Loading....

FBI Ransomware Variant Spreads To Mac OS X

FBI Ransomware

We first saw this on /r/techsupportgore the other day.  Now Malwarebytes is reporting a new FBI Ransomware variant targeting Mac OS X users.  This is a great time to remind everyone that ‘web-based attacks’ like this can affect users of all platforms.  Since much of what we do is on the web today, it makes no difference which platform you’re on when you click on a phishing link or when malicious Javascript is allowed to run.

We highly recommend Firefox with NoScript and AdBlock to help prevent this sort of attack.  Add Public Fox to that list too.  The biggest mistake often made, is thinking there is a single solution that can keep you secure.

If you’ve been hit with this attack, it looks like a simple browser reset via Reset Safari will remove this hijack:

Safari Reset
Image Credit: Malwarebytes

Select all items in the list and choose Reset:

Reset Safari Selected Items
Image Credit: Malwarebytes

So this variant is relatively mild, as it only affects the web browser.  That being said, the ransomware’s goal is is to deceive users into handing over their credit card information.  If someone falls for the scam, it could end up being a costly mistake.

Just be sure to take precautions when browsing the web and know that simply using a Mac will not protect you.  Those days are long over and users of all platforms can benefit from a few basic security measures:

[checklist]

  • Utilize Firefox with NoScript and AdBlock.
  • Do not browse the web while logged-in as an ‘administrator’ account.
  • Utilize an antivirus program, whether you’re on Windows or Mac OS X.  We recommend ESET’s products.
  • Do not use the same email/password combination across multiple websites.
  • Know that the “bad guys” are always trying to deceive you and regardless of platform, they are always finding new ways to do so.
  • Keep your wits about you while browsing the web and watch what you click!
  • Utilize DNS servers other than your ISP’s – e.g. Comodo, OpenDNS, or Google Public DNS.

[/checklist]

If You Use the Tumblr App On Your iPhone or iPad, Change Your Password Immediately

Tumblr

For those of you utilizing Tumblr, they have released an announcement specifically for iPhone/iPad users.  They are recommending users of the Tumblr app for iPhone/iPad change their passwords immediately.

According to THN, this does not appear to affect the Android app.

This is an instance where using the same email/password combination across several websites could lead to a more-critical account – e.g. company email – being compromised.

[WARNING] Malicious Pinterest Plugin Steals Passwords

Pinterest Malware

According to THN, an independent security professional has discovered a malicious Pinterest plugin.  This browser plugin posing as a Pinterest browser extension, is actually a browser Trojan that can steal passwords, as well as modify your Pinterest Pins to link to malware sites; further spreading the malicious plugin.

They’re even utilizing a bit of a ‘visual trick’ by redirecting to a domain named pinteresf [dot] com.  Notice the ‘f’ and ‘t’ look very similar at a quick glance?  This happened years ago with myspace @ ‘rnyspace [dot] com’.

Many consignment and resale store owners utilize Pinterest to post new inventory or fashion ideas.  Please be on the look-out and be sure to discuss this with any of your employees who work with your social networking accounts.

If you don’t already have the following in-place, here are some recommended tips to help secure your system:

[checklist]

  • Utilize ESET Nod32 Antivirus
  • Ensure the user you’re logged-in to Windows as is not an Administrator
  • Utilize Firefox with the following plugins – NoScript, AdBlock Plus, and Public Fox.  Public Fox lets you password protect Firefox’s options, as well as blocks downloads and unwanted browser changes.
  • Utilize a web filtering service, such as Microsoft’s built-in Parental Controls web filter.
  • Discuss online safety with your employees.  No matter how much you secure a system, deception and trickery can undo all of it.

[/checklist]

If you’re uncertain if your system is secured, be sure to have your system administrator/local tech verify with you, the various security measures implemented.

Windstream, Your Techs Are Bad and You Should Feel Bad

Windstream, seriously, you should feel bad

It’s Friday, the day after Independence day here in the States.  We received an emergency email from a client who is unable to utilize their point of sale system for processing credit cards.  All was working properly, until Windstream introduced a new piece of hardware.  Where our client once had a modem, they now have an all-in-one gateway.

When accessing systems directly via UNC path, the systems are taking over a minute to respond.  Applications that communicate with the Internet, are failing to connect.  Connections are timing-out.

Oh, Windstream also enabled WiFi for the store – how nice of them!

When we called the tech who performed this installation, we were quite surprised to hear the response of, “Man, we do this all the time!”  Instead of, “Oh, well, yeah, I see how after I added a new Layer 3 device, the network is probably going bonkers now.”  No accountability.  When I mentioned the other router, his response was, “How was I supposed to know?”  Because it was right there in front of you.

This isn’t just an innocent mistake or little slip-up.  Mistakes happen, settings can be overlooked, etc.  This wasn’t the case.  The, “we do this all the time” response and lack of understanding how their change could cause issues, make that clear.

This tech didn’t like being called by some out-of-towner giving him an earful on a Friday.  Windstream techs and field techs out there, please, just show an ounce of pride in your work.  It’s businesses like our client, whose systems go down on a holiday weekend while you just get to “close another ticket.”

The scariest part is thinking about how many service providers out there just implement default installations, because “we do this all the time!”

Antivirus Alone Isn’t Enough

Securing consignment systems involves more than just installing free antivirus software and hoping all goes well.  Antivirus alone isn’t enough when it comes to securing or ‘hardening’ a consignment system.  For this first and most-basic layer of protection, we recommend ESET Nod32 Antivirus.

Don’t just download and install Nod32 and think all is well, oh no.  Please take the time to configure ESET, from logging of all objects, to storing logs for 365 days; to enabling the appropriate modules, to password protecting settings.

Configure ESET As Per the PCI DSS

You can’t stop at just antivirus.

The user you log in to Windows as should not be an Administrator.  Configure a restricted account and appropriately configure your Windows NTFS Permissions to allow your consignment software and other applications to run.  Harden your operating system – e.g. disable hidden admin shares, configure Group Policy, etc.

That’s still not enough.

We recommend utilizing Firefox, not Chrome or Internet Explorer.  Chrome relies on Internet Explorer’s settings, so if those settings are ever targeted and compromised, Chrome is also infected.  For Firefox, implement the following add-ons: NoScript, AdBlock, and Public Fox.  The final of those, providing you with a way to password protect your settings, block downloads, and prevent browsing history from being cleared.

Implement the built-in web filtering + monitoring service within Windows known as Parental Controls.  This involves installing the Family Safety pack and registering for a Windows Live account.  Once implemented, you can view all web activity, block sites, and prevent malicious content from being accessed.

That’s still not enough though.

Implement a new set of DNS servers at your Internet gateway.  Comodo is a bit strict, but for a consignment store actively browsing the Internet, strict is good.  OpenDNS is also great for catching malicious domains and content.

It can keep going from there too.  If you have Adobe Reader, Adobe Flash, Java, etc. installed, Patch Management really is the only way to keep those programs updated 24 hours a day.

The point is, antivirus alone simply isn’t enough.

[hr size=’big’]

Here’s a handy checklist for consignment store owners:

[checklist]

  • Utilize ESET Nod32 Antivirus + configure as per the PCI DSS.
  • Do not log in to Windows as an Administrator
  • Further secure the operating system via Group Policy
  • Implement Microsoft’s web filtering/monitoring via Parental Controls
  • Utilize Firefox.  Install NoScript, AdBlock Plus, and Public Fox.  Password protect Firefox via Public Fox
  • Implement secure DNS servers, such as Comodo or OpenDNS

[/checklist]

PCI DSS Requirements Pt. 1 | Build and Maintain a Secure Network

Secure Network

This is Part 1 of our Demystifying PCI DSS Compliance series.

The PCI DSS Guide outlines 12 Requirements that any business which processes credit cards, must adhere to.  The first two PCI DSS Requirements fall under the grouping Build and Maintain a Secure Network:

[box title=”Build and Maintain a Secure Network”]

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

[checklist]

  • Hardware router/firewall in-place
  • Outline router config. information
  • Network diagram (also show card data flow)
  • Document and justify any open ports
  • Strict firewall – e.g. SPI
  • No public access – e.g. no in-store WiFi
  • Do not disclose internal IP addresses, network setup, security measures, etc. to anyone

[/checklist]

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

[checklist]

  • All vendor-default passwords must be changed/disabled – e.g. routers, software, etc.
  • Implement only one function for a server – e.g. database server.
  • Prune system of all unnecessary software and services.
  • Configure security parameters to prevent changes/misuse – e.g. restricted User accounts, password protect applications, etc.
  • Document which programs and services are enabled and in-use
  • Any non-console admin access (i.e. remote access) should be encrypted (e.g. TeamViewer or LogMeIn, not RDP or VNC)
  • No cardholder data should enter a shared hosting environment and any portion of shared hosting involved in cardholder data should be reviewed for PCI-DSS

[/checklist]

[/box]

This first set of requirements attempts to establish a basic set of security measures, from a firewall, to changing/disabling vendor-default passwords.  Make sure you have a physical, hardware firewall in-place.  Create a diagram of your network so you can clearly see every device and the routes between each device.

Be sure to configure your systems in such a way that users cannot modify settings.  Also, do not discuss your network setup, logins, and security measures with anyone.

The PCI DSS also recommends only implementing one ‘role’ per server – e.g. MS SQL Server – as well as to run a clean system, free of unnecessary software – i.e. a clean installation of the operating system.  Be sure to document each program that is installed and be able to justify its use.

Another important item, is to ensure that any remote connections to the server are encrypted.

And finally, if you (or your vendor) utilize shared hosting, no cardholder data can be stored on that server.

Back To Top