Tag: cybercrime (Page 1 of 2)

Welcome to Botnets 101

Malware can be confusing. Not just because there are millions of different types or strains but because they’re constantly evolving. And it doesn’t help much that researchers have a tendency to give them some crazy names.

The botnet is an exception because it’s relatively easy to understand. Instead of just stopping at infecting thousands or even millions of computers, botnets will continue to control all those computers remotely to perform the bidding of the bot controller or herder.

That’s why it’s one of most sinister types of malware that all business owners need to be aware of.

So here’s the skinny on bots and botnets.

Read More

Nasty Blackshades RAT a Threat to Every Business

blackshadesIn what we can only hope is a sign of things to come, law enforcement around the world showed unprecedented cooperation in shutting the shades on a gang responsible for creating and sharing a nasty piece of malware that was spreading rapidly around the world.

The malware is known as Blackshades, and was allegedly created by a 24-year-old Swedish man who ran his malware operation like a legitimate business. The entrepreneur was very committed to making his malware as popular as possible, hiring a marketing director, customer service representatives, and a customer service manager.

His Blackshades creation is not one piece of malware but more of a collection, with the most dangerous being the Blackshades RAT, or Remote Access Trojan. RATs are particularly dangerous because as the name suggests, they allow the hackers to maintain remote control over the Trojan while it’s on an infected computer.

And according to an FBI statement, those capabilities were impressive. “After installing the RAT on a victim’s computer, a user of the RAT had free rein to, among other things, access and view documents, photographs and other files on the victim’s computer, record all of the keystrokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim – all of which could be done without the victim’s knowledge.”

The Blackshades kit was widely available and costing as little as just $40. Which might explain why the FBI estimated that it was purchased thousands of times, used in hundreds of countries, and infected more than a million computers worldwide.

One of those victims was Cassidy Wolf, Miss Teen USA 2013. The 19-year-old was targeted in a sextortion case by a 20-year-old from California. This hacker was one of the many who purchased and used Blackshades, and once he had infected the computer of the beauty queen he notified her that he had taken control of her camera, had used her webcam to take a series of compromising photographs of her, and would publish those photos unless she provided him with more photos and videos.

The victim wisely opted instead to go to the police and the hacker was recently sentenced to 18 months in jail. Investigators said that this one amateur hacker, who was studying computer science and went to the same high school as the victim, had more than 150 computers under his control using Blackshades when he was arrested.

In order to reign in the spread of the malware, which was ideally suited as a business espionage tool, the FBI enlisted the help of law enforcement in 18 countries. In a coordinated series of raids, 40 FBI field offices conducted around 100 interviews, more than 300 searches, seized nearly 2,000 web domains, and made nearly 100 arrests.

So how do you know if your computers have been infected by the Blackshades RAT? Blackshades is only known to infect Windows computers and the FBI suggests you keep an eye out for the following tell-tale signs:

  • Mouse cursor moves erratically with no input from user
  • Web camera light (if equipped) unexpectedly turns on when web camera is not in use
  • Monitor turns off while in use
  • Usernames and passwords for online accounts have been compromised
  • Unauthorized logins to bank accounts or unauthorized money transfers
  • Text-based chat window appears on your computer’s desktop unexpectedly
  • Computer files become encrypted and ransom demand is made to unlock files.

In case you need reminding, malware is getting more sophisticated and the people behind it more determined. Constant vigilance, and the best security tools, are your best defense against an unpleasant infestation.
Google Author: Neal O’Farrell

Anatomy Of A Security Breach

Target logoIt’s not often we get a chance to attend a security breach postmortem — a step-by-step, hack-by-hack, mistake-by-mistake account of what went so horribly wrong. The U.S. Commerce Department recently gave us such a chance with their report into all the mistakes Target made, and which could have avoided, in its recent massive data breach.

The report provides what’s referred to as an “intrusion kill chain” that highlights all the places Target had a chance to spot the breach and stop it. But missed. For example:

  • The hackers were able to identify a potential Target vendor or supplier to exploit because Target made such a list publicly available. That was the starting point for the hackers.
  • The vendor targeted had very little security in place. The only malware defense they appeared to have used to protect their business was free software meant for personal and not business use.
  • The vendor’s employees had received little if any security awareness training, and especially on how to spot a phishing email. So the hackers used a phishing email to trick at least one of those employees into letting them in the back door.
  • Once in the vendor’s systems, the hackers were able to use stolen passwords without the need for authentication because Target did not require two-factor authentication for low-level vendors.
  • The hackers are suspected of gaining further access from the vendor by using a default password in the billing software the vendor used. If the default password had been changed, the attack might have stopped right there.
  • There were few controls in place to limit access the vendor had on the Target network. Once the vendor had been compromised, Target’s entire networks were exposed.
  • When the hackers installed their Point of Sale malware on Target’s networks and began testing the malware, that activity was detected by Target’s security systems but the alarms were simply ignored.
  • When the hackers created an escape route and began moving the stolen data off Target’s networks, that activity triggered alarms too but once again, the alarms were ignored.
  • Some of the data was moved to a server in Russia, an obvious red flag for Target security which once again was missed.
  • The login credentials of the vendor were used throughout the attack, yet Target’s security system wasn’t able to detect that those credentials were being used to perform tasks they weren’t approved for.

We keep saying that every business large and small has important lessons to learn from Target. Don’t waste the opportunity. Double-check your own security and see if there are any obvious gaps you haven’t spotted but need to be sealed.

Google Author: Neal O’Farrell

Why Data is the New Hacker Currency

hacker_currencySpeaking in a recent interview on CBS’ 60 Minutes, Tim Sparapani, a former privacy lawyer for the American Civil Liberties Union, commented “Most retailers are finding out that they have a secondary source of income, which is that the data about their customers is probably just about as valuable, maybe even more so, than the actual product or service that they’re selling to the individual.”

It was a chilling admission that the world has changed in ways most of us never expected, and that there may be more value in information about people than in selling goods and services to those people. Or stealing from them.

Read More

10 Ways to Defend Against Cyber Risks

website_vulnerabilities

  1. Look in the window. Most business owners look at their websites and security risks from the inside-out, and never see what it looks like from a hacker’s perspective. Even a cursory inspection, but even better a basic website scan, could easily help you spot vulnerabilities quickly.
  2. Understand what the risks are. After all, you can’t fix them if you don’t know what they are. A little light reading on common business and website risks could tell you all you need to know. Focus on technical and procedural risks – from exploits of unpatched vulnerabilities to common errors by employees.
  3. Focus on passwords, and especially to your FTP account. Passwords can be the keys to the kingdom, and even the biggest security breaches at the biggest businesses have been traced to the smallest password mistakes.
  4. If your business has a lot of sensitive information to protect, consider having your website developers use a dedicated computer to access the website. This can significantly reduce the risks of things like keyloggers, which can steal website passwords and give hackers access. By using a dedicated computer that’s not used for anything else, you eliminate the risk of downloading a keylogger or other malware through drive-by downloads, email attachments, or infected files.
  5. Create a list of your Top 10 security rules, that everyone has to follow, and make that everyone knows what those rules are. Ten is a good number. You could easily have a hundred but too many could cause more harm than good. Focus on the biggest risks and vulnerabilities and pursue them relentlessly.
  6. If you accept credit cards, make sure you’re PCI compliant. Achieving PCI compliance is not difficult or expensive, especially for smaller businesses. Not only is PCI a great security place to start, you don’t have an option. Failure could mean big fines and the inability to accept credit card payments.
  7. Don’t forget to get physical. Not all attacks or exploits have to be digital or virtual. Hackers can walk into an unprotected business or rummage through a dumpster. And many of the information-rich laptops and tablets stolen in burglaries end up in the hands of cybercrooks.
  8. Control who you give access to. That can range from access to buildings and rooms to access to computers, networks, and websites, to access to specific files and privileges. It’s not about people getting access to sensitive data, it’s about the wrong people getting access.
  9. Choose your web hosting provider carefully. There are thousands to choose from so pick yours thoughtfully and focus on what they say about security. If they don’t talk about it at all, that could be a warning sign. If they do mention security, present them with your list of top security worries and risks and see what their response is.
  10. Review your security regularly, with a comprehensive top-down review at least a couple of times annually. Nothing stands still, and new vulnerabilities are being discovered or created daily.

Read More

The Malware That Businesses Should Worry About Most

It’s the kind of nightmare that no business wants to face and would love to quickly wake up from. You arrive for work one morning, boot up your computers, and instead of seeing the usual welcome message, you’re greeted with a popup message you’ve never seen before.

And it’s not a good message. It opens with the words “Your personal files are encrypted,” only it’s not a security reminder. In fact it’s the opposite, and an alert that your security has actually failed. In poor English the popup goes on to explain that everything on your computer — every document, image, video — has been encrypted and is no longer accessible. Not to you, to any employee, or to anyone else.

Read More

The Malware Culprit Behind the Biggest Breach

Target breachIt’s been less than a month since mega retailer Target announced that a little more than 40 million customer debit and credit cards had been stolen by hackers. Not long after that, we saw the first of those cards being sold a few hundred thousand at a time, in a variety of underground hacker forums. Although not that underground, since I was able to register on the most notorious hacker sites and see for myself how easy it was to buy an identity.

Read More

Target Breach Exposes Much More Than Data

Target logoAs we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.

Read More

Why Your Business Could Be Defenseless Against Keyloggers

keyloggersWhen news broke last week that security researchers had found more than 2 million stolen passwords hidden on a hacker’s website, it didn’t take long for media around the world to get on the case. It appears the passwords were stolen over many months, and from users of Facebook, Twitter, Google, LinkedIn and many other sites.

The story that seemed to get the most attention from the media and from security experts was what these 2 million passwords told us about the password habits of users. That they were awful. Not that that’s really news, but still, once again we discovered that the most common passwords included in the haul were 123456, 111111, and perhaps worst of all, password.

However, we noticed something else, something that other security experts seemed to miss completely. The initial suspect in the heist was a keylogger, a tiny piece of malware that will infect computers, steal things like logins and passwords, and pass them back to the hackers.

On the very same day the media frenzy started, we noticed that a security firm OPSWAT revealed some very scary test results. When they planted a basic keylogger on one of their test computers, and ran scans with more than 40 of the most popular consumer and business antivirus products over two weeks, only one product caught the keylogger. Which probably means most consumers and even small businesses probably won’t be able to detect it either.

While the better antivirus brands are generally good at catching the most common malware, a study by the University of Alabama found that those same products only catch around 25% of the more advanced malware. And that’s the stuff that can do the most harm.

Keyloggers are typically in search of logins and passwords, but they don’t just log what you type. They can also capture screenshots of what’s on your computer, screenshots of the websites you visit and the folders you open, and even what you search for. And software isn’t the only variety. There’s a growing trend towards hardware keyloggers – keyloggers designed to look identical to a plug or connector you’d expect to find at the back of a computer or even a cash register. One such hardware keylogger was recently found plugged into the back of a cash register at a Nordstrom store in Florida.

If keyloggers make their way on to computers in your business, the hackers may be able to steal logins and passwords to your website or bank account. They might also be able to steal payroll and customer information. They might even be able to hop from your computers to your website, and from there infect visitors to your site. Which could end up with your business being blacklisted by the search engines until you solve the problem.

So what can you do cripple this menace?

  • Start by talking to your employees, explain what a keylogger is, how it can threaten your workplace, and how you can all work together to protect against them.
  • Require all your employees to use anti-keylogger software, like Key Scrambler (free). They won’t protect your business against every type of keylogging but are a good defense against the more common software based. Some work by instantly encrypting or scrambling all your keystrokes so that they’re unusable to hackers.
  • Make sure you and your employees use one of the many safe surfing tools or plugins, like Web of Trust (WoT). As users become more wary of malware hidden in email attachments, hackers are turning to websites instead. Known as watering holes, hackers will find vulnerable websites, load them with keylogging malware, and simply lie in wait for visitors to those sites. SiteLock is finding as many as 5,000 small business web sites every single day already compromised and requiring malware removal. Safe surfing tools will help alert you of suspicious or dangerous websites before you click on them.
  • Always have good antivirus software on every computer and device you use in your business and at home. And encourage your employees to do the same. Some of the best is free, including for your smartphone and tablet. And scan often — at least once a week is recommended.
  • All employees should change their passwords often and think about passphrases instead.
  • Be careful what you allow employees to download and install. Poor security habits and hygiene are a leading contributor to malware infections. Slow down, guard up, verify first, and only download if you’re really sure and you really need to.

Google Author: Neal O’Farrell

12daysofxmas

“The Twelve Days of Christmas” for the Hacked (or At-risk) Websites

As you may have noticed, we see the biggest shopping season of the year as the biggest risk season too — at least for online threats. Let’s face it – most of us shop (and many of us sell) online to avoid the long lines and hustle of the crowds, and to make it easy for our customers.

In sticking with the theme of online shopping (and keeping your business and customers safe while doing so), being protected from hackers, and even hearing the website’s story in its letter to Santa practically begging for some attention, we are introducing a fun and informative video about some very real risks that website owners face, and what they mean for their online business. At a time when they can least afford to be exposed.

The content in this custom rendition of “The Twelve Days of Christmas” video is created entirely for educational purposes, taking the approach that even in risky times, awareness is the best form of prevention. A little fun never hurt (so we use that too), but what you don’t know can hurt you, so please be safe!

Enjoy the video! And caring is sharing – so tell your friends!

12days

 

 

Google+ author: Lindsay Berman

Page 1 of 2

Powered by WordPress & Theme by Anders Norén