Tag Archive for Security

| February 17, 2019
Comments Off on Volunteers Take Down 124K Malware Sites

Volunteers Take Down 124K Malware Sites

Volunteers Take Down 124K Malware Sites CircleID reports that abuse.ch, a non-profit cybersecurity organization based in Switzerland kicked off a volunteer-based information sharing project called URLhaus in March 2018. URLhaus collects and shares URLs identified to be distributing malware. Since its start up, URLhaus has proven to be quite effective in taking down over 124,000 malware distribution sites.

Abussubmitted in average 300 malware sitese.ch’s URLhaus project allows anyone to sign up with a Twitter account to report malicious URLs. The system will download and analyze the site’s payload and try to identify it before submitting it to Anti-Virus vendors and blacklist providers such as Google Safe Browsing, Spamhaus DBL, and SURBL, according to the blog post.

CircleID reports that 265 security researchers located all over the world have identified and submitted on average 300 malware sites to URLhaus each day. The article said URLhaus succeeded beyond the infosec community; the project also managed to get the attention of many hosting providers which is not an easy task, especially for large hosting providers that have tens of thousands of customers and hence a significant amount hijacked websites in their network that are getting abused by cybercriminals to distribute malware.

The chart below produced by abuse.ch shows the number of active malware distribution sites tracked since the launch of URLhaus.

malware distribution sites tracked since the launch of URLhaus.

abuse.ch reports that the US or China hosts 2/3 of the top malware hosting networks. The overall average malicious site take-down time is 8 days, 10 hours, 24 minutes. The three top Chinese malware hosting networks have an average abuse desk reaction time of more than a month!

That’s more than enough time to infect thousands of devices every day.

 

Top malware hosting networks

The top malware hosting networks, hosting active malware content identified by abuse.ch as of January 2019.
RankASNCountryAverage Reaction TimeMalware URLs
1AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLCUS6 days, 12 hours, 56 minutes307
2AS4134 CHINANET-BACKBONE No.31,Jin-rong StreetCN1 month, 9 days, 19 hours, 22 minutes256
3AS4837 CHINA169-BACKBONE CHINA UNICOM China169CN1 month, 23 days, 8 hours, 41 minutes163
4AS48815 CRITICALCASEIT21 hours, 58 minutes151
5AS46606 UNIFIEDLAYER-AS-1 - Unified LayerUS2 days, 11 hours, 54 minutes127
6AS53667 PONYNET - FranTech SolutionsUS13 days, 3 hours, 37 minutes105
7AS16276 OVHFR5 days, 22 hours, 6 minutes104
8AS60144 THREE-W-INFRA-AS -- TRANSIT --NL9 days, 10 hours, 37 minutes83
9AS13335 CLOUDFLARENET - Cloudflare, Inc.US13 days, 7 hours, 5 minutes67
10AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou AlibabaCN1 month, 2 days, 0 hours, 1 minutes66
11AS8342 RTCOMM-ASRU10 days, 8 hours, 9 minutes63
12AS36352 AS-COLOCROSSING - ColoCrossingUS16 days, 9 hours, 57 minutes53
13AS3462 HINET Data Communication Business GroupTW17 days, 6 hours, 19 minutes51
14AS23650 CHINANET-JS-AS-AP CHINANET jiangsu provinceCN3 days, 11 hours, 50 minutes51
15AS3462 HINET Data Communication BusinessTW17 days, 6 hours, 19 minutes51

 

rb-

abuse.ch offers the URLhaus black list for free to help protect your networks and users from malware. You can get more details from abuse.ch here.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| January 27, 2019
Comments Off on Data Privacy Day

Data Privacy Day

Data Privacy DayData Privacy Day is January 28, 2019. Data Privacy Day began in 2008 as a celebration of the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. The National Cyber Security Alliance (NCSA) leads the Data Privacy Day campaign. Here are some tips from the NCSA to own your online presence.

Digital footprintThe first step is to STOP. THINK. CONNECT.™: take safety measures, think about the consequences of your actions and connect knowing you have taken steps to safeguard yourself and your family when online.

Share with care. What you post can last a lifetime: Any information shared online can easily be copied and is almost impossible to take back. Consider who might see a post and how it might be perceived in the future.Protect it.

Protect your infoProtect your info. Information about the games you play and what you search for online, has value – just like money how else does Zuck make $6 million a day? Be selective with the information you give to apps and websites.

Own your online presence.  Learn how to use the privacy and security settings on your favorite online games, apps and platforms.

Stay current. Keep pace with new ways to stay safe online: Keep up with new technology and ways to manage privacy. Visit staysafeonline.org or other trusted websites for the latest information about ways to stay safe online.

Personal information is like money. Value it. Protect it. If you don’t you will be the victim of a data breach.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| January 19, 2019
Comments Off on Zix Buys AppRiver – Bolsters Email Security

Zix Buys AppRiver – Bolsters Email Security

Zix Buys AppRiver - Bolsters Email SecurityCompetition in the email security market is intense. Most of the major endpoint security companies, Barracuda, Cisco (CSCO) Fortinet (FTNT), Mimecast (MIME), and Proofpoint (PFPT), have moved into email security — emphasizing training services to mitigate rising phishing threats. Plus, Microsoft (MSFT) has pushed into email security services that wrap around its core business productivity software Office 365.

email securityThe global email security market is expected to reach $18 billion by 2023, expanding at 22% from 2016, this report asserts. This growth has drawn the attention of venture capitalists. The latest VC deal is unique in that the smaller company is buying the larger firm.

Publicly traded Zix (ZIXI) is acquiring AppRiver for $275 million in cash. Zix is a Dallas-based maker of email archiving and security products including ZixMail which manages the key management to provide end-to-end email encryption that protects messages and attachments.

Zix is acquiring AppRiver AppRiver is a privately held Florida-based MSP-friendly cybersecurity and Microsoft Office 365 cloud solutions provider specialist. AppRiver, founded in 2002, supports more than 60,000 companies globally in 2019.

Zix and AppRiver each have about 260 employees. As part of the M&A plan, Zix expects to generate about $8 million in cost synergies — which typically means that layoffs are coming. AppRiver CEO Michael Murdoch is exiting the combined firm. Zix CEO David Wagner would not rule out further job cuts.

cost synergiesCEO Wagner has lined up financial backers to help finance the AppRiver deal. Among the financial players are:

True Wind Capital will make a $100 million equity investment with the closing of the AppRiver acquisition.

SunTrust Bank and KeyBanc Capital Markets committed to a new five-year $175 million term loan and a $25 million revolving credit line.

The combined company, known as Zix, expects to generate roughly $200 – $207 million in annual recurring revenue in fiscal 2019, up 11% – 15% year over year. The deal is expected to close by March 31, 2019. Bu purchasing AppRiver, the new Zix will grow its channel from about 400 to 4,000 partners and its customer base will go from 20,000 to 60,000.

AppRiver is no stranger to acquisitions as it worked to position itself as a one-stop-shop for commercial cybersecurity services.

In October 2017, VC firm Marlin Equity Partners purchased a majority stake in AppRiver with intention of expanding its global footprint.

In March 2018, AppRiver acquired Canadian company Roaring Penguin for its anti-spam and machine learning technologies. In October of 2018, AppRiver acquired Total Defense, a provider of subscription-based endpoint security for consumers and small businesses.

rb-

The last three places I have worked were AppRiver or Zix shops. It makes sense email is the gateway to the cloud for many firms. Email is mission-critical and complicated to secure so it gets moved to the cloud.

My experience with both firms was OK. We were an earlier adopter of hosted Exchange from AppRiver and then at a re-seller. In keeping with industry trends, my current employer moved from Zix as we moved to O365, maybe this deal is a year too late.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| January 5, 2019
Comments Off on Marriott Data Breach One Of Biggest Ever

Marriott Data Breach One Of Biggest Ever

Updated July 17, 2019 – The Brits slapped Marriott with a £99m ($124m) fine for “infringements of the GDPR.” The Information Commissioner’s Office said that Marriott failed to undertake sufficient due diligence when it bought Starwood, and should also have done more to secure its systems prior to the data breach.

___

Marriott Data Breach One Of Biggest EverThe internet is a dangerous place for data. Hotel chain Marriott (MAR) proved that once again. Marriott revealed that hackers stole personal information from 500 million Starwood Preferred Guest program participants. The data stolen in the data breach included sensitive personally identifiable information (PII).

Marriott

Marriott said it got an alert on September 8, 2018, about an attempt to access the Starwood database and enlisted security experts to assess the situation. During the investigation, Marriott claims to have discovered that the unauthorized access to the Starwood network started in 2014.

Investigators found that an unauthorized party had copied and encrypted information from the database and had taken steps toward removing it. The company was able to decrypt the information on November 19, 2018, and found that the contents were from the Starwood guest reservation database. The hotel chain then waited until November 30, 2018, to tell its customers of the data theft.

What was lost on the data breach

personally identifiable informationFor about 327 million Marriott customers, the compromised information includes some combination of name, address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Marriott added that the data breach included payment card information. About 170 million impacted Marriott customers only had their names and basic information like address or email address stolen.

Marriott says that about 20.3 million encrypted passport numbers and approximately 8.6 million encrypted payment cards were compromised in the breach.

Chinese hackers Several sources report that state-sponsored Chinese hackers working for the intelligence services and the military were behind the attack. The stolen data would be an espionage bonanza for government hackers. Sources point out that the Starwood attacks began in 2014, shortly after the attack on the U.S. government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.

Sadly, the 500 million records Marriott hack only ranks as the third-largest known data breach to date. This list of fails illustrates, no matter what you’re doing online every time you put your information on the internet, you risk it being stolen.

RankCompanyAccounts HackedDate of Hack
1Yahoo3 BillionAugust 2013
2River City Media1.3 BillionMay 2017
3Aadhaar1.1 BillionJanuary 2018
4Marriott500 Million2014 - 2018
5Yahoo500 MillionLate 2014
6Adult Friend Finder412 MiltonOctober 2016
7MySpace360 MillionMay 2016
8Exactis340 MillionJune 2018
9Twitter330 MillionMay 2018
10Experian200 MillionMarch 2012
11Deep Root Analytics198 MillionJune 2017
12Adobe152 MillionOctober 2013
13Under Armor150 MillionFebruary 2018
14Equifax145.5 MillionJuly 2017
15Ebay145 MillionMay 2014
16Heartland Payment Systems134 MillionMay 2008`
17Alteryx123 MillionDecember 2017
18Nametests120 MillionJune 2018
19LinkedIn117 MillionJune 2012
20Target110 MillionNovember 2013
21Quora100 millionNovember 2018
22VK100 MillionDecember 2018
23Firebase100 MillionJune 2018

rb-

There is something else fishy here. Reports claim that the data was encrypted using AES-128 but not all the stolen data. Attackers were able to steal nearly 20 million passport numbers, and 8.6 million encrypted payment cards.

Marriott says that the attackers were able to gain access to 5.25 million unencrypted passport numbers and 2,000 unencrypted payment card numbers.

I’m sure that regulators (GDPR) and lawyers will ask why unencrypted sensitive info like passports and credit card numbers lying around waiting to be stolen?

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| December 17, 2018
Comments Off on The 10 Worst Passwords of 2018

The 10 Worst Passwords of 2018

The 10 Worst Passwords of 2018It is the end of 2018 and we have learned nothing from the massive Facebook and Marriott data leaks and numerous other hacks. California-based password-management company SplashData released its 2018 100 worst passwords based on 5 million leaked passwords on the internet.

Few people have switched things up. People continue to use the same hacked passwords time and time again. Topping the list of terrible passwords were “123456789” at No. 3, “password” at No. 2, and “123456” at No. 1. 2018 marked the fifth-straight year that “123456” and “password” kept their top two spots on the SlashData list.

1. 123456
2. password
3. 1Password23456789
4. 12345678
5. 12345
6. 111111
7. 1234567
8. sunshine
9. qwerty
10. iloveyou

There are only 2 new entries in the 10 worst passwords, the highly unsecure “111111” at number 6 and “sunshine” at number 8.

SplashData estimates 10% of people have used at least one of the 25 worst passwords on this year’s list, with roughly 3% of internet users rely on the worst password, “123456.”

Don’t congratulate yourself yet if your passwords didn’t make SlpashData’s top 10 most used and least secure passwords of 2018. Check out the rest of SplashData’s list of 100 worst passwords. If your password made the worst 100 worst passwords list this year, you should change it.

rb-

Password advice has changed about as quickly as people’s passwords – NOT MUCH but worth repeating …..

  • sisyphusUse passphrases of twelve characters or more with mixed types of characters.
  • Use different passphrases for each account. if a hacker gets access to one of your passwords, they will not be able to use it to use other sites and you only have to change that password instead of 50 of them,
  • Use a password manager to generate and store your passwords and automatically log into websites.
  • Set up two-factor authentication, especially when it’s generated on a phone app like Google Authenticator or on a small hardware device like Yubikey, can add an extra layer of security.

Imperva points out that 5% of all successful attacks are using brute force to guess a user or an administrator password. Brute force attacks do this with repeated login attempts using every possible letter, number, and character combination to guess a password.

Because most individuals have many accounts and many passwords, people tend to repeatedly use a few simple passwords. This leaves them exposed to brute force attacks. Email accounts protected by weak passwords are particularly valuable to hackers. They may be connected to additional accounts, and can also be used to restore passwords.

Attackers use specialized hardware to perform efficiently guess user passwords. Cryptocurrency mining rigs with graphics processing units (GPUs) and application-specific integrated circuits (ASICs) can be very effective in quick repetitive tasks like password guessing.

Imperva recommends a number of steps that an administrator can take to protect users from brute force password cracking:

  • Lockout policy—you can lock accounts after several failed login attempts and then unlock it as the administrator.
  • Progressive delays—you can lockout accounts for a limited amount of time after failed login attempts. Each attempt makes the delay longer.
  • Captcha—tools like reCAPTCHA require users to complete simple tasks to log into a system. Users can easily complete these tasks while brute force tools cannot.
  • Requiring strong passwords—you can force users to define long and complex passwords.
  • Two-factor authentication—you can use multiple factors to authenticate identity and grant access to accounts.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »