Skip to content

Why? Once the criminal has hacked your computers they can sell the "access" to your devices.

How can I say that?

Kaspersky¹ and others have found a "market" of hacked machines at xDedic.

This means that for $6 a criminal can buy access to some servers in various parts of the world. So with a cheap purchase such as that what could you do with it?

With this purchase one could install Ransomware which may result in $300 - $500  return.

So this could be a 50x or 83x return.   Spend $6 and install your Ransomware software to get $300 to $500. Nice 5000% or 8300% return

$7Bilpotentialhack$  Remember this image from our post on Jan 6? (2)

 

So the criminal does not have to learn how to hack machines, just has to know existence of these criminal marketplaces where for a small fee one can obtain access to servers.

So if your machine received Ransomware and you did not know how it got there - maybe it was installed by a hacker at an odd time and your IT people never saw anything.

 

This is why it is imperative to follow the advice of Kaspersky and others (like us 🙂

Kaspersky Lab advises organizations to:

• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.

Notice number 4: "Undertake regular security audit of the IT infrastructure"

It is a good idea to perform security audits since your IT department does a good job, but just has to tighten a few items. Or maybe needs a little help here and there. It is human nature unfortunately not to ask for help when needed. So contact an auditor (like us)

Of course we have discussed all of these points on this site and on our Blog Website Oversitesentry.com

Tony Zafiropoulos 314-504-3974  tonyz"@"fixvirus.com

We can perform vulnerability scanning with our Alpha and Sigma Scan service products or more sophisticated pentests with our partners in the Omega Scan service product.

At minimum an Alpha scan will find basic problems and is relatively inexpensive (compared to losing your data).

Also Contact us on our form page

 

 

 

 

  1. http://www.kaspersky.com/about/news/virus/2016/Who-Else-is-Using-your-Servers
  2. https://fixvirus.com/how-to-deal-with-constant-new-ransomware-threats/

 

The first thing that happens is we know that the IT personnel are working overtime and are still not keeping up with problems.

How you say can this possibly be happening?

How about this for a headline:

"Developers have To Fix a Vulnerability(Badlock) for the April 12th patch Tuesday" (says Microsoft) Security Affairs¹ has the story.

Badlock is a vulnerability in Samba and Windows File Services technologies.

This means that a hacker can create some code (also called malware - MALicious SoftWARE) that if run on the affected machines will be taken over by the hacker.

So from(3/23)  now until 4/12 at least there is no fix for this problem. And if a hacker somehow gets into your windows systems the only way to know is if you can track the hacker movements.

Samba² software has been updated already to 4.1.7 this vulnerability has been known in the hacker world since February 23rd (from the CVE-2015-0240, so this is a well known exploitable vulnerability in the hacker world.

How do we know? Because there are markets  where the hackers can sell their malware to other criminals which use them to attack us.  Darknet³ is a marketplace of hackers and criminals selling and buying various sections of the attack and exploit into our environments.

The reason things have gotten worse is that the attackers have gotten better and better while we have improved marginally, and the reality is it is easier to attack and succeed only once instead of defending 365x days per year 24x hours per day.

pluggedinwiressmall

So what can be done?

It is important to get started like in this page we have created: https://fixvirus.com/patching-your-computers-consistent-policy-defends-against-attackers/  on our page.

Getting started on proper Cybersecurity has to be started sometime. So don't be overwhelmed and start writing a security policy so that your employees know what their role is. good communication is a must.

Contact Us to help you with writing a Security policy, notice we do not have previous client names on this site since the confidentiality of our clients is important. (we can give you specific referrals but that takes time). Let's start with an initial visit which is free.

Once you have a program in place - and people looking at logs and more, then you can create a methodology to find the hackers when they are in the environment -

Find them when they try to execute code that does not belong. when the code tries to communicate to their command and control servers.

exploitprogram

Once the  plan is in place then create new scripted methods to find unknown malware.

Why wait until security policy is in place? Because one has to know what is on the systems and what is good before you can stop the malware. And it is always better when documentation is available.

 

 

 

  1. http://securityaffairs.co/wordpress/45579/hacking/badlock-windows-samba-flaw.html
  2. https://www.samba.org/samba/history/samba-4.1.17.html
  3. http://oversitesentry.com/darknet-know-it-learn-it/

As Robert Graham says in his blog Errata¹ It is Human nature to do a number of Cybersecurity No No including fall for Phishing scams (even the experts fall for them). A well crafted email will look like it is coming from a trusted source not from a stranger.  So to avoid phishing scams one needs to look for more than just "is this email from someone I know?"

  1. A phishing Scam is where an unsuspecting email user clicks on a fake email and on it's attachment. The attachment then infects the computer due to the malicious software(malware) actually hiding within the attachment.
  2. Password reuse - due to laziness and bad practices employees use the same passwords on several sites. When a weak security site is hacked the hacker has your password and now can guess where else you might use it (banks, email account, and more)
  3. SQL injection (for programmers).   This is a computer programmer topic.

Consistently reusing passwords across many sites is human nature (laziness). But doing so in your hobby site and using the same password in your email account and facebook is a recipe for disaster.

Once a hacker has your email account they can change everything.

For the programmer it requires more work to sanitize data input and to make sure that an attacker won't use an ingenious method to insert some malicious code

Is Robert right? Are people really 'stupid' regarding these 3 items?

I would not be so harsh as to call everyone Stupid.

 

As a society we will be hacked in one form or another, but the reason is not stupidity, as most people understand the basics that hacking means to use ingenious ways to get around the standard.

Another thought that is wrong in general is the false belief that  we could design something that is foolproof, or at least it does not have to be worked on constantly.

I think we need to assume that we will need to consistently patch and fix our computers. we also need to see that the computer is a tool written by humans and used by humans.

Unless one has the mindset of the attacker and the tools and setup of sophisticated attacks one cannot really see the potential dangers under every rock. The IT people in every company are busy trying to connect and work on every system in your network. They do not spend every day researching new attack methods. Attacking test computers

You have to have a separate group of people with a separate pair of eyes to review your network defense, computer system setup and more.

Let me explain it for you if you still have questions.

Tony Zafiropoulos - 314-504-3974

systemengineeringassecurity

  1. http://blog.erratasec.com/

Houston we have a problem - a kind of misunderstanding which leads to apathy.

Example: I wonder if you knew this week a new ransomware threat came out.  I should also say that every week new ransomware comes into the "wild", into our computers. (For example in the week of 3/28 - 4/1 we discuss in our blogpost [at Oversitesentry(5)] how to prevent the Locky ransomware and how the Petya Ransomware will now destroy your Master Boot Record (MBR) or the actual usage of the hard drive.

For the first time a program language called Javascript is now being used for Ransomware: Called Ransom32

The following picture is from an older ransomware so we can discuss what ransomware is and does.(and what to fear and be proactive about it).

ransomwarecrypto

Ransom means that the criminal has found a way to take something of yours and is now trying to extort money out of you so you can get that back. In this age we are talking data files.

Imagine that you are working on a Word document - like a proposal for a client.  Now somehow ransomware software got on your computer, once the software runs ...  it then tries to encrypt your files. Since you are still working on your proposal you try to save the file and it does not work - you cannot save the file as the file you saved to is now renamed and reconfigured(encrypted).

As you try to open other files you notice the encryption does not allow your files to be opened.

If you thought on your feet you can do a "save as" with the current file being worked on and thus at least save the current file. But hundreds maybe even thousands of the rest of your files are now encrypted.

This is obviously a problem, and can put you into a standstill. Will it matter if your files are on the cloud? Unfortunately it depends on how sophisticated the criminals will program, and it is definitely possible to get all files encrypted. The name of the game is money $$$ and if the hackers in eastern Europe are making more money as a hacker than a programmer at legitimate companies than our adversary will improve their attacks.

You cannot avoid this phenomenon for too long. The criminals are looking to make up to $7Bil dollars:

$7Bilpotentialhack$

This is easy to figure out - As of 2013 there were 220 million PC's in the USA (I'm not even counting the world). 10% of PCs are not patched correctly (from my blog post and research here at Oversitesentry.com¹ and more background²) Microsoft Statistics as they know how many PCs are being patched.

 

We know from news reports and experience that an unpatched computer is susceptible to these types of attacks. Thus I have drawn a conclusion - 22million PCs are susceptible and with that the criminal has a potential 6.6Bil$ ransomware market - and if there are a few computers that the hacker can steal more information that he can resell then one can project $7Bil ransomware market.  That is a lot of potential money...

So we can't assume the threats will be the same as last year, in fact the threats will become more sophisticated and dangerous.

Instead of throwing up our hands and giving up... the thing to do is to make sure you spend more time on security this year.

There are ways  to shore up or improve your perimeter (firewall), make sure to do patching ontime and effectively. Maybe a new firewall which can do more than filter traffic.  By filtering traffic, I mean make sure certain traffic stays out and others are allowed to run. The problem with this old model is what if the traffic is allowed (like JavaScript inside Facebook?).

Patching your computer is actually not so easy because not all updates are good updates³. So sometimes IT pros recommend to wait until the patch/update has been tested and only then will it be installed. This  process takes time even in the best run IT department. there is always some bits of time which create some vulnerability.

 

Testing your backup is also an important part of security defense. Since if Ransomware gets through you can't afford to see if the criminals wrote good Ransomware software to recover your data when you pay. Our recommendation is to never pay - assume you will lose data and backup - test the backup to make sure you will recover all data properly.

You can't get away from it these days - A company which has computers on the Internet cannot just have a regular firewall anymore - must get a NGFW (Next Generation FireWall) which now will inspect the traffic and is essentially another layer of defense.

 

PAthreat_prevention

A regular firewall cannot inspect data like Social Security numbers or Credit card numbers. set up correctly you can do many things with a NGFW(4) . Here is one:  If I see my social security numbers then  email me.   I.e. if somebody is stealing these numbers then email me!

 

 

Because the criminals have such a large budget you can't just trust your capable IT department, you have to make sure that everything is working as it should. Test the IT department

systemengineeringassecurity

I would be happy to discuss this diagram where your IT department works on the output and Fixvirus.com uses CEH(Certified Ethical Hackers) to test your environment.

 

If you want to discuss how to improve your security (audit security, test backup, and more) in 2016 contact me 314-504-3974 tonyz@fixvirus.com Tony Zafiropoulos Now.

 

 

  1. http://oversitesentry.com/happy-new-year-2016/
  2. http://oversitesentry.com/is-your-it-system-low-hanging-fruit-for-criminal-hackers/
  3. http://oversitesentry.com/are-we-falling-behind-on-patching-computers/
  4. http://oversitesentry.com/what-is-an-advanced-firewall-utm-ngfw/
  5. http://oversitesentry.com/ransomware-vaccine-can-it-be-done/

One does not have to be on the cutting edge of technology to be secure.

But, in my hacking classes (where we try to attack other computers with Metasploit it is  obvious very quickly that with a patched machine, even a WindowsXP system it is much harder to crack.

Now of course, WindowsXP happens to be almost obsolete. On April 8th Microsoft has said it will no longer support updates to Microsoft WindowsXP operating system. Here is a link for Enterprises to help with the transition away from WindowsXP.

So other than End Of Life Oepraitng systems one does not need to stay up on the latest OS, to have a secure computer, just keep up with the patches and you will be more secure than many others.

the key is to review your systems and network environment for unknown gotchas.

Contact Us as we can help with your review process.  Our products:

(A – Σ – Ω)

 

 

News of Day: The Rowhammer and this week is Patch Tuesday.

In tip of Day segment we have a serious problem, as Rowhammer opens a new security angle which cannot be patched for some machines.dramsmall

 

Some RAM has a bit-flipping problem in certain situations which can cause an escalation of privilege, so if the hacker is on the computer, they can get admin or root access.

We need to realize that today's researchers develop exploits that then criminals use to attack our computers, and then the script kiddies use to attack the people who don't know how to use computers.

 

So we have to develop a new method of thinking - security must be built into our processes and methods. Compliance means security first. Otherwise we will get blindsided by the newest researcher attacks.

 

Remember our systems were not built for security first, the internet was not built with security in mind. So we will have many other attacks and eploits to keep in mind.

 

This is why you need a security department, somebody who is thinking about the security angle all the time.

Contact Us

the video itself;


Here is a story on how to improve your privacy on your iPhones

http://www.zdnet.com/pictures/new-iphone-ipad-change-these-ios-8-privacy-settings-immediately/

 

Bruce Schneier's post on privacy in general:

https://www.schneier.com/blog/archives/2015/02/everyone_wants_.html

 

We also need more Cybersecurity  http://oversitesentry.com/how-do-we-improve-security/  We need more Ethical hackers in every company understanding the issues

 

Use the principle of Philotimo to be an Ethical Hacker. The friend of Honor will "do the right thing"

Also an apt Youtube video (regarding ΦΙΛΟΤΙΜΟ)  http://youtu.be/DaPF4_-gH4g

 

To listen and educate yourself on the Netneutrality is:

Interesting economist (Professor Hazlett of economics) explains the Nuts and bolts of the net neutrality

Minute 44 is DSL sales growth and usage in the telecom industry.

I saw the Internet industry grow and change like Hazlett is talking about from 1996 until today

Minute 51 had an example of a Net neutrality violation (Metro PCS streaming Youtube but not others - like Netflix or Hulu)

At about an hour questions start.

 

As in my video - even after listening to Hazlett discuss this for an hour, I still think it will depend on the political power of the various factions. Of course the law is going to come down on NetNeutrality as well.

Hmmm  there are a 1000 phone companies in America (2-4 we can name) the rural companies get government subsidies.

 

Either that or the criminals and "events" will cause you to react in ways that you will regret.

There is a good presentation from last year's Arch Con(Saint Louis Arch): http://www.youtube.com/watch?v=7GCC-0a_mVs

The opening keynote by Richard Bejtlich (@Taosecurity) - Applying Strategic Thought to Digital Defense

Is very interesting to contemplate after the Sony and Anthem breaches and the coming year ( the convention was on September 24, 2014)

taosecurityopeningkeynote

Of course when discussing with executives a "Cyber Security Strategy" consider the following:  CEO and CFO execs do not really understand the computer and Internet they use every day. They want it to work and be secure period.

Now you need to wake them up 🙂 It is 2015 and remember the Y2K scare if you will... The Y2k issue was when computer people realized there may be a problem with some software as it only accounted for the last two digits in various software when describing the year (such as 98 for 1998) So the wise IT people woke up one day in the late 90's and said: what happens in the year 2000? When the year 00 is actually greater than 99? So all of a sudden all software that for whatever reason(programmer laziness etc.) only had 2 digits for the year now needs to be 4 digits.

The switch from 2 to 4 digits was not a fast switch, all programs had to be rewritten to 4 digits. The ones most scary were what is called the BIOS (Basic Input Output System) it is the program that initially connects the operating system to the computer parts (hardware). So if this program quits working nothing will work on the computer. The whole IT industry went into a major overdrive and overtime to fix all the software by 12/31/1999.  And then hoped that all the fixes worked on New Years day Y2000.  Fortunately all the effort paid off, and the few problems that arose were handled.

y2karmageddon  y2kcountdown

 

It is my belief we need a Y2K effort for cyber security for 2015.  There is no time like today - this year this time we will do it.

We must have better security - spend the money this year get to a higher level of security and then it will not be a big deal in the future. Reduce the capabilities of the criminals by upping your security Just as recommended here:

http://www.fixvirus.com/catch-any-malware-including-equationgroup/  (setup an IPS firewall to catch all attacks from inside and out) Also similar http://oversitesentry.com/your-cyberdefense-still-2000s-thinking/

We need a new level of security testing and thinking, otherwise we will have worse and more serious attacks than Sony, which means the attackers will try and delete and disrupt actual commerce.  Do you really want to live with http://www.fixvirus.com/what-if-the-hacker-is-in-your-network/ ?

Richard Bejtlich has a good Outline to follow for all of hte people in the company to improve security:

theme                  Who is in charge?      Actions - goals

Program Goals    Board And CEO     Minimize loss due to intrusions

Strategies            CEO/CIO                Rapid detection, response, and containment

Operations/campaigns     CISO or security director                match and hunt for intruders

Tactics                       Security Staff               Collect, analyze, escalate & resolve incidents

Tools                        Vendors                         Various software

 

The Directors and CEOs have an important role and have to be brought up to speed. It is up to us the IT people to talk their language.

Y2015Securityeffort

Contact Us to get your security up to speed Y2015 and beyond don't go back to Y2000.

 

 

People keep asking me... what can someone possibly use on my computer, I have nothing on it.

We are trying to explain this with some images

The hacked computer could have a value of about $30

Zombie computer: being controlled by other computers

zombiecomputer compromisedcomputervalue

 

tonyz-hackedemailacctworth

A hacked computer (now is called a Zombie) when it is used as an attack vehicle.

This system can be on the corporate network, could be a phone, or an "Internet of things"

Any device on the Internet has the potential to become a Zombie, and to be used as an attack vehicle.

 

When controlled from a single machine to reflectors one can control hundreds even thousands of computers.

Here is an analysis of using reflectors in DDOS  http://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.html

ddos-reflectorattacks1

(Image from Datasoft: https://www.datasoft.ws/ds_whatisddos.php)

The above image is a good representation of what a DDOS reflector attack consists of.

 

So yes your hacked machine is worth $30 or more even if you do not have "valuable" data on it.  the problem is, any password that you saved on the system could be used by the hacker to penetrate your life identity on the Internet

 

And of course in 6/27/16 I put up a new blogpost at my site http://oversitesentry.com/iot-botnet-can-ddos-your-webserver/

Briefly it is about a 25000 CCTV botnet which were all hackedand now are used to attack other machines.

Contact me to discuss how we can design a vulnerability analysis on your computer network.