Tag: cybercrime Page 2 of 3

What Is A Botnet?

Malware can be confusing. Not just because there are millions of different types of malware, because they’re constantly evolving. And it doesn’t help much that researchers have a tendency to give them some crazy names.

The botnet, on the other hand, is relatively easy to understand. Instead of just stopping at infecting thousands or even millions of computers, botnets will continue to control all those computers remotely to perform the bidding of the bot controller or herder. That’s why it’s one of most sinister types of malware that all business owners need to be aware of.

Read More

Anatomy Of A Security Breach: Target

Target security breach 2013It’s not often we get a chance to attend a security breach postmortem — a step-by-step, hack-by-hack, mistake-by-mistake account of what went so horribly wrong. The U.S. Commerce Department recently presented their report into all the mistakes Target made, and which could have avoided, in its recent massive data breach.

The report provides what’s referred to as an “intrusion kill chain” that highlights all the places Target had a chance to spot the breach and stop it. But missed. For example:

  • The hackers were able to identify a potential Target vendor or supplier to exploit because Target made such a list publicly available. That was the starting point for the hackers.
  • The vendor targeted had very little security in place. The only malware defense they appeared to have used to protect their business was free software meant for personal and not business use.
  • The vendor’s employees had received little if any security awareness training, and especially on how to spot a phishing email. So the hackers used a phishing email to trick at least one of those employees into letting them in the back door.
  • Once in the vendor’s systems, the hackers were able to use stolen passwords without the need for authentication because Target did not require two-factor authentication for low-level vendors.
  • The hackers are suspected of gaining further access from the vendor by using a default password in the billing software the vendor used. If the default password had been changed, the attack might have stopped right there.
  • There were few controls in place to limit access the vendor had on the Target network. Once the vendor had been compromised, Target’s entire networks were exposed.
  • When the hackers installed their Point of Sale malware on Target’s networks and began testing the malware, that activity was detected by Target’s security systems but the alarms were simply ignored.
  • When the hackers created an escape route and began moving the stolen data off Target’s networks, that activity triggered alarms too but once again, the alarms were ignored.
  • Some of the data was moved to a server in Russia, an obvious red flag for Target security which once again was missed.
  • The login credentials of the vendor were used throughout the attack, yet Target’s security system wasn’t able to detect that those credentials were being used to perform tasks they weren’t approved for.

We keep saying that every business large and small has important lessons to learn from Target. Don’t waste the opportunity. Double-check your own security and see if there are any obvious gaps you haven’t spotted but need to be sealed. Need help? Give SiteLock a call any time, 24/7/365, at 855.378.6200.

Google Author: Neal O’Farrell

Data Privacy and the Cybercrime Economy

data-privacySpeaking in a recent interview on CBS’ 60 Minutes, Tim Sparapani, a former privacy lawyer for the American Civil Liberties Union, commented “Most retailers are finding out that they have a secondary source of income, which is that the data about their customers is probably just about as valuable, maybe even more so, than the actual product or service that they’re selling to the individual.”

It was a chilling admission that the world has changed in ways most of us never expected, and that there may be more value in private data about people than in selling goods and services to those people. Or stealing from them.

Read More

10 Business Cybersecurity Tips

CybersecurityBudget should never be a reason for ignoring security. Neither should worries that you’re technically challenged. Here is a list of ten things you can do to help defend against cyber risks.

  1. Look in the window. Most business owners look at their websites and security risks from the inside-out, and never see what it looks like from a hacker’s perspective. Even a cursory inspection, but even better a basic website scan, could easily help you spot vulnerabilities quickly.
  2. Understand what the risks are. After all, you can’t fix them if you don’t know what they are. A little light reading on common business and website risks could tell you all you need to know. Focus on technical and procedural risks – from exploits of unpatched vulnerabilities to common errors by employees.
  3. Focus on passwords, and especially to your FTP account. Passwords can be the keys to the kingdom, and even the biggest security breaches at the biggest businesses have been traced to the smallest password mistakes.
  4. If your business has a lot of sensitive information to protect, consider having your website developers use a dedicated computer to access the website. This can significantly reduce the risks of things like keyloggers, which can steal website passwords and give hackers access. By using a dedicated computer that’s not used for anything else, you eliminate the risk of downloading a keylogger or other malware through drive-by downloads, email attachments, or infected files.
  5. Create a list of your Top 10 security rules, that everyone has to follow, and make that everyone knows what those rules are. Ten is a good number. You could easily have a hundred but too many could cause more harm than good. Focus on the biggest risks and vulnerabilities and pursue them relentlessly.
  6. If you accept credit cards, make sure you’re PCI compliant. Achieving PCI compliance is not difficult or expensive, especially for smaller businesses. Not only is PCI a great security place to start, you don’t have an option. Failure could mean big fines and the inability to accept credit card payments.
  7. Don’t forget to get physical. Not all attacks or exploits have to be digital or virtual. Hackers can walk into an unprotected business or rummage through a dumpster. And many of the information-rich laptops and tablets stolen in burglaries end up in the hands of cybercrooks.
  8. Control who you give access to. That can range from access to buildings and rooms to access to computers, networks, and websites, to access to specific files and privileges. It’s not about people getting access to sensitive data, it’s about the wrong people getting access.
  9. Choose your web hosting provider carefully. There are thousands to choose from so pick yours thoughtfully and focus on what they say about security. If they don’t talk about it at all, that could be a warning sign. If they do mention security, present them with your list of top security worries and risks and see what their response is.
  10. Review your security regularly, with a comprehensive top-down review at least a couple of times annually. Nothing stands still, and new vulnerabilities are being discovered or created daily.

Read More

POS Malware Hits Target in Data Breach

Data breachIt’s been less than a month since mega retailer Target announced that a little more than 40 million customer debit and credit cards had been stolen by hackers. Not long after that, we saw the first of those cards being sold a few hundred thousand at a time, in a variety of underground hacker forums. Although not that underground, since I was able to register on the most notorious hacker sites and see for myself how easy it was to buy an identity.

Read More

Cybercrime Year in Review: 2013

cybercrimeOh, what a year it was for insecurity, and especially for the small business. It wasn’t as though we didn’t already know – that small businesses were firmly in the crosshairs of hackers. But early in the year Verizon put the final stamp on it. In its annual Data Breach Investigations Report, published at the beginning of 2013, Verizon revealed that businesses with fewer than 100 employees made up the single largest group of victims of data breaches. That conclusion was supported by other security studies around the same time that found small businesses suffered the most cyber attacks.

Perhaps the single biggest and most dangerous change in threats came in the world of malware delivery. For years, hackers and malware authors had used the same ways to deliver and spread their malware. Email and spam were by far the most popular. It was easy to buy hundreds of millions of email addresses, pack them with phishing messages, and attach a nasty malware payload.

And even if most users didn’t fall for the scam, even a small percentage of hundreds of millions was enough to make the attacks very lucrative for criminals. But as more users got the message, and began to grow more reluctant to open email attachments they weren’t expecting, many thought the malware industry was on its last legs. After all, how else could you get the goods to market?

So hackers had to choose a new way to deliver and spread malware. And they found it in small business websites. Every month, thousands of poorly protected websites are hijacked by hackers who use vulnerabilities in these sites to install malware. That malware is then spread to visitors to those websites, as well as attack other websites, and so continue the spread of malware.

And if you think that simply relying on antivirus software will get you through safely, there’s some more bad news. Some reports have suggested that today’s antivirus software can detect very few of the most dangerous types of malware – the stuff you really want to avoid. And the New York Times can testify to that. Early in 2013, Chinese hackers were easily able to breach the extensive defenses the Times had in place. Out of 45 different types of malware the Chinese used to attack the newspaper, the Times’ own security and virus protection detected only one.

But Chinese hackers weren’t just targeting big businesses like the New York Times. In September, the Huffington Post reported that Chinese hackers were actively targeting small businesses in the U.S., from pizza restaurants to medical clinics.

According to the Huffington Post, “The hackers find computer systems to take over by using tools that scan the web for Internet-connected PCs with software vulnerabilities they can exploit. Small businesses are popular targets because they often have lax security.”

And the year didn’t end too well either. When security researchers discovered more than 2 million stolen passwords on a hacker server in December, a piece of malware called a keylogger was suspected. That very same week, other security researchers found that out of 44 popular antivirus products tested, only one was able to detect a keylogger.

Which probably explains why an estimated $5 billion was siphoned from U.S. bank accounts in 2012 by cybercrooks using malware like keyloggers. And if any of those were business accounts, the business owners were probably on the hook for all the losses.

So safe to say (no pun intended) that 2013 was not a good year for business security, and especially for small business security. And we don’t predict much improvement over the next twelve months. It’s now clear that small businesses are the favorite target for the worst kinds of hackers. Whether it’s to steal your personal and customer information, break into your bank account, or use your website to host a variety of very dangerous malware, your small business may be getting all the wrong attention from all the wrong visitors.

So let’s make 2014 the year you take back your security and peace of mind. Security isn’t hard, no matter how sophisticated hackers and their tools have become. There are plenty of ways you can protect your business and your website, and make it just hard enough for hackers to decide that you’re just not worth the effort and that they should move on to small businesses that are doing little about security. It’s like locking your car and closing the windows while being parked next to a convertible with the top down. The easy target gets attacked first, and you’re at least lower on the radar by showing your security awareness.

If you make just one security choice this year, make it your website. Securing your website is simple and affordable, and yet it’s the single best way to protect your business, your customers, and any visitors to your site. And you’ll also help slow the spread of malware to other users and sites, which is one in the eye for the bad guys.

And remember that as a SiteLock customer you get more than prevention. SiteLock will work with you to address any website security issues that crop up, including malware removal, if any is detected on your site. And as always, our security advice – the best in the business – is always free, and we are here around the clock whenever you need support.

If you’re a frequent reader of this blog, then you’ll know that our expertise and advice goes far beyond just protecting your website. All good security has to be holistic, which is why we offer no-nonsense advice on a variety of security topics that can impact your business, from security policies and planning, to employee education, malware prevention, data privacy and security, and much more.

Our goal for 2014 is to be the best security partner for online businesses. We hope that, even if SiteLock is not your chosen security provider, website security is on your list of goals for 2014 as well. To get started on meeting this goal call SiteLock at 855.378.6200.

Google Author: Neal O’Farrell

2013 Target Breach Exposes Much More Than Data

target data breachAs we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.

Read More

Businesses Defenseless Against Keyloggers

keyloggersWhen news broke last week that security researchers had found more than 2 million stolen passwords hidden on a hacker’s website, it didn’t take long for media around the world to get on the case. It appears the passwords were stolen over many months, and from users of Facebook, Twitter, Google, LinkedIn and many other sites.

The story that seemed to get the most attention from the media and from security experts was what these 2 million passwords told us about the password habits of users. That they were awful. Not that that’s really news, but still, once again we discovered that the most common passwords included in the haul were 123456, 111111, and perhaps worst of all, password.

However, we noticed something else, something that other security experts seemed to miss completely. The initial suspect in the heist was a keylogger, a tiny piece of malware that will infect computers, steal things like logins and passwords, and pass them back to the hackers.

On the very same day the media frenzy started, we noticed that a security firm OPSWAT revealed some very scary test results. When they planted a basic keylogger on one of their test computers, and ran scans with more than 40 of the most popular consumer and business antivirus products over two weeks, only one product caught the keylogger. Which probably means most consumers and even small businesses probably won’t be able to detect it either.

While the better antivirus brands are generally good at catching the most common malware, a study by the University of Alabama found that those same products only catch around 25% of the more advanced malware. And that’s the stuff that can do the most harm.

Keyloggers are typically in search of logins and passwords, but they don’t just log what you type. They can also capture screenshots of what’s on your computer, screenshots of the websites you visit and the folders you open, and even what you search for. And software isn’t the only variety. There’s a growing trend towards hardware keyloggers – keyloggers designed to look identical to a plug or connector you’d expect to find at the back of a computer or even a cash register. One such hardware keylogger was recently found plugged into the back of a cash register at a Nordstrom store in Florida.

If keyloggers make their way on to computers in your business, the hackers may be able to steal logins and passwords to your website or bank account. They might also be able to steal payroll and customer information. They might even be able to hop from your computers to your website, and from there infect visitors to your site. Which could end up with your business being blacklisted by the search engines until you solve the problem.

So what can you do cripple this menace?

  • Start by talking to your employees, explain what a keylogger is, how it can threaten your workplace, and how you can all work together to protect against them.
  • Require all your employees to use anti-keylogger software, like Key Scrambler (free). They won’t protect your business against every type of keylogging but are a good defense against the more common software based. Some work by instantly encrypting or scrambling all your keystrokes so that they’re unusable to hackers.
  • Make sure you and your employees use one of the many safe surfing tools or plugins, like Web of Trust (WoT). As users become more wary of malware hidden in email attachments, hackers are turning to websites instead. Known as watering holes, hackers will find vulnerable websites, load them with keylogging malware, and simply lie in wait for visitors to those sites. SiteLock is finding as many as 5,000 small business web sites every single day already compromised and requiring malware removal. Safe surfing tools will help alert you of suspicious or dangerous websites before you click on them.
  • Always have good antivirus software on every computer and device you use in your business and at home. And encourage your employees to do the same. Some of the best is free, including for your smartphone and tablet. And scan often — at least once a week is recommended.
  • All employees should change their passwords often and think about passphrases instead.
  • Be careful what you allow employees to download and install. Poor security habits and hygiene are a leading contributor to malware infections. Slow down, guard up, verify first, and only download if you’re really sure and you really need to.

For more information on protecting your business from cybersecurity threats call SiteLock at 855.378.6200.

malware removal

Protect Your Website From Hackers

No one likes talking or even thinking about bad things around the holiday season. It goes against the holiday spirit! But you may not have any choice. Bad things can happen to your business at any moment, and may even be happening as you’re reading this. Every day, millions of small business websites are being prodded and probed by automated hacker tools looking for unsecured websites they can hijack. It’s almost like a thief walking along a row of cars and nearly invisibly checking each door handle to see which ones are unlocked. Except hackers have an additional layer of secrecy. They don’t have to leave their homes to check websites, and they can see many of them – all at once.

Read More

Happy Cybercrime Monday!

cybercrimeHappy Cyber Monday! If your website has survived the Thanksgiving rush, let’s hope it doesn’t suffer from a post-Thanksgiving malware hangover. Because in the usual run up to Christmas, the only people busier than elves are hackers. And their favorite tool this year appears to be malware. What’s a website to do without trusted malware removal?

We took a look at many of the top security stories to hit the headlines in just the last couple of weeks, and it’s not surprising that most of them were about malware.

Security firm Symantec says that hackers have recently been very successful in delivering a nasty gift of malware to unsuspecting users by blasting out emails pretending to be antivirus software updates. What makes the emails so convincing, according to Symantec, is that they look very authentic and incorporate logos from most of the popular antivirus products – probably even those that you use. Because most users are likely to be familiar with the brands and use at least one of them, it makes the email appear more personal and genuine. And therefore more likely to be opened. And clicked – which is what causes the most damage.

Security firm Trusteer also announced that it discovered some of the most advanced financial malware yet, malware that not only has more features than any previous malware, but also creates a private and secure communications channel back to the hackers behind it. According to Trusteer, the malware can steal information entered into web forms as well as steal log-in credentials from dozens of the most popular FTP clients.

And this is especially dangerous to small businesses in the U.S. If this malware is able to steal the login and password for your business bank account, it will very quickly empty that account. And small business accounts are not protected by zero liability. So if the thieves steal every last dime you have in the bank account, you’re out of luck. And maybe even out of business.

To add to the misery, Trend Micro also reported that it discovered more than 200,000 different types of malware targeted at online banking in just the third quarter of this year, with at least 25% of them targeted at U.S. banks.

One of the most dangerous pieces of malware in circulation right now is Cryptolocker. This is ransomware. Once it infects your computer, it will encrypt or lock your files and then demand a ransom to unlock them so you can use them again. The ransom can vary, from $300 to more than $3,000. And even if you pay the ransom, chances are you still won’t get your data back. And thousands of users have fallen victim. Even one police department admitted that Cryptolocker had managed to kidnap their data.

And not to be left out, researchers have discovered that even the NSA has turned to malware to do their job, infecting at least 50,000 with a botnet that will allow them to spy on those computers.

To add website malware scanning and defense to your holiday to-do list call SiteLock at 855.378.6200.

Page 2 of 3

Powered by WordPress & Theme by Anders Norén