A two-minute SIM card hack could enable a hacker to listen your phone calls, send text messages from your phone number, and make mobile payments from your account.

The vulnerability was discovered by Karsten Nohl, the same German security researcher that created a tool to break the GSM encryption, which enabled anyone with a scanner and a laptop to listen in to cellphone calls.  The system used to encrypt GSM calls was strengthened as a result.

This new vulnerability relates to the encryption system that is used on SIM cards.  Nohl found that by sending a fake carrier message to a phone, in approximately 25% of cases the phone would reply with an error message that revealed the 56-bit security key for the SIM.  A 2nd text message claiming to be a software update, and which the SIM card would accept because it used the encryption key, would then allow a virus to be installed which would allow the hacker wide-range control over the phone.

The system only works with SIM cards using an older ecryption method known as Data Encryption Standard (DES).  Modern SIMs use stronger encryption methods, which cannot be hacked in the same way.  The vulnerability is present in an estimated 750 million SIM cards – approximately 1 in 4 of all SIM cards.  There is no way to tell which system your SIM uses.

Nohl has already provided details to mobile operators so they can address the vulnerability.

There a couple different variations of this scam out there.

1.  An increasing number of websites that scrape existing, real mugshots out of public databases, and contact these people.  Arrestees sometimes pay hundreds of dollars to have their mugshots removed from general search engines, due to embarrassment or fear that their friends, families and/or employers will find out.  Sites like this are being sued for extortion in a lawsuit testing the bounds of the First Amendment, but in the meantime, they have victimized many people.  An example can be seen at www.mugshots.com.

2.  The second variation of this scam is even worse than the first.  In this scam, people that haven’t even been arrested, are being targeted with an email that claims their mugshot is easy to find on the internet and if they want to see this embarrassing picture, “Click Here Now”.  The link leads them to a legit site that has been compromised and infects their PC with a drive-by attack, laying down a Trojan on the hard disk, making the PC a zombie.

Remember to Think Before You Click!

Delete any emails that mention mugshots of anyone; themselves, friends, family, or co-workers!

If you receive an email with the subject line  “You Are On The CIA Prism Watchlist”, or refer to CIA or NSA Prism lists that you are on, DELETE the email immediately.  DO NOT open the attachment.

The content of the email refers to Snowden, and the attachment, called “Monitored List1.doc”, exploits a known vulnerability in computers everywhere.

Prism has been all over the press lately, which makes it a popular target for computer bad guys.  This is a popular social engineering tactic these guys use, manipulating people to avoid a negative consequence.  This is only the 1st version of this email.  I’m sure more will surface as long as Prism is in the news.

Criminals will use anything to get your credit card number.  The latest scheme is to prey upon those forgetful sons & daughters out there, that are desperate for that last minute gift.

The newest cybercrime “marketing” campaign usually starts with an email containing the subject line “Don’t Forget Mother’s Day – $19.99 Flowers”, or something similar.  Once you click on the link, you get directed to a website which contains all sorts of thoughtful gifts.  However, if you go on to purchase something, the only gift you’ll be giving is your credit card number to the cybercriminals.  Although I’m sure one of them out there has the nickname of “Mother”, I don’t think he’s the “Mother” you thought you’d be gifting this Mother’s Day.

Other Mother’s Day scam sites promote jewelry, designer clothing, and shoes.

If you are gift shopping online for your mother, please use only sites you know, and ones that are reputable.

Windows XP has been around since less than 2 months after 9/11.  Shortly after it’s launch, a big security vulnerability was found in the ‘universal plug and play’ code.  This lead to their “Trustworthy Computing’ initiative, and eventually they released XP Service Pack 2 as a mulligan for their initial release.

Windows XP continues to be the 2nd largest PC OS (Operating System), behind Windows 7.  It continues to be used on over 300 million business desktop computers.  Now for the kicker…

April 8, 2014 Redmond will discontinue support for Windows XP.  No more support means no more security updates, tech support, or patches.

Moral of the story:  Ditch Windows XP NOW, and upgrade to Windows 7.  You have a year to get used to the new OS, before Windows XP becomes a major security liability.

A new spear-phishing attack has been identified by Kaspersky Lab.  This attack involves a Trojan designed to target Android devices.  This newest attack is part of an emerging trend that targets not only mobile devices, but the computers to which the devices connect.

Researcher Kurt Baumgartner, who monitors malware, states mobile device users should add additional security packages to their mobile devices to protect them.

Listen to the full interview at BankInfoSecurity:  here.

ALERT:  Phone System Hackers

Everyone knows (or should know by now) that if someone calls, and asks for personal information, credit card numbers, etc you shouldn’t provide this over the phone.  However, the newest hackers hack your phone lines…when no one is there.

Toll fraud is the theft of long distance charges services by an unknown third party.  It is not limited to the unauthorized entry into a business’ phone system or equipment.  Toll fraud occurs worldwide, and has devastating effects on businesses, often causing tens of thousand of dollars worth of long distance charges to a single business.

Unfair as it is, if a call has originated with, or passed through your phone system or equipment, you are responsible for the charges associated with the call, whether the call is authorized or not.  This means, even though you are a victim of fraud, you are liable for the costs.

Hackers can enter your phone system through the voicemail boxes.  The hackers call the business, and when no one answers the phone, all calls are put through to a voicemail box.  The hackers then bombard the system with a series of numbers to attempt to get the right code for the administration side of the voicemail.  Once they find the right code, they are able to make outbound calls to foreign places.  Some foreign countries have extremely high long distance rates (13-29 cents per minute), and are good targets for toll fraud.  This means the security of your phone system is up to you.

How do you ensure your phone system’s security?  Call your Private Branch Exchange provider for specifics, but the following steps are a good start:

• Never publish a Direct Inward System Access (DISA) telephone number.
• Change the DISA access number regularly
• Use longer DISA authorization codes.  9 digits are ideal.  Never use less than 7.
• Issue a different DISA authorization code for all users.
• Warn DISA users not to write down authorization codes.
• Restrict DISA access at night, weekends, and holidays.  This is a low usage time, but prime time for fraud.
• Block or restrict overseas access.  If your company requires employees to call overseas, restrict calls to only the countries that you need to make calls to.
• Program your system to answer with silence after 5 or 6 rings.  Most systems are programmed to answer with a steady tone after two rings, and this is what hackers look for.
• Route invalid access attempts to your operator, if possible.
• Program your Private Branch Exchange (PBX) to generate an alarm if an unusual number of invalid attempts are made.
• Program your PBX so that the port will disable itself after a set number of invalid attempts.
• Disconnect all telephone extensions that are not in use.
• Block access to remote maintenance/administration ports, or use maximum length passwords.  Change the passwords frequently, use maximum password length, and don’t use easy or sequential numbers.  Ensure you change the passwords from factory settings.
• Disconnect modems that are not in use.
• Prohibit the sharing or posting of passwords, or entering them into programmable keys or speed dial buttons.
• Block collect call options
• Restrict access to directories that give directions on how to get into the voicemail system.
• If your system allows callers to transfer to other extensions, block any digits that hackers could use to get outside lines.
• Delete all inactive voicemail boxes.

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for, in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

The new Pope Francis is making news lately, and bad computer geeks out there are trying to cash in the best they can.

The newest scam to make the rounds is a drive-by malware campaign that uses a fake CNN article to get people to log into an infected website.  Once people open the website, it infects their workstation with the “Blackhole Exploit Kit”.  This is the #1 cybercrime tool to deliver all kinds of malware.

Beware of email from “CNN Breaking News” with the following subject lines:

– Opinion:  Family sued new Pope.  Exclusive!

– Opinion:  New pope tries to shake off the past

– Opinion:  Can New-Pope Benedict be Sued for the Sex Abuse Cases?

Drive-by attacks use a link to an infected Website instead of including the malware in the email attachment, and have become a popular delivery system.  This latest campaign is part of the current bad geek effort to use current news events to try to entice people to log into infected websites, and thus distributing spam and malware.

Spear fishing sounds great and brings up lovely images of crystal clear water, warm temperatures and hours and hours of leisure…let’s all take a moment and think on that… Ok, I’m good.

Spear Phishing, on the other hand…not so good.   [Read more…]