Woke up today to find this gem in the mailbox. Who knew that the FBI and the Central Bank of Nigeria would be looking for me!

This email is entertaining for a couple of reasons (at least!) beyond the alleged working relationship between Mr. Comey and the Central Bank of Nigeria.

Take a look at the portions highlighted with blue text! First a warning that “you should ignore any message that does not come from the above email address and phone number for security reasons.”

Next, look at Mr. Comey’s email address. I would have thought that after all the email scandals in Washington that Mr. Comey would not be using an AOL  email address for such important and sensitive business!

Re: Urgent January Notice…….

From: James B. Comey, Jr., <fbidirector@openmailbox.org> 

Jan 18 at 12:37 PM

OFFICE OF THE EXECUTIVE DIRECTOR,

MR. JAMES B. COMEY, JR,

FEDERAL BUREAUOF INVESTIGATION,

935 Pennsylvania Avenue, NW

Washington, D.C. 20535-0001. USA.

Attention: Beneficiary,After proper investigations, we, the Federal Bureau of investigation (FBI) discovered that your impending (over-due contract) payment with Central Bank of Nigeria is 100% legal and has been approved for release to you.

We recently had a meeting with the Executive Governor of the Central Bank of Nigeria, in the person of Mr Godwin Emefiele and other top officials of the concerned Ministries regarding your case and we were made to understand that your files have been held in abeyance pending on when you personally apply for the claim.

Investigations also revealed that a lady, by name Mrs. Joan B Melvin from New York has already contacted Central Bank of Nigeria with a power of attorney and some documents, which stipulated that you have mandated her to claim your fund of US$25,000,000.00 (Twenty Five Million United States Dollars) on your behalf due to your ill health.

In view of this, we have been urged to warn US citizens who have received information pertaining to their outstanding contract payment to be very careful and not to be a victim of ugly circumstance. In case you are already dealing with anybody or office of the Central Bank of Nigeria, you are strictly advised to STOP further communication with them in your best interest and thereby contact the real office of the Central Bank of Nigeria via the below information:

 

NAME: MR. GODWIN EMEFIELE

OFFICE ADDRESS: Central Bank of Nigeria,Central Business District,

Cadastral Zone, Abuja, Federal.

Capital Territory, Nigeria.

Email: central.bnk0015@aol.com

NOTE: In your best interest, you should ignore any message that does not come from the above email address and phone number for security reasons. And to enable the Central Bank of Nigeria to process and release the fund to you, you are required to re-confirm your full details such as

FULL NAMES: __________________________________

CITY: _________________________

STATE: __________________________________

ZIP: ______________COUNTRY: _______________________

SEX: _______________AGE: __________________

TELEPHONE NUMBER: _____________________

Ensure that you follow the Central Bank of Nigeria due process as enshrined in the International Banking Secrecy Act to avoid any form of discrepancy, which may hinder your fund transfer.Thanks for your understanding and cooperation as we earnestly await your urgent response.

Best Regards,

James B. Comey, Jr.,

Federal Bureau of Investigation

J. Edgar Hoover Building,

935 Pennsylvania Avenue,

NW Washington, D.C

E-mail: jjbcomeyjr@aol.com

 

read more

Top 10 Hacks of 2016

On November 17th, 2016, posted in: Hackers, Targeted Attacks by konweb

In the first of the “Top Hacks of 2016” lists I’ve seen this year (they seem to start earlier each year, similar to holiday shopping!) Tech.co has published their top 10 list.

Let’s take a look at the list and take a stroll down 2016’s memory lane of hacks.

1. World Anti-Doping Agency
2. SnapChat
3. Verizon
4. Democratic Party
5. LinkedIn
6. BitCoin
7. DropBox
8. Yahoo!
9. Cisco
10. AdultFriendFinder

The post on Tech.co doesn’t explicitly state whether or not the hacks are listed in order of decreasing severity. Personally, I would re-order the list and put the DNC (because of the potential ramifications it had on the election) or Yahoo (because of the sheer scope) at the top of the list.

Nonetheless,  a solid list in a year when pairing such a list down to just 10 is a challenge!

What do you think? Any egregious omissions? How would you order the list?

Sound Security Solutions for Organizations of all Sizes

At Konsultek we specialize in customized security solutions and managed security solutions for organizations of all types. Education, finance and healthcare are just a few of the dozens of different niches our security experts work in every week. If you are ready to learn more about your secure future, please give us a call.

 

read more

In a narrative that could have been lifted from a Tom Clancy novel, reports surfaced this week that an elite hacking group with ties to the NSA had been hacked and a treasure trove of their hacking tools stolen.

According to theHackerNews.com, the elite covert hackers known as the “Equation Group” have been hacked and a portion of their toolkit has been released publicly. Another portion of their most potent tools and exploits is apparently up for sale at auction with an asking price of $1 Million Bitcoins!

Source: Washington Post

The hackers, who go by the name “The Shadow Brokers” had this to say about their stunning hack:

“We follow Equation Group traffic,” says the Shadow Broker. “We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”

While the authenticity of the hack was at first questioned, many security experts from free-lancers to Kaspersky have examined the publicly leaked materials and have concluded that they are indeed products from Equation Group.

Hack or Inside Job

In an update to the rapidly unfolding story, security expert Matt Suiche spoke with an anonymous source who used to work in the NSA’s TAO (Tailored Access Operations) unit. The credible source indicated that the leaked files were stored on a physically isolated network and that either an inside mistake or purposeful act brought the files into contact with the outside world.

For certain, this story is not over yet and probably won’t be for some time. Will the final plot twists be as interesting as something penned by Clancy? We’ll have to wait and see!

In the meantime, if you have security concerns about your information and network please pick up the phone and speak with one of our operatives, um I mean team members!

 

read more

We wouldn’t be on the cutting edge of topicality if we didn’t have a post about Pokemon Go and fortunately, thanks to the hacking group PoodleCorp, we are happy to be able to bring you a post about Pokemon GO AND Info Sec all tied together!

Softpedia broke the exclusive story of DDoS failure to launch on Aug 3. Initial reports were that hacking crew PoodleCorp’s planned Aug 1 DDoS was waylaid by an external hacker who hacked their site, dumped the database, and shared it with data breach index service LeakedSource who tweeted news of the breach to their followers.

In response to the LeakedSource Twitter proclamation of the breach, PoodleCorp fired back through a popular YouTuber that the leak was not a result of hacking but rather the inside work of a disgruntled partner.

The Games People Play

PoodleCorp also apparently fired off multiple DDoS attacks against LeakedSource, to no avail, in retaliation for LeakedSource’s announcement.

Not ones to apparently shy away from a little friendly DDoS gamesmanship, LeakedSource trolled the leaked database and reportedly found PayPal transaction information as well as the “full address information on 3 members, which we plan on reporting to the relevant authorities.”

Not sure if that counts as “check mate” but certainly well played LeakedSource!

Who Do You Want on Your Team?

At Konsultek we know that information security is not a game, but rather serious business. If you feel as though you’ve been played or want to keep from being played by hackers and cybercriminals, just pick up the phone and give us a call. Our team is always ready to take on new challenges and to help you and your business stay secure.

 

read more

In April of this year we posted a story about the disturbing trend of ransomware infecting healthcare systems. In that story we wrote this prophetic sentence.

“As cybercriminals become better at identify those niches most apt to “pay up” we will undoubtedly see concentrations of ransoms springing up.”

Today, the University of Calgary announced on its website that it had paid $20,000 CDN to unlock access to portions of its network system.

Is the University of Calgary’s experience the first among many in a new hot niche for ransomware?  I suppose only time will tell but it may very well be the case.

From their website:

“Ransomware attacks and the payment of ransoms are becoming increasingly common around the world. The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

What Can You Do to Prevent a Ransomware Attack?

Like every other malware, ransomware is most often delivered with the help of unsuspecting humans. Email attachments, links in email and links to malware infected sites in the form of advertisements on websites employees are known to visit are some of the most common vectors for infection.

We’ve previously touched on the need for having a “culture of security” within your organization and certainly addressing the human factor of security is becoming ever more important. However, from a technology perspective, much can be done to prevent ransomware attacks as well as mitigate their damage if an infection were to occur.

  1. Authenticate in-bound email
  2. Backup data frequently and keep a separate copy offline
  3. Be certain to protect your Internet of Things (especially critical in medical and healthcare settings)
  4. Monitor your network for unusual activity such as higher than normal file rewriting
  5. Have a ransom recovery plan in place BEFORE you need it. If and when a ransomware attack occurs the perpetrators are counting on you having insufficient time to react in a calm and clinical way.

How Konsultek Can Help?

As a company who believes wholeheartedly that an ounce of protection is better than a pound of cure, we help organizations such as yours craft intelligent, effective and customized security solutions.  So if you would like help getting your learning organization up to speed on all matters of network and information security just pick up the phone and give us a call!

 

read more

Uber has had its share of bad publicity in recent months but last week they got a bit more bad news when the New York state Attorney General fined them $20,000 for failing to report a data breach that released the personal information of customers.

The $20,000 fine is hardly notable in terms of dollar value but it apparently served enough of a wakeup call to prompt Uber to evaluate their information security and begin making changes.

According to an article on CRM-Daily.com Uber collects and store sufficient personally identifiable information on its app users to put their identities at risk.

It All Began with Uber’s “God’s View”

Back in November of 2014 (what seems like a lifetime ago for Uber news!), Eric Schneiderman began investigating Uber when it was disclosed that app users’ personal information was being displayed in a virtual aerial view that is referred internally at Uber as “God’s View”.

 

Then, last spring Uber came clean with officials stating that “an unauthorized third-party” had accessed personal information including names and driver’s license numbers as far back as September of 2014.

“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” said Schneiderman. “We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operating here. I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information.”

Corrective Actions

According to Informationweek.com Uber has agreed to make changes to the way personal information is handled within the organization and its network. For example, location data will now be kept in a password-protected system and data in transit will be encrypted. Location data will also be limited to employees with legitimate business needs.

Key Take Aways

As regulating and law enforcement agencies begin to better understand the best practices available to organizations in regards to protecting personally identifiable data we can expect to see more frequent and heavier fines being levied against organizations that fail to apply sufficient safeguards.

At Konsultek, our business process savvy combines with over 20 years of information and network security to develop custom solutions for organizations of all sizes and across a myriad of industries. If you don’t want to be taken for a ride when it comes to your organization’s security, just give us a call.

 

 

read more

Symantec’s April 2015 Volume 20 Internet Security Threat Report contains over 100 pages of interesting facts and research regarding Internet and information security.

One of the infographics contains data similar to what was reported by Verizon and was discussed here previously. The data pertains to the likelihood and prevalence of attacks by industry.

Symantec’s research corroborates Verizon’s findings that the manufacturing sector is amongst the most highly targeted (in this case, specifically by spear phishing attacks).

Source: Symantec April 2015 Volume 20 Internet Security Threat Report

Mining Industry a Likely Target for Illicit Data Mining!

It is interesting to note that if your organization falls in the mining space you were more likely than any other industry to have been targeted by a spear phishing attack. This seems an outsized risk for a somewhat low tech industry considering that, according to the Verizon data, “secrets” were the most commonly mined corporate information. More obvious targets would have been technology companies or perhaps pharmaceutical or financial companies.

One thing is certain, spear phishing and other types of corporate hacking are happening every day across a wide variety of industries. At Konsultek, we specialize in developing custom security solutions that work for organizations both large and small. To learn more about the potential vulnerabilities of your organization and what you can do to protect your intellectual property and trade secrets please pick up the phone and call (847)426-9355 to begin a dialogue.

read more

Steganography? Don’t feel bad if this word isn’t immediately familiar to you. It is an ancient word first used around 1499 in a tome titled “Steganographia”, by Johannes Trithemius .

Translating literally from Greek as “covered, concealed, or protected”  “writing”, steganography is a method of coding or encryption where the message is hidden in plain sight. A simple example would be a written message where the “real “  hidden message is actually comprised of the first letter of each printed line.

Fast forward to today’s image crazy Imgur world and now images or even video files are being encrypted with malicious content that is unleashed when viewed by the end user.

According to the Dark Matters Blog, thanks to Malware such as Stegoloader a seemingly innocent .PNG image of the earth is being used to target organizations in the healthcare, education and manufacturing sectors.

And, as is usually the case, this malware is getting smarter and smaller making it more difficult to detect and prevent against.  In the past, image corruption would lead to larger file sizes or “bloat” that could be detected. Today’s more sophisticated hackers are able to accomplish their goals with much less file weight making detection difficult plus, many anti-virus platforms do not actively scan images for the presence of malware.

Stegoloader uses other tactics to prevent detection. For example, it will not execute if it detects the presence of more sophisticated active security tools. Once executed, neither the .PNG image nor the decoded message are stored on the compromised machine further adding to its elusiveness.

Neither the PNG image nor the decoded messages are stored on the infected system’s hard drive in an attempt to be evasive.

It appears that at the moment Stegoloader is strictly being used as a data-gathering tool. Of course, that could change at any time.

So, the next time someone sends you an image of a cute kitten, a sunrise or the earth think twice about opening that attachment.  You may just be looking at an image that is truly worth more (to a hacker) than a thousand words!

Never heard of Steganography? Hassled by hackers? Seeking network security? Give us a call! For over 25 years Konsultek has been helping small businesses and Fortune 100 companies alike manage their networks and their information security.

 

read more

“Your money or your site.” That’s the simple nature of the DDOS ransom gambit and as two security reports have documented DDOS attacks remain a popular way to extract good old cash, disguise other cyberattack activity or just generally wreak havoc.

According to Symantec’s April 2015 Volume 20 Internet Security Threat Report DDOS attacks were quite popular in 2014, peaking around April and then July as shown below.

 

Considering that Symantec reports that for as little as $10- $20 a ne’re do well can rent a DDoS attack it is no wonder that DDOS remains a popular approach to wreaking havoc for monetary gain as well as revenge, hacktivism and obfuscation of other cyber malfeasance.

DDoS for Ransom Not the Most Popular Motivation

Arbor Networks Worldwide Infrastructure Security Report (2014) offers a much more detailed look into DDoS. For example, the motivations behind the attacks as discerned by the victims.

As the graphic above indicates, ransoms (ie Criminal extortion attempt), while prevalent, are not the major source of motivation.

And as one might suspect, virtually all industries are at risk with cloud and hosting companies being the number 1 target followed closely by the financial, government and E-commerce sectors.

An Ounce of Prevention is Worth More than a Pound of Cure

Protecting one’s organization against DDoS attacks is certainly far easier and more cost-effective than dealing with their amelioration. As these attacks have become larger in scope and sophistication the traditional reactive router filters and firewalls of yesteryear are simply not as effective as they need to be.

Today a multi-layered approach that utilizes an Intelligent DDoS mitigation system (IDMS) as part of an overall network security protocol makes the most sense. At Konsultek our custom developed security solutions can not only help protect your organization against DDoS attacks but all other forms of cyber-threats as well.

Please pick up the phone and give us a call to discuss your unique situation.

 

read more

The next time you saunter into your local Starbucks and use your mobile app to pay for your favorite libation you might want to consider the potential financial consequences of that little extra convenience.

Here’s why. It seems as though the Starbucks mobile app and associated payment system have security vulnerabilities that hackers are starting to exploit with ever greater frequency.

According to a story on money.com the criminals have devised a rather ingenious method to gain access to credit cards linked to Starbucks accounts.  The best part for the criminals is that since the method doesn’t technically steal credit card information or compromise credit card accounts, the crime may not be punishable under standard “Regulation E” credit card liability protections.

According to Starbucks, $2 billion mobile payment transactions were processed in 2014 and approximately 1 in 6 transactions at Starbucks locations are conducted with the Starbucks app. Consequently, the potential impact of this problem is huge.

Bob Sullivan, who reported the story, suggests that the crime works something like this.

Criminals buy stolen IDs and passwords and use a “brute force” attack to find a combination which accesses a Starbucks account.  Since Starbucks doesn’t appear to limit the number of failed password attempts, automated programs can churn through combinations until an account is successfully accessed. Next, the thieves transfer the balance of the account to a new Starbucks gift card. If the account on the app is set to automatically recharge from a credit card or PayPal, this process can be repeated, even with increased reloading amounts. The new Starbucks gift cards are then sold for cash.

In a matter of minutes, even before a victim could reach customer service, hundreds of dollars have been lost.

The full story, complete with the first-hand accounts of victims can be found here and is definitely worth the read.

As we have pointed out in many, many posts, mobile devices and apps are fraught with security issues and you should always think twice before using your mobile device for anything that involves credit cards and payments.

read more