SYNful Knock and a New Age of Phishing

By | September 21st, 2015|Uncategorized|

PhishingEarlier this week, Reuters reported that security researchers uncovered a new malware strain called SYNful Knock, targeting Cisco routers. Once installed, SYNful Knock gives cyber criminals the ability to harvest data being shared via the router without being detected. The malware has already been found on a handful of Cisco routers in four different countries.

While reports of breaches and data theft are commonplace these days, the SYNful Knock malware stands out for one key reason – affected routers were compromised not because of a security flaw in Cisco’s software but because cyber criminals secured the login credentials of key network administrators to install the software.

We’ve long espoused on this blog that employees are always going to be the weakest link in any security system. There will always be an employee that reuses easy-to-remember passwords across multiple logins. There will always be an employee that gets tricked into downloading an infected file or tricked into clicking on a malicious link through a phishing scam. If you want better cyber security at your business, employee education is the place to start.

This is even more evident went you look at the Cisco router story. In the past, cyber criminals focused on quantity over quality – send out 100,000 phishing emails and hope that a handful of recipients fall for the scam. We are seeing a move away from this and a move towards cyber criminals focusing on specific high-value targets, targets like employees that have network administrator-level credentials. Cyber criminals are using social media sites like LinkedIn to identify key personnel that may have administrator access to a system. They are then researching these individuals, often on social sites like Facebook and Twitter, to collect personal information – information that can be used for a customized phishing email or to answer standard password reset questions. In the case of the Anthem breach, cyber criminals used this tactic to secure logins for five Anthem employees. One of these five employees had administrator-level credentials. That’s all it took for cyber criminals to access more than 80 million customer records.

Compared to Anthem, this week’s Cisco router news seems pretty unimpressive. But it is a story that serves as a cautionary tale of what’s on the horizon for business cyber security and employee vulnerability.

Have tips on how to educate employees on password best practices? Weigh in on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

When Good Passwords Go Bad

By | June 19th, 2015|Uncategorized|

Cyber SecurityLast month, password manager LastPass announced that their system had been hacked, exposing email addresses and encrypted master passwords for its users. Users were notified and prompted to change their master passwords.

Shortly after news broke of a flaw found in Apple’s Keychain software that could let malicious software steal passwords across apps on your Mac. This flaw could result in exposed passwords to iCloud accounts, notes, photos, email accounts, banking, social media – you name it.

Both of these stories exemplify just how vulnerable our login systems are. As the LastPass hack shows – even when you are trying to do the right thing and safeguard your passwords, bad things can still happen.

One thing is certain: there is no surefire way to protect yourself against password loss due to hacks and malware unless you stay off the Internet altogether. However, there are some best practices you can implement to reduce the risk of a hack or breach.

Turn on Two-Factor Authentication
Two-factor authentication is typically comprised of two out of three identifiers:

  • Something you know, like a password
  • Something you have, like a token or code messaged to your phone
  • Something you are, like a fingerprint

Turning on two-factor authentication, especially on high-value accounts such as Amazon, Gmail and banking sites is essential. This will ensure that even if your password is lost, a hacker will need the second form of authentication to access to your account.

Practice safe password habits.
Do not reuse your password across multiple sites. Develop a passcode system that helps you remember the unique passwords you develop for each digital account you own. Passwords should be long, should not include any words found in a dictionary and should vary in character type (include special characters, capitalization and punctuation as password systems allow). Be sure to change passwords every six months and use two-factor authentication whenever possible.

Monitor your identity.
Use a service to monitor for suspicious activity of your personal information on the black market. Monitoring services will identify if your personal information, like your email address or password, is being shared on the dark web.

There are many interesting technologies and methods being explored to help secure our login systems. In the meantime, adhere to the above best practices to protect your accounts from unauthorized access. Were you impacted by the LastPass breach? Let us know how you responded on our Facebook or Twitter channel.

Load More Posts