June 23rd, 2014
The Heartbleed bug, which was revealed in April as a serious threat to all websites using OpenSSL, has caused system administrators to scramble to update and patch servers. Even after months of work, however, a recent report found more than 300-thousand servers still vulnerable. At PC Mag, Stephanie Mlot explains why there are still websites can’t be trusted.
Errata Security conducted the scan that revealed 309,197 servers are still vulnerable to Heartbleed. That’s down from the 600-thousand vulnerable systems at the first report of the bug, but according to the security company, suggests some administrators have stopped any efforts to patch their servers. That likely means these vulnerable websites will remain until outdated technology is replaced, which could leave vulnerable servers in place for a decade.
This is a serious concern for web users because there’s nothing they can do to improve the security of these vulnerable site from their end. The best course of action is to regularly change passwords and be sure to use a unique password for each online account. Using this practice ensures that only one account is compromised if a criminal gets your log in credentials and regularly changing passwords ensures that compromised accounts won’t stay compromised for long.
If your servers haven’t been updated since news of Heartbleed broke, or you haven’t tested to see if you’re vulnerable, you’re running a significant risk.
At Geek Rescue, we handle security for both individual users and organizations. Let us be your IT team. Call us at 918-369-4335.
June 19th, 2014
The way smartphones are used is changing. More users are willing to surf the web, and even make purchases with their phones than ever before. Unfortunately, this means that it’s more profitable than ever to launch malware attacks against these devices. At Dark Reading, Kelly Jackson Higgins explains one of the latest threats against Android users and how it could compromise users’ bank accounts.
The attack begins with a fake Google Play store app icon appearing on your device. If you look closely, this fake icon is easy to spot. It’s titled “Googl App Stoy”. This would be a dead giveaway that it’s a fake, but many users fail to look past the official looking logo.
It’s unclear how exactly the malware infects Android devices, but it’s likely done through a malicious app that’s either infiltrated the official Play store or the user downloaded from an unverified location.
The malware lay larges dormant on a device until the fake Play store app is clicked. At that point, it is activated and able to steal banking website log in information, as well as text messages.
What makes this malware particularly dangerous is how difficult it is to get rid of. Only three out of 51 antiviruses tested were able to detect its presence. That’s led to about 200 reported victims over the past 30 days. Complicating matters even further is the app’s supposed ‘Uninstall’ feature. While using ‘Uninstall’ seems to remove the app icon, it reappears and the malware continues to run when the device is restarted.
So far, this attack has only targeted Korean users, but that suggests that users in the US could be targeted soon by this or similar malware.
If your device is infected with malware, or you’d like to find out how to protect yourself better, call Geek Rescue at 918-369-4335.
June 17th, 2014
A distributed denial-of-service attack, or DDoS, often makes headlines for attacks on large enterprises and popular websites. Victims of DDoS attacks come in all sizes, however. These highly targeted attacks can be launched against any organization to slow operations to a crawl or a standstill. When faced with a DDoS attack, it’s important to take the right actions in order to keep it from crippling your network. At Dark Reading, Kelly Jackson Higgins reveals what not to do in your preparations for potential attacks.
The absolute worst case scenario is assuming that your business won’t be targeted by a DDoS attack. There’s certainly a chance you could be right, but it’s a big gamble. If you are attacked without a plan in place, you risk being unable to serve your customers for weeks. Putting the proper security tools in place before an attack allows you to recover quickly, or in many cases avoid any damages or downtime. Too often organizations wait until an attack is already taking place to act. By then, the time required to mitigate the attack is multiplied.
Just putting precautionary measures in place isn’t enough, however. One infamous story explains how a large banking institution implemented a DDoS mitigation service, but when they put their plan into action for the first time, their entire network went down. Failing to properly test your mitigation system before it’s needed isn’t so different from having no system at all. In other cases, mitigation services have been known to slow down services. During an attack, this might be attributed as a DDoS side effect. Without proper testing, you may be doing harm to your own network and services.
- No Relationship With Your ISP
Your internet service provider is the first line of defense in most DDoS attacks. From a so-called “upstream” vantage point, ISP’s are able to see if malicious traffic is targeting a specific network or application. While you may be locked out of your own network due to an influx of traffic, your ISP could be able to limit that traffic or even stop it before it does any damage. Once again, once an attack has started it’s already too late. The key is to partner with your ISP early and ensure that they’re monitoring activity for signs of a possible DDoS.
DDoS attacks are able to knock services offline and prevent you from doing business and serving your customers. To find out what security measures are needed, call Geek Rescue at 918-369-4335.
June 13th, 2014
It’s long been understood that Google, Facebook and many other popular websites record users’ data. That data is used a variety of different ways, but most commonly it’s to produce more targeted ads that are relevant to you. This week, Facebook announced that they’ll begin collecting data from users’ browsing history for advertisement purposes over the coming weeks. Naturally, many users feel this is too invasive. At Gizmodo, Ashley Feinberg published a detailed walk-through for how to opt out of Facebook’s new policy. Here are the steps you’ll need to take.
The first thing to understand is that Facebook collects and uses this information by default, so if you don’t want to participate, it requires some proactive effort on your part. To do that, visit the Digital Advertising Alliance’s ‘Opt Out From Behavioral Online Advertising’ page. Turn off any type of ad blocker and make sure to enable cookies for the site to work. To be clear, this doesn’t stop Facebook from collecting information about your browsing history. This only limits how they are able to use that data. Unfortunately, if you want to keep your Facebook account, you’re pretty much accepting that they track your online behavior.
- Companies Collecting Data
Your first action at the Digital Advertising Alliance’s page should be to use the ‘Companies Customizing Ads For Your Browser’ tab. Scroll down to Facebook and check mark it. This is a good time to also look at other websites and companies who have similar policies and opt out as you need to. Then, with all companies that you want checked, hit ‘Submit’.
Chances are, you’re using Facebook’s mobile app also. To opt out on an Apple device, go to the ‘General Settings’ tab and open ‘Restrictions’ then ‘Advertising’. ‘Limit Ad Tracking’ will be a switch you can simply turn off. For Android users, visit the ‘Google Settings’ tab then ‘Ads’. Select ‘Opt-Out Of Internet Based Ads’ and you’re done.
That’s all it takes to be free from overly-invasive data collection on Facebook and other websites. Again, this doesn’t stop them from collecting data, it only stops them from using it to target you with ads.
For help locking down your valuable data, improving your computer’s security or other IT issues, call Geek Rescue at 918-369-4335.
June 10th, 2014
Whether you’re attempting to secure your personal computer, or securing your company’s network, the threat of computer-related crimes is incredibly motivating. Cyber crime cost an estimated $400-billion worldwide last year according to a study released by McAfee and a Washington D.C. based think tank. That number is likely to continuously grow in the coming years. At TechWorld, Jeremy Kirk reports on these findings.
The $400-billion figure is actually on the low-end of the estimated cost of cyber crime. Cyber attack related costs could actually be closer to $575-billion annually.
An estimate is necessary despite the study’s authors conducting in-depth research and data collection because the definition of cyber crime varies from country to country. In fact, some nations have made no effort to track and calculate the cost of this type of crime at all. In addition to these factors, many incidents and attacks go unreported and, in the case of large scale attacks on corporations, the exact cost of an attack is often never known.
The cost the think tank and McAfee arrived at also factors in both the direct and indirect cost of cyber attacks. This includes the amounts spent on attempting to secure against them, as well as the cost to recover and the cost to reputation from having been a victim.
Not surprisingly, businesses in the US suffered higher losses categorized as cyber crime than any other nation. As more vital business functions are moved online, these companies become even more of a target. For this reason, it’s expected that cyber attacks will cost even more in the coming years.
Targeted attacks are usually launched against networks with high value and vulnerabilities that permit ease of access. While it’s impossible to be completely secure from every threat, investing in security makes it more difficult to be exploited, which makes you a less attractive target to criminals.
For help improving security or to recover from an attack, call Geek Rescue at 918-369-4335.
June 9th, 2014
Ransomware has surged in popularity for attackers over the past year. In a ransomware attack, a user’s files are encrypted and only released once a ransom is paid. Usually, this type of malware finds its way onto a user’s device through a malicious email attachment, or phishing website set-up specifically for infection. Neither of these methods are particularly efficient for criminals, however. That’s why, as Jeremy Kirk reports at TechWorld, ransomware attacks have begun appearing in conjunction with malicious advertisements on trusted websites.
Disney, Facebook and the Guardian Newspaper’s website were all found to be hosting malicious ads by Cisco Systems, who called the practice “insidious”. Also known as malvertising, legitimate websites are tricked into displaying ads that redirect users to malicious domains. While advertising networks are working hard at protecting websites against malvertising, their security is far from perfect, which leads to attacks like these.
For users, not only is the website trusted, but so is the ad. The advertisement of legitimate and trusted companies is shown, but while the user is expecting to visit that company’s website, a click actually delivers them to a site that downloads malware to their device.
In the attacks noticed by Cisco, an exploit kit on the malicious site checked for any vulnerabilities in a user’s version of Flash, Java or Silverlight. Those who hadn’t patched vulnerabilities were exploited and a ransomware relative of Cryptolocker, called CryptoWall, was installed. CryptoWall then encrypted files and demanded a ransom. The longer a user delays, the higher the ransom gets.
The group behind the attacks hasn’t been identified yet and no real protection is being offered. To avoid infection, you could avoid clicking on any advertisements online, but even that doesn’t protect you against attacks that only require the display of malvertisements. A better course of action would be to ensure that all of your applications are fully updated and patched. Then, be aware of what you’re clicking on and what website you expect to load.
If any of your devices are infected with malware, come to Geek Rescue or give us a call at 918-369-4335.
June 4th, 2014
Cryptolocker unveiled itself in 2013 as one of the worst malware threats on the web. Victims saw their files encrypted only to be released after a ransom payment was made, and even then sometimes the files would remain inaccessible. A new spam email scheme, as reported on the Symantec blog, uses the Cryptolocker name, but actually infects users with another form of crypto malware.
While the malware used in this attack isn’t Cryptolocker, it performs similarly. Users’ files are encrypted and a ransom is demanded. The use of the Cryptolocker name is perhaps to convince users that there’s no way around the encryption. Cryptolocker uses notoriously difficult, or nearly impossible, to break encryption. While this threat’s encryption hasn’t been closely analyzed, it’s likely that it hasn’t been crafted as carefully.
The attack begins with an email arriving appearing to be from an energy company. Users are told that they have an outstanding debt on an electric bill. That should be the first clue for most users. In this sense, this particular threat is more believable than others. Many companies, including electric providers, often send an email to customers telling them their latest bill is ready.
The message contains a link supposedly allowing users to view their bill. It directs them to a website containing a CAPTCHA. The number you’re directed to enter never changes, however. From there, users arrive on a page with a link to download their bill. It downloads as a file disguised as a .PDF. Again, this is all fairly believable.
Opening that file, however, immediately causes files to be encrypted and a text file pops-up informing the victim that they’ve been hacked with Cryptolocker. They’re informed to send an email to a provided address to start the ransom process.
There’s an added feature to this attack also. The malware checks to see if the user is running email client Outlook or Thunderbird. If you are, your contact list is stolen and sent to the attacker, presumably to help spread the malware to more users.
As with any other crypto attack, the key is to avoid infection. Once your files are encrypted, it’s extremely difficult to unlock them. Avoid these threats by being extremely cautious about following links in emails and downloading attachments. Also, regularly back-up your important files in case they’re encrypted or corrupted.
For help recovering from a malware infection, call Geek Rescue at 918-369-4335.
June 3rd, 2014
About two months ago, the Heartbleed bug was the scourge of the internet. Since then, websites have scurried to update and patch the vulnerabilities that could potentially lead to the theft of their users’ data. As Jeremy Kirk of Computer World reports, the Heartbleed name is still being used to strike fear into users only now it’s in association with a phishing scam.
Security firm TrendMicro reports that spam emails are being distributed that promise a “Heartbleed removal tool”. Individuals who have some understanding of what Heartbleed is will understand that it isn’t a virus or malware that can simply be removed. But, others who are familiar with the name ‘Heratbleed’ but unfamiliar with any other details are being fooled.
The attachment to these emails, the supposed removal tool, is actually a keylogger, which is used to record the keystrokes of the user and sends them to the criminal who launched this attack.
Given the apparent misunderstanding of Heartbleed, this scam is already poorly constructed, but it falls apart even more when you consider the content of the email. While the body contains a warning about Heartbleed and urges users to run the attached removal tool, the subject line reads “Looking For Investment Opportunities from Syria”. A more spammy email subject has rarely been written and, of course, the subject and body don’t match.
These characteristics make this particular scam easy to spot for users and spam filters, but criminals trading on the Heartbleed name isn’t likely to stop anytime soon. Be wary of any email, even those purporting to be from legitimate companies, that advises you to protect yourself from Heartbleed. Don’t follow links in those emails and don’t download the attachments.
If your computer is infected by malware, Geek Rescue is here to help. Call us at 918-369-4335.
June 2nd, 2014
For businesses, creating a secure IT infrastructure is difficult even if you’re only working with a handful of desktop computers that all run the same operating system and applications. Complications come from adding new devices, especially when employees begin using their own personal devices on your network. In most cases, it’s not the devices themselves that cause problems, but rather the apps they’re running. At Beta News, Ian Barker explains how mobile apps threaten the security of your business.
Even for individual users, relatively secure smartphones are exploited through security vulnerabilities in mobile apps. These aren’t malicious apps, but rather legitimate apps that contain flaws and hold high risk permissions.
According to studies, the average smartphone contains about 200 apps. This includes apps that come pre-installed from the manufacturer or service provider and those that the user downloads themselves. Each app averages about 9 permissions, or abilities to access and use your phone’s data, which includes access to your social media profiles, location and more. Of these nine permissions, about five would be considered high risk on average for each app. This means if the app were exploited, a criminal could cause significant harm to your device, or to your finances and identity, through these high risk permissions.
For businesses, this introduces hundreds of potential vulnerabilities for each employee and multiple data leaks associated with each vulnerability. Mobile security specialist, Mojave, categorizes about half of the mobile apps they examine to be at least moderate risk, which means they have access to a large amount of valuable data and don’t have a large amount of security associated with them.
Keeping your business secure requires close attention to not only every device that connects to your network, but also every application that device is running. Without that, you risk an employee opening the door for an attack that compromises your company’s data, or your customer’s.
For help securing your business, or recovering from an attack, call Geek Rescue at 918-369-4335.
May 30th, 2014
Implementing proper security features on your computer isn’t high on most individual’s priority list. The assumption is that it will take hours to install new antivirus software and make other necessary changes. But, in reality, some significant improvements can be made in just a few minutes. Andy O’Donnell of About offers his “10-minute security tune-up”. While these won’t make you computer immune to malware infections, they are helpful.
Whether it’s your operating system, browser, antivirus program or other applications, it’s important to keep them updated and install the latest patches released by the developer. It’s a quick and easy process, but it protects you from some of the most dangerous threats to your PC. Patches and updates are often released to fix a vulnerability that has been demonstrated to be exploitable by criminals. So, failing to install these updates leaves a known security flaw open. That’s like asking for trouble. Similarly, updating your antivirus program allows it to stay up to date with the latest recognizable threats so it can identify them on your PC or stop them from infecting it in the first place.
Most users have an antivirus scanner installed on their PC, but have you ever considered the need for a second one? Even if you keep a trusted antivirus program updated, it’s still likely to miss a few threats. Some experts suggest adding a second antivirus scanner to identify problems that would have slipped through. This can potentially cause issues if both antivirus programs are set to actively scan at all times. Instead, you may consider using your primary antivirus program at all times, then run additional, regularly scheduled scans with your secondary scanner.
Regardless of how many security tools you put in place, there is always the chance of a catastrophe. Cyber attacks grow more intelligent every day and it’s impossible to close every potential vulnerability. Even if your PC isn’t taken down by malware, you could lose your data because of a hardware issue or natural disaster. That’s why it’s important to regularly back-up all the important data stored on your hard drive. With cloud storage readily available, you can even store it off site so the loss of your computer doesn’t mean the loss of your back-ups.
As mentioned, no security is perfect. If any of your devices are infected with malware or you’re experiencing other issues, call Geek Rescue at 918-369-4335.