Tag Archive for Malware

| August 5, 2014
Comments Off on Remote Desktop Opens Door to POS Malware

Remote Desktop Opens Door to POS Malware

Remote Desktop Opens Door to POS MalwareThe U.S. Department of Homeland Security (DHS) has issued a warning to retailers. DHS reports that cybercriminals are using remote desktop software to open up retailers’ networks to point-of-sale malware attacks. Point of Sale (POS) systems have been at the heart of many of the recent data breaches. Retailers impacted include Target, Jimmy John’sP.F. Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply, and Goodwill Industries International the New York Times reported.

Research conducted by the DHS, the Secret Service, the National Cybersecurity and Communications Integration Center, and security firm Trustwave SpiderLab. have following the attacks. During the attacks, Cybercriminals are scanning corporate systems for remote desktop software. The attackers are looking for Microsoft (MSFT) Remote DesktopApple (AAPL) Remote Desktop, Google (GOOG) Chrome Remote Desktop, Splashtop, Pulseway, and LogMeIn’s join.me.

Install malware

After finding an exposed system, attackers launch brute force attacks on the login feature. FireceIT Security reports that once the attackers gain network access, they deploy Backoff POS malware.  steal customer payment data and hide the theft using encryption.  An alert was issued by US-CERT on 07-31-2014 that explained how the malware gets installed.

At the time of discovery and analysis, the [Backoff] malware variants had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious

malwareUS-CERT has informed anti-virus vendors of the threat from Backoff malware and they will be updating their software to detect and block the malware. The malware can scrape memory for track data, log keystrokes, engage in command and control communication, and inject a malicious stub into explorer.exe that ensures “persistence in the event the malicious executable crashes or is forcefully stopped.”

The article concludes, “The impact of a compromised POS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts.

rb-

Lesson learned?If mega-firms like Target can be breached, what chance do small mom-and-pop POS firms in schools, food trucks, kiosks at the airport stand? I say not much. I have worked with several POS vendors and it seems they barely understand their own product, let alone SSL certs, VPNs.

Here are some tips from Verizon’s 2012 research into security breaches affecting companies that use POS systems to process customer payments. Make sure your POS vendor does the following:

1.  Change administrative passwords on all POS systems. (Hackers are scanning the Internet for easily guessable passwords).

2.  Implement a firewall or access control list on remote access /administration services. (If hackers can’t reach your systems, they can’t easily steal from it).

3.  Avoid using POS systems to browse the web (or anything else on the Internet).

4.  Make sure your POS is a PCI DSS compliant application (ask your vendor)

5.  Use password management software like LastPass to generate secure passwords. (LastPass allows you to avoid storing passwords in your browsers and can generate ready-to-use secure passwords for you).

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 7, 2014
Comments Off on Conficker Worm – Still Alive

Conficker Worm – Still Alive

Conficker Worm - Still AliveAfter 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45% of malware-related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.

6 years old Conficker

For those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs.  It then connects to these created URLs to download files on the system.

Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate a response.

45% of malware related spam mails are delivered by machines infected by the Conficker wormDespite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware-related spam mails are delivered by machines infected by the Conficker worm. Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE  payload in email attachments are attributed to Conficker infected machines.

Over 1.1 million IPs related to Conficker.

On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related to Conficker. Whatever the number,  it’s still a big number, for a 6-year old malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.

rb-

With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.

End Of Support Changes Little About Windows XP's Popularity

Even with an ancient OS, there are ways to prevent Conficker

  1. Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
  2. Patch your systems
  3. Keep Anti-Malware up to date
  4. Stay away from shady places on the web
  5. Be wary of email attachments – Don’t open what you don’t know
  6. The Conficker Working Group has an easy way to check if your machine is infected with Conficker here
Related articles
  • Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| June 17, 2014
Comments Off on Is Your Network Ready for World Cup

Is Your Network Ready for World Cup

Is Your Network Ready for World CupThe 2014 FIFA World Cup games are underway and run until July 13. Normally I would not bring this up here, since most Americans ignore soccer. However web access security firm, Wavecrest Computing, make of the Cyblock web filter, reports that there has been a 32% increase in Americans interest in soccer since the broadcast of the last World Cup in 2010.

Soccer ballIn addition to the uptick in interest, the American team won a match this time around, which will garner even more interest. This increased interest in soccer can have an impact on your Internet bandwidth. The author asks what happens to your Internet bandwidth if most of your employees start streaming the games or highlights simultaneously, can it sustain the demand and still do business?

42% of IT professionals state that popular events impact their network. How many simultaneous users watching game highlights does it take to saturate your bandwidth? The article calculates that just 2 streaming users result in a 1 Mbps download, while 17 users equal a huge 10 Mbps. Quickly overwhelming Internet bandwidth.

Saturated bandwidth

How many simultaneous users watching World Cup game highlights does it take to saturate your bandwidth?

Given the time difference with Brazil, most of the 64 matches will be played during U.S. office hours, and streaming video could deal a major blow to corporate network and application performance according to the blog. When the first match of the day kicks off, smartphones, tablets, and laptops will be streaming footage live from offices around the U.S.

FiltersIn addition to the major spike in bandwidth usage, Wavecrest whose products help organizations manage and control employee Web activity reminds us there are World Cup 2014 malware sites are out there. According to a recent survey from Osterman Research, malware has infiltrated 74% of organizations via the Web.

The firm’s products can also address the lost productivity and revenue as staff watches the matches and not working. Most of the matches will be played during U.S. office hours. The lost productivity caused by watching the World Cup can total 99 hours average wages lost per hour each day according to Wavecrest. The Wavecrest systems can monitor, report, filter, and throttle employees’ bandwidth use.

In order to keep pace with the staff, CyBlock products can be set up to block Web access by categories and by half-hour so employees can access sports sites on their lunch break or after hours.

rb-

I have been there done that. In 2012 Michigan, Michigan State, and the University of Detroit all played in the NCAA Basketball tournament and the entire 250 Mbps Internet pipe was down to a crawl for most of the afternoon.

There are other tools to use, we were using an M-86 content filter then. We used that to block much more than you would think to get control of the network. In addition to the M-86 default groups, we had to block all the ESPN sites, NCAA sites, and CBS.

We also had a PacketShaper at our disposal and were doing to throttle streaming video, but there were legitimate users of streaming video.

A lot of this comes down to policy and discipline.  Is watching NCAA hoops or soccer a business need? Is there leadership to enforce the AUP and tell people to stop wasting resources?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| September 19, 2013
Comments Off on 2013 Most Dangerous Celebrities Online

2013 Most Dangerous Celebrities Online

2013 Most Dangerous Celebrities OnlineAnti-malware firm McAfee has released it annual Most Dangerous Celebrities list and daughter of rock musician Phil Collins actress Lily Collins is 2013’s most dangerous celeb to search for online. Ms. Collins has starred in such classic movies as “Mirror, Mirror” and “The Mortal Instruments: City of Bones” unseated “Harry Potter star Emma Watson who topped the list in 2012.

RankCelebrityRisk %
1Lily Collins 14.5
2Avril Lavigne
12.7
3 Sandra Bullock
10.8
4 Kathy Griffin
10.6
5 Zoe Saldana
10.5
6 Katy Perry
10.4
7Britney Spears
10.1
8 Jon Hamm
10.0
9 Adriana Lima
9.9
10 Emma Roberts9.8

Lily Collins 2013s Most Dangerous Celebrity OnlineFemale celebrities were the overwhelming lure to malware; “Mad Men” star Jon Hamm was the only man in the top 10. A person could be led to malware after doing a general search and clicking on dubious links, but risks increased when searchers added phrases like “free apps” or “nude photos.”

To better protect yourself on the web McAfee suggests:

  • Be wary of links to free content or too-good-to-be-true offers
  • Be extra cautious when searching on hot topics, which often lead to fake and malicious sites created by cyber-criminals
  • Check the web address for misspellings or other clues that the link might lead to a phony website
  • Protect yourself with comprehensive security, including a tool that identifies risky websites in search results

rb-

This is an annual thing from McAfee, but nobody pays attention. I covered Heidi Klum in 2010, Cameron Diaz in 2011, and Emma Watson in 2012.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| January 22, 2013
Comments Off on 5 Odd Tech Predictions

5 Odd Tech Predictions

5 Odd Tech PredictionsJulie Bort at the BusinessInsider found some really interesting ideas buried within this prediction season’s avalanche of humdrum thoughts. She shared them in the hope they will become self-fulfilling prophecies.

Software as a Service -SaaS1. Bad guys start offering “hacking as a service” – Security company McAfee says that criminal hackers have begun to create invitation-only forums requiring registration fees. The author speculates that these forums could become some sort of black-market software-as-a-service. Pay a monthly fee and your malware is automatically updated to the latest attack. Don’t pay, and it would be a shame if something happened to your beautiful website …

Mobile ransomware2. Bad guys try to kidnap your smartphone – Hackers have become fond of a form of malware called “ransomware.” It’s a popular way to harass people who view Internet porn. While visiting a porn site, bad guys plant malware on a computer that threatens to report the computer user to the police unless they pay up.

In 2013, the article says the trend will be to hold your smartphone hostage. Hackers will sneak malware onto smartphones and then make you pay if you don’t want all the data on your phone destroyed or leaked. So thinks Chiranjeev Bordoloi, the CEO of security vendor Top Patch.

Fake meat3. Fake meat becomes a real thing – Vegetarians have been manipulating vegetable protein to make it look a little like meat and taste nothing like it. But now BusinessInsider says the race is on to produce fake meat like bacon in much more technically advanced ways.

Dutch researchers have found a way to “grow hamburger” in the laboratory from just a few bovine stem cells. Tech investors have funded companies that will create food from plants. Stealthy startup Sand Hill Foods is one such company on investors’ watch list. Beyond Meat, a startup funded by Twitter cofounders Ev Williams and Biz Stone, makes realistic fake chicken and will ramp up availability in 2013.

Your smartphone will be your personal nurse4. Your smartphone will be like a personal nurse – Ms. Bort reports there is a healthcare revolution headed to your smartphone. IBM (IBM) has promised that one day soon doctors will use tech that will scan your body. They will send that data to the cloud for a diagnosis. Companies are developing smartphones with biosensors that do everything from check your blood sugar to detect the flu. Apple (AAPL) has promoted the iPhone as a platform for health technology since 2009, but some new devices are just coming to fruition.

tech you use for work will be fun5. The technology you use for work will be as much fun as the stuff you use at home – Most of us are so used to tech at work being a source of frustration that we can’t imagine a different world. But the author predicts that’s changing. In 2013, tablets will lead software to be redesigned for touch interfaces—which will make it fun and easy to use, more like a game than a spreadsheet. Best of all, more companies are adopting tech that lets you download a “virtual work desktop” on any device, simply by logging in on a Web browser or launching a mobile app.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »