Wiper malware attack on Sony Pictures
Wiper malware attack on Sony Pictures

Sony Under Attack: The Wiper Malware

Security, , ,
29
Dec 2014

Wiper malware attack on Sony Pictures

The sophisticated Wiper malware which was launched against Sony Pictures does exactly what it sounds like: wipes anything and everything from systems.

“Wiper” uses a malicious set of attacks:

  • Wipe out all information held on hard disks
  • Reboot servers
  • Prevent access to Exchange emails
  • Close down networks
  • Used on all versions of Windows

How Wiper malware works:

  1. The Wiper executable file, recognized as exe, is known as a “dropper” file.
  2. This file will install itself over supporting files and as a trusted Windows service.
  3. It also creates a network share within the system root directory. This allows any other computer over the network to reach it.
  4. It uses the WMI (Windows Management Interface) to communicate with other machines and run code to and from them to spread itself further across the network.
  5. This allows wiper to gain access to any machine on the system via a computer network exploitation (CNE).
  6. Broadcasts are sent out to remote command networks via a “beacon” message, the malware is already accessing the hard drive to delete data by each sector.
  7. It overwrites data with ordinary user privileges by disguising itself as a USB 3.0 device driver.  This is a commercially available disk driver, made by EldoS.
  8. It then instructs the operating system to halt for a couple of hours then wake up with a reboot. By this time, all the data is wiped clean by the malware.

Wiper attack on Sony Pictures

Sony Pictures is a prime example of being on the receiving end of the “Wiper” attack. This particular attack recently gained media attention, got the FBI involved and caused a stir at Antivirus companies.

Wiper malware memo from FBI

A snippet from the FBI memo about Wiper

Speculation at Sony from a Re/code analysis reports links the attack to North Korea. This is partly due to a near identical attack carried out against South Korea by their northerly neighbors. Originally it was claimed the attack was motivated by disgruntled ex-workers who were laid off due to a company restructure earlier in the year.

What can you do?

It’s likely that this kind of attack is mostly aimed at very high profile companies, like in our example above. In general it’s wise to do the following to keep on top of your business or home security:

  • Update Anti-virus definitions. Be sure to have the latest updates from you Antivirus provider. Updates are added regularly to detect and quarantine suspicious files from doing further damage.
  • Verify your backups, and opt for an offsite or Cloud solution, in the case of a catastrophic data loss.
  • Update your critical Windows Servers and desktops with the latest operating system security patches.
  • Avoid being spear fished. Do not open unknown emails which contain attachments or files. Be conscious of spoof emails that may trick you into clicking attachments.
  • Lock down USB usage. With the help of an endpoint management solution, you can set policies to only allow authorized USB devices, which can help prevent this type of attack.
  • Revise your IT policies to only give specific administrators privileges to run, execute and share resources.

For more information about the Wiper virus and how you can protect your business from malicious malware, contact your local IT professionals.

Read More

What is Encryption and Do You Need It?

Office IT, Security,
11
Dec 2014

What_is_encryption

With more regulatory commissions requiring encryption and privacy being a hot topic, it’s important to understand what encryption is and whether you need it.

Encryption is nothing new; in fact, it was used thousands of years ago during the ancient times in Egypt, encryption was used to hide messages in the tombs of kings. It has been used time and time again by different civilizations, and was even applied through the Word Wars to keep messages hidden away from the enemy.

However, in most recent history from the 90s, encryption has been adapted to be used as a security measure on computers and over the internet.

Nowadays it has become ever so important for financial institutions, healthcare practices, legal, law and governmental offices to apply encryption into their systems. This allows them to secure their information, whilst remaining complaint with data protection standards.

What is Encryption?

 

How_Encryption_Works

A basic encryption implementation explained by Oracle.

As you may now understand from our examples listed above, encryption obscures information, away from prying eyes. More specifically, it does this by making data unreadable to outsiders. In technical terms, a mathematical formula is used to scramble the data, which appears as gobbledygook to anyone else reading it. Only the person who holds the key can, in a sense reverse the mathematical formula to unlock and read the data.

Why encrypt your data?

Data encryption ensures that you can deter hackers and lessen the effect of being a prime target of criminal activities, looking to intercept your data. Often the most valued data is your personal information. Just think of how many emails contain passwords to accounts, medical reports archived, interests displayed, and an insight into all of your personal activities.

With all this, a hacker can spear-phish you and later target you again, with the likelihood of succeeding. This will be done by simply using your details against you, without you even realizing it.

Therefore, it is extremely important to encrypt your information if you work anywhere that handles sensitive information, confidential emails, and if you travel with a notebook or similar device that uses the Internet.

Encrypting your hard drive

 

bitlocker-encryption

Hard drive encryption can help to protect your computer from unauthorized access, since a user needs a key in order to read it.

There are many programs that can help to encrypt your disk such as TrueCrypt, Bitlocker and RealCrypt.

To learn more about Hard disk encryption, please read our how-to article here.

Encrypting your email

 

An example of what an encrypted email looks like using PGP.

An example of what an encrypted email looks like using PGP.

Email is used by just about every person who uses a computer, smart-phone, device and works at a business, or all of the above!

Did you know that your email can be intercepted and read by anyone who has access to the right tools?

A good tool to use is called PGP (Pretty Good Program), which can encrypt your email. In order for this to work, both sender and receiver need PGP installed. The sender will generate a random key, and once the encrypted message is sent and received, the recipient can unlock it with a key generated by their PGP plugin.

Encrypting your internet connection

 

How VPN works as explained by Private Internet Access.

How VPN works as explained by Private Internet Access.

As the name suggests, VPNs (virtual private networks) are a safe way to connect to a private network or to access the internet.

One good analogy is comparing a VPN connection to a walled tunnel, where outsiders would “hit a wall” along the tunnel, unable to infiltrate and access what goes through the tunnel. Whereas a usual Internet connection can be likened to your data travelling on a street and potentially be seen or accessed by outsiders. This is where the term “VPN tunnel connection” comes from. Within this tunnel, all of your data is encrypted. User can access a VPN by having a VPN client installed and accessing a login prompt that will securely authenticate them.

Some VPN clients worth considering are ProXPn, TorVpn, TorGuard, Private Internet Access and WiTopia.

There’s so much to consider with encryption. Just about everything can be a risk without it, so be sure to adopt this secure technology into your business practice to maximize your security.

If you need support and advice with your encryption needs to stay compliant, contact your local IT professionals.

Read More

What is Two Factor Authentication and Should You Use It?

Office IT, Security, ,
07
Dec 2014

Two_Locks_Two_Factor_Authentication

We use the Internet for almost everything from email to banking. Lets review how two factor authentication works and how it can protect you.

How does one ensure that their accounts are being kept safe at any point without risk of theft?

The truth is, the world is full of hackers trying to steal your personal information and money.  They’ll go as far as to phish your information without you knowing it. However, one good way to lock down access to your accounts is by using two-factor authentication, also known as 2FA. It’s highly likely that you’ve already used 2FA without even realizing it.

High profile companies such as Google and Twitter, along with many more, have adopted this security measure. Does this make any sense to you? If not, don’t worry as we’ll elaborate more on this.

What is it?

Let’s begin by understanding what single factor authentication is. When you log into an account with just a password, this is considered to be a single factor.

However, two factor authentication is used to verify the identity of the person who they say they are logging in as with the help of an additional factor.
This additional factor can be a piece of information such as:

  • An extra password, pin or pattern
  • Something physical such as a phone, ATM card or fob
  • Biometrics, such as voice, fingerprint or iris scanning

The additional factor forms part of the two factor verification during authentication, even if there’s no evidence of the person accessing the system being the rightful owner of the account.

Once the two factors have been successful verified, this would grant access to a computer system or website.

Example of Two Factor Authentication

An example of how Zoho Uses 2 Factor Authentication

An example of how Zoho uses 2 Factor Authentication

A common example is when you use an ATM machine. For this to work, you’ll obviously need an ATM card, which is one factor, and a pin as a second factor.  This makes it somewhat secure, where one will not work without the other. Say if your ATM card (without long-strip) was lost or stolen, it wouldn’t be any good to whoever gained possession of it without knowing the pin. The opposite is also true, in the case of someone else knowing the pin without having the card. They would be unable to access your account.

Should you use two factor authentication?

In principle, yes. It adds an extra layer to dissuade hackers from gaining entry into your accounts.  Although it isn’t necessary to use it on all of your internet accounts, enabling it on your main email account if it’s supported by your email provider and any financial accounts such as banks or credit cards is a good line of defense.

There are, of course, some downsides to two factor authentication:

  • 2FA logins can take a little longer to work out to login, as the additional step can seem like an inconvenience when using something like a mobile or a fob key to generate a code.
  • If any device, such as a fob or a phone is lost, you’re stuck having to find a way to log in and you’ll need to contact the company’s support.
  • If a hacker gained access to your main email account, which is listed within your contact details in another important account, they can receive the account recovery email. They can then reset it causing them to bypass the 2FA of the account they’re targeting.
  • A good way to prevent this is by having a smarter recovery option, such as an SMS sent to a cell phone to request any account actions.

Final Verdict

All in all, it is better to have 2FA enabled on your accounts than no additional step at all, especially if it means dissuading unauthorized access to your accounts. As 2FA has become more commonplace, it is likely that new developments in security will pave the way for more practical two factor authentication methods. It is fast becoming a necessity for both personal and business use.

For more information on using two factor authentication to protect your business and personal accounts, contact your local IT professionals.

Read More

HIPAA Technical Requirements for Medical Offices

Uncategorized,
19
Nov 2014

HIPAA_Compliance

Is your medical office HIPAA compliant? Here are 8 HIPAA technical requirements you should address to avoid fines that could cost tens of thousands.

In recent years, there’s been cases of data leaks either through innocent cases losing a notebook or information to leak in the office. Tighter IT security measures and policies can help prevent unauthorized access to medical data. We’ve compiled a list in-line with the HIPAA and Omnibus technical requirements and regulations.

Review for HIPAA Compliance

  • Assigning unique usernames– This helps to identify and track different users in Medical Office software containing patient health information.
  • Contingency procedures for accessing medical data in an emergency– A well-documented procedure that can appropriately guide any authorized staff to access protected medical information.
  • Logging off idle sessions– This is a good way to protect and minimize any unnecessary user load on the system, as well as preventing any potential unauthorized access to unattended endpoints.
  • Encryption and decryption of data– Put into place an encryption and decryption process when accessing or externally sending out any sensitive medical information.
  • Auditing systems– It’s strongly advised to run periodic audit controls on systems, including software, hardware, and not excluding, procedures, that use and hold confidential and sensitive medical information.
  • EPHI Integrity– Prevent any alteration of destruction of protected medical information by implementing effective procedures and clear procedures.
  • Authentication procedures– Authenticate authorized staff that are verified to be who they say they are and which are granted access to specific medical information.
  • Securing external transmissions of data– Implement technical and updated security processes to protect data from unauthorized access, especially when transmitted via any type of electronic communications network.

Next Steps

Now that you have a better idea hipaa technical requirements within the IT portion of the HIPPA regulations. The next step is to take action and formulate your own policies and procedures.

Most changes in procedures can be delivered as onsite training for staff, which in our experience is very effective. You may have the best tools in the industry to protect data, however it is also what staff do within these procedures that matters. For example, staff may occasionally share usernames and passwords, or even write them down on a Post-It note and leave these on their desks, all of which are prone to social engineering types of compromises. Not only is this a risk, but it also makes it difficult to audit and trace any work or process carried out on endpoints.

For more ways to secure your medical office technology to ensure HIPAA compliance, contact your local IT professionals.

Read More
Malware holding data ransom
Malware holding data ransom

Cryptowall Becoming The Most Destructive Malware of 2014

Network, Office IT, Security, ,
11
Nov 2014

Malware holding data ransom

Cryptowall, Cryptolocker and Cryptodefence; all malware looking to hold your computer ransom. Here’s what you need to know about these viruses.

Cryptowall is one of the worst malwares out there that can maliciously encrypt your network and system files, holding them ransom in exchange for a Bitcoin payment. Typical Bitcoin payments can vary between $500 to $1000. Since there’s many hacker groups in existence in the wilderness, Cryptowall  has evolved from Cryptolocker to practically do the same thing. And to confuse matters even more, there’s another variant like Cryptowall known as Cryptodefense.

Cryptowall Decrypt Message

The ransom message from a Cryptowall infection

Cryptowall in a nutshell

  • Cryptowall works by using encryption to change all of your network files, making them unreadable.
  • It affects Windows XP to Windows 8 Operating Systems.
  • It also cleverly deletes Shadow Volume Copies to stop any admins from restoring encrypted files.
  • Only the attacker holds the key to decrypt the files that makes them readable again.
  • The ransom increases after 7 days to nearly double the amount and is only payable with Bitcoin.

With this angle of attack, it’s no wonder why hackers are using this hostile method to forcibly siphon Bitcoin payment from their prey.

Examples of attacks

Durham Police

Durham Police Department hit with Cryptowall

  • One prime example that has gained recent media coverage is Durham town police in New Hampshire. As a typical response from any law enforcement agency, the police refused to pay the ransom to cooperate with the cyber criminals.
  • It had impacted 1500 of their own computers, with most of their police e-mail system, spreadsheets and word processing functions being affected. It had bypassed their spam and AV filters, and was masked as an attachment in an email.
  • The danger lies in that the police receive plenty of emails with attachments to notify them of complaints such as potholes from residents, which of course, aren’t to be ignored. For this very reason an infected email attachment was opened, executed and it ran through the system.
  • Fortunately for them, they were able to stop the attack from spreading to other company functions and police networks in other towns by isolating their network and recouping their system from offline back-ups.

Business Decisions

Another example of an attack came from a client of Stu Sjourwerman’s security training firm knowB4.  The attack happened after an administrator opened an infected file, which ran through onto their 7 mapped server drives, encrypting all 75 GB of data held there.

There were many negative factors against them:

  • Firstly, they had unverified backups, which would take time to see whether they worked or not, a risk which would be costly to the time in terms of extended downtime with no guarantee of a successful restore.
  • Secondly, setting up a Bitcoin account involves a lengthy process to set up with society checks that can take days to complete.
  • In desperation with shortening their downtime, they decided to pay the ransom. It was a business decision, meaning either losing out $500  in Bitcoin or thousands for operation downtime.
  • The problem was, they didn’t have the Bitcoin to pay the ransom.

The turning point:

Bitcoin

  • Luckily, they had sought Stu Sjourwerman’s help, where he had Bitcoins at hand, ready for such an event like this one.
  • This company’s IT admins had, prior to this event, taken a security awareness course lead by ex- hacker Kevin Mitnick and with Stu Sjourwerman.
  • Contrary to the police case, this company had taken the advice from the course, and with Stu Sjourwerman’s Bitcoins, they managed to pay the ransom to avoid further downtime.
  • In the end they did recover their files; however there was corruption to one of their databases, which all in all took another painstaking 18 hours to return to normal.

Not all cases end well and not all ransoms release the files as promised. It’s really at the discretion the criminal cyber gangs controlling the attack.

For more ways to strengthen your office security and IT policy enforcement, contact your local IT professionals.

Read More
1 42 43 44 45 46 50