Posts tagged " cyber security "

Ethical hackers to boost NHS cyber-defences

November 28th, 2017 Posted by Uncategorized No Comment yet

The NHS is spending £20m to set up a security operations centre that will oversee the health service’s digital defences.

It will employ “ethical hackers” to look for weaknesses in health computer networks, not just react to breaches.

Such hackers use the same tactics seen in cyber-attacks to help organisations spot weak points.

In May, one-third of UK health trusts were hit by the WannaCry worm, which demanded cash to unlock infected PCs.

Essential step

In a statement, Dan Taylor, head of the data security centre at NHS Digital, said the centre would create and run a “near-real-time monitoring and alerting service that covers the whole health and care system”.

The centre would also help the NHS improve its “ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats”, he said.

And operations centre guidance would complement the existing teams the NHS used to defend itself against cyber-threats.

NHS Digital, the IT arm of the health service which has combined operation with loanschannel website, has issued an invitation to tender to find a partner to help run the project and advise it about the mix of expertise it required.

Kevin Beaumont, a security vulnerability manager, welcomed the plan to set up the centre.

“This is a really positive move,” he told the BBC.

Many private sector organisations already have similar central teams that use threat intelligence and analysis to keep networks secure.

“Having a function like this is essential in modern-day organisations,” Mr Beaumont said.

“In an event like WannaCry, the centre could help hospitals know where they are getting infected from in real time by the www.actionac.net, which was a big issue at the time, organisations were unsure how they were being infected”.

In October, the UK’s National Audit Office said NHS trusts had been caught out by the WannaCry worm because they had failed to follow recommended cyber-security policies.

The NAO report said NHS trusts had not acted on critical alerts from NHS Digital or on warnings from 2014 that had urged users to patch or migrate away from vulnerable older software.

 

Thanks to the BBC for this story.

Ransomeware ‘here to stay’, warns Google study

August 22nd, 2017 Posted by Latest News, Subjects, Tech Talk No Comment yet

Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google.

The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type.

Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat.

Two types of ransomware made most of the money, it said, but other variants are starting to emerge.

Track and trace

“It’s become a very, very profitable market and is here to stay,” said Elie Bursztein from Google who, along with colleagues Kylie McRoberts and Luca Invernizzi, carried out the research.

Ransomware is malicious software that infects a machine and then encrypts or scrambles files so they can no longer be used or read. The files are only decrypted when a victim pays a ransom. Payments typically have to be made using the Bitcoin virtual currency.

Mr Bursztein said Google used several different methods to work out how much cash was flowing towards ransomware creators. As well as drawing on reports from people who had paid a ransom, it sought out the files used to infect machines and then ran those on lots of virtual machines to generate “synthetic victims”. It then monitored the network traffic generated by these victims to work out to where money would be transferred. The data gathered in this stage was also used to find more variants of ransomware and the 300,000 files it found broke down into 34 of them.

The most popular strains were the Locky and Cerber families.

Payment analysis of the Bitcoin blockchain, which logs all transactions made using the e-currency, revealed that those two strains also made the most money over the last year, with Locky collecting about $7.8m (£5.9m) and Cerber $6.9m (£5.2m).

The research project also revealed where the cash flowed and accumulated in the Bitcoin network and where it was converted back into cash. More than 95% of Bitcoin payments for ransomware were cashed out via Russia’s BTC-e exchange, found Google.

On 26 July, one of the founders of BTC-e, Alexander Vinnik, was arrested by Greek police on money laundering charges. The police were acting on a US warrant and his extradition to America is being sought.

The gangs behind the ransomware explosion were not likely to stop soon, said Mr Bursztein, although established strains are facing competition from newer ones.

“Ransomware is a fast-moving market,” he said. “There’s aggressive competition coming from variants such as SamSam and Spora.”

Novel variants were expanding quickly and many were encouraging fast expansion by paying affiliates more if they placed the malware on to large numbers of machines. The ransomware as a service model was already proving popular, he warned.

“It’s no longer a game reserved for tech-savvy criminals,” he said. “It’s for almost anyone.”

Microcomms can help you with cyber security protection. Please contact us for advice and information.

 

Phishing Posts that really catch people out

June 28th, 2017 Posted by Industry Focus, News No Comment yet

As hackers grow in sophistication, so do the phishing scams they try and entice innocent users with. We’ve rounded up some of the most common and well-used versions:

The Public Speaker

This is a long-running scam that preys on the hopes of public speakers, inviting them to speak (and be paid a hefty fee) at a conference in the UK or somewhere else in the world.  In the last year or so, the scam has taken a nasty turn, targeting ministers, pastors, and preachers to invite them to a bogus religious conference and again offering them a big paycheck.

Now, the scam has taken a new direction, aimed at women and parents, or at least speakers on these subjects.  Please beware if you get a letter like this.  The idea is to get your personal details under the pretext of sending you some money, or getting you to send some money to take care of administrative fees or governmental controls, with a promise of a big check to come.

But this is a scam.  You will never get the promised big check.  The conference is not real.

So the answer is simply to ignore the email.  Don’t be tempted!

The Tax Rebate

The work injury lawyer are generating phishing emails by posing as HMRC in order to gain access to people’s bank accounts. It appears the occurrence of these emails has become increasingly common as a Which? survey found that of 2016 adults, 40% had received communication of this nature.

The general format of these e-mails can look very convincing as they make use of genuine HMRC branding. Sometimes emails are signed off with the name of an actual HMRC employee making them seem even more realistic.  The contents will generally be offering you a tax refund and asking for bank details in order for the money to be refunded.

The amount offered is usually up to £500, so as not to raise the recipient’s suspicions. The main aim of these emails is to extract money from your bank account, get you to send money or to gain enough personal information about you to sell you details to identity theft criminals. An example is below:

Phishing email 1.png

 

HMRC will never send notification of a tax reimbursement or ask for personal or payment information by email. So you can safely ignore these emails.

Google Docs

This is a sophisticated phishing scam that asks for permission to access files stored in Google Drive. The attack involves an email being received saying a Google Doc has been shared with you.

The message looks legitimate and appears to be from a contact you already know. But when clicked, permissions are granted to a third-party that has no relation to Google. The below image shows the phishing scam in action:

google-docs-oauth-phishing-email

 

 

 

 

 

 

 

 

 

 

 

 

What to do if you get ‘phished’

“If you have disclosed confidential data (e.g. a username or password), go to the real site and change it immediately, to stop the criminals hijacking your online account,” You can also report emails to your email service provider.

If you see a phishing email at work, the best approach is to forward it to an IT department or report it in via internal company systems. If it appears to come from a colleague, but it does look and feel ‘phishy,’ don’t reply in the mail, call them or go to see them to confirm the validity of the mail and the contents.

Never reply to the message, even if you fancy taunting the ‘phisherman,’ you would only be confirming your email address is valid and live.

If you do click on a phishing link, it’s also worth reporting the incident to Action Fraud.

 

Companies have been crippled by an attack dubbed ‘Petya’, the second major ransomware crime in two months.

June 28th, 2017 Posted by News No Comment yet

The malicious software has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom.

The Petya ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools.

The malware tries one option and if it doesn’t work, it tries the next one.

What should you do if you are affected by the ransomware?

The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine, as flagged by @HackerFantastic on Twitter.

“If machine reboots and you see this message below, power off immediately! This is the encryption process. If you do not power on, files are fine.

hackerfantastic

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If the system reboots with the ransom note, don’t pay the ransom – the “customer service” email address has been shut down so there’s no way to get the decryption key to unlock your files anyway. Disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup. Back up your files regularly and keep your anti-virus software up to date.

Contact Microcomms for a free Security Audit and for information about anti-virus and anti-malware software.

Router hack risks

June 26th, 2017 Posted by News No Comment yet

A weakness that left thousands of Virgin Media routers vulnerable to attack also affects devices by other providers, security experts suggest.

Virgin Media’s Super Hub 2 was criticised for using short default passwords that could easily be cracked by attackers.

But experts raised concerns that older routers provided by BT, Sky, TalkTalk and others were also at risk.

They recommend users change their router password from the default.

It’s a bit unfair that Virgin Media has been singled out here. They made a mistake – but so have many other internet service providers,” said Ken Munro from security firm Pen Test Partners.

“This problem has been known about for years, yet still ISPs [internet service providers] issue routers with weak passwords and consumers don’t know that they should change them.”

The weakness in Virgin Media’s Super Hub 2 was highlighted in an investigation by consumer group Which?

The company has since advised customers using default network and router passwords to update them immediately.

However, a BT spokeswoman told the BBC: “We are not impacted by the hub issues affecting Virgin Media.”

What makes a router vulnerable?

Many routers are sent to customers with a default wi-fi password already set up.

Some use a long password with mixture of upper and lower-case letters, numbers and sometimes symbols.

But others use short passwords with a limited selection of characters, and many follow a pattern than can be identified by attackers.

The Virgin Media Super Hub 2 used passwords that were just eight characters long, and used only lower-case letters.

That gives cyber-criminals a framework to help them crack passwords quickly, using a dedicated computer.


“Because the default wi-fi password formats are known, it’s not difficult to crack them,” said Mr Munro.

Once an attacker has access to your wi-fi network, they can seek out further vulnerabilities.

Virgin Media router
Image captionDefault passwords that follow patterns are easier to crack

Mr Munro said the problem was well-known, but the Which? investigation had reignited discussion.

“It has popped up again because attention has been drawn to the fact that very few people change their wi-fi password from the one written on the router,” he told the BBC.

Experts recommend that people change the default wi-fi password and router’s admin password, using long and complex passwords to make life more difficult for attackers.

WannaCry ‘link’ to North Korean hackers

May 24th, 2017 Posted by News No Comment yet

A hacking group closely tied to North Korea was behind the massive WannaCry attack earlier this month, security company Symantec says.

The way the attack was set up made it “highly likely” that the Lazarus group was responsible, it said.

Lazarus has been blamed for a 2014 attack on Sony and the theft of $81m (£62m) from Bangladesh’s central bank.

In those attacks, the group is believed to have worked on behalf of North Korea’s government.

In a blog, Symantec said “substantial commonalities in the tools, techniques, and infrastructure used by the attackers” led it to conclude that the Lazarus group had instigated the WannaCry attack.

However, Symantec added that the character of the attack suggested it had not been carried out on behalf of North Korea.

Rather than being a nation-state campaign, it said, it looked more like a “typical” cyber-crime campaign that sought to enrich its operators.

North Korea has denied any involvement with WannaCry, branding any claims it was behind it “ridiculous”.

wannapic

‘Error prone’

The virulent WannaCry worm is believed to have infected computers at more than 200,000 companies.

Victims included more than 60 NHS trusts in the UK as well as Fedex, Renault and Telefonica.

On compromised computers, the worm encrypted files and demanded a ransom of $300 (£231) in bitcoins to unlock them.

Symantec pointed to small-scale attacks carried out prior to the massive May event that used the same basic malware but also employed other technical tricks Lazarus is known to use.

The earlier attacks did not exploit the vulnerability that helped WannaCry spread so far, so fast but instead used six other malicious programs favoured by Lazarus.

Two of these are known to have been used in the Sony attack.

In addition, Symantec said, code inside WannaCry was shared with a separate program also linked to Lazarus. Symantec’s analysis builds on work by other researchers who have studied WannaCry and found evidence that some of its core code is shared with other malicious programs Lazarus is believed to have used.

Despite Symantec’s lengthy analysis, some experts remained cautious about blaming Lazarus.

“Attributing hacking operations and malware to specific groups is an imprecise undertaking that’s frequently fraught with errors,” wrote Dan Goodin, security editor at Ars Technica.

So far, 300 victims are believed to have paid to have their files unlocked, generating a total ransom payment of $109,245.

The money is being paid into three separate bitcoin wallets that are being closely scrutinised for activity to see if they can help identify the criminals.

‘Firewall prevented infection’

Luckily for Microcomms customers with WatchGuard Firewalls in place, their Firebox with Total Security Suite Blocked WannaCry 2.0 so they were safe from the attack. Are you confident in your Security measures? If not, please get in touch for a chat – a conversation costs nothing and might save you a whole heap of cash!

 

ransomware attack

Facebook denies Ransomware attack

December 1st, 2016 Posted by Uncategorized No Comment yet

Thanks to TechNewsWorld for the information below:

hacker_facebook_attack

Facebook on Monday denied that its network and Messenger app were being used to spread ransomware to its users, contradicting the claims of researchers Roman Ziakin and Dikla Barda.

The two researchers last week reported they had discovered a new method for delivering malicious code to machines, which they dubbed “ImageGate.” Threat actors had found a way to embed malicious code into an image, they said.

Due to a flaw in the social media infrastructure, infected images are downloaded to a user’s machine, Ziakin and Barda explained. Clicking on the file causes the user’s machine to become infected with a ransomware program known as “Locky,” which encrypts all the files on the infected machine. The user then must pay a ransom to the purveyor of the malicious software in order to decrypt the files.

Facebook has disputed the findings

“This analysis is incorrect,” Facebook said in a statement provided to TechNewsWorld by spokesperson Jay Nancarrow.

“There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook,” the company maintained.

“We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for nearly a week,” Facebook noted. “We also reported the bad browser extensions to the appropriate parties.”

Consumer Protection

While Ransomware is always a serious threat to consumers, this new twist on its distribution raises the bar even higher.

Anti-virus specialists have commented, “Consumers simply do not expect malware to be delivered via a Facebook message. Most people probably consider social media sites to be a safe space, so the lack of concern and vigilance makes it powerful as a potential infection channel for malware.”

For consumers concerned about an ImagteGate attack, it is recommended that you do not open any files downloaded to a device after clicking any image. The same is true for image files with unusual extensions, such as SVG, JS or HTA.

Users should also keep their operating system and antivirus software up to date, and make backups. Even if you’re never infected with ransomware, you never know when something might go wrong with your machine.

If you are concerned about Cyber Security at your company – speak to our experts today hello@microcomms.co.uk or call 01209 843636.

passwords

Do you still keep passwords in a book?

November 30th, 2016 Posted by Uncategorized No Comment yet

passwords_strengthDespite all the advice out there…many people still keep their passwords in a book next to their computer.

An email account is the gateway into your business and personal life which sadly means it’s also a valuable target for hackers and cyber criminals. From social media logins to bank account information, the common email inbox can be exploited to leave all of your sensitive data open to compromise. So, perhaps it’s not surprising that attacks on email accounts are common. From complex spear-phishing to malicious documents to social engineering – hackers have never been better-equipped.

Ways to keep safe (they may seem obvious – but we bet many people reading this still only use one or two passwords for everything!):

Firstly, make sure you use a strong password that uses a combination of words, numbers, symbols, and both upper- and lower-case letters. Check your password strength. If the website you are signing up for offers a password strength analyzer, pay attention to it and take its advice.

passwords_worst

  • Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.
  • Avoid using the same password at multiple Web sites. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.
  • If you think you’ll have trouble remembering multiple passwords (most people do, unless they have a photographic memory) the most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you. If you forget your password, most Web sites will email it to you (assuming you can remember which email address you signed up with).
  • There are several online third-party services that can help users safeguard sensitive passwords, including LastPass, DashLane, and AgileBits that store passwords in the cloud and secure them all with a master password.

For more Cyber Security advice speak to our team – hello@microcomms.co.uk or call 01209 843636

Keep new devices safe and secure – iPad

November 25th, 2016 Posted by Uncategorized No Comment yet

iPad

 

 

 

 

 

 
The iPad is one of the safest computing devices you can use. Its combination of hardware and software security translate to a device that’s probably more secure than your PC or Mac—especially if you take the right steps to secure it. The biggest security risk is physically losing the device. Thus, the first step is to make sure your tablet’s data is safe in case it’s lost or stolen.

Here are some tips to keep your data away from the wrong hands:

– All iPads ship with powerful hardware encryption built-in, but you need to enable it. The simplest way to do that is to set a passcode on your iPad: As soon as you do, your data will be automatically encrypted. To enable a passcode, go to Settings -> General -> Passcode Lock and then enter a four-digit code twice. If you’d like to be extra-safe, you can turn the Simple Passcode option on that same page off; you can then use longer codes.

-It’s pointless having a strong passcode if your messages and alerts are visible or you can use Siri, Control Center and Passbook without unlocking your phone. Go to Settings > Touch ID & Passcode and turn off the options under ‘Allow access when locked’. Turn off access to Control Centre under Settings > Control Centre. Messages and notifications can be turned off under Settings > Notifications.

– Learn to say “No” to any app that asks for location access on your iPad. This feature doesn’t only enjoy your private information but also drains the battery and processor on your iOS devices. In this situation, go to Settings → Privacy → Location Services and manage all settings.

– Apple’s newest devices ( iPad Air 2 and iPad Mini 3) feature Touch ID, which scans your fingerprint to unlock it. To enable Touch ID, tap Settings > Touch ID & Passcode and register your fingerprint.

– Turn on Apple’s two-step verification for your Apple ID account to stop unauthorized access – it requires a code along with your password when signing into iCloud, iMessage and FaceTime and before making purchases via iTunes. This code is texted to your phone.

– Apple delivers regular updates to its mobile operating system that include security fixes. Set your device to download and install updates when they’re available by tapping Settings > iTunes & App Store and under ‘Automatic Downloads’ toggle the switch next to ‘Updates’ to ‘On’.