Ward Infosec Series | What if you’re the next…

Spam Mails: One of the highest cyber-attacks that take place are due to phishing scams. Spam e-mails are sent out in mass quantities by spammers, some of them are actually sent out in order to obtain sensitive information. What’s shocking is, from our last survey, studies have shown that almost 14% of the organisation would pay a ransom if the value of data merited it. The rise in incidents both natural and cyber have also led to the rise in scammers. For eg; Days before Hurricane Harvey, the tropical storm was going to hit America really hard, many people wanted to help the victims but among those were scammers who wanted to take advantage of the situation. What they did was they ‘lure’ people into sending money through a malicious website which is meant for relief organisations but is actually a hoax. Hundreds of domains have been created with the word ‘harvey’ in them.
Now as a business here is something you can look at:

Phishing exercise:
More than 80,000 people fall victim to these scams which results in stolen identities, financial loss and credit card fraud. Conduct phishing exercises in your business and discuss the results with your staff. Maybe even sit down with a team or a person if required to make sure they understand how serious the situation is.
BetterCloud, an independent software company ran a phishing exercise that surprised many of their colleagues, who pride themselves on their security intelligence and wherewithal.
Some companies encourage this kind of training within organisations because it increases employee awareness and increases the overall security posture of your business.

Here’s what you need to do, if you think you have been affected or if you need any advice on precautionary steps to take in your information security strategy, contact us or call 1800 903 552 to discuss your unique requirements.

Ward Infosec Series | Have you ever felt like…

This takes place every day around you. People share updates on social networks like LinkedIn, Instagram or Facebook on a daily basis, they search for something on google, take selfies or skype with someone. The internet is a powerful platform that has been a life-saver and for some people it is as indispensable as water. A platform that is a necessity for almost every business today can also act as a weakness.

Identity Theft:

We all share our personal details online from our payment card details, date of birth, full names, passport information, e-mail ids, passwords and a lot more sensitive information. Many businesses make sure they implement security measures to keep this data safe but there is always a vulnerability. Global organisations have been hit in the last year, for eg; Equifax, 143 million customer’s data were breached. Hackers got access to their social security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and other information. We know exactly how customers feel right now, their trust has faded, reputation is at stake. Would a business make a comeback after they’ve been breached? Perhaps but it may take a number of years to recover.

The latest versions of phones, tablets, laptops, smart TVs launch every year. 70% of most IoT (internet of things) devices are not secured according to a study conducted by Hewlett-Packard. There are a number of cases we’ve seen over the years in terms of webcams getting hacked and photos getting leaked. What hackers do is they take remote control of your device by using a malicious software and plot their exploit. We are talking about web-connected cameras that are on your laptop, cell phones, doggie cam and even baby monitors. There are websites which provide details of private web and security cameras that are not firmly protected, these are published to the public. Facebook Co-founder Mark Zuckerberg was a victim of this kind of incident. Many users think having an anti-virus on their system is the solution to the problem but an antivirus can stop most of the malware but not all of it.

If you could relate to this as a consumer, now as a business here is something you can look at:

Security Incident & Event Management:

Every business needs to have a security intelligence platform to give them visibility into what’s happening in their networks. A SIEM helps a business instantly detect a breach in real-time, provide early visibility on the cause of the breach and allow quick response to incidents that occur in the environment.

Our Managed SIEM Service is built around the IBM QRadar Security Intelligence platform which provides just that; a managed service delivered, security expert-led, next-generation solution, which provides advanced 24×7 incident detection. It integrates functions like SIEM, Risk Management, Log Management, Network Behaviour Analytics and Security Event management.

To have a look at our managed security services we can help you with click here.

Security Testing: Penetration testing is an effective method to get on the front foot and understand the extent of the security challenges an organisation faces. Employees should also receive basic security training, a business should conduct risk assessments and information system audits.
The one statistic that really sticks out for us is that 42% of external penetration that have occurred according to a Forrester 2016 report is via software vulnerabilities, 34% of breaches are as a result of Web application and coding issues such as SQL Injection, cross site scripting, remote file inclusion. Thus 76% of external security issues are as a result of software exploit or software coding or configuration issues.
Do you know your exposure to these threats? Do you know how to mitigate any vulnerabilities that you have and if so in what order?

To have a look at our range of security tests we can help you with click here

It is important to know what’s going on in and around you, find the right solutions to avoid a problem getting out of your control. Take matters into your hands and as the saying goes, it’s better to be safe than sorry.

You have to give your customer the best experience and build a trust factor that will never break loose. Here’s what you need to do, if you think you have been affected or if you need any advice on precautionary steps to take in your information security strategy, contact us and we will discuss your unique requirements.

Forgot your password? We’ve all been there!

As an information security provider we believe in protecting a business every day, as it is ‘safer internet day’ today, here is a light insight about passwords and how you can take a few steps to keep yourself and your business secure.

Believe it or not- It takes a hacker almost an hour to crack your password.

Back in 2013, Google released a list of the most common passwords people use till date. The problem is the passwords that people create are so easy to crack because everyone almost shares everything on social media today. The truth is the easiest password to use is the easiest password to remember:

• The name of a pet, child, family member, or significant other
• Anniversary dates and birthdays
• Birthplace
• Name of a favourite holiday
• Something related to a favourite sports team
• The word “password”

Did you know that an average person has around 27 credentials? This shows how many passwords are scattered around the place, there are a good few users that still write down their credentials on a piece of paper or even store it in their inbox just so they can go back to the sheet or doc when they don’t remember. Unfortunately, this is even more risky since it gives hackers a trail to exploit.

Here are a few tips you can look at before you create a new password:

• Our first advice is type in your e-mail address on to this site to see if your account had been compromised at any stage of existence: haveibeenpwned.com Now if you do see yourself compromised you might need to follow the next steps immediately:
• From a cybersecurity point of view both for a business and as an individual, it is healthy to have a different password in multiple sites.

Yes, it can be a hassle to remember all of them so here’s what you do;

• Use a reputable password safe that is encrypted using the most secure encryption algorithms like keepass to store all your passwords.
• It is recommended that you need to change your password every 90 days to avoid being compromised in any way.
• Configure all systems by sending each user a reminder to change their password
• It’s important to add an extra layer of security to your infrastructure. It’s called a two-factor authentication that consists of your password and then an auto-generated pin code is sent to your device, this increases protection and unauthorized access.
• A hacker can guess what your password is randomly or they can also use a program to hack into your system through a phishing e-mail. What is phishing? It is when someone disguises themselves as a trusted party to receive your details.

We conduct phishing exercises for many businesses and also report on the status of opens and clicks on links that might have exploited your systems. This gives staff training and best practices on what to do if they are a target. Contact us to know more. We’re not saying, you will not be hacked after taking these steps, some say that it’s a pain for an end-user to keep changing passwords every 90 days but what is important is that you have taken that one step to prevent yourself from being compromised in the future.

Ward Solutions is Ireland’s leading information security provider. Contact us or call 1800 903 552 to discover our range of information security solutions and discuss your unique requirements.

Security Advisory Update – Critical Processor Flaws Update

Security Advisory Update – Critical Processor Flaws Update Issued by Ward Solutions Security Operations Centre Updated January 11, 2018

Further to our recent advisory on the major flaws identified in a range of widely used chipset, further information has been released with regard to various technologies and mitigation of these vulnerabilities.

 

What are the Flaws Identified?

The flaws, which are believed to be present in all modern processors produced in the last ten years, allow low-privileged processes to access memory in the computer’s kernel. The implications of these flaws are far-reaching and will impact not just Linux, Windows, and MacOS but also virtual and cloud environments. There have also been reports predicting up to a 30 percent degradation in performance as a result of mitigation of the vulnerabilities. ¹ The researchers involved in the discovery of these flaws, including Google’s Project Zero, identified three vulnerability variants;

 

CVE-2017-5715: Elevation of privilege / information disclosure vulnerability. Through exploitation of this vulnerability, an attacker could infer data values from memory which would normally be inaccessible to the user due to permissions.  

 

CVE-2017-5753: Exploitation of this vulnerability is based on the ‘speculative execution’ used by the Intel chip to attempt a ‘pre-execute’ of code to retrieve kernel memory. Intended as a performance enhancement feature, this design flaw could be exploited by an attacker to cause the CPU to load from an untrusted location.

 

CVE-2017-5754: This vulnerability could allow an attacker in user space to access memory in kernel space without the usual permission checks, relying on the fact that the CPU may opt to validate permissions for access to memory locations at a later stage. ²

 

The flaws in the chips leading to the aforementioned potential exploits have been dubbed ‘Spectre’ which affects chips from many vendors and ‘Meltdown’ which appears to affect only Intel chips.

 

How do I Remediate?

 

While Intel and other chip vendors will likely address the flaws in the future manufacture of chips, users need to take action to protect devices which are currently using the chipsets. Numerous vendors have been working on remediation plans to date.

 

Microsoft: Plans to release necessary updates to Windows OS in the upcoming Patch Tuesday

 

Microsoft has announced that they will be deploying mitigations to cloud services. Azure platforms are scheduled to undergo maintenance including reboots on January 10^th, it is expected that this is part of Microsoft’s remediation plan.

 

Microsoft has already released updates to Internet Explorer and Edge.

 

Amazon EC2: Amazon has confirmed that it’s AWS instances are protected, however, it is recommending that customers patch their operating systems.

 

Google: Google has confirmed all Android devices with the latest security update are protected.

Google Chrome browser, Chrome 64, scheduled for release on January 23^rd, will protect against this exploit.

Google has confirmed all versions prior to 63 are not patched, however, Chrome OS 63 which includes mitigation protection received a widespread release on December 15^th, 2017.

Google has confirmed its Cloud Infrastructure is protected, however, for its Compute Engine, Google is recommending customers update their VM operating systems. ³

 

RedHat: RedHat is recommending that customers patch immediately. A full listing of version and vulnerability to each of the identified variants have been published. Please refer to this listing for full details. ⁴

Cisco: Cisco has released a list of under investigation, unaffected and affected products along with expected release dates for patches to resolve if applicable. Cisco devices are considered potentially vulnerable only if they allow customers to execute their customized code side-by-side with Cisco code on the same microprocessor. ⁵

Checkpoint: Checkpoint has rated this as a Low risk to their devices as it would require root level

privileges to run on their OS. Checkpoint will release a patch only when they are sure of its effect on quality and performance. ⁶

 

Juniper: Juniper has rated the risk level as low on Juniper OS devices. In the case of Junos OS, in

order to exploit this vulnerability, an attacker must have a local authenticated privileged (admin) and needs to bypass the image validation checking. ⁷

 

Fortinet: Fortinet is actively conducting an extensive review to determine the potential

impact to Fortinet solutions, and at this time has classified the risk to Fortinet products as low. An attack is only possible on devices when combined with an additional, unrelated local or remote code execution vulnerability.⁸

 

Debian:  A patch has been released to remediate the Meltdown attack. This solution may impact on performance. At the time of this update, there is no patch release for Spectre and this is expected to be addressed in a later update.^{9a, 9b}

 

VMware: VMware is recommending that customers patch immediately. A full listing of version and vulnerability to each of the identified variants have been published. Please refer to this listing for full details. ¹⁰

 

For detail on other vendors, please refer to their individual security advisories.

 

How Can Ward Help?

 

For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.

 

For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact info@ward.ie or your account manager, as appropriate.

Further reading:

¹ https://www.scmagazine.com/major-intel-cpu-flaw-os-independent-fix-could-degrade-performance/article/734640/

²  https://exchange.xforce.ibmcloud.com/collection/Central-Processor-Unit-CPU-Architectural-Design-Flaws-c422fb7c4f08a679812cf1190db15441

³ https://support.google.com/faqs/answer/7622138#chrome

⁴ https://access.redhat.com/security/vulnerabilities/speculativeexecution

⁵ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

⁶ Https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122205

⁷https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&cat=SIRT_1&actp=LIST

⁸ https://blog.fortinet.com/2018/01/04/fortinet-advisory-on-new-spectre-and-meltdown-vulnerabilities

^9a https://www.debian.org/security/2018/dsa-4078

^9b https://security-tracker.debian.org/tracker/source-package/linux

¹⁰https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html