Firewall Chats, Ep. 5: Scams, Malware, and Phishing Attempts

By | December 15th, 2015|Business Security, Firewall Chats|

MalwareToday airs the final episode in our pilot podcast series! To wind down the last few days of 2015, we sat down with Adam Dolby, Encap Security’s vice president of business development.

Prior to joining Encap Security, Dolby was focused on banking, ATM networks, and card processing. His expertise lies within multi-factor authentication, security, and electronic financial services, which is why we wanted to discuss the tricks, traps, scams and malware that consumers face daily.

Did you know, according to Get Cyber Safe, roughly 156 million phishing emails are sent each day? Of that, 16 million make it through filters. Half are opened. In the end, 80,000 people fall victim to scams and share personal information with cyber criminals.

“Bad guys will cast a fairly wide net–the wider the net, the better for them,” Dolby said. “They see who ends up in it at the end. … While the online community has come [far], when you can still trick 80,000 people, a day, into giving away their credentials that means we have a really long way to go.”

Malicious emails aren’t the only danger to businesses and consumers.

“Malware, to me, is the real threat.” Dolby said. “Malware is a form of computer program designed specifically to steal your login credentials.”

Dolby said there were 255,000 new malware variants every single day in 2014.

Our guest also shared that long gone are the days when hackers were individuals, hiding in basements. Now these scams and hacks are part of sophisticated, organized attacks.

In our episode, Dolby shares tips to be aware of these scams, the cost of data breaches, two-factor authentication, and how businesses can better protect their employees and customers.

“It’s up to you to protect your identity,” Dolby said. “Be prepared for the when, not the if.”

You can listen to the entire episode, as well as our past podcast episodes, at www.csid.com/firewallchats. Thanks for listening!

Questions? Comments? A topic you’d like to see us tackle next year? Reach out to us on Twitter and Facebook to let us know!

Ransomware in Review

By | November 24th, 2015|Business Security, Malware and Scams|

RansomwareOne of the scariest cyber security trends of 2015 was the evolution and uptick of ransomware attacks. Ransomware is a type of malware that, once installed on user’s device, will block access to the device until a ransom is paid to the cyber criminal to unlock and remove the malware. The FBI recently reported that Cryptowall, a popular strain of ransomware, netted cyber criminals more than $18 million between 2014 and 2015.

It is true that ransomware campaigns have continuously netted their owners large amounts of profit, and have become highly attractive to the fraud community. However, this rise in prominence has also led to an increase in focus by the anti-virus industry, whose job it is to mitigate the major threats seen in the underground world.

This is why ransomware has evolved drastically over the past 12 to 18 months. Cyber criminals have realized that that the security industry is capable of developing various countermeasures to software-based threats, so simply locking devices for a ransom is easily mitigated and prevented. As a result, cyber criminals have taken ransomware a step further and moved to file encryption, which is much more difficult to resolve via anti-virus software. By implementing file encryption, cyber criminals can ensure that users cannot simply apply a patch and undo the damage done to their device. Affected users are forced to deal directly with the cyber criminal if they have any desire to recover the encrypted information, increasing the probability of an affected user paying the ransom rather than going to a security vendor for help.

Countermeasures to this new approach to ransomware are in the works. Businesses can focus on monitoring network traffic to identify anomalous requests or physical devices to identify suspicious activities on devices, activities like file system access and injection into remote processes. However, these countermeasures are a product of businesses catching up to the cyber criminals. The underground community will always be coming up with new ideas and attack methodologies. They innovate at a faster pace than the business world and are constantly focused on designing new methods to steal anything that can be sold or used for financial gain. It’s up to businesses and consumers to understand these issues and utilize the best tools available to secure themselves and their devices.

As always, let us know your thoughts on FacebookTwitter or LinkedIn.

SYNful Knock and a New Age of Phishing

By | September 21st, 2015|Uncategorized|

PhishingEarlier this week, Reuters reported that security researchers uncovered a new malware strain called SYNful Knock, targeting Cisco routers. Once installed, SYNful Knock gives cyber criminals the ability to harvest data being shared via the router without being detected. The malware has already been found on a handful of Cisco routers in four different countries.

While reports of breaches and data theft are commonplace these days, the SYNful Knock malware stands out for one key reason – affected routers were compromised not because of a security flaw in Cisco’s software but because cyber criminals secured the login credentials of key network administrators to install the software.

We’ve long espoused on this blog that employees are always going to be the weakest link in any security system. There will always be an employee that reuses easy-to-remember passwords across multiple logins. There will always be an employee that gets tricked into downloading an infected file or tricked into clicking on a malicious link through a phishing scam. If you want better cyber security at your business, employee education is the place to start.

This is even more evident went you look at the Cisco router story. In the past, cyber criminals focused on quantity over quality – send out 100,000 phishing emails and hope that a handful of recipients fall for the scam. We are seeing a move away from this and a move towards cyber criminals focusing on specific high-value targets, targets like employees that have network administrator-level credentials. Cyber criminals are using social media sites like LinkedIn to identify key personnel that may have administrator access to a system. They are then researching these individuals, often on social sites like Facebook and Twitter, to collect personal information – information that can be used for a customized phishing email or to answer standard password reset questions. In the case of the Anthem breach, cyber criminals used this tactic to secure logins for five Anthem employees. One of these five employees had administrator-level credentials. That’s all it took for cyber criminals to access more than 80 million customer records.

Compared to Anthem, this week’s Cisco router news seems pretty unimpressive. But it is a story that serves as a cautionary tale of what’s on the horizon for business cyber security and employee vulnerability.

Have tips on how to educate employees on password best practices? Weigh in on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Don’t Fall for Scareware

By | March 26th, 2015|Uncategorized|

Cyber SecurityHave you seen one of these lately?

If you have, you are not alone. These pop-ups are called scareware and their sole purpose is to try and trick consumers into downloading malicious pieces of software or contacting a malicious entity who will then try to secure personal or financial information. Scareware has been around for a while but instances of consumers coming across it are on the rise due to the growth of malvertisements.

A malvertisement is a malicious advertisement created to either drop malware on a susceptible device automatically or scare users in to installing bogus software. There has been a huge increase in the distribution of these advertisements over the past few years as ad networks have started to resell space through other providers resulting in less stringent checks on the content pushed through these sites. This is why you can be browsing a perfectly safe and legitimate site like Mashable or CNN and still run in to a scareware pop-up.

If you see one of these popups check to see if the advert is displayed in the browser or on the computer itself. If it is in the browser than you likely have nothing to worry about so long as you haven’t clicked on any of the links. If you are worried that your computer may be infected, run a malware scan. If the advert is running outside of the browser, than it is likely that your device may already have malware. Make sure you take all the necessary steps to remove the malware from your machine and refrain from sharing any financial information or logging in to any sensitive sites until your device is free and clear.

Cyber criminals are always trying new methods and thinking of clever ways to trick people in to downloading malware or sharing valuable information. Always be on the alert and if you get a pop-up asking you to download something on input valuable information, it is likely a scam.

As always, let us know what you think on Twitter, Facebook or LinkedIn.

 

News Recap: WireLurker Malware

By | November 6th, 2014|Uncategorized|

WireLurkerResearchers at Palo Alto Networks announced this week that they have unearthed a new malware strain that targets Apple products. The malware has been dubbed “WireLurker.”

Brett Molina, of USA Today, reported, “security researchers have discovered new malware targeting Apple’s iOS mobile operating system and OS X for Macs that can be transmitted through USB connections.” Molina noted, “Thus far it’s limited to users in China who have downloaded infected apps from a third-party app store there. But security experts worry that with this ‘proof of concept’ example, it could spread.” Molina explained the significance of the discovery saying, “Historically Apple devices have been considered relatively safe from the viruses and malware that have long infected PCs and, increasingly, Android products.”

Help Net Security stated that WireLurker is “the first malware family to infect installed iOS applications in a way typical for a traditional virus. It is also the first malware that automates the generation of malicious iOS applications through binary file replacement.” Help Net Security summed up the purpose of the malware stating, “The OS X malware’s mission is to collect information about the iOS device connected to it and to infect it. The iOS malware’s [purpose] is to collect user data and send it to a server controlled by the attackers.”

WireLurker is yet another example of how malware attacks are so prevalent – even on mobile operating systems. What can users do protect their devices as well as their information from an attack like WireLurker? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Keylogging malware on public computers is a growing concern

By | July 23rd, 2014|Uncategorized|

keylogger malwareThis month, the U.S. Secret Service issued a warning about the increasing practice of hackers installing keylogger malware on computers in hotel business centers. The malware captures keys struck by hotel guests that use the computers and then sends that information via email to the malicious hacker. The result – any sensitive information the traveler types in to the computer is compromised.

Hotel systems hold a treasure trove of data, including email addresses and email account logins, card details, even logins to travel and rewards accounts. More importantly, they are more likely to host information related to a government issued ID like a driver’s license or passport, common documents that are referenced when traveling.

While keylogger malware is nothing new, we have seen a huge increase in hotels being targeted by this remote malware. We have seen more than 50 different hotel chains compromised in the past few weeks via our CyberAgent software including a handful of large US-based hotel chains. We’ve also seen the same type of installations at libraries and museums – virtually any environment that offers public access to a computer. Keylogger malware is an opportunistic, low risk and high reward attack method, and anyone using a public computer should be aware the risks.

To avoid being the victim of keylogger software, consider the following:

  • Keyloggers can’t record what isn’t typed. When using a public computer be aware of the accounts you log in to and the information you share. Avoid logging in to high value accounts like your bank account or Amazon account. In instances where logging in to a high value account is unavoidable, change your password when you get home.
  • Speaking of changing your password, it is generally a good practice to update your passwords frequently. This practice alone will hamper most keylogging attacks.
  • Assume that anything you do on a public computer will be recorded and used by others. Follow this advice and you should be okay.

News Recap: Senate Report Aims to Stop Malvertisements

By | May 29th, 2014|Uncategorized|

Ads blogEarlier this month, the United States Senate published Online Advertising And Hidden Hazards to Consumer and Data Privacy, a report that analyzes and investigates the distribution of malware through online ads.

AdWeek’s Katy Bachman shared insights from the report, citing that “in some instances, clicking the play button would initiate a pre-roll ad on YouTube or Yahoo that could deliver malware to consumers’ computers… Sites that consumers would expect to be safe, including The New York Times, Major League Baseball and the San Francisco Chronicle, were found to host ads with malware, many delivered by third-party ad networks.”

The complexity of online advertising makes it difficult to identify who is responsible.

“An ordinary online advertisement typically goes through five or six intermediaries before being delivered to a user’s browser, and the ad networks themselves rarely deliver the actual advertisement from their own servers,” cites the Senate report. “In most cases, the owners of the host website visited by a user do not know what advertisements will be shown on their site.”

This presents a privacy problem for users, Lucian Constantin explains in PCWorld. According to Constantin, “in most cases users can’t control what data is being collected, who collects it and how it’s used.” Constantin pulled an example from the Senate report during which one visit to a tabloid news website sparked interactions with 352 web servers, “many of those interactions were benign; some of those third-parties, however, may have been using cookies or other technology to compile data on the consumer. The sheer volume of such activity makes it difficult for even the most vigilant consumer to control the data being collected or protect against its malicious use.”

Should websites be held responsible for the advertising content hosted on their site? How can consumers protect themselves from malvertisements? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

How Infected Are We? A Closer Look at Malware

By | May 22nd, 2014|Uncategorized|

malware-infographicThis infographic and blog post is shared by Roscoe Crowell, freelance writer and security expert at toptenreviews.com.

Year after year malware continues to increase in volume and simultaneously becomes more dangerous. Last year alone, approximately 27 million new strains of malware were created and released into the wild. That’s about 74,000 new viruses per day.

So what exactly are we infected with? TopTenReviews created an infographic that details what kind of malware infects our devices and what we should be on the lookout for when it comes to protecting against malicious software. With more than 30 percent of households in the U.S. infected by malware, it’s important to be aware of what kinds of malware can affect you, your family and your business.

Additionally, more than ever, personal activities and professional activities are tied closely together, making your devices – no matter if it’s a personal or work device – a target for cyber criminals to steal data or financial records. Last year, one million U.S. households lost money or had accounts misused because of malware. This can be circumvented by awareness and good security habits.

With an estimated cost of $4.55 billion to U.S. households per year due to viruses, spyware and other malware, we need to up our protection efforts. The first step in prevention is awareness. As always, let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

cyberSAFE Webinar Series is Back: SMB Security Solutions for Every Stage of Growth

By | May 12th, 2014|Uncategorized|

Small Biz WebinarOur CSID cyberSAFE series is back with another great webinar: June 10 at 12 pm CT on SMB security.

Register Now

As a small business owner, your security needs are constantly changing as your business grows. When starting a business, security risks are tied closely to your personal and business credit. As the size and scope of your business increases, other risk factors are introduced: security vulnerabilities exposed by employees, such as the reuse of login credentials, mismanaged data or falling prey to malware downloads; third-party vendor breaches, which can provide unsecured access to your systems; and the challenge of securely storing customer data. Lapses related to these vulnerabilities can impact a business’ finances and reputation on a grand scale.

The question is: how do you manage all of these risks while taking into consideration the limited resources and time that small business owners have? We have pulled together a stellar group of SMB security experts to discuss and answer this question, including Byron Acohido, author of The Last Watchdog and The Securitist, Aaron Hanson, Senior Manager and Regional Product Marketing at Symantec, and Bryan Hjelm, VP of Product and Marketing at CSID.

Join us for this free one-hour webinar on June 10 at 12 pm CT. If you are a small business owner, aspiring entrepreneur or IT guy, we encourage you to sign up, listen in and ask questions. For more information, visit the webinar registration page.

Also, join conversations about the webinar on social media using the hashtag, #cyberSAFE.

Evolution of Identity Management

By | February 6th, 2014|Uncategorized|

CS_Infographic_EvolutionOfID_LargeProtecting your identity isn’t as cut and dry as it was before the digital age. Before the internet, identity thieves would find personal data by hunting through the garbage for sensitive documents, phishing for private information via phone rather than email or purchasing personal data from unscrupulous store employees.

Now, with advances in technology, identity thieves have many more tricks and tactics to collect sensitive information, especially in the online world. The types of information that are valuable to identity thieves have also changed. Social Security numbers and credit cards still fetch a high price on the identity black market but email address and login information are also prized as they provide access to valuable online accounts such as Amazon or banking sites. Add this to the fact that social networking profiles have made it easier than ever for cyber criminals to collect personal information and it is easy to see that the need for identity management has become more important than ever.

Take a look at our identity management infographic to see what information cyber criminals are going after now and what security risks consumers and businesses should anticipate in the future. While identity management in this increasingly digital world can be daunting, there are many unique solutions both new and in the works that can help companies and consumers protect their sensitive information online and off.

You are welcome to share this infographic on your website and can access the embed code on Visua.ly. In the meantime, please let us know how you plan on managing your identity by leaving a comment on our Facebook or tweeting at us on Twitter. Be sure to stay up-to-date on the latest security news on our Tumblr.

Load More Posts