Tag: malware

Sick of Security Theater? Focus on These 5 Basics Before Anything Else

Håkon Olsen1 Comment

Cybersecurity abounds with “to-do lists” in the form of guidance documents and control frameworks. However, these lists alone don’t strengthen a network; implementing the controls does. Given that frameworks often contain hundreds of controls, distinguishing between basic and additional security controls is beneficial. It’s crucial to implement the foundational basics before moving on to risk assessments, strict governance procedures, and other advanced measures.

– I don’t have the paperwork but at least we have firewalls and working patch management! 

Luckily, there are also “quickstart” guidelines available. One of the best is the UK NCSC’s “Cyber Essentials”. This includes 5 technical controls that will stop most cyber attacks and make your organization much more resilient. 

Help cover the cloud and hosting costs of this blog?

Buy Me A Coffee

1 – Secure configuration

  • Remove software and features you don’t need
  • Do not allow administrative accounts to be used for daily work. Use separate accounts for administration, and preferably only a few people from the IT department should be able to be administrators. 
  • Remove default accounts, and change any default passwords. 

2 – Malware protection

  • Install anti-malware software on all computers and smartphones
  • Configure the anti-malware software to check web links as well

3 – User access control

  • Only give access to people who need it
  • Only give access to necessary resources the user needs to do their job
  • Implement strong authentication with two-factor authentication for all services that can be reached from the Internet
  • Set a routine to go through user accounts regularly and remove or disable user accounts that should no longer be there

4 – Firewalls

  • Make sure all Internet connected devices have a firewall
  • Configure the firewalls to only allow the necessary traffic
  • Block all inbound traffic, unless the device has a role requiring it, for example a web server

5 – Security updates

  • Only use supported applications that still receive security updates
  • Automated security updates where possible
  • Keep an inventory of the installed software on all devices. This will be available in most modern anti-malware software systems. 
  • When a high severity vulnerability is published, check the inventory if you have this software and implement the patch or other mitigations quickly. 

Next steps

When the essential controls are in place, the next step should be to set up an incident response plan, and practice using it. Then you are ready to start building a risk based governance structure and focus on continuous improvement and compliance using one of the big frameworks such as ISO 27001.

Some good resources on the basics

NCSC Cyber Essentials

ENISA cybersecurity guide for SME’s

Hackers try to trick you into paying ransome using simple javascript hijacking

Håkon OlsenLeave a comment

When people talk about ransomware they typically think about malware that encrypts all of your files using strong encryption, forcing you to fork over money to unlock your files again. Some of these species are quite elaborate, with reinfection routines and integrated botnets. But perhaps hackers can get higher return on investment (ROI) by using som simple browser hijacking scripts?

ransom_fakebsod

One of the most common and profitable scams in 2015-2016 was the FakeBsod.A malware. According to the Microsoft info page on this ransomware it accounted for 15% of ransomware infection in the period from Dec 2015 to May 2016. The way the malware works is that it hijacks your browser and displays a message that you have encountered “BLUE SCREEN ERROR 0x000000000CE” in your browser. Your browser becomes unusable, the adress bar does not work and you cannot close it unless you kill the application. The error message gives a phone number to “Microsoft” for help. If you call them, you are asked ot pay a certain amount by credit card to “fix the problem”. Of course, forcing the browser to close and then removing the js file FakeBsod.A from your system is a better choice of action. Most users don’t know this, and the js browser hijacking technique has earned cyber criminals enormous sums of money from user seeing no other option to get their browser back. Note that no files are harmed by the malware – this is an effective scareware tactic that has worked very well for the criminals, with very little upfront investment.

This particular ransomware is not dangerous in contrast to cryptoviruses that can be in practice impossible to recover from without a good backup. It is like a robbery using a water pistol. Still – the criminals manage to steal a lot of money using this malware . It is like other phone scams – but instead of Microsoft scammers calling you they use ransomware as an inbound marketing tool – making you call their call center.

A nice and somewhat more technical post on this time of “phonescamware” can be found here by Xavier Mertens: https://isc.sans.edu/diary.html?date=2015-10-13.