nine-days-later-flash-zero-day-cve-2016-4117-already-added-to-exploit-kits-504356-3Adobe has suffered another embarrassing attack which exploits their Flash software and this time the malware has been hidden in an Office document.

It seems that almost every week another vulnerability is exposed in Flash, a piece of software which once ruled the internet and powered practically every website worth its salt. However, times change and it’s fair to say that Adobe seem to be constantly fighting to plug the flood of attacks on Flash.

And this recent attack is particularly troubling for businesses as it was delivered in an Office document. Now, you would be hard pushed to find a business which doesn’t handle Office documents, so it’s a good idea you get acquainted with this latest attack.

Flash Gets Attacked (Again)

This latest exploit of a Flash vulnerability (named CVE-2016-4117) was first detected on 8th May 2016. It was an exploit which had not been seen previously, so there were absolutely no patches or fixes in place to prevent the malicious attacks. And this lack of ready-made solutions is why it’s known as a zero day attack.

Once the attackers had identified this exploit, they uploaded their payload onto a web server from where it could be distributed to the whole world. However, for this payload to affect even a single computer, it had to be downloaded to a computer first.

By trading on the naivety of individuals for whom internet security is not a recognized risk, the attackers hid automatic instructions within an Office document which would download the exploit. The simplest way to transmit this malicious code around the world was through email as many users trust the presence of an Office attachment.

However, upon opening the Office document, the automatic code within would be activated and download the exploit from the attackers web server. And, as this code was downloaded, a decoy document would be displayed to prevent detection of any unsavory behavior taking place.

After exploiting this initial vulnerability, the malware would then contact a second web server which could then distribute further instructions. The simplest instruction could be to crash the system resulting in a significant and costly downtime. However, there was also the potential for the attackers to take control of the infected systems and extract data.

Thankfully, for anyone using Flash, Adobe managed to release a fix to the CVE-2016-4117 vulnerability, but this was only after four days of panic. And, believe me, a piece of malware can spread and cause a lot of chaos within four days!

How Many More Attacks Will Flash Absorb?

Exploit-Kit-strikes-again-Attackers-taking-advantage-of-unpatched-Flash-vulnerability_LK-635x333

Attackers currently seem hell bent on using Flash to deliver their nasty payloads and it’s becoming embarrassing for Adobe. Many other software developers – such as Firefox – are now actively preventing the usage of Flash due to the security risks connected to it.

We still have to deal with Flash, though, so vigilance is crucial. And this is why you need to ensure that all your staff is aware of the potential dangers of opening email attachments from unknown sources. Only then will you be able to feel confident that your systems are not going to be compromised.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


phish

Phishing attacks have long been a concern for anyone using computers, but a recent report has highlighted how these attacks have now risen by 250%.

Compiled by the Anti-Phishing Working Group (APWG), the report states that, during Q1 2016, there were nearly 290,000 active phishing sites online. This may not sound huge considering that there are around a billion websites online, but this is the highest number of phishing sites online since records began in 2004.

Phishing, therefore, is a credible and growing threat, so I think its best we get up to date with what phishing is and how these attacks are taking place.

What is Phishing?

spear-phishingPhishing is the process of stealing personal information (login details, credit card details etc) from consumers through the following methods:

  • Social Engineering – This is perhaps the most well-known method for extracting sensitive information from individuals. Using emails which convincingly spoof official emails, from corporations such as banks, they use disguised links to send victims to fake sites which contain features such as login screens. Obviously, these are false and simply record login credentials which can then be executed on the genuine site by the phishers.
  • Technical Subterfuge – This method employs the use of crimeware which is a type of software that hides in the background and records sensitive information such as login credentials. Also, many crimeware kits hijack users’ browsers to redirect them to phishing sites where the users unwittingly provide personal information.

What Does the Report Show?

A number of interesting insights have been provided by APWG’s report, so let’s take a look at these to understand how they unfold:

  • The most infected country is China where 57% of all computers are infected with malware. Considering how productive China is, at present, this makes for an alarming statistic as it’s likely that any business involved in production will be receiving emails containing crimeware from China on a regular basis.
  • Around 77% of all phishing websites are based in the US and the majority of these are forcibly set up by phishers who break into web hosting networks. This highlights major security flaws in US web hosting networks which is of particular concern for US businesses who own a website.
  • The two most affected industry sectors are Retail (43%) and Financial (19%). These two also happen to be two of the most popular industries housed online. After all, who doesn’t shop or bank online these days? Therefore, it’s a clever move by phishers to target these industries and use them to deceive consumers.

How Do You Combat Phishing?

browser-safety-built-in-phishing-protectionOnce phishing has completed its mission of stealing personal information, it can create utter chaos for those affected. And, for a business, this could include gaining access to sensitive areas of your network e.g. confidential client information such as financial records. This is bad news for any business, so remember the following:

  • Just because an email features an official logo it doesn’t mean it’s an official email from that company, so don’t rely on this for authenticity.
  • Safe websites will always begin https:// and not http://, so make sure you always check whether that all important “s” is present.
  • Although phishing is best known for stealing bank information, phishers are likely to target anything from your personal email details to your Facebook login credentials.
  • Credible companies will never ever request that you email personal information to them. If you receive emails demanding such information then just delete them as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


unnamedRemote software has been vital for conducting online meetings and sharing desktops for years, but one of the most popular, TeamViewer, keeps getting hacked.

TeamViewer has regularly been the go-to option when it comes to businesses communicating online with colleagues, customers and technical support teams. Naturally, the procedures behind using remote software require a high level of trust.

And that’s why it’s worrying that a program which already asks you to relinquish control is at risk of being hijacked itself. This is potentially very troubling for businesses, so I’m going to take a look at what’s happening with TeamViewer.

TeamViewer Hack

The first rumblings of a hack emerged at the start of June when a disturbingly high number of TeamViewer users found that their PayPal accounts had been accessed. This was achieved by hijacking the users’ web browsers and accessing webmail and PayPal where users where still signed in.

What’s particularly worrying here is that many users reported having high levels of security in place. Even two-factor authentication (a gold standard of security) was not enough to stop the hijack taking place. Some of the hackers’ targets were lucky enough to be at their PC when the attacks took place, so were able to disconnect or revoke privileges, but others were not so lucky.

TeamViewer has not been keen to accept any liability for the attack. In fact, they have pointed the blame at their users re-using their TeamViewer login credentials on other websites which have then been hacked. However, it remains curiously strange that TeamViewer’s website went down for three hours at the height of the attack.

TeamViewer have since released a statement which confirmed their website outage, but claimed this was down to a denial-of-service and not a security breach.

TeamViewer’s Response

ximg_574f98a4ce746.png.pagespeed.gp+jp+jw+pj+js+rj+rp+rw+ri+cp+md.ic.Q8u1TYoCvPDespite TeamViewer not wanting to take any responsibility, they have since released two new additions to their software to increase security:

  1. Trusted Devices – By activating Trusted Devices, users are given the ability to approve any new device which is trying to connect to a TeamViewer session.
  2. Data Integrity – This feature is particularly clever as it monitors for any unusual behavior within the TeamViewer session. And, if this is detected, TeamViewer will not allow the session to continue without users resetting the password.

These are certainly useful features, but given the precious nature of remote sharing software, many users are wondering why these were not in place already.

Login Credentials Theft

Although many TeamViewer customers are upset over the company’s reluctance to accept any responsibility, TeamViewer may have a point about the theft of login credentials.

Just recently, a hacker has been trying to sell a mammoth database of stolen login credentials totaling around 640 million passwords. This is a major security threat and highlights the importance of protecting your passwords.

The best advice I can give, regarding passwords, is to remember the following:

  • Don’t reuse passwords on different accounts
  • Do not write down or tell other people your password
  • Use two factor verification wherever possible

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Insider_Threat

There’s a lot written about the wide range of external security threats to your business, but what about internal security threats? Do they exist?

Yes, they most certainly do! Your staff – or insiders as they’re known – pose the biggest security risk going for your business. Whilst there can be malicious intent on the part of insiders, the threat is more likely to come from an innocent mistake.

It’s crucial, therefore, that your business doesn’t allocate all its security energies purely on external risks. Instead, you need to make sure that there’s a well maintained program for monitoring the activities of your staff as well as educating them.

In order to understand these security threats and minimize their chances of occurring, I’m going to discuss the security phenomena of insiders.

Who Is an Insider?

The most important thing to note about insiders is that they’re not necessarily drawn exclusively from your pool of employees. What actually defines an individual’s status as an insider is whether they have access to your systems and data.

Now, whilst this immediately points towards your employees, it also indicates that the following individuals can be considered insiders:

  • Contractors such as IT teams and cloud suppliers
  • External auditors
  • Visiting customers accessing your Wi-Fi connection

Naturally, this opens up your businesses data to a large number of insiders who can pass easily in and out of your system.

What Risks Does an Insider Pose?

email_attachments

Once an insider has access to your system there is a potentially huge list of activities they could carry out to breach your security and leave your data in a precarious position.

The actual nature of these breaches may seem relatively crude and simple, but they can have a particularly devastating effect. Say, for example, you keep a monthly spreadsheet of all your dealings with clients, wouldn’t it be an absolute nightmare if it fell into your competitors’ hands?

With a malicious insider at work this nightmare could soon become a reality with just one email attachment.

Of course, there still remain more sophisticated security breaches that can be instigated by an insider. Malware can be installed through USB sticks which can leave your network at the mercy of trojan horses, ransomware and potentially crippling system crashes.

And we can’t forget the good old fashioned carelessness of human error. It’s very easy for a naive employee to fall for an email scam and disclose sensitive details such as logon names and passwords, so this remains a major security risk.

Tackling the Threat of Insiders

Thankfully, businesses aren’t helpless in the face of insider security threats. In fact, they’re some of the simplest security breaches to prevent. Let’s take a look at what you can do:

  • Monitor abnormal behavior of employees such as accessing data and areas of the network not associated with their job role
  • Impose a strict level of access to third parties working on your network and ensure their activity can be monitored
  • Allocate access permissions based on employee roles in the organization to minimize the number of people accessing secure data
  • Prevent the usage of unauthorized external devices on your network e.g. employee’s personal USB sticks

Keeping the Insiders Out?

Now, it may seem as though this article points the fingers at your employees and third parties whilst screaming “DANGER!” but this isn’t the case! What I want to do is make you aware of how important it is to protect your business from all angles. The threat may come externally or it may come internally, but either way a threat is a threat and it’s crucial you counter all of them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


635957083271499585-AP-ADOBE-PARENTAL-LEAVE-75052044

Adobe’s Flash Player – no stranger to security concerns – has recently been forced into issuing an emergency patch to protect its users from ransomware.

Despite the repeated horror stories of Flash Player’s buggy and easily exploited software, it’s still used on a regular basis by a huge number of people. That’s why any vulnerability which comes to light can have an impact on millions of systems.

This time, it’s that contemporary marvel of security scares known as ransomware which is making the headlines again. So, to keep your systems protected, let’s see what we can learn from Adobe’s latest debacle.

Adobe’s Zero-Day Flaw

The vulnerability at the center of Adobe’s woes is known as a zero day flaw, but what does this mean? A zero-day flaw refers to a software vulnerability which is completely new and unheard of. Due to its unexpected emergence, the team behind the software then, quite literally, has zero days to prepare a response.

And it’s this level of precarious defense which means zero-day flaws can spread like wildfire and cause absolute mayhem.

In this particular instance, Flash Player was discovered to contain a memory-corruption vulnerability which allowed hackers to hijack user’s systems. To take remote control of user’s systems, the hackers employed the use of the Magnitude exploit kit.

Using Magnitude, hackers were then able to download ransomware software – such as Locky and Cerber – onto user’s systems. This ransomware was then primed to encrypt personal files and demand a ransom to unlock these files.

All versions of Flash Player up to version 21.0.0.197 have been affected. And it’s not just limited to systems running Windows – Macs, Linux and ChromeOS are all vulnerable as well.

The Emergency Patch

Adobe-Patchday-658x370-6fda846fec7c4caa

The threat was first discovered when security experts Proofpoint were investigating recent changes made to the Magnitude exploit kit. Once the magnitude of Magnitude had been established, Proofpoint swiftly contacted Adobe who was quick to rush out an emergency patch.

Thankfully, for Adobe, they had previously built in an exploit mitigation technique into Flash Player version 21.0.0.182, so this minimized the malicious impact of this zero-day flaw. However, you would be surprised by the amount of users who don’t update their software when prompted. As a result, a significant number of systems were compromised.

Once the emergency patch had been released, Adobe was also quick to advise all its Flash Player users to upgrade to the latest version. This would, hopefully, minimize the risk of further exploitations on older versions of the software.

Is Adode Safe?

This is a question which seems to get asked on a daily basis at present. And unfortunately for Adobe, things do not look great.

Hackers are clearly targeting Flash Player now and Adobe seems helpless in protecting its product. The knock on result of all this negative publicity is that PC manufacturers, such as Windows, are going to question whether it makes sense to bundle Flash Player with their products.

The key piece of information to take away from this article is that you should ALWAYS ensure all your software is up to date. This ensures you have the best protection possible against any potential security flaws.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More