Internet Pirates

Internet Pirates

Internet Pirates

There are two new nasty computer malware and ransomware strains currently terrorizing both PC’s and Mac’s. They have gained momentum since their first reports early this year. Both are prolific, becoming more sophisticated in their delivery, and demand a ransom from their victims. We think they’re the new age version of pirates searching for prey on the Cyber Sea.

Internet Pirate #1: Crypto Locker

Crypto Locker is a sneaky ransomware that makes its way onto a user’s computer via an email suggesting a free trial for something desirable, or simply posing as an email from a trusted service provider. The user clicks on the link and that begins the download to install the “freebie” or survey on their device. Crypto Locker then uses an RSA-cyber-pirate-20015422_mbased encryption to lock files on the user’s computer, rendering them useless without a decryption key. Crypto Locker also creates a registry entry so even restarting the computer presents the same message and blocks the user from their files.

Users discover the Crypto Locker attack via a warning message boasting of the encryption and offering a decryption key for $300 dollars.

Experts say that the encryption is at a level that only the NSA could break it, (and you know they aren’t going to help you). That leaves infected users with two choices: pay up or wipe the system clean and restore the files from a backup.

Two of our customers just this week were held hostage by the Crypto Locker. Because we maintain regular backups for them, we were able to get their systems back in business in short order. Others are not so lucky.

Some people attacked by the Crypto Locker actually choose to pay the ransom. Surprisingly the decryption key does work after funds are delivered – although experts warn of future activations of the malware.

 

Internet Pirate #2: Reveton

Reveton behaves a little bit differently than Crypto Locker but like its nasty cousin, Reveton also demands ransom payment to undo the damage. However, Reveton doesn’t require someone to open a file or download anything. Reveton is labeled “drive-by” malware because it will install itself when you simply click on a compromised website. User’s computers are locked down, and they are given a message saying that their Internet address has been recorded by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been involved in child pornography or other illegal activity. In order to remove the lock, victims must pay a fine via a prepaid money service.

Because the Reveton ransomware is a JavaScript Snippet loop that locks up the browsers, it can affect all browsers — even Chrome. And while Mac users generally are not affected by some of the more popular malware strains running rampant on the Internet, even they can fall prey to this scam. Mac users have been able to remove the snippet by clicking “Leave the page” 150 times, or ‘force quit Safari and restart’ while holding down the shift key. Windows users have to reboot in safe mode and remove the ctfmon.lnk file. It’s always smart computing to run a security scan after a malware attack – and know that the next generation of ransomware will come quickly enough. It’s a safe bet that these relatively easy fixes may not last long.

According to Symantec, (producers of Norton Security Software), incidents of ransomware have increased over the past year. While cybercrime victims are fewer, the loss per victim has increased. The best way to protect your data from Internet Pirates is to have a secure backup in place so you can restore your business after they strike.

 

 

 

 

NSA backdoors put a giant target on your computer

NSA backdoors put a giant target on your computer

security flaws

Hackers make our online lives dangerous. We never know when we’ll be subject to a nefarious attack on either our own computer system or that of our bank or other service provider that houses our private data.

Protecting, encrypting and backing up our files has never been more critical in our technology dependent world. Now it seems, even our own government is compounding that risk of attack.

Recent events have brought to light that the network systems we rely on for both business viability and every day conveniences, have been purposefully made more vulnerable in the name of national security.

As highlighted in the Economist on September 14th, internet snooping by the National Security Administration (NSA) is not an unheard of activity, in fact it is commonplace and without constraints. “Backdoors” have been created by or on behalf of the NSA to embed deliberate errors in software and hardware design so that discrete monitoring can occur freely. The revelation that the NSA has been awarded backdoors into otherwise and formerly considered secure network systems in an effort to more effectively ferret out terrorism is concerning on a number of levels.

Many don’t remember that back in the 1990’s, the NSA openly lobbied for these types of backdoors to be added to both public and private communications systems, but the NSA lost their fight. Apparently this is a classic case of not taking no for an answer” because the NSA has gone and done it anyway at the nations expense. Knowing those backdoors exist is what makes hackers truly salivate.

By weakening the security and encryption protocols in the name of national defense, the internet has unilaterally become less safe for everyone. That’s disturbing news if you have any kind of personal or financial information online – not just your personal information within your control, but any institution that you have ever done business with that has an internet presence. Absent of reliable encryption technologies, our entire ecommerce network has a giant target on its back. (Read more in this article )

Because the NSA created these windows without any approval or guidelines, the internet has become a second gold rush for hackers and thieves. Furthermore, it guarantees a higher level of distrust not only for US Citizens and their opinion of government, but for any foreign company previously interested in US based technology companies that have dominated the internet and cloud space.

Going forward, it will be much more difficult to gain the trust of overseas business partners knowing full well that there are embedded and deliberate weakened flaws in our systems that they, in doing business with us, would be subjected to. That’s not to mention the suspicions of unknown agendas of potential business partners. All around, that’s bad for business, bad for the economy, and bad for everyone.

 

Cyber attacks with exploits can affect everyone’s data

Cyber attacks with exploits can affect everyone’s data

Computer Code Exploits

In part one of our Cyber Attack series, we highlighted the massive DDoS attack raining on spam list provider SpamHaus. In most DDoS attacks, your data is likely safe, but the nefarious activities are just one step away from more serious forms of attacks that can steal your data – cyber attacks with exploits.

These “exploits” are packets of computer code that allow hackers to sneak in and sometimes control computers running software with a known design flaw or a “vulnerability.” Criminals, terrorist groups and even governments are all likely customers for the purchase of exploits.

It’s an emerging market for companies who discover new vulnerabilities called “zero day exploits” in software and sell their findings for anywhere from tens to hundreds of thousands of dollars. And generally it’s legal to sell them. In fact, more than half of exploits sold are now bought from upstanding firms and not hackers, according to the magazine The Economist. (more…)

Types of Cyber Attacks

Types of Cyber Attacks

The rate and intensity of cyber attacks is escalating and probably affecting your internet activity and you don’t even know it. (Read more.)

In late March, spam-fighting organization Spamhaus was the target of a massive DDoS (distributed denial of service) attack and it was considered the most severe attack since the invention of the Internet – or at least that anyone is admitting to.

It was called, “the worst cyber attack ever.”  And there’s more to come.

DDoS attacks utilize an army of commandeered computers to point huge volumes of web traffic at a company’s server to the point of overload until it crashes. This latest cyber attack was so large, experts don’t even think they have a measurement system capable of determining the full scope, but some experts are confident that Internet users worldwide were impacted by sluggish Internet connectivity during that time.

It is speculated — with unconfirmed reports — that this cyber attack was an act of revenge by groups ticked off at their blacklist status awarded by SpamHaus, who generates widely used and continually updated blacklists of sites who are guilty of sending spam. These grumpy spammers took advantage of what’s called a “DNS reflection,” a technique that tricks thousands of servers to send a landslide of junk to an unsuspecting victim, in this case SpamHaus.

The attack came as a surprise for Spamhaus, as it would your own company. What can a company do to combat a DNS reflection other than putting a crisis communication plan in place?

Experts say that locking down the infrastructure that hackers use is the number one imperative. In the Spamhaus cyber attack, the DNS reflection attack was likely due to the hackers taking advantage of “misconfigured DNS servers to amplify the power of a much smaller botnet,” said Chester Wisniewski, a senior security adviser at Sophos Canada, in a blog post. He goes on to say that 25 million open DNS resolvers hosted by service providers across the Internet currently are insecure or misconfigured, posing “a significant threat.” His advice is that it’s critical that you configure your recursive name servers to only reply to your own network,” Wisniewski said. “If you must provide public DNS, be sure to apply filtering for abusive queries and ensure the frequency of queries is commensurate with your expected volumes.”

Spamhaus is not the lone victim. If you’ve ever experienced an inaccessibility to your bank website or a sluggish response, it could very well be the work of a DDoS attack. On March 27th, Wells Fargo admitted to suffering from disruptions to their website connectivity. The al-Qassam Cyber Fighters hacktivist group has vowed to continue its long-running campaign of U.S. banking website takedowns, and while Wells Fargo is reported by Sitedown.co to have the majority of the downtime reports, Bank of America, Chase, Capital One, Citibanks and PNC Bank were all the subject of reported difficulties.

Wells Fargo spokeswoman Bridget Braxton confirmed Tuesday that the bank’s website was being disrupted, but told Reuters that “the vast majority of customers are not impacted and customer information remains safe.”

As Ms. Braxton rightly commented, during a DDoS attack, your data is likely safe, but if you’re the target for a DDoS attack, it’s going to be a tough few days before you can get back online.

In the next installment of our continuing series on cyber attacks and how to protect your data, we’ll look at “exploits” and the damage they can do.

Strategies to Prevent DDoS attacks

Strategies to Prevent DDoS attacks

If you think you’re seeing more news about computer hackers, you’re right. It seems this underground community continues to wreck havoc in our online lives and businesses through increasingly sophisticated means of mischief.

While the most publicized hacking events highlight stolen data, that’s not always the motivating factor. Some hackers have mastered the art of DDoS attacks, or Distributed Denial of Service attacks. These DDoS attacks have a singular goal of bringing down a website, ecommerce site, or just royally messing up your otherwise good day.

hacker on computer in his dark basement

In a typical DDoS attack, the hackers find vulnerability in a targeted computer system, making it the DDoS “master.” The hackers create malware, distributing it from the master to thousands or tens of thousands of other compromised and malicious websites. It’s likely that th  website visitors are unaware that they have even downloaded the malware. The malware is programmed with a timed attack function, or it has the ability to be launched by remote control. When the hackers deem it time, all of these miniature terrorist cells get woken up simultaneously by either a timer or a signal, and all are commanded to communicate, sending “packets” of information to or from a website,  thereby creating a massive increase of nuisance traffic, and most importantly, blocking legitimate traffic at the same time. The flood of incoming messages to the target system forces it to shut down, a.k.a. “denying service” to legitimate users. (more…)

How to avoid getting hacked

How to avoid getting hacked

As we are nearing the end of 2012, lots of people turn to resolutions — ways they’d like to improve themselves in the new year.  Everyone gets a do-over each January 1st. It’s the cultural norm in our society – even companies use the next 365 days as a milestone to renew their budgets, revise strategic plans, and do things better.

At Global Data Vault, we are always taking steps to do better, and a constant area of concern is data security.  With the advent of cloud backups and cloud storage, comes a new frontier for thieves wanting to lift financial information – or if not for financial gain, to simply make our lives difficult for the sake of sport.

We take the security of your data VERY seriously. The algorithm we use to encrypt your cloud data and block a cipher was designed by Counterpane Labs. It was also one of the five Advanced Encryption Standard (AES) finalists chosen by National Institute of Standard and Technology (NIST). The algorithm is subjected to frequent public review and no known attack against this algorithm has ever been reported. It has been calculated that a brute force attack using a 12.3 teraflop (trillions of operations/second) supercomputer would need 8.77 x 1017 years to attempt all the possible key combinations. Read about our extensive data security measures.

As seriously as we take protecting your data, we can’t protect you personally from hackers. If you haven’t read the nightmare that Mat Honan, reporter for WIRED magazine, recently experienced, you’ll need to sit down and take a look.

In what Mat recalls as an “epic hack,” he lost his entire digital life within 60 minutes. His Google account was commandeered and deleted. His Twitter account was taken over and used to spread disgusting messages. His AppleID was stolen and led to the subsequent erasure of all the data on Mat’s iPhone, iPad and MacBook (including photos from his daughter’s first year of life). Because Mat’s accounts were “daisy-chained” together, it was child’s play for the hackers to put together a profile of his accounts and position the customer service reps at Amazon.com and Apple off each other for full access whole online world. Vital security flaws in customer service systems invited the hackers in for a game of folly.

Mat’s story is unfortunately not unique, but by his own account, there are measures he could have taken to reduce the risk of his loss. One oversight on his part was not backing his data up.

We hope that by sharing this story with you, you’ll add ‘avoid getting hacked’ to your list of resolutions. Make a renewed commitment to your own data security, not just your company’s. Stop taking the password off your phone because it’s annoying. Make the effort to employ Google’s two-factor authentication. Change your dang passwords from 1234 and password, or information that people can easily find on Facebook (your birthday… your anniversary….) to something with a little more challenge. And by all means, don’t link all your accounts together.

Let’s make 2013 the year that we are smarter about protecting ourselves from hackers and mayhem. Good luck in 2013 and may all your passwords be unique.