Netizen Cybersecurity Bulletin: 5 September 2018 Edition
In this issue:
In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.
- 1/5 SMB Employees Share Passwords
- 3D Printers a vector for attack
- CamuBot and Vishing
- Quick notice: Monero Miner Malware
- How can Netizen Help?
1/5 SMB Employees Share Passwords
It is the consensus of most people that they will not be a target of a cyber attack. However, small- to mid-size businesses (SMB) are estimated to face nearly 4,000 cyber attacks per day, and as hackers continue to refine their craft, it’s easy to assume that number will only increase. While larger sized companies have, perhaps, more assets to attack, smaller companies may be a softer target.
A recent survey of 600 small business executives and employees regarding their cybersecurity habits revealed several concerning points. In particular, small business employees and leaders may be acting negligently in regards to their own security.
The survey sought to reveal whether employee behavior helped precipitate the increase in cyber attacks. The consequences of cyber attacks can be extreme; the survey found 60% of small businesses that experienced a cyber breach are likely to go out of business within six months.
Small businesses too often lack the manpower of larger enterprises to handle IT and security, nor do they prioritize security education and best practices. The lack of a top-down IT security profile for the company often leads to poor cyber hygiene for the rest of the employees in the company. Digging deeper into the survey results, SMB leaders overwhelmingly connect to public WiFi for work 66%, and 44% of SMB employees do as well. Connecting to a WiFi hotspot in a hotel or at an airport can open your business to cyber threats.
They do not prioritize security education and best practices: Thirty-five percent of employees and 51 percent of leaders are convinced their business is not a target for cybercriminals, including malware and man-in-the-middle attacks, which can put your corporate and financial data in peril.
Worst, still: 62% of leaders and managers use their work computer to access social media accounts; only 44% of employees were found to do this.
Yet the absolute worse revelation from this survey was this: 1 in 5 SMB employees – 22% of leaders and 19% of employees — share their email password with co-workers or assistants. There are more secure methods to share data that will help prevent unauthorized access.
A top-down approach to cybersecurity will help prevent poor cyber hygiene from leading to a costly breach.
- Never use public or unsecured wifi without using a Virtual Private Network (VPN)
- Never share passwords; better to use collaboration software (like Microsoft SharePoint), delegate access and shared storage(such as Office 365)
- Ensure a comprehensive Acceptable User Policy (AUP) is adopted by all in the company, which details the appropriate use of all corporate data assets.
3D Printers a vector for attack
Security research centers have found that over 3,500 instances of OctoPrint, a popular web interface for 3D printers, are publicly exposed to the Web. The software OctoPrint allows users to control and monitor their 3D printers, from starting and stopping print jobs, to embedded webcam access. While not a very serious threat, it still poses several security issues that could later be used as an attack vector. With access to the printer’s code files, the attackers would be able to obtain the print plans needed for an object. This could lead to a leak of valuable trade secrets, or allow modification in order to ruin future printed objects. While rare, but not impossible, an attacker may also able to intentionally start a fire due to the high temperatures created during operation by modifying the printers files.
- Ensure proper access control to devices open to the internet.
- Utilize network segmentation techniques in order to avoid system hopping.
CamuBot and Vishing
A new banking Trojan known as CamuBot strays from the usual tactics that Trojans take and involves a blend of social engineering; in this case, vishing (voice phishing). The malware is disguised as a security application marked with the bank’s logo and brand respective to the target. With a little reconnaissance, the threat actors target a victim that is likely to have login credentials to that bank. The victim installs the Trojan at the instructions of the “bank employee”.
The attack is carried out under the pretense that the user needs to install the fake security tool to check the validity of the bank’s current security module. The attacker has the user load a web page (designed by the attacker) to show that the user’s software for that particular module is out of date. The user is then tricked into downloading and installing the new “module” for online banking activity with administrator privileges. Thus, the Trojan gains entry. CamuBot can also survive multi-factor authentication (MFA). The Trojan recognizes the MFA challenge from a device that needs to connect to the infected computer of which it can then install the correct drivers. From there, it is a simple matter of asking the victim to share the temporary code with the “operator” over the phone.
We are often trained to be on the lookout for phishing emails, as we should, due to their prevalence and the damage that they can cause. However, the telephone can be equally as dangerous. CamuBot has only been spotted in Brazil, but the United States is no stranger to scams like it. We recommend the following to help prevent falling prey to vishing:
- Verify anyone requesting sensitive information to see if they are in fact legitimate.
- If you believe you are being vished, ask the caller if you can call them back using the number from a card statement or from the back of the credit card.
- Verify authenticity by asking the caller information only the bank would know (i.e. last transaction, balance on the account, etc.).
- Most important, employ end user awareness. The more that employees are trained to watch for phishing and vishing attempts, the more likely they are to recognize them. Employees are the first line of defense when it comes to these attacks.
Quick Notice: Monero Miner Malware
A new variant of Monero cryptominer malware has been discovered in the wild (technology that has gone beyond a development environment and is now a publicly used tool). Tests from threat actors were found in April of 2018, from which it can be assumed general release of the miner is set to take place.
These testing variants were last seen in the wild in July of 2018 and are continuing to surface in honeypots with three other variants along with it by the same malicious group. At this time, it is believed it is indeed a threat group manufacturing the variants as opposed to a state-sponsored group.
The major defense at this time is restricting GitHub (a web-based hosting service for coders and developers) to only those who would have a business need for it, and by ensuring the following two vulnerabilities are patched:
- Oracle WebLogic server vulnerability (CVE-2017-10271)
- Java deserialization vulnerability in the Adobe ColdFusion platform (CVE-2017-3066).
How can Netizen help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company.