February 19th, 2014
Over the past few months, wireless routers have become more of a target for attacks and more vulnerabilities have surfaced. Attacks on routers can be extremely costly as hackers could gain access to any data you are sending out or receiving and could even gain access to information stored on your hard drive. Seth Rosenblatt of CNet reports that vulnerabilities in Asus routers have put those users particularly at risk.
There are nearly a dozen Asus routers vulnerable to active attacks. Hackers are able to exploit this vulnerability to gain access to access data stored on networked drives. If you’re using the cloud storage options included with Asus routers, there’s a good chance that criminals could gain access to anything stored there.
The vulnerability was first discovered more than six-months ago, but Asus has been silent about a fix. Now, after evidence of attackers exploiting the security flaw have surfaced, Asus has released a firmware update fix. There’s still one problem, however. The update isn’t being automatically sent to all affected browsers. Instead, users have to visit the Asus site themselves and manually install the fix.
Since Asus hasn’t done a good job publicizing the availability of this update, many users are still vulnerable to attacks.
Experts are speaking out about the improvements needed from manufacturers in order to keep routers safe from attacks. Because there is so much to gain by launching an attack against a router, companies need to do a better job making security a priority and getting their products patched before hackers have a chance to exploit vulnerabilities.
If you’re router has been attacked or your computer has been infected with malware, call Geek Rescue at 918-369-4335.
February 11th, 2014
One of the biggest mistakes made in security by local businesses is a belief that they won’t be targeted in an attack because they have less to offer than larger enterprises. That mistake leads to weak security, which attracts attacks and leaves you susceptible to untargeted attacks. Take the latest news of a Cryptolocker victim for example. John E. Dunn of CIO reports that a local law firm in Charlotte recently lost critical data after Cryptolocker infected their network.
Cryptolocker found its way on the law firms computers after an email and its malicious attachment were mistakenly opened. An employee believed the email was from the firm’s phone answering service. After that, Cryptolocker couldn’t be stopped from encrypting thousands of legal documents critical to the law firm’s operations.
The nature of law firms makes them enticing targets for Cryptolocker and similar attacks because they can’t afford to lose access to their documents. Any business with money to spend, but no time to waste is likely to pay the ransom associated with decrypting files.
In the case of the Charlotte law firm, their IT team first attempted to unlock the files and work around the malware. When their efforts were unsuccessful, the firm attempted to pay the $300 ransom, but they were informed that the deadline had past and the files were permanently locked.
The law firm notes that had an attack stolen the important documents, rather than only encrypting them, the damage could’ve been much worse. Still, they lost access to every file stored on their main server, which prevents them from serving many of their clients.
For any size business, it’s important to educate employees about this type of threat in order to avoid infection in the first place. Regular back-ups of files will also save you from a disastrous loss of data.
Small business owners need to stop believing that an attack of this nature will never happen to them. Malware infections are costly to any business and statistically just as likely to strike small, local companies as they are large enterprises.
For help improving the security at your business, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
February 7th, 2014
Many internet users believe that the key to avoiding a malware infection is to only visit legitimate websites and never open suspicious looking email or download attachments. While this is certainly going to keep users safe from a large amount of malware, it doesn’t keep them safe from all of it. This is evidenced by a recent exploit of a vulnerability in Adobe’s Flash player. As Lucian Constantin reports for PC World, this exploit infected victims with malware capable of stealing users’ log-in credentials for a variety of websites.
Security experts uncovered 11 exploit files targeting this vulnerability, which reveals that the same security flaw was being used by hackers in different ways. Some of the exploit files were designed to execute other files, one downloaded other malicious files and one was a trojan that steals log-in credentials saved in email and web browsers.
Experts found that each file was embedded within Microsoft Word .docx files and target Windows users specifically. Though one attack used malicious emails with a rigged .docx file as an attachment to infect users, most files were found in internet caches suggesting they were downloaded from websites.
These files have already been used in attacks against real-world users, as evidenced by Adobe’s use of the phrase “in the wild” to describe them. Since the vulnerability is known in the hacking community, expect more attacks to be rolled out exploiting it.
To their credit, Adobe scrambled to release a patch that would eliminate the Flash security flaw. This is version 18.104.22.168 for Windows and Mac users. If you haven’t updated Flash on your machine yet, be sure to do that as soon as possible.
If your computer has been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 4th, 2014
Any time one of the giant email providers is hacked, it’s major news. A large scale attack affecting thousands to millions of users most recently hit Yahoo. Attacks on your email aren’t always part of a larger effort, however. Sometimes, your email is hacked because a device you use to access it is infected with malware, or because it shares a password with a less secure online account you use. Sometimes, there’s little you can do to avoid having your email’s security compromised. But, it’s important to be able to quickly recognize the warning signs of a hack so you can get to work resolving it. At Tech2, Nishtha Kanal explained a way to see who has been accessing your Gmail account recently.
To find out the last 10 devices that have accessed your Gmail account, you’ll first need to long in on a desktop browser. This won’t work on the Gmail app. Scroll all the way to the bottom of your inbox and locate a link called “Details” on the right side of the page. Clicking that link will open a pop-up detailing the recent activity on your account. You’ll be able to see what type of device has accessed your account, when it was accessed and where the IP address of the device is located.
Even if you don’t suspect any malicious activity on your Gmail account, it’s a good idea to regularly check this log. This way, you’re sure to catch any break-ins before they have an opportunity to do any real damage.
If you’re not a Gmail user, or you’d like some other ways to monitor your email account, there are other methods. Monitoring your ‘Sent’ folder helps you keep tabs on how your account is being used. Many times, hackers will use your email to spam all of your contacts. These messages don’t always show up in the ‘Sent’ folder, but if any messages do show up there that you aren’t familiar with, you’ll know someone else has access to your account.
If you find your email has been hacked, there’s a good chance your computer is also infected with malware. Bring your infected devices to Geek Rescue, or give us a call at 918-369-4335.
January 30th, 2014
Planning is a key step to effective data security for your business. If you know how you’re likely to be attacked, you’ll know how to best protect yourself. At PC World, Tony Bradley published a list of security threats he expects to be common throughout 2014.
The time when you could consider your smartphone immune from the dangers of malware has passed. With a large percentage of the population not only using mobile devices, but using them to access critical data, criminals have begun heavily targeting them with mobile-specific malware. And infection can stem from a number of places. Email, malicious links and text messaging are all popular modes of malware infection, but even connecting to an infected computer via USB has been the root of infection in some attacks.
You’ve likely seen this buzzword in the media and it refers to the growing number 0f items with internet capabilities. Your refrigerator, car, home security system, baby monitor and many other common items can now be online and controlled remotely. While this may present a convenience for you, it also poses a security risk as hackers may also be able to gain control of your things. We’ve already seen a refrigerator used as part of a botnet. Be aware that if an item in your home or business can connect to the internet, it can be hacked.
Patches and security updates for this operating system will be discontinued by Microsoft this April. While Microsoft Security Essentials will receive support until the summer of 2015, this still presents a significant security issue. A large portion of the world’s desktop computers, particularly in offices, are still running XP. Worse is that kiosks and other embedded devices also run off of XP. When Microsoft stops supporting their old operating system, developers will also likely stop releasing updates for their XP applications. This leaves users in a frozen state where known exploits won’t be fixed. Some security experts are forecasting that hackers will wait until support stops and then launch all out attacks on XP systems.
Due to the success of attacks, like those on Target and Nieman Marcus, expect large scale data breaches to continue. Cyber criminals understand how valuable data can be and are willing to launch intelligent attacks to steal it. Staying protected requires planning, putting proper security tools in place and being smart about what you download and who you allow on your network.
For help improving the security at your company or on your home PC, call Geek Rescue at 918-369-4335.
January 28th, 2014
Generally, pieces of malware only harmful to the devices they target. For example, malware designed for Windows won’t be harmful to mobile devices, or vice versa. However, researchers have seen examples of malware that infects Android devices with the ultimate goal of infecting a PC connected to them. Now, as the Symantec blog reports, there is evidence of malware that infects PCs with the ultimate goal of infecting an Android device that connects via USB.
So far, there’s been no official word about how the malware, known as Trojan.Droidpak, infects PCs. Once it’s downloaded, the trojan begins adding malicious files to your system. First, a DLL registers itself as a system service. Then, a configuration file is automatically downloaded. Then a malicious APK and ADB (Android Debug Bridge). If an Android device is connected to the infected PC, an installation of the APK and ADB files is attempted repeatedly to ensure infection of the mobile device.
To be successful, the malware requires USB debugging mode to be enabled. To check if your phone allows debugging mode, go to ‘Applications’ in the settings menu. Then, select ‘Development’ and you’ll see an option to allow debugging mode when your phone is connected to a PC via USB.
If the malware successfully infects your smartphone or tablet, it disguises itself as an application called ‘Google App Store’ that even steals the Play Store logo. This particular trojan specifically looks for banking applications. When found, a user is prompted to delete that version of the banking app and replace it. The replacement app is a malicious version used to steal financial data and log-ins. The malware is also able to intercept text messages and forward them to a third party.
The good news is that currently the trojan only targets Korean banking apps, but it’s easy to see how this malware could be adjusted to start targeting US Android users. Turning off USB debugging mode is a good start and you should also turn off the AutoRun feature on your PC when connecting another device.
If your PC, smartphone, tablet or any of your devices are infected with malware, bring them to Geek Rescue or call us at 918-369-4335.
January 24th, 2014
Recently, we’ve concentrated on the various threats associated with Android devices and their users. But there are security threats for Apple device users to concern themselves with also. With more than 300-million active iPhones in use today, Apple products make an attractive target for cyber criminals. At the Bullguard blog, Steve Bell revealed three of the most troubling security vulnerabilities associated with iPhones. These vulnerabilities come from studies focusing on banking apps specifically, but also suggest other potential security flaws in other downloaded apps.
In order to secure connections between a web server and a browser, SSL certificates are used. These are small data files that contain a cryptographic key protecting the information being transmitted. This presents man in the middle attacks because if the data is intercepted without the proper key, it will remain encrypted. About 40-percent of the banking apps examined failed to validate the authenticity of SSL certificates used during transactions. That means any criminal who is able to intercept the data being transferred would be able to steal it and read it. Considering what type of valuable information you would commonly transmit using a banking app, that’s extremely troubling.
Many apps contain links that take users out of the app and onto the open web. These links can cause problems of their own if not properly implemented. In this study, nine out of ten of the banking apps contained non-SSL links to otherwise legitimate and trusted websites. Without the protection of encryption, however, these links are incredibly vulnerable to attacks. Data transmitted after following those links could be intercepted and criminals could even reroute users to a spoofed site in order to steal log-in credentials.
Apple’s iOS is considered a well-crafted, essentially secure environment, but vulnerabilities still exist with the introduction of apps. Though these apps may be found in the official App Store, they can still contain flaws that compromise your entire iPhone’s security.
If your having issues with your iPhone, or any of your devices, bring them to Geek Rescue or call us at 918-369-4335.
January 23rd, 2014
The amount of malware being produced to infect Android devices is growing rapidly. Usually, it’s easy to avoid being infected by only downloading apps from Google’s Play Store and only visiting trusted sites. It’s also generally easy to spot signs of an infection. At State of Security, Anthony M. Freed reports on the latest malware threat for Android that defies these conventions.
It’s called Android.He.He and it’s able to intercept both phone calls and text messages of infected devices. While similar malware that either intercepts calls or messages or sends them will leave evidence in your call log or text message history. Android.He.He not only deletes any evidence that a call or message was ever sent to your phone, it even keeps any notification from popping up at the time of the call or message.
The malware infects users by posing as a security update to the operating system running on their device. Once downloaded, an app called Android Security is added, but the malware is even capable of hiding this apps existence from the user.
It seems these attacks are highly targeted because the malware uses a predetermined list of phone numbers. When one of these numbers attempts to contact an infected the device, the malware intercepts it. This would seem to work best for targeted attacks against specific users, but could also work for general attacks by using numbers of popular credit card companies, banks and other organizations that may give attackers an opportunity to steal valuable information.
This supposed security update is not found in the Google Play Store and, while it could be sent to users directly, it is usually first encountered in an ad advising you to update your operating system, or in a third party app store.
It’s important to put security apps in place to protect you from some threats, but unfortunately security for mobile devices is lagging behind attackers. For that reason, it’s also vital to avoid putting yourself in a potentially harmful situation, like downloading apps from an ad or untrusted source.
If any of your devices are infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
January 17th, 2014
A shocking number of small businesses don’t invest in security to keep their data, and their customer’s data, safe from hackers and malware attacks. Many small business owners believe they won’t be a target because they don’t have as much valuable data as larger competitors. From a hacker’s point of view, however, grabbing a few credit card numbers, or infecting a small network without having to bypass robust security can be more attractive than trying to hack a complicated IT infrastructure. To help your business stay safe from cyber attacks, security expert David Campbell outlined some vital ways to improve security at Florida Today.
Updates to your operating system, antivirus program and vital applications are available nearly every day. The reason there are so many updates is because new vulnerabilities and pieces of malware are unveiled. To close flaws in security and eliminate bugs, you need to update constantly. Out of date applications tell hackers that known attacks will work against your network.
Do you know who can access your company’s data? You should be carefully tracking who is accessing your servers and from where. This way, you’ll be able to spot a potential attack before it does much damage. Also, be sure to limit employees who don’t need access to certain files or applications. By limiting access to only those individuals who need it, you minimize risk.
Proper testing can be the difference between a hassle-free integration of new technology and an extended period of downtime. From a security standpoint, make sure any new software you introduce is compatible with existing security features. Even when you have set up an effective security infrastructure, changes to your network could present vulnerabilities.
In addition to watching who is accessing data, keep an eye on how much traffic is running through servers. A spike in traffic can be a warning sign that a third party is using your resources maliciously. By closely monitoring the use of your resources, you’ll be able to spot problems before they cost you money.
If you run a business, you have information that criminals find valuable. Eventually, a lack of security will cost your company money and credibility.
Don’t wait, improve security at your business today by calling Geek Rescue at 918-369-4335.
January 17th, 2014
You’ve no doubt heard of the recent attack that stole data, including credit card numbers, from Target customers. After that attack, it was discovered that malware capable of stealing data out of the memory of point-of-sale devices, which are used by retailers and just about any organization that accepts payment digitally. Mathew J. Schwartz of Information Week published some facts about this memory-scraping malware that both users and businesses should know in order to stay safe.
The first time a memory scraping malware attack took place was in November of 2011 when several hotels had point-of-sale systems compromised. Since then, the malware has targeted hotels, auto dealerships, healthcare companies and many others. No previous attacks reached the scale of the Target breach, however. It is believed that those attackers successfully stole more records than any similar, previous attack.
You might think that important information like credit card information should be encrypted when stored to avoid this type of large scale attack. At almost all times, this information is encrypted, but not until later in the process. This malware steals data directly from memory, where it’s still in plain text. This could happen almost immediately after you swipe your card and even before payment has been authorized. Once that data is transferred to a hard drive or sent elsewhere, it’s encrypted, which makes it difficult, or in some cases impossible, for hackers to steal it.
- Vulnerabilities of point-0f-sale
Storing credit card data in plain text is an inescapable vulnerability in point-of-sale systems, which is likely the driving factor behind the way this attack was organized. When information is stored in memory, it needs to be processed, which means it has to be un-encrypted so the data can be used. Memory scraping malware is designed to wait for this moment when data is vulnerable and intercept it.
Point of sale systems operate on a network, which means there are a number of ways they can be infected. Any infected device connected to the same network could be the source. If that network isn’t secured properly and is compromised, that opens another option for malware to get in. In the Target attack, the personal information of customers was stolen in addition to credit card information. This suggests that malware had infected more than the point of sale devices. Servers or other databases connected to the internet were also attacked.
This type of attack is difficult to detect thanks to intelligent techniques used by hackers. Once malware has infected the network, it still needs to infect the point of sale device to steal valuable data. Doing so would usually set off alarms from security software protecting devices on the network, but in these attacks, encryption and antivirus evasion tools are used to confuse security and operate undetected.
There are other methods to protect devices with many of them stemming from keeping infected devices from directly connecting to point of sale devices. Unfortunately, for users, it’s seemingly impossible to tell if a retailer’s system is infected and will put your data at risk.
If your business would like to explore more robust security options to keep your information and your customer’s information safe from malware attacks, contact Geek Rescue at 918-369-4335.