What Does it Mean When Your Website’s Registrar is Hacked?

On October 16 Web.com, Networksolutions.com, and register.com had a breach, and as of Nov2nd there is no mention of anything like a breach on their website (web.com owns the others)

The breach information was obtained from the always useful Krebsonsecurity.com site.

 

So what happens when your website’s registrar was hacked? It likely means all of your personal information that you entered into the registrar is now in the hacker’s hands.

What else can happen?

Depending on how bad the breach was(how much the hackers stole) passwords could have been stolen. This is why one should change passwords periodically anyway, but especially after a breach at your registrar.

So if the hackers get sneaky, they can redirect your website to other servers and take over your webtraffic. What could happen then is that anyone trying to access your website could get malware and then get hacked. It is a possibility in this scenario to get some liability for hacking your customers inadvertently.  This is the case in any hacker scenario.

Let’s say due to errors and misconfigurations your website was hacked by the bad guys(not just a registrar error), now the bad guys set up your website to have hidden downloads for all of the people that visit it.  each one of these downloads is actually malware that installs ransomware. So now your clients and potential clients are being infected by your website.  If your client can point to your site and say that is where I got my ransomware – you could be liable!!

So a potential hack on your website has a high impact. And thus it is important to review and make sure it is in good shape all the time. It is not enough to just making sure the server is up. The website has to be unaltered.

 

Contact us to discuss this subject further.

Chrome Zero Day Vulnerability Noticed on Halloween

https://www.zdnet.com/article/halloween-scare-google-discloses-chrome-zero-day-exploited-in-the-wild/

ZDNet points out that Google Chrome has a Zero-day vulnerability – which means you cannot patch or fix your Chrome Browser.

The above image is from a Mac Chrome browser, thus I want to make sure you know any Chrome browser (including on Android or IPhone as well).

I have discussed Zero-Day vulnerabilities before (Dec15/15 post):

Zero-Day Attacks And Why Patching Means Catching Up

Here is a risk management matrix:

So this new vulnerability is a high impact and maybe a medium likelihood.  You can reduce your likelihood by being extra careful to phishing attacks.

Update Nov 5th : the Chrome Zero-day vulnerability was patched: https://www.techradar.com/news/google-patches-another-major-chrome-zero-day

So now it  is up to all of us that use Chrome to patch and update your software!!

Contact us to discuss how your risk matrix looks.

Stopping Social Engineering Attacks No, Slow Down Yes!

Elements of an Attack:

From the article at TechNewsWorld.

Social Engineering is equivalent to scammers trying all types of methods to gain information or money.

What does it mean to have an image above that shows many possible Social engineering attacks?

Let’s list them:

  1. Techniques
    1. Phishing
    2. Pretexting
    3. Baiting
    4. Quid Pro Quo
  2. Compliance principles
    1. Friendship or liking
    2. Commitment or Consistency
    3. Scarcity
    4. Reciprocity
    5. Social Validation
    6. Authority
  3. Target
    1. Individual
    2. Organization
  4. Goal
    1. financial Gain
    2. Unauthorized Access
    3. Service Disruption
  5. Medium
    1. E-mail
    2. Face-to-face
    3. Telephone
    4. SMS
    5. Paper Mail
    6. Storage Media
    7. Webpage
    8. Pamphlets

And the above methods are only the current or ‘older’ attacks. Each heading is followed by the specific attack method. And these methods are all focused on taking resources or information to eventually relieve you of money.

Now social engineeringattack advances  has added Vishing – which is attempting to influence an action by calling/contacting a mobile phone which requires a quick action.

Impersonation is the practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system. (another newer method)

Sometimes the goal is to gain information not actually steal resources($  or computer time) at first. Only after a lot of information gathering is a unique social engineering attack going to go for the jugular and the money they are all after.

 

So what can be done to slow down or reduce the attacks (Under no illusion to completely stop all attacks).

Introduce a process or method – let me take your information and I will call you back. (most phishers will not want to give a number). Authenticate the person’s number to make sure it is legitimate.

Also make a rule never to give out personal information on an incoming call – have a standard response available. ” Mr./Mrs./Ms/ you can understand that with all of the possible hacker attacks we do not give out any(or xyz) information via phone” If needed I can call you back tomorrow, am busy now.

No matter how you are being contacted the response can be changed… On an incoming text we do not give out personal information. Please give me another phone # so I can contact you tomorrow.

Do not respond to texts with information, require a call and other contacts to verify the authenticity of caller.

A social engineering attack can be complex but it really has the same goal as all hacker attacks to take resources and information from you. If you can slow them down, make them work harder to get what they want. then you are most of the way to a secure and safe network.

We can help you rewrite your security policy: contact us.

October is Cybersecurity Awareness Month

In a year of many problems and issues the Department of Homeland Security decided to make October the National Cyber Security Awareness Month (NCSAM) since 2003.

https://www.dhs.gov/national-cyber-security-awareness-month

 

The Theme is Own IT. Secure IT. Protect IT.

Own IT is reminding you to travel with cybersecurity in mind (at least some of the time), Social media usage and online privacy should be connected and though about how to use social media. the Internet of things devices should be sought out and updated or reviewed to make sure they are secure.

Secure IT is typical, a focus on Strong Passwords, but we could talk about just changing default passwords would be good too.  The famous xkcd image is interesting:

passwords leads to MFA or Multi-Factor-Authentication.

MFA is required or suggested for in NIST 800-171.

Phishing we discussed in a recent blogpost: https://oversitesentry.com/top-cybersecurity-problem-for-small-business/

Securing your ecommerce may be simple or common sense…  But has to be guided by OWASP as I discussed in https://oversitesentry.com/owasp-has-new-testing-guidelines-document/

 

The Secure IT portion is a combination of things:

  • Patch your software
  • Be aware of how you share personal information of employees or customers PII (Personally Identifiable Information)

Keep in mind a simple strategy to  protect yourself and your company ZeroTrust

ZeroTrust  means do not implicitly  trust. First verify trustworthiness before doing business and granting access.

Zero Trust is used in many manufacturer network architectures, such as Cisco:

https://www.cisco.com/c/en/us/products/security/zero-trust.html

or Palo Alto:

https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture

“In Zero Trust, you identify a “protect surface.” The protect surface is made up of the network’s most critical and valuable data, assets, applications and services – DAAS, for short. Protect surfaces are unique to each organization. Because it contains only what’s most critical to an organization’s operations, the protect surface is orders of magnitude smaller than the attack surface, and it is always knowable.”

 

This is a good strategy for 2019 Cybersecurity awareness… Do not assume a social media connection until verified. Email link, email attachment, phone call and many other possible attacks to your business.  Unfortunately this means sometimes mistaking or requiring a possible customer to prove who they are, but with some thought this can be done tactfully so that a potential customer can see why this is being done.

 

Contact Us to go into detail for some more awareness for you and your business.

Exim, Internet Mail Software, Flaw Causes Problems

Needless to say a flaw in an older version of Exim (4.92.1) had a serious problem or flaw that became CVE-2019-15846:

I like to point out some problems that come up that are interesting… This Software is needed in Mail servers and is not obviously known to most people. But if a company does have it now needs to be upgraded.

Notice there were many releases of this software before someone found the vulnerability , here is the CVE information from Bugtraq:

Description- Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

 

Bugtraq has an interesting explanation :

"Zerons" and Qualys discovered that a buffer overflow triggerable in the
TLS negotiation code of the Exim mail transport agent could result in the
execution of arbitrary code with root privileges.


 

So it seems that hackers found the flaw and it was patched quickly… But the administrators still need to install and update. So as usual here is the weak point – administrators which are already stressed have to do some off-hours updates sooner than later.

Contact Us to discuss