Archive for Security

Guest Post: Choosing The Best Backup Strategy For Your Business

Posted in Commentary with tags on November 9, 2017 by itnerd

As a business owner, backing up your data should be at the top of your priority list. Protecting your bottom line and the identities of your staff and customers is integral to succeeding in business. In this unpredictable world, all documentation needed to keep your business thriving could easily disappear in a second. Yet how do you choose the right backup strategy for your business? With so many cloud servers and backup options available to you, finding the perfect match can be extremely difficult. To help businesses discover the most effective way to back up their data, TTR Data Recovery created this guide on choosing the best backup strategy for your business. You can view the guide below.

Advertisements

Guest Post: 6 Tips To Protect Your Company From Ransomware

Posted in Commentary with tags on November 9, 2017 by itnerd

Ransomware can quickly cripple a business and the problem appears to be growing, as evidenced recently when the U.S. government issued a warning about Bad Rabbit, a ransomware attack that spread through Russia, the Ukraine and other countries.

Such attacks can be costly for businesses because ransomware infects a computer, blocks access to computer files, and demands that money be paid before the computer is “released.”

If there’s no data backup, the business could be in serious trouble.

“Most attacks are against financial, medical and retail business sectors,” says Penny Garbus, co-founder of Soaring Eagle Consulting Inc. (www.SoaringEagle.guru) and co-author of Mining New Gold – Managing your Business Data.

“The ransoms are usually $1,000 and most companies pay it. In some cases these days, though, money isn’t the goal. I think they are moving towards more terroristic attacks and are being paid simply to create havoc.”

Unfortunately, even paying a ransom is no guarantee a company’s data will be freed because on occasion the perpetrators demand even more money, she says.

“The worst-case scenario, though, occurs when the attacker has so completely destroyed data files and infected hard drives that they are unable to get the data back,” Garbus says. “The cost can run into thousands or even millions of dollars to get the company up and running again.”

So how does a business protect itself against ransomware? Garbus suggests a few precautions.

  • Beware of viruses masquerading as virus protection. Do your research and make sure you’re purchasing your virus protection from a reputable brand, Garbus says. Be careful of virus protection software that appears magically and tells you it detected a virus. If you don’t recognize the brand, ignore the findings. That notification may be a virus itself, Garbus says.
  • Install firewall protection. Make sure your hardware and software are protected with firewalls and software that scans the environment for worms, harmful attachments and attacks.
  • Set up procedures and protocols for data access. It’s important to make sure access to data is limited. For example, the system administrator role should be handed out to a limited number of employees who should not share log-in information with each other. Also, when an employee leaves, make sure their access is taken away and passwords changed.
  • Have backups of all important data. If you have your information backed up in an offsite location, then you won’t lose it to cyber kidnappers. “Whether it’s large companies or small businesses, too often people forget to back up their data,” Garbus says.
  • Be careful about Google search results. Sometimes a Google search itself makes you vulnerable. on’t want to download anything unless you know you are on the correct site. Garbus says the criminal hackers now have very sophisticated strategies to get you to click and download their malware and can infect your environment very quickly.
  • Figure out what kind of ransomware you’re dealing with. If your system is hijacked, know this; Not all ransomware is equal and you may not need to pay the ransom. One type of ransomware basically locks you out of your applications and processes. It may create a barrier between you and the computer’s interface so you can’t get past the ransomware attack screen. But the good news is this type of ransomware can be cleansed and your files restored without paying the ransom. A second type of ransomware is more insidious. It encrypts and renames your files so you don’t have any access to them until you give in to the ransom demands.

“Businesses should review their security processes at least once a year,” Garbus says. “You may want to hire an outside source to review security and, if you believe it necessary, even hire a professional hacker to look for holes in your system.”

About Penny Garbus
Penny Garbus, co-founder of Soaring Eagle Consulting Inc. (www.SoaringEagle.guru), is co-author of Mining New Gold – Managing Your Business Data. She has been working in the data-management field since leaving college when she worked as a data entry clerk for Pitney Bowes Credit. She later ran the training and marketing department of Northern Lights Software.

#Fail: USB Stick Containing Heathrow Airport Security Details Found In The Street

Posted in Commentary with tags on October 30, 2017 by itnerd

If something deserves a #fail it is this. Many outlets including The Sunday Mirror are reporting on the discovery of a USB stick on the street in West London that contained the following:

The USB stick – containing 76 folders with maps, videos and ­documents – was not encrypted and did not require a password.

The man who found it plugged it into a library computer and was alarmed at what he saw. It revealed:

  • The exact route the Queen takes when using the airport and security measures used to protect her.
  • Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas.
  • A timetable of patrols that was used to guard the site against suicide bombers and terror attacks.
  • Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
  • Routes and safeguards for Cabinet ministers and foreign dignitaries.
  • Details of the ultrasound radar system used to scan runways and the perimeter fence.

Encryption? Passwords? Why use those to protect such sensitive information? Totally not required. That was clearly the thought process here.

Seriously though this is a screw up of epic proportions. The person who lost that USB stick should get sacked for that. But more importantly, those who let it out the door without encrypting it first and password protecting it should also get sacked. This is the era of epic pwnage where hackers are out to get info like this. Why would you want to make their job easier by just having this sort of info in a format that is easy to get to?

#Fail indeed.

NHS Pwnage Could Have Been Stopped If They Followed “Basic IT Security Best Practice”

Posted in Commentary with tags on October 27, 2017 by itnerd

You might recall that the National Health Service in the UK got pwned by what became known as the “WannaCry” ransomware outbreak that went global. Well, it turns out that they could have easily protected themselves from this outbreak. Here’s what The Guardian had to say on that front:

The National Audit Office (NAO) said that 19,500 medical appointments were cancelled, computers at 600 GP surgeries were locked and five hospitals had to divert ambulances elsewhere.

“The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients,” said Amyas Morse, the head of the NAO.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

And what action could they have taken? Well….:

As early as 2014, the Department of Health and the Cabinet had written to NHS trusts, saying it was essential they had “robust plans” to migrate away from old software. In March and April 2017, NHS Digital issued critical alerts warning organisations to fix the exact bug in their Windows computers that later enabled WannaCry to rapidly spread.

Before the attack, NHS Digital carried out an “on-site cybersecurity assessment” at 88 out of the 236 health trusts in England. None passed, but the agency had no powers to make them “take remedial action even if it has concerns about the vulnerability of an organisation”, the report says.

Well. That’s not cool. This should serve as a textbook example of why every business big or small needs to have their act together when it comes to IT security. Because if you don’t have your act together, you become the NHS. Don’t be the NHS from an IT perspective.

Bad Rabbit Ransomware Attack Hits Europe

Posted in Commentary with tags on October 25, 2017 by itnerd

Today’s nightmare for IT staff is called Bad Rabbit. It’s is thought to be a variant of Petya which hit people earlier this year. Infected systems direct people to a page where they are told to pay a ransom of 0.05 bitcoin (about $277 USD) to recover their files within 41 hours. As we speak, it’s hitting Europe right now:

The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.

The cyber-police chief in Ukraine confirmed to the Reuters news agency that Bad Rabbit was the ransomware in question.

It bears similarities to the WannaCry and Petya outbreaks earlier this year.

But the potential exists for this to spread. Thus you need to be on guard. The Independent has a great guide on how to protect yourself. Please consider it to be required reading so that you don’t become the next victim.

List Of Pwnable IoT Devices Floating In The Wild

Posted in Commentary with tags , on August 29, 2017 by itnerd

A list of IoT devices and associated telnet credentials has gone viral in the last few days. The list has the IP addresses of over 33,000 IoT devices and associated logins via Telnet which are things like the username and password being root or admin. This would make it trivially easy to create a botnet of IoT devices like the Mirai botnet that hit several sites recently. The list has existed since June, but has become viral when it was Tweeted out in the last few days. Now according to this article on Threat Post, there is an all out effort to stop the exploitation of this list by tracking down the owners of these IoT devices so that they can take remedial action which could include updating firmware, changing passwords, or taking the devices offline among other possibles.

Now, this sort of thing is precisely the reason why I have said for a long time that people who make IoT devices have to seriously step up their game when it comes to securing them. And if they are unable or unwilling to do so, governments should be prepared to force them to. By not making these devices as secure as possible,  an event that would be catastrophic in nature is possible. And by then, it would be way too late.

 

Tech Companies Team Up On Android Botnet Takedown

Posted in Commentary with tags , on August 29, 2017 by itnerd

In an unprecedented move, a half dozen tech companies have teamed up to take down the “WireX” botnet which may have had tens of thousands of compromised Android devices as part of it. Noted security expert Brian Krebs has the details:

News of WireX’s emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands.

More worrisome was that those in control of the botnet were now wielding it to take down several large websites in the hospitality industry — pelting the targeted sites with so much junk traffic that the sites were no longer able to accommodate legitimate visitors.

Experts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google‘s Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers.

That’s right, apps from the Google Play Store were central to the existence of this botnet. Proving once again that Google has a bit of a problem when it comes to what is available to download and install onto Android devices. But I digress. Several hundred apps that had the code to power this botnet have been removed from the Google Play Store. But this case illustrates the fact that the botnet is now at a whole new level that requires companies who aren’t friendly towards each other to team up to take down these botnets. It will be interesting to see if this sort of co-operation is the new normal, or just a one time event.