Shane Chambers No Comments

Three Major Antivirus Companies Breached by Russian Hackers

In the latest major security breach to rock the business world, three major US-based antivirus companies have been hit by Russian hacker group Fxmsp. Fxmsp, who are well known in the cyber security community for previous high-profile breaches, began advertising the spoils of their latest venture on the dark web for upwards of $300,000, while providing strong evidence of their claims.

Fxmsp is known for selling access to large, global corporate networks on the dark web.

Threat-research security firm Advanced Intelligence (AdvIntel) broke the news in a report published last week, stating that Fxmsp were attempting to sell both source code and network access to three global then-unknown antivirus companies.

The hacker collective had laid low the past two years, but reappeared on online forums within the last few months, where AdvIntel and others began monitoring them closely. Fxmsp claimed online that their hacking operation of the AV companies had begun six months ago, and when it had completed its operation (downloading more than 30TB of critical data in the process), it uploaded screenshots and samples to prove the legitimacy of its haul.

Assuming that the group are telling the truth, which looks likely, this is catastrophic news for the companies involved. If hackers and other nefarious actors gain access to the source code being sold by Fxmsp, they could potentially locate vulnerabilities that allow them to bypass antivirus on millions of computers worldwide, or even turn the AV software into malware – spying on user PCs and later leveraging their information to commit other cyber crimes such as identity theft and fraud.

After additional research on dark web forums, AdvIntel discovered conversations between Fxmsp and other actors claiming that the three antivirus companies hit were Symantec, McAfee and Trend Micro. AdvIntel claim to have full chat logs of the secret discussion held between Fxmsp and potential buyers, as well as samples of the source code allegedly stolen from the three companies listed.

All three companies have downplayed the incident in their public statements, in an attempt to preserve trust in them and maintain their reputation, however if the claims are true, it’s only a matter of time before they have dire consequences – with their customers potentially facing a large risk as well if their computers are opened up to hackers.

Shane Chambers No Comments

DHL Phishing Campaign Found to Contain New Strain of Malware

Every year, the number of phishing scams seems to be increasing, with the malware-ridden emails getting continually more sophisticated and convincing. The latest global phishing campaign purporting to be from international courier giants DHL has been tricking users into opening a fake PDF attachment – and subsequently unleashed a previously unseen piece of malware to wreak havoc on their PCs.

Cyber criminals are taking advantage of DHL’s worldwide reputation and brand recognition in order to distribute a previously unseen strain of malware, named Muncy. Once the user downloads the fake PDF attachment, the trojan sneaks onto their PC and begins scanning the C:/ drive for any files containing sensitive data.

Once it has completed its scan, it then sends back any data found to the criminals’ server, where they can attempt to steal the user’s money, impersonate them to commit identity fraud, or even request a ransom from them to not release the data publicly.

So how do I recognise this email if I get it? Well, the first question you should ask yourself if you receive a mail from DHL is if you’re expecting a parcel from them. Getting a parcel delivery notice when you’re not expecting any deliveries is always a sign that the email may not be genuine.

For this scam in particular, they have taken advantage of some of DHL’s mail servers to make the emails appear as if they are coming from [email protected](.)com, so they can look quite genuine. The subject of the email is reported to be ‘DHL SHIPMENT NOTIFICATION’, although this may be subject to change if people start to catch on.

The most important thing to bear in mind is to never open links or download attachments in emails that you suspect are not genuine. Most companies like DHL will instead email you a tracking number that you can independently put into their website to see where your delivery is, not send you a PDF out of the blue. Almost any attachment can be dangerous (.txt files are usually safe, but even these have been exploited to contain malware now). That means not just .exe files can execute themselves on your PC and install malware.

If in doubt, throw it out. Be sure to always think before you click anything in an email. If someone, even a trusted friend or colleague, sends you an email asking you to do something you wouldn’t normally, confirm with them over the phone (not text) or in person before you take any actions.

Phishing scams are getting increasingly sophisticated and common, fooling the filters of consumer-based email providers such as Gmail and Hotmail, and even slinking past corporate providers such as Office365 and some advanced email filtering solutions.

For businesses, we would strongly advise cyber security awareness training be provided to all staff as a key tenet of your security practices – doing so can be the difference between avoiding a cyber attack and being the subject of a costly data breach and GDPR fine.

Shane Chambers No Comments

Businesses Have Just One Year to Upgrade from Windows 7

Earlier this week, Microsoft made the announcement that Windows 7 would finally be reaching end-of-life; meaning that from January 14th 2020, it will no longer receive free security updates from Microsoft. When Windows XP hit end-of-life in 2014, the floodgates opened for cyber criminals who could now develop malware for the operating system without fear of vulnerabilities being patched, and the same is expected to occur for Windows 7. So, with Windows 7 in use by an estimated 70% of businesses worldwide, what does this mean for them?

Windows 7
Windows7, the most popular OS for computers in the world, will reach end-of-life in 2020

When Windows XP reached the end of its own support cycle, it affected 40% of the world’s computers, leaving them vulnerable to cyber attacks. Despite a sharp increase in malware and several high-profile incidents such as the WannaCry attacks of 2017, it is estimated that up to 70 million PCs are still using the outdated (and frankly dangerous) operating system.

One of the main reasons why so many Windows XP machines are still out in the wild is due to the costs that upgrading can incur upon businesses. Upgrading a large number of PCs to a new operating system can be expensive, and sometimes the hardware is too old and must be replaced altogether. Furthermore, a lot of businesses use legacy software and programs that are quite specific to their industry and may not be supported on newer operating systems such as Windows 10. Small and medium sized businesses in particular can find it hard to find the time and budget to upgrade from obsolete operating systems.

So what will happen when Windows 7 reaches the end?
Even after January 14th, 2020, you will still be able to use Windows 7. However, any security vulnerabilities or bugs won’t be fixed by Microsoft, leaving you open to cyber criminals who will be hoping to take advantage of businesses who are slow to make the change. Without regular patches and updates, users of Windows 7 will essentially be at the mercy of hackers.

For most businesses, we would advise starting to plan straight away and aim to update to Windows 10 well in advance of the deadline. However, for those who can’t upgrade due to use of legacy software or other business reasons, Microsoft will be offering an extended support period – for a fee. Until 2023, companies will be able to pay a monthly price (per Windows 7 PC) to Microsoft in order to continue to receive security updates.

Microsoft haven’t announced the exact cost yet, but have said that it will increase in cost each year, and will end in 2023. So, we see extended support as a less-than-ideal option, but for workstations that cannot be moved off Windows 7 for the moment, it’s definitely a better choice than leaving them vulnerable.

How do I prepare to upgrade my Windows 7 machines?
It is important to start planning now and get an accurate picture of how much work will be needed. Start by identifying how many PCs use Windows 7, and work out how many PCs can be upgraded and which ones will need to be replaced altogether.

Next you will need to identify any software and legacy systems that may need to run on Windows 7, and see if it possible to upgrade or find a way to run them on a newer operating system, or whether they can be replaced with a different product that can be ran on Windows 10.

A timeline will need to be drawn up for the upgrade process, to work out how soon you will be able to upgrade or replace machines, with budget laid out to cover the costs of upgrading and when time can be spared by IT staff in order to undertake the project

Lastly, if any machines DO need to stay on Windows 7, you will need to decide whether to pay for Microsoft’s extended support and implement security controls where possible to separate crucial systems from these Windows 7 PCs.

The good news
Luckily, Microsoft have realised the difficulties that having to update operating systems can cause businesses, so Windows 10 has been developed with that in mind. Their new model is known as Windows-as-a-Service, and means Windows 10 will receive continuous content/feature updates in addition to security patches, meaning it will likely have a much longer life cycle than any previous operating system.
What Windows 10 will look like in ten year’s time, we couldn’t tell you, but the ability for Windows 10 to be continually developed without disrupting businesses is something we are sure everyone will be grateful for.

Shane Chambers No Comments

Quora Users Watch Out – 100 Million Users Details Leaked in Data Breach

Another day, another data breach, it seems. On Friday, Quora became aware of an incident involving an “unauthorised third party” accessing data from 100 million users of the Q&A platform, and yesterday it began to notify users in an attempt to contain the incident. Quora Tweeted late last night, “We have discovered that some user data was compromised by unauthorized access to our systems. We’ve taken steps to ensure that the situation is contained and are notifying affected users. Protecting your information is our top priority” and directed users to a blog post with further information.

“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility”
– Quora CEO Adam D’Angelo

Read more

Shane Chambers No Comments

Irish Businesses and Consumers Targeted by Extortion Email Scam

It’s 2018, and phishing emails are just an expected part of life for email users around the world, containing all manner of malware within concealed links and dodgy attachments. Most of us can recognise poorly spelled phishing emails that lack any real context, but what happens when something more complex hits your inbox? What if a cyber criminal emailed you your password – a real password you’ve used – and told you that they had compromising videos of you and more? What if they said that unless you pay a Bitcoin ransom, they would share this incriminating footage with everyone on your contacts list? That’s exactly what has been happening to thousands of Irish users, to both personal and corporate email addresses.

Cyber criminals are ever trying to find newer, more sophisticated means to scam the general public and businesses through phishing

Read more