The list of ransomware victims continues to grow. On New Year’s Eve 2020, Travelex, an international foreign exchange company, disclosed that it was struck by the “Sodinokibi” ransomware strain. Also known as REvil, Sodinokibi ransomware prevents users from accessing their computer data by encrypting it behind a ransomwall. The ransom demand for Travelex was $6M USD. They also stated that failure to pay the payment within 2 days will result in double the ransom demand.

In an effort to mitigate the spread of the ransomware, Travelex immediately disconnect infected computers from its company network.

The cyberattackers revealed to BBC that it had actually infiltrated Travelex’s network 6 months prior, and had been able to steal over 5 GB of customer data. According to the group, they have got access to customer information including birthdays and credit card information. This has been a common strategy of newer ransomware strains. Releasing the stolen data is used as a second point of leverage to extort money out of victims.

Cyberthreat intelligence company Bad Packets stated that it had notified Travelex of 7 security vulnerabilities present in their systems in September 2019. The vulnerability was caused by a security flaw in the Pulse Secure Virtual Private Network. According to Bad Packets, the vulnerability was actually patched April of that year, but that Travelex had failed to update its systems to the newest software version, leaving them vulnerable to attack.

The vulnerabilities present in the Pulse Secure VPN were widely known in the second half of 2019. In August of that year, the Canadian Center for Cyber Security urged for Canadian businesses to update their software to the latest versions to protect against attack. In October, the US National Security Agency, and the UK National Cyber Security Center issued similar warnings.

What does the vulnerability allow cyberattackers to do to unprotected systems?

Cybersecurity researcher Kevin Beaumont stated that the VPN vulnerability, also called CVE-2019-11510, allowed for attackers to remotely gain control of unprotected systems even without the use of the user credentials of the computer.

As illustrated by the Travelex, keeping computers up-to-date with current software updates to protect against cyberattack.

Goodbye Windows 7 – today, January 14th 2020, is the day that Microsoft officially ends security support for Windows 7 computers. This means that PCs still running the decade old operating system will no longer be receiving security updates from Microsoft. According to NetMarketShare’s statistics, 1/3 of PCs around the world are still running Windows 7.

Microsoft urges all of these users to update to a newer operating system, either Windows 8.1 or Windows 10 in order to stay protected against malware threats such as ransomware. Sensitive personal information on your home or business PCs are at risk of exposure.

It’s not all bad news – Google has said that it will continue to release updates for its Chrome browser for Windows 7 until 2021. However, this by no means covers all security bases, and migrating to a newer operating system is still the best option in terms of cybersecurity.

If upgrading is not an option, follow these best practices to keep yourself protected:

For businesses still running Windows 7, your employees are the first line of defense against malware. One of the most common methods of infection is through malicious links in fraudulent emails – a strategy known as phishing. By education your employees with frequent seminars on current threats and phishing telltale signs, you can minimize the likelihood that malware can infiltrate your network. If you would like an overview on some of our recommendations against phishing, you can check out our article on the topic here: Phishing Scams – What are they and how can you protect yourself?

For both businesses and consumers, it is important not to store sensitive information such as credit card data on your Windows 7 PC. Furthermore, avoid using online banking apps on Windows 7 PCs.

Don’t fully rely on your Windows 7 PC’s storage. Keep backups of your important data in a separate location – either on an external hard drive, a USB, or on another PC. Some types of malware, such as ransomware, locks user data behind a ransomwall, demanding payment for its release. Once a computer is infected with ransomware and the data is encrypted, it cannot be read unless it is decrypted with a key only known by the attackers.

If you would like to learn more about the dangers of staying on Windows 7, you can visit our page here, or email any questions to info@gige.ca

The Canadian Centre for Cybersecurity recently stressed the importance of keeping VPN devices up-to-date. Because VPN devices act as points of contact between a network and the internet, they are particularly vulnerable to cyberattack.

The Centre for Cybersecurity identified four types of VPN that are particularly vulnerable: Fortinet Forigate, Palo Alto GlobalProtect, Pulse Connect Secure, and Pulse Policy Secure. Vulnerabilities in these VPN services can allow attackers to do anything from changing passwords of user portals to downloading malicious files onto the victims’ computers. For example, Palo Algo GlobalProtect VPN is susceptible to a vulnerability called CVE-2019-1579 which, when exploited, allows attackers to execute unauthorized code on a computer without the permission of the user.

Troy Mursch, an independent researcher, stated that over 14 000 Pulse Secure VPN endpoints were still susceptible to the CVE-2019-11510 vulnerability. It was found that industries including military, government, universities, and hospitals are still affected.

These vulnerabilities were discovered by DEVCORE researchers during the recent Black Hat USA 2019 Conference – a computer security event with a focus around training and briefing. Prior to announcing the vulnerabilities to the public, the researchers disclosed their findings to the affected developers so official fixes would be released simultaneously.

Between April and July this year, several patches fixing the vulnerabiltiies were released by Fortinet, Palo Alto Networks, and Pulse Secure.

Protecting Yourself from VPN vulnerabilities

When known vulnerabilities are announced to the public, it is essential that you update your affected systems to the latest patches. Cyberattackers are constantly scanning the internet for endpoint devices that are unprotected. Many are now automating this process, making the threat more immediate than ever.

GIGE IT Corporation’s network security technicians have years of experience designing and deploying security solutions for businesses. Don’t leave yourself vulnerable to cyberattack – contact us at info@gige.ca or 888 366 4443 to get started with us immediately.

Immunity Inc., an IT security consulting company, announced that a BlueKeep Exploit will now be included in CANVAS – the company’s commercially available security penetration-testing tool.

BlueKeep is a security vulnerability that affects Windows 7, Windows 2003, Windows XP, Windows Server 2008 R2, and Windows Server 2008. Also known as CVE-2019-0708, the flaw allows attackers to exploit Remote Desktop Protocol (RDP) in order to execute code on a victim’s computer without their permission. After infiltration, attackers are able to do everything from installing malicious software to stealing personal information. Microsoft patched the critical vulnerability on May 14th 2019 through a security update, but cybersecurity company BitSight still estimates that over 800 000 computers are still vulnerable as of July 2nd 2019.

Chris Day, Chief Cybersecurity Officer of Immunity Inc.’s parent company Cyxtera, states that the BlueKeep Exploit included in their penetration kit is not self-propagating. This means that if infection occurs during security testing, the virus does not have the ability to spread on the network.

Immunity Inc. is not the only company to have developed proprietary BlueKeep exploits. For example, cybersecurity company McAfee similarly developed a working exploit. Reverse Engineer Zǝɹosum0x0 had also done the same June of this year. However, neither of these parties released details of their exploit to the public, citing that it was too dangerous to release a working exploit to the public.

How do you protect yourself against the BlueKeep Exploit?

The most effective way to protect yourself against BlueKeep exploits is to ensure that you are using a supported and up-to-date operating system. If you are using one of the affected operating systems listed above, it is essential that you have installed the Microsoft updated issued on May 14th, 2019. Disabling Windows’ Remote Desktop Protocol on your PC and enabling Network Level Authentication will also make it more difficult for cyberattackers to infect your computer, but does not provide absolute protection against BlueKeep attacks.

We can help audit, design, and deploy customized internet security solutions to make sure your data is secure. Call us at +1 888 366 4443 or email us at info@gige.ca to learn more.

In a recent report, Microsoft has stated that supply chain attacks have become an increasingly pressing concern for cybersecurity professionals.

What are Supply Chain Attacks?

Computer software is constantly updated by developers. These are released to the public through cycles of patches. A supply Chain Attack is a type of cyberattack that infiltrates a victim’s computer through one of these updates.

By hacking into a software developer’s update code before it is released to the public, cyberattackers are able to avoid detection by antivirus protocols that are designed to allow these updates from trusted developers through their firewalls. In the past few years, this type of cyberattack has become more and more prominent, as illustrated by these following examples.

In June 2017, more than 10 000 computers in Ukraine were infected by a ransomware known as Petya. Incidentally, ransomware is a type of malware that locks sensitive data behind ‘ransomwalls’ and demands payment for its safe release. In its investigation, Microsoft uncovered that the attack originated from a hacked patch of the tax-accounting software MEDoc. It is now known that the attackers had illegally inserted a line of malicious code into one if its patches.

Three months later in September 2017, CCleaner, a software that unclutters old computer files, was also hacked using Supply Chain. The software’s developer Piriform stated that the malware inserted into its code stole sensitive data from victims’ computers and sent it to the cyberattacker’s computer.

A Growing Threat towards Cloud Computing

As the percentage of computers relying on cloud computing and online data storage grows, so too does the threat of cyberattacks such as Supply Chain. We are already seeing devastating damage being done to cloud servers with this kind of cyberattack. For example, Docker Hub, a cloud-storage service, was hacked in mid-2018 – an attack that lead to over 5 million infections.

Because it is often difficult for antivirus software to detect these attacks, Microsoft suggests that companies need to develop countermeasures to handle post-infection scenarios to protect themselves against Supply Chain cyberattack. An example of this is using network segmentation, which involves keeping critical computers permanently disconnected from the company network, so that it is not in danger even if a virus were to infect the main server.

Do you need help setting up or protecting your servers? Our technicians at GigE can help. Our networking solutions can help your company protect itself from cyberattack. We also provide IT consulting to help you identify weak points in your network. Call us today at +1 888 366 4443!

Due to major strides in cybersecurity protection in the past few years, cyberattackers have needed to find alternate methods of infiltrating victims’ computers. One strategy that has seen a recent increase is the exploitation of programs that already exist on victims’ computers – a strategy called “Living off the Land”. IBM has stated that over 57% of cyberattacks in 2019 have used this strategy to avoid detection by antivirus software. Furthermore,  a recent study IBM also discovered that one of the most common tools exploited by cyberattackers is a software called Powershell. So how do cyberattackers exploit your programs?

What does Powershell do?

The main function of Powershell is to automate system tasks and allow for computer administrators to access and manage computers remotely. This provides massive productivity advantages, as administrators can manage and repair computer problems regardless of the system’s location. Other features of Powershell include tasks such as network sniffing, which similarly improve IT workflows for system administrators.

Microsoft has preinstalled PowerShell on all its Windows systems since 2005, and since 2016 the software has become widely available on other operating systems as well.

How can it be exploited?

There are many characteristics of Powershell that make it a prime target that cyberattackers exploit. Most importantly, it is widely installed due to the fact that it is prepackaged on Windows systems. Furthermore, it has the ability to bypass the usual security walls by accessing memory directly.

One strategy used by cyberattackers is to leverage Powershell as a malicious downloader to install and propagate malware. For instance, the Trojan.Kotver malware exploits Powershell by installing advertisements onto a system without the victim’s permission. In this case, the cyberattacker would benefit from the revenue generated by the victim’s non-consensual advertisement views.

Another malware that exploits Powershell is PowerGhost. This malicious software installs cryptomining software onto the victim’s computer, essentially cryptojacking the infected system.

How do you protect yourself?

While cyberattackers can leverage frameworks like Powershell in their cyberattacks to avoid detection, initial infection often still uses more traditional methods such as phishing or social engineering. Therefore, the best way to protect yourself is to become aware of the threats and tell-tale signs of phishing attacks. With that said, there are also many strategies to reduce the vulnerability that comes with using Powershell.

Firstly, ensure to disable Powershell altogether if it does not assist in your organization’s IT operations. If it must be used, ensure to constantly keep track of its activity to identify suspicious commands. Be particularly vigilant for activity coming from unknown locations or at strange times. Also, make sure the latest version of Powershell is installed, as outdated versions pose an even greater security threat.

Do not fall victim to cyberattack. Call us at +1 888 366 4443 for more information on how to keep yourself safe.

The first major data exposure of 2019 has occurred. VOIPo, a Voice-Over-IP service provider based in California, accidentally publicized its databases, leading to almost 7 million VOIP call logs, message logs, and other sensitive information being leaked. The leak was discovered by Cloudfare security researcher Justin Paine, who found out that VOIPo’s data was available on the search engine Shodan. Shodan is a platform like Google or Bing that indexes webpages, but it also does so for other devices such as smart TVs.

This is the second VOIP data leak event within the last 6 months. In November of 2018, Voxox, another VOIP service provider, similarly left their databases accessible to the public.

What is Data Exposure?

With many organizations moving to network-based and cloud-based data storage, data leakage is now a more relevant problem than ever before. Because sensitive data is kept on the internet, it is easily accessible by virtually anybody if a mistake is made in password protection. Often, data exposure is the result of an accidental error in configuration. For instance, in the case of VOIPo, it could have been a mistake as simple as setting the data to public instead of private in a settings menu. With search engines such as Shodan that index everything from webpages to webcams, any address that is not protected instantly becomes identifiable and accessible by anyone with an internet connection.

How do you prevent Data Exposure?

One of the easiest and quickest ways of securing your databases is by using 2 factor authentication. This is an extra step of security that involves connecting a device or secondary email to your login process, so that whenever an unfamiliar device logs they will also require access to your device to enter your account. This ensure that even if an individual has your login credentials, they will still be unable to access your data.

It is also essential to constantly monitor account activity. A sudden increase in activity may indicate that your data has been accidentally exposed to the public.
Don’t fall victim to data exposure. Contact us at 888 366 4443 for more information on our IT security services!

Cyberattackers have recently taken an interest in hacking company loyalty programs. This was illustrated by a recent data breach in Marriott, which affected over 500 million customers. The guests that were affected were a part of the organization’s Starwood Preferred Guest loyalty program, which is a joint program by Marriott and Starwood Hotels and Resorts. A total of 327 million accounts are believed to have been compromised as a result of the incident.

Why loyalty programs?

Loyalty programs are often large financial aspects for companies, being billion-dollar industries. Therefore naturally they become prime targets for cyberattackers. It was reported that in the above incident, over 100 000 loyalty points were stolen. Furthermore, it was reported that there are other stolen products available on a platform called Dreammarket, including Delta Skymile loyalty points.

While people are extremely vigilant in protecting their credit card data, they often do not use as much care in protecting their loyalty points. A survey completed by Connexions Loyalty found that many customers do not regularly check their loyalty accounts, and that 1 in 10 user have not actually logged on to their accounts at all. This creates a very appealing target for cyberattackers.

Furthermore, the same carelessness extends to the passwords and usernames that people use on their loyalty accounts, which are often recycled from different accounts. This makes it even easier for cyberattackers to prey on these accounts. A study carried out by Creditcards.com on 27 loyalty programs found that the security of 50% of the companies used a 4 digit pin, or passwords with 6 characters or less. Also only 1/3 of these offered two-factor authentication.

This negligence is not only limited to the customers. Companies often do not protect the loyalty accounts of their customers with the same level of diligence as they use for credit card information.

Don’t fall victim to cyberattack. Contact us today at 888 366 4443 to protect your organization’s loyalty program. You can learn more about our security services here.