August 30 through September 2, 2015, I attended a Security Conference in Las Vegas. The purpose of the conference was to learn about new security risks and vulnerabilities that we are faced defending against and how we can defend against them if at all possible.
Why do hackers do this? #1 for money.
- Low limit credit card = $10
- Gold/Platinum Credit Card = $20
- Health Record = $100 (Why?, with this information they can steal your identity)
- Corporate E-Mail = $150 (Why?, to attack and get access to the above using various spearfishing attacks.)
NOTE: 102M Medical Records have been stolen since Jan 1, 2015. But, don’t feel bad only 101M were stolen by hackers. 1M were released because we were stupid and left our laptop laying around unencrypted, etc.
The steps that we have and are taking for customers that have joined our Managed Services Plans are good. However, since last year traffic on the internet (The Snowden Effect) has become more encrypted. The US has seen a 58% increase in encrypted data, south America has seen nearly 500% increase and Europe has seen a 700% increase. Encrypted data needs decryption to be scanned and protected. This requires changes on your network and firewall to protect your business.
If you do not have a Sonicwall or do not have Comprehensive Gateway Security, then your network is at greater risk from all internet exploits and your corporate data almost no protection.
Also, if we place your Server on a scan able port we can protect your data on your server.
Since websites reference other websites to deliver their content the deployment of infections are isolated to a website like MSN.com what uses over 100 web server to display the page you look at. These web servers are where the infections are coming from. They exploit the weaknesses in your browser and business applications.
By limiting internet traffic locations we reduce your risk of infection. With the addition of a man in the middle on the sonicwall we will be able to stop more infections that can make it into your network through browsers, mail and ftp applications.
There is still risk to being compromised and you can only defined by being educated on what to look for and worry about. I am sharing what we found and hoping to provide information that will help your business avert the damages that can occur from these infections and exploits. I can tell you that the movies are getting it right and these ways they show people breaking in are true and do work. I am going to try to provide examples of what you should look for:
Update Attack: The update attach says hey there is an update for “Java…” or do you want to run this Java application… Look at the publisher. It’s wrong. Once you click on it you are done. They have root access to your system from that point forward. The defense against this is Sonicwall CGS with DPI-SSL Implemented.
PDF Attack: The PDF Attach exploits defects in adobe acrobat. When you open the infected file the file locks. Once it locks it is too late. They have gained root access to your system. The only thing you can do is disconnect your computer and get someone to try to find it and remove it. If they cannot find it then you need to consider formatting the system, getting your files and starting over. The defense against this is Sonicwall CGS with DPI-SSL Implemented.
Crypto-Locker: This attack comes from websites and e-mail. Web based e-mail and websites are a great deployment strategy for this application. Once loaded it uses your own operating system to encrypted your company files. Be careful and have a backup. The defense against this is Sonicwall CGS with DPI-SSL Implemented.
Social Engineering Attacks: The purpose of social engineering attacks is to take advantage of us as people. Their goal is to gain influence over you as an employee or person to get you to do something willingly to help them get what they want: money, information, breach your defenses. This is the easiest way into your system. It costs a hacker between 50 cents to 1.50 dollars to get your address, SSN on the internet once they know your name, age, state, county. From that they have your loan(s), credit information. So, be careful. This is the worst attack to defend against. They are 99% effective.
Pineapple Attack: This is what they do. They setup at a public location with free Wi-Fi. They run a rogue access point disguised as the Wi-Fi at the location (StarBucks for example). Once you connect to their access point, they provide the DNS Server and watch for you to connect to places like banks, mail servers, credit card companies, etc. When you make those connections they redirect you to their website that looks like your website. If they do a good job and steal the pages it will be hard for your to figure it out. But, if you get to the login page and after you enter your password you have a problem displaying the next page or your account data doesn’t display then you have been hacked. They have your password. Call you bank and reset your password right away. The best defense against this is:
- Don’t use free Wi-Fi that is unencrypted.
- Don’t enter usernames and passwords into free unencrypted Wi-Fi to make payments.
- If you can connect back to the corporate office using a VPN and access the internet through the tunnel you are safer.
- Always watch for a message coming back from a website you enter username and password into where it says the SSL Cert is not valid. This can be an indication of a hijack, DNS poisoned attach where they are attempting to steal your information.
Spear-Fishing Attack: These are launched via e-mail or telephone. They target you to gain access to your personal information. In particular, your usernames and passwords. They do this by getting you to enter and/or provide your username and password to a website or phone system. They look for account numbers. They want your money.
In the case of the web site, they redirect you to another website that looks like the real site but is not. Pay attention to the address line.
In the case of the phone system, they provide:
- A phone number (it’s not the bank)
- Record the prompts and pretend to be the bank and/or credit card company
- They tell you need to reset your password. Once you enter it, they’ve got you and access to your account.
- Be careful, don’t call your back using the bank’s number
- Start being careful when your bank or credit card company calls you about a suspect transaction. That will be the next attach.
USB Attack: This is how it work “Mission Impossible” or “Blackhat” Movies. They connect a USB to the computer and it runs hidden files on the USB key that cannot be deleted even by formatting the USB key. Once you connect it, the computer runs the hidden code. The computer is ticked into thinking the USB key is a keyboard. It runs the code and your system is breached. So, if you find a USB key lying around be careful. Think twice before you connect it to your computer. In our class, the instructor created 30 usb keys like this that once plugged in started internet explorer and displayed a web page essentially telling what was done and to be careful. Of the 30 usb keys he left lying around in starbucks, benches and tables from Florida to Las Vegas. He has 67 connections to his web site from the following states: Massachusetts, New Jersey, Florida and Nevada. Pretty good return on his investment and he actually displayed a page saying what was going on.
If you have questions or concerns regarding your security, please contac your account rep [token]tvw_TokenData_Reps.RepName[/token] to schedule a security review.
We at CCPlus value the security of our customers and appreciate your business.
Randy Mayall, CEO & Senior Security Officer