by Martin Quinn (Principal Consultant) 23 April 2013

Using the lure of recent global events has enabled spammers and malware pirates to leverage and exploit users into falling victim to email phishing scams or web based drive-by attacks. Most of these are orientated around the Boston Marathon bombings and the ensuing man-hunt. However, scammers are also utilising to a similar extent the Waco Plant explosion and the recent death of Margret Thatcher to hook users.  In terms of saturation, this is roughly accounting for 10-20% of all spam worldwide.

These types of scams either direct the target to a malicious web page which would then either hijack the browser or perform a fetch to the malware file(s) itself or are directly sending what at first glance looks like an AVI file. Either way, they are generally in the form of:

Boston______AVI.exe, Waco______AVI.exe, etc.

Many, of these types of files have been identified by antivirus vendors and virus signatures have been promulgated accordingly, but it only takes the slightest variation and the malware can slip through the dragnet.

Therefore, user awareness is key. If you or, your staff have received phishing emails or similar requests to view videos covering the above topics, err on the side of caution, be sceptical and delete the files and report it to your system administrator or security resource.

If you believe that you have been a victim of this attack and are worried that your systems may have been compromised, contact Intact Security for an obligation free chat on 02 9227 8201

Relax. Your security is Intact

Author: Intact Security
Google

by Martin Quinn(Principal Consultant) 13 March 2013

Having read the front page news of the Australian Financial Review on Monday, you could not have missed the headline “Cyber-attackers penetrate Reserve Bank networks”. So, if the RBA security can be compromised, what does this mean for other businesses? The article reads: “After investigations by The Australian Financial Review,

Reserve Bank of Australia officials disclosed that the central bank had been infiltrated by a Chinese-developed malicious software, or “malware” spy program that was seeking intelligence on sensitive G20 negotiations…Many confidential government files were then “redirected to Chinese sites”. More than 10,000 state computers needed to be shut down.”

Every organisation has a weak chink in their armour, as with the RBA it was their executives who had inadvertently allowed their email addresses into the public domain, giving the attackers the ammunition they needed. The attackers performed targeted (known as spear phishing) attacks on the unaware individuals until they got in.
So how do we protect against these nefarious and treacherous culprits? The best way is by not allowing information to disseminate into the public domain (i.e. use generic contact, informational or PR email addresses) and train staff in what a phishing attack is so that they can recognise the signs.
At the end of the day, a determined attacker has time on their side and will exploit a moment of weakness. The sad fact is that the bad guys only have to be right once and you’re done, whereas the security guys have to be 100% right 100% of the time.
Read the complete article here

Contact Intact Security for an obligation free chat on 02 9227 8201

Relax, your Security is Intact

Author: Intact Security
Google

by Martin Quinn(Principal Consultant) 5 March 2013

Despite the fundamental security role that firewalls play for virtually all organizations, as an auditor and vulnerability expert I find in close to 60% of the time, businesses have misconfigured their old faithful firewall.

Having a firewall in place has a perception that the perimeter is safe and secure. And this is true if configured and managed correctly. However, the devil is in the detail. A minute configuration error (such as a typo), a redundant rule or an obscure legacy rule may significantly degrade the advantages of a firewall and in some cases rendering them virtually useless.

Firewalls are heavily relied upon and considered quite basic, but in reality they are prone to extremely subtle configuration-based errors.

I often recommend that businesses review their firewalls as often as they service their car, most of the time this warning takes heed, but when it’s not the results can be catastrophic, and unlike a car there is no NRMA, RACV, RACQ, etc. to get you back on the road again. If you haven’t reviewed your firewall in the last 2 years, chances are you suffer:

1. a)      Rule bloat –too many firewall rules, causing your firewall to access unnecessary rules and slow down,
2. b)      Rule neglect – rules that are neglected and/or are underutilised or no longer required, or
3. c)      Both.

Author: Intact Security
Google

by Martin Quinn(Principal Consultant) 26 February 2013

Consider the internet like the wild west, but not like a cheesy midday matinee where the bad guys always wear black and never finish on top.

The internet is more like a Clint Eastwood spaghetti western, the bad guys can look like good guys and the good guys may not be that trust worthy either. So how do you know who to trust? The short answer (without sounding like Fox Mulder from the X-Files) is – trust no one or more so be sceptical.

Jokes aside – The way to establish trust is through a combination of your technical mechanisms and just plain common sense. If you receive an email from a good friend of yours asking you to send money to them in some West African country you should think twice about sending them any money. In this situation your technical email controls have recognised that the sender is someone you have communicated with previously (abeit the email has been sent by an imposter), this is when your security awareness kicks in and you ask yourself, A) is this person likely to be in West Africa, B) In trouble, and C) Use email to ask for help rather than a telephone.

Intact Security can help by ensuring your technical controls are configured correctly and also by providing security awareness training to your staff using these real world scenarios.

Keep your security intact – contact us at www.intactsecurity.com.au or on 02 9227 8201

Author: Intact Security
Google

by Martin Quinn(Principal Consultant) 6 February 2013

Wrong! This is one of the biggest misconceptions.

Think of malware or malicious code as gatecrashers at your business’s party.

The Firewall act as a bouncer at the front door (your internet), and Antivirus works as the internal security guard checking that the party continues without any major problems.

The gatecrasher (Malicious code or Malware), gets past the bouncer by huddling together with friends (trusted websites, or emails, etc.) or they use fake ID to gain entry to your party, where The Firewall looks them over and they look like they belong so he lets them in.

Next the antivirus then does its job, it bumps into the gatecrasher when it arrives, it scans their ID and again they often look ok so it allows the files to open. However, its only when the files opens or detonates that their true colours show. The gatecrasher (malware) opens the back door and lets all its friends to the party (uninvited).

To overcome this businesses need to learn how to identify these bad eggs and who to trust, through an ongoing security awareness program.

Author: Intact Security

Google

by Bob Violino 4 December 2012

You’re traveling in China on business, and after checking into your hotel room you decide to grab a bite at a local restaurant. You’re not planning to work, so you leave your laptop on the dresser, lock the door, and exit, feeling confident that your possessions are safe.

An hour and half later you return and note that all your stuff, including the laptop, is just where you left it. Everything seems fine, and you go about your business, conducting meetings with potential clients over the next few days before returning home.

But everything is not fine. While you were out to dinner that first night, someone entered your room (often a nominal hotel staffer), carefully examined the contents of your laptop, and installed spyware on the computer — without your having a clue.

The result? Exposure of information, including customer data, product development documentation, countless emails, and other proprietary information of value to competitors and foreign governments.

Because so many users never detect that they’ve been compromised and few report the issue publicly, it’s not clear how common this sort of spying is, but it does happen, say cyber security experts. In fact, you should simply assume your computer will be breached if you go to high-risk countries such as China to conduct business, says Israel Martinez, a private-sector board member at the U.S. National Cyber Security Council, a defense industry group.