Secure Your Internet Connected Printer

Standard

FBI PIN.jpg

Late last week, the FBI issued what is known as a Private Industry Notification, or PIN, regarding Internet connected printers.  These are printers that allow you to print to them remotely, when outside the network.

The FBI has confirmed that criminal actors have exploited vulnerabilities in these printers to either manipulate legitimate print jobs or to distribute threats and hate speech.  In one confirmed case, over 130 businesses across all sectors of the economy, received bomb threats via fax or forced print jobs.

The FBI has identified the following recommendations to prevent these types of cyber attacks:

  • Ensure ports 515, 631, and 9100 are not publicly accessible over the Internet. If keeping these ports open is necessary, consider whitelisting specific IP addresses or subnets to ensure only legitimate traffic can connect to the printer.
  • Consider the use of alternative ports for Internet-connected printers and other devices.
  • Ensure all Internet-connected printers and devices on the network have strong usernames and passwords. Default usernames and passwords should be changed.
  • Conduct daily reviews of printer logins to identify and flag unauthorized IP addresses.
  • Configure firewalls to block traffic from unauthorized IP addresses to printers and other network devices.
  • Restrict Internet-connected printer and device connectivity to non-sensitive business networks.

If you have an Internet enabled printer in your home or office, I strongly encourage you to take the above steps today.

The FBI encourages everyone to report potential cyber criminal activity to the FBI’s 24/7 Cyber Watch (CyWatch). CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at CyWatch@ic.fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

Insider Threats Often Overlooked in Data Security

Standard

The following was published in yesterday’s Foster’s and Seacoast Sunday.

Insider ThreatWhen most people talk about information security, the discussions tend to focus on keeping hackers out. There is no question this is a real threat and needs a comprehensive layered approach to defend against. I’m sure your business has made significant investments in building out these layered defenses.

But what about insider threats? Has that even been a topic of discussion? If not, it really should be and here’s why.

As mentioned, most security conversations focus on hardware and software tools that protect the company network against attempts by hackers to penetrate the company network. It has also been quite common to focus on phishing attacks, those social engineering emails that look like they are legitimate, but are not. They are designed to trick the recipient into clicking a link or opening an attachment that will infect the system with malicious code that will allow the hacker to circumvent the layers of security.

Insider threats are too often overlooked, whether they intentional or unintentional. Most insider security risks center around the data stored on the company network. Employees need access to the data required to do their job. That access is a threat because computer users are often granted more access then they need to do their work. In those cases, a person could come upon data that may have value to them in a malicious sense.

Many insider threats are motivated by financial gain, so when an employee comes across data they may be able to use for their own personal gain, there is a real risk. While the incidence of this is still relatively low overall, it is a threat and needs to be considered. No one likes to be overly paranoid and looking over the shoulders of others, but an appropriate level of suspicion and prevention is a prudent business practice.

One of the more common forms of insider threat is data leakage. This is when data leaves the company without authorization or knowledge. In many cases, this may be completely innocent, yet exposes the company to data loss. Too many people use file sharing services not approved or monitored by the company, allowing users inside the network to copy data to an external source where it could be obtained by unintended parties. When this type of leak occurs, it is often because the person inside the company is simply trying to easily share data with someone outside the company. If this sounds familiar, it’s probably because of how common it is. This is why more and more organizations are controlling what data is able to be copied outside the corporate network and what tools may be used to securely share information with specific people.

When thinking about threats, both internal and external, you want to think about how data enters your network, how it leaves your network and how it is accessed and moved within your network. It is also important to understand where your data resides on the network and who has access rights to what information.

Once you understand these important elements of data integrity, you can begin to design and apply appropriate policies to ensure the safety of this data. Auditing is another consideration. At a minimum, data classified as the intellectual property of the company should have appropriate auditing controls applied, so you know who has accessed that data, when and what they have done with it.

Data integrity and safety is a complex matter that involves far more than just installing a firewall and antivirus software on your network. Hopefully, this information will help you think about your business practices and make any necessary changes to protect your organization from threats, inside and out.

Really New Hampshire?

Standard

A new report identifying the ten states with the highest rate of malware infections in the country lists New Hampshire in the #1 spot.  This is a not a first place ranking to be happy about!

New Hampshire often rates extremely well in rankings for quality of life, tax burden, technology, tourism and more.  To rank as the worst state in the nation for computer users infected with malware, is nothing short of terrible.  One could almost say that it is inexcusable.

The full report, released by Enigma Software, is available to read online here.  The reporthighest-malware-rates-usa-50-states does not draw conclusions as to why New Hampshire was hit so hard, but I will attribute it to lack of awareness and preventive education and general vigilance.  I would further argue that people are just not taking the time to stop and think before they do something online.  It only takes a moment to be sure an email is coming from who you think it is, or check to see if a link or attachment could be a trick.

New Hampshire ranks a whopping 201% above the national average for incidences of malware, adware, spyware, ransomware and malicious software.  This is a huge exposure to residents and businesses in the state.

Educate your self and your employees about the ways users are tricked into getting hit with these infections.  Deploy proactive and reactive training and technologies to help protect yourself and your company.  I would absolutely hate to see New Hampshire tarnished by this unenviable distinction.

Nation States and IT Vendors

Standard

You may have seen recent reports about US government concerns about Kaspersky Lab, the cybKaspersky_Laber security software company that is based in Russia.

The concern centers around potential ties between the cyber security firm and the Russian government, obviously magnified by the revelations surrounding Russian government hacking related to the 2016 Russian FlagPresidential Election.  Bloomberg Business Week has published articles that state that Kaspersky Lab has ties to the Russian intelligence agency, the FSB.  This concern has reached the level that the General Services Administration (GSA) has removed Kaspersky Lab as an approved vendor for use by the US government.  Following on this, efforts are underway to ensure that no Kaspersky Lab software is installed on any US government computer systems.

It needs to be noted that both Kaspersky Lab and the Russian government both deny these assertions.  Kaspersky Lab has issued a multi-point denial of the allegations that have been identified in the Bloomberg Business Week article.

It should also be noted that this is not the first time a foreign government has been accused of potential ties to a technology company that could have national security implications.  When the Chinese firm Lenovo purchased the former IBM PC and server business units, the US government removed Lenovo from the list of GSA approved hardware vendors.  The concern was that the Chinese government could have influence over Lenovo and have it install components that could theoretically have capabilities that would allow the Chinese government to spy on anyone using one of their computers.

As with the current situation with Kaspersky Lab, there are concerns, but those concerns have not been validated with actual findings supporting the concerns.  This is tricky territory.  I do not mean to say that the concerns are unfounded, nor that the concerns are valid.

There is irony with each of these cases.  Almost every computer manufactured in the world today has at least some manufacturing capability that comes through China.  While a hardware or software firm may be based in a country that generates national security concerns for the United States, theoretically a software company anywhere in the world could be involved in collusion with a foreign power.

While there are political implications here, we should be cautious and rely on fact not conjecture.  We will see how these concerns play out in the coming weeks and months.  For now, if your business has concerns about specific vendors like these, you should review your business practices and determine whether a change in vendor would be appropriate to alleviate these concerns.  I’ll keep you posted if I learn more about either of these examples.

Here Comes Smishing

Standard

I jusSmishingt received a warning from the company KnowBe4, who my firm works closely with, about a new form of phishing.  I wanted to share the details with you right away.

Internet bad guys are increasingly trying to circumvent your spam filters and instead are targeting people directly through their smartphone with smishing attacks, which are hard to stop.

They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

The practice has been around for a few years, but current new scams are mystery shopping invitations that start with a text, social engineering the victim to send an email to the scammers, and then get roped into a shopping fraud.

These types of smishing attacks are also more and more used for identity theft, bank account take-overs, or pressure employees into giving out personal or company confidential information.  Fortune magazine published a great article about this yesterday.  Here is the link.

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.  Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM

In addition to the video, here’s a great PDF that explains this type of social engineering.  It’s from our friends at KnowBe4.  Feel free to print, share and use.

Prime Day Phishing Examples

Standard

Yesterday, I posted a warning about scams associated with Amazon‘s upcoming Prime Day on July 11th.  Here are a few examples, to help you remain alert and avoid getting caught by the hackers trying to exploit this popular online shopping day.

AmazonPhish1

AmazonPhish2.jpg

AmazonPhish3

In each of these examples, you will notice the following:

  1. The sender address may look like it’s coming from Amazon, but if you take the time to look at the actual address within the <> symbols, you can clearly see that it’s not.  Some email programs will show you this like in these examples.  Others, you may have to hover your mouse over the “from” name to see what the underlying address is.
  2. The message contains only links.  DON’T CLICK.  These links will bring you to malicious sites that will load malware on your device.
  3. The messages all have an Unsubscribe link at the bottom.  As with #2, DON’T CLICK.

Hopefully these examples and warnings will help you enjoy Prime Day safely!

In case you missed my original post yesterday, about this, here is the link.

With Prime Day Comes Scam Days

Standard

Amazon Prime Day is coming and along with it, hackers are actively trying to scam users of the popular Amazon service.

What is Prime Day?  From Amazon’s web site: “This July 11 is the third annual PrimePrime Day Day. Prime Day is our annual deals event just for Prime members. We want Prime Day to be one of the world’s best days to shop, with awesome prices on everything you’re into. We’re bringing you hundreds of thousands of deals, new deals starting as often as every five minutes, and special offers across everything included with Prime—from music and video to reading and voice shopping.”

This year, hackers are really taking advantage of Prime Day, perhaps in part because Amazon has been more aggressively promoting Prime Day each year.  Prime Day deals are available for several days prior to the 11th.

Be on the lookout for phishing email messages, with subjects and sender names referencing Amazon Prime and Prime Day.  Even if you just placed an order, double check the sender address and hover over any links before clicking to be sure they are really from and going to amazon.com.  And don’t forget, never open an attachment.  Amazon doesn’t send them, so that would be a clear indicator of a potential phishing attack.

I have already seen numerous examples of phishing email messages that say they are from Amazon Prime or reference Amazon Prime Shipping in the subject or other similar names and subjects.  Be careful while enjoying Prime Day!