Posts Tagged ‘attacked’

Protect yourself from CryptoLocker

Over the years the nature of computer viruses has seen a change in focus. When the earliest reported example, Creeper, first appeared back in 1971 its sole purpose was to gain access to a system and display the message ‘I’m the Creeper, catch me if you can!’. Now, with so much valuable information about us stored on our computers and web services, something far darker has emerged. Ransomware is a new class of virus / trojan horse that has begun to appear on PCs in the last few years, and it is something you should be very concerned about.

The principle of Ransomware is simple. Usually it sneaks into a system disguised as an email attachment and, if opened, then proceeds to encrypt the files on your machine. When this has completed the virus deletes itself and tells the user that their data has been taken hostage and will only be released if they pay the demanded ransom for a key. These style of attacks were first reported in Russia back in 2004, with the Gpcode trojan horse. Security analysts at Kapersky labs were able to crack the hold Gpcode had over data by exploiting mistakes the author had made in the code.

Now it’s back and this time the encryption is rock solid.

Cryptolocker

CryptoLocker is the latest Ransomware virus to strike unsuspecting users, and so far it’s proven impossible to crack. What’s more, it doesn’t just take all the data on your hard drive.

“It also searches for files on all drives,” reported Steve Gibson on the Security Now podcast, “and in all folders it can access from your computer: including workgroup files shared by colleagues, resources on company servers, and more. Anything within its reach it encrypts…so if you have hot online backups they’re victims of this. Essentially the more privileged your account is, the worse the overall damage will be.”

When all of this is completed, Cryptolocker puts up its money demand page, complete with options of payment (Bitcoins or MoneyPak), usually for around three hundred Euros. There’s also a badly worded message telling you that your files have been encrypted and that any attempt to remove the software will destroy the only key that could possibly decrypt it. In a James Bond-style moment of drama the authors place a countdown clock, normally set for 72 hours, which immediately begins to tick down to the moment your data will be destroyed forever. Photos, videos, documents, music, pretty much anything at all that is on your hard drive, all gone.

The structure of the virus is such that it’s not actually possible to create a key for the encryption, because the data needed to do so is held only by the originators of the virus.

“The RSA encryption algorithm uses two keys: a public key and a private key.” explains Kapersky lab expert VitalyK on the Securelist website.  “Messages can be encrypted using the public key, but can only be decrypted using the private key. And this is how Gpcode works: it encrypts files on victim machines using the public key which is coded into its body. Once encrypted, files can only be decrypted by someone who has the private key – in this case, the author or the owner of the malicious program.”

The removal of the virus itself is of little use to the victim, and shutting down the server that holds the key will only result in the loss of the decryption tool, plus this is difficult because the servers switch location on a weekly basis. So most people who suffer a CryptoLocker attack are given the simple advice of either paying the ransom or losing the data, but like in any hostage situation you can never guarantee that the criminals will honour their terms.

Such is the increase of the CryptoLocker attacks in the UK that the National Crime Agency released a statement from its Cyber Crime unit in which it warned:

“The emails may be sent out to tens of millions of UK customers, but appear to be targeting small and medium businesses in particular. This spamming event is assessed as a significant risk.”

The complexity and sophistication of a program such as Cryptolocker is in itself an unsettling precedent. It suggests more than a simple bedroom hacker with impressive coding skills and little conscience, but instead has traces of the fast growing underworld of professional cyber criminals.

“Something of this size…is a well organised group.” says Stephen Doherty, Senior Threat Intelligence Analyst at Symantec. “There’d be dedicated segments to this, because its such a large and focussed operation. The distribution of Cryptolocker in recent weeks is as high, or higher, than most trojans you’d see out in the wild.”

The need for resources to actually run the scam is also a clue to size of the proponents.

“There’s a lot of stages to this,” Stephen continues, “to infect so many machines on an ongoing basis, and try to process all the money in the background. You’d want a well organised team behind you.”

How to protect yourself from a Cryptolocker attack

The rise of the interconnected digital world has brought with it problems that previously existed in the physical realms. From chancers who play on the innocence of victims, up to serious organised crime that has money, skills, cruel intentions and the willingness to use them on the unsuspecting public.

Take solace though, that we do have ways to protect ourselves from these evil spectres of the web.

The first, and most obvious, is to regularly run full backups of your valuable data and then remove the drive from your computer, preferably storing it off-site. See also: How to back up your PC and laptop

Another is to create several online backups via free services such as Dropbox, Google Drive, Skydrive, etc., which usually offer versioning – and thus a way to roll back to older versions of your files.

The most important though is to never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting at the time, but the results could be utterly catastrophic.

This article appeared on PC Advisor

Irish Web Design – Protect yourself from CryptoLocker

ireland website security

Solutions for Website Security

Irish Web Design are please to announce that they have created a series of packages to provide a high level of security to small to medium business websites.

The packages are designed especially for WordPress based information, blog, news and e-commerce on-line shop websites.

 

barbed wire pattern

 

Irish Web Design described the packages as consisting of the three S’s: Scan, Secure Survey.

The website security measures involve scanning the websites for issues, securing the site and finally setting up a surveillance system to monitor the website in the longer term.

It is estimated that hundreds of thousands of websites around the globe that are running the WordPress software have been infected by malicious software.

Some of the software infects the computers of visitors, who may find a realistic looking ‘Anti Virus Scanner’ pop up on their computer.

The owner is informed that his machine is infected and this software will remove the threats and provide on-going security.

This ‘peace of mind’ only costs a very modest amount, typically $10 to $20.

This is a scam, the programme is not real.

What the criminals who are behind the scam want are your credit or debit card details.

They may wait a long time before they use the information gained to empty your account of funds.

There are many variation on these scams, including straightforward blackmail: you want your site back, you will pay.

Irish Web Design have researched the issue and designed a solution to ensure that website owners can sleep at night.

While there can never be an absolute guarantee as situations can change very rapidly the system is designed to provide alerts to any suspicious activity.

Contact Irish Web Design if you want your website audited and secured.

 

 

 

 

 

 

Solutions for Website Security

bank of america signs

Little and Large Websites Attacked

Little and Large Websites Attacked

The coordinated attacks used to knock a large number of websites offline grew became more powerful in the past months. According to the American company Prolexic who run the world’s largest and most trusted distributed denial of service (DDoS) protection & mitigation service, there has been an eight-fold increase in the average amount of junk traffic used to take sites down.

bank-of-america logo

Chase Bank Logo

citi bank logo

wells fargo logo

Attackers have moved on from just using compromised PCs in homes and small offices to flood websites with vast volumes of traffic, and are now using Web servers, which have vastly more more bandwidth available.

The recent ongoing attack on servers running the WordPress blogging application is constantly seeking new computing power that can be harnessed to form vastly bigger botnets.

Prolexic reported that well-financed attackers  are increasingly able to coordinate with fellow crime organizations in the large-scale assaults.

These types of attacks appear to be here to stay and can only be achieved by having access to significant resources  including manpower, technical skills and an organised chain of command.

The most prominent targets of the attacks have been the America’s largest banks, including Bank of America, Wells Fargo Bank, Chase Bank which at times have become completely unreachable following the flood of traffic.

Prolexic believes these attacks are not individual youngsters flexing their muscles, because the efforts involved in the harvesting of hosts, coordination, schedules,  specifics and the sheer military precision of the attacks suggests the presence of experienced criminals that recruit ‘digital mercenary groups’ to do their work for them.

San Francisco-based CloudFlare’s network was recently bombarded by data sent by more than 80,000 servers across the Internet that all appeared to be running WordPress.

Attackers will enter a legitimate user name along with passwords that are known to be invalid, which, when repeated millions of times overwhelms the servers as they perform database lookups and then report the authentication failure which the system struggles to record it in the internal logs.

The vast increase in applications such as WordPress and Joomla  could become to this decade what the early versions of Microsoft’s Windows XP were to the previous decade. In the 2000s it was easy to compromise desktop PCs and turn them into spam-sending engines or botnets to perform various nefarious acts.

Nowadays using a server that is at least ten times as powerful as a desktop computer can do a great deal more damage.

Recent Irish websites that have been attacked include the websites for the Department of Justice and the website of the Department of Finance.

Little and Large Websites Attacked

Irish Web Design

living social logo

Living Social Website Compromised

The mighty Living Social website is the latest to be hacked, attacked or as they put it “experienced a security breach”.

livingsocial logo living social

Irish Web Design have carried out a series of actions to protect all the websites they have designed and currently manage.

Irish Web Design is currently considering the best course of action to take to keep all the websites in their care safe in the future.

We will be posting the results here and will also send the  details directly to our clients.

If you are not currently a client we are happy to keep you informed if you send us a message from the Contact page of this website.

In the meantime this is the content of the message subscribers received from Living Social earlier on.

IMPORTANT INFORMATION

LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.

The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.

For your security, please create a new password for your account by following the instructions below.

  1. Visit https://www.livingsocial.com
  2. Click on the “Create New Password” button (top right corner of the homepage)
  3. Follow the steps to finish

We also encourage you, for your own personal data security, to consider changing password(s) on any other sites where you use the same or similar password(s).

The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.

Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.

We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.

Sincerely,
Tim O’Shaughnessy, CEO

 

Living Social Website Compromised

wordpress attacked circular 3d logo

Protect Your WordPress Website

One of the most popular content management systems in use on modern websites is WordPress, found on more than 60 million websites around the world.

WordPress has been in the news recently as the subject of a large-scale attack from a huge number of computers from across the internet.  This automated botnet attack was attempting to take over servers that run WordPress websites.

Many experts believe that this current attack is a relatively small scale version of a botnet that will infect computers in the future. The next attack may be vastly stronger and more destructive than what we have seen recently.

Running on the servers that have bandwidth connections that are hundreds or even thousands of times faster than machines in homes and small businesses.

The enormous popularity of WordPress shows its vulnerability in a situation like this, as a result of it’s ease of use is weak security by users.

This typically means that users continue to use the word ‘admin’ as a user name, as this is the default administration account that’s created when you first install WordPress.

Weak passwords may be guessed by the ‘brute force’ attack of a botnet, able to try vast numbers of password combinations in a short space of  time.

For the moment every WordPress user should disabled the default ‘admin’ account in their installation,  and replace it with something else. This may take you out of the immediate danger from the current the attackers.

To create a strong password you need to use at least ten characters with a combination of upper and lower case letters along with some numbers and even some extended characters

The recent attack serves as a reminder to everyone that that security for your WordPress blog or website is something you do need to continue to work on.

What follows is Irish Web Design’s advice on what can you do to make your site more secure. These actions will help to deter such attacks in the future.

Update to the latest WordPress (currently version 3.5.1)

If there is an administrative user called ‘admin’.

Create a new account with a different name, unconnected with the name of your website. Give it administrative privileges.
Give it a strong password you have never used before.
Write these details down in at least two different places.
Sign out of the account.
Sign in as the new user.
Delete the old ‘admin’ user account.
During this procedure, you’ll be asked by  what account should you assign posts to created by ‘admin’ to.
Choose the new account name you just created.

You should also enable ‘two-step verification’ for each user in your WordPress account. As this is a more complex process with additional implications we will carry an article on the subject in the near future.

Irish Web Design would also recommend changing all passwords connected with access to the site, server and database on a regular basis.

As a matter of course Irish Web Design also recommend that all users should install a number of security programmes on all WordPress websites to prevent them being hacked.

In our view, if you adhere to minimum standards of security for your WordPress site it will give you a good level of security and will make it more difficult to hack into your site.

Don’t let the spammers, hackers or botnets destroy your presence on the web. Your site or blog can be secure with a little thought and effort.

Title of article: Protect Your WordPress Website published by Irish Web Design

Visit Us On TwitterVisit Us On FacebookCheck Our Feed