VIRUS ALERT – AGL Energy Bills Scam

Recently, AGL have been plagued by an email scam. The energy company have release a statement acknowledging the email scam advising that “the scam email presents as an e-account and asks readers to click on a link,” the statement said. It “contains malicious malware that has potential to access personal information. AGL advises it will never send an email asking for personal banking or financial details. Anyone receiving a suspicious email should delete it immediately or, if opened, not click on any links within the email.” The email scam has been reported to the Australian Federal Police, Scamwatch and the Australian Competition and Consumer Commission.

agl-scam-email

The email has been created to look identical to AGL Energy electronically sent bills which prompts the user to click to download a copy.

It then saves a .zip file including the malware “ransomware” which has been designed to block access to a computer system until a sum of money is paid.

Over 10,000 Australian’s are reported to be infected with the malware.

If you receive this email please do not open the attachments and delete the email immediately.

A few tips to help you stay protected:

  • When attempting to open it on your phone or MAC devices, it will give an error to use a Windows computer
  • The .zip file will be suspicious
  • The URLs will be in the form of “checkyourbills.com” or “electricitybill.com”
  • Ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • Alert users to new malware campaigns immediately.
  • If the email is from someone you do not know, do not open it
  • Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email filtering rules.
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free AV products should not be used
  • Isolate infected endpoints from the network as soon as possible
  • Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

Related posts:

Public WiFi Security

3 questions you must ask about public WiFi security

In this day and age we are constantly digitally connected, whether it is for personal use or for work.

Mobile data usage can start to become costly if you are using it frequently for heavy downloads such as videos and images. With the increasing need for internet on-the-go, there is also a surge in the number of free public WiFi networks that we can connect to. It is all so easy that we often forget to perform the necessary security checks, or simply don’t bother to.

Are you aware of the security risks involved with public WiFi connections?

White hat hackers have proved that usernames, passwords, banking details, and contact lists can easily be accessed from public WiFi hotspots. For instance, in 2013, First Base Technologies conducted two tests with security firm Trend Micro, and they were able to get very personal details of people through a test public WiFi network, even after forcing these people to consent into allowing their data to be collected.

Using a 4G router for internet access, which was wired to a separate wireless access point and a laptop between the two to capture traffic via packet-capturing software, the white hat hackers were able to get personal data on the participants. None of the participants were aware of the ability to set up rogue wireless access points disguised as legitimate hotspots to steal information.

Are you or your employees at risk of compromising confidential information using public WiFi?

If you’re planning to use a computer, make sure your antivirus and antispyware software is always up-to-date. Avoid turning off your firewall – if you use Windows 7 or Windows 8, you are able to configure your firewall to block unsolicited attempts to connect to your computer while using a public network.

In addition, you should strive to choose the most secure connection available. Sometimes paying for access is necessary, but it’s worth the cost. A password protected connection is always better than one without.

When possible, save your financial transactions for a home connection. When using a public network, credit card numbers, passwords, and financial information in general are less secure. If you must make financial transactions using a public network, make sure there is a locked padlock icon in the URL address bar.

Does your organisation have a thorough understanding of security risks?

Every employee has a responsibility to make sure they’re educated about the risks of wireless computing on public WiFi, and it is important to involve all individuals with the maintenance of security controls.

Many internet users are not aware of the potential security risks involved with public WiFi. Speak to your IT Manager or Services Provider today and learn how you can better protect yourself while connecting to the internet publicly.

Interlinked - Business Disaster Ready

Is your business disaster-ready?

Disasters can strike at any time, whether they be caused by human error, malicious attacks or natural disasters such as fires and floods.

When unforeseen incidents occur, the organisation’s disaster recovery plan should instantly come into action to ensure that business continuity can be maintained with either no interruption or a minimal amount of it.

Business continuity involves thinking about the business at a higher level and asking: how quickly can I get my business operating again in case of system failure? Investment in business continuity is like buying insurance, and should be a vital part of any business plan since the best way to prevent downtime is to keep a step ahead of potential disaster.

Don’t be complacent

Most businesses think they are ready for business continuity, but once disasters actually strike the real problems occur. The issue is that consciousness slips as time goes on. What businesses must be able to do is to minimise the impact of unplanned downtime when something disruptive happens. With so many ways to connect with the world in today’s society, the reputational risk with a business not being able to function as it should is huge.

Downtime is real, and it’s costly. According to research by the Aberdeen Group, the cost of downtime by company size are: small companies approximately $8,581 per hour; medium companies $215,638 per hour; and large enterprises $686,250 for every hour of downtime.

The numbers speak for themselves: you need to plan for downtime. If you do not currently have a clear disaster recovery plan in place, start by speaking to your IT department or IT service provider to devise one that is suitable for your business.

Backup!

Traditionally, backing up is performed overnight when most users have logged off their organisation’s systems using a rotation of tapes. Despite being a technology that is more than four decades old, 61% of SMBs still ship backup tapes to a storage facility or another office. The processes for saving data to tape, removing it to a remote location, and retrieving it for disaster recovery are extremely cumbersome and time consuming, costing business hours of downtime that can otherwise be avoided.

Today as we expect 24×7 usage and the amount of data is rapidly expanding, it is increasingly important to employ updated solutions that can cater for such around the clock needs.

Consider backing up to the cloud – your backups are stored in data centres offsite to rule out the possibility of data loss due to physical damage to your business location, and recovery time is quick as it can all be done remotely. Automated backup methods can also be set up at a regular interval to ensure all your latest data are saved securely and can be quickly accessed should something go wrong.

Test, test and test

Anyone who has executed a plan before would know that things don’t always go as expected.

To ensure that a disaster recovery plan works, it has to be regularly tested. Backups need to be performed regularly with continuous availability, and testing will help to iron out any flaws in the process before disaster strikes.

Is your business disaster-ready?

How ready do you think your business is now? It always helps to discuss with professionals, so speak with your IT manager or service provider. The last thing you’d want for your business is to realise that you don’t have the necessary recovery methods – only after it’s too late.

Virus Alert

VIRUS ALERT – beware of these spam emails

We have received a large influx of emails containing malicious attachments in the last 48 hours, with content relating to account balances, outstanding invoices, investments and pay cheques.

Virus Email Screenshot

 

Virus Email Screenshot

Virus Email Screenshot

Virus Email Screenshot

If you receive such emails please do not open the attachments and delete the email immediately.

A few tips to help you stay protected:

  • Ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • Alert users to new malware campaigns immediately.
  • If the email is from someone you do not know, do not open it
  • Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email filtering rules.
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free AV products should not be used
  • Isolate infected endpoints from the network as soon as possible
  • Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

Related posts:

DDoS Attacks - Identification and Preparation

How to identify and prepare for DDoS attacks

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The flood of incoming traffic to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

These attacks are not new, however, the volume of attacks has surged over recent months, including the largest DDoS attack on a European network in February and continued DDoS attacks which shut down one of the world’s largest Bitcoin exchanges, MtGox.

The source of the traffic is usually a network of compromised “zombie” computers (also known as a botnet) that send the traffic. Hacker forums, blogs, and even YouTube share easily accessible information on how to set up a DDoS attack, making it possible for anyone with an internet connection can launch an attack.

Not only are DDoS attacks difficult to deal with – they can also have detrimental consequences for businesses.

How can you tell whether you’ve been the victim of a DDoS attack?

It can be challenging to determine if your website is down due to legitimate traffic, or because of an attack. The key to telling the difference lies in the length of time the service is down for. If slow or denied service continues for days rather than a short period during a spike in traffic, then it is time to start to look into the issue.

Unfortunately, you cannot simply check to see if all of the traffic is coming from the same IP address, as this is the exact purpose of a DDoS: to have traffic coming from multiple sources.

How can you prepare yourself?

You don’t want to wait until business has been compromised by an attack to protect yourself. Here are a number of steps to prevent you from becoming an easy target and keep your network clean of spammers and other criminals:

1. Be aware

Invest in technology that allows you to know your network’s normal behaviour and will make you aware of any abnormal incidents such as a DDoS.

2. Boost capacity

Make sure you provision enough server capacity and tune for best performance under high load. Build the biggest network you can with effective elements for advanced mitigation.

3. Practice your defence

Knowing how to use your defensive strategy is just as important as buying and installing it. Practice the drills over and over to get it committed to your staff’s minds.

4. Get help

If you don’t have the resources to deal with attacks in-house your best bet is to speak to a managed service provider who can monitor your network’s performance closely and react instantly when abnormal behaviour is detected.


Do you have questions or concerns about DDoS attacks and their effects on your business? Speak to our friendly team on 1300 302 207 or send us a message online here.

 

Australia ranked second in the world for ransomware detections

Australia is second in the world in ransomware detections

Australia recorded the second highest number of ransomware detections worldwide in Q1 this year, with 6 per cent of total detections, and ranked third in the world for the highest number of users who clicked malicious URLs throughout the quarter (5 per cent), according to Trend Micro’s Q1 threat roundup report.

The report also found that the number of ransomware infections that occurred in Australia and New Zealand in Q1 jumped from 16 per cent to 28 per cent for enterprises since the previous quarter, and small businesses from 6 per cent to 14 per cent.

Types of threats

The threats were made up of combination of new and old threat variations. Users from Australia and New Zealand fell victim to Crypto-ransomware attacks, with infection counts quadrupling from 1,540 in Q1 2014 to 7,844 in Q1 2015. Crypto-ransomware infections make up almost half (49%) of the total ransomware volume found as of last quarter

Old threats have been invigorated with new targeted attack tools, tactics and procedures. There has been a resurgence of macro-malware, with 5 per cent of the world’s macro-malware detected in Australia in Q1 2015. The FREAK flaw also posed further security challenges as it presented more vulnerabilities in open source operating systems and applications.

No industry exempt

“Ransomware is very much top of mind for IT managers in Australia and New Zealand as we see fresh campaigns from cyber-criminals regularly,” said Dhanya Thakkar, managing director at Trend Micro Asia Pacific.

“Even though we are early in the year, it is clear 2015 is shaping up to be noteworthy in terms of volume, ingenuity and sophistication of attacks.”

“While we need to constantly update our systems to protect against new attacks, the first quarter of 2015 clearly showed we need to also watch out for older threats, and how no industry or system should feel exempt.”


Do you have concerns about the IT and online security of your business? Speak to Interlinked today on 1300 302 207 or send us a message online here.

Cryptolocker with Breaking Bad twist

New wave of Cryptolocker with a Breaking Bad twist

A new iteration of the crypto ransomware has emerged in Australia, which themes itself around the hugely popular U.S. crime drama show Breaking Bad.

Identified by security firm Symantec, the new threat a.k.a. Trojan.Cryptolocker.S ransomware features the ‘Los Pollos Hermanos’ logo from the show, which is the fried chicken chain brand used by drug-lord Gustavo Fring to launder his nationwide crystal meth manufacturing operation.

The malware encrypts videos, documents, images and other files, on the target computer using a random Advanced Encryption Standard (AES) key, and the private key can only be obtained by paying the attackers. Victims are then ordered to pay up to $1,000 AUD in order to get their files unlocked.

Additionally part of the anonymous email address supplied in the instructions on how to pay the ransomware authors features the signature quote “I am the one who knocks”, a sinister statement by lead character Walter White.

CrptoLocker - Breaking Bad Twist

Symantec reports their understanding that Trojan.Cryptolocker.S ends up on users’ machines via social engineering, and say that the first point of infection is a zip archive containing the malicious VBC.Downloader.Trojan, entitled – in this case – PENALTY.VBS. The file decompresses to a non-malicious PDF in order to convince the victim that the unzipping operation was harmless, whereas it has actually unleashed the crypto ransomware upon the unwilling victim.

The crypto ransomware targets files with the following extensions for encryption:

  • .ai
  • .crt, .csv
  • .db, .doc, .docm, .docx, .dotx
  • .gif
  • .jpeg, .jpg
  • .lnk
  • .mp3, .msi
  • .ods, .one, .ost
  • .p12, .pdf, .pem, .pps, .ppsx, .ppt, .pptx, .psd, .pst, .pub
  • .rar, .raw, .rtf
  • .tif, .txt
  • .vsdx
  • .wma
  • .xls, .xlsm, .xlsx, .xml
  • .zip

A good backup schedule can help protect against this type of malware as you would not need to decrypt a file if you already have a copy of it – however there is still the possibility that a new and hard to recreate file may be encrypted before it is backed up.

A few tips to stay protected:

  • Ensure your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Alert users to new malware campaigns immediately
  • Educate users about phishing emails and other social engineering tactics
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free antivirus products should not be used
  • Isolate infected endpoints from the network as soon as possible

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.


“I am the one who knocks”

Infectious Spam Alert

Infectious Spam Alert

Over the past week we have had a significant amount of infectious spam emails going out to our clients.

Below are some examples of emails that have been quarantined by our email security system, with senders imitating the Australian Tax Office, Australia Post and other trusted organisations.

spam-1 spam-2 spam-3

A few tips to help you stay protected:

  • Ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • Alert users to new malware campaigns immediately.
  • If the email is from someone you do not know, do not open it
  • Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email filtering rules.
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free AV products should not be used
  • Isolate infected endpoints from the network as soon as possible
  • Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

Related posts:

Shadow IT

5 Step Plan of Attack on Shadow IT

Technology is becoming more and more readily available, with such things as cloud storage and web applications instantly accessible at the click of a button. Individual users can now easily access the latest technologies, and there is no doubt that employee productivity and work efficiency are reaching new peaks. However, how can management ensure that sensitive business data is being processed securely through external IT solutions?

What is Shadow IT?

Shadow IT” refers to applications and IT solutions used inside organisations without explicit organisational approval, and describes solutions deployed by departments other than the IT department.

Unsanctioned use of IT solutions exposes the organisation to extra risks, putting sensitive data beyond the reach of corporate firewalls and other security measures. IT costs can also quickly spiral out of control as different applications are being used by different people across a multitude of devices, many of which have been purchased outside of traditional IT and procurement channels.

If your organisation is affected by Shadow IT, you are not alone. In a recent study by marketing firm Outsource on behalf of Red Hat, an interview of 110 Australian and 40 New Zealand senior IT decision-makers found that only 13.3 percent of respondents are using cloud applications or platforms with full approval from senior managers.

Why does Shadow IT happen?

Before any company can tackle this issue, they must first identify the reasons why employees have looked externally to begin with.

“Organisations using cloud technologies without senior management approval tend to do so because they cannot get the speed and agility they need from existing, approved organisational systems,” Max McLaren, Red Hat’s ANZ regional vice president, said in a statement.

Shadow IT exists because people need to get work done and “official” IT hasn’t been responsive enough, or because it lacks the necessary tools. This drives employees to find an adequate solution on their own, and security would not be their priority.

To overcome the problems that arise with Shadow IT, it would require long term efforts, communication and cooperation between management, IT staff, service providers and employees.

How can Shadow IT affect my organisation?

  • Usually more costly.  Duplicate subscriptions and services that don’t receive the benefit of volume discounts could be rampant throughout the company.
  • Can degrade app performance. The organisation’s internet connection could get clogged with cloud traffic. Cloud use depends on network access. If IT is in the dark about cloud services and doesn’t account for them in its capacity planning, network pipes can fill up fast.
  • Can increase your vulnerability to hacks. Shadow IT services aren’t connected to your core directory structure, and users are prone to reusing their existing credentials with the new, non-IT-sanctioned service for the sake of convenience. Identical credentials to your core directory, then, can get leaked in other systems, which significantly increases the risk of security breaches. IT cannot manage these credentials because it doesn’t know about them.

Plan of Attack

1. Adopt a more progressive approach

Shadow IT highlights those areas in which current IT systems are falling short of the needs of the employee. Management needs to enable productivity by building the right environment to bring the tools in-house as needed. Try to make official IT as easy and responsive as Shadow IT while still asserting appropriate control over corporate intellectual property. With a more progressive approach, management could implement regulations that actually support Shadow IT initiatives, helping them to understand employee grievances to achieve the right solutions.

2. Implement flexible management tools

The distinction between work and non-work is quickly diminishing, and policies towards device and software capabilities should reflect this. Employees will likely reject the notion of management controlling personal devices but will generally accept control of corporate information on those devices. Therefore, businesses should look for mobile applications and management tools that offer greater flexibility.

3. Reach out to Shadow IT vendors

Proactively contact vendors and suggest that they work with you directly over letting employees or individual business units implement their services on an ad hoc basis. This will not only help you maintain control and visibility, it will help the vendor establish a more long-term and profitable relationship with the company.

4. Educate your team

Once management has sight of the applications in use throughout the organisation, the next step is to educate employees about why certain activities have been blocked. Offering alternative apps that have similar features, but are lower-risk, means employees will feel empowered by using apps and devices they enjoy, while corporate security is maintained.

Consulting and providing feedback also reflects your strong position to give guidelines of approved applications, policies and alternatives. Staff will want to be informed and discuss their IT queries so they can get the job done and improve business processes. Ultimately, this open approach will give management greater visibility and insight into what applications users are deploying.

5. Engage a Managed Service Provider

With a wealth of knowledge and experience in the industry, a Managed Service Provider would be able to provide all of the above. They are in the best position to analyse the applications currently being used by your team, whether these solutions are suitable for standardised use, and suggest possible alternatives to cater for your business needs. They can also manage the entire project from start to finish, ensuring that any new services and solutions deployed integrates smoothly with existing business systems, and provide any necessary training to ensure employees’ technology use does not compromise business security.

Accessibility to technology has meant a much more complex working environment, however companies that manage to leverage it to perform at their peaks will be able to gain a great competitive advantage in this new world.


Do you have concerns about Shadow IT in your organisation? Chat to us today on 1300 302 207 or send us a message here.

Interlinked - RansomWeb

RansomWeb could kill your website

After the ongoing waves of Cryptolocker attacks, we are more alert than ever of ransomware and heightening our email and computer security. However, a new trend on the market shows that cybercriminals are now targeting websites as well to seek ransom payment from website owners.

Swiss security firm High-Tech Bridge has identified a new type of threat that is similar in concept to ransomware; however, instead of compromising a system with malware that encrypts files, the attack involves compromising a website and encrypting its core databases.

The attack technique – dubbed ‘RansomWeb’ – was first discovered by High-Tech Bridge in December 2014, when it was investigating the compromised website of a customer. The website was out of service, a database error was displaying, and the company received an email asking for a ransom of US$50,000 in order to decrypt the database.

The attackers first compromised the company’s web application. Then, they modified server scripts so that data was encrypted on-the-fly before it was inserted into the database. The encryption process happened over a long period of time, in this case six months, to avoid raising any suspicion. Once the data was completely encrypted, the victim was sent a ransom demand.

Only the most critical fields of the database tables were encrypted, likely to avoid any web application performance issues during the process. Even the backups were overwritten with encrypted entries, making it difficult to recover the data. The encryption key was stored on a remote web server only accessible via HTTPS, so it could not be intercepted by traffic monitoring systems.

In a different case, attackers targeted a phpBB forum used by an SMB for customer support. The installation was compromised after the attackers stole an FTP server password. Once they had access to the server, they planted backdoors and encrypted users’ email addresses and passwords on-the-fly between the web application and the database over a period of two months.

Part of the success of RansomWeb is just waiting as databases are automatically backed up with encryption, so that systems cannot simply be restored from a recent backup. 

Potential Opportunities of RansomWeb:

  • They can have everlasting impact on web application availability
  • May be used not only for blackmailing but for long-term website destruction
  • Backups cannot help a lot, as the database will be backed up in encrypted mode, while the encryption key is stored remotely and will not be backed up
  • Almost impossible to recover from the attack without paying the ransom

Potential Weaknesses of RansomWeb:

  • Can be easily detected by file integrity monitoring
  • Relatively difficult to encrypt entire database without damaging web application functionality and/or speed
  • May be detected quickly by developers when used on regularly-updated web application

The only reliable way to defend against this threat is to ensure that your website is secure. It is recommended to run a daily automated scanning and perform a manual penetration testing once per quarter, as fully-automated solutions may not be able to secure your website entirely.