Yahoo Hack Extends Further Than Just Passwords

September 26, 2016 by The T By D Team Leave a Comment

Yahoo Hack Extends Further Than Just Passwords

Yahoo recently went public regarding “information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a “state-sponsored actor.” The data stolen may have included names, email addresses, telephone numbers, dates of birth, and hashed passwords (the vast majority with the relatively strong bcrypt algorithm) but may not have included unprotected passwords, payment card data or bank account information, the company reported at the time. Later on, Yahoo disclosed that more credentials were stolen and that more data (credit cards) was exfiltrated than was known at the time of the discovery.

Yahoo is working with law enforcement on the matter, and has launched an investigation into a possible breach in early August after a Russian hacker named “Peace” offered to sell a data dump of over 200 million Yahoo accounts on the darknet for a mere $1,800 which included usernames, easy-to-crack password hashes, dates of birth, and backup email addresses.

Why Should You Worry?

Well, if you change your password regularly (every month or so), and use difficult to guess passwords (ie. NOT “123456” or “password”, or even the ever-popular “abc123”), then you should be good initially (unless, of course, they have your credit card info, in which case you should cancel your cards immediately). However, the hackers aren’t quite done with you…

Phishing attacks will likely be the number one strategy, with Yahoo user accounts being used for social engineering attacks. These are usually highly successful, and lucrative, for hackers.
However, since many people use the same username & passwords across multiple sites, the other attack you have to watch for is “credential-stuffing”. This is a brute-force attack where attackers inject stolen usernames and passwords into a website until they find a match using the stolen Yahoo username and passwords.
Yahoo has put a security announcement on their website, and has started to send users notices that they need to change their password. CyberCriminals were grateful, I’m sure, as they are going to spoof this and rake in the money. The emails being sent out look similar to below:

Subject: Your Yahoo account

The security of your Yahoo account, [Name], is important to us. Out of an abundance of caution, we are asking you to change your password. We are committed to protecting the security of our user’s information, and we take measures like this when appropriate in light of reported security issues or suspicious activity on an account.

We encourage you to take the following steps:

Sign into your account and change your password:

https://login.yahoo.com/account/change-password

2. Visit our Help Page for information on safeguarding your account:

https://help.yahoo.com/kb/account/safeguard-yahoo-account-sln2080..html

Or

Start using Yahoo Account Key and never get locked out from forgetting or losing your password. Yahoo Account Key is a convenient way to control access to your account, and it’s more secure than a traditional password because once you activate Account Key – even if someone gets access to your account info – they can’t sign in.

https://login.yahoo.com/account/security/mc-yak-optin

Yahoo

How To Protect Yourself:

Do NOT click on any links contained within an email, even if the email looks legit. Type in the address yourself into your browser bar.
Do NOT phone any phone numbers contained within an email. Look up the phone number yourself, directly on the company website.
Do NOT use the same usernames and passwords on multiple accounts. Using the same password on multiple accounts is an invitation to get hacked. If you did use your Yahoo passwords on other sites, go to those sites, and change those passwords there too. Also change the security questions and make the answers non-obvious.
Use a free password manager that can generate hard-t0-hack passwords, keep, and remember them for you.
Watch out for phishing emails that relate to Yahoo in any way, especially if they ask you to click on links, or if they are asking for information.
Now would be a good time to sign up for Yahoo Account Key – a simple authentication tool that eliminates the need to use a password altogether.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Facebook vs AdBlock Plus

September 22, 2016 by The T By D Team Leave a Comment

Facebook vs AdBlock Plus

This story pops up every week or so lately and I find it amusing.

On the surface the fight looks like a David vs Goliath or a Robin Hood fighting for the goodness of the people. Not so…

On one hand you have Facebook. The billionaire giant (2 billion in PROFIT per quarter. Yes billion) forcing ads upon their users to line the coffers with more dollar bills.

On the other you have AdBlock Plus, which is a free program. They claim they are trying to block the ads and limit increasing the Facebook giant’s wallet via ad revenue, while freeing the Facebook user of those annoying ads they see while trying to watch their friend’s cat videos.

What I’ve been wondering was why. Why was this free adblocker fighting Facebook?

Publicity – sure, makes sense, now I know who they are. Because they hate the ‘man’ and his ads? Sure – makes sense, and I guess you have to have a hobby or something to do with your free time right? Fame and Fortune? On the surface it doesn’t look like it. However, when dig deeper, you find out that AdBlocker Plus has launched its own ad exchange called the Acceptable Ads Platform, which essentially lets websites serve ‘privacy-safe’ ads that AdBlocker Plus won’t block from appearing on the 90 million or so users that have their software installed – for a 6% cut.

Ah, there it is! Knew there was profit to be made somewhere.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Tech Support Scam Email

September 12, 2016 by The T By D Team Leave a Comment

ALERT: Tech Support Scam Email

Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like “unusual sign-in activity”.

Unfortunately, CyberCriminals have copied these emails, and using it as a new attack vector for a tech support scam.

These new “phishing” emails point victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while, and their number is queued for a fraudulent follow-up call like the one below.

Here is a real example of such a call: http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3

If you decide to call any company, go to their website and call the number listed there. Never use a phone number from any email you may have received.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Another Apple Hack

September 6, 2016 by The T By D Team Leave a Comment

Another Apple Hack

As I.T. professionals, we hear it all the time – Macs don’t get viruses, Apples can’t get hacked, Macs don’t need antivirus, etc. etc. etc.

In the past couple of weeks, hackers have identified ways to severely compromise your Apple devices.

First with iPhones: By clicking on a link in a text, hackers could take your device over in the background, accessing your data and cameras, potentially spying on you and everything you do on your device.
More recently, the same exploit has come out for Mac devices. So your laptop or computer could be taken over as well.

Apple has released updates for the exploits (aka hacks), so if you get an update notification, install it! If you aren’t sure if you’re up-to-date, check as soon as possible.

To update your software on your computer, go to the App store-> Updates-> install Security Update 2016-001 10.11.16.

If you have yet to update the software on your iPhone or iPad, you can do so by going to Settings -> General -> Software Update, and upgrade to iOS 9.3.5.

For the full article, read here: http://www.telegraph.co.uk/technology/2016/09/02/apple-issues-urgent-security-update-after-hack-turns-mac-compute/

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Voice Mail CyberScam

August 31, 2016 by The T By D Team Leave a Comment

ALERT: Voice Mail CyberScam

CyberCriminals have found a new way to trick people into infecting their PC with ransomware.

This time, it looks like a Microsoft email that tells you about a voice mail that was left for you, and asks you to click to play the voice mail.

The email looks similar to the one below:

The email has a .zip attachment that supposedly has the voice mail message in a .wav file. However, if you unzip the file, the ransomware will encrypt all the files on your computer, and possibly all files on the network if you have access. The only way to get your files back….is to pay approximately $500 US.

Do not click on links in “voice mail” emails from someone you do not know, and do not open any attachments!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: FTC Scam Rings True

August 23, 2016 by The T By D Team Leave a Comment

ALERT: FTC Scam Rings True

There is a new CyberScam out this week, that has lazy CyberCriminals raking in cash!

I say lazy, because the CyberCriminals are taken an actual past scam that the U.S. Federal Trade Commission has resolved & is now refunding money on. CyberCriminals take these real FTC cases, and create a phishing scam out of them.

CyberCriminals are sending out phishing emails from an official-sounding organization that promises you a refund for a specific amount.

Be very careful!

Never click on any links, or open any attachments you did not ask for. DELETE the email immediately.

If you really are expecting an FTC refund, go to the FTC.gov website yourself, using your own shortcut, or by typing the address in your browser.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Ransomware Releases

August 17, 2016 by The T By D Team Leave a Comment

Ransomware Releases

The ransomware market is rapidly expanding, and new and upgraded strains are released quickly. The FBI recently projected that the losses caused by ransomware infections could reach a billion dollars…in 2016 alone.

Here is a list of the most recent releases and/or upgrades:

CryptXXX

In late July, thousands of legitimate WordPress business sites were hijacked to deliver ransomware to anyone that visits their website. The hijacked websites were redirecting visitors to a compromised site, where the payload was the very latest CryptXXX. If you are running WordPress as your website and/or blog, make sure you upgrade to the latest version. You should also minimize the number of plugins you use, to make the attack surface as small as possible.

Cerber

The leading Cybermafias are furiously innovating to stay ahead of the copycats. Cerber has updated several times, like adding a DDoS, and the use of double-zipped Windows Script Files (WSFs) to evade detection. In July, the release of Cerber’s latest version put Office 365 users in the crosshairs. Victims were phished, and once they opened the attachment, Cerber encrypted their files.

Stampado

A new ransomware type to surface in mid-July had some similarities to Cryptolocker and Jigsaw in terms of how it works. Stampado was marketed to CyberCriminals at a fraction of the cost of the usual ransomware ($39), and even included training videos to make sure that the CyberCriminals did it right. Stampado ecrypts files, then deletes chunks of the hostaged files after a lapsed time period, if ransom has not been paid. Stampado typically gives a 96-hour deadline before all files are deleted.

CrypMIC

While CrypMIC is a copycat of CryptXXX (trying to rake in Bitcoin with a ransom note. Even it’s payment user interface is similar.). One twist is that CrypMIC does not append any extension names to files that have already been encrypted, which makes it hard to spot (which makes it hard to tell which files have been affected).

cuteRansomware

Uses Google Docs and other cloud apps to transmit encryption keys and gather user information to evade detection

Alfa Ranscam

This looks like a distant relative of Cerber. The malware scans its infected system’s local drives and encrypts over 142 file types, appending a “.bin” extention name to the locked file.

CTB Faker

This is a copycat to CTB Locker. This is spread through fake profiles on adult sites. The fake profiles trick users with the promise of access to a password-protected striptease video. The victims click on the link provided, which leads to a download of the ransomware.

Ranscam

Discovered in July, this ransomware threatens to delete files unless a 0.2 bitcoin ransom is paid. Insult is added to injury when the files are deleted, whether ransom is paid or not.

Hitler Ransomware

Also new in July, this ransomware doesn’t encrypt files, it just deletes them.

PokemonGo Ransomware

This ransomware emerged shortly after the app was released. This ransomware installs a backdoor account, and allows the spreads to other drives. This strain has added bonuses, such as adding an admin account, and the ability to spread to all removable drives.

As you can see by the lengthy list above, ransomware is spreading fast & furious, with new versions and strains popping up all over the place.

The common factor? All of these ransomware strains rely on social engineering to capture their victims.

Now, more than ever, CyberSecurity is extremely important for businesses. You cannot simply relax & hope that either your business is too small for attack (ransomware spread by social engineering doesn’t care how big, or small, your business is!), or that you filters are going to catch it (they never do). Create your own “human firewall” by informing your employees about the risks, what to watch for, and what to do about it.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Illegal Game of Thrones Download

August 9, 2016 by The T By D Team Leave a Comment

ALERT: Illegal Game of Thrones Download

Illegal downloading of tv shows and movies from a variety of websites is the bane of the entertainment industry. Yet it’s done all the time. Currently, the HBO series, “Game of Thrones” is the #1 download.

And CyberCriminals are ready to cash in…

Emails are being received that look like a legal violation notice from IP-Echelon, which is the company that enforces copyright claims for companies such as HBO. The email states that the person receiving the notice has illegally downloaded “Game of Thrones”, or other copyright-protected entertainment and that unless they pay a settlement within 72 hours, the matter will be turned over to their attorneys.

When you click on the link provided, you are directed to a website where you can pay your “settlement”.

The people on the other side of the website, are CyberCriminals, not a copyright-protection agency.

In general, it’s a bad idea to illegally download shows and movies for two reasons:

You are violating copyrights, which can turn out to be very expensive when you get sued.
The websites promising these downloads are often compromised and infect your computer with all kinds of malware.

If you’ve received a notice and want to verify if this is for real or not, contact the real IP-Echelon directly which you can do here: https://www.ip-echelon.com/contact-us/

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Review: Apple Music

July 21, 2016 by The T By D Team Leave a Comment

Apple Music

I used Google Play for music for a couple of years, and I have to say I didn’t really care for it. It did the job – I could pick a song and play it, but often the ‘song generated’ playlists (pick a song and start a radio from it) – for lack of a better word – sucked. If I picked a song with a female lead, I got almost all female singers. Pick a Canadian song, and I would get all Canadian songs (really, Stompin’ Tom mixed in with the Headstones? Really??). That kind of thing. If I want a radio based on a rock song, I want rock radio, if I radio Blue Rodeo, I want that Country Rock vibe, not Anne Murray just because she’s Canadian. Come on!

As luck would have it, my credit card company issued me a new credit card, and I forgot to change the billing on my Google Play account. It expired, which initially gave me the brief “Oh NO!” feeling. But then I thought, “Aha! Now I can try out this Apple Music I’ve been hearing about!”

Just to clarify – I am a Google guy. NOT an Apple guy. I have a Note 5, I use Gmail, and I generally scoff at people when they say “Macs never have issues”, or “Macs are way more user-friendly”, or “Macs make my beard nicer”. Yeah, whatever buddy. So I didn’t come pre-packaged with the Mac/Apple bias.

At first, when I installed the app, I was presented with a bubble screen for me to pick what I like – cute, Apple, real cute. Weird, ’cause you never really see bubbles in the interface again. But whatever, someone’s kitty cat-loving single sister picked the feel of that screen or something. Liveable, but weird. What did surprise me however, was the “FOR YOU” section – right away I had “A-List Rock” waiting for me. Gave it a listen…Awesome. Then it hit me with Judas Priest Deep Cuts – AWESOME!! (I’m a bit of a metal-head at times). And everyday since, the “FOR YOU” section has been a little bit of awesomeness. I’m sometimes on the road for hours with my job, and listening to something fresh to me is so cool. Not only playlists, but albums I might be interested in. Again…awesome!

My family & I have a small cabin off-grid, so before we packed up, I downloaded a few playlists to my Note 5 and dumped on some acoustic curated playlists, because I really enjoy acoustic versions of tunes when hanging out, or hanging over. My wife & I played some cards in the evening at the cabin, and the lists were spectacular! I downloaded the “A-List Pop” for my daughter as well, and on the trip to and from the cabin that was a huge hit! – not just the same old same old we hear on the radio, but some fresh tracks (many that we did hear over and over because she fell in love with them, but not Apple’s fault).

So, all in all, I’m very impressed. Will I go back to Google Play? Nope. Apple Music really is that good – and the family pack for $15.99 is very impressive.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Don’t Get Poke-Punked

July 21, 2016 by The T By D Team Leave a Comment

Don’t Get Poké-Punked!

With the Pokémon Go hitting the streets…you know CyberCriminals are not going to be far behind!

The game’s rapid rollout and unparallelled success has it’s risks. Pokemon Go has immediately hit several security and privacy-related speed bumps, and not all of them are virtual…

Muggings

In this game, players can meet in real life using the Pokéstop feature to do virtual battle. Police in several cities have already accumulated some scary stories – some people are using the popular game to lure other players to remote locations with the intention of robbing them (or worse!).

Google Login Permissions Problems

Many security researchers have been warning that the initial release of the Pokémon Go app has access to many more device permissions than needed, meaning a possible privacy risk. Some information security experts have even been urging players to create “burner” Apple or Google accounts that are only used with this game.

Trojanized Apps

Just 72 hours after the initial release of the Pokemon Go app, CyberCriminals had Trojanized a legitimate version of the free app to include malware, which was released via unofficial, third-party app stores.

Researchers at the security firm “Proofpoint” stated in a blog post that the malicious Android app file “was modified to include the malicious remote access tool called DroidJack – also known as SandroRAT, which would virtually give an attacker full control over a victim’s phone.” Gaming websites have begun publishing instructions on how people can download the app, including using side-loading – evading Google’s official app store – to install them.

Proofpoint went on to state, “In the case of the compromised Pokémon Go APK we analyzed, the potential exists for attackers to completely compromise a mobile device. If that device is brought into a corporate network, networked resources are also at risk.”