Clean key

How to Protect Your Bank Accounts from Dridex Malware

Hackers have stolen more than $40 million from U.S. and U.K. victims using a new strain of Dridex. Here is how you can protect your business from this malware.


A new spin on an old hacker favorite might be lurking in your email inbox. Hackers released a new strain of the Dridex malware as part of a large phishing campaign that was discovered in October 2015. The phishing emails try to lure you into opening an attached file. If you do, the malware-laden file will attempt to infect your computer if it is running Microsoft Windows. Once infected, hackers will try to get your banking credentials so that they can steal money from your bank accounts. Hackers have already stolen more than $40 million from U.S. and U.K. victims using this new Dridex strain, according to Tripwire.

A successor to the Cridex banking malware, Dridex was first discovered in July 2014. Dridex creates HTML fields that ask you to enter additional personal information when you log into an online bank account. The July 2014 version usually hid the malicious code that creates these fields in executable (EXE) files. In fall 2014, hackers started hiding the malicious code in macros in Microsoft Word files. Hackers made even more changes to the malware in fall 2015, making it harder for anti-virus software to catch it.

Once a computer is infected with Dridex, hackers can use it for more than just obtaining banking credentials. They can also use the computer to send spam or partake in attacks designed to shut down websites or web services. If you suspect your computer is infected, you should use an anti-malware tool to try to remove it. There are many free tools that identify and remove malware, such as Trend Micro’s HouseCall and Microsoft’s Safety Scanner. You should also change your passwords, including your banking credentials.

To help prevent a Dridex infection, you can take several measures:

  • Disable Word macros. Since Dridex uses Word macros to deliver its malicious code, disabling them can help defend against it. If these macros are disabled and you open a Dridex-ridden Word file, Word will display a message telling you that they must be enabled to open the file. The malicious code cannot run until you do so. If Word macros are enabled and you open a Dridex-ridden Word file, the malicious code will run without any notification from Word. In most versions of Word, macros are disabled by default.
  • Keep your anti-virus software up-to-date. Anti-virus software providers constantly update their software to thwart threats like Dridex. Thus, you need to make sure that your anti-virus software is always up-to-date.
  • Keep your applications and operating system software up-to-date. It is important to install application and operating system patches. That way, hackers cannot take advantage of known problems and vulnerabilities.

For more advice on how to prevent Dridex and other types of malware infections, talk to your IT service provider.

]]>

http://archives.infostructures.com/a/simple-email-mistakes-that-can-cause-serious-data-security-breaches http://archives.infostructures.com/a/simple-email-mistakes-that-can-cause-serious-data-security-breaches
Tue, 24 Nov 2015 07:31:35 -0500 Major Examples of Email Mistakes One notable example of an email mistake that caused a data breach involved the Goldman Sachs investment management firm. In June 2014, a Goldman Sachs contractor accidentally sent a message to a gmail.com email address instead of the corresponding gs.com email address. The latter email address is connected to the company’s in-house email network. The email contained a confidential document, and the mistake sent Goldman Sachs scrambling for a solution. To prevent the gmail.com recipient from opening the message, Goldman Sachs took Google to the New York State Supreme Court. In its petition, the investment management firm said that the message contained "highly confidential brokerage account information" and asked Google to help it prevent a "needless and massive" data breach. The case was unprecedented, in that Goldman Sachs argued that email senders should have the right to "unsend" an email if it was sent by mistake. In the end, however, the court did not have to rule on the case, since Google voluntarily blocked the recipient’s access to the email. Another noteworthy email mistake occurred in April 2014. An employee at the risk advisor and insurance brokerage firm Willis North America accidentally sent a spreadsheet to a group of employees enrolled in the company medical plan’s Healthy Rewards Program. The spreadsheet contained confidential information, including employees’ names, email addresses, birthdates, Social Security numbers, employee ID numbers, office locations, and the details of their medical insurance plans. Willis North America agreed to pay for 2 years of identity theft protection for the 4,830 people affected by the breach. Although the leaked information did not include details about the victims’ health conditions or the health information of their dependents, Willis North America was still cited for violating the US Health Insurance Portability and Accountability Act (HIPAA).

The Costs of Email Mistakes

According to the Ponemon Institute, data breaches caused by careless human error cost companies on average $117 per compromised record. If an email mistake affected thousands of people, as was the case for Willis North America, then it could result in sizable losses. Several issues can cause these high costs. As the Cisco case showed, losses in productivity can cost a company a significant amount of time and money. Another cost stems from paying for identity theft protection for the victims. Additionally, if the email mistake led to a data breach, then the company could find itself facing lawsuits or punitive fines. Data breaches like these could also reveal sensitive company information to the general public. Email mistakes, especially those that cause data breaches, can also tarnish a company’s reputation, which can lead to lost business opportunities. As one example, Goldman Sachs faced substantial damage to its reputation after its email-related data breach in 2014.

Avoiding Careless Mistakes

To prevent any mistakes, create clear-cut policies and procedures about sending emails, especially those with sensitive information. You’ll also need to educate your staff members about the problems caused by carelessly sending emails. Employees are more likely to think twice about sending a message when they know just how costly a mistake can be. By the same token, you should develop a workplace environment in which employees feel comfortable talking about their IT concerns. By making your staff members feel comfortable about discussing these issues, you can improve the odds that one of them will ask a question that could avert a mistake. Data loss prevention (DLP) software can also help in this regard. This software can stop employees from sending confidential information intentionally or by accident. Look to your IT staff or service provider for help when searching for a DLP solution that matches your individual needs. ]]>

http://archives.infostructures.com/a/how-to-connect-to-your-computers-using-windows-remote-desktop http://archives.infostructures.com/a/how-to-connect-to-your-computers-using-windows-remote-desktop
Thu, 29 Oct 2015 11:40:11 -0400 <![CDATA[

Since Windows XP, the Windows operating system has included an application known as Remote Desktop. Remote Desktop lets you remotely control Windows computers through a local area network or the Internet. With Remote Desktop you can run programs, access files, and even manage network resources on any Windows computer.

To get started, you’ll need to set up the computers you want to remotely control. Remote Desktop requires your user account to have a password, so you’ll want to do that first. Click the Windows “Start” button and select “Control Panel.” Click the “User Accounts” option and then click “Change your password.” Enter a password for your account. From this point on, your computer will prompt you for a username and password at login time, whether the computer is accessed locally or remotely through Remote Desktop.

Next, you’ll need to enable access for Remote Desktop. Click the Windows “Start” button and right-click “Computer.” A drop-down menu appears. Click the “Properties” option. In the window that opens, click “Remote Settings.”

You’ll probably want to check the box labeled “Allow connections from computers running any version of Remote Desktop.” This option is convenient if you have multiple versions of Windows running in your home or office, as each version of Windows is slightly different in handling Remote Desktop connections.

Finally, you need to choose which users you’ll allow to connect via Remote Desktop. Administrative users automatically have access to Remote Desktop. If you want to give other users access, click the “Select Users” button, select the users in the following window and then click “OK.”

After you’ve set up Remote Desktop on your computers, you can connect to them from anywhere in your home or office.

Click the Windows “Start” button and type “remote desktop” in the search text box. Type the name or IP address of the remote computer and click “Connect.” Your computer will connect to the Remote Desktop computer, and you’ll be prompted for the appropriate username and password. Correctly entering the username and password will give you access to control the computer.

Connecting to your Remote Desktop computer through the Internet is also possible, but extra settings are needed on your router. You’ll want to Google specific instructions for your router in order to get things working, but it’s usually a straightforward process.

Mobile devices

5 Steps for Developing a Successful BYOD Environment

Employees are using their personal smartphones, tablets, and other mobile devices for work much more often these days. This trend even has a name – “BYOD” (Bring Your Own Device). Gone are the days when employees were willing to carry a personal phone and a work phone, for example. In fact, industry research firm Gartner predicts that there will be twice as many employee-owned devices used for work than organizationally-owned devices by 2018.

But properly managing employee-owned devices in an organizational environment has become a real problem. According to a 2014 security report published by Check Point Software Technologies, 95% of the 700 IT professionals surveyed said they’re facing challenges with BYOD at work.  If your organization is facing similar difficulties, here are five steps to successfully develop your own BYOD environment:

1. Develop a BYOD Framework

A BYOD framework addresses issues such as who is allowed to use their personal devices, what devices may be used, and how support for those devices will be accomplished.Before you develop a BYOD framework, your organization should first perform a cost-benefit analysis to determine the basic requirements.

Once the requirements are determined, a framework should be laid out with the assistance of your IT and HR staff, legal and financial advisors, regulatory teams, and any other group that needs to be involved in the BYOD decision-making process. Certain industries, such as the health care industry and financial industry, have additional regulatory restrictions on mobile devices that also affect employee-owned devices used for work.

2. Establish BYOD Policies

The BYOD framework provides a high-level view of the BYOD environment. The BYOD policies fill in the details.

Within the policies, it’s important that you explicitly define what employees can and can’t do when using their personal devices for work. List any applications required to be on employee-owned devices, as well as any applications prohibited for security reasons. The policies should also document how the IT department will support employee-owned devices and how they will be secured.

3. Use MDM Software

Sometimes employees lose their personal devices or have them stolen. To protect your organization’s data, you can require that employees install Mobile Device Management, or MDM, software on their devices. That way, if an employee-owned device is lost or stolen, the MDM software can destroy the work-related data (leaving the personal data intact) or reset the device to factory settings, thereby wiping out all organizational and personal data. Optionally, you can even have the software wipe out the device’s contents completely, making the device useless.

MDM software typically requires authorization from the device owner. In general, it’s a tough sell, as employee-owned devices are just that: employee-owned. Clearly stating the pros and cons of such software can help alleviate concerns and encourage adoption.

4. Use NAC Tools

With Network Access Control, or NAC, tools, you can enforce arbitrary network access policies. These tools were historically used to guarantee the health of a given device before granting it network access, so enforcing BYOD policies is a natural next step.

Modern NAC tools can detect types of devices, or even identify unique devices. This capability lets NAC act like a gatekeeper, allowing only those employee-owned devices that meet the BYOD policies into your network. For example, you can allow or deny access based on the type of mobile device or the employee’s job function.

5. Educate Employees

A successful BYOD environment depends on the cooperation of employees. You’ll need to inform them about the BYOD framework and policies, as well as the use of MDM and NAC tools.

Employees should also be educated on security risks and basic precautions. Teach employees how to create strong passwords and warn them about security threats such as phishing. In addition, you’ll want to discourage sharing of any policy-covered devices with friends and family.

Conclusion

BYOD is here to stay. With the right steps towards a BYOD environment, you can boost employee productivity while addressing any security concerns. For help in developing your BYOD environment, contact us.

Fingerprint

Is Using Fingerprint Authentication a Good Idea?

The U.S. government recently announced that 5.6 million fingerprint records were stolen along with other valuable data from the breach they publicized earlier this year. Since many of your clients have iPhones that use fingerprint scanning for security, they may be wondering what could happen if their fingerprint data was stolen.

With fingerprint authentication, you do not need to remember and enter a password to access a device. You just place your finger on a fingerprint scanner. If your fingerprint matches the scanned image on file, you gain access.

More and more devices are using fingerprint authentication, including smartphones and notebooks. But is using fingerprint authentication a good idea? To answer this question, you need to know how fingerprint scanners work, along with their advantages and disadvantages.

How Fingerprint Scanners Work

No two people have the same fingerprint. Even identical twins have different fingerprints. Thus, fingerprints can be used for identification purposes.

There are two main types of fingerprint scanners: optical and capacitance. Optical scanners use charge-coupled devices (CCDs) to get a fingerprint image. They work a lot like traditional scanners. Capacitance scanners use electrical current to obtain fingerprint images. Their images have a higher degree of fidelity than the images made with an optical scanner. Plus, capacitance scanners require an actual fingerprint shape to work, making it harder to fake fingerprints.

Most optical and capacitance fingerprint scanning systems do not compare the entire fingerprint when checking a fingerprint against the scanned image on file. They compare specific features of the fingerprint, which are known as minutiae. They use complex algorithms to recognize and analyze minutiae patterns.

All the minutiae patterns in the fingerprint and in the scanned image on file do not have to match for fingerprint scanning systems to allow access to devices. They simply have to find a sufficient number of minutiae patterns in common. The exact number depends on the programming in the fingerprint scanning system.

The Advantages of Fingerprint Authentication

Fingerprint authentication has several advantages over authentication systems that use passwords, personal identification numbers, or access cards. Here are some of the most noteworthy advantages:

  • Users cannot create weak fingerprints or forget them.
  • Users cannot misplace their fingerprints.
  • Criminals cannot guess a fingerprint pattern.
  • If a mobile device using fingerprint authentication is lost or stolen, its contents cannot be easily accessed.

Because fingerprint authentication is convenient for users but not criminals, many device manufacturers are beginning to use this type of authentication. For example, the iPhone 5S and newer models use capacitance scanning to provide fingerprint authentication.

The Disadvantages of Fingerprint Authentication

Fingerprint scanning systems are not infallible. Optical scanners cannot always distinguish between a high-resolution picture of a finger and the finger itself. Even capacitive scanners can sometimes be fooled by an artificial fingerprint. There are documented cases where fingerprint scanners have been duped with fingerprints lifted from glasses, CDs, and other items. The process is time-consuming and requires a lot of expertise. You first need to enhance the fingerprint and get a high-quality digital image of it. You then need to turn the image into a mold in which you can pour gelatin or silicon to make the fake fingerprint.

Already having a digital scan of a fingerprint would make the process easier and less time-consuming, potentially making it more lucrative to criminals. In September 2015, they learned that their fingerprint scans were stolen during the U.S. Office of Personnel Management (OPM) data breach that occurred earlier in the year. The OPM data breach was massive.

Federal experts believe that the ability to misuse fingerprint data is currently limited, but this could change over time as technology evolves, according OPM Press Secretary Sam Schumach. A group with expertise in this area will be reviewing the potential ways adversaries could misuse fingerprint data now and in the future.

This group’s activities will likely give little comfort to the 5.6 million federal employees who had their fingerprint scans stolen. While passwords, personal identification numbers, and access cards can be changed, fingerprints cannot be. As a result, they will likely have to worry about becoming victims the rest of their lives.

“While cybercriminals may not be positioned to leverage stolen biometrics now, that will change as these types of authentication are more widespread,” said Tim Erlin in an eSecurity Planet interview. Erlin is the director of IT security and risk strategy at Tripwire. “Most iPhones can use a fingerprint for authentication these days, and criminals always look for the most profitable targets.”

One way the 5.6 million federal employees can protect themselves at home is to use more than one type of authentication to access their devices. This is referred to as multifactor authentication.

Using Multifactor Authentication Is Best

With multifactor authentication, you use two or more types of credentials to access a device. The main types of credentials are often described as:

  • Something you know. Examples include passwords and personal identification numbers.
  • Something you have. Examples include access cards and fobs.
  • Something you are. Examples include fingerprint and retinal scans.

Using fingerprint authentication with another type of authentication can provide a high degree of security. For more information about using multifactor authentication, talk to your IT service provider.

iPhone 5

Widespread Apple Device Vulnerability Exposed

Apple Security Update!

Apple has revealed a very serious flaw in the way its iOS devices (iPods, iPads, iPhones) handle secure connections, specifically when your device is connecting to a server via SSL (“https://”) or TLS connections. This vulnerability, just revealed and patched by Apple last Friday, allows for an attacker to create a “man in the middle” situation to simulate that your device is connecting to a particular site when in fact you are not.

According to security reporting site Arstecnica, “At this early stage, the vulnerability has been confirmed in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1, meaning it has silently exposed the sensitive communications of millions of people for weeks or months. Security researchers haven’t ruled out the possibility that earlier versions are also affected. Readers should immediately update their iPhones and iPads to versions 7.0.6 or 6.1.6, preferably using a non-public network.”

The flaw affects SSL and TLS connections. Supposedly, Chrome and Firefox browsers are not affected by this flaw, but Google security engineer Adam Langley has set up a test page to validate whether your browser is vulnerable (we have verified that it is not malicious).  If your browser takes you to that page without an error, your browser is vulnerable. (Keep in mind some corporate firewalls may not allow this connection through either because it uses a nonstandard TCP port number.)

If your device is vulnerable, avoid using public WiFi and update your device as soon as possible.

US Capital Building

What Happens to Your Cloud Data if the Government Wants It?

In the summer of 2011, Microsoft warned consumers that the U.S. Patriot Act could compel the company to hand over customer data to the United States authorities, without their permission. This data would extend not only to customer contact information, but also to any files stored in Microsoft Cloud Services. Additionally, this data transfer would be kept secret, violating the European Union Date Protection Directive. The directive requires organizations to inform users when personal information is disclosed. Since this news surfaced, concerns have been mounting about the access to personal data stored on cloud services. However, as this article will explain, there is minimal threat to cloud services.

The Patriot Act and Your Data

While Part II of the Patriot Act allows the FBI to petition courts for documents, including those in the cloud, the government has rarely used the Foreign Intelligence Services Act (FISA) order. In 2010, only 96 applications were made for business records.

Another part of the Patriot Act, the National Security Letter, could also impact cloud services. The National Security Letter enables the FBI to access subscriber information and electronic communications records. However, the scope is very limited, and they can’t view the actual message–just the transmission.

The idea of a safe haven from the U.S. Patriot Act, as promoted by some European companies, is misleading. If a suspected terrorist has data stored in a cloud outside the United Sates, the information can still be obtained, provided that country is an ally. The United States is not different from many countries in this regard. Likewise, if prosecutors in Europe needed data held in the United States for terrorism, the U.S. would likely seize that data.

Many countries have privacy challenges in their own right. For example, Internet Service Providers in the European Union must retain telecom customer data for between six and 24 months. Additionally, the European Union’s data-retention directive gives investigators access to information that may be deleted in other countries. Under this directive, police can access details such as IP address and the frequency of every email, phone call, and text message sent or received. Other regulations include the international transfer of certain kinds of data.

Keeping Your Data Safe

The safeguarding and protection of data ultimately resides in your hands. Business owners must make informed, calculated decisions before deciding whom to do business with.

When deciding on a cloud provider, business owners should ask themselves a number of questions:

  • How sensitive is the information being stored?
  • What is the risk if that information is leaked?
  • What role does jurisdiction play in that risk?

When people express fears about storing their data in the cloud, they are mostly afraid of the control they will lose when they hand over the storage reigns. Although data is stored securely in the cloud every day–even safe from the government’s eyes–those one or two stories you hear to the contrary are likely to stick in your mind. Just remember that most cloud computing companies are well-trained, have reliable backup systems and contingency plans in place, and employ a full staff of professionals to be sure disaster doesn’t strike.