Tag: KidderSec

Facebook, phones, privacy, oh my!

Posted on by Leave a comment

Last year Facebook was dragged before a senate committee hearing regarding privacy. The founder Mark Zuckerberg was challenged with questions regarding how Facebook keeps user records private, and how Facebook is able to access personal data beyond it’s documented reach. What does this mean?

In several videos, and in independent tests, it appears that Facebook as an application installed on your phone was granted by default (unless the user changes the settings) ability to access the phone’s microphone and the camera. Per Facebook, this is for items such as auto tagging what a user is listening to while making a post. The videos where people test this show something far more nefarious though. By placing a phone with the Facebook app installed near them, people intentionally discuss an item that they have never discussed or searched for. As an example, “taking a trip to South Africa”. Note that the Facebook app is simply installed, not running as an application. Lo and behold, the users start getting advertising for flights to South Africa, tourism trips in South Africa, etc. This is disturbing enough, but add in the actual privacy practices of Facebook….

Facebook sold private data to Cambridge Analytics, and that data was leaked. While the data in this case was not worse than say, the Equifax breach, it still shows a disregard for data privacy.

If Facebook is recording your voice conversations if you are near your phone, and is capable of selling that data that they store, could you be at risk? Client confidentiality breach? Trade secrets? Even if you didn’t intend to reveal that data to Facebook, they have it. And if they intend to keep it private, they can’t guarantee it.

Want to know what other risks you are exposing your company to? Contact us today!

So you are in the cloud?

Posted on by Leave a comment

Like most businesses, the allure of using cloud resources is a smart decision. The cloud offers different types of flexibility to manage your business appropriately. Maybe you need to have a web server and don’t want the cost, maintenance and overhead of all of the infrastructure of hosting it yourself? Or perhaps you are using the cloud as a part of a online transaction processor? Regardless of your need for cloud, there is likely something you haven’t put a lot of thought towards… How secure are THEY?

The cloud provider is a business like any other, with servers, vendors, employees, IT staff, marketing people, contractors and likely at least one out-sourced service. It is smart business sense to regularly review your cloud provider’s security. You are trusting them with your data, your reputation, and in many cases they are assuming the risk of maintaining your IT services.

In a recent study following the suspected cyber attacks on the US Democratic party following the most recent presidential election, it was determined that the vendors were the way the attackers got in. By compromising a “trusted partner” of a business, attackers can then infiltrate any business attached to them. From a cloud vendor perspective you would hope they have the strictest security posture possible; but how do you know?

Every business that uses any type of cloud service should thoroughly review the security of the cloud provider they are trusting. Want to know more?

Contact us today!

The truth about Ransomware

Posted on by Leave a comment

There are many articles in the news about Ransomware today, which is a special type of malware. Ransomware is a way for the bad guys to get your systems to lock up so you can’t access the data, and then tell you that you can have your data back only if you pay them.

But, how do they do this?

It all starts with a breach of some type. Perhaps your employee is looking at their personal email on their work computer and they click on a link to log in to their bank account (which isn’t from their bank; in fact, it is phishing). Their computer is infected. This is the foot in the door. From here, that PC will “call home” to the command and control center for the malware, and the PC will begin scanning the network from the inside looking for other hosts to infect.

Once the malware has control of many or all of the PCs, file servers, databases, email servers, web servers and every critical business function, the command and control center will allow each PC to download a special exploit that will encrypt the hard drive of every machine.

When you come in Monday morning, grab your cup of coffee, power on your PC and you are presented with a screen stating that the hackers have your data and they won’t release it unless you pay them some large amount of money in bitcoins. You put down your coffee and pick up the TUMS as you realize all employees have the same screen, and you can’t access any data that makes your business work. All of your invoices, client contacts, contracts, billing information, etc. You haven’t just lost your data, but confidential data that belongs to your clients as well.

What do you do? Do you pay?

There is evidence to suggest that paying the ransomer may NOT get your back your data. Once you pay them, they can walk away, leaving you poorer. On the other hand, they could unlock your workstations and servers, but you now know that they have access to all of the confidential data you were trying to protect.

According to this research report from MIT, Ransomware has generated over $45 Million for the bad guys. The larger the organization, the more sensitive the data, the higher the ransom.

But you are covered, right? You have cybercrime insurance? Not all insurance companies will pay. Recently, some insurance companies decided that since the ransomware was “NotPetya”, which has been linked to the Russian government’s actions, it was deemed as an “Act of war”. Other companies refuse to pay for various reasons, citing that the target business should have done more to prevent these damages.

Could you be doing more? Contact us today.

DNS Data Exfiltration

Posted on by Leave a comment

Are you aware of the potential for data to leave your organization? A company’s intellectual property is the key to profits. Whether you are a marketing company, an insurance firm, or a manufacturer, the “secret sauce” of your organization is what you are trying to keep secret. It is because of this that you have an awareness of ways that the data might leave your company unlawfully.

The first and obvious one is some type of hacker. Perhaps one or many of your machines have been infected with malware. That malware is the remote terminal for bad actors to work through your network looking for valuable data so that they can send your secrets back out and sell them. Perhaps instead you have a rogue employee, who is looking to make extra money and has taken a bribe from bad actors who will pay them a lot of money to send them your data.

The obvious avenues for this data exfiltration are avenues your have already thought about, like email, USB Drive, file sharing sites like DropBox. But most sophisticated exfiltrations are designed to go undetected. There are various ways that data can be sent out using techniques that don’t look like data is going out.

One such was is through DNS lookups. DNS queries are placed from the workstation to a DNS server in control by the bad actor. The DNS queries look like long invalid strings (because perhaps the data in encrypted), but the query itself is asking for the actual data being sent. For example, if I want to exfiltrate the Gettysburg address document, I might perform DNS queries to my own DNS server looking for “FourScoreandSevenYearsAgoOurfathers” and the next query would continue with “broughtforthonthiscontinent” and so on until I have essentially transmitted the entire document. Of course all of these queries will be denied because these aren’t addresses, but who would notice? DNS is necessary on the Internet and you expect to see DNS traffic.

Because DNS queries are quick and easy, this is becoming a more prevalent technique to move data out of the company to the network of bad actors. From the bad actor side, all I have to do is keep a log of the queries and reassemble them.

But what if I am talking about the source code to the software you develop? Or the customer data you hold? Credit card numbers? Social Security numbers? Internal documents that you don’t want your competitors to see?

Contact us to today to find out how we can help protect you and your company from threats like these.