Contact Us

 1300 377 172

   08 7078 0313

 Location

286 Glen Osmond Road

Fullarton SA 5063

Australia

Managed Services

14
April
2016

Digital Security Update - April 2016

Ransomware everywhere

TeslaCrypt 4.0 More Advanced

Ransomware, ransomware, ransomware...

Ransomware takes centre stage again this month as one Cybercrime monitoring group warns the Ransomware epidemic could become the ‘largest crime wave in modern history.’ Source

The Ransomware model only works if individuals or businesses don’t have backups of their data. If everyone had effective backups, no-one would have to pay ransoms and the Ransomware business would not exist. DNG Technology offers a simple, secure and cost effective Cloud backup service. Take a look at DNG StoreSafe.

Categories: Managed Services

10
March
2016

Digital Security Update - March 2016 UPDATED

Locky Special Edition (updated 15th March)

Digital Security Update - March 2016 UPDATED

Locky on the Rampage...

No, this isn't a post about a monster of the deep in Scotland, although that would be pretty exciting.  This is far more sinister.

It's being widely reported across IT security sites that the latest Ransomware out of Russia is highly active, with around 3 million incidents already reported and no sign of it slowing down.  At present, Australia hasn't been specifically targeted but it's only a matter of time before this happens.

(UPDATE: 15-03-16. Locky is now being distrubuted in Australia. It's attached to a faked email from Australia Post. Do not open any attachment in emails from Australia Post. Australia Post have stated they will never send an email asking the recipient to open attachments.)

Categories: Managed Services

01
March
2016

Digital Security Update - February 2016

Recent Malware & Security Issues

Digital Security Update - February 2016

Well, it’s been a few weeks since our last malware and security roundup and there’s been plenty of action in that time. 

Before beginning, we should explain a few of the terms used in this post.

Exploit Kit: Software that probes a computer or system to see if it is vulnerable to any of the known or published vulnerabilities in applications or operating system files. Software vulnerabilities are documented in a number of locations, arguably the most complete and up to date is the CVE List (Common Vulnerabilities and Exposures).  Hackers trawl this database of security issues to locate serious issues that could allow them to access a machine or inject malicious applications onto a machine.  They target the most commonly installed applications, for example Internet Explorer or Flash Player. This technique works well as the hackers know many people don’t keep their software up to date and there will be un-patched machines they can attack.  Even those without the skills to write their own exploits can acquire kits from the authors and make use of them in their own malware campaigns.  As an example, here’s a link to vulnerabilities for Flash Player https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=flash+player

Drive-by Download: This occurs when someone visits a website that has been compromised and infected with an exploit kit. Once the user loads the webpage, the exploit kit begins scanning for vulnerabilities and if it finds any, will attempt to inject some malicious code to either allow the cyber-criminal access to the machine, install a virus or malware, or turn the machine into a mail zombie.  This process can take less than a second.

Spear Phishing:  So you are now saying to yourself, I’m not foolish enough to go visiting strange websites that might expose me to these kinds of risks… The perpetrators of these schemes are becoming more sophisticated and instead of generic “Click this link to claim your prize” emails, they use Social Media and other methods to discover information about each targeted victim.  Bait emails may contain your name, company names you may have dealt with, possibly even the correct logos and details about recent online transactions (you may have mentioned in Facebook posts/Twitter Tweets etc).  So rather than cast a wide net, the phishing is now individualised (aka the spear!).

You can see how these three work together to create an effective infection campaign.

Here’s some recent significant issues…

Microsoft Silverlight

Jan 2016 – A critical vulnerability that allowed remote code execution (which means the attacker would be able to infect your machine with his own code). This was fixed in a January patch release from Microsoft.  If you haven’t updated Silverlight recently, do it now.

Facebook Phishing

Jan 2016 - Cyber-crims have been targeting Facebook users with phishing emails claiming there is an audible message waiting for them. The zip file attached to the email contains an executable file which, when opened, replicates itself onto the C: drive, places an entry in the auto-run and registry startup to spread the malware.  The Trojan collects personal information such as usernames, passwords and bank or credit card information and sends them to the criminals.

Xbot Trojan for Android

Feb 2016 - This Trojan can be obtained through 3rd party application sites and attempts to steal financial data by producing fake login pages for various banking apps and also mimicking Google Plays payment page.  It can also intercept and steal SMS message contents and contact details. Finally, it’s able to lock and encrypt a user’s files on external SD card storage.  The lesson here is to only use the official Google Play app store.

Your Cloud storage isn’t as safe as you think

ransomware network share 320w

Feb 2016 – New ransomware known as Locky has been distributed using Word Docs attached to emails.  Opening the document executes a Word macro which downloads the Locky ransomware which then proceeds to encrypt your files. 

If you use a Cloud storage solution such as OneDrive, Google Drive or any of the multitude that provide autonomous file syncing between your machine and the Cloud, your ‘backup’ copy will not be safe in the event of a ransomware infection.  As your local copy of the files is encrypted, the syncing service from these Cloud storage vendors will happily re-sync the new encrypted copy of the files to your Cloud storage account, making that copy as useless as your local copy.  If you’ve ‘shared’ files with other users, their machines will also sync with the encrypted copy, leaving you with the option of paying a ransom or abandoning the data. While we are on the subject of ransomware, later generations of this malware are able to encrypt pretty much any file your machine can access, even network shares that don’t have drive letters assigned to them.

The only way to ensure a usable backup of your data is to store it somewhere you can’t access through your computers file system. I.e if you can navigate to it (or a sync-able copy of it) using File Explorer, then it’s not safe.  Check our StoreSafe backup solution for as safe option.

 ransomware family growth

Categories: Managed Services

15
October
2015

Digital Security Update - 15 October 2015

DNG Technology | success through innovation

Digital Security Update - 15 October 2015

Do you want to see our regular updates? Follow our DNG Technology LinkedIn page and you will receive regular notifications.

 

Windows

8/10/15 New 'Moker' malware can alter security measures
http://www.scmagazine.com/new-moker-malware-can-alter-security-measures/article/443729/

Android

7/10/15 'Kemoge' adware infects users in more than 20 countries
http://www.scmagazine.com/fireeye-identifies-new-adware-family/article/443726/?DCMP=EMC-SCUS_Newswire&spMailingID=12618500&spUserID=MTg0Mjg1ODQxMzg0S0&spJobID=640536874&spReportId=NjQwNTM2ODc0S0

WordPress

2/10/15 Stored XSS vulnerability identified in Jetpack plugin for WordPress
http://www.scmagazine.com/stored-xss-vulnerability-identified-in-jetpack-plugin-for-wordpress/article/442865/?DCMP=EMC-SCUS_Newswire&spMailingID=12582465&spUserID=MTg0Mjg1ODQxMzg0S0&spJobID=640316998&spReportId=NjQwMzE2OTk4S0

1/10/15 WordPress malware, VisitorTracker, getting stronger
http://www.scmagazine.com/update-wordpress-malware-visitortracker-getting-stronger/article/442551/?DCMP=EMC-SCUS_Newswire&spMailingID=12564424&spUserID=MTg0Mjg1ODQxMzg0S0&spJobID=640126917&spReportId=NjQwMTI2OTE3S0

LinkedIn Scam

7/10/15 Fake LinkedIn profiles, 'convincing' network linked to Iran-based group
http://www.scmagazine.com/iran-threat-group-that-created-fake-linkedin-personas-likely-intent-on-cyberespionage/article/443718/?DCMP=EMC-SCUS_Newswire&spMailingID=12618500&spUserID=MTg0Mjg1ODQxMzg0S0&spJobID=640536874&spReportId=NjQwNTM2ODc0S0

Cyber Insurance

Into the spotlight: Cyber Insurance
http://www.scmagazine.com/into-the-spotlight-cyberinsurance/article/443158/?DCMP=EMC-SCUS_Newswire&spMailingID=12593992&spUserID=MTg0Mjg1ODQxMzg0S0&spJobID=640386090&spReportId=NjQwMzg2MDkwS0

 

AB Terrace: DNG Technology's Insurance partner, providing cover against Cyber Crime
http://www.abterrace.com.au

 

Categories: Managed Services

20
May
2015

Cloud is the New "Normal"

Why Amazon says your business is destined for the cloud.

 

Working in the cloud is an inevitable outcome for your small business, according to Mike Clayville, vice president of worldwide commercial sales and business development at Amazon Web Services (AWS).

At this morning’s AWS Summit in Sydney, Clayville reflected on last year’s summit, where he used his keynote to tell the audience cloud was not a question of ‘if’ for Australian business, but a question of ‘how’.

“[Twelve months ago] it quit being if I should go to the cloud, to how do I get to the cloud?” Clayville told the audience of more than 3000 people.

Twelve months later, Clayville says the business world’s interest in the cloud has evolved even further.

“It’s no longer a question how do we move our workload to the cloud, it’s about asking really big questions,” he says. “We’re now asking how do I get completely out of the data centre? How do we move all of our workloads into cloud?”

Categories: Managed Services

DNG Technology

286 Glen Osmond Road
Fullarton SA 5063

Phone: +61 1300 377 172

Fax: +61 8 7078 0313

info@dngtech.com.au

Register for the DNG Newsletter