Tag: cyber-security

Watch out for COVID-19 phishing and malware

Cyber Security

Posted on March 17, 2020

4 min read

Cybercriminals are capitalising on Coronavirus (COVID-19) to send fake email and SMS phishing attacks that could infect computers or lead to the theft of logins and personal information.

An SMS-based phishing attack sent to Australians this week with the sender of “GOV” claimed the receiver had a “new message regarding the COVID-19 safetyline symptoms”. The subsequent message advised the location of local testing facilities.

People who followed the included link were directed to a website that would encourage Android device users to install an application. Anyone who visited the site from a non-Android phone such as an iPhone were directed to a benign government website instead.

The Australian Cyber Security Centre has recently warned the SMS and subsequent Android application could be used to steal banking credentials.

“The link in these text messages is not legitimate, and if clicked on, may install malicious software on your device, designed to steal your banking details,” it said.

Fake COVID-19 phishing message
Credit: Australian Cyber Security Centre

The steps to install the Android application required people to check a box to install apps from unknown sources in their device’s settings. They could not be infected by merely visiting the site.

It is unclear if the malware was caught by Android’s much-improved in-built security defences which are present on new devices, or those running supported versions of the mobile operating system.

Telstra has blocked the offending domain, protecting customers across mobile and broadband services from accessing the site. Google has also blocked the domain under its Google Safe Browsing Initiative.

However, the rapid nature of cybercrime means new copycat domains that potentially contain the same content are likely to surface.

We should all be vigilant and not respond to unexpected messages over any communications platform, especially those which request links be clicked on or attachments be opened.

Yet more phishing attacks are targeting COVID-19 remote workers around corporate Australia.

These phishing attacks – and dozens of others that promise information on COVID-19 –entice users to open malicious attachments (some containing dangerous malware) and follow links designed to steal logins.

The emails are part of a surge of COVID-19 themed phishing campaigns detected since January which include malicious messages purportedly sent on behalf of the Australian Medical Association (AMA) and global bodies including the World Health Organisation (WHO).

Cyber security vendor ProofPoint says criminals have written phishing emails that claim to be from organisations’ human resource departments and executives. The fake messages encourage victims to open and sign attached malicious documents.

We advise anyone who is working from home to avoid opening unexpected email document attachments and to report suspected phishing emails in-line with their companies’ cyber security policy or delete it.

Meanwhile, Check Point, a cyber security vendor, said 4,000 COVID-19 domains have been registered between January and 3 March of which it suspects 3%, or 120 domains, are suspicious.

“Coronavirus-related domains are 50% more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s Day,” Check Point researchers said.

One of the first COVID-19 phishing emails sent in January targeted victims in Japan and contained purported advice about the virus outbreak.

At least one of the phishing documents claiming to contain COVID-19 advice unleashed the Trickbot malware when opened.

Trickbot is one of the worst cyber security threats facing organisations today. The malware can download additional malicious payloads including the Ryuk ransomware which has the capacity to down global businesses. It can also deploy capabilities that allow it to spread across networks and to new computers through hijacked user email accounts.

Other COVID-19 phishing emails have dropped the NanoCore remote access trojan which grants hackers control of infected systems.

Many more contain links that load malicious login pages that mimic the appearance of tech brands like Adobe and Microsoft Office 365.

We encourage everyone to be on alert for any unexpected emails that request users login to pages or download attachments. Looking for typos and poor grammar is a common but ultimately effective indicator of phishing.

Keep your guard up: how to spot a scam online

Cyber Security Consumer

Posted on March 11, 2020

4 min read

Fraudsters are getting better and better at separating marks from their money online. But while scammer tactics may evolve, the foundations of scams are largely unchanged. Here’s how to see through the spin to spot a scam online.

We’re very aware that scammers impersonate our brand to dupe our customers. That’s why we’re always on the lookout for scams and work closely with our cyber security team to monitor and minimise the impact of these campaigns.

When we spot a new scam, we update our CrowdSupport page on known scams with the relevant details so everyone can stay informed.

Always stay vigilant online with the following tips on how to spot a scam, and report what you find to us if you’re ever unsure. Here’s what to look for.

Phishing

Phishing is one of the most common scams online, and scammers are getting better and better at pretending to be your bank, your telco or your energy company in order to extort money and personal details out of you.

As part of a phishing campaign, a scammer will often create an email designed to appear like a legitimate piece of communication from a trusted institution. These emails use legitimate logos, colour schemes and fonts to appear trustworthy. Targets will usually be encouraged to click on a button or link to change their login details, personal information or to confirm a transaction.

Once the button is clicked, the target is redirected to a webpage designed to mimic an online banking or service login page in order to capture login details. Once a target is tricked into entering those details, a scammer can use them, login for themselves to steal funds or transfer services, or sell the details for other parties to use.

Phishing scams can also take the form of an SMS where the scammer impersonates a bank or telco before again transferring the target to a fake webpage to steal their information.

As scammers improve their phishing materials, it can be hard to determine what’s legitimate, but several key tells will always give the bad guys away.

Scammers will often create a fake email address that doesn’t look quite right, such as @telstranet.co.biz. Furthermore, these phishing scams will direct you to a website that won’t look quite right, such as www.telstrabillsupdate.xyz. Always check the email address in the ‘from section’ of a message when checking for authenticity and browse the company’s webpage from Google or your bookmarks, rather than clicking on a link in an email.

Fraudulent emails and SMS messages will also often impose a time pressure or urgent call to action. This way, scammers can take advantage of their targets before they have time to think about whether or not it’s a scam. The emails and SMS phishing messages might falsely claim that your login details are vulnerable or need to be changed (e.g.: “your account is locked!”), or claim that a large transaction is being made without your knowledge, prompting you to login quickly in order to stop it. Keep an eye out for a false sense of urgency when reading your emails.

Pay close attention, as many – but not all – of these messages might look legitimate in their graphics but may contain poor spelling and grammar or unusual language, serving to tip you off that it’s not from the real company. Make sure you read all correspondence carefully, ensuring that you have your guard up at all times.

Remember, if you receive an email or SMS message you’re unsure about, contact your institution to confirm the legitimacy of the communications before interacting.

Beware of Google Chrome extensions hiding advertising fraud

Consumer

Posted on March 4, 2020

2 min read

Up to 1.7 million people have installed Google Chrome extensions that security researchers have found hide complex advertisement fraud, phishing, and malware networks.

Extensions and plug-ins give Chrome and other browsers third-party functionality such as the ability to easily save web pages, find discount coupons, and share content to social media. Malicious code hidden in extensions and plugins inevitably slips past security checks run by major browser developers including Google and Mozilla.

Independent security researcher Jamila Kaya, together with Duo Security hacker Jacob Rickerd, found 500 extensions on Google’s marketplace that hid complex, highly dynamic advertising networks that siphoned data and slung malware behind a veneer of retail promotions.

Victims are bounced rapidly between as many as 30 advertisements in a manner designed to defraud legitimate advertisers who pay for consumer views. Some of these bounces, or redirects, ultimately land victims on phishing pages or domains that contain malware.

“A large portion of these [networks] are benign ad streams, leading to ads such as Macy’s, Dell, or Best Buy,” the researchers said.

“Some of these ads could be considered legitimate; however, 60 to 70 percent of the time a redirect occurs, the ad streams reference a malicious site.”

Extensions and plugins have been long regarded with suspicion in security circles. Thousands have been found littered with dangerous vulnerabilities that expose otherwise secure browsers, revealed to have dubious privacy and data handling policies, or caught outright stealing user data.

The browser additions also often decrease the performance of browsers.

Kaya and Rickerd said their work demonstrated the “increasing real-world risk of Chrome extensions” and urged users to regularly audit their extensions and remove those they no longer use or recognise.

“Being more mindful and having access to more easily accessible information on extensions can help keep both enterprises and users safe,” they said.

Google thanked the researchers and said it will use the extension violations to train its security tools and teams.

The unassuming threat of IoT devices in Australian workplaces

Cyber Security

Posted on February 21, 2020

5 min read

When thinking of objects in a business that pose a data security risk, a fridge or fish tank wouldn’t likely come to mind.

IoT continues to grow more and more ubiquitous, fuelled by the promise of greater efficiency and advanced insight. The idea of cyber-attack may prompt images of server rooms being hacked or company laptops being stolen, but the reality is with the rise of IoT connected devices, mundane objects pose one of the biggest risks for businesses’ IT security.

A recent 2019 Report explores key issues in data security and has identified the huge threat that the growth of IoT poses to businesses of all kinds. With an estimated 29 billion connected devices by 2022, it is imperative we understand the problem that these devices pose.

The weakest link

Through the research it became clear the number one challenge for security professionals for 2019 continues to be detecting and responding to incidents in a timely fashion. This is complicated by the increasingly important task of managing the impact of new technologies such as IoT. The report found that Australian businesses are failing to improve their security, with 89 per cent having had breaches go undetected, up 12 per cent since 2018. These new technologies are being neglected; the Security Report noted only 43 per cent of Australian businesses are currently protecting their IoT security.

With the prevalence of cyber security attacks, the focus is on well-established aspects of security that seem more dangerous. From pacemakers in hospitals to vehicles in fleets and the company watercooler, more and more ordinary objects are being outfitted with IoT capabilities. As this technology continues to disrupt industries, the mad sprint to stay connected is arriving at the expense of security.

In 2016 we saw this play out in spectacular fashion with the Mirai botnet. This botnet took a huge toll on the East Coast of the United States’ internet. The culprit of this unprecedented outage was simple – IoT enabled cameras. In a similar incident in 2017, a North American casino was hacked through their IoT connected fish tank. While having access to a fish tank may initially seem like an absurd threat, it is through these unassuming objects that cyber criminals are able to successfully infiltrate other businesses’ critical systems. A study by Qualys, referenced in the Cisco 2018 Annual Cybersecurity Report, found that 83 per cent of IoT devices now carry critical vulnerabilities and this weakness is an open door for an attack.

Cyber security team

Mind the gap

A key reason this figure is so high is external vendors are often needed to update devices. In many cases, there are no clear indications of who is responsible for securing IoT connected objects. As more devices and ‘things’ connect to the internet, managing potential backdoor breaches frustratingly grows in importance and equally in difficulty.

Many businesses fail to realise a high proportion of internet-enabled devices are sold without in-built security. Some even lack an operating system that can support the installation of security software. Gaping vulnerabilities are often built-in weaknesses known as ‘backdoors’ that allow remote access maintenance, as well as stock passwords that are readily available online. Consequently, criminals can easily install malware on these devices and program them for future use or enlist them in a global army of bots with minimal investment. To make matters worse, the recent 2019 Report revealed 22 per cent of APAC organisations either don’t have or don’t know if they have an incident response plan to address breaches.

Update required

One example of how these issues are being addressed at the federal level is in the UK. The UK government recently introduced new laws to curb this issue of IoT device security. The new regulations will introduce IoT guidelines for manufacturers of connected devices, with a mandatory labelling system to determine the security level of an IoT enabled device. If an item falls short of these standards, it may be prohibited from sale. Regulation of this kind represents a big step forward in managing IoT security and has the potential to set global precedence.

IoT devices are on average more vulnerable than traditional IT endpoints. To beef up IoT security companies should look to employ basic endpoint security features like anti-malware, intrusion prevention and antivirus to secure networks against the barrage of attack. Another option is device authentication for IoT devices. Digital certificates or two-factor authentication ensure nobody can gain unauthorised entry to a device. Endpoint hardening can even be as easy as upgrading a product or deploying basic security patches, as many devices are built totally unpatched. The benefits of connected devices are numerous and are a necessary tool for businesses to succeed in the future marketplace. Businesses need to ensure they are vigilant in monitoring devices coming into the workplace and understanding how secure they really are.


This article first appeared on CSO Australia Online in January 2020.

Bringing our best security services to Australia’s small businesses

Small Business Business and Enterprise

Posted on February 18, 2020

3 min read

We know how busy it is running a business; you’ve got your staff to look after, suppliers to chase, invoices to handle. That’s why we’ve just launched three new services to make your business’s growth journey easier.

Did you know that 44 per cent of Australian small businesses say they could be doing more to protect their business from cyber attacks? Criminals don’t look at the size of a business before they make their move, either – if your digital services are vulnerable, your business is at risk. Where big businesses have the luxury of specialised teams like marketing and IT, small businesses are often left to manage these risks by themselves.

Telstra Business Awards Alumni Christopher Marr from Sonder spoke to us about the importance of keeping his business running online, safely and securely.

Telstra Business Cyber Services offers whole-of-business support for $80 month to month including four security assessments every year, monthly updates on emerging threats and guidance on how to guard against them, and round the clock support. We want you to hand off all of your business’s complex security needs to us – we’ll take care of it for you.

We’ve used enterprise grade security for Telstra Business Cyber Services, with our cloud-based Internet Protection for Mail and Web Services using local and global threat intelligence and advanced tools from leading security vendors. Without any hand-holding needed from you, our Internet Protection for Mail and Web helps protect from malware, ransomware, viruses, spoofing and other advanced threats. Inappropriate and malicious content is also blocked.

Educating business owners and employees about how to identify and protect against cyber attacks is a big part of the security assessments we provide. For many cyber incidents that result in data breaches, there’s a human element – such as an individual opening a phishing email or clicking a malicious link – so the more we can do to educate people around these risks, the better.

If you already have a handle on your cyber security needs but want an extra hand with the technology that you use for your day-to-day operations, Telstra Business Tech Services is a $60 month to month service that gives you dedicated tech support and four expert assessments per year, while at the same cost Telstra Business Digital Marketing Services outsources the expertise you need to build or maximise your digital presence and sell online.

Small business owner monitoring his alcohol stock in a production facility with tech solutions from Telstra Business Services

Late last year we also launched Mobile Worksuite, our all-in-one solution for businesses that want to transition to a fully mobile work environment – whether that’s literally taking your business on the road, or working from temporary offices and co-working spaces or work sites. Get started with your choice of a 2-in-1 device including the Microsoft Surface Pro X which has built-in 4G connectivity, as well as Microsoft Office software and 24/7 support.

Since December 2018 we’ve upskilled 3000 business specialists across our stores, and we launched 28 new Telstra Business Technology Centres in regional and metro areas to help our small business customers with their more complex technology needs face to face. We also launched our dedicated free account management service for all Telstra small business customers regardless of their size.

We want to help you avoid the lost productivity and significant financial impact that cyber attacks can lead to, and to minimise the disruption of dealing with these issues as well. Prevention is better than a cure, and we hope our new services will give Australia’s small business owners the peace of mind they need to grow their operations.