Cyber Advisors Blog

In the Know - Cyber Security Update - Week of October 1st - October 8th

Posted by Eric Brown on Oct 8, 2017 9:10:41 PM

iStock-518729653 (1).jpg

October is Cyber Security Awareness month, it’s likely that one of your email accounts has been involved in a breach - find out how to know for sure, let’s ditch Yahoo mail together, a new password stealer is in the wild, and another unsecured database is discovered, this time compromising NFL players and their agents private data.

For those in the Twin Cities:

We are having a Cyber Security Fall Forum at Utepils Brewery on October 17th, Craft beer, soda, food and an afternoon of Cyber Security!  Register here:  http://connect.cyberadvisors.com/brew-and-bytes-fall-securitforum

1.  October is Cyber Security Month – Delta Risk & Homeland Security Campaigns

If you are already a cyber security guru, consider being a resource for helping others become more secure. For the rest of us, Delta Risk has put together a great info graphic with some tips, tricks, advice and a 31 day calendar of things to do in October to become more secure online.  https://deltarisk.com/blog/infographic-simple-steps-online-safety-31-days-cyber-security-tips/

The department of homeland security has assembled a document repository as part of their Stop.Think.Connect. campaign.  https://www.dhs.gov/stopthinkconnect-toolkit

2.  Have you been involved in a breach? haveibeenpwned

https://haveibeenpwned.com/ maintains a list of breaches that have occurred. Enter your email address to determine if you have been involved in a breach. You can also sign up for alerts to be notified when you email account is compromised.

I received a notification last week that one of my email addresses was compromised in a bit.ly hack a few years ago. Since I’m an infrequent bit.ly user I was unaware of the compromise. Fortunately, I hadn’t reused the password on any other sites, if I had, attackers could have had access to my accounts without my knowledge for years.

Domain owners can find out all email addresses in a domain that may have been part of a breach (you will need to prove you control the domain):

https://haveibeenpwned.com/DomainSearch

3.  Is it It is time to ditch Yahoo! mail.

This week Oath, a subsidiary of Verizon and owner of Yahoo announced that all 3 billion Yahoo user accounts were affected by the August 2013 theft of accounts. Previously, Yahoo reported On December 14th 2016 that 1 billion of the 3 billion accounts were hacked. https://www.sec.gov/Archives/edgar/data/732712/000073271217000003/a2017_10x3xoathxexhibitx991.htm

If that isn’t reason enough, in 2015 Yahoo built a custom software program to search all of it’s customers’ incoming email at the behest of the NSA and/or FBI. Yahoo installed the program without a fight, giving the agency unfettered access to users’ private information without consent.   https://www.theguardian.com/technology/2016/oct/04/yahoo-secret-email-program-nsa-fbi

I have been a long time user of Yahoo mail as one of my primary personal accounts, but enough is enough. I’ll use October as cyber security awareness month as the excuse to finally move my primary personal account to another service. While I’m still considering my options, ProtonMail is at the top of the list.

ProtonMail is an encrypted mail provider located in Switzerland. They have no ability to scan or monitor email content in transit or at rest and are committed to maintaining user privacy. https://mail.protonmail.com

4.  Password stealer in the wild

As a reminder of why it is never a best practice to store passwords in browsers, or applications a new malware in the wild is able to scrape login & password data from browsers, files, ftp programs and bitcoin wallets.

The team at Zscaler shows in detail how the malware works and exfiltrates data to command and control servers. The delivery method is VBscript, which downloads the payload from the compromised website, and then downloads a decoy document to lead the victim to believe the files are legitimate.

The malware steals passwords from the following software and browsers:

  • Chrome
  • Firefox
  • CuteFTP
  • FileZilla
  • Putty
  • Armory Wallet
  • Electrum bitcoin wallet
  • WinSCP Passwords
Detailed info and screen shots of the attack in action: https://www.zscaler.com/blogs/research/infostealer-spreading-through-compromised-website

5.  NFL Players association database hack

A publicly accessible database that contained the private information of players and their agents was discovered on September 26th 2017. 1,133 NFL players and agents had personal data exposed via a misconfigured Elasticsearch database. The exposed information shows NFL Player and agent information such as emails, mobile phone numbers, home addresses of agents and players and IP addresses which were used to sign into the dashboard.

The attackers attempted to lock the database and left a ransom note demanding bitcoin. The lock apparently failed.

More details on the attack: https://mackeepersecurity.com/post/nfl-players-association-exposed-personal-data

 

Topics: Cyber Security