fbpx
Open post

Phishing or data breaches? Which should you be worried about?

As of late, there has been a lot of talk about data breaches and online security failures. Naturally these instances can be concerning due to their involvement with their customers, like you! It is important to secure your network and be aware of any gaps that may be taken advantage of, however it is also important to watch out for phishing attempts, some believe even more so.

Recently, Google and UC Berkeley researchers have stated that the real fear should lie with the phishing hook waiting for unsuspecting persons. While data breaches can be devastating, it is thought that phishing can lead to more devastating results in the end, for example losing access to accounts and having your life’s work or personal documents/information out of reach. A strong example would be the loss of your Google account, that most persons now use regularly and hold superfluous  amounts of life activities and records on. Phishing generally has a much higher encounter rate than data breaches.

Last year Google did a study, with their services as the focal point, to study the commonalities of phishing, key logging, and data breaches. Through the study, it was noticeable that phishing was much more relevant than key logging or data breaches. Through the process of this study, the gained knowledge was put to use almost immediately, helping to secure around 67 million Google accounts from possible abuse.

Google used large amounts of sources to help discern accounts that have already been compromised by key logging, phishing and data breaches, and it became known that most of those using phishing kits reside in the following order.

  • Nigeria
  • United States
  • Morocco
  • South Africa
  • United Kingdom
  • Malaysia

The basis of the phishing attacks, involve a false sense of insecurity. They are emails or something of the like, that state there is a problem and that the message can take you to the solution. These messages are often portrayed very convincingly which tends to be the reason they are believed more often than naught. Another part of the ponies tricks is using Google against itself. Often the messages attempt to gain excess forms of information under the premise of being Google asking for these other forms of information. The other forms of information include IP addresses, device make and model, phone numbers, and location, all of these things are something Google may ask for at times, meaning you need to be that much more vigilant. Through gaining access to these other forms of information, those doing the phishing can extend their area of activity and possibly cause even more of a stir-up on your life.

 

Google found that, while data breaches can be a serious problem, there has only been about 7% of accounts that experienced data breaches, and those accounts have long since been inactive before being breached. In saying that, key logging and phishing accounted for around 12 or 25% of account passwords being used by persons other than the account owners. Most of the phishing victims were in the United States, while Brazil and India being the majority of key logging victims.

No matter the form of security breach, it’s important to continually be conscious of your activity online, and ensure your keeping yourself, life, and information safe. 

Open post

Android security update! KRACK be gone and band-aid adhesion!

Android deployed its recent patch for their phones. This patch holds significant updates, that involve KRACK (Key Reinstallation Attack) and also some fixes for the newly released Pixel 2 phones!

Surprisingly, Google actually released three updates for November. There is the main update that involves the normal bug fixes and performance updates. The second patch is in relation to the Qualcomm bug that left users vulnerable to Wi-Fi breaches.

The Qualcomm bug comes second to the Krack update. Earlier this year a weakness was found in the WPA2 Protocol that put thousands of people in a vulnerable position, allowing them to be hacked through most all Wi-Fi points. Krack is all about that new vulnerability in the WPA2, those most vulnerable however would be the Linux and Android 6.0+ devices, this is because their system can be tricked into installing an all-zero encryption key.

The 2017-11-06 patch that addresses KRACK issues affects versions ranging from Android 8.0 Oreo and all the way back to 5.0.2 Lollipop. As for Google’s Pixel and Nexus, the patches thus far released are only up to 2017-11-05, so the KRACK update has not hit those customers yet, but it is presumed they will receive the 2017-11-06 update sometime closer to December.

Along with bug fixes and security reinforcement, Google is now adding functional updates in the mix. When the Google Pixel was released, the XL variation received a lot of criticism due to the screen brightness and burn of the battery that occurred passively. To help diminish these concerns, Google updated the phone with new functionalities. The first would be a new dimming navigation bar, that dims the navigation bar when it is not in use, while also changing to white while in some applications. The patch also lowers the max brightness.

Another complaint was the colors of the display were dull. It seems Google anticipated this possibility and had installed a “Vivid color” check box in the settings menu. However this saturation wasn’t enough for some customers so Google released a new “colors” option that gives three options for saturation, ranging from natural, to saturated, to boosted. Supposedly there have been reports of clicking noises while on the phone with the Pixel, but Google states the November patch fixes that as well.

Open post

USB with breach measurements found in Heathrow

Recently, a USB was found discarded on the streets of London. Well that’s fine right? Nothing is abnormal about some misplaced USB’s…until this one.

The USB that was found contained very high detailed information involving the Queen’s route when using the airport and the security measures taken, as well as timetables of patrols used to guard a site from terror attacks. There were also loads of maps and documents labelled restricted or confidential. ID access information was also included which allowed for access to restricted areas.

One of the even more concerning bits of information (yes there is more) found among the documents were maps showing the location of CCTV cameras, routes and safeguards for cabinet ministers and foreign dignitaries, as well as details of the ultrasound radar system used to scan runways and the perimeter fence.

Thus far there is no suspect to who owned this USB. However There has been statements made that security is still tight and Heathrow remains secure. 

Open post

Update on the wild Bad Rabbit

Ukraine speaks out on the Bad Rabbit running rampant in Russia, stating that the hackers behind the NotPetya virus were the probable group responsible for the release of Bad Rabbit.

A Ukrainian official stated that the attacks from Bad Rabbit could have been mitigated greatly had organisations followed the recommended methods of malware handling, as well as basics on not clicking on suspicious messages. A prominent characteristic of the Bad Rabbit virus is the coding  and method of approach, which leads to further believing that the same group who released the NotPetya, also released Bad Rabbit.

Thus far, it is believed that the hacker group known as Black Energy are responsible for the NotPetya and Bad Rabbit virus’. This hacker group is a Ukrainian hacker group know to work in favor of Russia.

As of late, Ukraine has been the victim of multiple cyber attacks, having power knocked out in thousands of homes, frozen super market tills, and government computers that were left paralyzed. Ukrainian officials have stated that they think Russia sees the Ukraine as a testing ground for cyber attacks.

The US and Ukraine have been working together to teach comprehensive hacking combat techniques and skills.

Ukrainian officials believe there are many more cyber attacks on the way.

Open post

Equifax update. They knew months ahead that a breach was possible

Unfortunately there are some in this world who choose to close their eyes to the issues. Equifax seems to be the type to commit such ignorant acts.

Reportedly, six months ago Equifax was warned about the possibility of a security breach in their network. An anonymous security researcher had informed Equifax that they were susceptible to a forced browsing technique that could potentially expose thousands of customers SSN, birthdays and full names. The anonymous researcher also said they found other bugs that would have allowed a hacker to take control of Equifax servers, including SQL injection vulnerability. SQL vulnerability would allow maliciously crafted data to be forced into a web entry field to run commands in the background without the user being wiser for it.

This is a disappointing realization of information, knowing that a company that is supposed to keep the information of customers at it’s highest priority on lock down, to be so negligent to the weaknesses in their security system. Especially when being told specifically the issues that are there and could be accessed through such an easy manner such as forced browsing. Its reported that Equifax didn’t address those issues for six months. It is uncertain if those weaknesses were the cause of the security breach, which would honestly be more unsettling if there was a different means of access, because that means they were even more lax in another area with the information of the people who trusted them.

There is speculation that more than one hacker group could have been inside of the company’s network at the breach, further enhancing the possible issues that may arise for the Equifax customers. 

Open post

Ransomeware inbound! Another threat is looming on the web

This year alone, there has already been three large outbreaks involving online security and breaches.

Recently a new ransomware campaign has begun, and the targets have been high profile, for example Russia and Eastern Europe. This new threat has been named Bad Rabbit. The appearance of Bad Rabbit had been a grand event, simultaneously hitting organisations causing those affected to reminisce about the attacks earlier this year, like WannaCry and Petya.

So let’s break down what Bad Rabbit is

  • Russia, Ukraine, Germany, Turkey, Poland, South Korea, have all had reports of Bad Rabbit hoping out of it’s hole and causing a stir.
  • Bad Rabbit sent out file-encrypting malware to at least three media organisations in Russia, while also taking one news agency offline for a time.
  • Other organisations include the Odessa International Airport and Kiev Metro.
  • This far it is thought that 200 targets have been infected, and continue to be causing problems for infected organisations.

Bad Rabbit is a ransomware, which means once your infected, your at the mercy of the host of the hostile program.

  • Once the ransomware is active there is a note that takes up the screen informing the reader that all files are locked out unless payment is received and the acquired password is typed in.
  •  Victims are directed to a Tor payment page, where further instructions lie. The hackers demand payment through bitcoins and give a timer, to enhance the tension, saying the price will rise once the timer reaches zero.
  • The encryption used in the ransomware is called DiskCryptor. DiskCryptor is a open source software that is also legitimate and widely used. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

Bad Rabbit takes it’s inspiration from one of the earlier malicious outbreaks known as Petya.

  • There is speculation that this ransomware is an alteration of the Petya dynamic link library. This being said, means there is a strong correlation between Bad Rabbit and Petya in terms of functionality/looks and possibly both stemming from the same group/person.
  • The way Bad Rabbit has spread is through drive-by downloads on hacked websites. A website is hacked and will begin to feature a false flash update that will begin to download if clicked at all.
  • It is estimated that some site have been hacked since June, featuring Bad Rabbits strong presence.

How far does Bad Rabbit go?

  • It’s important to know that Bad Rabbit spreads laterally across networks.
  • This means that Bad Rabbit can propogate without user interaction. So while your counting the timer down, the ransomeware is spreading across infected networks.
  • The ability to spread laterally across networks is due to the list given to Bad Rabbit, that has combinations of simple usernames and passwords which it uses to force itself into networks.

Bad Rabbit may have targets in mind.

  • Researchers have noticed a curious movement of Bad Rabbit, suggesting it has specific locations in mind, rather than indiscriminately infecting. Corporate networks seem to have the most focus, possibly suggesting that corporations are the enemy of the hacker/group.

Last bits of information.

  • There is still no claim as to who is behind this ransomware. Some believe that it’s the same group involved with the Petya virus.
  • Some believe it is not a Russian group due to Russia being under alot of heat from Bad Rabbit, and customarily Eastern Europe cyber-criminals avoid attacking the “Motherland”.
  • The code of Bad Rabbit has references to Game of Thrones.
  • It is possible to protect yourself from becoming infected. A way to prevent the execution of the file is to block ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to help avoid infection at all.

Another day, another hacker, another virus. It’s never too late to up your defenses and avoid the mess of a breached network. 

Open post

WPA2 protocol leaves all access points vulnerable! Including yours!

Recently, some online researchers have discovered a fatal flaw in the WPA2 protocol. This flaw can affect anyone and everyone that is involved with Wi-Fi access.

This flaw allows potential attackers to manipulate vulnerable information such as passwords, e-mails, and other encrypted data, whilst intercepting that information they may also leave ransomware or other malicious content into a website a client is visiting.

The point of weakness is called KRACK, short for Key Reinstallation Attacks. Supposedly the research has been kept under wraps and was designated for disclosure on Monday at 8am.

This point of weakness affects the core WPA2 protocol itself and is highly effective against devices running Android and Linux as well as OpenBSD. To a less extreme measure. it also affects macOS, Windows, and MediaTek Linksys, along with other types of devices. It’s believed that attackers can exploit the flaw to decrypt a cache of data that is normally secured by the ubiquitous Wi-Fi encryption protocol.

The vulnerability allows potential access to credit card numbers, passwords, chat messages, emails, photos among many other possibilities. All modern Wi-Fi protected networks.

The attack functions by forcing the phone/device to reinstall an all-zero encryption key, rather than a real key.  Some may think that visiting only HTTPS-protected pages would solve the issue, however the risk remains due to many sites possibly being improperly configured allowing the forceful action of dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.

Patches have started to be developed for devices at the most risk currently. Thus far Linux patches have been developed but there is no word when they will be released. Some however not all Wi-Fi access points have patches available right now.

There will be an official address on November 1st at the ACM conference on Computer and Communications Security in Dallas. Its believed the address will also be available on krackattack.com’s site.

This could become one of the biggest threats to large corporations and government Wi-Fi networks.

Its advised to abstain from Wi-Fi use until patches are available and instead use a wired connection.

contact use with any questions/concerns about your vulnerability 

Open post

TransUnion, rival of Equifax having the same breach issues!

Apparently Equifax isn’t the only one having issues with the security of their website.  TransUnion’s website has been leading unsuspecting costumers to a false Flash update as well.

A researcher from AV provider Malwarebytes has stated that transunioncentroamerica.com is sending visitors to fraudulent update pages and other forms of malicious sites. Just like Equifax, TransUnion seems to be at the mercy of Adware and Malware. If the false Flash update is clicked on it can lead to infecting computers with an unpatched browser or browser plugins.

TransUnion has since addressed the issue and declared the issue is resolved on the specific site, while investigations of their other sites are in the process.

It is believed the reason this issue has come to rise is the fireclick.js JavaScript that has been in use by both Equifax and TransUnion. Fireclick.jk pulls content from a long chain of pages starting with those hosted by akamai.com, sitestates.com, and ostats.net. Depending on the visitors’ IP address, browsers generally wind up visiting pages that deliver false updates and the like. It is presumed that ostats.net is where the issues arise, however no confirmation of that has been achieved yet.

Give us a call at Re2tech and lets talk about the level of security your network has and the technology you could be using to enhance your safety!

Open post

Equifax leads to disaster once again

Equifax, which recently had a security breach now has another.

In May, Equifax lost customer’s SSN, names and loads of other personal information to a security breach. Getting much scrutiny, they worked on getting the issue under control and had stated that it was solved. However it appears they were wrong.

A malware researcher ran across a bogus Adobe Flash update while going through the Equifax website. This occurred Wednesday  and Thursday for several hours. If clicked on, a visitors computer would become infected with adware. This adware is only detected by 3 of 65 antivirus providers.

Generally for malware like this, it only shows up once for each visitor and not even all visitors, more so a cluster at a time to prevent widespread detection. However the adware on the Equifax site was persistent in comparison to most other adware’s. You could run across the bogus flash update on multiple occasions increasing the risk of of it being clicked on and taken seriously. If clicked you will begin downloading ‘MediadownloadIron.exe’.

It’s suspected that the issue is stemming from a third-party that Equifax has been working with, which could mean the fault isn’t on Equifax’s end but the third-parties end. This could also pose a problem for other websites, so it’s important to keep an open eye.

Equifax needs some help it seems! Maybe they should call Re2tech? Well if they don’t, you can! Give us a call today and let us ensure your online security! Let’s not follow suit with Equifax. 

Open post

T-mobile the next big company to have leaked customer information!

Recently reported by a security researcher, a T-mobile bug on their website exposed its customers personal information.

Due to a major flaw on T-mobiles website, hackers apparently had an easy access option to millions of customers’ personal information with only their phone number. Supposedly the bug was fixed on Friday once the security researcher brought the issue to T-mobiles attention.

The types of information that may have been breached is a customers e-mail address, account numbers, and phone’s IMSI, which is a unique identifier that is assigned to every device. However it’s important to note that there is no evidence that the information was used in any malicious manner.

Potential problems can however arise from the use of someones IMSI number which could allow someone to track the phones location and/or intercept calls, text messages and metadata. Generally these IMSI numbers are used by law enforcement to track cell-phones that belong to persons of interest or help locate missing persons.

Here we are again with possible problems with online security. Another reason to ensure your cyber security and effectiveness.

Give us a call at Re2tech today and let us ensure the validity of your network! Also if your a T-mobile user, just keep a more watchful eye on the functionality of your calls/messages. 

Posts navigation

1 2 3 4 5 6
Scroll to top