February is known for Valentine’s Day and being the shortest month of the year. Instead, I am going to dedicate the articles in this newsletter to Cyber-Security. Its the second month of 2014 and its time to start thinking about how to secure your computing assets. The attacks are becoming more advanced and security is not a “set it and forget it” item – it needs to be reviewed weekly, if not daily. I hope you find this newsletter helpful.
Hacker’s New Target – Ads
Hackers are exploiting a weakness in Internet security: ad makers and sellers that target user’s online browsing habits.
Recently, Yahoo displayed an advertisement to Europeans that contained malicious malware for at least one week. Additional high traffic websites that have had malicious code injected into their display ads include newspapers, blogs and Dailymotion (a popular destination for streaming video).
In some instances, the malicious ads download viruses without user interaction. In other instances, the ads serve up a security alert – “Your computer’s antivirus is out of date!” – to trick you into paying a fraudster money or downloading a virus. This type of spot ad is served up unknowingly by major ad networks and can bypass antivirus software.
The design of the Internet advertising system is a major part of the problem. Ads pass through dozens of virtual hands to match buyers to sellers in quick online auctions. This process happens so fast with numerous players, that it can be very difficult to screen every ad, according to leading security researchers. Once a Hacker discovers a vulnerability, others flock to use the same exploit, which is the case with the ad vulnerability.
In the Year 2013, cyber-security company RiskIQ, Inc. tracked nearly 384,000 malicious online ads; which is up from 205,000 in 2012 and 70,000 in 2011. The large ad companies acknowledge an increase in malicious ads.
Google, which hosts one of the largest ad networks, has disabled ads from more than 400,000 sites containing malware in 2013, up from 123,000 in 2012.
Advertisers have known about the potential problems of malware for years, but have struggled to eliminate the threat. Scanning the web ads for bugs is time-consuming, expensive and difficult to do as more ads are becoming interactive with graphics and complex code to target a specific type of user. “This is much like an arms race” stated Chris Olson, chief executive of Media Trust, an ad-security company in McLean, VA.
In Yahoo’s case, the malicious ad was on display between December 27th and January 3rd before it was discovered. It is impossible to find out how many people were infected because the virus was only deployed in certain instances, according to people who are familiar with the investigation. If the malicious ad discovered a vulnerability, it infected the machine with a host of viruses. One of them is called Zeus. It is often used to steal online banking credentials, according to security researchers who have studied the incident.
This is why you need a good firewall – to help you prevent this type of attack. I have recommended blocking Ad sites for at least two years because they contain a vulnerability. The companies who have listened to me have cut down their malware infections significantly.
If you don’t have the ability to block ads at the firewall, contact me and I can help you find a suitable security device or make recommendations.
Target Hack – Service Account Credentials Lead to the Compromise
Service accounts are something that are needed but not fully understood. They are accounts used by services to access resources on Windows servers. They are a best practice recommendation as ‘administrator’ used to be the credential used by everyone. But, I find that these service accounts have either too many permissions or very weak passwords that are never changed.
The first and foremost is security accounts typically do not need to login to machines. A group policy should be created that denies interactive login. This will prevent someone from using a service account to remote desktop or remotely access a machine.
The second item you can do is restrict which machines that service account can access. This is a function that is built into Windows and is an easy way to prevent this type of attack.
Also, service accounts do not always need to be domain administrators. Be careful of what groups you add service accounts to, and follow the best practice of least privilege.
Finally, always change the passwords of service accounts every 90 days. This is just a best practice that everyone should be following. If a password is compromised this will help limit your exposure.
Small Businesses are at Risk for Cyberattacks
Historically, cyber criminals have targeted large enterprises. That trend is changing as large corporations are making heavy investments to apply sophisticated security measures. That has pushed cyber criminals to focus on smaller and more vulnerable targets. In the most recent survey, Symantec reported that in 2012, 31 percent of attacks were aimed at businesses with fewer than 250 employees, up from 18 percent the prior year.
Most shocking is many of these small businesses don’t seem to care. In a survey among 1,000 US small-to-medium businesses surveyed by McAfee, 66 percent expressed confidence that their data was safe from hackers and 77 percent said they haven’t been hacked. The data from the survey suggests that many small businesses are not even aware that they have been attacked.
The shift to mobile computing dramatically expands the risks that small businesses face. Security firm Trend Micro identified 1 million malicious and risky Android applications in the third quarter of 2013, surging from 425,000 at the beginning of the year.
If you are a small business, you need to make sure you manage the risk by applying basic controls like device security and data security. You should look at a mobile device management solution.
You should also have written security policies and make sure you have a yearly security audit to ensure that you are as secure as you need to be. Finally, a good firewall can help detect some of this activity if it is properly configured.
Win an iPad Mini
We at TBJ are looking to grow our business and we would like to enlist your help in finding clients who might benefit from our services. For any qualified leads that result in a meeting, you will be entered into a quarterly drawing to win an iPad Mini. Our best leads come from referrals and we would like to reward you.
If you know of someone that you network with that could benefit from our services, use the form below or email us at firstname.lastname@example.org
$188,242 is the Average Cost of a Cyberattack on a Small or Medium Size Business
That is a staggering number and could put most businesses out of business. The first and foremost thing you should do is make sure you have insurance in place to cover losses from a cyberattack.
If you have a computer that you do the financials on, make sure you only use that computer for financials. Why? A cybercriminal’s dream is to get access to a computer that is doing online banking transactions. They get you to install malware and then they can get the credentials they need to move the money out of your account. And the bank does not have to cover the money loss if they can prove they had the correct technology in place and you did not.
Also make sure you have the proper firewall, spam filter and virus scanner in place to help prevent these attacks.
Product of the Month – Palo Alto Wildfire
Wildfire is a service from Palo Alto Networks that can evaluate files to see if they contain malware. At the firewall, you configure what you want to have sent to the Wildfire network and it will execute it on a Virtual XP machine in the cloud. If it happens to find something that looks like malware, it will notify you.
This service works well, I have had clients use it and discover malware on their network even before a virus definition had discovered it.
It is very easy to configure. You just tell it which files you want to send up and it will send them to be analyzed. The files need to be 2MB or less.
In the 5.0 code they have a subscription you can subscribe to that updates every few hours with the latest threats.
In summary: it is a very cool service that is easy to enable. If you want to learn more about wildfire, read about it here: Wildfire.
It amazes me how trusting we are and how we do not take security seriously. As an example, I read a recent survey that found when reviewing passwords one of the top online passwords was 123456. The survey also revealed passwords are shared across accounts, from banking to Facebook.
We need to do a better job of educating users on the proper use of passwords and we need to follow the best practice ourselves. It might be a pain to have a complex password and different passwords across services, but it is well worth it in the long run.
I also see numerous Android devices that don’t have any sort of virus protection on it. Android is a top target for malware – you really need to protect that device! I also see people without any sort of password that protects the device. You should have some sort of password locking the device. I also see people downloading applications without any thought of what the application might do or if they are malicious.
I recently visited someone who had just had the crypto locker virus encrypt a bunch of data and they did not have a good backup plan. I don’t know if they ever found a good backup or not, but this was not the first time they lost data. They did not seem to care. They were lucky that some important data was not encrypted. A good backup could have avoided this. I view backups as an important part of security.
We need to make security a priority and a first thought, not an afterthought. When deploying a new system or device, make sure you are thinking how to secure it. Also, make sure you are using strong passwords. Finally, provide some end-user training to your users to help them maintain a better security posture.
We welcome all current Fortinet users and anyone interested in Fortinet products to join us. Representatives from Fortinet and TBJ Consutling will be on hand to share the lastest updates available to optimize your organization’s investment in Fortinet’s product line.
Date: April 9, 2014 at 11:30am – 1:30pm Price: FREE Type: Lunch-n-Learn