Thought leadership. Threat analysis. Cybersecurity news and alerts.
Hackers Use Google Search Results to Spread Malware
Cybercriminals are continually finding new ways to distribute their malicious software. This time, they took advantage of Google search results in spreading their malware.
Researchers at Cisco discovered that Google search results are being used by cybercriminals for spreading their malware. Cybercriminals took advantage of the links provided by Google search results in spreading the new version of the banking malware dubbed as “Zeus Panda”, also known as “Panda Banker”.
Google search is the digital world’s go-to place whenever we want to know something. Google answers our questions by providing links that it believes (based on its algorithm or criteria) are the best responses to our queries.
Billions of people around the world are using Google search. According to StatCounter, a Dublin-based web tracking service, as of October 2017, Google received the bulk of the search engine market share worldwide (91.47%), followed by Bing (2.75%), Yahoo (2.25%) and Baidu (1.8%).
Zeus Panda, the malware distributed by the threat actors via malicious links on Google search, is a malware that borrows some of the code of another malware called “Zeus” – a malware that first appeared in 2007. Cybercriminals have since earned hundreds of millions of dollars using the Zeus malware by stealing banking credentials and generating fraudulent banking transactions.
How Zeus Panda Spreads via Google Search ResultsIn order that these malicious links show up on the first page of Google search results, threat actors used the process called “SEO”, short for search engine optimization. Google, for its part, allows legitimate SEO – referred to as "whitehat" SEO. One of the legitimate SEO techniques used by the threat actors is the use of targeted banking related keywords to zero in their target victims.
“By targeting primarily financial-related keyword searches and ensuring that their malicious results are displayed, the attacker can attempt to maximize the conversion rate of their infections as they can be confident that infected users will be regularly using various financial platforms and thus will enable the attacker to quickly obtain credentials, banking and credit card information, etc.,” Cisco researchers said.
Threat actors, for instance, used the banking related keywords "al rajhi bank working hours during ramadan". The screencap below from Cisco researchers shows one of the top links in the Google search results for the above-mentioned keywords.
Below are the other keywords used by the threat actors:
"nordea sweden bank account number"
"how many digits in karur vysya bank account number"
"how to cancel a cheque commonwealth bank"
"salary slip format in excel with formula free download"
"bank of baroda account balance check"
"bank guarantee format mt760"
"sbi bank recurring deposit form"
"axis bank mobile banking download link"
As can be gleaned from the above-mentioned keywords, certain geographic regions appear to be directly targeted, with many of these keywords targeting users trying to search about financial institutions in India as well as the Middle East. The treat actors compromised business websites that have received high number of reviews and high ratings to appear legitimate to victims. Once a victim clicks on this compromised link, a multi-stage malware infection process is then initiated.
As shown below, the victim is redirected to a compromised site that shows a fake alert from Windows Defender that the Zeus virus is detected.
Once the victim clicks the “OK” button, the victim is once again redirected to another compromised site which hosts a malicious Word document as shown below.
Clicking on the "Enable Editing" and click "Enable Content" will initiate the downloading of the new version of Zeus Panda malware into the victim's computer.
This new version of Zeus Panda shares many characteristics of its predecessor Zeus Panda. Both borrowed the code of Zeus malware – the creator of which released the source code to the public in 2011. Both are designed to steal banking and other sensitive credentials and conduct fraudulent banking transactions.
Zeus Panda malware was first discovered by the researcher only known as “Fox IT” in February 2016. As reported by Proofpoint, this early version of Zeus Panda stole banking credentials of customers from European and Australian banks, UK online casinos and international online payment systems.
Unlike the new version of the malware which uses Google search results to spread the malware, the older version of Zeus Panda was spread using malicious email attachments, malicious email links and web injects.
In August 2016, Proofpoint found that millions of emails were sent to organizations involved in manufacturing, retail, insurance and related sector. The email messages masquerading as coming from legitimate banks contained malicious links leading to Microsoft Word documents. These documents contain macros which, if enabled, download Zeus Panda malware.
In October of this year, IBM reported that customers in North America were targeted by the Zeus Panda malware. For this October 2017 campaign, IBM said, the threat actors distributed the malware via malicious emails purporting to come from courier services like UPS. These fake emails, according to IBM, contain embedded links that lead the recipient to a site infected by Zeus Panda malware.
According to Proofpoint, the early version of Zeus Panda was also spread using web injects – a process by which cybercriminals intercept online banking traffic and modify banking sites on infected computers in order to carry out man-in-the-browser (MITB) attacks. In carrying out MITB attacks, threat actors infect a web browser to modify web pages of banks, online casinos and international online payment systems and modify the transaction content.
How to Prevent Zeus Panda Attacks
In order to prevent being a victim of the Zeus Panda malware, it’s important to think twice before clicking anything online and opening an email attachment. As shown by the new version of Zeus Panda, it’s important to remain discerning and vigilant in the results of a Google search.
Cisco researchers who discovered the new version of Zeus Panda said, “Having a sound, layered, defense-in-depth strategy in place will help ensure that organizations can respond to the constantly changing threat landscape.”
Bad Rabbit Ransomware, New variant of NotPetya, Is Spreading
Bad Rabbit ransomware, a new variant of NotPetya, is spreading across Eastern Europe and other parts of the world.
According to the Russian News Agency TASS, Bad Rabbit ransomware attacked the Russian mass media and Ukraine’s airport and subway. Symantec reported that Bad Rabbit primarily attacked Russia (86%), followed by Japan (3%) Bulgaria (2%), Ukraine (1%), US (1%) and all other countries (7%).
NotPetya versus Bad Rabbit
NotPetya is a malicious software (malware) that was released into the wild in June of this year. It wreaked havoc to thousands of computers worldwide, including Belgium, Brazil, Germany, Russia and the US. Merck, Nuance Communications, FedEx are some of the victims of NotPetya.
Similar to NotPetya, users of computers infected by Bad Rabbit received a notice that their files are encrypted. Both malware have the same style of ransom note, suggesting to victims to pay certain amount to get access to files. Both are worms, which mean that they’ve the ability to self-propagate – self-reproduce by infecting other computers in the network.
One stark difference between NotPetya and Bad Rabbit is the use of self-propagation tools. While NotPetya self-propagates using EternalBlue and EternalRomance, Bad Rabbit self-propagates by only using EternalRomance.
EternalBlue and EternalRomance are just two of the many exploits released in April of this year by the group called “Shadow Brokers”. The group claimed that EternalBlue, EternalRomance and the other hacking tools they’ve released were used by the National Security Agency (NSA) in exploiting the vulnerabilities in Windows operating system. According to Microsoft, it released a security update or patch dated March 17, 2017, fixing the vulnerabilities exposed by Shadow Brokers.
The second difference between NotPetya and Bad Rabbit is that NotPetya is a “wiper” rather than a ransomware. A wiper’s aim is to wipe out or delete all computer files for good, while ransomware’s aim is to generate money from victims. None of the victims of NotPetya were able to unlock their encrypted files. According to Symantec, its analysis of Bad Rabbit confirms that it’s not a wiper as the encrypted files can be recovered if the key is known.
How Bad Rabbit Works
Bad Rabbit infects victims’ computers in the following manner:
The first contact of victims of Bad Rabbit is via watering holes – legitimate websites that are altered by cybercriminals. Bad Rabbit compromised many popular websites in the affected countries.
Once a victim visits one of these compromised sites, Bad Rabbit malware is dropped or downloaded into the victim's computer as a fake software update to Adobe Flash Player.
Bad Rabbit malware masquerading as an update to Flash Player enters the victim’s computer by employing social engineering – convincing the victim that there’s a need to update his or her Flash Player. In the middle of the computer screen, a popup shows up asking the user to download an update for Flash Player.
Once the fake Adobe Flash Player "Install" button is clicked, the Bad Rabbit malware drops five open-sourced tools described below into the victim’s computer. According to Symantec, the download originates from a particular domain. It’s possible though that victims may have been redirected there from another compromised sites, Symantec said.
Mimikatz is an open-sourced tool used for changing privileges and recovering Windows passwords in plaintext.
In addition to Mimikatz, Bad Rabbit also uses a hardcoded list of commonly used default passwords in attempting to guess Windows passwords.
ReactOS is an open-sourced tool that’s used as an alternative to Windows operating system. The use of ReactOS, according to Symantec, reduces the amount of detectable suspicious activity on an infected computer.
DiskCryptor is an open-sourced tool that’s used to perform encryption. After individual files in the victim’s computer are encrypted, Bad Rabbit will then conduct a full disk encryption. Once the system is restarted, a ransom note is displayed, demanding a ransom amounting to 0.05 Bitcoin (US$280).
Bad Rabbit spreads to other vulnerable computers in the network by using EternalRomance, an exploit that bypasses security over Server Message Block (SMB) – referred to as the transport protocol used by computers using Windows operating system for a variety of purposes, including file sharing, printer sharing and access to remote Windows services.
According to researchers at RiskIQ, long before the distribution of Bad Rabbit ransomware last October 24th, cyber attackers have already compromised the affected websites used as watering holes. The researchers said that they “can track the distribution vector back to early 2016 showing that victims were compromised long before the ransomware struck.”
"The thing we do not understand at this point is why they decided to burn this information position to mass distribute the Bad Rabbit ransomware rather than save it for another type of malware," RiskIQ researchers said.
How to Prevent Bad Rabbit Attacks
As Bad Rabbit uses factory or default passwords, it’s important to protect your computer with a strong password. This security measure, however, isn’t enough to protect you from Bad Rabbit.
Bad Rabbit self-propagates by using the hacking tool EternalRomance. A security update or patch that stops EternalRomance has already been made available by Microsoft since March 17, 2017.
"Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware,"
In an effort to keep your all software up-to-date, be careful though of falling into traps of fake updates.
Fake Adobe Flash Player update has long been the favorite of many cyber criminals as they always find security vulnerabilities of this software. If an update pops up in your monitor, don’t click the button, and visit the official Adobe website for updates.
Cyber Espionage Group Targets Critical Infrastructure Using Old Hacking Tactics
Cyberattacks against critical infrastructure – energy, nuclear, water, aviation and critical manufacturing sectors – in the US have been going on since May 2017, the US Computer Emergency Readiness Team (US-CERT) said in a rare technical alert notice.
Symantec, on the other hand, reported that cyberattacks against the energy infrastructure in some European countries and in the US have been underway since December 2015. Cisco researchers, meanwhile, reported that since at least May 2017, they have observed attackers targeting critical infrastructure and energy companies around the world, in particular, Europe and the US.
While US-CERT and Cisco didn’t name a particular group responsible for the ongoing cyberattacks against critical infrastructure, Symantec identifies the threat actors collectively known as “Dragonfly” as the group behind the cyberattacks against the energy sector. Symantec researchers said the group has been in operation since at least 2011.
Symantec dubbed Dragonfly’s latest campaign against the energy sector as “Dragonfly 2.0”, a campaign that started in late 2015 the most notable cyberattack of which was the attack against Ukraine’s power system in 2015 and 2016, resulting in power outages affecting hundreds of thousands of residents.
The US-CERT technical alert – the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), and the reports from Symantec and Cisco showed that old hacking tactics have been employed by the threat group.
Methods of Cyber Attacks
1. Malicious Emails
According to US-CERT, the threat group used malicious emails or phishing emails with the subject line such as “AGREEMENT & Confidential”. The group also used malicious Microsoft Word attachments that appear to be legitimate invitations, policy documents or curricula vitae for industrial control systems personnel to lure users to open the attachment, US-CERT said.
According to Symantec, one example of the malicious email campaign used by the threat group were emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015.
Cisco researchers identified an email-based attack called "Phishery", targeting the energy sector, including nuclear power. Phishery became publicly available on GitHub in late 2016
“Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code,” Cisco researchers said. “In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user's credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim's computer.”
2. Watering Holes
According to US-CERT and Symantec, the cyber espionage group used "watering holes" – websites that have legitimate content by reputable organizations but are altered by the threat group to have malicious content. Almost half of the known watering holes, the US Computer Emergency Readiness Team said, are reputable websites that offer information to those in the critical infrastructure sector.
“As well as sending malicious emails, the attackers also used watering hole attacks to harvest network credentials, by compromising websites that were likely to be visited by those involved in the energy sector,” Symantec said.
3. Social Engineering
These stolen network credentials, according to Symantec, were then used for follow-up attacks on the target critical infrastructure organization itself by delivering trojanized software – malicious software that’s disguised as legitimate software.
One of the trojans used by Dragonfly group is Karagany.B – malicious software that infiltrates computer systems of target organizations by masquerading as Flash updates. The group here used the old hacking tactic of social engineering – convincing victims they need to download software, in this case, an update for their Flash player.
The trojan Karagany.B enables attackers remote access to the victims’ computer systems and allows them to install additional malicious tools if needed. Another trojan used by the group, according to Symantec, is the trojan Heriplor – malicious software that also enables attackers remote access to the victims’ computer systems.
“Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks,” Symantec said. “This custom malware is not available on the black market, and has not been observed being used by any other known attack groups.”
Symantec noted that Dragonfly’s origins cannot definitively be determined. While some of Dragonfly’s malware codes were written in Russian and French, Symantec noted, this could be a way to mislead people.
How to Prevent Dragonfly Attacks
To prevent Dragonfly attacks, the US-CERT recommends the following:
Reaper IoT Botnet Threatens to Take Down Websites
Reaper IoT botnet, considered as more powerful than the Mirai botnet, is spreading worldwide and threatens to take down websites.
According to Check Point researchers, the Reaper botnet already infected one million IoT devices worldwide. "So far we estimate over a million organizations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing," Check Point researchers said.
Researchers at Qihoo 360 Netlab, meanwhile, reported that the number of “vulnerable devices in one c2 queue waiting to be infected” reached over 2 million.
IoT botnet refers to internet-connected smart devices which are infected by one malware and is controlled by a cyber criminal from a remote location. It’s typically used by cyber criminals to launch a distributed denial-of-service (DDoS) attack.
“In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer,” the United States Computer Emergency Readiness Team (US-CERT) defines DDoS attack. “By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses.”
Infecting millions of IoT devices with a malware is a time-consuming task. Cyber criminals found a way to automate this task by creating a botnet – an army of infected IoT devices. The Reaper malware, as well as the Mirai malware, is spread by the IoT devices themselves. After infecting a particular IoT device, this infected device starts to look for other devices to infect.
The Mirai botnet in October 2016 brought down major websites – including Twitter, Spotify and Reddit – by launching a DDoS attack against the DNS infrastructure of New Hampshire-based company Dyn. Many major websites rely on Dyn’s internet infrastructure.
Reaper Botnet versus Mira Botnet
While the Reaper botnet shares similar characteristics with Mirai, it differs in many ways with the Mirai botnet. On September 30, 2016, the attacker known as “Anna-senpai” publicly released the source code of Mirai. According to Check Point and Qihoo 360 Netlab researchers, Reaper borrows some of the source code of Mirai, but this new botnet is significantly different from Mirai in several key behaviors.
Here are some of the differences between Reaper and Mirai:
1. Number of Affected IoT Devices
The first difference between the Reaper botnet and Mirai botnet is in terms of the number of affected IoT devices. Mirai affected about 500,000 IoT devices, while Reaper has infected over a million IoT devices.
2. Means of Infecting IoT Devices
Mirai was able to infect hundreds of thousands of IoT devices by exploiting the lax attitude of IoT users of not changing the factory or default login and password details. By using default login and password details, Mirai attackers were able to infect a massive number of IoT devices.
On the hand, Reaper’s means of infecting IoT are by exploiting several IoT vulnerabilities which the devices’ manufacturers may or may not have issued security updates or patches. Reaper attackers can, therefore, infect IoT devices even if a strong password is used as the means of entry to the device is by exploiting known software vulnerabilities.
According to Check Point researchers, the Reaper, for instance, infects unpatched wireless IP cameras by exploiting the “CVE-2017-8225” vulnerability.
3. Botnet Capabilities
Mirai already showed what it can do: It brought down major websites worldwide even for just a few hours. For Reaper, it’s still unclear what it wants to do. As of this writing, Reaper’s creator or creators just want (based on the code they wrote) to infect as many IoT devices without yet writing the command to attack any internet infrastructure or websites.
"It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes," Check Point researchers said.
The sheer number of infected IoT devices by Reaper – more than twice the number of Mirai’s victims – show how powerful and devastating Reaper can do when used as a means to launch a DDoS attack.
Gartner projected that 8.4 billion IoT devices will be in use worldwide in 2017 and will reach 20.4 billion by 2020. Examples of IoT devices include security systems (alarm systems, surveillance cameras), automation devices (devices that control lighting, heating and cooling, electricity), smart appliances (refrigerators, vacuums, stoves) and wearables (fitness trackers, clothing, watches).
"As more businesses and homeowners use Internet-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet provides new vulnerabilities for malicious cyber actors to exploit," the US Federal Bureau of Investigation (FBI) said. "Once an IoT device is compromised, cyber criminals can facilitate attacks on other systems or networks, send spam e-mails, steal personal information, interfere with physical safety, and leverage compromised devices for participation in distributed denial of service (DDoS) attacks."
How to Block Reaper IoT Botnet
In most cases, owners of infected IoT devices are unaware that their devices are infected and are used for criminal activities, such as launching a DDoS attack. IoT users who fail to change their devices’ default login and password details, as well as by failing to apply security updates, are part of the problem for “blindly” contributing to cyber criminal activities like DDoS attacks.
Here are the top cyber security measures to stop attackers from infecting your IoT devices and turned it into a botnet:
1. Timely Apply Security Updates of IoT Software
Always apply in a timely manner all security updates issued by your IoT manufacturer.
2. Use Strong Password
While the sophisticated malware like the Reaper can bypass strong password, it still pays to use a strong password to ward off less sophisticated malware.
3. Isolate IoT devices on their own protected networks.
4. Block traffic from unauthorized IP addresses by configuring network firewalls.
5. Turn off IoT devices when not in use.
6. When buying an IoT device, look for manufacturers that offer software updates.
'Secure' Wi-Fi Standard Has Serious Security Flaws
Researchers from the University of Leuven in Belgium have discovered a series of serious wi-fi security flaws that essentially eliminate wi-fi privacy.
These series of wi-fi vulnerabilities collectively dubbed as “Krack”, short for key reinstallation attacks, can access data that was previously presumed to be safely encrypted. Krack attackers can steal wi-fi passwords, chat messages, emails, photos and other sensitive information. It’s also possible, depending on device use and the network configuration, for Krack attackers to inject malicious software like ransomware into websites.
The University of Leuven researchers, in their paper entitled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” (PDF) said that “every Wi-Fi device is vulnerable” to Krack attacks.
"The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations,” lead researcher Mathy Vanhoef said.
Wi-Fi Alliance, a non-profit organization that promotes wi-fi technology and certifies wi-fi products, said, “Recently published research identified vulnerabilities in some Wi-Fi devices where those devices reinstall network encryption keys under certain conditions, disabling replay protection and significantly reducing the security of encryption.”
For its part, the International Consortium for Advancement of Cybersecurity on the Internet (ICASI), in a statement said, “Depending on the specific device configuration, successful exploitation of these vulnerabilities could allow unauthenticated attackers to perform packet replay, decrypt wireless packets, and to potentially forge or inject packets into a wireless network.”
ICASI members include Amazon, Cisco Systems, IBM, Intel Corporation, Juniper Networks, Microsoft Corporation and Oracle Corporation.
How Krack Works
For Krack to work, the attacker must be within the range of a victim. As proof-of-concept, lead researcher Vanhoef executed Krack attacks against wi-fi devices. Vanhoef was able to show that Krack not just steals login credentials – including email addresses and passwords – but all data that the victim transmits or sends was decrypted.
It’s also doable for Krack attackers, depending on the network setup and the device being used, to decrypt, not just data sent over wi-fi but also data sent towards the victim, for instance, the content of a website.
“Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations,” Vanhoef said. “For example, HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.”
Krack is able to decrypt not just data sent over wi-fi but also data sent towards the victim by exploiting the vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access 2 (WPA2) protocol.
The 4-way handshake is a 14-year-old technology that supposedly ensures wi-fi privacy by installing a fresh and unique encryption key that’ll be used to encrypt all subsequent traffic every time a device joins a protected wi-fi network.
Instead of installing a fresh and unique encryption key, Krack tricks the device into reinstalling an already-in-use encryption key. This is done by manipulating and replaying handshake messages. The researchers also found that Krack similarly exploits other wi-fi handshakes, including PeerKey handshake, the group key handshake and the Fast BSS Transition (FT) handshake.
As mentioned, Krack is a series of wi-fi vulnerabilities. This means that not just one wi-fi vulnerability is exploited by Krack. The Common Vulnerabilities and Exposures (CVE) – a dictionary of common names for publicly known cyber security vulnerabilities – list the following specific vulnerabilities related to Krack:
According to Wi-Fi Alliance, there’s no evidence that Krack has been exploited maliciously in the wild.
How to Prevent Krack Attacks
To prevent Krack attacks, make sure to update your wi-fi device as soon as patch or security update becomes available. A security update ensures that an encryption key is only installed once, preventing Krack attacks.
Password change of your wi-fi network won’t stop Krack attacks. The only remedy is to apply the patch or security update of your wi-fi device as soon as it becomes available. It’s also important to update your router’s firmware. While it’s important to patch or apply the latest security updates of your wi-fi and router, it also pays to change the wi-fi password as a precaution.
According to Vanhoef, they notified wi-fi manufacturers about the Krack issue on July 14, 2017. They also notified the Computer Emergency Response Team Coordination Center (CERT/CC) – the world’s first computer emergency response team for internet security incidents. CERT/CC, in turn, issued a broad notification to wi-fi manufacturers on August 28, 2017 about this issue.
“We have released a security update to address this issue,” Microsoft spokesperson told The Verge. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.”
Windows updates released last October 10, according to Microsoft, addressed this issue. The company said it “withheld disclosure until other vendors could develop and release updates”.
“Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member,” the alliance said. “Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches.”
Top 7 Cyber Security Tools for Your Business
With so much of our information online, everyone is vulnerable to hackers and cyber-thieves. When it comes to business, a cyber invasion is a constant threat.
Short term loss could be financial, intellectual property theft, data loss, or worse.
The real threat is the long term loss of trust and reputation damage that could take years to repair. If your clients' information is exposed, it will be hard for them to consider it safe to give you their business again.
Protect your business with these 7 cyber security tools.
7 Cyber Security Tools Your Business Must Be Using
In order to protect your business' digital information, you need a variety of cyber security tools in place.
For complete peace of mind, you'll want to work with a trusted cyber security partner. In the mean time, these tools are a great place to start.
1. Malware Scanners
Malware is short for malicious software. It is designed by hackers to gain access to a computer without the owner's knowledge.
You must have specific anti-malware cyber security tools in place to detect any hacker invasion.
There are a variety of malware scanners out there, many even available for free (with limited features).
Protect your business with automatic malware scanners in place.
2. Routine Patching
Patching is the process of installing a piece of software that repairs any security flaws. Updating an app is an example of patching.
Picture your business's digital infrastructure as a house. Each time you add a new application, piece of software, etc. it's like adding a new room to the house.
Software, apps, and the like are built by humans, meaning that there is room for human error. Human error is like an unlocked door or unfinished window in one of the new rooms.
This can leave a welcome mat out to cyber attackers. That's why your security plan needs to include routine assessments and patching.
3. Two-Factor Authentication
Use two-factor authentication to add a difficult-to-hack layer of security to your log in systems.
Examples include a verification code sent to a linked phone number or a piece of information only the user would know.
4. Restrictive Administrative Access
Add an additional security level for your most sensitive information and infrastructure by restricting who can access it.
Click here for more information on how to implement restrictive admin mode.
5. Network Segmentation
Divide your computer network into sub networks to improve security and performance.
This allows you to isolate the most sensitive data to a specific network to limit access and decrease congestion.
6. Vulnerability Scanning
There's no better way to access your security levels than a vulnerability scan.
Try our free vulnerability assessment to find weaknesses in your code and how to remedy them.
7. 24/7 Security Monitoring
Cyber security protection doesn't come in the form of a quick fix.
Continually protect your business' data with a 24/7 security monitoring system in place to catch attacks the minute they happen.
Protect Your Business for Peace of Mind
Cyber security tools are of the utmost importance for businesses and individuals alike.
Questions? Let us know if there is anything we can help you with. Our emergency response team is available 24/7 if you're currently dealing with a cyber attack. Contact us today.
Web Application Security Checklist for 2018
Chances are, your web app isn't as secure as it needs to be. That's why we're sharing this 2018 web application security checklist. Have you hit all the marks?
With a great sigh of relief, we welcome 2018. This new year brings us all new possibilities and opportunities. This is also a great time assess your business operations. From paperwork to threat assessments, now is your chance to start the year off right.
Unfortunately, it isn't just legitimate businesses that are hoping to have a great new year. The hackers of years past haven't gone anywhere. This year like any other, hackers will be looking to exploit your company's internet vulnerabilities. Let us help you prepare.
Let us help you prepare.
Make Sure Your User-Friendly Apps and Hacker Hostile
Web applications make is easy and efficient for clients, customers, contractors and employees to access your company's network.
But, these web apps can also open the door to unwanted visitors. Coding errors, weak passwords, and other mistakes can leave you vulnerable to attack.
But you aren't alone.
The Driz Group stands ready to help you defend your network against whatever this year brings.
Start 2017 with this Web Application Security Checklist
To help you assess your web applications strengths and weaknesses, we've put together this web application security checklist. Use this list to ensure that your web apps are secure and ready for market.
1. Assess and Review. This step involves a comprehensive review of the application. Test each step of the program for vulnerabilities. In fact, we will provide you with a complete vulnerability assessment checklist to make the assessment as simple and transparent as possible.
Ensure that users cannot bypass steps or gain access to unauthorized areas of the network through the app.
Can a user enter a new ID and receive a password without authorization? How many password attempts can be made before a lock-out?
2. Plan and Challenge. Next, you'll want to conduct test attacks to assess your app's weaknesses.
From password challenges to brute force attacks, you'll want to determine what your app can withstand.
You'll also want to make sure sensitive information isn't revealed in cookies or other easily accessed code.
3. Re-assess and Report. Once you have made your initial challenges, re-assess the app's areas of vulnerability. Conduct usability testing, perform functional testing and assess the error messages.
Did quick fixes solve the problem or is there more work to be done? In your report, you'll want to indicate which problems should be given highest priority for remediation.
Also, make note of any institutional errors that may threaten other web applications.
4. Remediate and Test. In this step, you'll use the report prepared in step 3 to make changes to the app.
Remove security threats, repair coding errors and re-educate users to ensure your website's security.
Once you've implemented these steps, test the web application's security again.
This four-step web application security checklist summarizes the path you'll need to take to ensure your web application doesn't leave you vulnerable.
But, as with all good things, the implementation isn't always easy. The Driz Group employs a team of experts dedicated to identifying and addressing your website's vulnerabilities.
We can prepare a comprehensive web application security checklist designed specifically for your network and web applications. Just give us a call or send us an email to get started.
In the meantime, have a great and secure 2018!
Steve E. Driz, I.S.P., ITCP