fbpx
Security, Monitoring, Access Control, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Election

Election Official Highlights Email Threat

US Election Security Official Highlights Email Threat

SANTA FE, N.M. (AP) — Beware the phishing attempts.

An election security official with the U.S. Department of Homeland Security on Tuesday warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers.

The emails appear as if they come from a legitimate source and contain links that, if clicked, can open up election data systems to manipulation or attacks.

Geoff Hale, director of the department’s Election Security Initiative, told a gathering of secretaries of state that the nation’s decentralized voting systems remain especially vulnerable to emails that can trick unsuspecting workers into providing access to elections databases.

“We know that phishing is how a significant number of state and local government networks become exploited,” Hale told scores of secretaries of state gathered in the New Mexico capital city. “Understanding your organization’s susceptibility to phishing is one of the biggest things you can do.”

Email phishing schemes haunted the electoral landscape in 2016. Hillary Clinton’s 2016 campaign chairman, John Podesta, fell for trick emails on his personal account, allowing Russians to steal thousands of messages about the inner workings of the campaign. Targeted phishing emails also allowed Russians to gain access to the Democratic Congressional Campaign Committee’s networks and eventually exploited that to gain entry to the Democratic National Committee.

In the run-up to the 2020 vote, Iowa Secretary of State Paul Pate, a Republican, is calling phishing the No. 1 concern when it comes to securing election-related computer systems in his state.

Iowa’s 100 county political subdivisions make the threat especially challenging. He said his fear is that phishing emails may target overlooked public employees who don’t have adequate training.

“If they get into the courthouse, they can then get into the county auditor, which is our elections folks — and that’s not a good thing,” Pate said.

Pate’s agency is fighting back with two-factor identification requirements for anyone accessing state voter systems, and mandatory annual cyber-security training sessions.

Phishing threats lay bare the difficulties of guarding election systems across large rural expanses. New Mexico Democratic Secretary of State Maggie Toulouse Oliver says new federal funding is needed to bolster cyber security in counties that are too small to hire information technology specialists. There are seven counties in the state with fewer than 5,000 residents; Harding County is home to about 700.

State election chiefs gathered in Santa Fe for the first time since the release of special counsel Robert Mueller’s report documenting Russian meddling in the 2016 election.

California’s Secretary of State Alex Padilla said he, too, is concerned about so-called soft cybersecurity threats, beyond voting equipment or software, such as predatory phishing for security weaknesses among election workers.

“You can read the Mueller report on what the most effective strategies were that the Russians engaged in, and most cyber experts will tell you that it’s still phishing attempts that are rampant,” he said.

Article Provided By: SFGate

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

Security, Access Control, Monitoring, Networking, Liquid Video Technologies, Greenville South Carolina, Data Breach

3 U.S. Universities Disclose Data Breach

Three U.S. Universities Disclose Data Breaches Over Two-Day Span

Three U.S. universities have disclosed data breach incidents impacting personally identifiable information of students or employees following unauthorized access to some of their employees’ email accounts.

All three universities — Graceland University, Oregon State University, and Missouri Southern State University — have notified the individuals whose personal information was potentially stolen or accessed about the security incidents.

In addition, no evidence has been found of the impacted personal information being stolen or used in a malicious manner while investigating the disclosed data privacy incidents involving all three universities.

Graceland University says in a notice of data breach published on June 14 that an “unauthorized user gained access to the email accounts of current employees,” on March 29, 2019, as well as “from April 1-30 and April 12-May 1, 2019, respectively.”

As the university discovered during the breach investigation, “the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access.”

The information that could have been accessed during the incident contained:

• full name
• social security number
• date of birth
• address
• telephone number
• email address
• parents/children
• salary information
• financial aid information for enrollment or possible enrollment at Graceland

Oregon State University (OSU) states in a press release that “636 student records and family records of students containing personally identifiable information were potentially affected by a data privacy incident that occurred in early May.”

OSU says that a joint investigation carried out with the help of forensics specialists found that an employee’s hacked email account containing documents with the info of the 636 students and their family members was also used by the attackers to “send phishing e-mails across the nation.”

As detailed by Steve Clark, OSU’s VP for university relations and marketing:

OSU is continuing to investigate this matter and determine whether the cyber attacker viewed or copied these documents with personal information.

According to Clark, the university is also reviewing the protection systems and procedures used to shield OSU’s e-mail accounts and information systems.

Missouri Southern State University (MSSU), the third entity which reported a breach, states in a notice of data breach sent to the Office of the Vermont Attorney General that it was alerted of a possible cyber attack triggered by a phishing email on January 9.

The phishing attack made several victims among the university’s employees which prompted a law enforcement notification. The university officials were told afterward to delay notification of affected individuals until investigations are complete.

MSSU also hired a leading forensic investigation firm to look into the security incident and to “block potential email exploitation, including a mass password reset of all employee Office 365 accounts.”

After analyzing the contents of the impacted Office 365 accounts, MSSU found that the emails contained within stored “first and last names, dates of birth, home addresses, email addresses, telephone numbers, and social security numbers.”

As further explained in the data breach notification send to the Vermont Attorney General by MSSU:

In late March, April, and early May, the University identified emails containing personal information that may have been compromised by the attack. In mid-May, the University confirmed that your first and last name and social security number were contained in the impacted accounts.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Computer Networking, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Banking Apps

US Mobile Banking Apps Have Security Flaws

Most US mobile banking apps have security and privacy flaws, researchers say

You might figure the biggest U.S. banks would have some of the most secure mobile apps. Spoiler alert: not so much.

New findings from security firm Zimperium, shared exclusively with TechCrunch, say most of the top banking apps have security flaws that put user data at risk. The security firm, which has a commercial stake in the mobile security business, downloaded the banks’ iOS and Android apps and scanned for security and privacy issues, like data leaks, which put private user data and communications at risk.

The researchers found most of the apps had issues, like failing to adhere to best coding practices and using old open-source libraries that are infrequently updated.

Some of the apps were using open-source code from GitHub from more than three years ago, said Scott King, Zimperium’s director of embedded security.

Worse, more than half of the banking apps are sharing customer data with at least one advertiser, the researchers said.

An unnamed iOS banking app with an 86/100 risk score (Image: Zimperium)

Banks Apps

Two unnamed Android banking apps each with an 82/100 risk score (Image: Zimperium)

The researchers, who didn’t name the banks, said one of the worst offending iOS apps scored 86 out of 100 on the risk scale for several privacy lapses, including communicating over an unencrypted HTTP connection. The same app was vulnerable to two known remote bugs dating back to 2015. The researchers said the risk scores for the banks’ corresponding Android apps were far higher. Two of the apps were rated with a risk score of 82 out of 100. Both of the apps were storing data in an insecure way, which third-party apps could access and recover sensitive data on a rooted device, said King.

One of the Android apps wasn’t properly validating HTTPS certificates, making it possible for an attacker to perform a man-in-the-middle attack. Several of the iOS and Android apps were capable of taking screenshots of the app’s display, increasing the risk of data leaking.

Zimperium said two-thirds of the Android banking apps are targeted by several malware campaigns, such as BankBot, which tricks users into downloading fake apps from Google Play and waits until the victim signs in to a banking app on their phone. Using an overlay screen, the malware campaigns steal logins and passwords.

The security firm called on banking apps to do more to bolster their apps’ security.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Networking, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Android

Android Users Plagued By Pop-Ups

440 Million Android Users Plagued By Extremely Obnoxious Pop-Ups

The mobile ad plugin, found in hundreds of Google Play apps, uses well-honed techniques from malware development to hide itself.

Over 440 million Android phones have been exposed to an obnoxious advertising plugin hidden within hundreds of popular applications available via Google Play, which ultimately can render phones almost unusable.

Lookout Research discovered the plugin being bundled with 238 unique applications that have racked up millions of downloads between them – all from one company in China, CooTek. Dubbed BeiTaPlugin, the ad module forcibly displays ads on the user’s lock screen, triggers video and audio advertisements (even while the phone is asleep) and displays out-of-app ads in other areas too.

“Users have reported being unable to answer calls or interact with other apps, due to the persistent and pervasive nature of the ads displayed,” Lookout said in a posting on Tuesday.

Developers of free mobile apps turn to advertising plugins to monetize their wares. These automatically fetch ads at specified times to display, usually within the context of the application itself. For instance, when a player completes a level in a mobile game, he usually has to suffer through a 30-second ad before being able to go onto the next challenge.

However, out-of-app ads skirt the line between legitimate business modeling and obtrusive scamminess by pushing pop-up ads to users when they’re doing other things. The offending app could push an ad to the notification area of the phone, or present a pop-up anywhere, anytime – and the unfortunate part is that the user wouldn’t know which app is the one being obnoxious.

Users in the on an Android forum discussion were monitoring their devices and came to this conclusion:

BeiTaPlugin takes this dodgy practice to an entirely new level, according to Lookout, by employing obfuscation techniques normally reserved for standard malware in order to hide from utilities that block or detect out-of-app ad plugins.

For instance, it takes a little sleep before swinging into action. “These ads do not immediately bombard the user once the offending application is installed, but become visible at least 24 hours after the application is launched,” the researchers said. “For example, obtrusive ads did not present themselves until two weeks after the application ‘Smart Scan’ had been launched on a Lookout test device.”

The BeiTaPlugin also hides its true nature by appending fake file names and suffixes to its components. It names itself “icon-icomoon-gemini.renc” in the system files – purporting to be a legitimate application called Icomoon, which is an application that provides vector icon packs for designer and developer use. One of those icon packs is named Gemini.

“Malware authors commonly employ this technique of renaming executable files to other file types (pdf, jpg, txt) to hide malicious assets in plain sight,” researchers said. “In both cases, the .rec or .renc filetype suffix is intentionally misleading; the file is actually .dex (Dalvik Executable) file type that contains executable code rather than an innocuous .renc file.”

The package is also encrypted, and the AES encryption key is obfuscated through a series of connected methods and finally called for use by a package named “Hades SDK.”

“Increased encryption and obfuscation techniques are applied to hide the plugin’s existence,” explained Lookout researchers. “All strings related to plugin activity are XOR-encrypted and Base64-encoded, courtesy of a third-party library called StringFog. Each class that facilitates the loading of the plugin is encrypted with its own separate key.”

BeiTaPlugin was bundled a popular keyboard app, TouchPal, as well as numerous add-ons to the TouchPal keyboard, and several popular health and fitness apps, according to Lookout. Lookout reported the malicious functionality to Google, and the adware has now been removed from all the affected apps on the Play store – although users with the apps already installed are still likely affected.

Google Play and other app stores are cracking down on the use of out-of-app advertising, so it’s likely that the BeiTaPlugin saga is a sign of things to come, researchers noted.

“This BeiTaPlugin family provides insight into future development of mobile adware,” Lookout said. “As official app stores continue to increase restrictions on out-of-app advertisements, we are likely to see other developers employ similar techniques to avoid detection.”

Article Provided By: threatpost

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Monitoring, Access Control, Computer Networking, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Security Protections

Apple Security Protections Are Bypassed

Apple MacOS Security Protections Can Easily Bypassed with ‘Synthetic’ Clicks, Researcher Finds

A security researcher has disclosed a new flaw that undermines a core macOS security feature designed to prevent apps — or malware — from accessing a user’s private data, webcam or microphone without their explicit permission.

The privacy protections, recently expanded in macOS Mojave, were meant to make it more difficult for malicious apps to get access to a user’s private information — like their contacts, calendar, location and messages — unless the user clicks ‘allow’ on a popup box. The protections are also meant to prevent apps from switching on a Mac’s webcam and microphone without consent. Apple’s Craig Federighi touted the security features as “one of the reasons people choose Apple” at last year’s WWDC developer conference.

But the protections weren’t very good. Those ‘allow’ boxes can be subverted with a maliciously manufactured click.

It was previously possible to create artificial or “synthetic” clicks by using macOS’ in-built automation feature AppleScript, or by using mouse keys, which let users — and malware — control the mouse cursor using the numeric pad on the keyboard. After fixing these bugs in previous macOS versions, Apple’s current defense is to block all synthetic clicks, requiring the user to physically click on a button.

But Patrick Wardle, a former NSA hacker who’s now chief research officer at Digita Security, said he’s found another way to bypass these protections with relative ease.

Wardle, who revealed the zero-day flaw at his conference Objective By The Sea in Monaco on Sunday, said the bug stems from an undocumented whitelist of approved macOS apps that are allowed to create synthetic clicks to prevent them from breaking.

Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.

“The only thing Apple is doing is validating that the application is signed by who they think it is,” he said. Because macOS wasn’t checking to see if the application had been modified or manipulated, a manipulated version of a whitelisted app could be exploited to trigger a synthetic click.

One of those approved apps is VLC, a popular and highly customizable open-source video player that allows plugins and other extensions. Wardle said it was possible to use VLC as a delivery vehicle for a malicious plugin to create a synthetic click on a consent prompt without the user’s permission.

“For VLC, I just dropped in a new plugin, VLC loads it, and because VLC loads plugins, my malicious plugin can generate a synthetic click — which is fully allowed because the system sees its VLC but doesn’t validate that the bundle to make sure it hasn’t been tampered with,” he explained

“And so my synthetic events is able to click and access the users location, webcam, microphone,” he said.

Wardle describe the vulnerability as a “second stage” attack because the bug already requires an attacker — or malware — to have access to the computer. But it’s exactly these kinds of situations where malware on a computer tries to click through on a consent box that Apple is trying to prevent, Wardle said.

He said he informed Apple of the bug last week but the tech giant has yet to release a patch. “This isn’t a remote attack so I don’t think this puts a large number of Mac users immediately at risk,” he said.

An Apple spokesperson did not return a request for comment.

It’s not the first time Wardle has warned Apple of a bug with synthetic clicks. He reported related bugs in 20152017 and 2018. He said it was “clear” that Apple doesn’t take these bugs seriously.

“In this case, literally no-one looked at this code from a security point of view,” he said.

“We have this undocumented whitelisting feature that is paramount to all these new privacy and security features, because if you can generate synthetic events you can generically thwart them of them trivially,” he said.

“It’s important to get this right,” he said.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Monitoring, Access Control, Networking, Computer Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Gmail

Google is using Gmail to Track Purchases

Google is using Your Gmail Account to Track Your Purchases

Do you think your email on Gmail is private? If so, you may want to think again, as your Gmail messages are being scanned by Google for purchases, which are then displayed in your Google account.

This week, a user posted on Reddit about how they discovered that their Google Account’s Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay.

When I saw this, I checked my Google Account Purchases page, located at https://myaccount.google.com/purchases, and saw that it too contained the purchases I made from online services such as Dominos, Steam, 1-800-Flowers.com, Amazon, Adidas, and more.  Like the Reddit user, I do not use Google Pay.

Purchases Page
Purchases Page

The general consensus was that Gmail was analyzing incoming emails for purchase receipts and then extracting that information.

When BleepingComputer contacted Google about this, they confirmed the information was coming from Gmail messages. They also stated that this was being done to help their users find their data and that they do not use any information stored in your emails, including your purchases, to serve you ads.

“To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you. You can delete this information at any time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page. We’re always working to help people understand and manage their data.”

While they may not be using this information to serve you ads, are they using it for something else? Google has not given us a definitive answer on this question.

Deleting purchase data is a pain

While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so.

Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page.

Remove Purchase

With my Purchases having data going as far back as 2013 and showing approximately 300 purchases, it would be a big pain to manually delete each and every one.  Even worse, another account that I use for most of my purchasing has thousands of orders, which would take forever to clean up.

When searching for a way to stop Google from pulling purchases out of my Gmail emails, I could not find a setting that would allow me to do so.

CNBC who also covered this story this week, was also unable to find a setting that stopped Gmail from scanning emails and extracting purchase information.

G Suite customers appear to be spared

I use different email accounts depending on the particular purpose and one of these email accounts is through Google’s G Suite service.

When I checked the Purchases page for my G Suite account, I noticed that the page was empty even though it is commonly used to make online purchases. I also asked another person who uses G Suite and they too confirmed their page was empty.

While two people is not a large sample by any means, it could indicate that this data extraction is not occurring for G Suite accounts. I also could not find any settings in the G Suite Admin console that allows me configure these settings.

We have already asked Google if G Suite is excluded from this data extraction, but have not heard back as of yet.

Article Provided By: bleepingcomputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Computer Networking, Access Control, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Windows 10

Windows 10 Apps Hit by Malicious Ads

Windows 10 Apps Hit by Malicious Ads that Blockers Won’t Stop

Windows 10 users in Germany are reporting that while using their computer, their default browser would suddenly open to malicious and scam advertisements. These advertisements are being shown by malvertising campaigns on the Microsoft Advertising network that are being displayed in ad supported apps.

As a way to monetize free apps, Microsoft offers Windows 10 app developers the ability to use their Microsoft Advertising SDK to display ads in their apps.  For example. Microsoft News and Microsoft Jigsaw utilize Microsoft Advertising to display ads.

German Ads in Microsoft News and Microsoft Jigsaw
German Ads in Microsoft News and Microsoft Jigsaw

Over the weekend, there were numerous reports of Windows 10 users in Germany having their browser open suddenly to sites pushing tech support scams, sweepstakes, surveys, and win a prize wheels. These advertisements would open suddenly while they were using apps like Microsoft News, Microsoft Jigsaw, and other Microsoft Advertising supported apps.

For example, the advertisement below was shown to one user and pretends to be a system scan stating that the computer is infected. If a user goes through the screens, the scam page will ultimately prompt them to download an unwanted system cleaner program.

Tech Support Scam shown by malvertising campaign
Tech Support Scam shown by malvertising campaign

These ads are being caused by scammers purchasing ad campaigns in the Microsoft Advertising network that use JavaScript to automatically launch scam sites in a new window. As these advertisements are being shown in an ad-supported app, Windows 10 will instead launch the new page in the default browser.

Just like a similar malvertising campaign that targeted French users of Microsoft apps in April, this German campaign appears to only be targeting users on residential IP addresses. For example, if you use a VPN to gain access to a German IP address, the malvertising ads will not show.

Ad blockers will not help

As these ads are being displayed because of ad-supported apps,  any ad blockers you have installed in your browsers will not prevent the pages from loading.

This is because the scripts that are normally blocked by ad blockers are being executed in the app and Windows 10 is just launching a web page in your browser.

Instead users will have to rely on security software or built-in browser filtering services such as SmartScreen and Safe Browsing to block known malicious web sites.

ESET blocking a malicious web site
ESET blocking a malicious web site

Another option is to install a HOSTS file that blocks all connections to known advertising networks and malicious sites.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Monitoring, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Cybercrime

Cybercrime Groups Flourish on Facebook

You might be surprised what you can buy on Facebook, if you know where to look. Researchers with Cisco’s Talos security research team have uncovered a wave of Facebook groups dedicated to making money from a variety of illicit and otherwise sketchy online behaviors, including phishing schemes, trading hacked credentials and spamming. The 74 groups researchers detected boasted a cumulative 385,000 members.

Remarkably, the groups weren’t even really trying to conceal their activities. For example, Talos found posts openly selling credit card numbers with three-digit CVV codes, some with accompanying photos of the card’s owner. According to the research group:

The majority of these groups use fairly obvious group names, including “Spam Professional,” “Spammer & Hacker Professional,” and “Facebook hack (Phishing).” Despite the fairly obvious names, some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members.

Beyond the sale of stolen credentials, Talos documented users selling shell accounts for governments and organizations, promoting their expertise in moving large sums of money and offering to create fake passports and other identifying documents.

The new research isn’t the first time that Facebook users have been busted for dealing in cybercrime. In 2018, Brian Krebs reported 120 groups with a cumulative 300,000-plus members engaged in similar activities, including phishing schemes, spamming, botnets and on-demand DDoS attacks.

As Talos researchers explain in their blog post, “Months later, though the specific groups identified by Krebs had been permanently disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical, to the groups reported on by Krebs.”

“While some groups were removed immediately, other groups only had specific posts removed,” Talos researcher Jaeson Schultz wrote. “Eventually, through contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing.”

Cybercrime groups are yet another example of the game of enforcement whack-a-mole that Facebook continues to play on its massive platform. At the social network’s scale — and without the company dedicating sufficient resources to more comprehensive detection methods — it’s difficult for Facebook to track the kinds of illicit or potentially harmful behaviors that flourish in unmonitored corners of its sprawling platform.

“These groups violated our policies against spam and financial fraud and we removed them,” a Facebook spokesperson told TechCrunch. “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Networking, Computer Networking, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Cyberattacks

Governments are Targets for Cyberattacks

Why local governments are a hot target for cyberattacks

Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here’s why they are vulnerable and what they can do to reduce the threat.

Over the course of the past few weeks, a seemingly stepped-up wave of malware and ransomware infections has struck a number of municipalities across the U.S.

  • On April 10, the city of Greenville, North Carolina, had to disconnect most city-owned computers from the Internet due to what officials said was a RobinHood ransomware infection, a duplicitous piece of malware that pretends to raise awareness and funds for the people of Yemen.
  • On April 13, Imperial County, California was hit with Ryuk ransomware, which is designed to target enterprise environments, forcing its website to go dark and causing some city systems to malfunction, including a number of departments’ phone lines.
  • On the same day Imperial County was infected, the city of Stuart, Florida, was hit by Ryuk ransomware, forcing system shut-downs affecting payroll, utilities and other vital functions, including police and fire departments.
  • On April 18, an unspecified piece of malware, likely ransomware, crippled the city’s computer networking in Augusta, Maine.
  • On April 21, the municipally owned airport in Cleveland, Ohio, Cleveland Hopkins International airport, was struck by still-unspecified malware, causing the airport’s flight and baggage information boards to go dark, an outage that lasted at least five days.

Despite what appears to be a recent spurt in municipal ransomware attacks, these infections are nothing new to the nation’s cities. The most high-profile municipal ransomware attack took place over a year ago in March 2018 when the city of Atlanta was crippled by SamSam ransomware. According to Wired magazine, the city of Atlanta ended up spending $2.6 million to respond to that attack, roughly 52 times the amount of the $50,000 or so in ransom demanded by the attackers.

Cyberattacks on municipalities harder to hide

Still, the recent spate of attacks raises the question: Are municipal ransomware infections on the rise? According to some municipal cybersecurity experts, cities have long grappling with malware and ransomware attacks at the same rate as private sector organizations, but are just now becoming more public about it.

“Most of these cities have had issues just like businesses have for years,” Gary Hayslip, former CISO for the City of San Diego, California, and now CISO for security firm Webroot, says. “It’s just more of them are being public about it because governments are requiring it now more.”

It’s increasingly difficult to hide city ransomware infections, particularly given that responding to them often requires funds from municipal coffers. “Typically, you end up having to pull out your cyber insurance and you’ve got to get Mandiant or somebody that you have on call to come on over and help you clean up and then hopefully get your data back,” says Hayslip. “So, you’re not going to keep that kind of stuff quiet.”

Internet-delivered city services present more opportunities for attackers

Cities are getting deeper and deeper into IP-based activities to deliver services as efficiently as possible, giving attackers more opportunity to engage in malicious behavior. “I would say there are a couple of big pressures that I think are relevant to most industries, but state and local governments are also exposed to it. First and foremost is the rapid expansion and availability of technology capabilities,” says Chris Kennedy, former government cybersecurity veteran and currently CISO of cybersecurity firm AttackIQ.

Attackers are also getting more savvy. “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”

Data stored in city systems an attractive target

Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers. “If you think long-range. state and local governments offer a wealth of information about citizen activity. You can imagine how cyber criminals would want to take advantage of that collection of information for identity theft and things like that,” says Kennedy.

“Most people don’t realize cities have massive amounts of data. It’s amazing the different types of data that they have. I mean it’s just phenomenal. They have everything from permits to people paying their water bills to parking tickets to whatever. People are investing in bonds,” says Hayslip, adding that cities also accept credit cards. “U.S. cities are very, very similar to large multinational businesses.”

Financial constraints put a squeeze on security

Unlike large multinational businesses, however, cities, particularly small cities or towns, face financial constraints that limit just how much they can spend on protecting themselves from breaches, malware infections and other kinds of attacks. “It can be an overwhelming problem if you’re not adequately staffed,” Kennedy says. “When you’re resource-constrained a lot of the operating falls to contractors” and “how well you manage those contractors is often difficult.”

On top of that, cities struggle to keep pace with technology refresh cycles, which are growing shorter each year. “Today the typical refresh cycle is about 18 months and most cities aren’t ready for it. A lot of the larger cities still have mainframes.” Hayslip says. “In a business you can do rip and replace. You can go ahead and say we’re going to be down and we’re going to stand up a parallel data center and we’re going to flip over and rip out all this old stuff and then go on about our business. That’s very hard to do when you have citizens that are riding on the services that you provide and don’t like to have their services interrupted.”

State and local governments need federal cybersecurity assistance

While municipal governments struggle with increased attacks, constrained resources and outdated equipment, there are few easy solutions to the unique problems they face. Hayslip thinks the federal government has a role to play in helping cities with funding shortages. “These municipal governments and state governments are tied to massive amounts of federal networks. They’re all interrelated and tied to each other,” he says.

“There should be a pool available to state and local governments” to provide small governments funds to addresses at least the basics of cybersecurity, such as updated software, firewalls and other cyber hygiene-related needs. “It would reduce the risk on the supply chain side among the municipal, state and federal networks,” according to Hayslip.

Cities that are fortunate enough to have dedicated security staff, which Hayslip says begins when the municipality reaches 300 employees, can also benefit from participating in formal and informal information-sharing efforts. Among the formal options available to cities are the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), which is focused on state, local, tribal and territorial government cybersecurity, as well as resources available from the Department of Homeland Security.

Local governments should share security data

When it comes to local governments, sharing information informally can be as helpful as the more formal efforts. When Hayslip was CISO of San Diego, he had a loose group of peers from other jurisdictions in the area and nine times out of ten when one of them was dealing with a sustained attack, the others were, too. Cybercriminals like to “get the most bang for their buck so they’ll attack a region” where local governments are likely to be interconnected, he says.

On the whole cities appear to be dealing adequately with the ransomware and other malware infections that come their way. “Some of them are really taking it seriously and they’re building. Not just the city of San Diego but Los Angeles is doing very well. The city of Denver is doing very well.” Even the city of Atlanta is a good example of a municipality that might now be ahead of the curve. “I think they they’ve learned their lessons and they’re putting it together,” Hayslip says.

Article Provided By: CSO

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Security, Phishing Scam, Security Data Breach, IT Support, Liquid Video Technologies, Greenville , South Carolina

New Phishing scam called ‘The Hotlist’

New Phishing scam called ‘The Hotlist’ now targets the Instagram users

  • The new Phishing scam operates in a similar manner as the recent ‘The Nasty List’ scam.
  • The Phishing scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram.

A new phishing scam called ‘The Hotlist’ has been found targeting Instagram users lately. This new scam operates in a similar manner as the recent ‘The Nasty List’ scam.

How does it work – The scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram. The message reads something like, “I just saw a few of your photos on the @The_HotList_95 and they are already upvoted to #26!”.

Once the recipients visit the message sender’s account, then they are displayed with a post that says ‘Everyone Is On Here Look’ and includes a description along with a link that reads ‘Check what position you’re in!’.

If users click on the link, then they are taken to a fake Instagram login page that is used by scammers to steal login credentials. The link typically ends with .me domain, Bleeping Computer reported.

What are the impacts – The Phishing scam is being used to steal Instagram account details of users. Once the scammers grab the login credentials, they can use them later to send further phishing messages to other Instagram users.

How to stay safe – Users can avoid falling victim to such Instagram phishing scams by:

  • Not entering their login credentials if they are on a page that does not belong to the Instagram website;
  • Verifying the profile of the sender/source before sharing any personal information;
  • Ignoring message from an unknown source that asks you to share sensitive details as it can be a phishing scam.

Article Provided By: CYWARE

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3 5