There are a lot of reports in the news about IT security threats and the damage they have caused.  This has put a larger focus on implementing firewalls and anti-virus systems to prevent hackers from afar getting into our systems.

With these more sensational attacks in focus, our attention is drawn away from threats that are near and impervious to the protection provided by software.

These threats are local outsiders, they are the people that walk into our workspaces, uninvited, unexpected and well-prepared to exploit vulnerabilities in plain sight. It doesn’t have to be a rogue employee or someone with legitimate access to our workspace. These are often individuals that use psychological manipulation to convince staff to perform actions or divulge confidential information.

This action is often referred to as Social Engineering.

These “bad guys” are adept at taking advantage of the weaknesses in our everyday behavior, actions that expose our systems and leave valuable clues behind.

Scary fact – we leave a lot.

Here are 14 ways we can help secure our workspace better.

1. Lock our computer whenever stepping away from it. Even if it’s only for a minute. Get the lock screen enabled and up so nothing of any value is on display or accessible.
2. Never, ever, put passwords or codes on Sticky notes to help remember. We make it easy for the bad guys to find private information that way.
3. Invoices, cheques, and confidential documents cannot be left out in full view. Keep them in a file folder while working, then locked away when done. And don’t leave file drawers wide open, especially if they are usually locked. Don’t give the attacker the advantage of seeing what has been stashed away.
4. Remember to pick up print jobs right away. Too often print jobs are sent but not retrieved, containing all sorts of private and confidential information.
5. Shred it to forget it. Then recycle it. When corporate papers are put straight into the recycling/trash they are easy to gather information from
6. Our phones will betray us. Most smartphones have notifications across the lock screen that reveal way too much. Changing setting to prevent these notifications or keeping the phone safe in hand will help stop this information from getting into the wrong hands.
7. Keeps the keys to our kingdom secure and out of sight. They are an invitation to be used and copied otherwise.
8. Unattended bags.  Just like in the movies. Someone will pick it up and walk away. It only takes a second to steal a laptop bag or a briefcase full of contract documents but the cost and damages incurred last far longer.
9. Open doors. Attackers will “tailgate” and follow employees into companies because people by nature we will hold the door open. Even if it requires a passkey.  The attacker may have a series of stories and excuses at hand, ready to gain access and then make it past reception.
10. Keep small devices secured and in hand.  USB keys and flash drives often hold sensitive data and need to be taken proper care of.
11. Access cards should be secured.  Don’t leave them lying out in the open. These cards can easily be copied and attackers will be on the lookout for them
12. Keep confidential information off of social media. Do not post selfies and pics of your new corporate card, lanyard, paystub, credit card etc. People do this all the time and there are specific sites attackers go to find these pictures. They can use these images to read the data and you know the rest.
13. What did you leave up on the whiteboard? Once that important meeting is over, take a picture of the whiteboard then erase it. Otherwise, clean off anything that could be sensitive or used to gain access.
14. Think twice, answer once. When someone you don’t know asks for a password, or business information that is not to be shared, don’t give it out. Unless you are the person directly authorized, you are not obligated to be polite or do a favour. However, you are obligated to help your company protect the data and reputation of its customers and employees. You can always ask someone else who knows before you agree to anything.

Stay vigilant! Because somebody is always watching.

In a previous article, I talked about how cyber crime is continuing to get more sophisticated, and how the offenders are getting away with larger amounts.

In this article, we’ll look at AntiVirus software why it’s not always effective and what can be done to overcome this ineffectiveness.

Antivirus software is designed to prevent, detect and remove malicious software.

The obvious solution to removing malware and viruses is to have an updated version of AntiVirus to catch and remove them.

AntiVirus works well for existing and known malware and virus’.  But these are not so effective against new viruses, also known as “Zero Day” viruses.

Depending on your version of antivirus, they can be from 0% to 65% effective.  So, if you have the best antivirus on the market, 35% of the Zero Day malware will go undetected.

To take a random example from this week. We were called to repair a WordPress website that had been hacked.

Here we found most of the files has been altered to have a piece of malware quietly infect computers visiting the site.  As shown below only 8 out of 55 AntiVirus systems recognized this as malware.

The missing offenders included some of the biggest names like Trend Micro and McAfee.

If AntiVirus is ineffective, then what can one do?

Fortunately, there are many tools on the market to combat these kinds of threats.

Unfortunately, they tend to be lesser known and often expensive solutions.

Let’s start with finding malware.

Since most AV systems work by trying to identify bad files or processes, detection needs to be rethought to be effective.  One way to do this is to analyze processes in memory and identify ALL of them instead of just some.

Identifying a process in the memory means that the file is actively running and using memory, therefore it presents a danger. An idle file cannot cause harm.

Secondly, one can not find a malicious process on its own. Trying to find a malicious process is like trying to find a needle in a haystack without knowing what a needle looks like.

This is why AntiVirus companies have such a hard time catching everything.

Every single process must be identified as:

• Good (previously seen and known)
• Bad (previously seen and known to be bad)
• Unknown (not previously seen and need to be forensically investigated).

One such AntiVirus company that takes this approach is Cyfir.  Through this approach, they were able to detect a breach at the Office of Personnel Management in the US Government, that was previously undetected by multi-layered security systems

With a solution like this in place, you can rest assured systems and data will be much safer.

With that said, not all attacks involved malware.  Stay tuned on how to thwart further would-be attackers beyond using the traditional firewall systems and password security.

If your systems are only protected by AntiVirus, and there is concern about unknown processes running, perhaps it’s time to look into the next level such as JIG’s managed IT services to secure your most important data system?

#1 Malware

Malware is an umbrella term which includes viruses, trojans, spyware, and other software which maliciously harms your workstations and business network. Malware is extremely common, and in spite of being a regular occurrence on many systems, businesses often fall victim to its attacks.

Malware causes your computers to display seemingly random pop-up messages with false information and direction, asking you to reinstall your entire operating system, or delete specific files. Other version of malware steal data, send mails and messages on your behalf and ultimately hijack your network entirely.

HOW JIG DEALS WITH IT

By monitoring your Active Directory (AD) and file server activities with our Network Auditor TM software, you’ll be able to easily detect security incidents and configuration issues. We’ll alert you and then get to solving them immediately so you can enjoy an efficient, fully-functioning network.

#2 Ransomware

Think of ransomware as the older, scarier brother of malware. A subset of malware, ransomware holds your data hostage, encrypting it, and then demanding an up-front payment for you to regain access to your information.

Unfortunately, Ransomware attacks have exploded in number over the years, and can be most commonly contracted to your systems via outdated versions of your software which develop security loopholes.

HOW JIG DEALS WITH IT

Our Security Intelligence Monitoring and Reporting is a proactive and systematic approach to identifying and reporting IT security risks and vulnerabilities. Through monitoring your servers 24×7 using our Autotask TM software we ensure your networks overall health remains top-notch with the latest security patch.

#3 Phishing Scams

Phishing is one of the most common cyber crimes, typically because criminals find it easy to execute. It’s low risk, and can yield great returns if successful. You’d receive a fake email which appears to be from a reputable source — for example, a social media company — and will include a call to action to a link which will ask you to “verify your credentials”, so they can gain access to your profile/account and drain it of anything valuable.

HOW JIG DEALS WITH IT

JIG’s Security Intelligence Monitoring and Reporting Program proactively identifies and alerts you of emails which contain links that are suspicious. It will also scan attachments in every email to verify their safety, meaning any IT security risks are kept at bay, and your IT infrastructure remains healthy.

#4 Hacks and Insider Threats

We know by now the seriousness of hack attempts and data breaches. Thousands of dollars lost in repair and recovery, and not to mention the damage to reputation and the obvious downtime. But insider threats are an often neglected cybersecurity concern. When employees resign or get laid off, they might create a backdoor for themselves, or hand your data to your competition.

HOW JIG DEALS WITH IT

Security Intelligence Monitoring and Reporting puts an end to the uncertainty. The in-built firewall updates itself so you don’t have to. It analyzes all your internet traffic and reports to you immediately in the event of a cyberthreat and/or attempted intrusion.

It then provides you with a detailed network security report, detailing the type of hack, its location, and other details.

What’s more, Security Intelligence Monitoring and Reporting then recommends corrective actions to mitigate the risks and address the vulnerabilities before they cause problems for the organization, such as security breaches and loss of sensitive data. As a result, your business operations are maintained at the highest level!

JIG Technologies is your dedicated Managed Services Provider at the cutting-edge of innovation, as displayed by our Security Intelligence Monitoring and Reporting Program. If you’d like to take advantage of done-for-you security, contact us today to learn more!

LOCKY made its debut a week ago, and impacted half a million users around the globe in a day. The numbers have escalated alarmingly since then as this latest crypto-ransomware, developed by the same dark minds behind Dridex banking malware, spreads across platforms and continents.

As detailed by researchers at Naked Security for Sophos, LOCKY encrypts a wide range of file types. These include videos, images, PDFs, program source code, and Office files. As well as files in any directory on any mounted drive that the infected computer can access. This is important because this will also include removable drives plugged in at the time or network shares that are accessible like servers and other people’s computers. That is a lot of potential damage. Extend that to a case where an infected user is connected to the network using administrator access and controls; the damage could be widespread. Locky will also encrypt Bitcoin wallet files it finds, thereby stealing any bitcoin that could have paid ransom. Affected users will see this screen appear:

But then LOCKY takes things further by removing any Volume Snapshot Service (VSS) files or “shadow copies.” If you use Windows, you know those are the current of live backups Windows takes of work in progress – we all rely on those for when we forget to save, or the system crashes. Unfortunately, for some users these shadow copies have simply become their backup system.

We’re warning users to eware of phishing emails, in particular MS Word documents that masquerade as invoices requiring urgent payments, or bank statements. These will contain malicious macros that launch the malware. Once it gets onto a computer connected to ANY network, it will spread and contaminate rapidly. And any removable devices will also become contaminated, putting others at risk.

If you suspect you’ve been hit, time is crucial. Contact your support people immediately. We’re here for you. And shut your computer down. You need to cut yourself off from the network immediately. Expect that you will not be using your computer for some time. Expect that you will need to shutdown the network. Given that the encryption is so powerful, the only recourse victims have is to restore from an untainted backup. Or face paying the ransom with no guarantees.

Here’s what you can do to stay safer:

• make regular backups and keep one off-site
• do not enable macros in emails and attachments
• be suspicious of attachments from unknown/untrusted sources
• do not stay signed on with administrator privileges any longer than you need
• keep your security patches up to date

Thanks for reading and hope we helped!
Cheryl Biswas, Editor

After the massive breaches and attacks of last year, everyone has become far more aware of their vulnerability to being hacked. Security has taken on new meaning as people start putting defensive measures in place. Yet for many, especially those in the Non-Profit sector, this still seems a daunting task due to the perceived costs and skills required to know just what to do.

Like every other business, Non-Profits need to make information security a priority. They are just as much a target for cybercrime, just as susceptible to phishing attacks, ransomware and viruses. Ironically, like Healthcare, they are even more vulnerable because of the volume and sensitivity of the data they have on both donors and those they help. But the reality is that most just don’t have the same budgets, skills and resources. How can we best help those who help others?

There’s an old adage that goes “Give a man a fish, he’ll eat for a day. But teach a man to fish and he’ll eat the rest of his life.” Low budget/no budget should not preclude a solid security foundation. Utilizing the shared wealth of information and experience currently available, there are affordable, manageable steps any organization can take and put in place. Here is a basic ten step framework for Non-Profit Security.

1) Support your local sheriff. You need to have someone in-house who is in charge, ready not only to lay down the law, but to defend it regarding security matters. This person will be your key resource, and liaison with external support. They will know and understand what compliance and governance means for your organization, so that liability doesn’t have to become a consequence.

2) You’ve got to have a plan. A Disaster Recovery/Business Continuity Plan. The daily news gives us all the reasons we need: fire, severe storms and acts of nature, and increasingly cyber attacks and ransomware. Putting a plan in place ensures that you have data saved from a recent point in time that you can restore from. That means, essentially, being able to pick up where you left off so that you aren’t losing donors, funding, and time. It is the responsible thing to do. There are no excuses for not having one, and it doesn’t have to cost much more than the time you invest in doing it.

3) Backups. This is fundamental to your security and ability to restore should something happen. You can decide what data is most crucial and back that up daily. Other information can be done weekly. There are a range of very flexible and affordable options utilizing cloud storage. The key is to do them frequently and have redundancy. Yes. Have more than one, in a different location. Because ransomware, system crashes, and acts of nature all happen to backups too.

4) Training. Your staff need to be made aware of what they can and cannot do while at work, or with remote access, or if they bring in their own devices. Your organization is accountable to those donors whose information is on record, as well as to your own team and their safety. Regular training sessions can keep everyone well-informed and up to date on current threats like phishing emails, malicious links, dangerous websites, and ransomware. Because threats are constantly changing, sporadic or infrequent bouts of training are not effective. Staff needs to feel their share of responsibility for the overall security of your data and systems. Everyone needs to play their part, and training is essential to explaining not just how but why.

5) Stay current. Keep your software and operating systems current and updated regularly. This is one of the most effective things you can do because it will limit system vulnerabilities that hackers find and exploit. Check for monthly security patches and then install them. Outdated software does not receive security patches or support, leaving you exposed.

6) Invest in technology Like an enterprise level firewall. This is over and above the software firewall offered by Windows or extended anti-virus programs. Firewalls work to keep intruders out by blocking inbound internet traffic, and the risks are high when you connect via DSL or broadband cable and are always on.

7) Limit access. Who has access to your data, especially the most critical or sensitive data? Is this data accessible remotely? You need to restrict access so that accidents don’t happen via social engineering tactics frequently used by hackers. And you don’t want this data to be copied onto portable media like CDs, flash drives or USB keys which can be lost, duplicated or stolen. Only a select few people should have access, with passwords being changed regularly.

8) Passwords, encryption and VPNs. These all put up safe barriers against unwanted intrusion. Passwords are the first line of defence but can only be effective if the basic rules are followed: Strong passwords that are 10 characters minimum, combining numbers, letters and special character, with alternating cases. Never use the same password for more than one purpose. And change up passwords because once a hacker finds it, they will keep using it. Do you encrypt what you send out? If not, you should be, particularly for sensitive data. Consider an email provider like Constant Contact or MailChimp to send email blasts and fundraising appeals. Encrypt stored data on site by using tools to encrypt the entire hard drive. Examples are Bitlocker for Windows and FileVault for Mac. VPNs or Virtual Private Networks allow you to securely send data between two points through a digital or virtual tunnel, shielding it from outside threats. These can be easily set up, and much safer than sending via the open Internet.

9) Pay now or pay later. How do you handle you online payment processing and payment processing in general? Have you investigated your providers to make sure they are reputable? Your method needs to be secure, but it cannot be complicated because you don’t want to discourage donors. While many non-profits use PayPal, it has suffered some security breaches in past. There are other third party services for nonprofits, such as Network for Good or Razoo. It pays to fully investigate your options on this.

10) Secure Your Wireless Network. Many small organizations use wireless routers. But they leave the default settings in place. Hackers know these and use them to get right into your network. Change your default SSID or wireless network name, and the default or admin password. And again, change up your password. Enable encryption. –

Non-profits hold a special place in our hearts. Helping others is a wonderful thing. Helping secure those who help others – well, that’s a reward in and of itself. So go on making the world a better place – and stay safe while you do! PS, there’s also a nice website for non-profits, TechSoup, with how-tos and helpful articles of all kinds.

Security breaches, mass DDoS attacks, ransomware mutations. No question about it – the challenges to information security are constant and ever-changing. Over the past twelve months, InfoSec has had to deal with threats not only of a greater magnitude in complexity but also in sheer volume. So in our concerted, and at times hasty, efforts to keep up with all that’s out there, are we leaving ourselves exposed? Do we need to double-back and cover our tracks?

Fact is, there is a lot to keep up with, even for security super-heroes. Given the nature of the beast, we’re always looking forward, trying to keep up or gain a little ground to ready ourselves for the next challenge. But what about those “backdoors” we just closed?

Cleaning up after mass events like ShellShock/Bashbug and Heartbleed isn’t straightforward. Sadly, one patch does not fit all when there are multiple iterations of operating systems and devices. And the truth is – there just aren’t enough good people or hours in a day to comb through all the stuff out there to find and fix what’s at risk, much as we want to. Much as we need to. What happens next is inevitable. The adversary takes advantage, finds the hole, and builds exploits that we then must find and shut down in a series of blocks and tackles.

Here’s a recent case in point: Shellshock and QNAP. Shellshock doesn’t just impact servers. It impacts devices connecting to these servers through the internet: wireless access points, routers, smart fridges, video cams, webcams, even light bulbs. You can patch a server. It’s not so easy to patch a fridge. The real challenge has been to identify and patch all those different exposed devices. QNAP makes network attached storage devices that are popular world-wide. And therefore ideal targets for Shellshock exploits.

While QNAP did issue a firmware patch in October, Shellshock worm exploits were detailed later in December. The worm targeted a particular CGI script, /cgi-bin/authLogin.cgi, which could then be accessed without authentication. That would allow attackers to launch a shell script that could in future download more malware. Essentially, keeping the backdoor open.

One of the interesting things noted about this worm, per Kaspersky’s detailed write up, was that the script it made then downloaded and installed QNAP’s Shellshock patch. Yes! But in a move that was strictly territorial to keep other opportunistic attackers out. Kaspersky advised that

“IT staff responsible for these devices security should apply patches themselves, or a worm will do it. At a price”

I’ve followed up with QNAP, and nothing else has been issued. The onus is on the users to identify and patch their products. Need I say more?

It’s easy to lose track when the tyranny of the urgent sets our agendas for us. And it’s hard to be proactive when you’re busy fighting fires. But the fact is we need to keep watching those backdoors – because they don’t always shut completely.

As featured on DarkMatters by Norse Corp

The featured illustration is an actual screencapture of Shellshock malware by MalwareMustDie.org, a whitehat security research workgroup