Android Malware Steals from PayPal Accounts

Description

What happens when you combine a remotely controlled banking Trojan with an abuse of Android Accessibility services? According to new research from ESET, you get an Android Trojan that steals money from PayPal accounts, even with 2FA on.


What You Can Do

The attack against the PayPal app highlights the vulnerabilities of installing apps from unknown sources and demonstrates how easily an overlay attack can hijack a strong application. You should avoid installing apps from third-party app stores to remain safe from malware attacks. Also, exercise great caution before providing any app with access.

Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

Recently, the FBI has discovered a hacking threat that affects at least half a million wireless routers and other devices across the world. This malware creates a "botnet", a group of connected devices that can launch an attack simultaneously, and also allows these devices to steal website credentials or can shut the appliance down completely. Because these devices do not have an Intrusion Protection System (IPS) or an anti-virus solution, they are easily exploited. Small home and office products as well as network-attached storage devices are affected.

The FBI recommends:

  • 1) Reboot these devices to disrupt and help identify affected appliances.
  • 2) Disable remote management settings.
  • 3) Secure appliances with a new, strong and encrypted password.
  • 4) Keep firmware up-to date.
  • 5) Optional: Completely reset the device.

More reading:

https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.ic3.gov/media/2018/180525.aspx

If you are not sure if one of your devices is affected, we can evaluate for best practices up to and including replacement of your network appliances with one of our recommended products. Contact us to schedule service.

LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of available updates and will continue to inform its clients of any new information.

If you have any questions or need assistance with checking and updating your devices, please don't hesitate to contact us.

Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

IT NEWS - Ransomware 2018


On May 31, 2018, Security Intelligence published a mid-year article “Are Ransomware Attacks Rising or Falling?” (https://securityintelligence.com/are-ransomware-attacks-rising-or-falling)


  • Ransomware is the top variety of malicious software, 76% of breaches were financially motivated, and 28% of attacks involved insiders (employees).
  • Ransom-related attacks are moving to more targeted methods, focusing on quality rather than quantity of targets according to F-Secure.
  • In 2017, Malwarebytes tracked a 90 percent increase in Ransomware over 2016, with monthly increases up to 10 times the rate observed the previous year.

Many of the following items are managed for you by LeeShanok. Please review the following checklist, and schedule a call with your LeeShanok Account Manager if there remains any uncertainty.


Monitor Activity - Be made aware of attacks that get through firewall.

Blacklist - Slenders, domains, and geographies that have sent malicious messages.

Backups - Back up servers and file shares regularly, and periodically validate effectiveness. Some backup strategies involve multiple sources and destinations, and may include software from more than one manufacturer. This adds to the complexity but the objective is the same, make sure you can recover from disasters.

User Profiles - If your user’s profile folders are on their local PCs, consider re-directing them to a common storage location that is included in backups.

Patches - Apply patches to Servers and end-user computers, Windows, devices, and software. It's true that updates occasionally cause problems, but a lack of updates will certainly increase vulnerabilities. If your server has updates in queue, don’t wait too long to apply and reboot.

End-Point Protection - Protect PC’s with antivirus/antimalware software from respected providers (we recommend Trend Micro). Make sure subscriptions haven't expired and that real-time protection is active. Central purchasing and administration allows for consistent protection, alert handling, license renewals.

Windows Firewall - Protect end-user computers with active Windows Firewall, or use the firewall if present in your antivirus software.

Network Firewall - Periodically review your network firewall to make sure it receives software and firmware updates and is supported. Businesses providing internet access to customer’s through a business center or guest-wifi will benefit from content filtering and traffic shaping. We recommend Cisco Meraki and Cisco ASA with FirePower.

Network Segmentation – Segment your network into logical groupings, limiting access by an attacker.

Educate Users – Let us host a free workshop for employees and satellite offices on "IT Security for the Common Worker", and we will even supply lunch for your team.



Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

LeeShanok IT News


SECURITY ADVISORY:
Current Security Threat - Remote Support
Scams and Search Ads


Dear [Contact: First Name],

"Hello, this is Microsoft Technical Support." Or is it?


There is a new twist on an old scam that impersonates trusted companies like Microsoft, Apple, and Merrill Lynch, attempting to gain remote access to your computer or online account. Google Chrome appears to be the susceptible browser, and fictitious phone numbers can be found in the ads at the top of search results. These ads are platform-aware, such that scammers answer “This is Apple…” when you’ve used Chrome running on an Apple device to search for a number, and “This is Microsoft…” when Chrome was used on a Windows device.


The scammer will ask the victim to go to Microsoft's Remote Assistance Support website. As stated at the bottom of the picture, Microsoft uses the 3rd support tool LogMeIn to provide tech support to clients. The unaware victim will think that they are working with Microsoft directly.


The scammer then provides the victim the 6-digit code to THEIR LogMeIn Account to gain remote access to the victim’s computer. See the picture below:



This is all a part of the scammer’s ongoing unethical pursuit to steal your money and/or identity. Once they have access to your PC, all of your data can potentially be compromised.


If you receive a call or email and are not sure if it is genuine, do not share any information or allow remote connections. Contact LeeShanok for any questions and we can make a determination of legitimacy.


LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of security threats and will continue to inform its clients of any new information.


If you have any questions or need assistance with anything IT-related, please don't hesitate to contact us.


Your Technology Partner,

The LeeShanok Team

Tucson: 520-888-9122
Phoenix: 602.277.5757

IT NEWS - MONSOON SEASON


Monsoon Storms can cause...

  • Shorts and Damage from WATER
  • POWER Surges and Outages
  • Failure from Excessive HEAT

WATER - In your server/comm room, look for gaps between floor, walls, and ceiling, and around conduit entry paths and terminations. Water will follow cables into rack-mounted and free-standing devices, then seek low points on the floor to pool. Being a good conductor with little resistance, water lets big current flow where it shouldn't, zapping anything in it's path.


Use Silicone based sealer to fill gaps in walls and around conduit and cable terminations. Patch roof coatings and gaps around flashing now to stop water on it's way to Arizona.


It's wise to stock up on a roll of plastic sheeting and several spools of quality duct tape. If you notice water entering above or near equipment, use the sheeting to direct it away from equipment and secure it with duct tape. This costs far less than a server "Turtle Shield" as shown:


POWER - Spikes, shorts, lows and outages cause unplanned shutdowns and can damage electronics and data. Uninterruptible power supplies (UPS's) condition lines against low voltage brownouts and power outages, which can spike when power returns. If power remains off, the UPS can initiate normal shutdown and avoid data loss. Check UPS batteries using monitoring software or dashboard.


Matching the UPS' power capacity to the equipment plugged in doesn't just make sense, it's important to increase the up-time after power outage, and to lengthen battery life. Servers can require 1500 VA, Desktop PC's 600 VA, Switches/Routers/Firewalls 350 VA, and you add the power consumption of all devices together for total power consumption.


If you haven't checked your backups in a while, now is a good time. Review logs for frequency and successful completion, then restore a few test files and folders. If you're not sure, create a new full backup before the first storm hits. We're here if you need help.


HEAT - Monsoon storms are accompanied by excessive heat. As dust accumulates inside enclosures and airflow around components slows down, it's like wearing a heavy jacket on a summer day with little wind. It won't take long to exceed your comfort zone. Most electronic components have built-in temperature limits that cause rapid shutdown to avoid damage. The best prevention is adequate airflow around the devices in a relatively dust-free environment, with all internal fans working well. Don't forget to annually air-wash the interior of your computers.


Monsoon storms can be dramatic, but these tips can help protect both network and data.


Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

LeeShanok IT News: Internet of Things (IoT)


Wikipedia describes the Internet of Things (IoT) as the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect, collect and exchange data.0

The Gartner Group predicts 20 million "smart" devices in use by 2020, and this excludes PCs, tablets and smartphones. In their IoT Technology Discussions survey, IT Security was selected as the top barrier to IoT success. The exponential explosion of these devices "creates an attack surface that has never been seen before." 1

Last Friday, California Governor Jerry Brown approved the nation's first IoT Cybersecurity Law at the state level, which requires by January 1, 2020 that all "smart" device manufacturers design and deliver devices with "reasonable" security features appropriate to the nature and function of the device, and to any collected, stored or transmitted information. It also requires "reasonable" authentication, with a unique pre-programmed password, or a common password that must be changed at 1st boot. Security must be incorporated in the design phase to provide protection against unauthorized access, destruction, use, modification or disclosure. 2

There is concern about the ambiguous wording in California's bill, like "reasonable security features" and "reasonable authentication", which seems to encourage adding universal security features rather than reducing or removing specific vulnerabilities. Each device category has unique characteristics that require clear description of standards such that manufacturers know what is required and how their products will be evaluated for compliance. 3

Congress is evaluating multiple proposals relating to IoT that require manufacturers of any connected devices purchased by the federal government to supply 3rd-party verification that the devices are free from known vulnerabilities, can be patched, and have good authentication with a unique password per device, or where the user must change a common password at 1st turn on.

  • Cybersecurity Improvement Act of 2017
  • SMART IoT Act
  • IoT Consumer Tips Act
  • DIGIT Act

Overall, we believe the discussions taking place are vital for positive changes to occur, and as these bills are refined and become law we will all benefit.

Our team is available to discuss your IoT devices, your connection and security strategy, and to help you understand your unique situation.

Your Technology Partner,
The LeeShanok Team

itsupport@leeshanok.com
Tucson: 520.888.9122
Phoenix: 602.277.5757


Additional Resources:
Armis Inc - Buyer's Guide to IoT Security - View PDF
Gartner Group - The Death of IoT Security as You Know It

References:
0 Internet of Things (IoT) - Definition

1 IoT Technology Disruptions: A Gartner Trend Insight Report

2 California's IoT Cybersecurity Law Sets Standards for Device Manufacturers

3 The Cybersecurity 202: California's Internet of Things cybersecurity bill could lay groundwork for federal action

Marriott says 500 million Starwood guest records stolen in massive data breach

Description

Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.


What You Can Do

In order to protect yourself, sources suggest you can:
1. Change your password
2. Monitor your accounts for suspicious activity
3. Open a separate credit card for online transactions
4. Be vigilant

In addition, talk to a Managed Service Provider to learn how they can help you stay protected.


Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014

IT NEWS - CURRENT SECURITY THREAT - IoT (Internet of Things) ATTACKS


The FBI has posted a warning regarding non-secured IoT(Internet of Things), or "smart" devices.


According to Techopedia, the Internet of Things is "everyday physical objects being connected to the internet and being able to identify themselves to other devices." This object no longer "just relates to its user, but is now connected to surrounding objects and database data." These objects can be refrigerators, garage door openers, thermostats, DVR's, healthcare appliances, vehicles, doorbells, door locks, fitness trackers and cellular phones to name a few. Even dog collars and hearing aids can be connected to the internet!


Hackers are searching for vulnerable devices to use "as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation." A malicious cyber actor may gain access to and utilize the compromised device to invade a local network, send spam emails and/or attack other networks outside of the original one. Because the IP address of a local device is in the U.S., many of the filters that would block this type of behavior from known suspicious countries could allow this traffic to pass.


How to protect yourself:

  • Always keep a product's firmware and patches up to date. This includes routers and firewalls.
  • Reboot devices regularly.
  • Change any default passwords immediately. Never reuse a password on more than one device.
  • If possible, keep any IoT objects on a separate network or VLAN from the main network.
  • Install antivirus on any applicable devices and keep them up to date.

For further reading:
https://www.ic3.gov/media/2018/180802.aspx


If you are not sure if one of your devices is affected, we can evaluate for best practices and make recommendations. Contact us to schedule service.


LeeShanok takes IT security seriously and it is our duty to inform our clients about potential threats and vulnerabilities that can affect your business. LeeShanok is monitoring the current status of security threats and will continue to inform its clients of any new information.


If you have any questions or need assistance with checking and updating your devices, please don't hesitate to contact us.


Your Technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

LeeShanok IT News


Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites


Description

Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web publishing platform.


What You Can Do

The developer behind the plugin, which is called WP GDPR Compliance, has issued a patch fixing the critical flaw. Its users are, therefore, strongly advised to upgrade to version 1.4.3, or alternatively disable or remove the tool.


Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 330 | Phoenix | Arizona | 85014
SCROLL TO TOP