10 Cybersecurity Tactics Everyone should Implement Now!

By Alex Duffy

In life there are a set of rules that apply to certain scenarios. When you are driving and want to change lanes, you check your mirror, indicate, check your mirror again, safely switch lanes, and finish up by turning off the indicator. These rules are in place in order for everyone to have a safe driving experience. The same practise can be applied to your online security, which is critical considering almost everything is completed online these days. In some cases an 8-16 character password is all that’s protecting your finances – that should be reason enough to want to protect yourself.

So, how do you make sure to keep yourself safe? Follow these 10 steps:

ONE – Look for browser warnings and the green lock before entering credentials.

Whenever you access a website, your browser runs background checks to make sure that the site you are visiting is indeed who they claim to be. When the websites fail these checks, your browser will warn you. These warnings are there for a reason! So make sure to listen to those warnings and respect them.

TWO – Maintain Unique passwords for every account and website.

No alt text provided for this image

Too often people will use the same email and password for their bank, as they do for any odd website out there that has asked them to create an account. The issue with this is that once that website becomes compromised and your account details are stolen, threat actors will often use those same credentials against a variety of services like PayPal, large banks and more, and will be end up being successful in stealing your information.

THREE – Use Random Generated or pass phrases as your password.

Regarding passwords, you are looking for length and complexity. Complexity does not mean take your name and replace an ‘A’ with an ‘@’. Complexity means that you couldn’t break a password just by changing characters. Remembering truly random passwords is tough, so passphrases are the next best thing. Simply take a saying or a line from your favourite song, poem or book, and use that as your password, spaces and all. You could also take the first letter of each word to create a new passphrase. Generally speaking, if you add a number or two that should satisfy password complexity standards.

 FOUR – Do not click links that arrive in unsolicited email.

Phishing is a scamming method that uses fear and urgency to get you to act irrationally. If you are not expecting to be contacted by the sender, and a link urges you to ‘click here’, and they are threatening that something bad will happen, like your email account getting shutdown or blocked, it is generally fake. If you are still unsure, you can hover over the link to gain more information. If Microsoft claims they sent you the email, the link should be Microsoft’s. In the end, if you are ever in doubt, then contact the company directly and see if they sent you the email.

An example:

Microsoftpasswordreset.suvlaki.co – FAKE

login.microsoftonline.com – GOOD

FIVE – Where possible enable multi-factor authentication

Multi-factor authentication is a second way of verifying your identity. This can be achieved using methods such as a text, phone call, or a generated token. This should be enabled because in the event of your password being stolen, the threat actors  are still unable to access your account. When multi-factor is set up, you should always be aware that if you receive an authentication code without trying to log in, then it could mean that someone has your password and is trying to log in.

 SIX – Change passwords regularly

Your job is to make stolen passwords redundant. You can do this by changing your passwords often which heavily reduces the impact of a stolen password

 SEVEN – Try not to write down your passwords, if you do, do not store them in plain sight.

You should not have your passwords written down, makes it easy to gain access to your devices. But if you really insist on it, which again, please don’t. Then PLEASE, hide them – and no, NOT UNDER THE KEYBOARD!

 EIGHT – Use a password manager to help you remember your unique passwords.

No alt text provided for this image

A strong password is one that is long and can’t be remembered. No one is asking you to remember them all, instead securely store them in a password vault. Password vaults are invaluable at keeping your everyday passwords safe, and then ensure that access to your vault is protected by a strong passphrase and multi-factor (Step three and five).

 NINE – keep ALL software up to date.

Updating your operating system or antivirus is only half the battle against protecting your device. Any out of date applications, such as Adobe, Zoom etc, can allow a threat actors to gain full access to your system and everything within.

 Ten – With emails, ensure that the send and the senders email address are correct.

No alt text provided for this image

It is incredibly easy to change your display name for an email address to appear as someone else. Your job is to make sure the person emailing you is actually the person they claim to be. You can work this out by comparing their display name to the actual email address.

An example:

John Harry <[email protected]> – BAD

John Harry <[email protected]> – GOOD

 

About the author
Alexander Duffy is Security Solutions Architect for emt Distribution, working in the Threat Intelligence space on a full  range of  emt’s cybersecurity portfolio like ThreatConnect, Flashpoint, etc. For more security updates follow him on LinkedIn

Internet of Things Security Often Overlooked in Cyber Defence

By Alexander Duffy, Security Solutions Architect, emt Distribution

In September last year, the ABC Investigations journalism unit published an in-depth report
looking into the use in Australia of surveillance cameras manufactured by Chinese companies, Hikvision and Dahua, with security ramifications for any organisation installing Internet-connected devices.

Security researchers assert that vulnerabilities in Hikvision and Dahua cameras leave them open to malicious actors looking to syphon off video, audio and other data. Both companies have also been accused of spying on behalf of the Chinese Government and have been banned from U.S. government use.

According to Terry Dunlap, Co-founder of ReFirm Labs, governments are taking the right step in evaluating whether Chinese companies like Hikvision are an acceptable risk as suppliers.

“Chinese firms have a long history of embedding backdoors in their equipment,” said Dunlap. “And it’s not happening by accident – in 2013, we found purpose-built backdoors in Huawei equipment. In 2017, we saw the same embedding technique in Dahua security cameras, which the U.S. Congress then banned in 2018.

“All telecom gear coming from China that is placed into critical infrastructure, for example, needs to undergo a thorough security vetting from top layer applications all the way down to the firmware level where we see backdoor implants. Companies need to think twice about purchasing Chinese-made equipment if they don’t have vetting and monitoring capabilities in place to detect such backdoors and implants.”

ABC Investigations found the Chinese cameras above the entrances to the Australian Government Solicitor headquarters in Canberra and an office block used by the Department of Home Affairs and Attorney-General, AUSTRAC, and the Office of National Assessments. Another camera – removed once the Department Of Defence became aware of it – was found at the RAAF Base Edinburgh in South Australia.

Surveillance cameras and telecommunications equipment are just some of the Internet-connected devices subject to cyber attack. There are thousands of other kinds of vulnerable devices described by the term ‘Internet of Things’, and they number in the millions if not billions.

While most organisations have taken increased measures in recent years to strengthen the security of their information systems, many overlook device security. Not surprisingly, vulnerabilities in IoT devices are often the easiest targets for threat actors  and often represent the initial point of entry into organisations’ networks.

In a breach featured in a webinar by Joseph Carson, Chief Security Scientist at Thycotic, an attack by Somalian pirates on a secure database detailing shipping movements was initiated by exploiting wireless lights that had been incorrectly configured, giving hackers network access.

Unfortunately, the security measures most organisations currently have in place don’t effectively protect IoT devices. Current security measures don’t effectively protect firmware, and fail to proactively address vulnerabilities before it’s too late.

In a 2018 report, research firm Gartner predicted that until 2020, the biggest inhibitor to growth for IoT security will come from a lack of prioritisation and implementation of security best practices and tools in IoT initiative planning. “In IoT initiatives, organisations often don’t have control over the source and nature of the software and hardware being utilised by smart connected devices,” said Ruggero Contu, research director at Gartner.

As cyber intrusions become more commonplace, CSOs and CISOs have to look towards more innovative solutions to protect their organisations. Among the challenges they face is allowing business units to meet the demand for IoT devices with the confidence that they do not pose a security risk.

The introduction of cyber security tools into Australia and New Zealand for vetting, validation and monitoring of organisations’ firmware security has now closed this security gap for enterprises, government agencies, operators of critical infrastructure, and other organisations.

With these tools, organisations reliant on IoT devices can vet firmware images for vulnerabilities in around 30 minutes, without requiring source code, giving them confidence in the choices they make. Without them, they could be learning about the vulnerabilities they have introduced to their networks, or their customers, from the media.

About the author
Alexander Duffy is Security Solutions Architect for emt Distribution, the Australia and New Zealand representative for ReFirm Labs, which provides the industry’s first IoT and firmware security solutions that proactively vet, validate and continuously monitor IoT devices for hidden threats.

TRIAL Vipre Endpoint Security

What do ASD Essential Eight changes mean for your organisation’s security

 

By Alex Duffy, Security Solutions Architect, emt Distribution 

The recent (25/2/19) and unexpected update to the Australian Signals Directorate’s Essential Eight Maturity Model serves to keep the ASD’s guidelines relevant going forward and address the latest weak points in IT security. What stays the same though is the ASD’s guidance on practical updates on how to stay ahead.

 

While these guidelines are specifically relevant to federal government organisations’ critical infrastructure they are now being pushed indirectly to contractors or businesses who work with the federal government. But even though these guidelines may not be mandatory for private businesses, they are best practice. If they are good enough to safeguard our political, defence and economic interests as a nation, they should be appropriate to safeguard our businesses from the majority of possible cyber security attacks and incidents.

 

This recent update sees fewer restrictions around patching but a higher level of control on Application Whitelisting which has now been extended to all workstations for levels 1 and 2 of the maturity models. Multi Factor Authentication no longer permits the use of SMS, emails or voicemails for level 1 maturity and specifically states a requirement for passwords to be longer than six characters at all levels.

 

But what does this actually mean for today’s IT professionals?

 

These changes reflect the changing priorities required to address today’s threat landscape. With the loosening of controls around patching, the ASD acknowledges the balancing act that security personnel must perform in certain environments. There is definite acknowledgement of the dilemma faced where patching may break functionality vs maintaining a secure environment and strict adherence. A reduction in the burden on already overworked IT admins meeting requirements while allowing better automation is removing overhead while not reducing security.

 

The higher importance placed on Application Whitelisting definitely reflects what we see in the marketplace. With Application Whitelisting now available as a mature solution it is reasonable to expect organisations to use it across their entire environment. Increased visibility alone of endpoint applications makes life easier for security, helpdesk and management alike stopping more endpoint threats before they reach any part of the network.

 

Combined focus on patch automation and increased scope of Application Whitelisting we also see as acknowledgement of a more distributed workforce need for security and higher difficulty in controlling remote endpoints.

 

The more specific wording for Multi Factor Authentication also recognises how threat actors are now working around basic MFA and endeavours to close those weak spots.

 

There are now only three maturity levels instead of the original five: Partly (level 1), Mostly (level 2) and Fully (level 3) aligned. Level 0 is no longer listed as it doesn’t meet even the most minimal criteria and level 4 is only required on an ad hoc basis depending on advice from the ASD. These changes assume that organisations will now at least begin to adhere to these standards to a degree and give a clear path to full alignment at level 3.

 

The biggest takeaway from this update appears to be that it is no longer reasonable for a business entity to not address the Essential Eight, especially with the removal of level 0. If a business has not yet met the criteria for level 1 then its current security measures are faulty and need immediate remediation.

We welcome this specific update because it reflects what our customers have been demanding already. emt’s focus on security solutions addresses the Essential Eight and beyond to ensure our customers’ networks are ahead of requirements using the latest technologies. We already have solutions that address the Top 4 – Airlock Digital, Flexera, Stealthbits, and Thycotic.

 

Read more about our solutions for Top 4 mitigations at https://www.emtdist.com/solutions/australian-signals-directorate-top-4-mitigations/

 

 

Flashpoint Intelligence on APAC-ANZ Cyber Activity to Guide Upcoming Risk Decisions

Author:  Aaron Shraberg, Flashpoint

 

Geopolitical and economic tensions between the United States, China, and North Korea figure to steer risk management decisions in the Asia-Pacific region for the coming months. Organisations, such as some recently targeted financial services institutions in Australia and New Zealand, should closely monitor cyber and political activity in the area.

The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC. While most threat actors targeting organisations in the region are financially motivated, nation-state activity remains a potent threat against government and diplomatic entities, as well as financial organisations as nations such as North Korea continue to fund operations through hacking.

Political and Economic Events to Watch

As 2019 progresses, the ongoing trade conflict between the U.S. and China could spur an uptick in cyber activity against the U.S. and its closest Five Eyes allies, further eroding the Xi-Obama agreement to cease China’s industrial espionage activity for economic gain.

Last year, a limited number of named APT outfits operating in the region were alleged to be behind high-profile compromises and thefts of data and/or funds from global financial institutions, attacks on various multinational firms via third-party providers, and campaigns against the cryptocurrency industry.

North Korea is likely to remain a stressor in the region. It is unlikely to unilaterally disarm its nuclear program, and will likely ramp up its cyberattacks against APAC, ANZ, and Western financial institutions, as well as cryptocurrency exchanges in order to finance the regime and its activities. Organisations should also monitor unresolved disputes over ownership and militarisation of parts of the South China Sea, debates over the integrity of Huawei and ZTE devices in Western networks, and other events in the region that could impact businesses in ANZ and APAC.

While some criminal organisations operating in ANZ and APAC are believed to be behind Eastern European outfits in terms of experience and capabilities, APT activity from China and North Korea is considered highly advanced. Organizations in the region should be aware of campaigns linked to criminal or nation-states in the area, and some of the tactics, techniques, and procedures (TTPs) employed by these groups.

Advanced TTPs Coming out of APAC-ANZ

Some TTPs include commonplace first-stage attacks such as phishing or spear-phishing emails and watering hole attacks. These groups also have at their disposal banking Trojans, malware that seeks out and steals credentials, and ransomware, among others. Many criminal groups are proficient in activity to facilitate carding and reshipment fraud, the theft and sale of personally identifiable information, as well as more technically involved operations, including the sale of compromised RDP hosts, developing proxy and anonymization tools (to circumvent law enforcement and censorship efforts), and other tactics to carry out fraud.

Some attackers are also making use of publicly available exploits for common vulnerabilities in Apache Struts, Oracle products, Adobe Flash, Microsoft Office and others. Most of these vulnerabilities have already been publicly disclosed and patches are available, meaning that threat actors are opportunistic in the region, capitalising on lax patching efforts, or under-resourced IT organizations to exploit these security flaws.

Already this year, financial institutions in Australia, Japan, and elsewhere have reported being targeted by a new spam campaign using the Hancitor dropper to infect machines with the Gozi information-stealing malware. Gozi, also known as Ursnif, packages up banking and other account credentials from an infected machine and exfiltrates them to an attacker-controlled server. Variants of the banking malware have been active since 2014 and frequently target Microsoft Office vulnerabilities to gain a foothold on unpatched machines.

Malware-based attacks aren’t the only means of profit for threat actors in the region. Late last year, several Chinese-language Deep & Dark Web forums contained posts advertising the availability of fraudulent identification cards from Australia, New Zealand, several locations in Europe, as well as North America. The fraudulent documents would allow, in some regions, the ability to travel without additional visas, vote in elections, or open bank accounts, for example. Another post also advertised processing of identifications and passports from Australia, New Zealand, Canada, France and Germany, opening the door to citizenship in some of those locations, in addition to the previously mentioned capabilities.

Assessment

Enterprises in Asia-Pacific, Australia, and New Zealand will have impending risk management decisions guided in some part by the fragile geopolitical and cyber climate in the region. As the U.S., China, and North Korea tug at each other’s shirttails in cyberspace and in the political arena, businesses will continue to be targeted by criminal and state-sponsored outfits operating in APAC and ANZ. Any erosion of these diplomatic or economic relationships will trickle down to businesses in the area, and threat activity targeting countries and companies in APAC-ANZ will be influenced accordingly.

 

About the Author

Aaron Shraberg is Senior Analyst on the Asia-Pacific intelligence team at Flashpoint. He speaks Mandarin and specialises in analysing key trends, threat actors, and campaigns emanating from the region, with an emphasis on China. Prior to Flashpoint, Aaron held roles in foreign policy and national security research for organisations including the Institute for International Economic Policy, DGI, and Kharon. He received a bachelor’s degree in literature from the University of Kentucky and a master’s degree in Asian studies from The George Washington University.

Flashpoint empowers organisations worldwide with meaningful intelligence and information that combats threats and adversaries. Headquartered in New York, Flashpoint has offices in Melbourne, Australia and is distributed in Oceania and South East Asia by emt Distribution.