloudflare, a hosting company that helped the London business survive the attack by diverting the traffic.
Rather than aiming floods of traffic directly at Spamhaus's servers – a familiar tactic that is easily averted – the hackers exploited the internet's domain name system (DNS) servers, which accept a human-readable address for a website (such as guardian.co.uk) and spit back a machine-readable one (77.91.248.30). The hackers "spoofed" requests for lookups to the DNS servers so they seemed to come from Spamhaus; the servers responded with huge floods of responses, all aimed back at Spamhaus.
Some of those requests will have been coming from UK users without their knowledge, If somebody has a badly configured broadband modem or router, anybody in the outside world can use it to redirect traffic and attack the target – in this case, Spamhaus."
Many routers in the UK provided by ISPs have settings enabled which let them be controlled remotely for servicing. That, together with so-called "open DNS" systems online which are known to be insecure helped the hackers to create a flood of traffic.
"You can't stop a DNS flood by shutting down those [DNS] servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them."
Subscribe to:
Posts (Atom)