Open post

Ransomeware inbound! Another threat is looming on the web

This year alone, there has already been three large outbreaks involving online security and breaches.

Recently a new ransomware campaign has begun, and the targets have been high profile, for example Russia and Eastern Europe. This new threat has been named Bad Rabbit. The appearance of Bad Rabbit had been a grand event, simultaneously hitting organisations causing those affected to reminisce about the attacks earlier this year, like WannaCry and Petya.

So let’s break down what Bad Rabbit is

  • Russia, Ukraine, Germany, Turkey, Poland, South Korea, have all had reports of Bad Rabbit hoping out of it’s hole and causing a stir.
  • Bad Rabbit sent out file-encrypting malware to at least three media organisations in Russia, while also taking one news agency offline for a time.
  • Other organisations include the Odessa International Airport and Kiev Metro.
  • This far it is thought that 200 targets have been infected, and continue to be causing problems for infected organisations.

Bad Rabbit is a ransomware, which means once your infected, your at the mercy of the host of the hostile program.

  • Once the ransomware is active there is a note that takes up the screen informing the reader that all files are locked out unless payment is received and the acquired password is typed in.
  •  Victims are directed to a Tor payment page, where further instructions lie. The hackers demand payment through bitcoins and give a timer, to enhance the tension, saying the price will rise once the timer reaches zero.
  • The encryption used in the ransomware is called DiskCryptor. DiskCryptor is a open source software that is also legitimate and widely used. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

Bad Rabbit takes it’s inspiration from one of the earlier malicious outbreaks known as Petya.

  • There is speculation that this ransomware is an alteration of the Petya dynamic link library. This being said, means there is a strong correlation between Bad Rabbit and Petya in terms of functionality/looks and possibly both stemming from the same group/person.
  • The way Bad Rabbit has spread is through drive-by downloads on hacked websites. A website is hacked and will begin to feature a false flash update that will begin to download if clicked at all.
  • It is estimated that some site have been hacked since June, featuring Bad Rabbits strong presence.

How far does Bad Rabbit go?

  • It’s important to know that Bad Rabbit spreads laterally across networks.
  • This means that Bad Rabbit can propogate without user interaction. So while your counting the timer down, the ransomeware is spreading across infected networks.
  • The ability to spread laterally across networks is due to the list given to Bad Rabbit, that has combinations of simple usernames and passwords which it uses to force itself into networks.

Bad Rabbit may have targets in mind.

  • Researchers have noticed a curious movement of Bad Rabbit, suggesting it has specific locations in mind, rather than indiscriminately infecting. Corporate networks seem to have the most focus, possibly suggesting that corporations are the enemy of the hacker/group.

Last bits of information.

  • There is still no claim as to who is behind this ransomware. Some believe that it’s the same group involved with the Petya virus.
  • Some believe it is not a Russian group due to Russia being under alot of heat from Bad Rabbit, and customarily Eastern Europe cyber-criminals avoid attacking the “Motherland”.
  • The code of Bad Rabbit has references to Game of Thrones.
  • It is possible to protect yourself from becoming infected. A way to prevent the execution of the file is to block ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to help avoid infection at all.

Another day, another hacker, another virus. It’s never too late to up your defenses and avoid the mess of a breached network. 

Open post

OnePlus Update

OnePlus has been under some heat lately for their non-consensual data snooping through their mobile devices.

After a security researcher had exposed OnePlus for their snooping, they have reportedly admitted to the non-consensual action. Their address to their customer service forum on Friday the 13th confirmed such accusations. OnePlus tried to clarify and explain that the intent of the program was to improve user experience on it’s OxygenOS software.

OnePlus stated they have at no point shared any of the information with outside parties, to help ease the anxiety of their customers. OnePlus has stated that they will stop collecting telephone numbers, MAC addresses and WiFi information by the end of October. Also at the end of October, the company will prompt all users on how and why they collect data and will give an option to users to opt out of the data collection.

Their is still tension with some customers for fear of their data being mined for its value to marketers.  Despite opting out of the data gathering, there is still no real change. By opting out, the only difference is that there is no tags that link back to the device the data was gathered from. Currently there is still no sure-fire way to prevent the data from being gathered. 

Open post

WPA2 protocol leaves all access points vulnerable! Including yours!

Recently, some online researchers have discovered a fatal flaw in the WPA2 protocol. This flaw can affect anyone and everyone that is involved with Wi-Fi access.

This flaw allows potential attackers to manipulate vulnerable information such as passwords, e-mails, and other encrypted data, whilst intercepting that information they may also leave ransomware or other malicious content into a website a client is visiting.

The point of weakness is called KRACK, short for Key Reinstallation Attacks. Supposedly the research has been kept under wraps and was designated for disclosure on Monday at 8am.

This point of weakness affects the core WPA2 protocol itself and is highly effective against devices running Android and Linux as well as OpenBSD. To a less extreme measure. it also affects macOS, Windows, and MediaTek Linksys, along with other types of devices. It’s believed that attackers can exploit the flaw to decrypt a cache of data that is normally secured by the ubiquitous Wi-Fi encryption protocol.

The vulnerability allows potential access to credit card numbers, passwords, chat messages, emails, photos among many other possibilities. All modern Wi-Fi protected networks.

The attack functions by forcing the phone/device to reinstall an all-zero encryption key, rather than a real key.  Some may think that visiting only HTTPS-protected pages would solve the issue, however the risk remains due to many sites possibly being improperly configured allowing the forceful action of dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.

Patches have started to be developed for devices at the most risk currently. Thus far Linux patches have been developed but there is no word when they will be released. Some however not all Wi-Fi access points have patches available right now.

There will be an official address on November 1st at the ACM conference on Computer and Communications Security in Dallas. Its believed the address will also be available on krackattack.com’s site.

This could become one of the biggest threats to large corporations and government Wi-Fi networks.

Its advised to abstain from Wi-Fi use until patches are available and instead use a wired connection.

contact use with any questions/concerns about your vulnerability 

Open post

Equifax leads to disaster once again

Equifax, which recently had a security breach now has another.

In May, Equifax lost customer’s SSN, names and loads of other personal information to a security breach. Getting much scrutiny, they worked on getting the issue under control and had stated that it was solved. However it appears they were wrong.

A malware researcher ran across a bogus Adobe Flash update while going through the Equifax website. This occurred Wednesday  and Thursday for several hours. If clicked on, a visitors computer would become infected with adware. This adware is only detected by 3 of 65 antivirus providers.

Generally for malware like this, it only shows up once for each visitor and not even all visitors, more so a cluster at a time to prevent widespread detection. However the adware on the Equifax site was persistent in comparison to most other adware’s. You could run across the bogus flash update on multiple occasions increasing the risk of of it being clicked on and taken seriously. If clicked you will begin downloading ‘MediadownloadIron.exe’.

It’s suspected that the issue is stemming from a third-party that Equifax has been working with, which could mean the fault isn’t on Equifax’s end but the third-parties end. This could also pose a problem for other websites, so it’s important to keep an open eye.

Equifax needs some help it seems! Maybe they should call Re2tech? Well if they don’t, you can! Give us a call today and let us ensure your online security! Let’s not follow suit with Equifax. 

Open post

Disqus breach. Hackers: 10 low security standards: 0

Here we are again folks, another article of a large breach in security, leaving multiple thousands in a state of possible vulnerability.

It was discovered that back in 2012, the same year Engadget used Disqus for comments,  hackers had claimed data from Disqus’ servers. A snapshot of usernames and the emails associated, dating back to 2007, as well as sign-up dates, and last login info and users of the 17.55mm text had been captured. Adding onto that, it seems that 1/3 of the passwords were also breached from those affected accounts, despite being hashed (SHA1)

Disqus learned of the hacking this past Thursday after Troy Hunt of Have I Been Pwned notified disqus that it had obtained a copy of the site’s disclosed information.

Apparently Hunt has also come across breaches for Bit.ly and Kickstarter, while stating he has three more to go.

If you have an account with any of above mentioned sites it would be wise to check on your vulnerable information and ensure all your things are accounted for.

Dont wait until your information is discovered by Have I Been Pwned, act now and give us a call about beefing up your security system! 

Open post

Yahoos 2013 hack affected everyone!

Yahoo’s most known and infamous hack in history, is worse than initially thought.

According to Verizon, who acquired yahoo in June, its now known that all 3 billion users were affected at the time of the hack. No one got away. This is a huge upset in comparison to the initial damage report of 1 billion, that was disclosed years ago.

The hacked information was most all sensitive and private information of the users. Phone numbers, birth dates, security questions and answers, and “hashed”, also known as scrambled, passwords. After the recent investigation of Verizon while transitioning Yahoo, it was noted that the scramble function for Yahoo user’s passwords was very outdated and easily unscrambled, so account passwords were likely breached.

Yahoo is sending emails to those accounts previously thought of as unaffected by the hack back in 2013.

Four years later and we have discovered that a hack that was already known to be one of the worst in history, is now back in the limelight because it was actually much worse than initially reported. This is a prime example that, despite thinking we have all we need to know on a situation, it can come back and bite us in the butt again. This reason alone should be proof enough that cyber security is something to take seriously, and provide the right amount of attention in order to lessen the likelihood that it occurs to you or your company!

Give us at Re2tech a call today and let us help you set up a strong network, and educate on the necessary precautions and management of a network. 

Open post

Hackers-2, Equifax-0

After the recent announcement that Equifax had been the victim of a hacking, there has been scrutiny towards the company. Millions of people had their SSN breached and other personal information stolen.

From an on looking perspective it seemed like things couldn’t get worse for Equifax, but it seems that was wrong.

Once again Equifax has found itself a victim of security breach. This breach involved the loss of thousands of customers national identity numbers. The difference in this breach is that it took part in Argentina, and the means by which they were hacked, are rather ridiculous.

As it seems, Equifax had their username and password of the Argentina branch, the same one word, Admin. This is a well known setup username and password across the world. Something new gets set up in a network and the default username and password is admin.

The important matter to take away from this event would be the lack of security that their password offered. As mentioned in a past post, passwords are a vital importance in our cyber defense, and the format of passwords is important. It used to be the norm that a password would be strongest as a jumble of letters, numbers and special characters, however its been recently studied that passwords that consist of four word phrases have a much stronger defense, being a much bigger hassle to crack.

A good example of a strong password could be as follows:

“Penguin Passage Blockus Printer”

This password format has a higher entropy count that increases the difficulty for password cracking programs exponentially.

Dont wait until your in the same position as Equifax, ensure your password strength is up to par and protect that which is important to you and your customers!

Dont forget to give us a call if you need any help with your cyber-security or other forms of technology! We make I.T. happen!

Safe surfing everyone!

Open post

Network Segmentation Security

As we all know, cyber attacks are becoming more and more commonly talked about. Defending yourself against a cyber attack can be difficult, there are so many forms of cyber attacks and multiple ways you can try to anticipate them. However, network segmentation is effective for anyone and everyone in helping to slow down the damage a cyber attack can do!

How does segmenting a network help defend or slow down the spread of a cyber attack?

By splitting up your network into smaller subnetworks you are able to micro manage different forms of cyber security. For example you can have one subnetwork with a form of security that looks specifically for one type of cyber attack, while having a different subnetwork with a different form of cyber defense. This multi segmented network gives a stronger control to role and functionality and if you were to be hacked in some way, this would not allow the breach to infest everything all at once. There would be time to discover the location of the problem and fix it before it spreads to a different segment of your network!

This form of security is especially useful for small businesses who manage everything on one network and rely on websites, smartphones and connected devices.

Firewalls are the corner stone for segmented networks, they ensure agility and security by managing traffic to and from network devices, as well as eliminate the threat of excess access to your network.

Give us a call at re2tech today and let us help spread your network into a more defensive state to mitigate any damage if you were to be the victim of an online attack! While were at it, let us increase your security through measures like VPN (virtual private network) to ensure your at your strongest to begin with and help avoid any attacks all together! 

Open post

Layered email security

We all have loads of emails coming in on a daily, especially if your a business. However we all also receive a bunch of spam, and some that have very bad intent for your security! Phishing attacks are becoming some of the most prominent forms of security breaches.

Phishing attacks: Phishing is the attempt to obtain sensitive information such as usernames, passwords, credit card details, all through the guise of a trustworthy entity over electronic communication.

As a solution to email spam and the ever malicious phishing attacks, a layered email security set-up is ideal. Layered security can be hosted locally or on the cloud. Layered security combines multiple mitigating controls to protect resources and data.

Here’s the breakdown for each layer and their involvement in adding to your security measures!

Layer 0 or 6: SIEM, spam control and monitoring

This layer focuses on the generating data about quantities of emails that can be cataloged as spam. This can be the initial or final step in the layers. Using this information we can improve the process of our current antispam protection system.

Spam control through SIEM (Security Information and Event Management) allows the generation of statistics to determine the number of attacks stopped by the other layers of protection, validating our security system.


Layer 1: Mail scanning via external services

Not all businesses start out with antispam protection technology, so its important to incorporate some platform that holds a continuously updated source of threat intelligence data. Detection systems, sensors and other information gathering mechanisms that summarize the data of potential new attackers or existing actors/suspects.


Layer 2: Perimeter protection

Ensure the computers have a form of firewall and spam detection system. Firewalls generally provide perimeter protection to internal networks, however its important to test these security measures to make sure they are configured correctly and catch the correct forms of spam/emails.


Layer 3: Internal network, mail servers and antispam solutions

Many next-gen email platforms have local spam protection, but need to be configured correctly for your specific business needs and pointing to internal antispam servers.


Layer 4: Final devices

Each host should have protection mechanisms connected to the mail client. This mechanism must be able to identify threats, email spam, and spear phishing attack. These systems can be connected to Outlook, Notes, and Thunderbird.


Layer 5: Training end users to avoid phishing attacks

Users are one of the most important layers of protection. Its important to teach the basics to your employees about security awareness, because ultimately when it comes to phishing attacks through email, each individual user has to know what to look for and avoid!

Give us a call at Re2tech today and let us ensure your security is in place and ensure all forms of protection are in place to prevent any susceptibility to phishing attacks among the other online dangers!

Open post

Firmware updates aren’t always the best

We at Re2tech make sure to keep our eyes on the radar for any possible security or reliability issues that can arise with technology on a daily basis that may affect you and your business. Recently we had a ping that was unexpected.

August 8th was the release of a bunk over-the-air firmware update for smart locks manufacturer’s LockState RemoteLock 6i (also known as 6000i).

This firmware update for the 6000i would cause hundreds of people to be locked out of their homes/businesses/Airbnb. The update ended up bricking the device’s smart code access mode, due to losing connection to the vendors servers. While physical keys continued to work, Airbnb hosts had multiple calls from incoming home goers who cant get in. The estimated time for fix’s would be announced at 14-18 days, and that was for replacements. All the locks affected by the update had to be sent back and replaced.

Its important to keep up to date on your technology and their operating status to be able to react as fast as possible and minimize possible reputation/business damage.

If you have a problem, we have a solution.We at Re2tech look out for our customers cyber security but also technology. Re2tech is here to ensure your business runs as smooth as possible from the inside out. Give us a call today and find out what we can do for you, while were at it, we will show you what real reliability is all about! We make I.T. happen!

Posts navigation

1 2 3 4 5 6
Scroll to top