Archive for the ‘Computer Security’ Category

Avoiding Extortion Hacks that May Embarrass You or Your Company

Posted by

Hackers are the epitome of persistent. Where many will run into obstacles and quit trying, hackers will stay up all night and neverendingly brute-force their way through firewalls and other barriers or will try to find ways to break rules or go around them. AHackers are like a cat, patient and willing to wait while plotting and devising new ways to hack your system for weeks and months at a time.

Moore’s Law does not apply for hacking breakthroughs, but if you are a follower of cybersecurity like I am, you will know that their methods get stronger and more complicated by every year. Last year we experienced several troubling trends and next year will most certainly bring more.

Here is one hack you can expect and that you need to take steps to protect yourself.

extotion-hack

Extortion Hacks

If you didn’t hear, Sony was hacked at the end of 2014. It was predicted that hacker extortion attacks would increase in 2015. By extortion, we were referring not to standard ransomware attacks, whereby malware encrypts or otherwise locks access to a victim’s computer until the victim pays a ransom. The security firms meant extortion hacks where hackers extort companies and individuals by threatening to release sensitive and private company or customer information if they don’t pay a ransom or make good on some other expensive demand. With these attacks, even if a company or individual has backed up the data and doesn’t care that hackers have locked you out or locked your files, public release of the data could ruin you and your customers reputation, trade secrets etc….

It is not easy to track such attacks. If the victim acquiesces and pays the extortion money, nobody except the victim and the hacker may will know the extortion occurred. There are at least two extortion hacks on record for 2015:

1. Ashley Madison, a website designed to find people to cheat on your spouse with website was hacked, which took down a CEO and exposed millions of would-be cheaters to public ridicule.

2. An even worse extortion hack of InvestBank in the United Arab Emirates, resulted in the exposure of customer account information.

Extortion hacks play to the deepest fears of companies and executives—if not handled well, company secrets are exposed, customers file lawsuits, and executives lose their jobs.

So think about the data you keep on your computer. It is wise to have a data cleansing procedure to erase data that is no longer important. It also would behoove you to have a strategy in place to use different email accounts, aliases, and prepaid credit cards for signing up for web services that might come back to embarrass you later if your account data were to be leaked.

South City Computer offers computer consulting and business IT services to assist you in evaluating and mitigating your risk of such attacks and hacks.

Don’t Get Tricked By Emails with Attachments

Posted by

12 million people suffered a computer virus attack in the last six months. Many of those attacks were in the form of email attachments.

Here is a story from one of our customers recently:

An email from FedEx came into Loretta’s inbox that included an email attachment file. The email is titled “FedEx Tracking Receipt” and appears to look like a real FedEx email. The email instructed Loretta to download the attachment file that is alleged to be the tracking receipt. Loretta didn’t stop to consider that she had not recently shipped a package with FedEx, but was confused into downloading the file to verify there was a mistake by FedEx she needed to correct. Unfortunately for Loretta the email attachment file was a virus installation program disguised as a FedEx tracking receipt.

Don’t fall for this common email scam. Before you download an email attachment, stop to consider whether it seems legitimate to you. Did you recently interact with the company that it appears the email was from? Would your friend really send you a naked picture of Britney as an email attachment? Consider it junk email before you consider it real legitimate email.

Tips to stay safe on the Internet

Posted by

computer-repair-scams-st-louisKeep your computer system up to date. Run updates regularly and also have a running up-to-date anti-virus software if you are using Windows. Never allow your anti-virus software become out of date. Newer and better malware and computer viruses are released on the Internet every day.

Use 2-factor authentication whenever possible. This can mean having your cell phone number and an email address connected to your account. This way if one becomes compromised there is still another way to retrieve your hacked account.

Monitor your bank account and credit card account activity regularly. Keep an eye on your expenses, if you notice anything unusual contact your bank or credit card company immediately.

Use a Paypal, Google or Amazon account to make online purchases. This keeps your credit card or bank account information confidential with one trusted source. Don’t share your credit card information on any website that doesn’t take an alternative payment method such as Paypal, Google Wallet, or Amazon Payments.

Maintain strong, hard to guess, passwords. Try to come up with something memorable, yet complex. Use a capital letter with lower case letters, numbers, a symbol, and something that has a length of 8 or more characters are recommended.

Use different passwords for social media accounts than the one(s) you use for your financial accounts. Make sure the passwords are not alike either. This way if your social media account becomes compromised, then you bank account won’t be next in line. Just using different passwords could save you a lot!

Never share your password or login credentials with anyone.

Never allow anyone to connect to your computer using a screen sharing software without verifying they are a trusted computer repair company.

Never open attachments in emails you are not sure of their authenticity.

Never give out your Social Security number or credit card information unless you initiated the phone call and verified the phone number is who you indeed are trying to contact with a secondary source such as a phone book.

Use privacy settings on your social media accounts that will only allow friends to see your personal information and what you post. Also put as little personal information as possible into social media sites. Scammers and hackers can learn a lot about their victims by simply looking at social media posts.

Keep your system backed up. New computer malware and viruses can corrupt your data so that it cannot be recovered.

Apple Ransomware

Posted by

apple now targeted by ransomewareApple computers are not immune to malware vulnerabilities. A new form of malware called “ransomware” is targeting Apple’s Mac OS X operating system. Ransomeware is a computer virus that encrypts important data such as pictures, videos, music, and documents in order to “hold it for ransom” at an unsuspecting victim’s expense. If the victim pays the ransom then, hopefully, they would receive a key to decrypt their data, known as a decryption key. Unfortunately many times there is no decryption key and the victim loses not only their data but possibly up to $700 USD in ransom payment. The ransom payment transaction occurs using an anonymous payment method in order to conceal the identity of the scammer holding the data ransom so that there is no trace. Ransomware is usually spread via email attachments, peer to peer file sharing, and more recently removable devices such as external hard drives and USB flash drives.

While this is not the first time Apple computers have been vulnerable to malware attacks, such as the FBI virus a few years ago, a recent Reuters report revealed that ransomware was targeting Apple computers for the first time. Ransomware is already rampant on computers running the Windows operating system. Many variants of the trojan horse already exist such as Bitlocker, CryptoWall, Cryptorbit, and CryptoLocker or Crypto-malware. So far the ransomware has infected Apple computers via peer to peer file sharing networks using bit torrent.

There is no easy fix for the data that has been affected by the ransomware. Without the decryption key the data is scrambled to a point that it cannot be deciphered using current technology.

“The best way to protect your data from a ransomware attack is to have an archive backup of the important data on a computer” says South City Computer security expert Nestor Wheelock. “Because the archive is completely disconnected from the live file system the ransomware will not encrypt the data”. While this form of data backup service is complex and daunting to most computer users, South City Computer offers a service package that includes this type of backup service. If you need assistance setting up this type of backup service contact South City Computer or a local computer repair store near you.

Credit Card Skimmers Found at St. Louis Gas Pumps

Posted by

Credit cardsA recent plethora of reports of stolen credit card numbers in the St. Louis metro area has led authorities, banks, and credit and debit card customers on a wild goose chase to recover their stolen funds. The cards numbers were “lifted” using credit card “skimmers” that were inserted into several metro area gas station pumping machines. A credit card skimmer is a computer device small enough to be inserted into a credit card reader that has it’s own credit card stripe reader and usually some sort of radio or Bluetooth device to transmit the information to another computer in order to commit credit card fraud.

Several gas station customers in Ladue, Webster Groves, Clayton, St. Louis City, and other areas in the St. Louis metro region have reported being victim to this recent credit card scam. Hundreds to thousands of credit card numbers have been stolen without the victims knowledge due to the credit card skimmers being nearly impossible to spot. The credit card skimmers are inserted into the credit card reader of a gas station pump in order to collect the information stored on the back of the card during the swipe. The information stored includes the credit card holders name, address, phone, and credit card number, that is then used to create a fake credit card that is used to make fraudulent purchases.

How to know if your card has been compromised

It is hard to know unless you start seeing unauthorized charges happening in your account. Some banks will catch these charges right away and restrict your account if they seem unusual to your normal buying behaviors. These charges vary and appear to be mostly at local St. Louis metro area businesses but sometimes can appear from other states. Usually the first charge will occur at a Walgreens for over $100, and then after that the charges will vary from gas stations, stores, and fast food restaurants.

What to do if your card has been compromised

Contact your bank or card issuer immediately and let them know what charges you believe to be fraudulent. They will have their own security department investigate the fraudulent charges and may further instruct you to file a police report.

Avoid Phone Technical Support Scams

Posted by

computer-repair-scams-600x520Cybercriminals claiming to be from Microsoft or an anti-virus company may call an unsuspecting victim on the phone. The victim’s information is usually obtained through publicly available phone directories so they scammer may also know other information such as the victim’s name and address when they call.

The victim will be informed that a virus or malware was detected on their computer or that their computer is having an issue. The cybercriminal may prompt the victim to check to see if certain files are on the computer that they will claim are a virus. They may prompt the victim to go to certain websites to convince them they need tech support.

The cybercriminal may prompt the victim for a user name and password, or to install software so they can access the computer in order to fix it. If the remote access software is successfully installed, the victims private data including passwords, user names, personal documents, images, financial information, and virtually all data on the computer has been compromised.

Victims of this scam are urged to secure their accounts including their financial accounts to ensure that they do not become further victim to the scam. It is recommended that the compromised computer be reset to the manufacturer default settings in order to ensure that the cybercriminal no longer have access to the computer. NOTE: Setting a computer to the manufacturer default settings will result in data loss,and may require technical support from a local computer repair company. Contact South City Computer today for professional computer technical support.

Did the Cardinals hack the Astros

Posted by

binary tunnelIt seems almost common these days to read about corporations engaging in blackhat hacking operations to steal data from their rival competitors, but never before have we heard of the same blackhat hacking tactics being used by professional sports league teams.

Earlier this week a story was reported by the New York Times about an FBI investigation into the St. Louis Cardinals Baseball team for an alleged hacking event that took place on the computer database system of the Houston Astros Baseball team sometime in 2013.

The Astros allege that someone working for the Cardinals hacked into a closely guarded database where the Astros kept top secret information about the team’s players. The compromised database system known as “Ground Control” was developed by Jeff Luhnow, a former St. Louis Cardinals executive that developed a similar database system known as “Redbird” for the Cardinals team before leaving to work for the Houston Astros.

Law enforcement investigators say that the hack did not appear to be sophisticated. The intruder just brute forced the “Ground Control” system using passwords that Mr. Luhnow used for the “Redbird” system during his time with the St. Louis Cardinals. They also traced the illegal login activity to an IP address of a St. Louis Cardinals employee’s former residence.

Could it be that the St. Louis Cardinals actually used blackhat hacking efforts to break into the Houston Astros system to gain insider knowledge about the team’s players in hopes to gain a competitive advantage? Or could this be a negative publicity attempt by the Houston Astros towards the St. Louis Cardinals as they are known rival teams.

Without being able to actually analyze the computer that illegally connected to the Astros “Ground Control” system it is hard to prove that somebody working for the St. Louis Cardinals actually did what is alleged. Since the event happened in 2013 it may be hard or impossible to even find the computer that connected to the system that would contain the logs necessary to prove the hacking event was performed by an agent of the St. Louis Cardinals.

It is also possible that an agent working on behalf of the Houston Astros or anybody with a little Internet know-how could proxy their Internet connection through another computer to disguise themselves in order to do something dirty, i.e. using a Cardinals employee’s compromised computer to create a “fake” hacking event in order to create access logs to the “Ground Control” system using Mr. Lunhow’s known log in. Which begs the most obvious question; Why would Mr. Luhnow use the same login on both systems, knowing the sensitivity of the information that was stored in the database systems?

At this point there are a lot of questions that will need to be answered before any judgement can be made. However, one lesson that should be taken from this tale of two rival teams; never use the same log in and password for two systems, and always create hard to guess log in passwords.

Mystery Duqu Virus

Posted by

Computer security vulnerabilityEarlier this year cyber security software company Kapersky announced the discovery of a cyber intrusion that affected many of it’s internal computer systems which initiated a large scale investigation. They believe the virus penetrated their systems through an email attachment sent to an employee at the company. From there the virus moved stealthily through the company’s computer network targeting it’s customer’s computer networks and collecting information. Instead of removing the virus Kapersky monitored the virus on their systems in an attempt to better understand its function and purpose.

The investigation led to the discovery of a new highly sophisticated malware platform known as Duqu. The platform was developed from one of the most skilled, mysterious and powerful underground groups in malware. The virus is considered to be in the same league of complexity as the “Stuxnet” worm that was discovered in June 2010 by “Symantic” and has been nicknamed the “step-brother of Stuxnet” in the cyber security world. The Stuxnet worm was a malware created to target Iranian nuclear centrifuge control system software and reportedly ruined one-fifth of Iran’s nuclear centrifuges.

The Duqu malware platform was initially discovered in 2011 by Crysys labs in Budapest Hungary. Crysys Labs released a 60 page document to the cyber security world defining it as a cyber threat that was not related to Stuxnet as was initially believed because it was nearly identical to Stuxnet, but seemingly had a completely different purpose.

In 2012 the mysterious group responsible for Duqu seemed to have gone dark, and the Duqu virus seemed to no longer pose a threat, that is, until now.

The Duqu virus attacks Microsoft Windows computers by using a “zero-day-vulnarability” that uses a Microsoft Word document (.doc) to exploit the computer. A win32k font parsing engine actually enables the virus to install onto the victims computer when the victim downloads and tries to open the Microsoft document.

At first Duqu was thought to be targeting industrial control systems like the “Stuxnet” worm, but recent revelations have uncovered a very different purpose for the virus. The virus actually is a form of spyware targeted hotel computer systems where nuclear arms talks with the Iranian government and allied world leaders (p5+1 events) were happening throughout the world.

Costin Raiu, director of the global research and analysis team at Kaspersky, said the virus was packed with more than 100 discrete “modules” that enabled the infected computers to be controlled by someone else. Other modules found were designed to compress video feeds from surveillance cameras, and also target communications from phones to Wi-Fi networks. The attackers would know who was connected to the infected network, allowing them to eavesdrop on conversations and steal electronic information. The virus is also capable of operating two-way microphones in hotel elevators, computers and alarm systems. The virus automatically deposits a small file on the infected computer to enable a way for the attackers to monitor and return to the computer at a later date.

The only question is, who is responsible for this complex and sophisticated eavesdropping attempt? Who would benefit most from this sort of intelligence? Cyber security experts at Kapersky hinted toward involvement from the Isreali government, initially naming the virus “The Duqu Bet”. “Bet” being the second letter of the Hebrew alphabet, but later changed the name to Duqu 2.0. The Israeli government did not claim any involvement in the Duqu malware platform.

The sophistication and dedication of the Duqu group is a testament of just how complex a virus can be all in an attempt to collect information.

ALERT: Rombertik destroys your computer, avoids detection

Posted by

Virus AlertA new destructive virus known as Rombertik avoids detection from most anti-virus software by making a computer unusable by deleting key files on a computer and filling the hard drive with extraneous bytes of data in order to overwhelm the anti-virus software from detecting it.

Security experts from Cisco say the virus steals login information and other private data. The malware infects the computer via a malicious email attachment.

The malware is also constantly monitoring the computer for security scans in order to avoid detection. The virus will initiate a “self-destruct” sequence that makes the computer unusable by erasing the master boot record (MBR) so that the computer only reboots and never gets into the Windows operating system most likely resulting in a full system restore in order to correct the issue.

ALERT: CryptoWall 3.0 ransomware. Backup or pay BIG!

Posted by

Crypto malware scrambles dataSince 2012 a very sophisticated new form of ransom-ware has been infecting millions of Windows computers. CryptoWall, Cryptorbit, and CryptoLocker or Crypto-malware is a Trojan horse that encrypts files on the compromised computer. The malware uses RSA 2048 bit encryption to scramble important data files using public/private key cryptographic technology making the data files unusable. The victim is instructed to pay a hefty ransom fee ranging from $150 to $750 USD using an anonymous bitcoin payment method to purchase the decryption key that will allegedly decrypt the users files. Even if the user pays the ransom, there’s no guarantee that the attacker will provide the decryption key needed to unlock their files.

After the CryptoWall ransomware seemed dormant for several months a more sophisticated new release known as CryptoWall 3.0 appeared this Monday and has already infected thousands of computers.

Can the malware be removed to get the data back?

While it may be possible to remove the virus from the infected computer, it will not unlock the encrypted files.

How does the ransomware get on the computer?

The ransomware is usually disguised as a fake Windows update for applications such as Adobe Reader, Adobe Flash Player or Java. These types of updates often appear as pop-up windows when the victim visits an unsafe website. The malware may also be distributed as a spam email attachment or as a device driver download from a compromised website.

Is an external drive or cloud sync drive safe?

The ransomware looks for important user files on the hard drive and any devices connected to the computer in order to do the most damage. The ransomware also encrypts files located in the computer users sync folders such as Google Drive or DropBox. So external hard drives, thumb drives and even cloud backup solutions are vulnerable to the attack. Always unplug your external backup drives from your computer.

Can the encryption be cracked?

Currently there is no easy way to crack the encryption methods used by the Crypto malware that scrambled the users important data files. Even the most powerful super-computers cannot easily break the encryption. The only known method to attempt breaking the encryption is to brute force (guess) the private key. This is a highly unlikely solution as it would possibily take 6.5 billion years for a desktop computer to make the correct guess, but is the only solution available at this time.

Will the encryption be cracked in the future?

Possibly with the advancement of quantum computing, current forms of encryption will become less secure and possibly exploitable. Only time will tell at this point.

How to not become a victim of Crypto-malware?

The best known method to safe guard your data against cryptographic malware and other types of virus data loss is to have a reliable incremental backup solution in place. An incremental backup system keeps snapshots over time of your data that can be restored in the event of a data disaster. Talk to South City Computer about an incremental backup solution that will work for you.

// //
//