assess-pic03
Written by Troy Wachter

National Cyber Security Awareness Month – Protecting Your Mobile Device

October is National Cyber Security Awareness Month and Oxford Solutions is excited to provide some basic cybersecurity tips that are designed to increase awareness in cybersecurity and help people protect themselves from becoming a victim of cybercrime.  This tip is focused on protecting your mobile devices from rogue WiFi access points.

Did you know that connecting your mobile device to public WiFi hotspots that don’t prompt for a password can leave your device open to attack?  Hackers are aware and can easily trick your phone or tablet into connecting to a network which they control.  They exploit an ease-of-access design vulnerability.  Mobile device manufacturers (Apple, Android, Samsung, etc) design their products in a way that they automatically connect to WiFi networks which they have joined to in the past.  While this is very convenient for you, it is dangerous if not properly managed.

Let’s look at an example:  Starbucks encourages their customers to stay longer in their restaurant by providing places to sit and get free access to the Internet.  Almost all Starbucks locations use the same WiFi network name: attwifi.  There is no password to access the network.  After you leave Starbucks, your mobile device will continually look for the “attwifi” network.  If there is another “attwifi” network within range of device, it will automatically join to that network if it is not already joined to another WiFi network.  Hackers know this and are known to setup rogue WiFi hotspots with commonly used WiFi network names, such as “attwifi.”  If your mobile device comes within range of their rogue WiFi access point, your device will join to their network and they may begin to scan and possible break into your device!  This can be a common practice in densely populated areas.

The best way to prevent this is to go into your mobile device settings and force it to “Forget” the WiFi network when you are finished using it.  This will prevent your device from unwittingly becoming the target of opportunity for a hacker looking to make a quick payday from your information. You can do this by going into your WiFi settings while still connected to the WiFi network and then selecting more options, then clicking “Forget Network.”

 

Scott Croskey

0
sld-services
Written by Troy Wachter

How to Handle Ransomeware

THREAT OVERVIEW:

The Zepto family of ransomware is a relatively new variant similar to the Locky malware family. It attacks a company or individual by encrypting files and then offering the key to decrypt those files after a ransom is paid to the attacker. Because Zepto is relatively new (first being reported on in late June 2015), there are not many signatures available to detect this threat as of late July 2016.  The initial threat vector is typically via email.  An unsuspecting user will receive the malware and are tricked into opening the infected file.  Once the victim is infected, the malware has two primary objectives:  1) Further replication through email, and 2) Scan and encrypt any file that is accessible to the victim machine.  It is important that IT staff quickly contain a ransomware infection as it has the capability to spread quickly throughout the network and cause significant issues with business productivity.

 

GENERAL RECOMMENDATIONS:

Oxford recommends that you phase your incident response approach into three main areas of effort to combat the ransomware infection:

1) Containment. In order to contain the infection, IT staff must concentrate on stopping the malware from spreading.  This involves placing rules on a mail server to ensure any indicators of compromise from the initial infection are locked down (E.G. Do not allow emails to be sent from the mail server with a Subject line matching or similar to the subject of the initial infection. Do not allow emails to be sent from the mail server that contain file attachments of the same type seen in the initial infection).  If the mail server is found to be infected, it may require being taken offline to ensure the malware no longer propagates itself through the network to other victims.   Containing the infection also involves the quick removal of any infected host found on the network.  Most ransomware attacks uses the victim’s computer to initiate scans of the network for available files and then conduct encryption techniques on any vulnerable files that are found.

2) Eradication. Once the infection is contained and no longer found to be spreading, IT staff should look to eradicate the malware from the network.  Re-imaging of infected machines is typically the quickest way to restore the system to a known good configuration.  Servers found to have been infected may require additional care since a full restoral can be costly and time consuming.  It is recommended that IT staffs research the variant of ransomware they were infected with and look for recommendations to restore servers without completely wiping them.  Finally, IT staff should look to remove any encrypted files from network shares.

3) Restoral. Once all infected systems are removed and all traces of the malware and/or encrypted files are removed, IT staff may bring the systems back online and restore files from the latest backup.

Written by Scott Croskey

0
Safety concept: Closed Padlock on digital background
Written by Aidan Kehoe

Q&A HOW DO YOU KNOW IF/WHEN YOU ARE HACKED?

Most companies don’t know!

As the world becomes more desensitized to hear- ing about cyber attacks happening, and breaches become as common as yellow cabs in New York City, corporations large and small are going to face into some major challenges that will seem almost insurmountable if your a CISO or a board member tasked with corporate governance today.

0
Written by Dr. Richard White

Q&A THE U.S. OFFICE OF PERSONNEL MANAGEMENT BREACH

We definitely have concerns regarding the nearly 22 million individuals compromised by the OPM hack. One of our chief concerns are the Oxford employees that currently hold high-level security clearances; of which all begin with the SF-86 form now archived within OPM.

0

ARE YOU PREPARED? ARE YOU PROTECTED?

Let Oxford Solutions help you stay informed, protected and ahead of the threats.