A new security vulnerability has been discovered in Citrix devices. The Canadian Centre for Cybersecurity has advised Canadian businesses to temporarily disconnect their Citrix devices from the internet. The repair patch has been rolled out as of January 19th 2020, with additional patches scheduled for January 24th. Users are advised to patch their devices as soon as possible.

The vulnerability, codenamed CVE-2019-19781, has been officially confirmed to be circulating in Canada. Exploiting the vulnerability allows for a cyberattacker to gain control of a computer without the use of valid credentials.

Products that are affected by the vulnerability include Citrix application Delivery controller, Gateway, and SD-WAN WANOP devices.

 

Why are Citrix Devices being targeted by Cyberattackers?

In many organizations’ networks, Citrix devices are often connected to both employee workstations as well as backend servers. Therefore, if a cyberattackers gains access to a Citrix device, they are in position to further the attack by spreading malware throughout the network. London-based cybersecurity company Positive Technologies noted that Citrix devices are often the first point of attack for many cyberattackers.

The exploits have been released publically

On January 10^th, Project Zero, a group of cybersecurity researchers, released the first Proof of Concept (PoC) of the Citrix device exploit. PoC exploits are often released to the public as non-harmful attacks meant to show vulnerabilities in software to help companies patch them. However, FireEye researchers discovered that malicious versions of the exploit were circulating shortly after the PoC was made public.

What can you do to protect yourself?

Citrix has provided a list of protective measures. You can read more about them here. However, the Canadian Centre for Cyber Security noted that these defensive measures won’t be effective for all devices. In the case that they cannot be applied to your device, they recommend that it is disconnected from the internet until a new patch is rolled out.

Our cybersecurity experts can help you find vulnerabilities in your company’s network. Don’t fall victim to cyberattack. Call us at +1 888 366 4443 or email us at info@gige.ca for more information.

Cloud computing grew drastically in 2019. However, cloud security has dragged behind in development which has resulted in some of the most devastating cyberattacks in history.

In traditional offline computing, programs and data are stored locally on a machine. On the organizational scale, data may be stored and shared on local servers that are linked to office devices within an enclosed network.

Cloud computing changes this model – instead of keeping files and programs stored locally, they are instead running on servers of tech giants such as Microsoft and Amazon and are transferred in real time to local machines over the internet. Common cloud computing platforms include Microsoft Azure, Amazon Web Services (AWS), and Google’s Compute Engine.

 

SaaS, Paas, and IaaS

There are three major types of cloud computing services. Saas, or Software as a Service, involves running programs via a web browser instead of on a local machine. An advantage of this is that end users no longer have to download update packages and that app speed is only depends on internet speed.

IaaS, or Infrastructure as a Service, includes components such as servers, storage, and networking.

Finally, PaaS, or Platform as a Service, is used by software developers to build applications.

There are many advantages to cloud computing. For businesses, cloud computing is a much more flexible and scalable option compared to on-premise solutions. Furthermore, cloud computing opens the door for many pay-as-you-go computing models, eliminating the need to purchase perpetual software.

Security Threats of Cloud Computing

The rapid growth of cloud computing – and the failure of cloud security to keep pace – has resulted in a number of devastating cyberattacks this year.

In July 2019, Capital One announced that it had suffered a data breach affecting over 100 million of its customers.

APIs are a new security weakpoint

APIs, or Application Programing Interfaces, are the channels through which a computer can communicate with a cloud service. APIs have become a vulnerability that is often exploited by cyberattackers when targeting cloud based systems.

GIGE ensures that your company is fully prepared for the cloud cyber threats that will come in 2020. Get started with us now by calling +1 888 366 4443 or emailing us at info@gige.ca

VPNs, or Virtual Private Networks, is a secure connection between computers over the internet. It allows for data to be transferred among computers in a more secure environment than over a public network. Alex Seymour, a cybersecurity researcher at Immersive Labs, recently discovered two new VPN vulnerabilities in Aviatrix VPN: a VPN service used by enterprises such as NASA.

Seymour notes that the two vulnerabilities, named CVE-2019-17387 and CVE-2019-17388 should serve as “a wakeup call for the industry”, as VPNs are often regarded as a highly secure aspect of security solutions.

 

How dangerous are the vulnerabilities?

CVE-2019-17387 affects the operating systems Windows, Linux, and macOS. The exploit allows for cyberattackers to execute arbitrary code with elevated access. It does this by exploiting the certificate validation process that Aviatrix uses to legitimize users. By gaining access to this, sit can recreate certificates and execute code.

CVE-2019-17388 affects Windows and Linux. Seymoure discovered that on Linux operating systems, file modification privileges are weak and allow for elevated code modifications. Meanwhile on Windows systems, it was discovered that legitimate services could be replaced by malicious processes.

While the two VPN vulnerabilities described above only pertain to the Aviatrix VPN, Breakpointing Bad and the University of New Mexico have recently released information a vulnerability that allows cyberattackers to breach any VPN connection. They described the process as follows: First an attacker identifies the IP address of the VPN target. Then, the IP is used to determine the status of active connections. Finally, access the TCP session using unsolicited packets sent to the connection.

In addition to releasing information on the method of attack, the researchers also released notes on some a common method of protection: reverse path filtering Significantly, they noted that turning reverse path filtering may not be enough to prevent a VPN hijack due to the fact that the first two stages can still be successfully carried out

Don’t leave yourself unprotected against VPN exploits. Call GIGE IT Solutions at +1 888 366 4443 or info@gige.ca for more information on how to protect yourself.

50% of the workstations at an international airport in Europe have been infected by a cryptomining malware. The breach was discovered by researchers from cybersecurity company Cyberbit. The researchers stated that they detected the malware due to abnormal activity of the PAExec tool and Reflective DLL Loading on the infected computers.

What is cryptojacking?

Cryptojacking malware is a strain of malware that uses the computing resources of infected PCs to generate cryptocurrency for the attacker.

Cryptocurrencies are digital currencies such as bitcoin and ethereum. By dedicating computer resources for cryptomining, individuals can generate these digital currencies. Cryptojacking involves maliciously using a victim’s computer to cryptomine digital currencies for the cyberattacker without the consent of the victim.

There are many symptoms associated with cryptojacking including computer slowdowns and overheating issues. You can read more about cryptojacking in our article here.

 

What is PAExec?

PAExec is a program that allows a Windows computer to remotely connect to another Windows computer and execute a program without having to install it on the remote computer. The cybersecurity researchers at Cyberbit stated that PAExec was used to execute a malicious file called “player.exe” which stole the infected computers’ resources to mine a cryptocurrency called “Monero” for the cyberattacker. The cybervirus was able to avoid detection because it used a highly modified version of a previously known malware – CryptoMiner Variant #2.

Significantly, PAExec allowed for administrative code execution on the infected computers, which means that it was allowed to bypass antivirus protocols for detection.

How was the airport impacted?

It was discovered that the cryptomining malware gave the malicious program priority to use system resources. That means that infected computers would suffer from slowdowns and increases to power consumption. Both of these reduced the service quality of the airport and negatively impacted the businesses’ bottom line.

How does cryptojacking malware infect PCs?

It is not known how the computers became infected with the malware in this incident. Historically, there have been several known methods of infecting computers with cryptomining malware. Negligent employees can mistakenly install malware onto company computers by clicking malicious links in emails or visiting malicious websites. In another vein, malicious insiders can install malware deliberately. Outside attacks can involve strategies like fake emails or exploiting security vulnerabilities.

Don’t fall victim to cryptojacking. We can help you design and deploy network security solutions. Call us at +1 888 366 4443 or email us at info@gige.ca to get started today.

In two separate incidents, U.S. companies American Express and Yahoo have both been affected by data breaches of their clients’ personal information. Both attacks were the result of insider threats – a type of cyberattack caused by an internal person in the company.

The American Express Incident

American Express stated that data that was leaked included names, addresses, birthdays, SSNs, and account information of its customers. On September 30^th, the company began distributing a Notice of Data Breach to affected individuals. In the notice, American Express stated that the information was maliciously accessed by one of its own employees. The employee, who is no longer at American Express, accessed the data with intent for fraudulent use.

The Yahoo Incident

In another incident, a Yahoo software engineer pleaded guilty to illegally accessing 6000 Yahoo accounts. The engineer stated that they specifically targeted accounts that belonged to women. Personal images and videos of the hacked accounts were downloaded onto a hard drive in the perpetrator’s home computer. The engineer also stated that they destroyed the data when an investigation began. Yahoo stated that the engineer is no longer working for the company.

 

What is an Insider Threat?

We often hear of cyberattacks as an external threat, and that our data is safe as long as our firewalls and backups are protected from the outside. However, a study conducted by McKinsey on data breaches between 2012 and 2017 showed that 50% of reported data breaches are attributable to internal employees. 44% are associated with negligent threats, and 6% with malicious threats.

A negligent insider threat occurs when an employee unknowingly or carelessly causes a malware attack on the company. In negligent insider attacks, the employee does not have malicious intent when compromising the company. Examples of this include clicking on a malicious link in an email and connecting a compromised device to the company network.

To mitigate the risk of negligent insider threats, hold frequent seminars on cyber hygiene, recognizing symptoms of phishing, and signs of malware infection. Furthermore, network segmentation ensures that even if part of your network becomes affected, critical areas remain secure. For more information on best practices on cybersecurity, navigate to our article here.

A malicious insider threat is characterized by deliberate malevolent intent. These types of insider attacks are particularly dangerous to the company, as insiders often have detailed knowledge of internal protocols and security measures in place. One of the most common strategies used against this type of attack is employee monitoring software. This software detects ‘abnormal’ activity on an employee’s computer and reports it back to a system administrator. However, there are many disadvantages to this solution. In addition to the concerns for privacy and misuse, alerts are very prone to false positives. Furthermore this is a reactionary strategy, meaning that the attack has already occurred when the administrator gets a notification. One of the ways to counteract the privacy concerns is by using microsegmentation – a strategy that involves monitoring groups of PCs instead of individuals. Microsegmentation also reduces load on system administrators as they will have less systems to monitor and manage.

We can help you identify areas of vulnerability in your network. Contact us at +1 888 366 4443 or info@gige.ca for a consultation today.

Malware, or malicious software, is any piece of software that is developed with malicious intent. There are many strains of malware that do everything from stealing sensitive data to locking files behind ransom walls.

There are many ways that a computer can become infected with malware. Many of these, such as phishing, rely on user mistakes. Phishing is a method of infecting a computer with malware by attaching fraudulent links or attachments to emails, pretending to be sent from legitimate sellers. Once the user clicks on the fake link, a malicious file is downloaded onto the victim’s computer.

Once a malware infiltrates a computer, it often communicates back with the cyberattacker’s terminal through the internet.

The effects of malware depends on the strain that is used. For example, ransomware is a specific type of malware that encrypts the files on a victim’s computer and demands a ransom to be paid, often in digital currencies, for the data to be released.

Another type of malware is called a botnet. This type forces groups of infected computers to become under the control of the cyberattackers, who then uses the botnet for further malicious activity such as launching Denial of Service (DOS) attacks on other targets.

 

Worm Capability

Some malware have worm capability – this is a functionality that allows it to spread to other computers without user input. This makes worming malware extremely dangerous, as it can spread throughout entire networks without being detected.

An example of a worm-capable malware was Wannacry – a ransomware that was able to infect over 100 000 computers within 24 hours in May of 2017.

 

How do you Stop It?

Keep admin privileges on a need-to-have basis

In general, the less administrative privileges that a company’s computer has, the less of a weak point it is to the network as whole. It is important to keep administrative rights to only a few management devices, so that it is less likely that a key target computer becomes infected.

 

Segmenting your network with air gaps

As described above, worm malware can spread itself across a network without user input. The most secure way to protect your sensitive devices is by disconnecting them completely from the network. That way, if one segment becomes infected, you can be sure that another segment is still secure. Don’t fall victim to cyberattack – let our network experts help you design custom security solutions to keep your company’s data safe.