August 8th, 2014
Earlier this year, malware called Lurk was discovered infecting users with vulnerable versions of Adobe Flash. That same malware continues to count victims, but has altered its tactics slightly. At Dark Reading, Kelly Jackson Higgins reports how Lurk is embedding malicious code inside an image to infect users.
Steganography is the term used to describe this type of attack and it’s one that’s well-known in the intelligence and security community. In this particular scheme, iFrames on websites are used to infect users with security flaws in their version of Adobe Flash. This would be users who haven’t updated recently. Popular and legitimate websites were used to spread this malware. Rather than downloading a malicious file, which can be easily spotted by antivirus programs, Lurk is downloaded as an image with malicious code embedded within it.
Experts say this method isn’t complex, but because it’s difficult for security applications to spot it, it can be extremely effective. Attackers using this scheme have reportedly infected 350-thousand users over just a few months and netted hundreds of thousands of dollars in profit.
The profit comes in the form of click-fraud. The image file that a user unknowingly downloads contains an encrypted URL, which is used to download more files. Those are used to earn clicks on ads and websites that in turn make the attackers money.
The Lurk attack remains active and experts believe steganography will be used in more attacks in the coming months. To protect yourself, make sure to update and patch all programs, especially Adobe Flash, each time an update becomes available.
If you’ve been the victim of an attack, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
June 19th, 2014
The way smartphones are used is changing. More users are willing to surf the web, and even make purchases with their phones than ever before. Unfortunately, this means that it’s more profitable than ever to launch malware attacks against these devices. At Dark Reading, Kelly Jackson Higgins explains one of the latest threats against Android users and how it could compromise users’ bank accounts.
The attack begins with a fake Google Play store app icon appearing on your device. If you look closely, this fake icon is easy to spot. It’s titled “Googl App Stoy”. This would be a dead giveaway that it’s a fake, but many users fail to look past the official looking logo.
It’s unclear how exactly the malware infects Android devices, but it’s likely done through a malicious app that’s either infiltrated the official Play store or the user downloaded from an unverified location.
The malware lay larges dormant on a device until the fake Play store app is clicked. At that point, it is activated and able to steal banking website log in information, as well as text messages.
What makes this malware particularly dangerous is how difficult it is to get rid of. Only three out of 51 antiviruses tested were able to detect its presence. That’s led to about 200 reported victims over the past 30 days. Complicating matters even further is the app’s supposed ‘Uninstall’ feature. While using ‘Uninstall’ seems to remove the app icon, it reappears and the malware continues to run when the device is restarted.
So far, this attack has only targeted Korean users, but that suggests that users in the US could be targeted soon by this or similar malware.
If your device is infected with malware, or you’d like to find out how to protect yourself better, call Geek Rescue at 918-369-4335.
June 17th, 2014
A distributed denial-of-service attack, or DDoS, often makes headlines for attacks on large enterprises and popular websites. Victims of DDoS attacks come in all sizes, however. These highly targeted attacks can be launched against any organization to slow operations to a crawl or a standstill. When faced with a DDoS attack, it’s important to take the right actions in order to keep it from crippling your network. At Dark Reading, Kelly Jackson Higgins reveals what not to do in your preparations for potential attacks.
The absolute worst case scenario is assuming that your business won’t be targeted by a DDoS attack. There’s certainly a chance you could be right, but it’s a big gamble. If you are attacked without a plan in place, you risk being unable to serve your customers for weeks. Putting the proper security tools in place before an attack allows you to recover quickly, or in many cases avoid any damages or downtime. Too often organizations wait until an attack is already taking place to act. By then, the time required to mitigate the attack is multiplied.
Just putting precautionary measures in place isn’t enough, however. One infamous story explains how a large banking institution implemented a DDoS mitigation service, but when they put their plan into action for the first time, their entire network went down. Failing to properly test your mitigation system before it’s needed isn’t so different from having no system at all. In other cases, mitigation services have been known to slow down services. During an attack, this might be attributed as a DDoS side effect. Without proper testing, you may be doing harm to your own network and services.
- No Relationship With Your ISP
Your internet service provider is the first line of defense in most DDoS attacks. From a so-called “upstream” vantage point, ISP’s are able to see if malicious traffic is targeting a specific network or application. While you may be locked out of your own network due to an influx of traffic, your ISP could be able to limit that traffic or even stop it before it does any damage. Once again, once an attack has started it’s already too late. The key is to partner with your ISP early and ensure that they’re monitoring activity for signs of a possible DDoS.
DDoS attacks are able to knock services offline and prevent you from doing business and serving your customers. To find out what security measures are needed, call Geek Rescue at 918-369-4335.
May 22nd, 2014
Microsoft’s Silverlight plug-in, which has features similar to Flash and is used for a variety of rich media applications on websites, including Netflix, is leaving users vulnerable to exploits. As Mathew J. Schwartz reports for Dark Reading, outdated versions of Silverlight contain vulnerabilities that lead to malware infections.
Up until recently, vulnerabilities in Silverlight were largely ignored by attackers. In late April, however, a pair of security flaws came to light and drew the attention of a number of exploit kit developers. In many of these attacks, malicious code is hidden in ads displayed by legitimate advertising networks. When these ads are displayed on websites that a user with an outdated version of Silverlight visits, malicious files can be installed.
While these vulnerabilities only exist for users who have failed to keep Silverlight updated, it seems that there’s a large number of users vulnerable and a large number of successful attacks stemming from these flaws. Currently, Silverlight is the most popular target for exploit, according to a report from Cisco.
Part of that popularity stems from the development of exploit kits. These kits are basically attacks in a box that any individual can purchase and launch without the need for any real expertise. These particular Silverlight flaws have made the development of exploit kits fairly simple, which has meant that many are being created at a rapid pace.
Silverlight is the latest, but certainly not the only plug-in that has caused security issues. In 2013, 85-percent of successful attacks involved an exploit of a third-party plug-in like Java or Adobe products like Flash or Reader.
The biggest danger in these plug-in exploits is businesses who are shockingly unprepared for them. Only 29-percent of businesses who were hit with this type of exploit in 2013 were able to discover the breach themselves. In some cases, they were unaware until their client base informed them of a problem.
If you’ve been the victim of an attack and need help clearing the malicious files off your computer and network, or if you’d like to find out more about properly securing your company, call Geek Rescue at 918-369-4335.
May 16th, 2014
We’ve discussed before how data breaches lead to a loss in revenue for businesses. That’s not the only issues that stem from an exploit in a security vulnerability, however. At Dark Reading, Tim Wilson reports on a recent survey conducted by the Ponemon Institute that reveals how consumers react to a company’s data being compromised.
When it comes to a brand’s reputation, which influences how likely a consumer is to do business with that brand, there are three leading factors that have the greatest negative impact. Those factors are poor customer service, environmental disasters, like oil spills, and data breaches. That these are the most influential may not be that surprising until you realize what they beat out. Other factors that finished lower in the survey were publicized lawsuits, government fines and labor or union disputes.
It’s not surprising why consumers feel so strongly about avoiding businesses who have experienced a data breach. About a quarter of typical consumers are extremely concerned about being the victim of identity theft. That jumps to about half of consumers who are customers of a company who has experienced a data breach and many of those believe their identity and personal information will be at risk for years to come, or even for the rest of their lives. For these individuals, it’s better to sever ties with a company they’ve done business with for years than to risk their information falling into the wrong hands.
This report contains a clear message for businesses. A loss of customers is inevitable should you suffer an attack that results in the theft or exposure of important data. That’s why it’s important to invest in security now before a successful, and costly, attack occurs. The reality is that many small to medium businesses fail to ever recover from a severe attack. A lacking security infrastructure could actually lead to the loss of a business.
For help improving the security at your company, call Geek Rescue at 918-369-4335.
May 15th, 2014
The hard truth is that it’s extremely difficult to effectively secure a business from cyber attacks, malware and data breaches. It’s also vital to managing a successful business, however. At Dark Reading, Mark Goldstein and Arun Sood published a list of common security myths that hinder both the understanding and the effectiveness of a company’s security infrastructure.
What is adequate in the context of data security? The truth is that no system is 100-percent effective. Successful attacks are unavoidable because it’s impossible to secure every endpoint while simultaneously dealing with thousands of new pieces of malware each day. The key is to minimize the risk and the damage and have a plan in place to recover and mitigate attacks.
Many business owners believe that server and security management is as simple as getting everything online, then dealing with problems as they arise. That’s one way, but that introduces a number of potential problems. First, by not being proactive and looking ahead for issues that could happen in the future, you’re actually likely to have more problems and more downtime. Similarly, while static systems cost less and require fewer man hours, they also create an unchanging target for attackers.
- All Threats Demand Action
Common sense suggests that any time there’s an intrusion or a vulnerability, your IT team needs to take action. In reality, however, reacting the same to every threat only means that you’re unable to react sufficiently to the most dire of threats. IT professionals understand that there are minor attacks that can’t do any real damage. It’s unwise for these threats to trigger the same alarms as large scale attacks because it increases the chances that one of these serious threats gets missed or overlooked.
- Patch All Vulnerabilities
In the same vein, don’t expect to be able to patch and close all security vulnerabilities that exist on your network. New vulnerabilities are added every day, or even every hour. With tens of thousands of vulnerabilities, it’s impossible and a waste of time to try to secure each of them. Instead, good IT professionals know how to spot the most dangerous vulnerabilities and patch them immediately. This is a more efficient use of time and keeps the most dangerous threats out while protecting your most valuable assets.
If you need to improve the security at your business, call Geek Rescue for help at 918-369-4335.
May 1st, 2014
Earlier this month, news broke of the Heartbleed bug that compromised the expected security of websites using OpenSSL. The bug would allow for attackers to steal unencrypted log-in credentials from web servers through a vulnerability, or more specifically, what’s called a “bounds check” was missing. Buried in those initial news reports was the warning to change passwords as soon as possible, but only after websites patched the vulnerability. At Dark Reading, Dave Kearns explains the best practices to stay safe in the wake of Heartbleed and why it’s not always wise to change passwords.
In the context of Heartbleed, the knee-jerk reaction was for users to change passwords as soon as possible because their old passwords could be stolen off a server at any time. It was quickly pointed out, however, that most websites hadn’t patched the vulnerability yet, which means a user changing their password wouldn’t protect their account. It would just hand that new password to any attacker who decided to steal it.
In this case, changing passwords wasn’t the best idea. In fact, users who didn’t change passwords and stayed away from a site completely were probably better off than those that proactively logged in and changed their account. The Heartbleed bug makes users vulnerable when they enter their account information. So, logging in and changing your password would potentially be giving that information to an attacker. But, leaving your account dormant would keep you safe.
Going forward, there are tools available to add on to your web browser that will tell you whether or not a website has been patched to eliminate their vulnerability to Heartbleed. If it has, you’re free to log-in and change your password. This protects you in case your old password was compromised at some point.
If the site hasn’t been patched, leave immediately. That site isn’t safe for use until the vulnerability is fixed.
The best way to protect yourself from catastrophic damage in the wake of an attack of online accounts is to always use unique passwords for each account you hold. That way, if one, insecure account is compromised, your other accounts are safe. For users that use the same password for multiple accounts, the theft of one from an insecure site like a message board could lead to important accounts like social media, email or banking sites being hacked as well.
At Geek Rescue, we have tools to protect you from attacks and to help you recover. Call us at 918-369-4335.
April 23rd, 2014
SQL injections are a popular form of attack that exploits vulnerabilities in applications. This type of attack commonly targets web applications used by companies and, as Kelly Jackson Higgins of Dark Reading reports, it can take months to discover the attack and mitigate it.
Over the past year, SQL injections have been discovered at 65-percent of organizations polled. This is a common form of attack that can be used on networks of any size, from businesses large and small to even homes. On average, these attacks take 9-months from the time the attack occurs initially to the time a company fully recovers. Much of that time, about 140-days on average, is spent not knowing the SQL injection is even taking place. In fact, nearly half of companies that have been the victim of these attacks say it’s taken a minimum of 6-months to detect them.
The respondents in the study were made up of 595 IT professionals working for both commercial and government organizations in the US. The issue, it seems, is that most businesses don’t test third party applications for potential vulnerabilities. Considering the vital nature of third party applications for many businesses, this is a costly misstep. Many businesses also continue to rely on signature-based security. This leaves them vulnerable to attacks that have not yet been spotted and categorized. For cutting edge and more intelligent attacks, a shift to behavioral analysis based tools is needed.
Making matters worse is the growing trend of mobile devices using a company’s network. Many of the surveyed IT professionals agreed that these devices made it harder to find the source of the SQL injections.
SQL injections are a real threat and while more and more businesses are aware of them, more needs to be done to protect against them.
For help protecting against costly attacks on your network or recovering from one, call Geek Rescue at 918-369-4335.
April 11th, 2014
A common piece of advice is to keep applications updated, especially antivirus programs, to try to keep up with constantly evolving cyber threats. At Dark Reading, Tim Wilson reports on the recently released Websense 2014 Threat Report that finds advanced, targeted attacks are more prevalent than ever before. This means that relying on out of date malware definitions and failing to patch vulnerabilities quickly are more likely to cause users to become victims of an attack.
Websense reports preventing more than 4-billion attacks in 2013. Almost all of these attacks were intelligently designed to by-pass traditional security tools and pursue confidential data. The worry is that not only are the highly targeted, advanced attacks able to fool traditional security infrastructures, but attacks considered more common and able to affect users on a large scale are also using advanced tactics to avoid detection and prevention.
A common attack tactic is the use of malicious links, either on a website or included in an email. Clicking these links causes the download of malware, or directs users to phishing sites designed to steal log-in credentials or other important information. In 2013, 85-percent of these malicious links were found to be located on legitimate, trusted websites that had been compromised. This makes it exponentially more difficult to recognize and prevent this style of attack because the website being used isn’t designed as an attack site.
About one-third of all malicious executable files discovered in 2013 contained custom encryption of programs designed to remotely take control of a system or mine data from it.
There were also a reported 67-million exploit kits discovered throughout last year. An exploit kit is a way for developers with expertise to design an attack and sell it to others to be easily customized and launched at the target of their choosing. These kits make it easier for more criminals to launch an attack because it only takes money, rather than expertise.
The takeaway from the Websense report is that no user is safe. There are so many threats to your safety, you’re bound to run into one eventually. This report also speaks to the importance of being proactive in your security. Update and patch often and be looking for new ways to protect your network.
For help improving the security of your network at home or at the office, or for help recovering from an attack, call Geek Rescue at 918-369-4335.
December 30th, 2013
The malware being used by hackers and their tactics are changing all the time. Throughout 2013, we’ve seen new threats emerge. Robert Lemos of Dark Reading lists some of the advanced attacks we saw in 2013 and how businesses should be changing their security infrastructure to protect against similar attacks in the future.
This form of ransomware began infecting users over the summer. Since then, it claimed an estimated 200-thousand victims in its first 100 days in the wild. Cryptolocker encrypts files stored on a user’s computer and demands a ransom before giving the key to decrypt. For businesses, educating users on how to avoid malware is imperative. Unlike some other forms of ransomware, Cryptolocker is not a bluff and will encrypt and destroy files if no payment is given. The best way to prevent that damage is to avoid malicious files from ever reaching your network.
This year, we saw more instances of attacks filtering through service and technology providers in order to reach their intended targets. This was demonstrated by the Syrian Electronic Army’s headline making attacks against the New York Times and other media outlets. In the New York Times attack, hackers tricked the domain registrar to transfer ownership of ‘nytimes.com’ to them. For businesses, this underscores the importance of selecting the right suppliers. Not only do you need to be wary of who you are working with, but you also need to be able to monitor them in real-time to stay ahead of any emerging threats.
Distributed Denial of Service attacks have been around for years, but 2013 saw them grow in size and scope and also become harder to recognize. Hackers use these attacks to flood websites and applications with requests, which either cause them to shut-down, or at least cause them to slow down and make it difficult to respond to legitimate requests. To increase the capabilities of DDoS attacks, hackers have begun to use reflection attacks, where mis-configured servers amplify the size of an attack. This is a threat that not only isn’t going away, but it’s increasing in frequency. Being aware of the capabilities of DDoS attacks and having a plan in place in case your organization is targeted is important.
These are threats that all businesses need to be prepared for and plan for. There are a number of ways to secure your organization, and each threat demands a different action.
For help with your company’s security, contact Geek Rescue at 918-369-4335.