Clean key

How to Protect Your Bank Accounts from Dridex Malware

Hackers have stolen more than $40 million from U.S. and U.K. victims using a new strain of Dridex. Here is how you can protect your business from this malware.

A new spin on an old hacker favorite might be lurking in your email inbox. Hackers released a new strain of the Dridex malware as part of a large phishing campaign that was discovered in October 2015. The phishing emails try to lure you into opening an attached file. If you do, the malware-laden file will attempt to infect your computer if it is running Microsoft Windows. Once infected, hackers will try to get your banking credentials so that they can steal money from your bank accounts. Hackers have already stolen more than $40 million from U.S. and U.K. victims using this new Dridex strain, according to Tripwire.

A successor to the Cridex banking malware, Dridex was first discovered in July 2014. Dridex creates HTML fields that ask you to enter additional personal information when you log into an online bank account. The July 2014 version usually hid the malicious code that creates these fields in executable (EXE) files. In fall 2014, hackers started hiding the malicious code in macros in Microsoft Word files. Hackers made even more changes to the malware in fall 2015, making it harder for anti-virus software to catch it.

Once a computer is infected with Dridex, hackers can use it for more than just obtaining banking credentials. They can also use the computer to send spam or partake in attacks designed to shut down websites or web services. If you suspect your computer is infected, you should use an anti-malware tool to try to remove it. There are many free tools that identify and remove malware, such as Trend Micro’s HouseCall and Microsoft’s Safety Scanner. You should also change your passwords, including your banking credentials.

To help prevent a Dridex infection, you can take several measures:

  • Disable Word macros. Since Dridex uses Word macros to deliver its malicious code, disabling them can help defend against it. If these macros are disabled and you open a Dridex-ridden Word file, Word will display a message telling you that they must be enabled to open the file. The malicious code cannot run until you do so. If Word macros are enabled and you open a Dridex-ridden Word file, the malicious code will run without any notification from Word. In most versions of Word, macros are disabled by default.
  • Keep your anti-virus software up-to-date. Anti-virus software providers constantly update their software to thwart threats like Dridex. Thus, you need to make sure that your anti-virus software is always up-to-date.
  • Keep your applications and operating system software up-to-date. It is important to install application and operating system patches. That way, hackers cannot take advantage of known problems and vulnerabilities.

For more advice on how to prevent Dridex and other types of malware infections, talk to your IT service provider.

Tue, 24 Nov 2015 07:31:35 -0500 Major Examples of Email Mistakes One notable example of an email mistake that caused a data breach involved the Goldman Sachs investment management firm. In June 2014, a Goldman Sachs contractor accidentally sent a message to a email address instead of the corresponding email address. The latter email address is connected to the company’s in-house email network. The email contained a confidential document, and the mistake sent Goldman Sachs scrambling for a solution. To prevent the recipient from opening the message, Goldman Sachs took Google to the New York State Supreme Court. In its petition, the investment management firm said that the message contained "highly confidential brokerage account information" and asked Google to help it prevent a "needless and massive" data breach. The case was unprecedented, in that Goldman Sachs argued that email senders should have the right to "unsend" an email if it was sent by mistake. In the end, however, the court did not have to rule on the case, since Google voluntarily blocked the recipient’s access to the email. Another noteworthy email mistake occurred in April 2014. An employee at the risk advisor and insurance brokerage firm Willis North America accidentally sent a spreadsheet to a group of employees enrolled in the company medical plan’s Healthy Rewards Program. The spreadsheet contained confidential information, including employees’ names, email addresses, birthdates, Social Security numbers, employee ID numbers, office locations, and the details of their medical insurance plans. Willis North America agreed to pay for 2 years of identity theft protection for the 4,830 people affected by the breach. Although the leaked information did not include details about the victims’ health conditions or the health information of their dependents, Willis North America was still cited for violating the US Health Insurance Portability and Accountability Act (HIPAA).

The Costs of Email Mistakes

According to the Ponemon Institute, data breaches caused by careless human error cost companies on average $117 per compromised record. If an email mistake affected thousands of people, as was the case for Willis North America, then it could result in sizable losses. Several issues can cause these high costs. As the Cisco case showed, losses in productivity can cost a company a significant amount of time and money. Another cost stems from paying for identity theft protection for the victims. Additionally, if the email mistake led to a data breach, then the company could find itself facing lawsuits or punitive fines. Data breaches like these could also reveal sensitive company information to the general public. Email mistakes, especially those that cause data breaches, can also tarnish a company’s reputation, which can lead to lost business opportunities. As one example, Goldman Sachs faced substantial damage to its reputation after its email-related data breach in 2014.

Avoiding Careless Mistakes

To prevent any mistakes, create clear-cut policies and procedures about sending emails, especially those with sensitive information. You’ll also need to educate your staff members about the problems caused by carelessly sending emails. Employees are more likely to think twice about sending a message when they know just how costly a mistake can be. By the same token, you should develop a workplace environment in which employees feel comfortable talking about their IT concerns. By making your staff members feel comfortable about discussing these issues, you can improve the odds that one of them will ask a question that could avert a mistake. Data loss prevention (DLP) software can also help in this regard. This software can stop employees from sending confidential information intentionally or by accident. Look to your IT staff or service provider for help when searching for a DLP solution that matches your individual needs. ]]>
Thu, 29 Oct 2015 11:40:11 -0400 <![CDATA[

Since Windows XP, the Windows operating system has included an application known as Remote Desktop. Remote Desktop lets you remotely control Windows computers through a local area network or the Internet. With Remote Desktop you can run programs, access files, and even manage network resources on any Windows computer.

To get started, you’ll need to set up the computers you want to remotely control. Remote Desktop requires your user account to have a password, so you’ll want to do that first. Click the Windows “Start” button and select “Control Panel.” Click the “User Accounts” option and then click “Change your password.” Enter a password for your account. From this point on, your computer will prompt you for a username and password at login time, whether the computer is accessed locally or remotely through Remote Desktop.

Next, you’ll need to enable access for Remote Desktop. Click the Windows “Start” button and right-click “Computer.” A drop-down menu appears. Click the “Properties” option. In the window that opens, click “Remote Settings.”

You’ll probably want to check the box labeled “Allow connections from computers running any version of Remote Desktop.” This option is convenient if you have multiple versions of Windows running in your home or office, as each version of Windows is slightly different in handling Remote Desktop connections.

Finally, you need to choose which users you’ll allow to connect via Remote Desktop. Administrative users automatically have access to Remote Desktop. If you want to give other users access, click the “Select Users” button, select the users in the following window and then click “OK.”

After you’ve set up Remote Desktop on your computers, you can connect to them from anywhere in your home or office.

Click the Windows “Start” button and type “remote desktop” in the search text box. Type the name or IP address of the remote computer and click “Connect.” Your computer will connect to the Remote Desktop computer, and you’ll be prompted for the appropriate username and password. Correctly entering the username and password will give you access to control the computer.

Connecting to your Remote Desktop computer through the Internet is also possible, but extra settings are needed on your router. You’ll want to Google specific instructions for your router in order to get things working, but it’s usually a straightforward process.

Internet of Things image

How the Internet of Things Is Changing Cybersecurity

Over the next few years, companies will be connecting billions of unconventional devices to the Internet. Find out how this wave of web-connected devices will affect the security of your business’s data.

The Internet has radically changed society over the last few decades. It will continue to shake things up in the years to come as consumers are starting to connect thermostats, lights, refrigerators, and other unconventional devices to the web. This phenomenon is known as the Internet of Things (IoT).

The IoT is not limited to consumer devices. Companies are also beginning to connect devices such as security cameras and heating, ventilation, and air conditioning (HVAC) systems. Gartner predicts that 26 billion devices will be online by 2020.

Some devices have IoT technology built into them, whereas other devices have the technology added to them. Either way, the IoT technology collects data about the devices and sends it to applications by means of the Internet. People often use the applications to not only monitor devices but also control them.

Using IoT devices has its advantages, but it also exposes companies to security risks. Hackers are already beginning to exploit IoT devices.

The Advantages

Both business owners and home owners can benefit from IoT technology. They can control IoT devices from just about anywhere using their smartphone or tablet. They can lock doors, turn off lights, check appliances, dial down the thermostat, and monitor areas when no one is around.

Business owners can also benefit from outfitting crucial equipment and systems with IoT technology. The data returned from them is priceless. It can give business owners early warnings about problems before they turn into costly mechanical and system failures. The data can also help business owners make better decisions about equipment and energy usage.

The Security Issues

Using IoT devices can expose companies to security problems. IoT-ready devices often have security vulnerabilities such as default passwords that are easy to crack and firmware updates that are easy to spoof. Plus, unauthorized users can often bypass the security measures in the devices’ web applications.

Just as troublesome is that many users do not realize they need to protect their IoT devices. After all, when the average person thinks of cybersecurity, they are usually picturing computers, not web-connected refrigerators. As a result, they do not use anti-malware programs and network security tools to protect their IoT devices. These insecure devices can put a company at risk since they are usually connected to the network that hosts the company’s critical data and applications.

To protect your IoT devices and your network, you need to make sure that:

  • Each IoT endpoint in your network is a legitimate device and not one being run by a hacker
  • The data being sent over the Internet is not being spied on, changed, or stolen
  • Personal and sensitive data remains hidden from prying eyes, even if those eyes belong to authorized users

In short, you must authenticate your IoT devices, ensure data integrity, and set users’ permission levels in way that preserves confidentiality. The massive scope of the IoT phenomenon makes managing these issues especially challenging.

How Bad Actors Exploit IoT Devices

As the number of IoT devices increases in a network, so does the likelihood that a hacker will be able to find one with weak security. After taking over one IoT device, the hacker can access the rest of the network. At that point, the hacker is free to steal information or install malware.

Hackers can also use IoT devices as part of a botnet. A botnet consists of a large number of computers and other devices under a hacker’s control. Hackers use botnets to send large amounts of spam and malware. The cybersecurity firm ProofPoint discovered one of these attacks in January 2014. The botnet included more than 100,000 devices, including routers, televisions, multimedia centers, and at least one refrigerator. Over a two-week period, the hacker used the devices to send 750,000 malicious emails to companies and individuals around the world.

Hackers can also use botnets to bombard networks and websites with service requests or messages. When the network or website can no longer cope with the onslaught, it shuts down.

Much more troubling is the fact that hackers are starting to use IoT devices to inflict physical damage. For example, in December 2014, German officials revealed that a steel manufacturing plant had fallen prey to hackers. After breaking into the plant’s network, the hackers disabled the controls on one of the blast furnaces. Due to the attack, the furnace was unable to shut off and caused massive damage to the facility.

In the government and in industry, there is much hand-wringing and concern for organizations that provide Critical Infrastructure, such as power-generation plants and water utilities, since much of the equipment used to control the pumps, motors and other key devices was designed decades ago prior to the Internet age, with little or no security. Many of these devices were subsequently “plugged in” to the Internet and are now susceptible to attack.

Cybersecurity experts are also concerned about the possibility of hackers taking control of Internet-connected cars. After hacking into a car’s system, the attackers could steal it. Worse yet, they could hijack a car while the owner is driving it, as demonstrated by a cybersecurity expert in a “60 Minutes” news report.

It’s not just hackers – last year researchers demonstrated how they gained access to a Nest “smart” house thermostat. This thermostat is designed to “watch” movement patterns in a house to see when it is occupied and to heat/cool it at the right times. So a bad actor could use this data to determine the best time to burglarize the house.

The Future of Cybersecurity

No one doubts the value of IoT devices. There are questions, however, about the ways in which companies can safely implement them. To answer these questions, companies should look to their trusted IT partners. These experts can offer guidance about the best ways to safely capitalize on the opportunities offered by the IoT phenomenon.