Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Information Security, IT Support
Cybercriminals Target Another Legitimate Tool: MYSQL Servers The recent discovery by researchers at Sophos that attackers are scanning the internet to find vulnerable MYSQL servers for the purpose of infecting them with the GandCrab ransomware shows that attackers are increasingly targeting legitimate tools as a means to sneak into organizations’ networks. MySQL server is a database platform that uses tables to store data and indexes to sort data and speed up performance. This database platform supports desktop and web applications and runs on either Linux or Windows operating system. GandCrab ransomware, meanwhile, is a particular type of malicious software (malware) designed to lock out legitimate users from their computer system or data until a ransom is paid. Researchers at Sophossaid that they set-up a mocked up insecure MySQL server for…
Read More
Microsoft Calls on Users to Patch Older Windows Operating Systems to Prevent WannaCry-like Cyberattack

Microsoft Calls on Users to Patch Older Windows Operating Systems to Prevent WannaCry-like Cyberattack

IT Support, Security
Microsoft Calls on Users to Patch Older Windows Operating Systems to Prevent WannaCry-like Cyberattack Microsoft recently released a patch for older Windows operating systems and calls on users to apply this patch as soon as possible to prevent a disaster similar to the WannaCry cyberattack in 2017. In the blog post “Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)”, Simon Pope, Director of Incident Response at Microsoft Security Response Center (MSRC), said that a security vulnerability was discovered on Remote Desktop Services, formerly known as Terminal Services, in older Windows operating systems. The security vulnerability, Pope said, allows remote code execution – the ability of an attacker to access someone else's computing device regardless of where this device is geographically located. In addition to the remote code execution capability,…
Read More
Importance of Securing Edge Devices

Importance of Securing Edge Devices

Information Security, IT Support, News
Importance of Securing Edge Devices Over the last few years, devices deployed at the boundaries of interconnected networks, also known as edge devices, such as routers and network-attached storage (NAS) devices have become the target of sophisticated malicious activity. Growing Threat to Edge Devices The discovery by researchers at Cisco Talos of the malicious software (malware) called “VPNFilter” highlighted the growing threat to edge devices. As of May 2018, researchers at Cisco Talos estimated that at least 500,000 home and office routers and network-attached storage (NAS) devices in at least 54 countries were infected with the VPNFilter malware. The known devices affected by VPNFilter were Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) devices. VPNFilter is…
Read More
City of Stratford Says Cyberattack Recovery Takes ‘Days, Not Hours’

City of Stratford Says Cyberattack Recovery Takes ‘Days, Not Hours’

Information Security, IT Support, News
City of Stratford Says Cyberattack Recovery Takes ‘Days, Not Hours’ It takes “days, not hours” to recover from the recent cyberattack that hit the City of Stratford, this according to the statement released by the City. Last April 14, the City of Stratford, Ontario announcedthat it was managing of what appears to be a cyberattack. More than a week after the initial cyberattack announcement, the City, in a statement, said that a virus encrypted the City’s data and locked the staff out. “We have now begun methodically unlocking and decrypting our systems,” the City said. “This is a thorough process that takes days, not hours.” In response to the cyber incident, the City said that it intentionally shut down its IT and email systems to contain the virus and in…
Read More
How to Protect Your Organization from Spear Phishing Scams

How to Protect Your Organization from Spear Phishing Scams

Information Security, IT Support
How to Protect Your Organization from Spear Phishing Scams The recent revelation that the treasurer of the City of Ottawa unwittingly paid nearly US$100,000 to a phony supplier highlights the danger of spear phishing scams. The Office of the Auditor General of the City of Ottawarecently released its findings on how the City fell victim to a common fraud scheme in which US$97,797 was transferred to an account of a phony supplier. The Office of the Auditor General found that on July 6, 2018 at 10:29 am, the City Treasurer received an email from the City Manager. This email, which turned out to be a spoofed email, purporting to be coming from the City Manager when, in fact, it came from fraudsters or fraudster, requested that a wire transfer in…
Read More
Software Updates: Gateway for Supply Chain Attacks

Software Updates: Gateway for Supply Chain Attacks

Information Security, IT Support, Security
Software Updates: Gateway for Supply Chain Attacks The confirmation by Taiwan-based tech giant ASUS that its software update was hijacked by cybercriminals to install malicious software (malware) on its customers’ notebook computers highlights the threat of supply chain attacks via software updates. A supply chain attack attempts to exploit the security vulnerability in a third-party service or software to compromise a final target. Hijacked software update is one of the most common forms of supply chain attack. Last March 26, ASUS, ranked by Gartner as the world's 5th-largest PC vendor in the 3rd quarter of 2018, asked its notebook computer customers to install the latest software update (version 3.6.8) after acknowledging that ASUS Live Update, a pre-installed software in ASUS notebook computers to ensure that the system always benefits from…
Read More
Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks

Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks

Information Security, IT Support
Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks The newly released Microsoft Security Intelligence Report revealed that over the past few years, the increased number of supply chain attacks had become a primary source of concern in many IT departments. The Microsoft Security Intelligence Report Volume 24found that several cyberattacks were detected using compromised software supply chains in 2018. These supply chain attacks, Microsoft said, have affected a wide range of software and targeted organizations in different geographic locations and sectors. The Microsoft report compiled 6.5 trillion threat signals and was based on research and real-world experiences from thousands of security researchers and responders worldwide for the period of January 2018 to December 2018. What Is Supply Chain Attack?  In a supply chain attack, an attacker maliciously makes…
Read More
More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows

More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows

Information Security, IT Support, Security
More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows A study conducted by IBM showed that more than half of cyberattacks exploit common administration tools or tools that already exist on targeted computers. IBM’s 2019 X-Force Threat Intelligence Indexshowed that more than half or 57% of cyberattacks leveraged common administration tools and in the process, evading detection, maintaining persistence and achieving their objectives. Living Off the Land The phrase “living off the land” is the term used for cyberattacks that leverage tools that already exist on targeted computers. This type of cyberattack blends in with common administration work, making detection more difficult. According to IBM, one of the common administration tools that’s often used by cyberattackers is PowerShell. What Is PowerShell? PowerShell is a…
Read More
What Is Data Exposure and How to Prevent It

What Is Data Exposure and How to Prevent It

Information Security, IT Support
What Is Data Exposure and How to Prevent It Just a few days into 2019, one of the largest data exposure so far this year has come to light: the data leak of millions of data from an unprotected database of a California-based Voice-over-IP (VoIP) service provider VOIPo. Cloudflare security researcher Justin Painerevealed that VOIPo's database had been accidentally left publicly accessible, unintentionally leaking huge volume of data, including 6.7 million VOIP call logs, 6 million SMS/MMS message logs, and other documents containing internal hostnames, usernames, passwords and API keys. Paine said he discovered the exposed VOIPo's database using Shodan, a search engine, which unlike Google and other search engines that index only the web, indexes pretty much everything else that's plugged into the internet, including webcams and smart TVs. Using…
Read More
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

Information Security, IT Support
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc In 2018, publicly known security vulnerabilities continued to be exploited by cyber criminals. One of these known security vulnerabilities is WannaCry, a malicious software (malware) thought to be “old news”, but still continues to hunt for its next victim. What Is WannaCry? WannaCry is known for infecting more than 300,000 computers in 150 countries in less than 24 hours on May 12, 2017. WannaCry attackers infiltrated these hundreds of thousands of computers by using EternalBlue – referring to both the software vulnerability in Microsoft's Windows operating system and the exploit believed to be developed by the U.S. National Security Agency (NSA). Just a few days before the May 16thWannaCry attack, that is, on April 14, 2017, the EternalBlue exploit…
Read More