Interlinked - RansomWeb

RansomWeb could kill your website

After the ongoing waves of Cryptolocker attacks, we are more alert than ever of ransomware and heightening our email and computer security. However, a new trend on the market shows that cybercriminals are now targeting websites as well to seek ransom payment from website owners.

Swiss security firm High-Tech Bridge has identified a new type of threat that is similar in concept to ransomware; however, instead of compromising a system with malware that encrypts files, the attack involves compromising a website and encrypting its core databases.

The attack technique – dubbed ‘RansomWeb’ – was first discovered by High-Tech Bridge in December 2014, when it was investigating the compromised website of a customer. The website was out of service, a database error was displaying, and the company received an email asking for a ransom of US$50,000 in order to decrypt the database.

The attackers first compromised the company’s web application. Then, they modified server scripts so that data was encrypted on-the-fly before it was inserted into the database. The encryption process happened over a long period of time, in this case six months, to avoid raising any suspicion. Once the data was completely encrypted, the victim was sent a ransom demand.

Only the most critical fields of the database tables were encrypted, likely to avoid any web application performance issues during the process. Even the backups were overwritten with encrypted entries, making it difficult to recover the data. The encryption key was stored on a remote web server only accessible via HTTPS, so it could not be intercepted by traffic monitoring systems.

In a different case, attackers targeted a phpBB forum used by an SMB for customer support. The installation was compromised after the attackers stole an FTP server password. Once they had access to the server, they planted backdoors and encrypted users’ email addresses and passwords on-the-fly between the web application and the database over a period of two months.

Part of the success of RansomWeb is just waiting as databases are automatically backed up with encryption, so that systems cannot simply be restored from a recent backup. 

Potential Opportunities of RansomWeb:

  • They can have everlasting impact on web application availability
  • May be used not only for blackmailing but for long-term website destruction
  • Backups cannot help a lot, as the database will be backed up in encrypted mode, while the encryption key is stored remotely and will not be backed up
  • Almost impossible to recover from the attack without paying the ransom

Potential Weaknesses of RansomWeb:

  • Can be easily detected by file integrity monitoring
  • Relatively difficult to encrypt entire database without damaging web application functionality and/or speed
  • May be detected quickly by developers when used on regularly-updated web application

The only reliable way to defend against this threat is to ensure that your website is secure. It is recommended to run a daily automated scanning and perform a manual penetration testing once per quarter, as fully-automated solutions may not be able to secure your website entirely.

Windows 10 - Windows Holographic

10 reasons to be excited about Windows 10

At a media event last week (21st January 2015) Microsoft unveiled many exciting new features for its upcoming Windows 10 operating system – and even told us that it’ll be free*!

Pressed for time? Read on for our quick summary!

1. Free Upgrade* to Windows 10

Windows 10 will be available as a free upgrade for current users of Windows 7, Windows 8.1 and Windows Phone 8.1 for the first year.

After the free period finishes, those who have not upgraded will be charged a fee to do so – however pricing details have not yet been released.

2. Start Menu

Windows 10 sees the return of the Start Menu, bigger and available in full screen. The Start Menu is partially similar to what it was like in Windows 7, however with the addition of Live Tiles.

3. Cortana

Microsoft’s digital assistant Cortana, currently only available on Windows Phone 8.1 and Microsoft Band, will become available on desktop in Windows 10. It has the ability to hear the user’s voice through the microphone, or can be controlled through typing commands. Cortana will be featured adjacent to the start button on the desktop’s taskbar and can answer basic questions about the weather, search the web for specific answers, and find files on the local machine, OneDrive account and even on a business network, all based on natural language questions. The app will also learn the user’s preferences and, over time, will be able to provide better recommendations. Yes, we are another step closer to meeting Her.

4. Project Spartan

The new Internet browser from Microsoft is light-weight and will have built-in note creation and sharing abilities and is Cortana-enabled. It also has a reading mode which will remove all ads from a webpage and only leave the text. Whether the name will stay is not yet confirmed at this stage.

Windows 10 Project SpartanSharing of notes and mark ups in Project Spartan new internet browser.

5. Universal Apps

Windows 10 brings “universal apps” for tablet, smartphone, Xbox and desktop users, as Microsoft attempts to make all apps seamless on any of the mentioned media. Developers will need only to create a single app, which will work seamlessly on a multitude of gadgets running the Windows 10 OS. Screen optimisation issues will be eliminated as apps will adapt to the screen size.

6. Continuum

This new feature will enable touchscreen device users to automatically swap smoothly to the Windows 10 tablet or desktop mode, depending on the device being used and actions triggered. For example, undocking your Surface Pro 3 will expand the app you are using into fullscreen mode, making it easier to use with your fingers.

7. Better Settings

A unified settings menu is coming with Windows 10, with a clean design, simple options and the new Action Center providing more toggles for switching on or off WiFi and other settings. Notifications will also pop up in this space, which will be synced across devices.

8. Augmented Reality

Microsoft presented us with Windows Holographic, an Augmented Reality (AR) platform built directly into Windows 10 that lets users see 3D “projections” using a pair of AR goggles. This is paired with the HoloLens – a wearable, wireless computer that will enable Windows Holographic, allowing users to see the world around them with an overlay on top of it, such as 3D objects and virtual screens on walls.

Also announced was – although unrelated to Windows – the Surface Hub, an 84-inch, 4K, touch-enabled display for office collaboration.

9. Xbox Games on PC and Tablet

Windows 10 users will have the ability to play Xbox games on their PC or tablet. You would need to be on the same network, but even if you aren’t, there will be a new Xbox app that lets you access your activity feed, messages and friends list. It’ll even display information on games in third-party clients like Steam.

10. When can we get it?

The latest Technical Preview build was rolled out at the end of last week to members of the Windows Insider Program, with a mobile version coming in February. The release date for a consumer-ready version has not been confirmed, but is expected to be in late-2015.

Welcome Teltronec

Welcome Teltronec

Interlinked is pleased to announce our recent acquisition of Teltronec, telephone solution experts servicing Sydney and specialising in Panasonic, NEC and Avaya phone systems. Our company benefits from the acquisition as we continue to grow as a leading provider of ICT solutions.

The acquisition will also bring about many benefits to clients who now have easier access to our wide array of services, including business phone systems, managed IT, cloud computing and software development, as well as a larger support team to service all your technological needs.

It is our goal to continue providing the highest level of service to our valued clients and we look forward to speaking to you about your next telecoms or IT project! If you have any questions or comments, please don’t hesitate to contact us.

Sales: enquiries@Interlinked.com.au or 1300 302 207
Support: support@Interlinked.com.au or 1300 302 207
Accounts: accounts@Interlinked.com.au or 1300 302 207

Scam Alert

Scam Alert – Woolworths Voucher Email Scam

A scam email purporting to be from Woolworths has recently been in circulation, claiming that recipients can receive a $150 voucher if they answer a simple question regarding the year Woolworths was founded. Woolworths do not currently have such a promotion and have warned of this on their website.

The email contains a link to an external site (which is not Woolworths) where the recipient is required to fill out their personal details, including credit card numbers.

Woolworths Scam Email

Example of Woolworths Scam Email

There are a few of things to look out for to identify the scam – firstly, the sender email is not from Woolworths. Secondly, when your mouse hovers over the links you will be able to see that they are not links back to Woolworths; they link back to a phishing site. Also, the grammar is flawed, with prize misspelt as “price”.

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

**UPDATE 12th December 2014**

Another one going in circulation is this Coles Christmas Surprise email – one way to identify it is that it utilises the old Coles logo with the circle on the left, which Coles no longer uses.

Coles Christmas Surprise

**UPDATE 9th December 2014**

We received a phone call earlier today from a victim of the above scam, who has had $100 extra charged to their phone bill after participating in the supposed questionnaire to win a Woolworths voucher and providing their mobile phone number.

Another scam email to also look out for is a similar one supposedly from Coles

Coles Scam Email

Example of Coles Scam Email

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

**UPDATE 10th December 2014**

More scam emails to look out for:

Bunning Scam

Example of Bunnings Scam Email

Supermarket Voucher Scam

Example of Supermarkets Voucher Scam Email

Myer Scam

Example of Myer Scam Email

NEC DT400 Series

NEC DT400 Series now available from Interlinked

Great news! The new NEC DT400 Series Digital Desktop Telephones are now available from Interlinked!

Elegantly designed and featured-packed, these phones have an intuitive interface that improves the overall user experience and empowers your team. Supported on NEC’s UNIVERGE SV9000 and SV8000 Series communications platforms, the DT400 Series Desktop Telephones:

  • Support a wide range of features which help improve overall employee efficiency and productivity
  • Deliver investment protection
  • Are ergonomically designed and have an easy to use intuitive interface and an interactive user manual
  • Have a Bluetooth connection adapter option which enables users to receive and place calls through either their smart device or desktop telephone
  • Come standard with features for the visually impaired such as audio key action feedback and large character display

Wide range of features include:

  • A selection of screen sizes – from no screen, single, dual and touch
  • Greyscale or full colour screens
  • Select models available in both black and white
  • Range of buttons from 2 – 24
  • Add-ons allow addition of an extra 8 or 60 buttons
  • Wideband audio
  • High quality full duplex hands free
  • Wall mountable
  • 5 Adjustable heights
  • Intuitive menus
  • Easy to use
  • Easy to deploy with centralised configuration
  • Electronic hook switch support
  • Optional Bluetooth adaptor allows mobile phone calls to be answered using the desk-phone handpiece

For further information, please speak to our Sales Team on 1300 302 207 or enquiries@Interlinked.com.au

Download DT400 Series Brochure

Masque Attack - Interlinked

Flaw in iOS puts users at risk of Masque Attack

Cyber security firm FireEye has warned of a flaw in Apple’s iOS operating system that puts iPhones and iPads at risk of being hacked.

Following the discovery of the “WireLurker” malware, FireEye delved further into the vulnerability in non-jailbroken iOS 7 and iOS 8 devices that was exploited by the malware in a blog post. Dubbed a “Masque Attack”, the tactic allows hackers to install iOS apps on iPhone or iPad via email or text message. The attack takes advantage of a security weakness that allows an iOS app with the same file name – regardless of developer – to replace the legitimate app while keeping all of the user’s data.

According to FireEye, the vast majority (95 per cent) of all iOS devices are potentially vulnerable with this flaw, meaning that data-pilfering malicious apps can disguise themselves as legitimate programs.

Below is an example of an attack:

In the above example, FireEye sent a link to a test case user inviting them to download a new Flappy Bird update. When the person clicked the link, they unknowingly downloaded a hacked update to the legitimate Gmail app. The hacked Gmail app could look identical to the real thing but be sending a copy of all email to a third party.

The same technique could be used to lure people into uploading malicious versions of banking apps, that forward financial details including passwords to the hacker.

Masque Attack works because hackers could disguise a malicious app by using the “bundle identifier”, a digital certificate used by legitimate apps that identifies updates.

FireEye offers three rules for iOS users to protect their devices from Masque Attacks:

  1. Don’t install apps from third-party sources other than Apple’s official App Store or the user’s own organisation
  2. Don’t click “Install” on a pop-up from a third-party web page
  3. When opening an app, if iOS shows an alert with “Untrusted App Developer”, click on “Don’t Trust” and uninstall the app immediately

To check whether there are apps already installed through Masque Attacks, iOS 7 users can check the enterprise provisioning profiles installed on their iOS devices, which indicate the signing identities of possible malware, by checking “Settings – > General -> Profiles” for “PROVISIONING PROFILES”. Deleting a provisioning profile will prevent enterprise signed apps which rely on that specific profile from running. However, iOS 8 devices don’t show provisioning profiles already installed on the devices and extra caution should be taken when installing apps.

“We disclosed this vulnerability to Apple in July. Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks,” FireEye concluded.

Virus Alert

New CryptoLocker Variant Alert

Over the past few days we have noticed an increased circulation of variants of the CryptoLocker Virus, which will infect your computer and encrypt all usable files such as Word Documents, Excel, Access, MYOB, executable files…etc.

This virus will infect the local machine then spread to network drives and encrypt files. The scam involves you paying an amount of money to get a key to unlock the files, with no guarantees.

There is no way to cleanly remove the virus from the machine or decrypt infected files. The only way to restore files would be to restore from a recent backup. The machine would require formatting and reloading from the beginning.

The virus is spread by email, with the malware hidden within the emails.

Recent examples include:

  • an email “Offence report – Penalty Number :xxxxxxx” masqueraded as an infringement notice.
  • an email that says a parcel is ready to be picked up from a local Australia Post office.

If you receive such email please delete it immediately.

A few tips to help you stay protected:

  • Please ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • Alert users to new malware campaigns immediately. These typically increase over the holiday season
  • Educate users about phishing emails and other social engineering tactics
  • If the email is from someone you do not know, do not open it
  • Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email filtering rules.
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free AV products should not be used
  • Isolate infected endpoints from the network as soon as possible
  • Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

For further information on the CryptoLocker Virus, please click here.

**UPDATE 1st April 2015**

This second round of NSW Office of State Revenue (SDRO) fake emails are even more legitimate looking, making it of high risk to recipients.

Below are some screenshots of the email and the website it links to.

 CryptoLocker SDRO Scam Email
Scam email from SDRO

CryptoLocker SDRO Scam Website
Scam website imitating the SDRO

Once the user submits the security code to download their penalty or reminder notice, it downloads a malicious file containing the CryptoLocker virus variant.

SDRO has issued a statement on their website clarifying that they do not issue fines by email and they are only ever issued on the spot or by post.

Some key indicators that this email is fake:

  1. The email has not addressed the recipient by name.
  2. The email cites a traffic offence, however there are no car registration details mentioned.
  3. Hovering over the INVOICE and VIEW CAMERA IMAGES buttons, you can see that the link is not directed to a legitimate government website.
  4. The official website address is sdro.nsw.gov.au while you will see the fake one is nsw-gov.org.
  5. If you do visit the official website they have issued a scam alert, stating that the SDRO does not issue penalty notices or penalty reminder notices by email.

Another scam email also containing the same virus is one from Australia Post, similar to the below:

Australia Post Scam Email

 

auspost suspect email

Scam email imitating Australia Post

Fake Phone Bill - Cryptolocker

Scam email imitating Energy Australia

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

iCloud Security

Two-factor verification for Apple iCloud

Following the iCloud hack scandal with photo leaks affecting numerous celebrities, Apple has revived the two-factor verification for its iCloud.

Two-factor verification brings increased security to iCloud by allowing users to tie in a verified SMS number or connected device, making it harder for an unauthorised user to hack an iCloud account even if they have your password or log-in credentials.

How to enable two-factor verification

In order to enable two-step verification, you must have a current password that meets Apple’s minimum standards of 8 characters complete with at least 1 number and 1 capital letter. If you have to change your current password in order to meet this standard, you’ll have a short waiting period before you can enable two-step verification.

  1. Go to appleid.apple.com from the browser on your Mac or PC.
  2. Sign in to the Apple ID you’d like to enable two-step verification for.
  3. Click on Password & Security in the left hand navigation.
  4. Answer the secret questions you’ve previously set up and click on Continue — if you don’t remember them, you can reset them if you have a backup email on file.
  5. Click on Get Started… under the Two-Step Verification section.
  6. As long as you have a device linked to your iCloud account on hand, click Continue on the next screen.
  7. Read the next two screens about two-step verification.
  8. Once finished, click Get Started on the second screen.
  9. Add your current phone number to start the verification process.
  10. Check your phone for a text message and then enter the 4-digit verification code.
  11. After your phone number is verified, a list of connected devices you can verify should appear.
  12. Click on Verify next to the devices you’d like to trust in case you need to use them for two-step verification in the future.
  13. Once you’re done verifying all your devices, click Continue.
  14. The next page gives you your Recovery Key which you’ll need to either print out or write down.
  15. Once you’ve gotten the code written down or printed, click Continue and then verify it by typing it out on the next screen. You won’t be able to continue until you confirm you know the code.
  16. Click Confirm in order to continue.
  17. Click the checkbox to confirm you understand what you’ll need in order to complete two-step verification should you forget your password.
  18. Click Enable two-step verification.
  19. You’ll receive a confirmation that two-step verification has been enabled. Click Done.

For more FAQs about two-factor verification, see the Apple website (here).

CryptoLocker Variant

CryptoLocker Variant Alert

Over the past few days we have noticed an increased circulation of variants of the CryptoLocker Virus, which will infect your computer and encrypt all usable files such as Word Documents, Excel, Access, MYOB, executable files…etc.

This virus will infect the local machine then spread to network drives and encrypt files. The scam involves you paying an amount of money to get a key to unlock the files, with no guarantees.

There is no way to cleanly remove the virus from the machine or decrypt infected files. The only way to restore files would be to restore from a recent backup. The machine would require formatting and reloading from the beginning.

The virus is spread by email, with the malware hidden within the emails. An example is one that says a parcel is ready to be picked up from a local Australia Post office. If you receive such email please delete it immediately.

A few tips to help you stay protected:

  • Please ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • If the email is from someone you do not know, do not open it
  • Microsoft Essentials, AVG, and other free AV products should not be used

If you have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

For further information on the CryptoLocker Virus, please click here.

iPhone 6 Revealed

New Apple iPhone revealed at last

Introduced by Tim Cook as “the iPhone 6 and iPhone 6 Plus – they are without a doubt the best iPhones we’ve ever got”, the newest phones to Apple’s iPhone collection have finally been revealed yesterday in a their product event, along with the Apple Watch and Apple Pay.

If you read our post last month, you would know that we are just as excited as you are! As anticipated, it comes in two sizes – 4.7 inches (iPhone 6) and 5.5 inches (iPhone 6 Plus – Apple’s first phablet).

It is also the thinnest iPhones yet, at 6.9mm for the iPhone 6 and 7.1mm for the iPhone 6 Plus. The phones boast Retina HD displays, better camera, increased battery life, iOS 8, Touch ID finger scan technology, and in-built NFC allowing for Apple’s new mobile wallet functionality, Apple Pay.

The iPhone 6 will come in gold, silver or space grey, and will be available in Australia from 19th September, costing $869 for the 16GB model, $999 for the 64GB model and a new 128GB model for $1,129.

iPhone 6 Plus, in the same colours, will cost $999, $1,129 and $1,249 respectively.

Also announced at yesterday’s event is the Apple Watch, a sleekly designed wrist device that links to the iPhone and “will redefine what people expect from this category”, Mr Cook said.

It has newly designed software that works with a dial on its side and will come in two sizes, as well as in classic, sports and gold edition models, but won’t be available until early 2015.

It has the ability to detect pulse rate and features other health-tracking applications, as well as apps for maps, photos, music and messages. It will cost $349USD however Australian pricing is not yet announced.

More details on the iPhone 6 on the Apple official website

More details on the Apple Watch on the Apple official website