Blog

Archive for Tech Tips for Business Owners

[Alert] WannaCry Ransomware Attack Uses NSA 0-Day Exploits To Go On Worldwide Rampage

NHS Ransomware Attack

This screenshot is just one example: The IT systems of around 40 National Health System hospitals across the UK were affected by this ransomware attack. Non-emergency operations have been suspended and ambulances are being diverted as a result of the infection. Cybersecurity experts have long used the phrase “where bits and bytes meet flesh and blood,” which signifies a cyberattack in which someone is physically harmed.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.” This is a cyber pandemic caused by a ransomware weapon of mass destruction. In the Jan 3 issue of CyberheistNews, we predicted that 2017 would be the year where we’d see a ransomworm like this. Unfortunately, it’s here.

Banks, Trains and Automobiles

Hundreds of thousands of machines are infected worldwide, including FedEx Corp, Renault, Nissan, the German Railways, Russian banks, gas stations in China, and Spanish telecommunications firm Telefonica (which reported 85% of their systems being down as a result of the cyberattack), and in a case of poetic justice, Russia seems to have been hit the hardest up to now. The source is Kaspersky’s Securelist, note that this is just the early days, and their visibility is likely limited.

wannacry_03.png

The strain is called “Wana Decrypt0r” which asks $300 from victims to decrypt their computers. This monster has infected hundreds of thousands of systems in more than 150 countries. Monday morning when people get back to work, these numbers will only go up. Check out an early animated map created by the NYTimes.

Here is an infection map based on data from MalwareTech.com:

Wana_Infection_Map.png

…and the Wall Street Journal also created an InfoGraphic explaining the spread of Wana which is nice to show to management when you ask for more IT security budget to train your users – which would prevent this whole mess.

WSJ_Wana_Info.png

Bleepingcomputer said: “Whoever is behind this ransomware has invested heavy resources into Wana Decrypt0r’s operations. In the few hours this ransomware has been active, it has made many high-profile victims all over the world. “Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Despite the fact that this strain is hyper-agressive, the criminals behind the code do not seem to be all that sophisticated, they are using only a limited amount of static bitcoin wallets. Could even be that they are relative newbies at ransomware, and that the NSA worm-code has run amock scaring the daylight out them, afraid to be caught.

The Ransom Deadline Is Short

The ransom starts at $300 for the first 6 hours, and you’ve got up to 3 days to pay before it doubles to $600. If you don’t pay within a week then the ransomware threatens to delete the files altogether. Note the social engineering aspect here too: a sense of urgency is created to prompt people into action. A sense of hope is granted by virtue of the ability to decrypt a sample selection of the files

The ransomware’s name is WCry, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or Wana Decrypt0r. As everybody keeps calling it “Wana Decrypt0r,” this is the name we’ll use in this article, but all are the same thing, which is version 2.0 of the lowly and unimpressive WCry ransomware that first appeared in March.”

Kaspersky Lab also reports that the Wana strain has numerous languages available and was designed to affect multiple countries.

wana-decrypt0r-2_0.png

Sky News Technology Correspondent Tom Cheshire described the attack as “unprecedented”. The ransomware is using originally NSA 0-day ETERNALBLUE and DOUBLEPULSAR exploits which were made public earlier this year by a group calling itself the ShadowBrokers. There are recent patches available but many have not applied them yet.

 

Former U.S. intelligence contractor turned whistleblower Edward Snowden pointed the finger at the NSA, implying the agency was responsible for exploiting a weakness in Windows. It is not clear yet how the ShadowBrokers first got their hands on the NSA tools – conspiracy theories range from a contractor leak to a Russian counter-espionage trying to hint American intelligence should back off.
The group ShadowBrokers first appeared in August, claiming it had stolen tools from the Equation Group, a legendary espionage operation rumored to be affiliated with the NSA. The Brokers announced they had the tools and offered to auction them off which did not go very far. In January, the group gave up, only to resurface in April dumping EternalBlue and other Windows hacking tools in the public domain, where criminal hackers were grateful recipients.

 

The Initial Infection Vector Is A Well-crafted Phishing Email.

 

According to CrowdStrike’s vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through phishing, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a password protected .zip file, so the email uses social engineering to persuade the victim to unlock the attachment with a password, and once clicked that initiates the WannaCry infection. Microsoft confirms this in a blog post.

But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. “This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire,” CrowdStrike’s Meyers told Forbes. “It’s going through financials, energy companies, healthcare. It’s widespread.”

“We encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school,” the U.S. Department of Homeland Security said in a statement released late Friday. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally.” Here is a technical nosedive of the Wana malware.

If You Can, Apply This Patch Immediately.

After the initial infection, the malware spreads like a worm via SMB, that is the Server Message Block protocol used by Windows machines to communicate with file systems over a network. According to Cisco’s TALOS team:

The file tasksche.exe checks for disk drives, including network shares and removable storage devices mapped to a letter, such as ‘C:/’, ‘D:/’ etc. The malware then checks for files with a file extension as listed in the appendix and encrypts these using 2048-bit RSA encryption.

From what we have been able to learn, Wana spreads through SMB so when we’re talking about machines behind firewalls being impacted, it implies ports 139 and 445 being open and at-risk hosts listening to inbound connections. It’d only take one machine behind the firewall to become infected to then put all other workstations and servers at risk due to it being a true worm.

In the mean time, harden yourselves against this Windows Network Share vulnerability and ensure that all systems are fully patched with the “MS17-010” security update (link below) and remind all staff to Think Before They Click when they receive any out of the ordinary emails. https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Redmond Issues Emergency Patch For WinXP

Microsoft has also released out-of-band patches for older versions of Windows to protect against Wana, because the original patch did not include XP/Win8. “This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind,” the company told customers in a blog post.

Besides installing these out-of-band updates — available for download from here — Microsoft also advises companies and users to outright disable the SMBv1 protocol, as it’s an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3. You can use Grooup Policy for Clients and Servers. Here is a script to check the complete Active Directory for systems that miss the WanaCry related hotfixes.

Here is how to remove SMBv1 on Windows 10:

Turn_Off_SMB.png

And here is how to turn if off on Windows Servers. Start with those…

SMBV1_win_server.png

Another option: Use DSC to enforce the SMBv1 removal. If you don’t have DSC in place, you can use DSC local on your servers as well. You can now download security updates for Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86,Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, and Windows 8 x64.

A Honeypot Server Got Infected With WanaCry 6 Times In 90 Minutes

As the original one, the second variant is automatically executed by “Microsoft Security Center (2.0) Service” and is trying to spread by creating SMB connections to random IP addresses, both internal and external.

According to an experiment carried out by a French security researcher that goes online by the name of Benkow. WanaCry infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware’s scanning module, which helps it spread to new victims. Noteworthy: three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches.

How To Detect The Presence Of Wana And SMBv1 Servers On Your Network

One of the easiest ways to monitor what is happening on your network is to setup a SPANMirror port or use a network TAP. This will give you access to flows and packet payloads so you can see who is connecting to what and if there is anything suspicious moving around. Check out this blog post if you use Cisco switches, it explains how you can monitor multiple network segments without the need to remember what is connected to what switch port. If you don’t use Cisco switches there is an excellent resource on the Wireshark wiki site which looks at how to setup monitoring on other switches.

There is one caveat though, this infection moves out like lightning from patient zero, and all vulnerable machines are literally locked in less than two minutes so monitoring alone would not be enough to be stop this monster. Here is a video showing a machine on the left infected with MS17-010 worm, spreading WCry ransomware to machine on the right in real time.

There Are Four Things To Watch Out For When It Comes To Detecting Wana

  1. Check for SMBv1 use
  2. Check for an increase in the rate of file renames on your network
  3. Check for any instances of the file @Please_Read_Me@.txt on your file shares
  4. Check for any instances of files with these extensions
    • .wnry
    • .wcry
    • .wncry
    • .wncryt

If Your Network Has Been Infected, What To Do?

This ransomware strain cannot be decrypted with free tools. Research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake has not been found yet.

Your best bet is to recover from backups, and if your backup failed or does not exist, try a program like Shadow Explorer to see if the ransomware did not properly delete your Shadow Volume Copies. If a user did not click Yes at the UAC prompt, then there is a chance those are still available to start the recovery. Here is How to recover files and folders using Shadow Volume Copies. As a last resort and all backups have failed, you could decide to pay and get the files decrypted. It appears to work.

uac-prompt.png

What Can Be Done To Stop These Bad Guys?

It’s possible but difficult. The money has reportedly been flooding into hackers’ accounts and investigators can track the money and see where the bitcoin ends up. “Despite what people tend to think, it’s highly traceable,” Clifford Neuman, who directs the University of Southern California’s Center for Computer Systems Security. told the Washington Post.

However, hackers are still able to hide and launder the bitcoins in many different ways. Investigators will also examine the code itself as hackers often leave identifiable traces of their work. You can watch as some of these wallets are receiving money in real time.

Here Are 8 Things To Do About It (apart from having weapons-grade backups)

  1. Check your firewall configuration and make sure no criminal network traffic is allowed out, and disable SMBv1 on all machines immediately
  2. From here on out with any ransomware infection, wipe the machine and re-image from bare metal
  3. If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it’s tuned correctly
  4. Make sure your endpoints are patched religiously, OS and 3rd Party Apps
  5. Make sure your endpoints and web-gateway have next-gen, frequently updated (a few hours or shorter) security layers
  6. Identify users that handle sensitive information and enforce some form of higher-trust authentication (like 2FA)
  7. Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud
  8. Deploy new-school security awareness training, which includes simulated social engineering tests via multiple channels, not just email.

See How Sentree Systems, Corp. can Help!!


Learn More!

 

Share

Posted in: Monthly Security Brief, Newsletter Topics, Security Awareness Training, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

[ALERT] DynA-Crypt Ransomware Steals And Deletes Your Data

Our friend Larry Abrams at Bleepingcomputer alerted the world about a new strain of ransomware called DynA-Crypt that was put together using a malware creation kit by people that are not very experienced, but have a lot of destruction in mind.

Larry said: “DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim’s computer.dyna-crypt.png Image courtesy Bleepingcomputer

Ransomware and information stealing infections have become all-to-common, but when you combine the two into the complete mess that DynA-Crypt is, you are just left with a big pile of NASTY that just makes a mess of a victim’s programs and data.

“The problem is that this ransomware is composed of numerous standalone executables and PowerShell scripts that just do not make sense in some of the actions they perform. It not only encrypts your files while stealing your passwords and contacts, but it also deletes files without backing them up anywhere.”

A DynA-Crypt Infection Means A Full-blown Data Breach

While running, DynA-Crypt will take screenshots of your active desktop, record system sounds from your computer, log commands you type on the keyboard, and steal data from numerous installed programs like Skype, Chrome, Minecraft and many others.  When stealing this data, it will copy it into a folder called %LocalAppData%\dyna\loot\, When it is ready to send to send to the developer, it will zip it all up into a file called %LocalAppData%\loot.zip, and email it to the developer.

The Ransomware Portion of DynA-Crypt can be Decrypted

The ransomware portion of DynA-Crypt is powered by a PowerShell script that uses a standalone program called AES to encrypt a victim’s data. This script will scan a computer for files that match the following extensions and encrypt them.

When it encrypts a file it will append the .crypt extension to the encrypted file’s name. That means a file named test.jpg would be encrypted and renamed as test.jpg.crypt. The ransomware will also delete the computer’s Shadow Volume Copies so that you are unable to use it to recover files.

When done encrypting a computer, DynA-Crypt will display a lock screen asking you to pay $50 USD in bitcoins to an enclosed bitcoin address. Thankfully, at this time nobody has paid a ransom.

 

 

Is your Home Internet Connection Secure???

Are you worried about what your child is seeing or doing on the Internet? Well look no further the MDS Personal Internet Security device, from Sentree Systems, Corp., is what you need.


Secure Your Home Internet Today!!!

Share

Posted in: Monthly Security Brief, Newsletter Topics, Security Awareness Training, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

Locky Ransomware Campaign Using Osiris Extension from Egyptian Mythology

The threat actors behind Locky ransomware have moved on from Norse gods such as Zepto, Odin and Thor and into Egyptian mythology with a new campaign that uses the extension .osiris when encrypting files as tweeted by R0bert R0senb0rg earlier this week.

How is this being distributed?

Operations6 tweeted that this campaign is being distributed through phishing emails with Excel email attachments that contain macros to download and install Locky.  

We’ve been warning about this very popular method of delivering ransomware for the past several months.  We’ve even put together a macros warning screen guide to show you the most common examples we see so you know what to watch out for when a phishing email like this lands in your inbox.

The name of the sheet in this particular campaign is called Лист1, a probable indication that the developers are located in Russia or the Ukraine. If a user actually opens the doc they get a blank screen with a prompt to enable macros.

Locky Phishing Email

Of course the attachments have important sounding names containing the word ‘Invoice’ to really try and get users interested enough to find out what’s in the attachment and enable the macros.

Once the macros are enabled it’s too late. A VBA macro is triggered that downloads a DLL (Dynamic-link library, Microsoft’s shared library concept) file and executes it using Rundll32.exe.  

Locky Excel Doc

Locky Installation

That DLL file is then downloaded into the %Temp% folder and gets renamed with an extension such as .spe rather than the usual .dll extension. The DLL file is subsequently executed using legitimate Windows program Rundll32.exe and installs Locky ransomware onto the computer. 

See the details from Larry Abrams at Bleeping Computer for the results of a sample he ran.

Once files have all been encrypted, Locky displays its ransom notes, see an example below. Currently the price for file recovery is about 2.5 Bitcoins (~$1880).

Locky Ransom Note Osiris

What to do about Locky

At this time unfortunately there is still no known free decryption method for the Locky ransomware variant. This would be where those weapons-grade backups we’re always talking about would save the day. Locky does try to erase Shadow Volume Copies although in some cases that fails, so it is possible to restore your encrypted files from Shadow Volume Copies if you’re lucky.

 

© KnowBe4, Inc. All rights reserved. | Privacy Policy & Terms Of Service | Security

 

See How Sentree Systems, Corp. can Help!!


Learn More!

Share

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

[ALERT] Yikes, A New And Scary Double- ransomware Whammy.

GoldenEye-1.jpg

 

Sophos reported on one of the more scary ransomware strains I have seen lately. It’s called Goldeneye and encrypts the workstation twice: both the files and the Master File Table (MFT).

It’s a phishing attack with two attachments. One is a PDF and the other an Excel file. The Excel file contains a loader that pulls down all the malware. The PDF is the social engineering ruse that makes the user open the Excel file. If your user is untrained enough to open both attachments and there are crucial files on the local hard disk without a backup, you potentially get to pay ransom TWICE.

The spam email presents itself as a job application form to be filled out. It has attached an uninfected PDF with the application to get the process started, and in the PDF is a polite reference that the Excel file contains more details — no explicit demand to open up the file… just business as usual.

Opening up the Excel file, you get a suggestion how to display the aptitude test. Sophos said: “The crooks don’t openly ask you to do anything obviously risky, such “Enable macros” or “Turn off the default security configuration”, but they do encourage you to make a change to your Office settings, something that Excel will invite you to do because the file contains what are known as Visual Basic for Applications (VBA) macros.

In fact, if you permit macros to run in this Excel file, you will quickly regret it: the VBA downloads a copy of the Goldeneye ransomware and immediately launches it.” The VBA programming language used in Office macros is powerful enough to allow cybercriminals to control Word or Excel programmatically, but also to perform more general actions such as downloading files from the web, saving them to disk, and running them. 

Yikes.

Once the Excel file is activated, all the malicious activity happens in the background, but when the encryption pass is done, there’s a whole bunch of files left behind called: YOUR_FILES_ARE_ENCRYPTED.TXT which announce the infection:

ge-hit1-1.png

Most strains of file-encrypting ransomware stop here, but Goldeneye’s developer has experience in this field and does a double-whammy attack similar to their Petya / Misha strain and encrypts the Master File Table (MFT) of that machine as well. 

Goldeneye works a bit different than the previous editions: it first encrypts the files, then performs the UAC bypass and the low-level MFT attack, then reboots and pretends doing a CheckDisk.

ge-chkdsk.png

Once the “check” is finished, another reboot sounds the alarm with some dramatic ASCII art:

ge-skull-1.png

Pressing the Any Key gives you this:

ge-hit2.png

In case you’re wondering why Sophos redacted the so-called personal decryption codes in the images above, the encryption is different for your files and for your MFT: the malware uses different algorithms and different keys each time.

In short, if you pay up to unlock your scrambled MFT so you can reboot into Windows, then, assuming the crooks actually send you the key, you’ll get back into Windows only to face the YOUR_FILES_ARE_ENCRYPTED.TXT pay page as well. If you don’t have any backup, you get to pay up 1.4 Bitcoins all over again.  That’s 2.8 total which starts to get very expensive.

 

See How Sentree Systems, Corp. can Help!!


Learn More!

Share

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Is Data Security really that important to my company?

Digital Security Protection Privacy Interface Concept

Why should I care about Data Security?

Take a moment to consider the following question: What is more expensive…. spending money on the right Data Security solution or paying RANSOMWARE FEES, fines, court fees, the loss of your company’s reputation, and your clients walking away from your business down the street to your competitors?  As a business owner thinking “why should I spend any more money on my computer system, I have an IT company that should be taking care of that”, this question is why I’m writing to you. 

I need to first set the record straight by saying, Data Security is not an IT problem, it is a business risk problem.  The reason I say this is because IT looks at the functionality, durability and productivity of your network devices, which is a good thing to do. But data security looks at your company at the user level, where the risk ultimately starts.  Every time you hire someone you must perform background checks on that person and a portion of that decision, depending on the position you hire them for, is based on if they would intentionally compromise your critical data.  Those types of thought don’t go in to buying the right computer with enough RAM, that is the job for IT.

Trust me I know what your thinking, “spending more money as a small business, just isn’t feasible right now, I will just deal with it if it comes my way”.   Unfortunately, that could be too late depending on the situation.  Example, if you live in Indiana and you have 500 or more records of client personally Identifiable information gets compromised, you are required by law to report the compromise to the authorities and to everyone whose records you have.  This is at the point that you could lose client loyalty and they could walk away from you.  The WRONG way is to not report it, but if one of your 500 or more clients find out their information was stolen because you were compromised, they can sue you and the authorities can fine you thousands of dollars for not reporting it properly and stick you with the bill for sending all your 500 contacts to breach counseling.  In 2015 the average cost per stolen record was $217 per record and if you had only 500 records that would be 500 x $217 = $108,500, is that worth waiting to deal with it, if it comes your way?

If you want to find out more ways to decrease your risk of data breaches and malware attacks, contact us today. 

Share

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

DMV worker accused of using state computer to ask customer on a date

Police on Tuesday said they have arrested a worker at the New York State Department of Motor Vehicles (DMV) on Staten Island, for allegedly trying to use the work computer to get a customer’s personal information and ask her out on a date.

According to the New York State Inspector General’s office, Peter Grosseto, 29, has been charged with the felony charge of Computer Trespass and the misdemeanor charges of Unauthorized Use of a Computer and Official Misconduct.

Investigators claim that Grosseto used the work computer system to look up the name and phone number of a customer – without her knowledge – who was being served by another DMV staffer.

He allegedly did it 3 times. Then, police say, Grosseto called the woman at home, pretending to be a DMV quality assurance rep.

He ultimately admitted he was calling to ask her out on a date.

Inspector General Leahy Scott said that Grosseto’s alleged behavior was unprofessional:

This defendant set aside any semblance of professionalism and illegally accessed State resources to satisfy his own interests and harass a customer with unwelcome advances. I will not tolerate any government employee’s violation of the public trust or violation of any citizen’s privacy and dignity.

Grosseto’s bosses aren’t too happy about it, either.

DMV Executive Deputy Commissioner Terri Egan:

There is no responsibility we take more seriously at DMV than safeguarding the personal information of our customers. When personal information is compromised, we take swift action – especially when a DMV employee is involved.

Grosseto’s been suspended without pay “to ensure he can no longer abuse his position,” Egan said.

He is, of course, innocent until proved guilty.

If Grosseto is guilty, he’s sure not alone. After investigating cops who misuse access to personal information, the Associated Press on Wednesday published a report finding that police across the US run unauthorized searches on confidential databases for purposes that include revenge and stalking.

Calling a stranger for a date, using a phone number and a name she never agreed to give you, might sound kind of cute. Harmless. Easy to laugh off.

But the AP story about police who abuse their positions to dig out data on people makes clear that government employees who do this aren’t just unprofessional: they can be downright dangerous.

One example is an Ohio officer who pleaded guilty last year to having looked up information on an ex-girlfriend and to stalking her.

The AP quoted Alexis Dekany, the woman he stalked:

It’s personal. It’s your address. It’s all your information, it’s your Social Security number, it’s everything about you.

And when they use it for ill purposes to commit crimes against you – to stalk you, to follow you, to harass you… it just becomes so dangerous.

Law enforcement officials have tried to stem the number of times that these betrayals of trust occur. Unfortunately, it’s well-nigh impossible to differentiate between legitimate database inquiries and those that are self-serving.

What can they do?

Some departments have tried increasing field audits.

The Miami-Dade police department is now conducting quarterly audits in which officers can be randomly asked to explain searches. Also, a sergeant’s duties have been expanded to include daily reviews of proper usage and troubleshooting, Maj. Christopher Carothers of the professional compliance bureau told the AP.

But at the end of the day, for better or (often for) worse, it looks like we’re relying on professionals acting like professionals as we trust them with our personal information.

 

Article by:
sophos_logo_PA4_rgb

 

 

 

 

Is your Home Internet Connection Secure???

Are you worried about what your child is seeing or doing on the Internet? Well look no further the MDS Personal Internet Security device, from Sentree Systems, Corp., is what you need.


Secure Your Home Internet Today!!!

Share

Posted in: Newsletter Topics, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

Should we soon expect to be sending passwords through our bodies, not the air?

Whenever you send a password using a broadcast medium such as Wi-Fi or Bluetooth, someone might be listening. Even if it’s encrypted, you might be giving hackers at least a shot at breaking it.

Researchers have expressed particular concerns about the risk of vulnerabilities in custom radio protocols for wearables and implantables. But what if you could securely send that data through your body, not the air?

And what if you could do it using a fingerprint sensor or touchpad like the one already built into your smartphone or laptop?

That’s the claim of new research from computer scientists and electrical engineers at the University of Washington. As UW assistant professor of computer science and engineering Shyam Gollakota puts it:

Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body.

That’s right: even though fingerprint sensors aren’t designed to be active radio transmitters, “during normal operation they produce characteristic electromagnetic signals, which are consistent and at frequencies below 10 MHz” – frequencies that apparently propagate well through the human body.

According to the University of Washington’s description of the research:

These ‘on-body’ transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body – such as a smart door lock or wearable medical device – and a phone or device that confirms your identity by asking you to type in a password.

Co-lead author Mehrdad Hessar walks through a typical use case:

Let’s say I want to open a door using an electronic smart lock. I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door.

The authors’ paper documents transmission tests across the whole body, demonstrating that their technique works across different body types, and whether the subject is standing, sitting, or lying down. They tested iPhone 5s and iPhone 6s fingerprint sensors, the Verifi P5100 USB fingerprint scanner, and both Lenovo T440s and Adafruit touchpads.

Their technique also held up well against interference from other wearables. (A claimed side benefit of this finding: it might “be difficult for an attacker to transmit an external signal on the air to either jam transmissions or send false information.”)

Don’t expect to watch any HD movies transmitted directly through your fingerprint sensor just yet: Hessar et al achieved transmission rates of just 25 bits per second. That’s less than a quarter the speed of a 1950s modem.

It’s a long way from a university research lab to your body, but if this proves out, multiple applications are possible. For example:

Instead of manually typing in a secret serial number or password for wirelessly pairing medical devices such as glucose or blood pressure monitors with smartphones, a smartphone could directly transmit arbitrary secret keys through the human body.

Of course, having your body as the transmission medium brings a whole new set of security concerns about man-in-the-middle attacks.

Article by:
sophos_logo_PA4_rgb

 

 

 

 

See How Sentree Systems, Corp. can Help!!


Learn More!

Share

Posted in: Newsletter Topics, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

86-year-old grandmother billed $5K, accused of pirating zombie game

An Ontario octogenarian has been snared in what’s being called a “dragnet cash grab” following Canada’s institution of new copyright infringement rules. She’s on the hook for $5,000, for allegedly downloading Metro 2033, a first-person shooter video game featuring heavy armament and splattered zombies.

CBC News Ottawa reports that 86-year-old Christine McMillan was in for a bit of a shock when she received two emails, back in May, forwarded by her ISP, informing her that she was being held accountable for allegedly illegally downloading a game she says she’s never heard of.

CBC shared a video which it says captures McMillan’s reaction when she was exposed to the game for the first time.

Her thoughts on the game she was accused of illegally downloading:

Dreadful. Who would want to watch this? Disgusting. I can’t understand why anybody would find this… [to be] entertainment?

I mean, anybody who lived through the second world war… or any of the wars… I mean, this would have no appeal as entertainment, I have to tell ya. Disgusting.

As CBC notes, she’s likely one of thousands of Canadians who’ve received notices to pay up, whether they’re guilty of copyright infringement or not.

The notices came from a private company called Canadian Intellectual Property Rights Enforcement (CANIPRE)

As TorrentFreak reports, McMillan is one of hundreds of thousands of Canadians who’ve been accused of copyright infringement under Canada’s “notice and notice” regulations, introduced last year under the Copyright Modernization Act.

The law requires internet providers to forward copyright infringement notices to customers suspected of illegally downloading content, including video games and movies.

According to CBC, the supposed copyright infringers are identified only through IP address. ISPs don’t disclose any further information to the copyright enforcers.

McMillan called the legislation “foolish” and said she “couldn’t believe the government would support” the enforcers “threatening” people over the internet and demanding cash.

In fact, at first, she thought it was a scam, she told CBC:

They didn’t tell me how much I owed, they only told me that if I didn’t comply, I would be liable for a fine of up to $5,000 and I could pay immediately by entering my credit card number.

However, it’s all quite legal.

The owner of CANIPRE, Barry Logan, told CBC that the company ran the wording of the notices past lawyers, and they vetted it for legality.

McMillan said she’s going to ignore the notices and hope the problem will just go away. Hopefully, taking her to court will prove too expensive for the enforcement company, she said.

But how did her IP address get tagged in the first place? She has an adult grandson, but he doesn’t have access to her network, she said.

Who’s shooting mutants with this lady’s IP address?

Assuming we can take McMillan at her word – that she does not spend her time planted on the couch, enjoying a first-person shooter game featuring dark corridors and splattered guts – then how did her IP address get implicated in the alleged copyright infringement?

CBC News Ottawa talked to network security analyst and technology expert Wil Knoll, who suggested that somebody who lives in the same apartment building as McMillan could have accessed her unsecured wireless connection, then downloaded the game using her IP address. Alternatively, even if her network had a password, it could have been hacked, he said.

Knoll:

It’s very hard then to correlate, or nearly impossible, to correlate from that IP address to any individual that’s inside the house, or to prove it forensically.

Especially if these infractions are happening months and months and months ago.

That certainly makes sense. Many people leave their home networks wide open for anybody to use from an outside connection.

The repercussions can be surprisingly nasty.

We’ve seen one instance where a heavily armed SWAT team stormed the wrong house, breaking down the door of a home in Indiana, smashing windows and tossing a flashbang stun grenade, startling an 18-year-old and her grandmother who were watching TV.

Officers were looking for the person behind an anti-police post, from somebody who mentioned, with a smiley emoticon, that they had explosives.

The suspect actually lived in a different house on the same street.

That’s just one example of where a poorly secured WiFi home networks can lead. We’ve also seen unsecured networks be exploited by people sending pornographic spam or even terrorist-related emails.

Unsecured networks are found in plenty of other places outside of people’s homes or apartment buildings. We know that because Sophos has checked, in many cities around the world.

In experiments in London, New York City, San Francisco and several other big cities, Sophos “warbikers” James Lyne and Chester Wisniewski used a simple set of tools to detect thousands of wireless networks while touring busy neighborhoods on a bicycle.

They found that in every city they visited, there was a high proportion of WiFi hotspots using outdated security or none at all. In London, for example, just 17% of hotspots the researchers scanned had the recommended WPA2 setting for encrypting wireless traffic, and about a quarter of hotspots were open networks, with no encryption at all.

Many of the small businesses running those networks also revealed a lack of security awareness by using default network names with no random element, making it likely they were using default passwords as well (both are bad practices).

Getting WiFi security right is essential for everyone, be it small businesses or owners of home networks.

In fact, unsecure WiFi is one of Sophos’s Seven Deadly IT Sins. You can read more about that and the 6 other sins here.

As far as businesses go, Naked Security can help: here are three tips for small businesses for securing WiFi.

 

Article by:
sophos_logo_PA4_rgb

 

 

 

 

Is your Home Internet Connection Secure???

Are you worried about what your child is seeing or doing on the Internet? Well look no further the MDS Personal Internet Security device, from Sentree Systems, Corp., is what you need.


Secure Your Home Internet Today!!!

Share

Posted in: Newsletter Topics, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace

mds-week-2

 

 

 

 

 

 

 

 

 

National Cybersecurity Awareness Month: Week Two

From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace

Ours is an age where technology has infiltrated virtually every facet of our lives. As a result of this ongoing seismic shift in the way we gather information and communicate with one another, the manner in which we secure our digital lives must adapt to the threats around us.

In the not too distant past, the technical processes of technology were relegated to a handful of IT support staffers who worked their magic on our equipment then returned to their often mysterious home within the IT department. Thus, a dichotomy developed between those who kept our networks and end points operating at peak performance, and those who used these technologies to carry out their work related tasks. However, in an age where cyber-attacks are increasing exponentially in both number and complexity this division only invites difficulty as organizations defend themselves from data breaches.

By definition, the influence of every culture is measured by the breadth and depth of its reach among those who make up its population. Thus, workplace cultures must be evaluated by the manner in which their values and practices permeate the workforce. It stands to reason that a culture, even one focused on cybersecurity, cannot exist within an organization where resistance to wide scale policy adoption is pronounced.

To sum this up, with the prolific and targeted nature of today’s cybersecurity attacks, a concentrated team approach is required to mitigate the threats businesses face. As a result, an effective cyber defense posture will never become engrained within a company’s culture when there is a low rate of adoption among employees, when executive management fails to lead by example, and when best practices are not regularly communicated. To counteract these pitfalls to a broad culture of cyber awareness, businesses should enact these three action items:

  1. Communicate: When a business is intent on strengthening its cyber resilience, the IT department cannot go at it alone. Effective defenses require the ongoing communication of your firm’s cyber priorities. Employees need regular reminders regarding basic principles and policies, such as password management and a clear understanding that the boundaries of our modern workplace often follow us home. Thus, these threats and simple solutions should be communicated with regularity.
  2. Educate: Cultures don’t grow by accident and companies never drift any place worth going. These points are even true within the realm of information security. Employees need to know the how and why of corporate cybersecurity and its importance to company assets and their personally identifiable information.
  3. Cultivate: True cultural evolution calls for the cultivation of its priorities from the top down. Executives who noticeably practicing cyber policies will have a greater impact on the issue than those who merely share edicts from the C-Suite. In our age of phishing and ransomware, the CEO is just a vulnerable and the freshly minted intern. Through cultivation, a culture can be developed.

 

Get Your Security Audit Today, Tomorrow Could be Too Late!!!

Did you know that the average breach goes undetected for more than 200 days?


Get Your Data Security Audit

Share

Posted in: Newsletter Topics, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

How to opt out of WhatsApp sharing your phone number with Facebook

How to opt out of WhatsApp sharing your phone number with Facebook

Nearly two and a half years after Facebook acquired WhatsApp, and despite Whatsapp CEO Jan Koum saying at the time of the acquisition that user privacy wouldn’t suffer, the services are about to get a little bit friendlier with their data sharing.

WhatsApp’s new privacy policy gives it permission to share data, including your phone number, with Facebook “to coordinate more and improve experiences across our services and those of Facebook and the Facebook family”. In an FAQ, WhatsApp says it is doing this to:

  • More accurately count unique users
  • Better fight spam and abuse
  • Show better friend suggestions and more relevant ads to you on Facebook.

The messaging app explained the reasons for the changes in a blog post. It begins by highlighting its plans to test ways for people to communicate with businesses:

Whether it’s hearing from your bank about a potentially fraudulent transaction, or getting notified by an airline about a delayed flight, many of us get this information elsewhere, including in text messages and phone calls. We want to test these features in the next several months.

It also makes some stark promises in the blog post that it won’t…

…post or share your WhatsApp number with others, including on Facebook, and we still won’t sell, share, or give your phone number to advertisers.

Note the ‘on Facebook’ and not ‘Facebook’ itself.

Facebook won’t, however, be able to see any of your messages, photos or account information.

How to opt out

You can choose not to share your account information with Facebook for targeting purposes. There are two ways to do this:

1. On WhatsApp, don’t click Agree when it asks you to confirm you are happy with the change of terms. Instead, click to read more. You should then see a check box or control button at the bottom of the screen which says “Share my WhatsApp account information with Facebook to improve my Facebook ads and product experiences…”. Uncheck this.

whatsapp agree

2. If you have already agreed to the updated terms, you can go to to Settings > Account > Share my account info in the app. Then uncheck the box or toggle the control. But quick, WhatsApp says you only have 30 days to make this choice after agreeing to the new terms.

whatsapp2

Sadly, it’s not a silver bullet

Even if you opt out of the ad targeting part, WhatsApp says that Facebook will still be sent your data “for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities.”

So it seems you can’t entirely opt out. Unless you stop using WhatsApp of course.

Follow @NakedSecurity

Image of WhatsApp and Facebook courtesy of quka / Shutterstock.com.

 

by Sophos

 

Get Your Security Audit Today, Tomorrow Could be Too Late!!!

Did you know that the average breach goes undetected for more than 200 days?


Get Your Data Security Audit

Share

Posted in: Newsletter Topics, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 11 12345...»
Real Time Web Analytics