By Martin Quinn (Principal Consultant) 20 November 2013

Big data seems to be the buzz word that’s on the lips of CIO’s to system admins over the past few years (TIME declared “Big Data” the #2 buzzword of the year 2012). Despite so much buzz, we’re truly only at the dawn of Big Data and for me it seems to be the monolithic beast which most businesses either don’t understand or have this perception that it’s akin to Mt. Everest (a mountain many of us will never climb)

Big data is the often referred to as the huge complex data collections, that due their size is difficult to process with standard or traditional processing applications. Depending on the organisation, this could mean a few Terabytes (1×10¹²) up to a few Exabyte’s (1×10¹⁸). These collections often contain several data information domains such as; storage, capture, search, correlation, sharing, transfer, visualization and analysis, to name a few. Each of which, have their own characteristics and security pitfalls, and need to be handled in a systematic way.

Security professionals/teams need to get in on the ground floor with Big Data projects in order to understand the unique risks involved and those that are pertinent to their business, especially regarding access governance, data protection and integrity and regulatory compliance (e.g. exposing PII or transmitting across geographical jurisdictions). Not only this but these professionals or teams will also need to better understand the information life cycle and how this can be applied to Big Data.

So does big data live up to the hype? In a nutshell – YES, Big Data has a myriad of applications across multiple business units. It can be used for deep market insight, detect attacks, create operational intelligence or provide tailored customer service.

Big Data is here to stay and only going to grow and morph as compute environments become cheaper, application environments become networked, and system/analytics environments become shared via the cloud. Combine this with challenges such as the non-scalability of encryption for large data sets, non-scalability of real-time monitoring and auditing, and confusion regarding legalities, regulatory requirements, and policy restrictions and you can see why big data causes such headaches.

If your business needs a security champion, a seasoned professional who can decipher privacy and regulatory compliance issues that affect your business contact Intact Security.

Intact Security specialises in information security and can help you develop a strategy on how to best manage this for your organisation. Call today for a no obligation consultation on 8070 0083.

Relax. Your security is Intact.

Author: Intact Security
Google

By Martin Quinn (Principal Consultant) 18 October 2013

More and more businesses are opting for BYOD(bring your own device) devices , leaning towards a more open ,convenient and work/life integrated environment, however, this greatly increases the security threat to the business, which often have no control over what is installed and/or operated on these devices.

BYOD or Home users can install whatever they like on these devices, without restrictions, without necessarily evaluating the security implications all in support of convenience or usability. Many BYOD users will click through warnings and splash screens without ever reading any details and this is well known by cyber criminals and malware promoters.

So then, is convenience the true security threat? In the past system administrators have had control over who does and doesn’t have the ability to install software and programs, draconian or not,  there were checks and balances in place to ensure that software and applications had business justification and met security requirements. With the introduction of BYOD into the business environment, this control is virtually non-existent, which can create a direct conduit into the business for nefarious actors to execute malware and the like unchecked.

Mobile devices, smartphones and tablets, have far less processing power compared to their desktop/laptop cousins. This reduced processing power means they have less bandwidth for built in security measures and hence making them more susceptible to attacks.

At a recent security conference I attended, mobile device malware statistics were reported as the number one growth area that cyber criminals are focusing on (36, 669 vulnerabilities in 2012 compared with 1,105,086 in 2013) and more alarming is that 12 per cent of Android devices in Australia had been attacked by malware – making Australia the most hacked in the world.

How then do we treat this? Rather than trying to turn back the tide, organisations need to use education and policy as the tools to reduce this threat. Combine this with tools that focus on securing the data rather than the devices and the business can have a measure of security in a BYOD environment.

Technology is no longer a privilege, but an expectation. Users now demand how they will be productive (from the type of device they want to the type of OS and software they use), it’s how we perceive and manage this which will ensure that convenience and security can co-exist within the business.

Intact Security specialises in information security and can help you develop a strategy on how to best manage BYOD devices within your organisation. Call today for a no obligation consultation on 8070 0083.

Relax. Your security is Intact.

Author: Intact Security
Google

By Martin Quinn (Principal Consultant) 21 August 2013

We all need some type of antivirus or end-point protection, to save us from dreaded, viruses, worms and malware, and to save us from ourselves, through browsing to less than reputable websites or sites which themselves have been compromised.

But with hackers, crackers, blackhats, and cyber criminals are more prevalent than ever before, has the humble antivirus become a commodity? And what makes one stand out from the pack?

I’m the first to say I’m guilty of thinking of antivirus products as a commodity. They all claim to do pretty much the same thing, identify malware, target viruses, disallow potentially unwanted applications, guard against phishing attacks, and generally they all do a good job of it (most cases detect and/or block around (90-95%). But due to being signature based, they are vulnerable to modification, allowing the nasties to slip through the dragnet so to speak.

Most also share information or collaborate with each other to reduce the dreaded 0-Day attacks, so what makes one better than the last?

Well, my evaluation criteria are: Ease of use and manageability, ease installation, detection performance, scan performance and lastly cost. I’ve managed, installed,  configured, and trained on many platforms (Trend Micro, Symantec,  McAfee, Sophos, Kaspersky, F-Secure to name a few.), and the common thread with all of these was, clunky, slow, and in extreme cases causing the blue screen of death. One product which I now use in my own business which actually ticks all these criteria is the WebRoot SecureAnywhere product.

Its tiny footprint (install agent (only a few hundred Kb – that’s right Kilobytes not Megabytes), fast scan ability (usually under a minute or two), single pane of glass management console and strong detection ability tick all the boxes. All these features wrapped up in a very competitive price closes out my recommendation.  Add to this the only installation required is the install of the agent and your administrative overheads are massively reduced. In my opinion Webroot is possibly one of the best suites out there.

If your business spends more than hour a month with your current Antivirus/Malware suite then you should definitely look at swapping it out for WebRoot

. Intact Security urges you to try it for yourself. Click the above for a trial.

Relax. Your security is Intact

Author: Intact Security
Google

By Martin Quinn (Principal Consultant) 29 July 2013

In the past few months there have been massive bruteforce attacks on wordpress sites, utilising  huge bot-nets, bot-nets upwards of 90,000 zombie hosts. Over 30 million wordpress websites and blogs have been compromised.

So what is a bruteforce attack?  A bruteforce attack is simply an attacker throwing every combination of dictionary words, numbers and special characters at your website until it exhausts all possible values and results in systematically deciphering your password.

Why would my site be targeted?  The reasons for targeting sites vary, but can be narrowed down to the following; sending spam, cause denial of service, proliferate malware/Trojans/viruses or to steal personal or customer data.

To protect your wordpress site there are several steps you can take, most are technically simple to implement but do require some knowledge of how your wordpress site works to setup up correctly and often involve renaming certain files or adding additional plugins that monitor or block bruteforce activity. WordPress recommends the following steps (http://codex.wordpress.org/Brute_Force_Attacks), and these are all good practices.

For me the simplest way of securing your wordpress account was to use two factor authentication or 2FA. Many readers would have seen this in some form or another and 2FA is often equated with banking accounts or financial institutions.  What is 2FA? 2FA a secondary authentication mechanism which combines your username/password (something you know) with something you have (sometimes referred to as a token). This foils the attacker by adding a further secret item to your password and is often randomised and time limited. Making it near impossible to guess.

Intact Security uses Duo Security 2FA for our website and recently JobReady have also implemented Duo Security 2FA on their website too. If you would like further information on how this can help you secure your website, please contact Intact Security on (02)9227 8201.

Relax. Your security is Intact

Author: Intact Security
Google

By Martin Quinn (Principal Consultant) 16 July 2013

So what is all the hoopla about PRISM and who is Edward Snowden? PRISM and the name Edward Snowden have been whipping the media into frenzy of late (maybe not as much as the imminent arrival of a royal baby). PRISM is a clandestine program apparently being conducted by the National Security Agency (NSA). It’s supposed to be program which collects massive amounts of data from all around the world to provide intelligence to government agencies and to monitor individuals. In theory the program correlates all this data from both government and commercial sources (it is said that Google, Yahoo, Microsoft, Facebook, YouTube, Skype, Apple, Dropbox and Verizon Business actively participate in the program), to provide a “big brother “ picture of a target by collecting data streams like: email, chat, video, photos, file transfers, logins and VoIP communications to name a few.

So as you can imagine, privacy advocates are up in arms about PRISM, especially because most of the world’s electronic communications pass through the U.S.

But who is this Edward Snowden character? Edward Snowden was a contractor who worked for the NSA. He leaked classified documents regarding the program to The Washington Post and The Guardian whilst visiting Hong Kong. The contents of the documents were quite damning and detailed how the PRISM program worked, who was involved and the data sets it collected and correlated. As such Edward Snowden is now sitting in a transit lounge in Russia seeking asylum to a non-extradition country.

With all of this cloak and dagger action, I’m sure there is a Hollywood script in the making or is life imitating art?

If you believe that your privacy has been breached or your systems have been hacked, contact Intact Security for a no obligation consultation on (02) 9227 8201

Relax. Your security is Intact

Author: Intact Security
Google

by Martin Quinn (Principal Consultant) 10 July 2013

If you own an Android device, and statistics dictate that 30% of us do, then you should be looking at upgrading or patching the operating system of your device. There has been a whirlwind of security talk about Android applications being easily exploitable over the past few weeks.

In a nutshell all Android applications are digitally signed for authenticity. It is this authenticity which has come under fire in recent weeks. An attacker can reverse engineer an application and re-compile it with malicious code and sign it with the original digital signature.

What does this mean you ask? Good question. It means that it’s possible to have a legitimate app to be “updated” with malicious code so the bad guys can pilfer data and information from your device or take total control over it, without you even knowing.

According to Google they provided a patch for this back in March, but this was through Google’s OEM and carrier partners and may not have made its way to your device.

With the prevalence of smartphones now connecting directly into corporate and business networks, and with the same access and privileges as normal desktop or laptops, but without the same security controls that are traditionally associated with these devices, it’s alarming.

If you believe that your device has been hacked or your network has been hacked, contact Intact Security today on (02) 9227 8201 for an obligation free consultation.

80% of Businesses don’t even know they have been hacked, of the 20% that do, they have been hacked more than 10 times.

Relax. Your security is Intact

Author: Intact Security
Google

by Martin Quinn (Principal Consultant) 25 June 2013

Who is a member of QANTAS Frequent Flyers? With the introduction of QANTAS’s new internet explorer toolbar, aimed at frequent flyers, you may be getting more than you bargained for. The toolbar is tied with an US company FreeCause, which collects data, performs statistical analysis and targets users with marketing and relevant products, services and offers, all for a meagre 150 Points.
(If you only used the toolbar to collect points it would take you 8 years to earn enough points (14000) for a flight from Sydney to Melbourne – one way.)
However, it’s how you “earn” these points that should be a concern. To earn points you have to conduct at least a minimum 150 “valid” web searches via the toolbar.
Also, FreeCause due to being located in the US, is not bound by the same privacy laws as Australia. QANTAS in their toolbar terms and conditions state it: “cannot ensure” that users’ information will be dealt with by FreeCause in accordance with the same laws, standards or obligations that are applicable under Australian privacy law.
So not only does it monitor what, and where you browse the internet, but it also holds no care of duty for your data once it is collected.
It makes me wonder what other sneaky hooks or phone home processes are bundled into the toolbar.
Contact Intact Security today on (02) 9227 8201) for an obligation free consultation on how we can help you better secure your business

Relax. Your security is Intact

Author: Intact Security
Google

by Martin Quinn (Principal Consultant) 15 May 2013

When performing social engineering tests as part of a penetration test (ethical hack), there are several avenues available which rarely miss the target. The number one attack is sending an email impersonating the targets friend or colleague with an attached document loaded with a backdoor. But the next most successful attack is usually through a USB attack, what I like to call a USB snare attack.

In this attack a strategically placed USB stick (office corridor, or reception area) loaded with a tantalising document, (something along the lines of Executive Salary Figures.pdf or Executive Bonus Structure.xls), is left to lie in wait to snare a victim.

Again this document is loaded with a backdoor or Trojan. Curiosity gets the better of an unsuspecting victim, and its human nature to pick it up and plug it into their local machine and they view the document – game over – the back door is executed and I now have access to their machine (remotely).

So, what is this new twist on this attack? If you have heard of identity thieves stealing mail from your letter box, well it’s like this but in reverse. Imagine an identity thief putting a flyer in your letterbox with a USB stick attached, veiled as a sales gimmick – perhaps a free USB stick with all of the pricing for their bogus plumbing service?

How easy would it be for someone within the household to plug this into a machine at home? Maybe even their corporate laptop? The attacker would only have to play the numbers and drop off these “flyers” in an affluent area and inevitably they would get some hits, snare a victim and game over.

The only way you can defend against human nature is to educate and inform. Intact Security provides security awareness training which uses real world scenarios to educate and inform staff of the threats and risks posed from plugging in simple unknown USB device and the repercussions if it is loaded with malware, backdoors or Trojans.
Contact Intact Security today on (02) 9227 8201) for an bligation free consultation on how we can help you better secure your business

Relax. Your security is Intact

Author: Intact Security
Google

by Martin Quinn (Principal Consultant) 18 April 2013

Within security circles, vulnerabilities which are easily exploited or compromised are referred to as “low hanging fruit” and the easier the target to exploit or compromise the lower hanging the fruit.

One such “low hanging fruit” has been identified this week in at least thirteen (13) small office/home office (SOHO) off the shelf routers. These popular routers have been reported as having previously undisclosed vulnerabilities by Independent Security Evaluators (ISE), with critical security vulnerabilities.

The vulnerabilities either allow a remote attacker full control over the router or allows a local attacker to bypass the authentication mechanism, and in the majority of cases, both. You may think this trivial but many businesses utilise these off the shelf devices to augment their corporate network or these devices are used as the conduit for remote users to access corporate networks via VPN or other mechanism. Either way these devices are the chink in the armour which an attacker would focus on.

The full article can be found at: http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp

Which gives me a perfect segue into an article published recently about Intact Security appearing in The Australian (http://www.theaustralian.com.au/business/sme-business/for-a-start-think-hard-work/story-fnhnt95z-1226615184395). I was interviewed regarding small business start-up challenges. Happy reading!

If you believe you may have fell victim to an attack, Contact Intact Security for an obligation free chat on 02 9227 8201

Relax, your Security is Intact

Author: Intact Security
Google

by Martin Quinn (Principal Consultant) 3 April 2013

This week’s blog is a real doozie. Out in the wild west that is the internet, a nasty piece of software(malware) is being circulated by organised crime, what makes this software unique is that it doesn’t hijack your browser or break in using email or a nefarious attachment, it doesn’t pose as a carbon copy of your favourite social media website lying in wait for you to enter your username and password. This sneaky piece of software comes to you via Skype.

The Shylock Trojan distributes itself via Skype, it sends itself as a file, bypasses any warnings generated by Skype by confirming itself and cleaning up any alerts or messages from the Skype history. Nasty stuff, but that’s just the half of it. Its designed to target your home banking accounts, and deliver this information to the command and control machine when if phones home. It hides this in plain view, by sending initial information out over https and then setting up a VNC listener to receive commands. Once installed your machine becomes a zombie in a botnet and attempts to recruit others in your immediate network and your Skype network.

Shylock only seems to be really active in a few parts of the world, with the epicentre primarily located in the UK. However, with the internet having no borders, this doesn’t bode well for expats located in Australia. Shylock is one of the most advanced Trojan-banker pieces of malware currently being used in attacks against home banking systems, with the code constantly being updated and new features being added regularly.Making this malware particularly slippery, as antivirus detection is low due to the software signature changing so rapidly.

So what is this week’s takeaway?

Ask yourself, is Skype justified for use as a business application?

If not,  then remove it from your business’s network.

If so, then ensure that file transfer is disabled (done through registry settings).

If you believe you may have fell victim to an attack, Contact Intact Security for an obligation free chat on 02 9227 8201

Relax, your Security is Intact

Author: Intact Security
Google