60,000 BSNL Modems Affected by Malware

modem security, Password Security, Security, , ,
10
Oct 2017

Morden-Security

Your modem provides a gateway to the internet, but this entry point is highly vulnerable to hackers as 60,000 customers of BSNL have discovered.

Bharat Sanchar Nigam Limited (BSNL) is an ISP based in New Delhi, India with around 93 million customers, but even with these customer numbers they have been struggling in recent years due to the increased competition in the Asia telecommunications sector. And they now have an embarrassing malware incident on their hands, so these are certainly tough times for BSNL.

The attack which has affected BSNL is almost ridiculous in its simplicity, but it has the potential to cause huge damage for BSNL and its customers. It also carries an important lesson that every PC user can benefit from, so let’s take a look.

Hacking BSNL Modems

Using botnet attacks, the hackers were able to breach the National Internet Backbone (essentially a huge network making up the backbone of the internet in India) of BSNL and gain access to their internal modems and recently installed customer modems. From BSNL’s end, this meant that their broadband service was severely compromised with around 45% of internet connections suffering disruption. For customers using the recently installed modems, however, matters got much worse.

The malware affecting BSNL was able to change the passwords of BSNL broadband customers who had made the fatal mistake of not changing the modem’s default password of “admin”. As a result, around 60,000 customers have found themselves at risk of having their broadband connection compromised as their modem would not be able to log into the BSNL system. Affected users have reported a lack of internet access and the modems ‘red error’ LED switching on to indicate a fault.

Whilst BSNL were able to manually change the password details for their internal modems and stop any further changes to their customers’ details, they were unable to reset passwords for customers who had fallen victim to the malware. Instead, these users have to manually reset their modems and enter a new password, a task which isn’t particularly simple for your average PC user.

password-866979_960_720

The Importance of Password Changes

BSNL are rightly embarrassed about the breach that their systems have experienced and there’s still no mention of the attack on their official website. And the fact that this attack stemmed from a simple password flaw is astonishing, but not completely surprising. Many, many organizations still use the age old login name/password of Admin/Admin for gaining access to the administration side of computer systems; it’s easy to remember and provides quick access, but the problem is that every hacker knows this and will always try these login details early on in an attack.

It’s absolutely crucial that you protect your networks (and even your modems) by practicing good password security. It only takes a few moments to think of a new password and just as long to change your old one, so there really shouldn’t be any excuse. And that’s why you should always change default system passwords as soon as you’re given the chance. Otherwise, you’re at risk from being hacked and will only have yourself to blame.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

US Banks Targeted by Trickbot Malware

Cyber Attack, Hacking, malware, Security, trickbot, ,
03
Oct 2017

Necurs

Personal financial information is always highly private, so if this is compromised it’s a real invasion of privacy. Sadly, US banks are now under attack from malware.

Driven by the infamous Necurs hacking botnet, Trickbot is a form of malware that is currently carrying out sustained spam campaigns against US banks. It’s a cyber-attack which has been targeting financial organizations for around a year now, but it’s only recently that these attacks have been focusing on US banks.

Now, the majority of adults in the US use online banking services, so this is the kind of attack which needs to be brought to the attention of the masses. And, not only is there a security lesson for consumers to be found within this attack, but there’s also plenty for organizations to learn about good security practices.

TRICKBOT-BSS-IMAGE-

Tricky Trickbot

Trickbot utilizes, as its name suggests, trickery to achieve its nefarious needs and, in particular, it embraces a redirection scheme. Usually, when you’re transferred from one webpage to another then you can clearly see that the URL changes in your browser to demonstrate where you’re heading to. However, when being redirected by malware, the victim is first sent to an alternate website on a completely different server. As a live connection is kept with the intended website – in this instance an online banking service – this remains displayed with the user’s browser.

And lurking on these alternate websites is the malware’s malicious payload. In the case of Trickbot, these websites use webinjection to infect the victims with JavaScript and HTML coding which go on to steal login details and financial coding from affected users. Naturally, with this sort of sensitive data, hackers can go on to cause widespread damage to individuals finances, but how do people fall foul of these malware scams?

According to the security experts at Flashpoint, Trickbot is spreading its reach through the use of huge spam email campaigns. An example of this was seen in a spam email which claimed to be a bill from an Australian telecommunications organization, but actually contained JavaScript code which activated the Trickbot loader and compromised browsers in what is known as a man-in-the-browser attack.

Trickbot, however, is not a new, unique threat and Flashpoint believes that Trickbot is related to the Dyre banking Trojan which was last active in 2015. The build of both Trickbot and Dyre, so it would appear that either source code is being recycled or members of the same team are involved.

2302145_orig

How to Beat Trickbot

The key to beating Trickbot and not falling victim to its trickery is by simply verifying the emails in your inbox. And the most important checks to make are:

  • Do you recognize the sender of the email? If it’s an unusual or unknown sender name then just ignore it and, if it comes complete with an attachment, definitely ignore it.
  • What is the email asking for? Financial organizations, for example, will never email you to request sensitive data or to head online and enter this data into websites.
  • Are there any links in the email? If they have an unusual address you don’t recognize then don’t click on them as they could be sending you anywhere. And, even if the link reads as a genuine URL, this could still be disguising an alternate URL – hover over the link with your mouse to reveal the true direction of the link.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

18 Million 8Tracks Users Have Had Their Details Stolen

Hacking, Password Security, Secure Database, Security, , ,
26
Sep 2017

password-security

Customer details such as passwords need to be stored in databases, but what happens when these get hacked? 8Tracks radio service recently found out.

Following a breach of the security around their user data, 8Tracks had the rather unenviable task of announcing a major password security alert. And, seeing as this had the potential to affect 18 million users who are signed up to the service, it demonstrated the fragility of cyber security when it’s not enforced to the letter – as Tumblr found out last year.

The reasons behind this breach are incredibly simple, but the impact of such a breach has the potential to cause major damage for millions of users. It’s a cautionary tale and one which can provide an important lesson to learn.

How were 8Tracks Users Hacked?

8Tracks suspect that their databases were breached following a cyber-attack on one of their employee’s Github accounts – an online storage facility for open source programming code. Github offers two-factor authentication, but, in this instance, the 8Tracks employee didn’t activate this which left them at a slight disadvantage to hackers. And, following an alert from Github that this account had been subject to an unauthorized password change, it became clear that access to 8Tracks networks had also been compromised.

It’s believed that access to prime databases and production servers were not at risk as they were protected by SSH keys which involve sophisticated cryptography and challenge-response authentication. However, the backdoor left open by the 8Tracks employee did expose back up databases which contained email addresses and passwords for 8Tracks users. The passwords, thankfully, were encrypted using salt and hash methods – these techniques make passwords very hard (but not impossible) to crack.

Although it would be highly difficult to hack these salted and hashed passwords through brute force techniques, the very small chance of success was a major headache for 8Tracks. As a result, they had to advise all their customers who had signed up with an email address – those signed up through Facebook and Google authentication were not affected – that they had to change their password immediately. 8Tracks themselves then had to secure their employee’s Github account, change passwords for their own backup systems and restrict access to their repositories.

hacking-2300793_960_720

 

What’s the Impact of the 8Tracks Hack?

It may seem as though the 8Tracks hack is all done and dusted now that users have been advised to change their passwords and the 8Tracks system secured accordingly, but there’s a further problem. For the 18 million users affected, it’s more than likely that a large number of them use the same email address and password to sign into countless services such as Facebook, online banking and even to access their organizations systems, so these are now at risk from unauthorized access.

And this is why it’s so important that password security is taken seriously. Many organizations are now turning to online password storage facilities such as LastPass which provide highly encrypted systems to store the many passwords that your employees may need on a day to day basis. Not only should you consider using systems such as this, but if you’re offered the chance of using two-factor authentication, it should be a no-brainer that you activate this immediately to create stronger defenses for your data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

PDF Software Represents a Real Security Threat

Foxit, PDF Software, Security Threats, Software Security Patches, , , ,
20
Sep 2017

security-265130_1280

PDF files are vital for business as they allow files to be sent from business to business without room for editing. However, the software is far from safe.

The most popular software for viewing PDF files is Adobe Reader and this has regularly had its security flaws laid bare by hackers such as a font vulnerability in 2015 and a ransomware exploit earlier in 2017. Considering that Adobe are considered the kings of PDF software, it’s no surprise that other builders of PDF software are struggling to cope with security flaws being exploited; a case in point is the Foxit PDF reader.

A popular alternative to Adobe Reader, Foxit PDF saw early success when it was able to gain customers from Adobe due to well publicized security flaws in Adobe Reader. Now, though, hackers clearly have their eyes on Foxit’s huge user base and are keen to discover security flaws in Foxit PDF. Let’s take a look at what’s been happening.

Discovering the Flaws in Foxit

Steven Seeley and Ariele Caltabiano – two security researchers – systematically dismantled the code for Foxit Reader and were able to uncover not one, but two serious security flaws. Capable of tricking Foxit Reader into loading malicious websites, these flaws had the potential for malware to be downloaded and whole systems to be compromised. Once these findings were made public, Foxit claimed that their software had an in-built security procedure – known as ‘Safe Reading Mode’ – to counter this. Whilst this is all well and good, many users had deactivated this procedure due to its oversensitive calibration.

At first, Foxit were resolute in their belief that a patch was not required to prevent any exploit taking place through its software, but the company eventually relented and a patch was released that allowed users to deactivate ‘Safe Reading Mode’ but not at the expense of any vulnerabilities being opened up. However, while this patch was made available, it was the users’ responsibility to ensure that this patch was executed and installed on their systems.

cyber-2120014_1280

Patches are CRUCIAL!

The Foxit Reader vulnerabilities have highlighted that software can never be 100% safe and, in fact, many of these vulnerabilities may be completely unknown to the vendor – a flaw known as a zero-day vulnerability. Thankfully, most software manufacturers regularly provide updates and patches to help secure and improve their products. Executing and correctly installing these patches though is a manual task that users must make sure they complete as soon as possible.

Patches are usually released as automatic updates that sync with your software, but this can easily be deactivated – mostly because PC users don’t like to be irritated by popups. However, this small irritating task which, let’s face it, only occasionally takes up a tiny fraction of your day, can make a huge difference to the security of your system. Ignore software patches and you run the risk of your entire system being compromised and your organization being forced to down tools.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Do Your Ex-Employees Still Have Access to Your Data?

disable employee access, disgruntled employees, OneLogin, Security, SIEM, , , ,
19
Sep 2017

Insider_Threat

Your employees can often pose a huge risk to your data security, but what about ex-employees? Well, it turns out they may present an even bigger threat.

When employees leave an organization, it’s prudent that their network and application privileges are immediately terminated. After all, there’s no need for them to have access to your data and this is particularly important if they’ve left to join a competitor. Not only that, it presents them with an easy route for sabotaging your network. So, it’s clear to see why it’s so important to revoke privileges, but it would appear this isn’t always the case.

Research by OneLogin has demonstrated that 50% of accounts previously held by ex-employees with the power to make IT-decisions are still active 24 hours after they have left the organization. And many employees have revealed that around 25% of their employees’ accounts will still be active for up to a week. And, as you well know, it can take mere seconds to completely compromise a PC, so the delay reported by OneLogin has the potential to cause real damage.

Why Do IT Accounts Need to be Terminated Immediately?

The majority of employees who leave your organization are highly unlikely to even consider wanting to log back on to your network, but there are some who may try as soon as they’ve left the building. In particular, disgruntled ex-employees who have had their contracts terminated are likely to be looking for revenge and, of course, those who have left the business to join a local rival may be tempted to log on and steal sensitive information to give them an advantage. While these individuals are in the minority, it still represents a huge threat to your data.

Despite being a basic threat, and one that’s easy to remedy, the statistics provided by OneLogin would indicate that it’s a simple procedure which is being ignored by many organizations. And the end result of this lackadaisical approach is, as OneLogin’s poll has found, that 10% of all data breaches are believed to have been committed by ex-employees. Eliminating this security risk, therefore, can make a real difference to your overall security.

authorizedpersonnelonly

How to Prevent Ex-Employees Accessing Your Networks

OneLogin have found that ex-employees can spell trouble for your security, but what can you do to minimize the risk? Let’s take a look:

  • Create an exit procedure for IT privileges – Thankfully, most employees will give a certain amount of notice before leaving and this gives organizations plenty of opportunity to plan for their exit. Therefore, there’s no excuse for login details to be disabled as soon as that employee leaves. Sometimes, of course, employees will leave suddenly and, in these instances, IT departments need to be informed immediately to close these accounts.
  • Reduce remote access – Some organizations may have networks which can only be accessed internally, so an ex-employee may struggle to even log in once they’ve left the business. However, many organizations provide remote access to their networks and, if an ex-employee can obtain the web address to access this, they could easily connect. To avoid this, make sure that only certain login names are allowed to log on in this manner.
  • Incorporate an SIEM system – Using a security information and event management (SIEM) system can indicate employees’ activity within individual applications, so this can quickly indicate if any unauthorized access is being made. OneLogin discovered that 41% of organizations do not use this type of system, but it would appear to be crucial in protecting your data.

These approaches are simple, quick and easy, so there’s no excuse for being negligent in this area of security.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 30 31 32 33 34 50