6/17/16 Weekly News: Most Organizations Unprepared for Cyber Threats, Email Scams Take $3b, Google Invests in Bug Bounty.

This week we at Astria found several interesting articles for discussion, including a report from RSA on the state of cyber-security levels worldwide, news from the FBI that losses from email scams have drastically increased in the past months, and Google investing further in the security of its Android OS.


RSA Research: "75% of Organizations are at Significant Risk of Cyber Incidents."

Security company RSA's findings in its second annual Cybersecurity Poverty Index revealed some unfortunate facts about the state of information security. It seems that about 75% of their survey respondents were found to be at a significant risk of various cybersecurity incidents, and about 50% were poorly prepared or even entirely unprepared for a cyber-attack on their network. The report notes that although most organizations are aware that cyber-security should be important, most do not invest in it until they experience a security incident themselves, largely because many organizations do not fully realize the costs of such security incidents.

This is certainly concerning, but it emphasizes how much people can do to help this situation. The biggest problem is a lack of knowledge, of the risks, and of what constitutes proper security. But spreading awareness and building the security mindset are incredibly key in improving these statistics.

Network World: "FBI: Business email scam losses top $3 billion, a 1,300% increase in since Jan."

This article by Network World discusses the FBI's Internet Crime Complaint Center (IC3) announcement last week that the losses from e-mail based scams in businesses have reached over $3 billion, with nearly one third of that amount stolen from US businesses. The scams seem to have targeted businesses of many different industries, and do not seem to be targeting any particular type of business.

The scams are generally written as if from the company's CEO, often asking the victim for information (such as W-2's) to be sent over email or for funds to be wired to the criminal's account. Since the emails are well researched and often professionally written and formatted, the mid-level employees targeted by these scams often believe the requests are genuine, and don't question sending the funds or information to steal employee identities. The FBI has found, the losses from these scams have been increasing rapidly, proving that it is often more practical for criminals to perform social engineering attacks over more complicated malware to steal from businesses.

Security Week: "Google Increases Android Bug Bounty Payouts."

In more positive news, Security Week reported that Google has increased the payouts for its bug-bounty program for the Android OS. For those who aren't familiar with them, Bug-Bounty programs reward hackers for finding bugs and vulnerabilities in different software and disclosing it to the developer first. This allows the developer, in this case Google, to improve on their software, in this case Android OS, and limit vulnerabilities before they are actively exploited by malicious hackers.

The fact that Google is investing more in something that can improve Android's security is definitely a great sign. While their payouts are not considerably high, the more that developers invest in bug-bounty programs, the more that white-hat hackers can succeed and improve the security of software. Because software is never written perfectly, vulnerabilities will often exist, and it is much better for developers to able to patch it before attackers even know they exist.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com

6/8/16 Weekly News: How the LinkedIn breach effects you, Ransomware strikes the University of Calgary

Welcome back to Astria Horizon, your stop for information security news from across the web. This week, we'll be discussing some of the fallout from the 2012 breach of LinkedIn accounts. With the sale of information on over 117 million user accounts, many people may be wondering how it effects them, and why anyone would bother stealing information from a primarily social website. Two of our articles today will speak to the value of this information, and how it could be used by criminals. Additionally, the third article for the week covers another high-profile case of ransomware, this time infecting a University.


1. Krebs on Security, "Password Re-user? Got to Get Busy."

The first article today talks a bit more to the subject of the LinkedIn breach, particularly the subject of re-using passwords. Krebs on Security reported that in light of the breach, other major companies such as Facebook and Netflix may require some users to change their passwords. They are known to check the records for users who may have been exposed in breaches such as these, and contacting these users to recommend password changes on their websites as well as others.

Even if you do not hear from any of these companies, if you are in the habit of re-using your online passwords, it would be wise to consider changing to unique passwords across the board. The problem with reused passwords is that hackers often check breached passwords at multiple sites. So while a breach at LinkedIn may only reveal some basic information about yourself, the password you used could also allow the thief to access your eBay, Amazon, or PayPal account, which of course is quite a bit worse. Ultimately, the best strategy is to use unique passwords at each website.

2. WatchGuard Security Center, "Data from LinkedIn breach used in targeted email attack."

Staying on the topic of the LinkedIn Breach, this short article from WatchGuard discusses what cyber-criminals have been doing with the stolen information. CERT-Bund, Germany's federally sanctioned computer emergency response team, issued a warning that the stolen data from LinkedIn is being used to send targeted email-based attacks on victims of the breach. The emails are sent with information found on people's profiles, including name and job title to make the email look more legitimate, to encourage the victim to open a malicious attachment that contains varying types of malware.

The emails unfortunately look fairly legitimate, and for CERT-Bund to have issued a warning, the issue must be fairly prevalent. While so far the attacks have been in Germany, it is likely that similar emails may start appearing in the US as well. The biggest take-away is to be careful, and never open attachments from people you do not know. Just because an email looks official doesn't mean that it's safe, as cyber-criminals have become much more sophisticated in their methods of attack.

3. We Live Security, "University of Calgary bows down to ransomware demands."

In another unfortunate case of ransomware attacks, We Live Security has reported that the University of Calgary has given in to the criminals' demands. After apparently 10 days of battling the infection, the university decided that the best course of action was to pay the ransom of over $20,000 CND. It was not stated what ransomware variant infected their systems, or how it got in to their network, but it seems likely that proper backup procedures were not in place for the university to recover to.

As we have discussed in the past, we never recommend paying ransomware demands. Not only is it funding future illegal activity and painting yourself as a "paying customer" for future attacks; there is also no guarantee that you will receive genuine unlock codes. On top of that, many new variants of ransomware also leave behind other forms of malware to steal information even after successful decryption. If your system does get infected with ransomware, the safest course of action is to wipe and rebuild it, ideally from a recent backup.


That's all for this week, check back next week for more news on Information Security. And if you want more information on how Astria Business Solutions can assist you in meeting your business' information security goals, visit our website at AstriaBiz.com

Macs, Malware, and Mythology

In the battle of which operating system is the "best," the biggest factor is usually simply what you are used to and comfortable with. But arguments will always arise, and one of the most common arguments for Mac systems and OS X is that they don't get viruses. But is this accurate?

Just this past month, Malwarebytes set out to shed more light on this issue, specifically discussing malware on Mac systems, and if they truly need antivirus and antimalware products, and the answer may surprise you.

According to their article, which you can read here, Macs can indeed get viruses and malware. While there are fewer types of attacks on these systems than on PCs, that number is beginning to shift as well. As Macs are becoming increasingly popular, more malware is being written to exploit those users. In fact, they state that in 2015, there were five times as many OS X malware detections than the previous five years combined.

This is particularly increasing because many Mac owners do not believe they need any antivirus, leaving these systems much more exposed to attacks. With more and more Macs being used, and a large percentage of those without any additional protection against malware, cyber-criminals are finding it profitable to attack these systems as well. So while there may be fewer vulnerabilities on Macs than on PCs, the number of attacks on Macs are certain to increase.

The Malwarebytes article even goes on to cover what sorts of attacks are already affecting systems running OS X, including adware, information stealers, and even a recent instance of ransomware. Adware is the most prevalent, as it is one of the simplest to implement, but the fact that more serious forms of malware have been found is concerning. As cyber-criminals see more value in attacking Mac systems, more and more forms of malware are likely to be developed.

The moral of the story? Macs are not invulnerable, and need to be protected just like any other system. Fortunately, thanks to their increasing prevalence, there are now plenty of options for antivirus on OS X. Find a company that you are comfortable with and that has a well rated antivirus/antimalware, and install it to better defend your Mac today.