Category Archives: Uncategorized

Haywards Heath IT security specialist asks what can we learn from Kaspersky

The way that data breach has been handled by these two organisations provides valuable insight into how it should be done.

Haywards Heath IT security specialist Gary Johnston has been taking a particular interest in events at Kaspersky and the US Office of Personnel Management.

As an IT security specialist when stories of this kind unfold it is always interesting to see how they are dealt with by the companies involved, very often unfortunately the answer is badly.

Haywards Heath IT security specialist Gary Johnston says Kaspersky and The US Office of Personnel Management provide contrasting examples of how to deal with a data breach.

Tamite Haywards Heath IT security specialist comment on Kasperky & US Office of Personnel Management data breach

Kaspersky have given a text book demonstration of how to handle the potentially embarrassing fact that they have been the victim of data breach. Kasperky disclosed the fact that during the testing of a new product designed to search for APTs (Advanced Persistent Threats) they had actually discovered an intrusion on their own network.

The phrase not knowing whether to laugh or cry comes to mind. I should imagine that the event was akin to the head designer at Dyson plugging in the latest design, pushing a button, watching his own workshop disappear up the nozzle and saying to the assembled audience, “well that worked”. Presumably the new product has passed its Beta testing with flying colours.

Kaspersky unlike previous victims of this type of event, have actually in some ways turned what could have been a hugely embarrassing event into something a little more positive. They promptly admitted to the breach and the investigation showed that the attack was highly advanced. Using what Kaspersky have dubbed Duqu 2.0 which presumably infers a link to Duqu 1.0 (BBC News) which was famously uncovered by Kaspersky in 2011 to eves drop on the organisation.

Gary Johnston of Haywards Heath IT Security specialist Tamite Secure IT comments that Kaspersky appear to have been open about the scope of the breach from the start, including the extent and the timeline of the attack and the fact that within a short period of being discovered it appeared to uninstall itself and attempt to cover its tracks (Computer Weekly), it makes fascinating reading and gives a real feel for the sophistication of the APT.

July was also a good month to bury bad news as the events at Kaspersky were possibly over shadowed news wise by the events at The US Office of Personnel Management (US OPM) who managed to leak tens of millions of records relating to government employees. (BBC News)

In contrast to Kaspersky the reaction of The US OPM went through the usual phases, of denial, to grudging acceptance while still understating and minimalizing the extent of the breach. The classical pattern was almost complete when after having been over taken by events, The US OPM finally resorted to a hand wringing confession to the true extent of the breach. The final phase was marked by the inevitable and ritual decapitation of the person deemed most culpable. In this case the Director of US OPM Katherine Archuleta who announced she would step down to help the department “move beyond the current challenges”.

However of the two events, the one at Kaspersky is the more troubling, it seems to be a universal fact that governments don’t do a great job of IT or IT Security per se and in any case the USOP have what is known as previous. The fact that Kaspersky who do IT Security well have been spied upon for an indeterminate period should be seen as sinister.

Gary Johnston Haywards Heath IT Security Specialist goes on to say that there are three scenarios that have been mooted.

1. The Israelis who have plenty of “previous” spying on the Iranian Nuclear Arms proliferation talks and wanting early warning if their latest piece of Spyware has been exposed.

2. GCHQ, Nation state China, US NSA etc. a security service wanting to know how to circumvent the latest security products.

3. Three Cyber criminals least likely but similar motive.

The comments in this blog represent the thoughts of Haywards Heath IT security specialist Gary Johnston of Tamite IT

Watering Hole Attacks

Forbes.com Watering Hole Attack
(shows you can lead a horse to water & make him drink!)

Watering hole attack

The news that Forbes website was compromised in November leading to thousands of its customers being potentially infected with malware, has provided a wake-up call for us all.

The term watering hole attack refers to the idea that the cybercriminals identify. Websites that will appeal to the demographic that they are intent on exploiting.

Potentially, your customers. The analogy being the obvious one of a predator, (in this case Malware), lying in wait for its prey by a frequently visited watering hole (Your website). I’m sure you worked that one out for yourself.

The exploit relies on the fact that often the company website is poorly defended, and it will be relatively easy to find an exploitable weakness in the security of the site or the underlying code. The perpetrators insert their malware, and the popularity of your website and your SEO effort will do the rest.

In the case of Forbes, (Invincea and iSight Partners said in their joint report), the attack exploited two zero-day vulnerabilities. One in Microsoft’s Internet Explorer, and the other in Adobe’s Flash Player.
Adobe fixed the flaw back in December and Microsoft updated Internet Explorer as part of its Patch Tuesday release.

The exploit appears to have been targeting senior executives, managers and professionals in the defence and financial services industries.
The very fact that two zero day vulnerabilities were used indicates that this attack was a serious attempt at compromising these high value users of Forbes website, zero day vulnerabilities suggest the attacker was sophisticated and determined, the use of two zero day vulnerabilities emphasises just how determined they were in pursuing their quarry.

The malware infection was inside the “Thought of the Day” Flash widget, which appears whenever users try to access a Forbes.com page. Visitors didn’t need to do anything other than to try to load Forbes.com in their browser to get infected. It is probable this campaign focused on cyber-espionage, not cybercrime.

It is a fact Watering hole attacks are insidious, because it wouldn’t occur to anyone that these sites could be infected.

Of course the Forbes incident was the top of the tree as far as these things go, but it does emphasise that everyone is at risk. You should realise that it is common practice for criminals to infect legitimate websites, that’s your business website, with the aim of passing on malware to your potential clients.

Forbes probably have a whole department dedicated to the upkeep of their website, you probably speak to your web designer a couple of times a year. Little wonder that because the scripts and coding that underlie the site are rarely updated or patched that they are wide open to this sort of attack.

WordPress based websites are notoriously insecure, not surprising as they make up such a big proportion of published websites, but so are most other platforms. So what is the answer? Well we would suggest you speak to an IT company who understand just how significant security is to your business. Some one that gets the bigger picture.
Your customers come to you because they want your products and trust you. It is in your interest to make sure that in visiting your site, the only thing your customers leave with are an enduring good impression of your organisation.

Hackers Topple Dominoes

dominoesRex Mundi a Cyber Criminal group who specialise in stealing user data from global companies for extortion claim to have hacked the database for the Dominoes franchises covering France and Belgium, Dominoes have conceded that they have experienced an incident. The criminal gang Rex Mundi have demanded a ransom of £24,000 to prevent the posting on the Internet of the details of 600,000 of Dominoes customers, the stolen information is said to contain usernames, passwords, email and physical addresses, phone numbers  and includes information such as the customers’ favourite topping. At the moment it appears that the customer credit card details are still secure.

Rex Mundi have a track record with previous known attacks,  in 2012 the group stole and published online loan-applicant details from thousands of users from US payday loan company AmeriCash Advance.

Belgian internet hosting company Alfa Hosting became another of Rex Mundi’s victims suffering a break-in this year leading to the names of 12,000 customers being published online.

So why is this of interest to Tamite IT Support who provide IT support to customers in Sussex and Surrey. Well the answer is it gives me a prime example of how we can link cause and effect and describe how these high profile attacks could be used to target you.

Recently there has been a spate of high profile hackings involving well known brands such as Ebay and Mums Net. In all the cases the credit card details have not been compromised. The reality is that in the world of the Cybercriminal the credit card details are often no longer the primary objective. You can only exploit them for a short time frame. In the world of Cybercrime information is King, as it gives you a commodity you can sell over and over again over a long time frame.

The next time you receive a spam email assuming it evades your spam filter or something through a social networking site that seems to be too close to the mark, try to imagine how they may have gained access to that information.

The quantity of Spam is not the only issue we are faced with, the quality has improved to the point when you would be hard put to distinguish a real message from your bank to a counterfeit and the content is becoming increasingly sophisticated add to this the use of information provided as a result hacking attacks that can be used to make the message more convincing.

See the Tamite IT Support Guide to Social Engineering and Phishing.

Next week when you receive that email enticing you to order your favourite Pizza from Dominoes with just one click of a link, with an extra 20% off with a side order of frogs legs  if it is ordered before the weekend. Take a second look and if you have the slightest doubt access Dominoes via a Google search to make sure you are using the legitimate site.

Of course telling you to be on your guard and not to take anything for granted whether the message comes through email or social media is only half of the answer. In my next blog I will discuss the other half of the answer.

If you feel you would like more information on the steps you can take to protect yourself and your business from Cyber crime Tamite IT Support provide IT Security seminars  and training aimed at small businesses  and individuals in the Haywards Heath, Sussex and Surrey areas.

Mobile phone suppliers letting down their customers.

While I love my iphone and am constantly impressed by the products turned out by the mobilephone manufacturers my feelings for the Mobile Network operators are less than favourable. When my customers ask me to recommend a mobile phone network my reaction is usually to cringe, as my experience is that mobile providers in general & even traditional telecoms service providers are all next to useless and show a disregard for their customers that beggars belief. Oh by the way I’m not going to join the chorus of voices condemning the major EE outage yesterday. These things happen occasionally and personally being without a mobile service for an hour or two won’t do me any harm and I personally think being off line for a while feels like a positive thing. Although businesses who depend on mobiles will disagree.

What does alarm me is the casual way they disregard their customers when it suits their business needs. Two recenct examples. O2 have recently sold all of their residential terrestrial Broadband business to Sky. At the start of March they notified their business customers that they would be ending their service on 18th March. Considerably less than the 30 days Ofcom demands. My customer received no notice as the notice was sent to the salesman who initially signed them up for O2 and so they were surprised when on Tuesday the 18th the broadband circuit stopped. Of course they called O2 to be told that O2 had ended their service.

As a result I had to set them up with a temporary Internet connection ironically using 3G which will give them a connection for the 10 or so days it will take to get a new circuit in place. fortunately they had another number that was able to have the broadband provisioned on it otherwise a further delay would have been inevitable for reasons I won’t go into here. I’m sure lots of other ex O2 customers won’t be as fortunate.

I would imagine my customer is not alone. So why didn’t O2 make some effort to contact their customer when it became obvious that the circuit was going to be ended as the customer hadn’t migrated to an alternative supplier. Were their too many to be contacted personally, in which case why did they let it happen or if it was a minority of customers then they should have pulled the stops out and contacted them. After all they know the phone numbers and the addresses and possess call centres full of people who will bother us when ever they have something to sell, so why not use some of this resource to help a customer that they were dropping for their own business ends. If O2 want to post a reply here feel free it will make interesting reading.

I will now move on to EE and Orange who have managed to displease me for other reasons, once again this stems from Oranges’ decision to move its customers to EE. I am not alone I know on this one. When the account was moved over to EE I was billed by EE for the correct amount, additionally I was billed by Orange for over £300. On calling Orange I found this spurious amount had inadvertantly been billed to many of their customers as a result of the change over and they were making plans to re-imburse me and all the others (nothing like some urgency).

I short circuited their plans by contacting my bank and arranged a DD clawback. problem sorted. Well not quite as a month later they did the same thing (silly me not cancelling the DD). Anyway it took Orange 3 months to sort out a credit against the invoice and to stop pestering me for payment after I ended the DD.

The lesson would seem to be the best policy is to get the best deal you can as in this industry customer service just doesn’t figure. The thing that comes through is that actually you want to go to a resseller that you have a relationship with and will look after your intersts. So when I’m asked I recommend my customers to use Simon Farncombe of Numatel. 0844 544 3789

Crawley business taking cyber security seriously.

This morning I was invited to address a number of small businesses from the Crawley and Haywards Heath area. Being Valentines day I thought that some advice on how to avoid contracting infections and how passing one on can adversely affect a relationship would be an entirely suitable and timely subject.

Entitled Time To Take Cyber Crime Seriously the subject was how we all have to step up to the mark and take responsibility for our own security, both on the Internet and in our own networks. The reasons for this are simple, the cyber security threat extends to businesses of all sizes and even individuals. The organisations behind it are professional, organised and well financed.

Recent developments in the world of malware have in my opinion signalled a step change in the threat that Cybercrime poses to the individual and small businesses. I will sum up the reasons for this by simply stating that criminal organisations have been encouraged to target this area in part because the larger targets have toughened their security stance and represent a harder proposition. Where-as individuals and small businesses not having the resources of a full time IT department are perceived as a soft target. CryptoLocker is demonstrating that the financial rewards from this area are substantial.

Bitdefender Labs identified that approximately 12,000 hosts were infected with CryptoLocker between October 27 and November 1, 2013. Even if only 3% of users infected by CryptoLocker are estimated to pay, this means the organisation behind CryptoLocker probably made in excess of $100,000 in a single week.

It is up to us as the IT Companies who provide support to this sector to provide the additional IT security training to the users to make them habitually safe. That data security products can provide part of the answer is without doubt but only when the IT environment they are deployed into is built on sound principles. All of us, IT users and suppliers now need to step up to the plate. The government seems to be getting the message and is actively encouraging better data security practice via its cyber Streetwise campaign.

The answer for small business and individuals is partly increased awareness of the risk and a sound strategy that properly addresses the areas of risk. This may be a combination of training and correct deployment of products. The name of the game is to make sure you aren’t the perceived soft touch. Its similar to the story about the Polar explorer who when he was questioned about the best way to survive a Polar bear attack replied that he relied on the fact that he could outrun his companions.

 

Gary Johnston – Tamite IT – IT Security Strategist

Tamite IT Security Course at the Kissingate Brewery

kissinggate logoTamite IT Security Course – IT security Basics For Businesses & Individuals

Our most recent IT Security Training Course held at the Kissingate Brewery was a great success attended by representatives of businesses from across Sussex and Surrey. Concentrating on the simple steps that individuals and small businesses can relatively simply and quickly put into place, the adoption of which will make an enormous difference to the security of the individual PC and the network to which it is attached.

One of the main aims of the Tamite IT Security Training Course is that by understanding the risks posed by Cybercrime we are able to avoid risky activities and spot potential threats.

Malware moves on constantly, and the war being waged against it is also necessarily unremitting. One of the more recently announced threats (discovered by the Security Research Firm, Intego) has been named the Crisis Trojan. Interestingly the malware was found to infect Mac OS X computers and could record keystrokes, webcams, track web traffic, take screenshots and steal data.

Owners of PCs should restrain the urge to snigger as researchers at Symantec have revealed that a worm-like version of the malware also targets Windows. As with the Mac version, this malware installs itself onto a victim’s PC if they visit a compromised website, subsequently downloading a malicious JAR file.

We believe that the only sensible way for businesses and individuals to deal with the multitude of threats posed is to train users, our IT Security Training Course is specifically designed to help you make your environment secure and keep it secure.

A small success in the war on Spam

At Tamite IT Support Sussex we are very aware of the problems malware can cause our customers, there is a constant war being waged against the spammers and criminal gangs responsible for producing and spreading malware. Occasionally the triumphs of the groups that combat Cybercrime make the news. This month a group of researchers that include security vendor FireEye have claimed a success in the war against Spam, Grum, the botnet credited with at one point being responsible for a third of all Spam on the Internet sending out around 18 billion spam emails a day, has been shutdown.

Tamite IT support Sussex IT Security Training gives you the knowledge to protect your systems and play your part in combating Cyber Crime.

The demise of the Botnet known as Grum is good news for everyone using the Internet as Spam presents a significant overhead to the infrastructures that support the web, if we had no Spam, the Internet would run faster due to the reduction in bandwidth and processing wasted carrying information that at best is a nuisance to the recipients, you could even argue from a green point of view that vast amounts of energy are being wasted with resulting CO2 emissions.

Many of you won’t even be aware of what a Botnet is and how it works, so for the uninitiated I will describe how it works.

Our PCs are constantly under attack by criminal gangs trying to plant programs we call Viruses, Trojans, Spyware etc. these can be delivered in many ways; Browsing, Social Networking, Emails and a host of other means.

If one of these programs manages to attach itself to your Computer you may well have been recruited as part of a botnet.

Once enslaved to the botnet your PC will come under the control of a server that directs and coordinates operations. Quite often they are capable of a number of functions, maybe sending out Spam or more exciting taking part in a Dos attack (look that one up on Wikipedia). Botnets are often hired out to other criminals to carry out such projects.

Now the sobering thought, According to Spamhaus’ figures, Grum used an average of 120,000 IP addresses to distribute its emails.

That means at the point the servers were taken down 120,000 PCs were being controlled by Grum. They in all probability are still carrying the code that enslaved them to Grum and other Criminal gangs won’t waste time in scrambling to recruit these machines to their Botnets.

Of course organisations like Scrum rely on people being lax with their security. Properly protected Networks are less likely to harbour infected PCs and so the next time you complain about the amount of Spam you receive consider the fact that if your aren’t properly protecting your PC you may be part of the problem.

Tamite IT Support Sussex are in the business of providing Software, Support and IT Security Training Courses to help keep your data secure.

In our IT Security Training Courses we describe simply and concisely the elements that are key to protecting your PC’s and network. By protecting ourselves we can all play our part in the reduction of cyber crim

Why IT Security Training is a must for anyone who owns or works on a computer.

An article I read this morning in an IT journal reinforced the need for companies of all sizes and individuals to take an active role in managing IT security and also the need for IT Security Training. The articles’ introduction began from the position, that a network breach is all but inevitable? Wade Baker, director of risk intelligence at Verizon, asserts that taking such a view is “unhelpful at best” and points out that “97 per cent of the attacks analysed in the 2012 Verizon Data Breach Investigation Report were avoidable, without the need for organisations to resort to difficult or expensive countermeasures.” which we think is good news for Tamite IT support Surrey customers

Tamite IT Support Surrey business supply IT security training to individuals and business.

Taking steps to improve your computer & network security does not have to be as daunting as it sounds, but it does go beyond installing Antivirus and hoping you will be protected. At Tamite IT Support Surrey we believe that by providing basic IT security training where it is explained in simple terms, how you go about keeping your operating system and other vital systems up to date thus ensuring exploits in code are closed. Recognising the vulnerable areas of your network and how to protect them and most importantly the adoption of good habits and the ability to recognise suspicious behaviors all can be demonstrated.

The truth is that most virus infections are avoidable and even the danger of losing data through hacking or leaking can be mitigated and quite often the solution is already available as part of your Operating System or other software or just by better network management. Tamite IT Support Surrey show how you are able to impliment a simple layered approach to defend your valuable data.

Tamite IT Support Surrey business can assist businesses of all sizes to formulate sensible policies and understand the technologies so that you can make decisions based on knowledge and we are always happy to assist you either with the planning or the implementation.

Tamite IT Support Surrey are in the business of providing solutions and information to help you make the correct decisions for your business.

The key areas to consider are perimeter defences which include devices such as your Broadband router and possibly other devices such as WiFi on your network. Also Firewalls both hardware and software. Correct configuration of software such as your operating system, Antivirus software and Browser. In addition the messaging you use to interact with the outside world, email, social networking etc. and critically your ability to backup & restore your data. The problem is that today the computers and systems we use every day have become so key to the smooth running of the business.

BYOD stands for Bring Your Own Device (But should the D stand for Disaster)

The advent of what has been termed BYOD (Bring your own device) created by the popularity of devices such as tablets, Smart-phones and even the humble USB memory stick potentially creates dilemmas for businesses large and small. Do you allow your employees to connect these devices to your network or ban them from the work-place or is their perhaps a middle path?

We provide IT Support Sussex business and can assist businesses of all sizes to formulate sensible policies to enable you to take advantage of the benefits these devices can bring while avoiding the pit falls.

Tamite IT Support Sussex business is in the business of supplying solutions and information to help you make the correct decision for your business.

So what are the issues facing our Tamite IT Support Sussex customers?

At Tamite IT support Sussex we recognise that the first issue is in the nature of these devices in that they are portable, this makes them firstly more losable and offers more opportunities to steal the device. So we should consider the nature of the data we allow to be saved on the device if we aren’t going to fall foul of Data Security Legislation. If we allow customer related data on these devices we need to make sure at the minimum the password security is sensible. Possibly even look to encrypt the data.

Have you considered the fact you are allowing a device to connect to your network that you have very little control of. The fact is these devices do catch and carry viruses but very few have Antivirus installed, so are you importing trouble on to your network. Also uncontrolled access could lead to a slow network, as half of your work-force watch their favourite Olympic event on a live stream.

Lastly data theft, uncontrolled access to data can mean your companies information is open to being leaked to competitors or taken when staff leave for a new employer, devices such as USB memory sticks can be controlled to make sure only the devices you authorise can remove data from your network and it is even possible to delete data from and revoke access if they are lost or the staff member leaves and doesn’t hand the memory stick back..

Tamite IT Support Sussex have a view that not all Antivirus Products are equal

At Tamite IT Support Sussex we believe that some Antivirus products having been designed around the home user are not necessarily the ideal choice for business, we recommend products that fit your needs and carry functions that will be useful while not slowing your PC more than necessary by carrying what we term bloat-ware.

We are also happy to provide training for individuals and businesses on how to secure your PC / Network

Want to know more aboutTamite IT Support Sussex or how you can improve your companies or your own IT Security visit our website for details of one of our courses.

Password security is as important as locking up when you’re out

The importance of the password cannot be over emphasised. As a company providing IT Support to Sussex and Surrey business Tamite actively encourages its’ customers to adopt sensible policies.

Tamite IT Support for Sussex business Is serious about its customers’ IT Security

A simple password on your PC user account is the first step. Ideally we would like it to be a little more complicated using uppercase numbers and non standard characters but a sensible password is better than no password, although 123456 and password are not.
Also make sure you don’t use the same password for everything. We always recommend to our IT support business customers that they don’t use the same password for their banking as for Social Networking, if your password for one account is hacked assume the worst and change all your passwords. Periodically change them anyway.
Good password policy shouldn’t be limited to your PC login and online accounts. Are you aware that your hardware such as your Router that supports your Broadband also has a username and password to login? It is vital that the password is changed from the default.
One of our customers found out why earlier this week when he couldn’t get access to his banking. Earlier in the week his Antivirus product detected an infection on one of the PCs on the network. Having successfully cleared it he thought his problems were at an end.

Passwords on your network infrastructure are also important

Our engineer was called in because the customer couldn’t access banking from any PC on the network. It turned out that the culprit was the Router which had been updated with some DNS settings that weren’t provided by the ISP but probably were linked to a fake DNS Server. DNS is like the telephone directory for the Internet turning domain names typed in, into IP address information that routes you to the correct destination. Or in the case or Fake DNS anywhere the criminals who planted the information wanted. It was probably as well the customer didn’t access his bank as the bank site he would have been routed to could well have been a dummy setup to collect banking credentials.

IT is our policy at Tamite IT Support for Sussex business that we always change default passwords on all kit. If the ISP who had updated this Router with new login details for the new Broadband had changed the default login on his popular brand of router the DNS couldn’t have been tampered with.

Want to know more about how Tamite IT Support are assisting Sussex business or how you can improve your companies or your own IT Security visit our website for details of one of our courses.

We are also doing an in-depth check of the customers’ network to make sure no other little nasties are left behind.