Threats of the Week – May 7, 2020

Threats of the Week – May 7, 2020

GoDaddy Hack

Customers of one of the largest domain name registrar company – GoDaddy – are being warned about an attack that took place last October. An intruder gained access to users’ login information of their hosting account. The attack was only discovered last April 23. GoDaddy proceeded to reset the passwords for all the 28,000 users affected by the attack.

Source: Threat Post

How do you protect yourself?

Your organization should enact a credential monitoring program to be alerted when important credentials leak onto the dark web. Services like Secure IT – User Defence continuously scans the dark web for credential leaks and also train end-users on best cybersecurity practices.

Nefilim Ransomware

Toll Group, an Australian transportation company said its systems had been targeted by a new form of ransomware called Nefilim. The company that operates across 50 countries, detected unusual activity on some of its servers, which led to delays to customers. The hackers behind Nefilim gain access through vulnerable Remote Desktop Protocol (RDP) servers, like other types of ransomware, namely Nemty, Crysis and SamSam.

Source: Threat Post

How do you protect yourself?

Attacks via Remote Desktop Protocol servers are widespread these days. In order to prevent them, organizations should enable 24/7 monitoring and remediation solutions. Services like Endpoint Protection and SIEM (Security Information & Event Management) help avoid or at least isolate these attacks from spreading.

Cisco WebEx Phishing

A series of phishing attacks are targeting Cisco WebEx users by using fake certificate error warnings. These phishing emails include graphics and formatting similar to communications sent by Cisco WebEx to users. Users are requested to click on a hyperlink to unlock their accounts and are then redirected to a phishing credential site.

Source: Bleeping Computer

How do you protect yourself?

Users should be cautious whenever clicking links suggesting they need to unlock their accounts. Services like Secure IT – Mail help scan the links within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.

Jolera Partner Interview Series – MicroAge Canada President Proud IT Deemed an Essential Service

Jolera Partner Interview Series – MicroAge Canada President Proud IT Deemed an Essential Service

By Paolo Del Nibletto

Phil Palmieri, the President of MicroAge Canada, has been involved in the IT industry since 1984. If you think back to 1984, the IT industry saw for the first-time flash memory, a chip that could store 1MB and, of course, the introduction of the Apple Macintosh computer. So, you can say Palmieri has seen a lot during his career in IT. But nothing can compare to what the IT marketplace is going through right now with COVID-19.

According to Palmieri, this is the most challenging time the industry has ever faced. MicroAge Canada, with some forethought in its business continuity planning program, is weathering the COVID-19 disruption well. The vast majority of his staff is working remotely except for a small crew in its Laval, Que., headquarters, which includes Palmieri.

“There are a couple of ways to look at this situation: you can hide under your desk and wait for it to pass or be proactive and look for opportunities and ways to help customers remotely,” he said.

MicroAge Canada chose to do the later and took an active approach in communicating with all their clients to see how they could keep them operational. While MicroAge Canada vigilantly worked to keep its clients going, the company was inundated with inquiries from customers and prospects on issues of security and remote access.

“Call volumes increased five times over normal, and some people were even panicking,” he said.

Palmieri’s team dealt with requests such as how to work remotely, how to work from home securely, how to get the most out of Office 365, how to use Teams for better collaboration and video calls, mobile device management, and back up and data recovery.

If there is any benefit that will come out of this historical time, it’s the value of managed services and IT solution providers. “Our value, as managed services providers, just went up as people start to realize how important we are to the business. Before, you would get the thought that IT was just another department. Not anymore. IT is what makes business roll, and I’m proud of the systems, solutions and processes we deliver. IT is no longer a requirement but a necessity. Without it, a business doesn’t work well,” Palmieri said.

During the COVID-19 lockdown, Palmieri and his team have received numerous messages and calls of thanks and appreciation from customers

Palmieri’s challenges go well beyond just dealing with customers. MicroAge Canada is a network of more than 35 independently owned and operated solution providers across Canada. So, Palmieri just doesn’t have to worry about the Laval operation but all of the other locations as well.

During this time, Palmieri has brought in weekly touchpoints with each location and their field teams. “The network is fine, and I’m very proud of all these people. They have been around a long time, and this group has invested in their businesses, and they know how to sustain themselves during tough times.”

Palmieri believes there is a good lesson to learn from all this. He hopes that after society gets a handle on the COVID-19 pandemic and everything gets back to a newer normal, everyone will see the value in IT providers and not take them for granted. “This community is not a nice to have; it’s an essential service and a must for business.”

You can learn more about MicroAge Canada on their website MicroAge.ca

Threats of the Week – May 7, 2020

Threats of the Week – April 29, 2020

Microsoft Teams GIF Vulnerability

A vulnerability has been identified in Microsoft Teams that involved a simple GIF image. For the attack to work, the victim had only to view the malicious GIF, which illustrated Donald Duck character sweeping a row of Mickey Mouse toys. The attackers were then able to steal data from specific systems and have access into the company’s Teams accounts.

Source: Info Security

How do you protect yourself?

Microsoft has already corrected this vulnerability by updating misconfigured DNS records, thus mitigating the problem.

PhantomLance

A new spyware campaign has been identified and has been ongoing for 4 years. Named PhantomLance by Kaspersky, this spyware is distributed by dozens of Android apps available on Google Play (in addition to other points of sale). The attack implements high levels of encryption, in addition to being able to download and execute additional malicious payloads that would be suited to the specific environment of the device.

Source: ZD Net

How do you protect yourself?

Kaspersky reported his findings to Google that has since removed the malicious apps from the Play Store.

Critical Adobe Illustrator, Bridge and Magento Flaws

Critical flaws were detected in several Adobe tools, namely Illustrator, Bridge and Magento. These critical flaws include a stack-based buffer overflow flaw (CVE-2020-9555), heap overflow bugs (CVE-2020-9562, CVE-2020-9563), memory corruption glitch (CVE-2020-9568) and use-after-free vulnerabilities (CVE-2020-9566, CVE-2020-9567). Also included are critical out-of-bounds write flaws (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569). All of these could be exploited remotely by an attacker, allowing arbitrary code execution.

Source: The Hacker News

How do you protect yourself?

Users need to update to the latest version of the software.

6 Tips to Return to Work Safely

6 Tips to Return to Work Safely

The curve may not be flat, but at many levels of government both in Canada and around the world, discussions about restarting the economy and reopening businesses are beginning. Strategies are starting to develop that will see people eventually get back to the office, stores, factories and other workplace locations they are used to going to for work.

As the new guidelines are developing, expect to see social or physical distancing and other forms of protective measures becoming a significant part of any get-back-to-work program.

What will these types of programs look like for organizations?

How can an individual who has spent the better part of March and all of April indoors begin to ready themselves for a return? Some clues can be found in the way other countries are dealing with the aftermath of COVID-19 lockdown.

Austria

In Austria, the aim was to start small and build from there. The European country only had small shops of 400 square meters open at first. These openings were under guard for security. Masks were mandated in these shops and on public transport. If the Austrian restart went well, then the country would look to open hotels, shopping malls and restaurants in two weeks.

Denmark

Meanwhile, in Denmark, that country embarked on a more conservative staggered approach. What they wanted to do was avoid overcrowding in public areas and on public transit. The staggered approach also means people will be going back to work slowly and in different sections of the economy. Again, this is to avoid any mass gatherings.

Ontario, Canada

The province of Ontario recently released its guide called “A Framework for Reopening the Province.” In this guide, the Government of Ontario’s goals are slightly different than those of Austria and Denmark. The Government of Ontario framework has the same overall priority, which is to protect the health and well-being of all its citizens. Ontario will have a focus on supporting healthcare workers, essential workers and businesses who have been working throughout the lockdown. Ontario will also have a staggered reopening approach, which will have three phases and between a two-to-four week evaluation period for each. You can read more about Ontario’s plan to reopen the province by clicking here.

Here are some tips to get yourself ready

1. Self-diagnose

Physically going back to work should start with you. Do your self-assessment to see if you are well enough to venture back to the office, shop or factory floor. If you are sick or not at 100 percent, inform your manager or company human resources professional and stay at home. Chances are you have not been tested for the Coronavirus. And, more than likely do not have the virus, but coming in with the sniffles will not lead to co-worker confidence in that the workplace is safe. Do your self-check, and don’t take any chances.

2. Spacious and clean work areas

Social distancing will continue in the workplace. Expect to be two metres or six feet from the next person. This will impact the lunchrooms and company lounges across the country. Don’t be surprised if they are closed off entirely. Expect to get staggered lunchtimes for employees and capacity levels, similar to what supermarkets are doing today. If you are in operations, it might be a good idea to review the current floor plan. Also, don’t be surprised to see shift cycles of being at home and work in workplaces with limited space. This means you might be working in the office on Monday but at home Tuesday. And, you will be asked to clean your area before you leave for the day thoroughly. And, if you keep a photo of your kids at your workstation, you may be asked to remove it. Overall work environment cleaning will increase dramatically and may occur during the workday.

3. Call ahead in-person meetings

Many great ideas got started around the water-cooler. Water cooler collaboration will not return immediately. And, the water-cooler may not even be available when you return. At least not right away. If you have a thought that you want to share with a co-worker, you’ll be asked to give that person a heads up electronically either via email or some other collaboration app before you walk over to that other person’s work area to brainstorm if allowed at all.

4. Workplace shifts

Government-imposed mandates on limiting the number of people in groups will have its place in any return to work policy. Get ready to have more Teams, Zoom, and WebEx sessions, while you are at the office. Do not be alarmed if your favourite co-worker is not at work when you arrive. There might be a return to work order where you will be placed in a shift. There will be several situations that arise where an individual will feel unsure of themselves returning to work after the COVID-19 restrictions are lifted. Employers will have very little choice but to accommodate them, especially early on.

5. Conference room capacity

Meeting rooms will have capacity limits. Those limits will be posted on the door. You may be asked to join a meeting inside your own office via a Teams, Zoom or WebEx session. If you do use the room, you will be asked to clean the room and wipe it down immediately afterwards. This will pose a unique challenge to in-person meetings with guests, and you may need to co-ordinate more online sessions. What could lead to an awkward situation is having guests go through a temperature scanner before they enter the boardroom. If your company or organization currently does not have any video conference technology, you may have to invest in a solution to have the use of meeting rooms.

6. Proper hand hygiene

Don’t be surprised to see several hand sanitization stations throughout your workplace, especially at entrances. Also, your organization will ask you to sanitize your hands before entering any area of the office, factory floor or retail space. Currently, people are wearing gloves to go to the supermarket. Gloves may not be appropriate for your working environment, but you can envision a situation where you may have to ask patrons or guests of your workplace to sanitize their hands before entering.

As you prepare yourself for a physical return to your previous workplace, do not expect the old norm, we’ll have to adjust to a new norm. As with all these decisions, organizations must take, they must be cautious and well thought out to protect the health and safety of their employees. Here at Jolera, we’re here to help with any concerns about organizing your company’s return to work. You can contact us anytime, and we hope you are staying safe and healthy.

Threats of the Week – May 7, 2020

Threats of the Week – April 22, 2020

RagnarLocker

The RagnarLocker ransomware targeted Portuguese multinational energy giant EDP. More than 10TB of sensitive files have been stolen. Attackers are now asking for $10.9M to prevent stolen information from being leaked and are threatening to notify customers, partners and competitors. In addition to the files that have since been released, the attackers have also included an edpradmin2.kdb file – a KeePass password manager database.

Source: Bleeping Computer

How do you protect yourself?

To protect yourself from Ransomware, you should first ensure your mail environment is protected to prevent any possible breach and then also protect your endpoints with services like Secure IT – Endpoint.

CVE-2020-0760

A vulnerability was identified when Microsoft Office loads arbitrary type libraries. This vulnerability allows the installation of programs, in addition to viewing, modifying and deleting data, as well as the creation of new accounts with full permission by malicious agents. For attackers to be able to exploit this vulnerability, the user must open an Office document, created especially for this purpose.

Source: Microsoft

How do you protect yourself?

Updates of Microsoft Office products now address the vulnerability by correcting how Office handles type libraries.

Trickbot

The Coronavirus crisis is being widely exploited by hackers to deceive users. The crew responsible for Trickbot are no exception. They sent hundreds of emails related to alerts and tests about COVID-19, containing malicious documents that install Trickbot Malware. Computers are infected with keyloggers, trojans and ransomware.

Source: ZD Net

To protect yourself from malware, you should first ensure your mail environment is protected to prevent any possible breach and then also protect your endpoints with services like Secure IT – Endpoint.

The Dangers of Working Remotely

The Dangers of Working Remotely

With remote workers reaching unprecedented levels during the COVID-19 pandemic, strengthening Wi-Fi access points and the devices that access them is becoming a necessity. Unfortunately, very little thought has been given to Wi-Fi in the security landscape leaving many people vulnerable to hackers. Before the onset of the COVID-19 pandemic, people were using public Wi-Fi for collaborating with co-workers, outside suppliers and customers, along with friends. What made public Wi-Fi so useful was that it was widely available and, more importantly, free. As of last year, there were a total of 362 million public Wi-Fi hotspots available around the globe.

Know the types of Wi-Fi attacks to watch out for.

Man-in-the-middle

The most often used attack for WIFI is called Man-in-the-middle. Hackers use Man-in-the-middle to intercept data packets as they travel from the person’s computer to the WIFI network. Think of this as cyber-eaves dropping. The hacker has access to your files and can view your messages. For a man-in-the-middle attack to work, the hacker needs to be in the range of an unencrypted WIFI access point. Or has set up a rogue WIFI access point that the unsuspecting person signs in on.

Evil Twin

Do you ever go into a Starbucks to work? You check for free WIFI, and you see two Starbucks access points available. You don’t give it a second thought and click on the wrong one. Well, that’s an Evil Twin situation, were the access point that looks legitimate, but isn’t.

One of the more famous Evil Twin attacks happened during the 2016 Republican National Convention, where 1,200 attendees connected to the IVOTETRUMP! Hotspot.

AirCrack, Passive Sniffing, Cowpathy and many more…

To prevent remote workers from these types of attack methods, what’s needed is to look at security more holistically. Many people, especially during this unique time, are unaware of the risks of using unsecured Wi-Fi. The organizations that these people work for also fail to take the proper precautions to protect remote workers wherever they are located and the data they access.

Ways to Protect Your Data

  • VPN
  • Secured Wi-Fi As-a-Service
  • Endpoint Protection
  • Firewalls (Virtual / Physical)
  • SIEM (Security Information & Event Management)

Organizations need to think of the whole picture instead of letting their deployed devices out in the wild. Data should be protected behind a Firewall, the devices accessing the data should be monitored and protected with endpoint protection. Instead of installing an access point and walking away, think of WIFI-as-a-Service, that includes a wireless access point but does much more such as advanced security information and event analysis, real live threat detection and remediation.

Each step taken builds upon your organization’s security posture and keeps both your users and your data safe and secure.

Threats of the Week – May 7, 2020

Threats of the Week – April 13, 2020

CoViper

Researchers have identified a new COVID-19 themed malware. This malware rewrites the Master Boot Record (MBR), rendering the device non-functional until the MBR can be reinstalled.

Source: SonicWall

How do you protect yourself?

Avoiding malware like CoViper should begin with user training and awareness; employees must know how to identify suspicious emails and attachments, as this is a likely mechanism for delivering malware of this kind. Organizations may sign up for automated programs such as Secure IT – User Defence to train their employees.

Avast Emulator

The emulator that loads the low-level antivirus engine was found to run unsandboxed, thus potentially exposing systems to attackers.

Source: Security Week

How do you protect yourself?

Avast has since patched the vulnerability, and it is suggested all users update to the latest version to ensure their devices are secure.

Netwalker Ransomware

Netwalker is ransomware formerly called Mailto that has become active recently. The new phishing campaign is using an attachment that contains an embedded Netwalker Ransomware executable. Once executed, the ransomware will encrypt the files on the computer and append a random extension to encrypted file names.

Source: Bleeping Computer

How do you protect yourself?

You should always have your organization’s email protected from phishing and malicious attachments. Ensure your email is protected with comprehensive security solutions, for example, Secure IT – Mail.

Rise in Remote Work Targeted Attacks

Rise in Remote Work Targeted Attacks

Google released a stat this week that 39% of its workforce is away from its various offices in the U.S. In Canada, its 44%. Also, this week, research firm Gartner Inc. reported that 88% of organizations have set up some work from home program.

Many organizations had little or no plans for securing these workers at home previous to the COVID-19 pandemic, which has created an opportunity for threat actors to target these people. Most of these individuals are focused on trying to be productive, while self-isolating to remain safe and healthy. For many, this new work-at-home reality has been challenging. The hacker community is taking advantage of this crisis to target vulnerable people who have their minds distracted by things at home.

Hackers are finding success using hidden mobile apps and unique distribution methods, according to the latest McAfee Mobile Threat Report 2020. The report found that mobile apps, third-party login and counterfeit gaming videos are the tools hackers are using to lure remote workers. Approximately 50% of all malicious threats were as a result of hidden mobile apps.

Terry Hicks, the executive vice president of McAfee’s Consumer Business Group, said mobile threats are playing a game of ‘hide and seek.’ McAfee has uncovered that hackers have expanded the ways of hiding their attacks, making them increasingly difficult to identify and remove, which makes it seem like 2020 will be the year of attacks from places organizations least expect them.

McAfee’s research found that hidden apps are the most active mobile threat, generating nearly 50% of all malicious activities. Hackers continue to target people through channels that they spend the most time on— their devices, as the average person globally is expected to own 15 connected devices by 2030. Hidden apps take advantage of unsuspecting individuals in multiple ways, including taking advantage of third-party login services or serving unwanted ads. Here are a few examples.

Malicious Apps

Remote workers who are learning how to work from home are dealing with gaps in there day that they occupy by playing games and seeking other multimedia experiences. Hackers are taking advantage of this by distributing malicious apps through links in gamer chat apps and cheat videos by creating their content containing links to fake apps. These apps disguise themselves as real with icons that closely simulate the actual apps but serve unwanted ads and collect user data. McAfee researchers uncovered apps such as FaceApp, Spotify, and Call of Duty all have fake versions trying to prey on unsuspecting users.

New Mobile Malware

McAfee researchers have also discovered new mobile malware called LeifAccess, also known as Shopper. This malware takes advantage of the accessibility features in Android to create accounts, download apps, and post reviews using names and emails configured on the victim’s device. McAfee researchers observed apps based on LeifAccess being distributed through social media, gaming platforms, malvertising, and gamer chat apps. Fake warnings are used to get the user to activate accessibility services, enabling the full range of the malware’s capabilities.

Legitimate Apps Used by Hackers

There are also legitimate apps aimed at stealing data used by Hackers. McAfee researchers found that a series of South Korean transit apps were compromised with a fake library and plugin that could exfiltrate confidential files called MalBus. The attack was hidden in a legitimate South Korean transit app by hacking the original developer’s Google Play account. The series provides a range of information for each region of South Korea, such as bus stop locations, route maps, and schedule times for more than five years. MalBus represents a different attack method as hackers went after the account of a legitimate developer of a popular app with a solid reputation.

What’s clear is that with so many more remote workers in play, hackers will have a bigger pool of people to target, which is why a comprehensive suite of security, backup, and management solutions for those who use Office 365 is an excellent route to protecting these users.

During this time of COVID-19, people need to protect their email with powerful tools that can scan the email tenant for phishing and malware. Not only do they need tools to look for the usual suspects but also advanced AI systems and tools such as a Security Information and Event Management (SIEM) system. These tools find suspicious or malicious events and have an extra layer of security by having real human beings that can take action and remediate potential security threats.Services such as Secure IT – Mail are able to fulfil the needs of keeping users secure while working remote.

5 Productivity Tips for Working at Home

5 Productivity Tips for Working at Home

The current COVID-19 situation has led to a lot of organizations to shift their entire workforce to work remotely. For some organizations, this means that employees may be working remotely for the first time. Working remotely changes the way teams interact and work together and staying productive can be difficult in these circumstances. Here are five best practices for keeping teams on task and fostering collaboration as teams work remotely.

1. Use A Reliable Platform

Solely relying on email to communicate with your remote workforce is ineffective. Users may receive many emails per day and miss important messages. Being able to communicate via web chat, phone call or video conferencing makes it easier and faster for users to talk to one another. It also allows users to easily share documents/their work and receive feedback in real-time.

2. Meet Regularly

Staying connected with employees is essential, especially if your team usually sees each other every day. Scheduling meetings (via video call or phone chat) to communicate throughout the day is a great way to stay engaged and keep one another updated on completed/ongoing tasks and goals.

3. Support Employees

Employees who are not used to working remotely may be struggling with the shift. The added social isolation and overarching health concern may also cause employees additional stress or anxiety. It’s important to check in with employees, listen to their concerns and empathize with their situations. If your organization offers an employee assistance program (EAP), remind employees that they have access to this additional support.

4. Stay Accessible

When working apart, users will need to communicate with one another more often. Unlike an office setting where employees can pop by your desk/office, employees have no idea whether you’re out to lunch or in a meeting. Leaving your calendar open or having a status notification displayed will inform employees of your availability. That way, they know if you’re too busy to respond to their query.

5. Prioritize Tasks

Help employees focus on their initiatives by providing direction on how they should engage with their current priorities. Discuss with each team member individually on where each person should direct their focus and ensure they know which tasks should be a priority. If you can narrow down their tasks, they will feel less overwhelmed and be able to direct their attention to the most critical projects.

For more tips and resources, we’ll be releasing our resource center soon!

Threats of the Week – May 7, 2020

Threats of the Week – April 6, 2020

Firefox Vulnerabilities

CVE-2020-6819 and CVE-2020-6820 allowed unauthenticated attackers to trick potential victims into visiting a maliciously crafted website to be able to execute arbitrary code on devices running unpatched versions of Firefox.

Source: Bleeping Computer

How do you protect yourself?

All users who use Firefox should install the latest version of Firefox 74.01, which has been patched. Mozilla released Firefox 74.0.1 and Firefox ESR 68.6.1 earlier to address these two critical vulnerabilities that were actively used by threat actors against vulnerable machines. 

CVE-2020-11548

The Search Meter plugin for WordPress through the latest version 2.13.2 allows user input within the search bar to become a formula. The attacker can achieve remote code execution via this method.

Source: National Vulnerability Database

How do you protect yourself?

This plugin hasn’t been updated for the last three major releases of WordPress, and it is advised you deactivate the plugin right away and look for alternative solutions.

Fake Zoom installers

Threat actors have distributed several different versions of Zoom client installers, which look legitimate, however, now officially from Zoom. These clients are bundled with malware such as Coinminers, Remote Access Trojans, and Adware Bundles.

Source: Bleeping Computer

How do you protect yourself?

You should always install software from the vendor directly to prevent accidentally using fake installers. If a fake installer is downloaded, ensure your computer is protected with endpoint protection, for example, Secure IT – Endpoint.