Cyber Security |

Watch out for COVID-19 phishing and malware

By Clive Reeves March 17, 2020

Cybercriminals are capitalising on Coronavirus (COVID-19) to send fake email and SMS phishing attacks that could infect computers or lead to the theft of logins and personal information.

An SMS-based phishing attack sent to Australians this week with the sender of “GOV” claimed the receiver had a “new message regarding the COVID-19 safetyline symptoms”. The subsequent message advised the location of local testing facilities.

People who followed the included link were directed to a website that would encourage Android device users to install an application. Anyone who visited the site from a non-Android phone such as an iPhone were directed to a benign government website instead.

The Australian Cyber Security Centre has recently warned the SMS and subsequent Android application could be used to steal banking credentials.

“The link in these text messages is not legitimate, and if clicked on, may install malicious software on your device, designed to steal your banking details,” it said.

Fake COVID-19 phishing message
Credit: Australian Cyber Security Centre

The steps to install the Android application required people to check a box to install apps from unknown sources in their device’s settings. They could not be infected by merely visiting the site.

It is unclear if the malware was caught by Android’s much-improved in-built security defences which are present on new devices, or those running supported versions of the mobile operating system.

Telstra has blocked the offending domain, protecting customers across mobile and broadband services from accessing the site. Google has also blocked the domain under its Google Safe Browsing Initiative.

However, the rapid nature of cybercrime means new copycat domains that potentially contain the same content are likely to surface.

We should all be vigilant and not respond to unexpected messages over any communications platform, especially those which request links be clicked on or attachments be opened.

Yet more phishing attacks are targeting COVID-19 remote workers around corporate Australia.

These phishing attacks – and dozens of others that promise information on COVID-19 –entice users to open malicious attachments (some containing dangerous malware) and follow links designed to steal logins.

The emails are part of a surge of COVID-19 themed phishing campaigns detected since January which include malicious messages purportedly sent on behalf of the Australian Medical Association (AMA) and global bodies including the World Health Organisation (WHO).

Cyber security vendor ProofPoint says criminals have written phishing emails that claim to be from organisations’ human resource departments and executives. The fake messages encourage victims to open and sign attached malicious documents.

We advise anyone who is working from home to avoid opening unexpected email document attachments and to report suspected phishing emails in-line with their companies’ cyber security policy or delete it.

Meanwhile, Check Point, a cyber security vendor, said 4,000 COVID-19 domains have been registered between January and 3 March of which it suspects 3%, or 120 domains, are suspicious.

“Coronavirus-related domains are 50% more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s Day,” Check Point researchers said.

One of the first COVID-19 phishing emails sent in January targeted victims in Japan and contained purported advice about the virus outbreak.

At least one of the phishing documents claiming to contain COVID-19 advice unleashed the Trickbot malware when opened.

Trickbot is one of the worst cyber security threats facing organisations today. The malware can download additional malicious payloads including the Ryuk ransomware which has the capacity to down global businesses. It can also deploy capabilities that allow it to spread across networks and to new computers through hijacked user email accounts.

Other COVID-19 phishing emails have dropped the NanoCore remote access trojan which grants hackers control of infected systems.

Many more contain links that load malicious login pages that mimic the appearance of tech brands like Adobe and Microsoft Office 365.

We encourage everyone to be on alert for any unexpected emails that request users login to pages or download attachments. Looking for typos and poor grammar is a common but ultimately effective indicator of phishing.

Consumer | Cyber Security |

Beware of Google Chrome extensions hiding advertising fraud

By Darren Pauli March 4, 2020

Up to 1.7 million people have installed Google Chrome extensions that security researchers have found hide complex advertisement fraud, phishing, and malware networks.

Extensions and plug-ins give Chrome and other browsers third-party functionality such as the ability to easily save web pages, find discount coupons, and share content to social media. Malicious code hidden in extensions and plugins inevitably slips past security checks run by major browser developers including Google and Mozilla.

Independent security researcher Jamila Kaya, together with Duo Security hacker Jacob Rickerd, found 500 extensions on Google’s marketplace that hid complex, highly dynamic advertising networks that siphoned data and slung malware behind a veneer of retail promotions.

Victims are bounced rapidly between as many as 30 advertisements in a manner designed to defraud legitimate advertisers who pay for consumer views. Some of these bounces, or redirects, ultimately land victims on phishing pages or domains that contain malware.

“A large portion of these [networks] are benign ad streams, leading to ads such as Macy’s, Dell, or Best Buy,” the researchers said.

“Some of these ads could be considered legitimate; however, 60 to 70 percent of the time a redirect occurs, the ad streams reference a malicious site.”

Extensions and plugins have been long regarded with suspicion in security circles. Thousands have been found littered with dangerous vulnerabilities that expose otherwise secure browsers, revealed to have dubious privacy and data handling policies, or caught outright stealing user data.

The browser additions also often decrease the performance of browsers.

Kaya and Rickerd said their work demonstrated the “increasing real-world risk of Chrome extensions” and urged users to regularly audit their extensions and remove those they no longer use or recognise.

“Being more mindful and having access to more easily accessible information on extensions can help keep both enterprises and users safe,” they said.

Google thanked the researchers and said it will use the extension violations to train its security tools and teams.

Consumer | Cyber Security | Smartphone Safety Hub | Telstra Foundation |

Safer Internet Day: tips for how to keep your kids safe online

By Jackie Coates February 11, 2020

Today marks Safer Internet Day, a worldwide event that raises awareness about online safety and encourages everyone to help create a better internet. This year the theme is ‘Together for a better internet,’ with the aim to encourage all Australians to start the conversation about online safety issues and inspire positive change.

We’re proud to play our part in the cyber safety space, particularly when it comes to digital parenting. Recent research we conducted indicated that more than six out of ten parents are concerned about online bullying or their kids being exposed to inappropriate content and more than half are worried about stranger danger on the internet. So, as today marks Safer Internet Day, we thought we would offer some tips for keeping your kids smart and safe online.

https://youtu.be/M03BJFjBM3w

Do some eLearning

Before giving your kids a phone, it’s important to do some research and familiarise yourself with your child’s favourite sites or apps and take the time to understand how they work. This not only means you can more confidently chat to them about their online activities, but it also gives you some insight into how they might be interacting with other people.

The Office of the eSafety Commissioner is dedicated to keeping kids safe online and identify the key issues as cyberbullying, online pornography, time spent online, gaming and unwanted contact.

Each of these issues carry their own risks and dangers, and it’s important to familiarise yourself with the advice from the eSafety Commissioner. There’s never a one-size-fits-all safety net for your kids when they use the internet.

Be present

It almost goes without saying that the most effective way to make sure your kids aren’t interacting with content on the internet that could cause harm is to stay involved. There’s no need to be overbearing, but encourage kids to use their devices in communal areas of the home. That way, if they do come across something they weren’t looking for, they can let an adult know straight away.

Stay involved

Learning to browse the internet safely is like learning to walk or drive: it’s a process that needs careful supervision. Kids will learn best from your own understanding of online risks – scams, inappropriate content or predatory behaviour.

It is also important to set healthy boundaries with your kids. Using a guide like My First Mobile Agreement can be a great way to guide the discussion and get on the same page, while creating a safe space for them to learn. In this way you can help them make the most of their digital future.

Of course, with mobiles and tablets (and the reality of everyday life), you can’t always be there with your kids when they are online. There are a range of parental control tools to help families become more mindful about screen-time habits.

One of these is Telstra Mobile Protect – a free service with controls including time restrictions, which stop kids using their phones when they should be sleeping. Plus, with Telstra Broadband Protect, you’re able to set device usage levels across our home network, which make sure the whole family powers down even if they don’t have the willpower to do it themselves.

Apple – On Device Settings

Apple’s on device parental controls have a variety of options for parents. When it comes to managing screen time for example, you can remotely set “downtime” to lock your kids out of their phone for specific time periods – a good way to keep your family dinner phone-free (works for mum and dad as well!). You can also set time restrictions on specific apps as well in case you are happy with your kids spending time with educational ones but just want to limit games.

Apple’s latest parental controls also allow you to set up content restrictions for books, TV shows, movies and apps or choose whether your child may install new apps, delete apps or make in-app purchases. And all of these settings are flexible so as you kids get more and more responsible you can hand over more and more control – as appropriate.

You can find Apple’s own instructions for how to set this up on iPhone, iPad or iPod touch here.

Android + Family Link

You can find parental controls in most other phones as well but for Android-powered phones (including Samsung, Google Pixel, Huawei etc) Google has also produced a free app called Family Link.

The app is about setting “digital ground rules” to help your kids understand their boundaries while getting to know life online.

It gives parents full transparency over the sites being browsed and the apps being used. Like Apple’s tools, it also tells parents how long apps are being used for and allows for limits to be set. Moreover, parents have to approve new apps being installed on the device to ensure they’re not being hoodwinked.

Family Link isn’t just about restricting kids. It’s about educating them as well. Family Link can recommend apps that their teachers have given the thumbs up to, and they can be added directly to their device with a single click.

Breaks can also be mandated with the device locking features that force kids to take a break to run around outside, do homework or sleep. And when your kids are out of the house, Family Link also has a feature that allows you to keep a watchful eye on them with location tracking on the go.

Check out the features of Family Link and how to get it for yourself.

Third-party apps

Outside of Apple and Google there are other trusted names in security like Norton that have whole platforms dedicated to the task of keeping your kids safe online.

Norton’s Family Premier software not only sets time limits, but it also provides insights into how they’re using the internet they’ve been given. The software keeps you informed of the sites your kids are trying to access, keeping them away from harmful or inappropriate sites, and provides insights into search terms they’re using to keep track of potentially unsafe behaviour.

Family Premier from Norton also allows you to look at all of their behaviours in a detailed report sent to your inbox, so you can conveniently monitor the behaviour at a glance.

Getting your kid their first phone can be daunting, but being informed is the best way to stay on top of emerging threats that could be harmful. Sticking with them to learn and share information while they browse is key, along with a variety of tools at your disposal. You can also refer to our Smartphone Safety Hub for the latest tips and advice around kids and smartphone usage.

Consumer | Cyber Security | Small Business |

New Windows 10 vulnerabilities highlight need to upgrade from Windows 7

By Clive Reeves January 17, 2020

It seems like just yesterday that Windows 7 was in our lives, but did you know that Microsoft has discontinued its support for the iconic operating system? That means you’ll no longer receive important security updates, and worse still, there’s a new vulnerability with Windows 10 you need to be mindful of that affects both the old and the new operating system. Here’s the immediate action you need to take.

The three new Windows 10 security vulnerabilities – reported to Microsoft by the United States National Intelligence Agency, NSA – affects all systems running Windows 10 (32- or 64-bit). These vulnerabilities were announced on 15 January as part of Microsoft’s usual updates.

Of the three vulnerabilities, two are critical and may allow, for example, a malicious actor to install software, modify/create user accounts or modify data on your computer, and potentially access private and sensitive personal information.

But don’t worry, as long as you act quickly you can protect yourself. We’re joining Microsoft in urging users to patch their Windows 10 systems with the following:

For Windows 7 users, the fix isn’t so simple. As we mentioned earlier, Windows 7 is now end-of-life, meaning Microsoft will no longer be supporting the operating system. That’s a big deal, especially if you’re a small business that is obligated to protect both your data and the sensitive data of your customers. If you’re a Windows 7 user, that means you’ll need to migrate to Windows 10 as soon as possible to receive security updates protecting you against these and other vulnerabilities.

Microsoft has a guide for updating to Windows 10 from Windows 7. Ensure you update promptly to protect yourself from exploits and hackers looking to compromise you and your customers.

Cyber Security | Small Business |

Businesses urged to address Citrix vulnerability immediately

By Clive Reeves January 15, 2020

Citrix is advising customers that cyber attackers are performing scans to find organisations vulnerable to a security flaw in the Citrix Application Delivery Controller (ADC) and Gateway products. It is important that customers are aware that a working exploit to this threat has been published on the internet and to take immediate action.

If exploited, the vulnerability permits threat actors to conduct Remote Code Execution (RCE) attacks. This means it could give an attacker direct access to the local networks behind the gateways without the need for an account or authentication. This could result in attacks via Malware, Ransomware, a denial of service or facilitate the theft of information.

According to iTNews more than 3500 Australian companies may be vulnerable and more than 80,000 companies in 158 countries could also be at risk.

Citrix has worked quickly in releasing mitigation steps and is urging administrators to immediately apply it to their configurations. A full patch is not yet available.

According to a Citrixsecurity advisory, these products are affected:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

What should you do:

Citrix is advising customers to immediately apply the mitigation and then upgrade all their vulnerable applications to a fixed version of firmware when released towards the end of the month.

All the information you need is on the Citrix Support website so if you think you are impacted you should take action immediately.