A New Trend As Americans Move To Work From Home

The FBI has issued a new warning regarding the use of the popular virtual meeting platform Zoom. As Zoom use continues to increase with extended work from home schedules, some users have reported pornographic, violent, and threatening images and messages interrupting their meetings.

For now, the two reported incidents were in Massachusetts during online class room sessions. The FBI has released suggestions to secure your virtual meeting rooms.

FBI Recommendations

• Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. In Zoom, change screensharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
• Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Virtual Meetings

There have been several viral sensations crossing the internet since the Shelter-In-Place orders have gone into effect across the country. The video conference where a woman went to the bathroom but forgot to turn her laptop around, and the boss who couldn’t figure out the potato filter are two viral stories. While these are amusing (albeit embarrassing for the participants) they aren’t harmful.

Keeping yourself and your organization safe is the responsibility of all of us. We’ll keep you updated with the best ways to keep your online presence secure as we all continue to practice Social Distancing.

Finally, make sure you’re taking the precautions you need to keep yourself and your closest people safe. As it’s been said, we’re all in this together.

PC Matic

A new vulnerability was discovered within remote desktop protocol (RDP) ports, although the technical details of the gap are being kept under wraps.

We do know, the vulnerability found impacts Windows Server 2008 and Window 7, as well as out-of-support versions Windows 2003 and XP. Microsoft has released a patch, which may be found here. The software giant has deemed this vulnerability critical for three reasons. First, the gap requires no interaction from users, as it is considered “wormable”. Second, hackers may use RDP access to easily exploit the entire network, not just a single device. Third, there are millions of users with impacted systems and enabled RDP ports.

Saying this update is critical, may be an understatement.

Therefore, anyone who is currently using any of the impacted versions of Windows should install the patch provided by Microsoft immediately.

Beyond the vulnerability threat, hackers have been seen using RDP ports as a means to infect networks around the globe. Therefore, beyond patch management, users and IT professionals should survey the devices that have RDP enabled. If the function is not being utilized, users should disable the port entirely. By closing the port, the risk of hackers malicious exploiting it will be eliminated.

An unknown ransomware variant infected the city offices of New York’s state capital, the City of Albany.  Although, employees were still expected to arrive to work Monday morning, city offices did not open until 12 p.m. EST.  The city’s IT staff are still investigating total damages as a result of the cyberattack, including which systems are impacted.

As of the latest press release, the city’s payroll systems had been compromised, as well as certain public records, such as birth, marriage, and death certificates.  Since the payroll systems include personal data of employees, there were initial concerns of a data breach as well.  However, after further investigation, it appears personal employee data was not compromised.  Although, the city is offering employees the option for credit monitoring service if they so wish.

Beyond city offices, the Albany Police Officer’s Union (APOU) is also suffering the aftermath of this attack.  According to the APOU’s Vice President, Gregory McGee, members do not have access to services or programs that operate using an internet connection, as their networks are currently not online.

One of the biggest interferences this has caused has been with the scheduling system.  Without scheduling access, the APOU does not have a way to track who is working, or the manpower they have available.  Additionally, the ransomware infection also impacted the computers within patrol cars.  Due to this interference, officers are not able to access accident or incident reports.  Therefore, calls for service may take longer than expected, as officers are missing access to the tools needed to conduct daily job duties.

The Unknown

It remains unclear how the ransomware infected the network, including how it bypassed the security measures the City of Albany had in place.  Additionally, the ransom demands have not been publicly released, as it remains unclear if city officials will end up paying the hackers to restore city networks.

This attack came just weeks after Jackson County, located in Georgia, also fell victim to a ransomware attack.  Jackson County officials paid the ransom demands of $400,000.  Although, even after paying the ransom demands, it still took days before the county’s networks were back up, and even then, they were not running at full capacity.

Social media is a brilliant tool for sharing links, videos and interesting information with your friends online. But not all those links go to good places – quite often those pages will have adware, malware or computer viruses lurking in the background, trying to download themselves onto your computer.

If malware does install itself on your work computer, it could cause serious damage to the rest of the network. The time and costs associated with fixing these issues could seriously hurt your company – even if it was an accident.

 

Advancements to Sextortion Scams

Hackers continue to trick users into thinking their computers have been infected with malware that recorded videos of them watching porn.  In an attempt to legitimize their claims, the hackers reveal they know a real password the victim has used and have begun spoofing victims’ email addresses.  By spoofing the email address, it makes it appear the messages are being sent from the victim’s own email account.

After distributing these spoofed emails, the hackers then demand a payment in the untraceable cryptocurrency, bitcoin.  They claim if a payment is not received, they will send the recordings to everyone in the recipient’s contacts list.  The scam has been incredibly effective, raking in bitcoin payments totaling $4 million in just the last three months.

How Users Are Being Exploited

First, it is important to clarify, these victims have not been infected with malware.  Instead, they’ve received a scam email that is exploiting the password that was leaked in one of today’s major data breaches.  There is NO recording!

Many recipients of these emails have confirmed the passwords included in the emails, haven’t been used in years.  This has led several experts to believe these scams are using data dumps from data breaches that occurred years ago.

What’s Next?

If you received one of these emails, it is important you remember — this is only a scam, your device is NOT infected with malware.  PC Matic encourages you NOT to pay the bitcoin demands.  Instead, ensure you are no longer using the password the hacker discloses in the email.  If you are still using this password, it is important to change the login credentials for those accounts.

If you are wondering if your information has been breached, you may visit www.haveibeenpwned.com.  By typing in your email address, the website will tell you if and when your information was breached.

According to Security Boulevard, the #1 security vulnerability identified by IT managers is unpatched systems.

Hackers target vulnerable systems.  There it is.  That is the big secret, which likely isn’t as shocking as one anticipated.  Why do hackers target vulnerable systems?  This too is rather simple.  They don’t want to have to “work” at hacking the system, they want users to leave the door open for them.  And often times they are.

Leaving third-party applications and operating systems outdated leaves endpoints and servers, as well as all the data on them, vulnerable to attack.

It is imperative for users to update all devices in a timely manner.  Often times this will take longer for larger businesses, as proper testing should be completed to ensure the update will not negatively impact the functionality of existing software or devices.  That being said, the testing process should take place once updates are available, so updates can be installed as quickly as possible.  It should also be noted, major software companies, such as Microsoft, have reoccurring update release dates.  Therefore, IT professionals can schedule when testing will need to be completed with the predetermined update dates.

Automate Updates?

Users at a smaller scale, either home users or perhaps a smaller business may automate application and operating system updates to take the legwork out of manually launching the update.  This feature is great for those who want to set it and forget it.  However, users must remember to reboot their PCs every day.  When updates are installed, they often are not finalized until the device is rebooted.  Therefore, users may think they’re protected with the latest updates, but in reality, they haven’t finished installing because no reboot has been initiated.

Rebooting is equally important for those who manually update as well.  If it isn’t getting done — the update is NOT complete.

Other Forms of Vulnerability

Although unpatched systems were the primary security threat identified by IT managers, other vulnerabilities should be addressed as well.  Additional factors to evaluate include multi-factor authentication, IoT devices, BYOD policies, and password strength.

Multi-Factor Authentication and Password Strength

First and foremost, no one should be able to access your network with one basic password.  Employers should be employing a multi-layer authentication feature to access their networks.  As a component of that, proper password regulations should be in place.  This includes requiring passwords to be changed every 30-45 days, including specific characters and numbers, and offering a password vault for employees to track their passwords to prevent them from being written down or kept in a Word or Excel document.

IoT and BYOD

The Internet of Things (IoT) has taken over the world.  We’re more connected now than ever, whether it is our smartwatches notifying us of text or calls,or checking emails through our phones.  We often bring these devices with us to work and connect them to company networks.  This creates a major problem.  If these devices are infected with malware of any kind — viruses, ransomware, spyware, etc. this malware can now spread throughout the company networks.  Also, the likelihood of these IoT devices having any form of security solution installed is minimal at best.  They often do not come with any form of antivirus installed, and some devices are not compatible with security solutions at all.

Therefore, having a solidified Bring Your Own Device (BYOD) policy is important.  Employees should know what is allowed and expected, and what is not.  This should include three major things.  First, what devices are permitted to connect to the company’s networks.  Second, the company needs to mandate a security solution is installed on all devices permitted to connect to company networks.  Lastly, it must include disciplinary measures if the policy is not adhered to.

Google has detected a family of Android malware, known as Tizi, that is able to steal sensitive data from popular social media apps such as Facebook, LinkedIn, Skype, Telegram, Twitter, Viber, and WhatsApp.

In a blog post, Google security engineers described Tizi as a fully featured backdoor that installs spyware with some rooting capabilities. The blog noted that Tizi was used in a targeted attack against devices in certain African countries, specifically: Kenya, Nigeria, and Tanzania.

If the malware gains root in a device, it simplifies and strengthens the task of infiltrating apps. The backdoor malware contains various capabilities common to spyware, such as: recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call logs, contacts, photos, WiFi encryption keys, and a list of all installed apps.

In addition, Tizi apps can record ambient audio and take pictures without displaying the image on the device’s screen.

Most of the vulnerabilities target older chipsets, devices, and Android versions. Google reports that it has fixed all of the listed vulnerabilities.

However, if a Tizi app is unable to take control of a device because the vulnerabilities it tries to use are all patched, it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages, and monitoring, redirecting, and preventing outgoing phone calls.

What You Can Do

To reduce the chance of your device being affected by malware and other threats, Google recommend these basic steps:

Ensure Google Play Protect is enabled: Google Play Protect is on by default, but you can turn it off. Google recommends that you always keep Google Play Protect on.

Check permissions: Be cautious with apps that request unreasonable permissions. For example, a flashlight app shouldn’t need access to send SMS messages.

Enable a secure lock screen: Pick a PIN, pattern, or password that is easy for you to remember and hard for others to guess.

Update your device: Keep your device up-to-date with the latest security patches. As Tizi exploited older and publicly known security vulnerabilities, devices that have up-to-date security patches are less exposed to attacks from Tizi.

Locate your device: Practice finding your device, because you are far more likely to lose your device than install a potentially harmful application.

To ensure maximum safety for your Android device and everything on it, install antivirus software.

Posted From VIPRE

Equifax revealed a giant cybersecurity breach compromised the personal information of as many as 143 million Americans – almost half the country. Cybercriminals now have access to sensitive information, including names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses. Although it can be overwhelming, there are preventative steps you can take to prevent hackers from being successful at using this information to compromise your identity.

Here are five simple ways you can protect yourself from hackers:

1. Cover Your Webcam

Hackers love to snoop on people’s webcams — so they can infect them with malware. Their favorite tool is a remote access Trojan that takes over your computer, steals files, records your conversations, and can even activate your webcam to spy on you.

The most effective way to cover your camera is to use painter’s tape. Designed to stick evenly and be removed easily without damaging the target surface, this tape can be bought at any hardware store or paint supplies store.

Covering your webcam is no substitute for keeping your computer patched and running strong antivirus software. The best approach: cover your camera and use antivirus software.

2. Encrypt Your Hard Drive

If your hard drive is not protected by data encryption, a hacker can steal anything on it — including photos, financial documents, personal communications, and work data.

Data encryption is software that converts the information stored on your computer into code that is unreadable to hackers. Both major operating systems, Windows and Mac offer free, automatic encryption. Window’s version is BitLocker and Mac’s is FileVault.

3. Use Password Management Software

This lets you store multiple passwords in encrypted form, so you don’t have to remember them. You can access all your passwords using one master password and are automatically logged in to your favorite sites.

4. Protect Your Home Wi-Fi Network

Your system comes with a default username and password that’s the same for every unit. Change the settings immediately because they are favorite targets for hackers to access your wireless security system. Never fail to install the updates.

At the same time, buy a top-quality router. The same drill applies — change the default login and password before installing, and regularly update the firmware.

Secure your Wi-Fi network with unique login credentials that are difficult to guess. Use WPA2 network encryption and a firewall.

5. Protect Your Identity

Here are some tips from USA.gov:

• Secure your social security number (SSN). Don’t carry your social security card in your wallet or write your number on your checks.
• Don’t respond to unsolicited requests for personal information (your name, birthdate, social security number, or bank account number) by phone, mail, or online.
• Watch out for “shoulder surfers.” Shield your keypad when typing your passwords on computers and at ATMs.
• Collect your mail promptly. Ask the post office to put your mail on hold when you are away from home for several days.
• Pay attention to your billing cycles. If bills or financial statements are late, contact the sender.
• Review your receipts, and compare them with account statements. Search for unauthorized transactions.
• Shred receipts, credit offers, account statements, and expired cards, to prevent “dumpster divers” from getting your personal information.
• Store personal information in a safe place at home and at work.
• Install firewalls and virus-detection software on your home computer.
• Create complex passwords that identity thieves cannot guess easily.
• Order your credit report once a year and review it to see if it includes accounts that you did not open.

Posted From VIPRE Security News