FBI: Reboot your router at home and business

Foreign cyber actors have been busy building another network of over 500k(!) IoT devices since 2012 to be ready for potential attack. Called VPNFilter, this malware attacks routers and NAS devices and awaits instructions from 2 domains. FBI had released a warning for users to restart their devices to remove the immediate threat of destroying their device. FBI also seized one of the URLs over the weekend and taken down the image from PhotoBucket were instructions were encoded.

Listening to your conversations? Possibly

“The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations.”

Stage 1 persists through reboot and awaits deployment of stage 2. Stage 2 malware, which is not persistent after reboot, contains intelligence gathering capabilities, command execution, data exfiltration and device management.

VPNFilter - How it works

What to do?

If you have a router from the Linksys, MikroTik, NETGEAR and TP-Link or own a QNAP TS251 or TS439 Pro, do the following

  1. Restart your router/NAS
    This will temporarily disable stage 2 and remove the immediate threat of bricking your device
  2. Change your password to the device
    As most device passwords are kept set as default, it will disable the direct access that was there before
  3. Firmware update
    Visit the manufacturer’s website or contact your ISP and install the latest firmware

More details can be found on the manufacturers websites




Source: Cisco Talos Intelligence

Windows 10 background

New Microsoft standards for highly secure Windows 10 device

Windows 10 background

Microsoft has released new guidelines for a highly secure Windows 10 device that are really quite pushing the standards and also your wallet. The setup supports the latest CPUs that are certified for Windows 10 such as 7th gen Intel Kaby Lake or AMD 7th gen processors. As you can imagine, most computers are running older generations and would be almost impossible for any company to fully comply. Interestingly enough, Microsoft’s own Surface Pro 4 comes only with 6th gen CPU. I guess you have to reach deeper and go for the latest and greatest Surface Pro.

Why such strict guidelines?

One of the reasons is memory protection and technology called IOMMU or Input Output Memory Management Unit. It sounds complicated but basically there is a memory management unit which helps with communication between devices and memory. This additional layer protects against malicious applications that attempts to access memory directly and gain unauthorised access. Direct memory access used previously could be exploited by just addressing parts of memory that normally store certain sensitive data, like credentials. With IOMMU, this is physically impossible.

Basically if you have the latest PC with enough grunt, Windows 10 Pro with enabled Bitlockler®, you should be fine.

Next one is TPM version 2.0 which has been finalised and published in September of 2016. The latest version brings security improvements, support for newer standards and UEFI only boot which rules out majority of Windows 7 systems. Interestingly, the recommendations also mention a minimum of 8GB of RAM which majority of recently purchased hardware will most likely have, mainly when even your smartphone has at least 3GB to work with.

To sum up:

  • Latest CPU
  • UEFI 2.4 and later (secure boot)
  • Enabled virtualisation (usually off by default)
  • TPM v2.0 or later
  • 8GB of RAM
  • All drivers must be HVCI compliant

Securing Windows 10 got less challenging with forced automatic updates and more options to play with as using modern technologies and solutions to protect against malicious attacks. It is still recommended to get a professional assistance to make sure the settings are not only implemented but correctly implemented.

5 easy things you can do to make your business IT more secure

More incidents than ever

There has been a spike recently in incidents, hacks or breaches of different severity focused on businesses or end users. There also have been discovered vulnerabilities that affect millions of users worldwide like KRACK which primarily affects individual users rather than access points.

All these events translated to more media coverage and exposure but many businesses still struggle with questions like ‘How can I protect my data’ or ‘Is my business sufficiently protected?’. As the answers to those depend on each individual business, based on Australian Signal Directorate, Microsoft’s best practices and over 16 years of experience, I can give you 5 things you can do to make your business IT more secure.

1. Enable automatic updates

As with anything, even security starts with the basics which in this case are automatic updates. We all know by now that no software is without issues and that all software needs to be patched for security updates at some point. Operating system is no different. Windows, Mac and Linux have all implemented some form of this process that keeps your security at its highest level without much intervention. For now, we focus on Windows as it is the most popular.

Windows 10 has automatic updates enabled and they cannot be disabled or postponed as easily as it was done with Windows 7. Microsoft realised that to keep any spread contain, it needs to force users to update automatically rather then rely on them to do it manually. A few years back Windowx XP had a flaw and no firewall(!) that would shutdown your PC almost instantly after you turn it on. As you can imagine, it was super annoying but it got fixed and Windows XP got a firewall out of the box in Service Pack 3.

Read more

All Secure IT Services - Security Webinar

Webinar: Protect your Network, Data and Identity

We live in a data and technology dependent world in which protecting your business data is critical.

In the battle to defend your business data and technology, you need an edge. You need the ability to operate within your business environment and have the peace of mind knowing your data is protected in the event of user errors, security breaches, hardware failure and viruses.

What’s the risk of ignoring data security?

It’s not just malware, hacking, viruses, spam and online scams that may put your network and data at risk. A poorly secured mobile device or disgruntled employee could prove just as dangerous and allow criminals to steal private data. Furthermore, having a poorly designed and managed backup and disaster recovery plan places your entire business at risk.

Don’t wait for a Disaster!

Online security is vital to protect your businesses virtual assets (electronic data) and IT systems. Knowing about data protection and maintaining a secure online presence will result in building your customers’ trust and help you to meet legal obligations, including privacy laws.

Why watch the recording?

Prevention. The majority of security businesses operate at the point of patching rather than preventing breaches. All Secure IT Services designs and architects solutions with security in mind so as to prevent breaches, rather than simply patching them at the time of crisis.

In the current landscape, a security breach is almost certain. Engineering your IT systems to assume breach is essential to prevent disruption to business operations, minimise long-term loss of data and protect your business relationships.

This Webinar recording will provide you with the opportunity to hear first-hand from Juraj Benak, industry specialist and Founder of All Secure IT Services.

With over 20 years’ experience in the IT industry, Juraj has worked for a diverse range of industries including multinational IT companies, and financial and academic organisations. With extensive experience in the IT security landscape, Juraj is well-suited to and passionate about sharing his IT security knowledge.

Watch the Webinar recording below


Source: Dialog

How to secure your passwords

How to secure your passwords

Password leaks and hacks have become almost a commonplace. In 2016 alone we had breach of 117 million emails and passwords from LinkedIn, 43 million of Webly users, MySpace and of course Yahoo!. Twice. Oh and again in 2017.

Computer security is not easy and there are many challenges that providers need to face. Imagine you have a castle build on a mountain top that has millions of users running through their gates every day to do their work from within the city. There is only one legitimate entry to get to get in and you also need to know a secret phrase so the guards will let you in. But you also have guards that need to change 3 times a day and might take a nap at times. You have windows from sides that aren’t as secure as the main gate and I’m not even talking about the aerial approach. My point is that the companies need to think about security from almost every possible angle however the bad guys only need to find one tiny weakness that can expose the whole castle. That is hard.

My point is that the companies need to think about security from almost every possible angle however the bad guys only need to find one tiny weakness that can expose the whole castle. That is hard.

I am not trying to justify poor security at any of those companies and mainly not at Yahoo!, who didn’t even bother to invest in security, but I want you to understand what is going on here and that you need to play your part in order to stay secure.

Read more

How to create a hotspot in Windows 10


How to create hotspot in Windows 10 Creators update and why use it

1) Click Windows logo (start) and type “hotspot”
2) Choose “Change mobile hotspot settings”
3) Switch your mobile hotspot on
4) Change wifi hotspot name and password
5) Connect

You can use it to protect your privacy when travelling overseas on multiple devices using VPN or to share single cable connection amongst multiple devices.



Ransomware is about to get a lot worse, by holding your operating system hostage


The threat of ransomware has grown at an unprecedented rate, rising from being a menace to becoming by far the most common form of malware delivered to victims by cyberattackers.

In the space of a year, ransomware appears to have evolved on from the simple but effective strategy of locking down the files of infected targets until they pay a ransom, to incorporating additional malicious elements, such as stealing personal or financial data from the victim’s system.


The cost of ransomware attacks: $1 billion this year

And it’s only the beginning, with file locking malware only set to grow and take larger role in cybercrime, warn researchers.

While the success of ransomware demonstrates there are plenty of victims who’ll pay cybercriminals in order to get their files back, there are also schemes such as No More Ransom which allow them to restore their computer without having to part with a penny.

Now cybersecurity researchers warn that new ransomware features could make life even worse for victims. Rather than just encrypting key files, ransomware could soon infect a computer to such an extent that the only two options available to the user would be to pay, or to lose access to the entire system.

According to the Malwarebytes State of Malware Report 2017, we’re likely to see more variants of this type of ransomware, which is designed to modify the infected computer’s Master Boot Record, the part of the system which controls the ability to boot into the operating system.

Once modified in this way using malicious code, the system will boot into a lock screen set up by the malware, demanding payment not only to decrypt files but also to restore access to the main operating system. The inability to do anything with the system aside from viewing the ransomware note will only give victims two options: pay up, or have their system wiped completely. It’s likely to make ransomware an even more appealing avenue of attack for cybercriminals.

Ransomware has boomed in the last year. The Malwarebytes report details how 12 months ago, ransomware was a threat to both individuals and organisations, accounting for almost one in five payloads delivered using exploits and spam emails.

Almost a year later, in November 2016, ransomware accounted for two thirds of all malicious payloads, making it by far the dominant form of malware, with the number of instances increasing by 267 percent. Ad fraud malware was a distant second place, accounting for one in ten malicious payloads.

Cybersecurity researchers catalogued nearly 400 variants of ransomware in the fourth quarter of last year alone, as cybercriminals across the globe attempted to cash in.

Unlike other forms of malware which often require the perpetrator to have some technical knowhow to deploy, the growth of ransomware-as-a-service has enabled even those without any coding skills to successfully hold victims’ data hostage until they receive a ransom payment — with a cut going to the ransomware developer.

While there are hundreds of variants of ransomware, three families dominated 2016: TeslaCrypt, Locky, and Cerber.

TeslaCrypt was the most dominant form of ransomware during the first half of 2016, before effectively being rendered useless by June, when its master decryption key was released.

Cerber and Locky quickly filled its place. Cerber became a particularly prevalent form of ransomware, because its as-a-service model means anyone can infect victims with it.

Meanwhile, Locky evolved to become the most notorious ransomware threat during 2016, even becoming the second most common malware threat by November. Despite a lull over Christmas, it shows no signs of slowing down, with instances of Locky once again on the up.

That’s bad news for the countries hit by the most ransomware attacks. The United States was the number one country to be targeted with ransomware attacks during 2016, followed Germany, Italy, the United Kingdom, and France.

The attacks against Western targets might not surprise. They are the countries with the most access to technology, and there’s also the potential that these states are being targeted for political reasons. The researchers points out that many cybercriminal syndicates work out of Eastern Europe.

“A country that seems to be missing from this list is Russia. This isn’t because Russian citizens have a firm grasp on computer security. Rather, it’s an indicator that Russian ransomware developers might shy away from targeting their own,” the report says.


Source www.zdnet.com