There has been a major shift in the type of breach incident happening in the education services sector according to the Verizon 2017 Data Breach Investigations Report.

Can you spot the shift in the graphic below?

Source: Verizon 2017 DBIR

Cyber-Espionage has exploded since mid-2012! That’s right, because of the cutting-edge research that happens at many colleges and universities they have become a target for state-sponsored hacking.

As Verizon puts it…

“So college isn’t just pizza and tailgates—research studies across myriad disciplines conducted at universities put them in the sights of state-affiliated groups.”

So while of course the personal information of students and faculty were commonly extracted during breaches (a little more than half of all breaches) intellectual property losses were tied to a little more than a quarter of all breaches.

Targeted or Random Acts of Unkindness?

The evidence is clear that state-sponsored hacking and some criminal, profit based hacking is specifically targeting the hallowed halls of our academic institutions.

How do They do it?

Good question. Here is the answer in a graphic from the Verizon report.

Phishing email was the predominant threat vector in the social category while the use of stolen credentials was the dominant hacking technique. One interesting thing to note is the number of incidents involving Social and one or more other vector.

How Would You Like to Get a Threat Vulnerabilty Education for FREE?

At Konsultek we believe an educated client is the best client. That’s why we offer a variety of free vulnerability assessments to help you determine both your risk exposure and the likelihood of that exposure in regards to the veracity of your current security measures. Who would you rather educate you, the good guys at Konsultek or the bad guys out in the wild? Well, what are you waiting for? Pick up the phone and give us a call today so we can get your vulnerability assessment scheduled ASAP!

 

read more

The 2017 Verizon Data Breach Investigations Report (DBIR) has been released and as always, it is chock full of fascinating facts about the current state of the hacking and cyber threat world. You can get the full report from Verizon for free here.

Who are the Perps?

According to this year’s DBIR the breakdown of who’s been doing the most hacking looks like this:

  • 75% Perpetrated by outsiders
  • 51% Linked to organized criminal groups
  • 25% Involved internal actors
  • 18% Starred state affiliated actors
  • 3% Featured multiple parties
  • 2% Involved partners

How Did They Do it?

  • 62% Of breaches featured hacking
  • 51% Involved Malware
  • 81% Leveraged stolen or weak passwords
  • 43% Were social attacks
  • 14% Were linked to errors or privilege misuse
  • 8% Involve physical actions

The above information is just a sneak peek at a portion of the summary data contained in the 2017 DBIR. Next week we’ll take a deeper dive into what industries were hardest hit and by whom as well as get into specifics of how these industries were attacked.

 

 

 

read more

Today is the last day to file your federal income taxes. And the looming 12:00 a.m deadline has thousands, if not millions of citizens stressing out and more susceptible to phishing scams than usual.


Every good cybercriminal knows this and they are working overtime churning out fake emails from the IRS and other taxing authorities in the hopes of snagging victims, stealing valuable information and ultimately,  making some money.

IRS Phishing PSA

For those of you who stumble across this blog post hoping to find a quick answer to the question “How do I know if this email from the IRS is real?” here is the quick answer.
The IRS will NEVER ask you to send along personally identifiable information such as your social security number or bank account details. So, if you are looking at an email that purports to be from the IRS and it is asking for this information it is a fake, phishing email and you should discard it ASAP!

IRS Issues Scam Warning

The prevalence of phishing scams this tax season prompted the IRS to issue a warning on March 17, 2017.
In the warning the IRS urged both tax professionals and taxpayers to be on guard against suspicious activity.Two scams were highlighted in the warning. In the first, which targets tax preparers, a fake email is sent to the preparer, (ostensibly from the client) asking the preparer to change the refund destination, often to a pre-paid debit card.The second scam targets users of tax preparation software or similar services. Users receive emails from these entities asking them to update their online accounts.Of course, those nostalgic for the good old days should be happy to know that telephone scams are still plentiful with the “IRS” robo-calling with urgent messages that require immediate action.

From Phishing to Malware

The purpose of these phishing emails is often not to directly collect account information but rather to install malware that can then access all the information stored on the infected device and even hijack the camera. That, according to www.zscaler.com.

The Zscaler ThreatLabZ team has detected a rise in Java-based remote access Trojan variants — jRATs — which give attackers a backdoor into a victim’s system and can be capable of remotely taking control of the system once it’s infected. Malware authors are using numerous tactics to entice unsuspecting users to open infected attachments, which arrive as malicious JAR files. Most recently, we’ve seen filenames such as “IRS Updates.jar” and “Important_PDF.jar,” claiming to contain important tax deadline information from the IRS.

Security is a 24X7X365 Job

Today it’s tax filing, tomorrow the scam will focus on something else. It appears that cybercriminals never sleep and never take a day off. Somewhere in the world there is always someone or some bot attempting to fleece unsuspecting individuals and organizations. I think we have finally “progressed” as a society to the point when we can confidently say that the only things certain in life are death, taxes and cybercrime!

read more

Woke up today to find this gem in the mailbox. Who knew that the FBI and the Central Bank of Nigeria would be looking for me!

This email is entertaining for a couple of reasons (at least!) beyond the alleged working relationship between Mr. Comey and the Central Bank of Nigeria.

Take a look at the portions highlighted with blue text! First a warning that “you should ignore any message that does not come from the above email address and phone number for security reasons.”

Next, look at Mr. Comey’s email address. I would have thought that after all the email scandals in Washington that Mr. Comey would not be using an AOL  email address for such important and sensitive business!

Re: Urgent January Notice…….

From: James B. Comey, Jr., <fbidirector@openmailbox.org> 

Jan 18 at 12:37 PM

OFFICE OF THE EXECUTIVE DIRECTOR,

MR. JAMES B. COMEY, JR,

FEDERAL BUREAUOF INVESTIGATION,

935 Pennsylvania Avenue, NW

Washington, D.C. 20535-0001. USA.

Attention: Beneficiary,After proper investigations, we, the Federal Bureau of investigation (FBI) discovered that your impending (over-due contract) payment with Central Bank of Nigeria is 100% legal and has been approved for release to you.

We recently had a meeting with the Executive Governor of the Central Bank of Nigeria, in the person of Mr Godwin Emefiele and other top officials of the concerned Ministries regarding your case and we were made to understand that your files have been held in abeyance pending on when you personally apply for the claim.

Investigations also revealed that a lady, by name Mrs. Joan B Melvin from New York has already contacted Central Bank of Nigeria with a power of attorney and some documents, which stipulated that you have mandated her to claim your fund of US$25,000,000.00 (Twenty Five Million United States Dollars) on your behalf due to your ill health.

In view of this, we have been urged to warn US citizens who have received information pertaining to their outstanding contract payment to be very careful and not to be a victim of ugly circumstance. In case you are already dealing with anybody or office of the Central Bank of Nigeria, you are strictly advised to STOP further communication with them in your best interest and thereby contact the real office of the Central Bank of Nigeria via the below information:

 

NAME: MR. GODWIN EMEFIELE

OFFICE ADDRESS: Central Bank of Nigeria,Central Business District,

Cadastral Zone, Abuja, Federal.

Capital Territory, Nigeria.

Email: central.bnk0015@aol.com

NOTE: In your best interest, you should ignore any message that does not come from the above email address and phone number for security reasons. And to enable the Central Bank of Nigeria to process and release the fund to you, you are required to re-confirm your full details such as

FULL NAMES: __________________________________

CITY: _________________________

STATE: __________________________________

ZIP: ______________COUNTRY: _______________________

SEX: _______________AGE: __________________

TELEPHONE NUMBER: _____________________

Ensure that you follow the Central Bank of Nigeria due process as enshrined in the International Banking Secrecy Act to avoid any form of discrepancy, which may hinder your fund transfer.Thanks for your understanding and cooperation as we earnestly await your urgent response.

Best Regards,

James B. Comey, Jr.,

Federal Bureau of Investigation

J. Edgar Hoover Building,

935 Pennsylvania Avenue,

NW Washington, D.C

E-mail: jjbcomeyjr@aol.com

 

read more

An update to a 2014 poll regarding the trustworthiness of Social Media was recently released with some interesting results.

To summarize, while the use of social media is increasing (80% of the 2016 respondents indicate they use social media) the overall level of trust in the security of social media is decreasing.

One can only assume that most respondents feel that the rewards presented by social media participation outweigh the perceived increase in information security risk.

It is also interesting that when questioned about specific security threats the results indicate a flat to decreasing sense of risk.

Do you feel more or less secure in the world of social networking?


Image courtesy of Onlineprivacy.com

read more

Our partners at proofpoint just released there 3rd Quarter Threat Summary which you should grab here.

Here is a quick overview, by category, of what’s been trending in the way of information security threats over the past 3 months.

Email and Exploit Kits

  • Volume of malicious email that used Java scripts increased 69% vs Q2
  • The most popular malicious attachment was the ransomware Locky
  • The variety of ransomware introduced increased by 10X
  • Cybercriminals continue to hone their skills in regards to exploiting business email
  • Banking Trojans have diversified and become personalized
  • Exploit kit activity, while still rampant, fell 65% from Q2
  • PokemonGo spawned malicious counterfeits
  • Mobile exploit kits and zero days continue to haunt both iOS and Android
  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates.

Mobile

  • PokemonGo spawned malicious counterfeits
  • Mobile exploit kits and zero days continue to haunt both iOS and Android
  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates.

Social Media

  • Negative and damaging content is up 50%
  • Social phishing has doubled since Q2
  • Cross-pollination between mobile and social accelerates

How Konsultek Protects Clients

By integrating advanced threat protection from proofpoint, Carbon Black, Forescout and others, Konsultek develops customized security plans for clients all industries and all sizes. If you are ready to proactively secure your organization, give us a call to discuss your unique situation.

 

read more

President Obama is partnering with the National Cyber Security Alliance (NCSA) to kick-off October and  National Cyber Security Awareness Month with a  public awareness campaign they call “Lock Down Your Login.”

Anchored by a corny video with a good message the campaign advocates that individuals move beyond simple usernames and passwords to secure their accounts by adding a second layer of authentication such as fingerprint or facial recognition.

According to figures provided by the White House upwards of 62% of successful data breeches might have been prevent by the application of a second layer of authentication such as the afore mentioned biometrics or other forms of dual-authentication.

Have you added a second layer of authentication to your accounts? If not, hopefully this video will convince you to!


 

read more

Harvard Business Review recently published a very insightful piece I highly recommend you read in its entirety called “Cybersecurity’s Human Factor: Lessons from the Pentagon” .

For those of you who just want the highlights, here is a quick synopsis of what I found to be the most fascinating aspects of the article.

From Bumbling Colossus to Nimble Defender

In the not-so-long-ago dark days of network security, the US military struggled to identify and defend against threats.  All that has changed and from September 2014 to June 2015 the military rebuffed 30 million malicious attacks! Still a few got through but only 0.1% compromised systems in any way. An impressive record given the State sponsored adversaries the military must repel day in and day out.

While technical fortifications are important, what has really set the military on its trajectory to invulnerability has been its focus on eliminating human error. If you have read this blog for any length of time you know that we consistently emphasize not only the best technology but also the best in processes for this very reason.

Learning from the Admiral Himself

The US Navy Nuclear program has long been the quintessential example of a well-run, mistake free organization, what is nowadays referred to as an HRO or High Reliability Organization. The fundamental principles of the Navy Nuke program have since been transferred to other industries such as airlines, air traffic control, space flight and others. Admiral Hyman Rickover, the “Father of the Nuclear Navy” demanded excellence and adherence to process and for the span of his career personally interviewed all applying Officer Candidates.

Six Principles Every Organization Should Adopt to Ensure Security

1. Integrity – Never depart from protocols and report errors immediately

2. Depth of Knowledge – Fully understand the system’s you are responsible and their vulnerabilities

3. Procedural Compliance – Follow protocols to the letter

4. Forceful Backup – All critical activities should be closely monitored

5. A questioning Attitude – While unquestioning compliance to procedure is necessary questioning things that appear outside of the norm is equally important

6. Formality in Communication – Familiarity and slang lead to miscommunication, Formality in communication eliminates these misunderstandings.

Examples of Cyber Security Failures and the Policies that Were Violated

What the authors have found is that Cybersecurity breaches caused by human mistakes nearly always involve the violation of one or more of these six principles.  As you read them you will undoubtedly recognize some of the same behaviors in your own organization or at least easily imagine that they might very well be happening without your knowledge.

Here’s a sample of some the Defense Department uncovered during routine testing exercises:

  • A polite headquarters staff officer held the door for another officer, who was really an intruder carrying a fake identification card. Once inside, the intruder could have installed malware on the organization’s network. Principles violated: procedural compliance and a questioning attitude.
  • A system administrator, surfing the web from his elevated account, which had fewer automatic restrictions, downloaded a popular video clip that was “viral” in more ways than one. Principles violated: integrity and procedural compliance.
  • A staff officer clicked on a link in an e-mail promising discounts for online purchases, which was actually an attempt by the testers to plant a phishing back door on her workstation. Principles violated: a questioning attitude, depth of knowledge, and procedural compliance.
  • A new network administrator installed an update without reading the implementation guide and with no supervision. As a result, previous security upgrades were “unpatched.” Principles violated: depth of knowledge, procedural compliance, and forceful backup.
  • A network help desk reset a connection in an office without investigating why the connection had been deactivated in the first place—even though the reason might have been an automated shutdown to prevent the connection of an unauthorized computer or user. Principles violated: procedural compliance and a questioning attitude.

A Holistic Approach

At Konsultek we don’t just slap in “black boxes” and hope that security happens. Sure we build custom technical solutions that utilize the best technology available, but we also work outside the IT department to make sure that the business processes are in place to limit the impact of human error on the security of your information and network. If you are looking to upgrade your security, give us a call and begin a dialogue with us.

 

read more

It is always heartening to see a respected organization such as Gartner espousing the same security philosophies as we have here at Konsultek. In a recent blog post, Gartner’s Oliver Rochford points out that the most robust security solutions combine both prevention AND detect and respond approaches.

If you’ve been following this blog for any length of time you’ll know that this is exactly how we approach all of our information and network security engagements.

An Ounce of Prevention – Still Worth a Pound of Cure

Despite what some might say, prevention is far from being a dying or dead approach. A properly executed prevention strategy that utilizes advanced firewall and access control technologies can help mitigate the impact of old school hacking. When outsiders who don’t have proper credentials attempt to access your network with a variety of tools and tricks they are simply shut out.

But what if they pierce the protective veil of your prevention strategies? Password theft, cracking weak passwords and social engineering are just 3 ways ne’er do wells can compromise the best developed prevention strategies. And when that happens you better hope that your security provider has also included that latest in detect and respond technologies or your system and your information will be instantly at risk.

Detect and Respond

As the name implies, detect and respond approaches can sense when things in your network are not quite right and take action to contain the unusual activity before significant damage can occur. For example, when the credentials of your summer intern suddenly are used to access the network and attempt to explore portions that he or she has no business even thinking about let alone accessing.

The Konsultek Approach

At Konsultek we approach every client’s security engagement as an opportunity to develop a best fit approach. You’ll never find us espousing one-size-fits-all, cookie cutter approaches to information security. When you call, we’ll listen and when our engineering team develops your security solution you can bet it will be based upon delivering the most security value for the money. So give us a call today. We look forward to hearing from you.

read more

In their latest Human Factor Report our friends at Proofpoint highlight the shift from automated exploits to socially engineered human factors that began in earnest in 2014.

According to the report, in 2015 social engineering outpaced technology based exploits as a means of gaining access to networks and information.

Why brute force your way through firewalls and other intrusion prevention technologies when you can get invited in?

Infection by the Numbers from Proofpoint’s Human Factors Infographic

  • 99.7% of attachments used in attachment-based campaigns relied on social engineering and macros to succeed.
  • Banking Trojans such as Dridex accounted for 74% of all payloads
  • 9-10am (time zone specific) is prime time for delivery because that’s when employees get down to business in their email accounts.
  • 2 Billion personal information stealing mobile apps were WILLINGLY downloaded by people. Over 12,000 malicious Apps were found in Android app stores.
  • 74% of URLs used in email-based campaigns took users to credential phishing sites (as opposed to malware hosting sites).
  • File sharing sites such as Google Drive, Dropbox and Adobe are the #1 most effective lure for credential theft.
  • Phishing is 10X more popular than malware in social media posts.
  • Dangerous apps from rogue app stores impact 2/5 enterprises.
  • Low volume “CEO phishing” or  “wire transfer phishing” campaigns target 1 or 2 individuals in an organization in order to extract funds.

Konsultek and Proofpoint

At Konsultek we work with our clients and awesome security providers like Proofpoint to develop holistic security solutions across a wide swath of organizations that vary in size and industry. Want to learn more about how we can help keep human factors and social engineering from making your network vulnerable?

Just give us a call!

 

read more