Social Engineering Attacks on the Rise

Currently the most prevalent attacks are based on Phishing.

A Phishing attack is generally an email that appears to be from a known or trusted sender, but is instead an attempt to steal your credentials.  It typically leads you to a login prompt that looks identical to your email or other website login page, and is an attempt to trick you into giving the attackers your account credentials.

A couple of examples:

  • Your email provider asking you to login to a system or website,
  • A trusted associate asking you to “open the attached document,”
  • Your boss asking you to initiate a wire transfer to one of your vendors.

A lot of times, these emails are fraudulent.  The intent is to gain access to an account such as your email or bank account.  From there they are able to gain control of your data or money, and typically use your accounts to further spread their fraudulent emails.

As a MoseSys customer, you are protected in several ways, including exchange mail server anti-spam filters, as well as Webroot anti-virus software.  However, no security measures are infallible.  The next section, employee training is just as vital as any of the other security components.

TRAINING

Probably the most effective tool to mitigate these attacks is proper training of your employees. These are some highlights:

-Never open links or attachments in an email that looks suspicious.

-Never provide your login credentials (email, banking etc.) to a website unless you navigated to that site yourself, directly, without clicking any links in emails or other web pages.

-Do not click a link or open an attachment unless you are expecting it from that specific sender at the time.

-The person sending you the email, although someone you know and trust, may have had their account compromised so that the email actually not coming from them but a hacker who is in control of their account.

-Always double-check the links and sender address to see where they are actually coming from

blog1

From <https://blog.rackspace.com/email-phishing-rise-mailbox-safe>

In the example above, although the underlined blue link appears to directing your browser to paypal.com, by hovering over the link you can see in the bottom grey bar that it’s actually directing you somewhere different.  It’s quite easy to spoof a web-link, or a ‘from’ email address in this manner.

-If you are ever in doubt as to whether a link or attachment is legitimate, pick up the phone and call the person sending it.  Get verbal confirmation from them that it’s safe.

-Look at emails for misspellings, improper grammar, or even strange greetings (Hello Madam!). Often times these attacks are perpetrated by folks who don’t speak English as their first language.

-Be very suspicious of emails that invoke a sense of urgency, trying to get you to act quickly for some stated reason.

-As a rule of thumb, don’t click on links in emails if possible.  If you get an email from FPL asking you to log into your account, instead of clicking the link, open your web browser and type ‘www.fpl.com‘ to access your account.

-Finally, check to see if the SSL certificate is valid.  At the left side of the address bar in most browsers (Internet Explorer, Chrome, Firefox etc) You will see the green padlock symbol to confirm that this web page has a valid certificate from a trusted authority.

blog3blog2

Virtually all websites that ask you to login will have this.  If for any reason you don’t’ see this, or see a red ‘open’ padlock, do not trust the site!

REMEDIATION STEPS

At MoseSys, we have multiple extra security measures that can be implemented to further protect your employees and accounts. Some examples:

-Multi Factor Authentication : any time someone attempts to login to an email account from a new computer or browser, a second form of authentication is required, such as a text message confirmation sent to the employee’s phone

-SafeLinks and SafeAttachments are add-on services available for Office 365 email customers that scan every email your employees receive, analyzing it for dangerous links and/or attachments

-Firewall: Modern security appliances include subscription based services that inspect incoming network traffic, looking for viruses and malware attempting to attack your network.

-Training Seminar: We have prepared a brief 1-1.5 hour seminar for your employees to alert them to the dangers and equip them with the tools necessary to remain safe, and to keep your valuable systems and data safe. Please ask us about this service.

Please contact your MoseSys team today to discuss the possibility of implementing some of these additional security features and services.

If you think you may have clicked on a link in a phishing email, or fallen for an online scam, contact the MoseSys team immediately.  (941) 234-0687

 

 

Advertisements

What is the KRACK Wi-Fi vulnerability, and should you be concerned?

KRACK stands for Key Reinstallation AttaCK, and is a security flaw discovered in the Wi-Fi encryption protocols WPA and WPA2, used in almost all modern-day devices . This includes your laptop, cell phone and tablet. (Most desktop computers do not have wireless capability).

The KRACK vulnerability exists when your device first makes it’s connection to a secured Wi-Fi access point.  Step one is for your device and the access point to exchange authentication information, also known as a ‘handshake’.  By exploiting this vulnerability in WPA and WPA2, this process can be manipulated to allow a third party to obtain the encryption key.  With that, they can execute a ‘Man-in-the-middle’ based attack, and therefore view your data traffic.

Device manufacturers are racing to release patches to fix this security vulnerability.  Among those which are still vulnerable: Apple, Android and Linux devices.  A couple of points below:

  • An attacker needs to be in-range of your device and wireless access point to exploit this vulnerability. For a typical wireless router, this is a little more than 100 ft.
  • If you are using a Windows PC running Windows 7 or newer, and your PC is up-to-date on patches, you are already protected.  Microsoft released a security fix on October 10th. If you are a MoseSys managed customer, with our Patch Doctor system you can be assured that your computers have the latest patches and updates.
  • If you are using an Apple or Android device, stay tuned for patches that will be issued soon.  You may consider not connecting to public Wi-Fi hotspots, or possibly using only cellphone network data in the meantime.
  • If your network utilizes a Sonicwall firewall appliance, no changes are necessary.  Sonicwall units are not vulnerable to the KRACK exploit.
  • If you are using a third party wireless router, consider contacting the router manufacturer to see if they’ve released a new firmware update that fixes the KRACK exploit.  Consider doing the same if you are using your cable provider’s router.
  • Make sure your anti-virus, anti-malware, and software firewalls are patched and up-to-date.  For MoseSys customers, this is another area in which you can rest easy, knowing it’s taken care of.
  • ALWAYS practice discretion when using a public Wi-Fi hotspot. Do not transmit sensitive information , and try to use websites that use the HTTPS protocol (Or show the little padlock symbol in the address bar).

For more information, see PCWorld’s FAQ:

https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html#toc-5

Ransomware, what is it, and what can you do about it?

 

Some of you may have recently read about WannaCry, the largest ransomware attack ever recorded, currently spreading to computer systems around the globe.  What is ransomware? In a nutshell, it is a variant of malware (malicious software) which encrypts data without your permission.  Once encrypted, it will attempt to extort money from the victim for the safe restoration of said files, basically holding your files hostage.

Many companies today are using old, out of date hardware and software, and lack a solid security or backup program that would help to mitigate this threat.  The majority of these malicious attacks are the result of a user clicking on a link or attachment in an email, or browsing unsafe websites.  WannaCry also utilizes a worm, which is malware that can actually seek out and spread to other vulnerable PCs on your network.

WannaCry is just the beginning.  Due to the unfortunate success of these types of cyberattacks, we will almost certainly see an increase going forward, both in the number of attacks, and their sophistication.

Below is a list of some of the steps your organization can take to prevent a ransomware attack, and how being a MoseSys customer helps to mitigate this threat.

  1.  System security – An effective, up to date security software is essential in preventing cyberattacks of all kinds.  Our service includes industry-leading antivirus and malware prevention software on each computer, constantly monitoring for virus and malware signatures and activities.    Our security tools are cloud based, providing instant updates and signatures for known attacks.
  2. User Security – We also recommend restricting access to administrative privileges for your users.  The Principle of Least Privilege is a rule in IT security that dictates the limiting of employee user rights to the minimal level that will allow them to perform their job, no more.  This principle goes a long way in minimizing the potential damage of any security breach, both accidental and malicious.
  3. Consistent patching – The fix for the WannaCry exploit has already been released by Microsoft, listed below:

KB4019216 — Windows 8 and Windows Server 2012

KB4019264 — Windows 7 and Windows 2008 R2

KB4019215 — Windows 8.1 and Windows 2012 R2

KB4012598 — Windows XP, Windows Server 2003, Windows 8, Windows XP Embedded

Vulnerable systems are the ones that don’t update regularly, or are running an out-of-date version of Windows.  As a MoseSys customer, your systems are always up-to-date with the latest critical security updates from Microsoft and other vendors.  Our Patch Doctor software monitors the patch status of your machines, and attempts to redeploy any failed attempt, alerting us along the way.

4. Email – As mentioned earlier, the majority of these attacks infect the system   through email attachments and links.  As a MoseSys exchange email customer, your emails and attachments are filtered through multi-stage, server-level virus detection tools, before they even get to your inbox.   This includes 60 types of filtering techniques that rid incoming email of worms, viruses, phishing attempts and other protocol-based vulnerabilities.

5. Backup –  A solid backup strategy is critical.  Ransomware is so effective because most victims do not have another copy of the encrypted data, or in some cases the backup data also becomes encrypted.   MoseSys backup solutions include cloud and local backup solutions for redundancy.

6. User Training – It is essential that your employees practice good digital hygiene, especially when using company computers and accounts. This includes being cautious about suspicious emails, links and attachments.  If you are not sure if an email is legitimate, try to contact the sender or company directly to confirm. Avoid unknown and suspect websites and weblinks while using company equipment.  Remember that sometimes legitimate sites contain ads or links that can take you to third parties who are not as well known or proven.

Please contact your MoseSys support team with any questions.

For additional information please review the US Federal Computer Emergency Readiness Team (US-CERT) recommendations for users:

https://www.us-cert.gov/security-publications/Ransomware