Often we report on breaches that start with spearphishing. An employee gets an email from someone posing as a trusted supplier or customer or perhaps a high-ranking fellow employee and downloads the infected attachment without a second thought.

Today we report on a completely different approach. Rather than shooting for one fish at a time the folks behind the CCleaner infection decided to catch upwards of a million fish and toss the small ones back while keeping just trophy fish.

Keep the Big Ones, Throw the Little Ones Back

Millions of people have taken advantage of the CCleaner free security tool to help them clean up and steer clear of malware, viruses and other types of hacking exploits. Unfortunately according to reports from Morphisec and Cisco it looks like 700,000+ computers were infected with a backdoor by downloading CCleaner. Well bad enough, it was the report by Cisco’s Talos security division that revealed that this mass hack was really just the top of the funnel in an effort to penetrate a much smaller set of targets.

From 700,000+ to 20

According to Talos, code within the backdoor indicates that the infected computers were being filtered to identify whether or not they belonged to 20 or so primary targets, big tech firms such as Intel, VMware, Samsung, Sony and wait for it… Cisco itself!

This finding abruptly turned a mass infection into what appears to be a corporate espionage play, potentially with state sponsorship.

A Couple of Take Aways

CCleaner is primarily a consumer level product and frankly, has no place as a security tool in any but the smallest organizations. For the corporations of this size to have infected computers in their network is alarming and suggests a breakdown in security protocol and user privileges.

Konsultek Doesn’t Use Consumer Software

Software such as CCleaner, while normally effective and safe, is a consumer level product and not something that we at Konsultek use as part of our custom security solutions. So if your business is ready to move beyond consumer level solutions, give us a call.

 

read more

Ever wonder how stupid or careless someone has to be to be fooled by a phishing scam? Well, according to research conducted by a group of German experts, virtually anyone can be fooled.

In their study “Unpacking Spear Phishing Susceptibility” the researchers showed that although email  phishing scams get more publicity, Facebook scams would appear to be more effective.

“By a careful design and timing of a message, it should be possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message’s content and context.”

The Goal of the Study

The researchers, sensing there was a dearth of research related specifically to spear phishing decided to create a study that would fill the gap. They constructed a study that would explore the differences in delivery medium effectiveness (Facebook vs. email) while at the same time quantify the personal motivations that led to people either clicking on the phishing link, or just as importantly, not clicking on the link.

The Phishing Scam

The selected participants were sent a phishing link either as part of an email or a personal Facebook message from fake, non-existing person. The message claiming the link led to pictures from a party.

Facebook Gets 2X Clickthrough Rate

As Table 2 shows, when the same phishing message is presented via Facebook as compared to email individuals are over 2X more likely to click on the link and begin the phishing process.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

 

Why Did They Click?

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

Why Didn’t They Click?

Just as important to the researcher’s was attempting to understand why people didn’t click. Here is what they found.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

How Can Konsultek Help?

Whenever humans are involved there are going to be errors in judgement and successful phishing. That’s why all of our custom security solutions take a holistic approach to network security using a proven model of intrusion prevention, detection and mitigation. When you are ready to take your network security to the next level, give us a call.

 

read more

There has been a major shift in the type of breach incident happening in the education services sector according to the Verizon 2017 Data Breach Investigations Report.

Can you spot the shift in the graphic below?

Source: Verizon 2017 DBIR

Cyber-Espionage has exploded since mid-2012! That’s right, because of the cutting-edge research that happens at many colleges and universities they have become a target for state-sponsored hacking.

As Verizon puts it…

“So college isn’t just pizza and tailgates—research studies across myriad disciplines conducted at universities put them in the sights of state-affiliated groups.”

So while of course the personal information of students and faculty were commonly extracted during breaches (a little more than half of all breaches) intellectual property losses were tied to a little more than a quarter of all breaches.

Targeted or Random Acts of Unkindness?

The evidence is clear that state-sponsored hacking and some criminal, profit based hacking is specifically targeting the hallowed halls of our academic institutions.

How do They do it?

Good question. Here is the answer in a graphic from the Verizon report.

Phishing email was the predominant threat vector in the social category while the use of stolen credentials was the dominant hacking technique. One interesting thing to note is the number of incidents involving Social and one or more other vector.

How Would You Like to Get a Threat Vulnerabilty Education for FREE?

At Konsultek we believe an educated client is the best client. That’s why we offer a variety of free vulnerability assessments to help you determine both your risk exposure and the likelihood of that exposure in regards to the veracity of your current security measures. Who would you rather educate you, the good guys at Konsultek or the bad guys out in the wild? Well, what are you waiting for? Pick up the phone and give us a call today so we can get your vulnerability assessment scheduled ASAP!

 

read more

The 2017 Verizon Data Breach Investigations Report (DBIR) has been released and as always, it is chock full of fascinating facts about the current state of the hacking and cyber threat world. You can get the full report from Verizon for free here.

Who are the Perps?

According to this year’s DBIR the breakdown of who’s been doing the most hacking looks like this:

  • 75% Perpetrated by outsiders
  • 51% Linked to organized criminal groups
  • 25% Involved internal actors
  • 18% Starred state affiliated actors
  • 3% Featured multiple parties
  • 2% Involved partners

How Did They Do it?

  • 62% Of breaches featured hacking
  • 51% Involved Malware
  • 81% Leveraged stolen or weak passwords
  • 43% Were social attacks
  • 14% Were linked to errors or privilege misuse
  • 8% Involve physical actions

The above information is just a sneak peek at a portion of the summary data contained in the 2017 DBIR. Next week we’ll take a deeper dive into what industries were hardest hit and by whom as well as get into specifics of how these industries were attacked.

 

 

 

read more

Woke up today to find this gem in the mailbox. Who knew that the FBI and the Central Bank of Nigeria would be looking for me!

This email is entertaining for a couple of reasons (at least!) beyond the alleged working relationship between Mr. Comey and the Central Bank of Nigeria.

Take a look at the portions highlighted with blue text! First a warning that “you should ignore any message that does not come from the above email address and phone number for security reasons.”

Next, look at Mr. Comey’s email address. I would have thought that after all the email scandals in Washington that Mr. Comey would not be using an AOL  email address for such important and sensitive business!

Re: Urgent January Notice…….

From: James B. Comey, Jr., <fbidirector@openmailbox.org> 

Jan 18 at 12:37 PM

OFFICE OF THE EXECUTIVE DIRECTOR,

MR. JAMES B. COMEY, JR,

FEDERAL BUREAUOF INVESTIGATION,

935 Pennsylvania Avenue, NW

Washington, D.C. 20535-0001. USA.

Attention: Beneficiary,After proper investigations, we, the Federal Bureau of investigation (FBI) discovered that your impending (over-due contract) payment with Central Bank of Nigeria is 100% legal and has been approved for release to you.

We recently had a meeting with the Executive Governor of the Central Bank of Nigeria, in the person of Mr Godwin Emefiele and other top officials of the concerned Ministries regarding your case and we were made to understand that your files have been held in abeyance pending on when you personally apply for the claim.

Investigations also revealed that a lady, by name Mrs. Joan B Melvin from New York has already contacted Central Bank of Nigeria with a power of attorney and some documents, which stipulated that you have mandated her to claim your fund of US$25,000,000.00 (Twenty Five Million United States Dollars) on your behalf due to your ill health.

In view of this, we have been urged to warn US citizens who have received information pertaining to their outstanding contract payment to be very careful and not to be a victim of ugly circumstance. In case you are already dealing with anybody or office of the Central Bank of Nigeria, you are strictly advised to STOP further communication with them in your best interest and thereby contact the real office of the Central Bank of Nigeria via the below information:

 

NAME: MR. GODWIN EMEFIELE

OFFICE ADDRESS: Central Bank of Nigeria,Central Business District,

Cadastral Zone, Abuja, Federal.

Capital Territory, Nigeria.

Email: central.bnk0015@aol.com

NOTE: In your best interest, you should ignore any message that does not come from the above email address and phone number for security reasons. And to enable the Central Bank of Nigeria to process and release the fund to you, you are required to re-confirm your full details such as

FULL NAMES: __________________________________

CITY: _________________________

STATE: __________________________________

ZIP: ______________COUNTRY: _______________________

SEX: _______________AGE: __________________

TELEPHONE NUMBER: _____________________

Ensure that you follow the Central Bank of Nigeria due process as enshrined in the International Banking Secrecy Act to avoid any form of discrepancy, which may hinder your fund transfer.Thanks for your understanding and cooperation as we earnestly await your urgent response.

Best Regards,

James B. Comey, Jr.,

Federal Bureau of Investigation

J. Edgar Hoover Building,

935 Pennsylvania Avenue,

NW Washington, D.C

E-mail: jjbcomeyjr@aol.com

 

read more

Top 10 Hacks of 2016

On November 17th, 2016, posted in: Hackers, Targeted Attacks by konweb

In the first of the “Top Hacks of 2016” lists I’ve seen this year (they seem to start earlier each year, similar to holiday shopping!) Tech.co has published their top 10 list.

Let’s take a look at the list and take a stroll down 2016’s memory lane of hacks.

1. World Anti-Doping Agency
2. SnapChat
3. Verizon
4. Democratic Party
5. LinkedIn
6. BitCoin
7. DropBox
8. Yahoo!
9. Cisco
10. AdultFriendFinder

The post on Tech.co doesn’t explicitly state whether or not the hacks are listed in order of decreasing severity. Personally, I would re-order the list and put the DNC (because of the potential ramifications it had on the election) or Yahoo (because of the sheer scope) at the top of the list.

Nonetheless,  a solid list in a year when pairing such a list down to just 10 is a challenge!

What do you think? Any egregious omissions? How would you order the list?

Sound Security Solutions for Organizations of all Sizes

At Konsultek we specialize in customized security solutions and managed security solutions for organizations of all types. Education, finance and healthcare are just a few of the dozens of different niches our security experts work in every week. If you are ready to learn more about your secure future, please give us a call.

 

read more

In a narrative that could have been lifted from a Tom Clancy novel, reports surfaced this week that an elite hacking group with ties to the NSA had been hacked and a treasure trove of their hacking tools stolen.

According to theHackerNews.com, the elite covert hackers known as the “Equation Group” have been hacked and a portion of their toolkit has been released publicly. Another portion of their most potent tools and exploits is apparently up for sale at auction with an asking price of $1 Million Bitcoins!

Source: Washington Post

The hackers, who go by the name “The Shadow Brokers” had this to say about their stunning hack:

“We follow Equation Group traffic,” says the Shadow Broker. “We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”

While the authenticity of the hack was at first questioned, many security experts from free-lancers to Kaspersky have examined the publicly leaked materials and have concluded that they are indeed products from Equation Group.

Hack or Inside Job

In an update to the rapidly unfolding story, security expert Matt Suiche spoke with an anonymous source who used to work in the NSA’s TAO (Tailored Access Operations) unit. The credible source indicated that the leaked files were stored on a physically isolated network and that either an inside mistake or purposeful act brought the files into contact with the outside world.

For certain, this story is not over yet and probably won’t be for some time. Will the final plot twists be as interesting as something penned by Clancy? We’ll have to wait and see!

In the meantime, if you have security concerns about your information and network please pick up the phone and speak with one of our operatives, um I mean team members!

 

read more

We wouldn’t be on the cutting edge of topicality if we didn’t have a post about Pokemon Go and fortunately, thanks to the hacking group PoodleCorp, we are happy to be able to bring you a post about Pokemon GO AND Info Sec all tied together!

Softpedia broke the exclusive story of DDoS failure to launch on Aug 3. Initial reports were that hacking crew PoodleCorp’s planned Aug 1 DDoS was waylaid by an external hacker who hacked their site, dumped the database, and shared it with data breach index service LeakedSource who tweeted news of the breach to their followers.

In response to the LeakedSource Twitter proclamation of the breach, PoodleCorp fired back through a popular YouTuber that the leak was not a result of hacking but rather the inside work of a disgruntled partner.

The Games People Play

PoodleCorp also apparently fired off multiple DDoS attacks against LeakedSource, to no avail, in retaliation for LeakedSource’s announcement.

Not ones to apparently shy away from a little friendly DDoS gamesmanship, LeakedSource trolled the leaked database and reportedly found PayPal transaction information as well as the “full address information on 3 members, which we plan on reporting to the relevant authorities.”

Not sure if that counts as “check mate” but certainly well played LeakedSource!

Who Do You Want on Your Team?

At Konsultek we know that information security is not a game, but rather serious business. If you feel as though you’ve been played or want to keep from being played by hackers and cybercriminals, just pick up the phone and give us a call. Our team is always ready to take on new challenges and to help you and your business stay secure.

 

read more

In April of this year we posted a story about the disturbing trend of ransomware infecting healthcare systems. In that story we wrote this prophetic sentence.

“As cybercriminals become better at identify those niches most apt to “pay up” we will undoubtedly see concentrations of ransoms springing up.”

Today, the University of Calgary announced on its website that it had paid $20,000 CDN to unlock access to portions of its network system.

Is the University of Calgary’s experience the first among many in a new hot niche for ransomware?  I suppose only time will tell but it may very well be the case.

From their website:

“Ransomware attacks and the payment of ransoms are becoming increasingly common around the world. The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

What Can You Do to Prevent a Ransomware Attack?

Like every other malware, ransomware is most often delivered with the help of unsuspecting humans. Email attachments, links in email and links to malware infected sites in the form of advertisements on websites employees are known to visit are some of the most common vectors for infection.

We’ve previously touched on the need for having a “culture of security” within your organization and certainly addressing the human factor of security is becoming ever more important. However, from a technology perspective, much can be done to prevent ransomware attacks as well as mitigate their damage if an infection were to occur.

  1. Authenticate in-bound email
  2. Backup data frequently and keep a separate copy offline
  3. Be certain to protect your Internet of Things (especially critical in medical and healthcare settings)
  4. Monitor your network for unusual activity such as higher than normal file rewriting
  5. Have a ransom recovery plan in place BEFORE you need it. If and when a ransomware attack occurs the perpetrators are counting on you having insufficient time to react in a calm and clinical way.

How Konsultek Can Help?

As a company who believes wholeheartedly that an ounce of protection is better than a pound of cure, we help organizations such as yours craft intelligent, effective and customized security solutions.  So if you would like help getting your learning organization up to speed on all matters of network and information security just pick up the phone and give us a call!

 

read more

Uber has had its share of bad publicity in recent months but last week they got a bit more bad news when the New York state Attorney General fined them $20,000 for failing to report a data breach that released the personal information of customers.

The $20,000 fine is hardly notable in terms of dollar value but it apparently served enough of a wakeup call to prompt Uber to evaluate their information security and begin making changes.

According to an article on CRM-Daily.com Uber collects and store sufficient personally identifiable information on its app users to put their identities at risk.

It All Began with Uber’s “God’s View”

Back in November of 2014 (what seems like a lifetime ago for Uber news!), Eric Schneiderman began investigating Uber when it was disclosed that app users’ personal information was being displayed in a virtual aerial view that is referred internally at Uber as “God’s View”.

 

Then, last spring Uber came clean with officials stating that “an unauthorized third-party” had accessed personal information including names and driver’s license numbers as far back as September of 2014.

“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” said Schneiderman. “We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operating here. I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information.”

Corrective Actions

According to Informationweek.com Uber has agreed to make changes to the way personal information is handled within the organization and its network. For example, location data will now be kept in a password-protected system and data in transit will be encrypted. Location data will also be limited to employees with legitimate business needs.

Key Take Aways

As regulating and law enforcement agencies begin to better understand the best practices available to organizations in regards to protecting personally identifiable data we can expect to see more frequent and heavier fines being levied against organizations that fail to apply sufficient safeguards.

At Konsultek, our business process savvy combines with over 20 years of information and network security to develop custom solutions for organizations of all sizes and across a myriad of industries. If you don’t want to be taken for a ride when it comes to your organization’s security, just give us a call.

 

 

read more