As a managed service provider we deal with a lot of different businesses and a lot of different users. As part of our commitment to those businesses and users, we like to ensure that security (and especially security around I.T systems) is kept at the front of customers minds.
One way to do this is to share some stories about security incidents that we have witnessed or been asked to assist with. So here are a few:
The virus borne internet banking scam.
So one day the manager of a small business we look after called to say that they had a problem with their internet banking and that the bank had called them to alert them to the fact they had a virus.
Of course we rushed to help them. We were put in contact with the bank and were informed that the customer had put a transaction through to a suspicious account. On double checking of the details it was found that the suspicious account was not that account that the customer had tried to make a payment too.
On running a scan with their antivirus it was found that they did in fact have a virus. Now this customer had fully up to date and good quality antivirus at the time they were infected, however the AV had since run an update which then enabled it to detect what it had previously been unable to. Meaning that the virus had hit this customer before the Antivirus software makers had been able to detect and update their software.
So the virus had intercepted their payment via internet banking and tried to divert the funds (the payment was for around $20,000!) to another bank account. Lucky for the customer the bank had noticed suspicious activity on that account and blocked the transaction instantly.
The customer has since implemented a secure CommBiz Netlock system which is a custom and locked down browser along with 2 factor authentication token generator. This is an excellent service from the commonwealth bank that we highly recommend. More info at https://www.commbank.com.au/business/online-banking/commbiz/security.html
Using passwords leaked from one website, to blackmail the user.
A customer called us and reported that he had received an email, with his “standard” password in the subject.
The email went on to inform him that his computer had been compromised and that they had used his web camera to record him watching pornographic material and that if he didn’t pay a ransom in bitcoin, then the video would be distributed to all the contacts in his email.
This customer had actually long since stopped using a standard password for all his only services, however he was obviously alarmed at the fact that the subject of the email was the password that he used to use for many site.
So the question was, is this real and how do they know my password?
We took a look at the email and then had a look at https://www.scamwatch.gov.au/ The twitter feed at https://twitter.com/scamwatch_gov is an amazing resource for information of scams that are currently doing the rounds.
Then we also put the users email into the site https://haveibeenpwned.com/ which is another great tool that I send to my customers just to get them thinking about their password and personal information security.
We discovered that the user had had their password leaks from multiple sites, however it appeared likely that the culprit was the Linkedin hack of 2012.
There are a number of things you can do, over and above security awareness, to help protect your users from scams. We recommend the following:
1. Two Factor Authentication
Enable 2 factor authentication – (2FA) on every system where it’s supported. 2 factor authentication is “Something you know” and “something you have”. Combinations usually include a password plus a security code generator, or password and an authentication app on your mobile phone. This can greatly reduce the impact of someone stealing or guessing your password. Every day more services are offering 2FA including Office 365, internet banking, paypal, facebook, ebay and many more. Setting up 2FA is a slightly different process for each service, but usually fairly straight forward. The service will usually offer some documentation or guides on setting it up. AUIT offers consulting services where we can assist you to enforce 2FA on your business systems and ensure all your users are covered.
2. SPAM Filtering and Virus Filtering for Email
SPAM Filtering – ensure you have a decent spam filtering system to block virus and spam emails. We use and recommend the spam filtering services from GoHosting. https://www.gohosting.com.au/security/spam-filtering/
3. Web Filtering Firewall
A good web filtering firewall. A good firewall can greatly assist in providing a secure working environment for your users. We use and recommend Fortinet products. For businesses we recommend the excellent web filter that Fortinet offers on their firewalls. These can help block access to malicious sites and content that your users may inadvertently try to access.
4. Monitored Antivirus and Malware Protection
Monitored Antivirus – On many occasions we have seen users who either don’t have any antivirus installed, or their installed antivirus is out of date or not functioning at all. So it’s important that you come up with a strategy for making sure that your antivirus is working and up to date. At AUIT we install our remote management and monitoring software on all users computers, which is bundled with a high quality antivirus system and gives us visibility and alerts us if any users antivirus stops working or detects a virus.