Posts by Mark Pace

Beware Apple iOS attacks using ‘Masque Attack’ techniques from uncertified apps

Posted on by Mark Pace

Researchers have discovered a technique that may enable attackers to substitute malware for a legitimate app on Apple iOS devices such as iPhones and iPads.

Although the risk of being subjected to a Masque Attack is low, it is another reminder not to download pirated apps or software from untrusted sources. It is also a reminder that Apple products are increasingly being targeted by attackers.

As many people believe you cannot get a virus/trojans/malware on Apple devices (more so on OSX), this is not true and Apple devices, due to their numbers, will and currently are being targeted. Sterling IT use and recommend Webroot and/or Trend Micro Antivirus to protect Apple Mac.

About Masque Attack

A Masque Attack can occur if a user downloads an app from a rogue source such as a link embedded in a phishing email or from an unofficial app site hosting fake ‘uncertified’ apps.

The Masque Attack takes advantage of a weakness in iOS security which can enable malware to be installed.

If a malicious app can be crafted to use the same ‘bundle identifier’ (an ID Apple uses to identify individual apps) as a legitimate app on your phone, Apple will not check its security certificate. It means that a malicious app can replace a legitimate app on your device.

A criminal using the Masque Attack technique will typically disguise their malware as a popular game or program for you to install. Only install via the APP STORE via your device.

Once installed it may be able to steal information from your device such as passwords or internet banking details and send them to a remote server controlled by criminals. Possible impacts include the malware being able to steal logon credentials; access sensitive data; avoid detection and steal Apple IDs and passwords.

Staying safe

  1. Do not download software or apps from untrusted sources. Sticking with Apple’s AppStore helps protect against downloading malicious software
  2. Do not click ‘install’ from pop ups when viewing a web page. Even if it tells you , that you have a virus. Most of these are traps.
    Sterling IT has posted MANY emails recently with relation to this and unfortunately we are still getting clients infected, even with prior warning.
  3. If your iOS device shows an ‘Untrusted App Developer’ alert when you open an app, click on ‘Don’t Trust’ and uninstall the app immediately.
  4. Use security software for all your computer and mobile devices.
  5. Keep your system up-to-date by downloading software updates as they are released.
  6. Do not connect or ‘pair’ your device with untrusted computers.

For FREE advice or any questions regards to this, please contact Sterling IT. You are better asking as prevention is better than cure!!

 

Are you travelling staying in a hotel or using public wifi? – ‘Darkhotel’ downloads information-stealing malware.

Posted on by Mark Pace

There are a number of articles and warnings about Executives being hacked in shared wi-fi including Luxury Hotels , especially in the APAC regions.

Dubbed ‘Darkhotel’ by Kaspersky, the attackers infiltrate luxury hotels’ wi-fi to steal sensitive corporate data from travelling executives.

Targeted businesspeople connect to the hotel wi-fi and are prompted to download fake updates from programs such as Google Toolbar, Adobe Flash and Windows Messenger. Once downloaded, the backdoor installs an advanced keylogger, an information-stealing module and the Trojan ‘Karba’.

Once these applications are installed, it starts looking for private information, cached passwords and login credentials, the attackers delete these hacking tools and avoid suspicion.

A representative from Kaspersky said the attackers have “operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision”.

This malware can also be spread through peer to peer or file sharing networks. It’s estimated that Darkhotel has been downloaded over 30,000 times in the last six months.

To date, the majority of these infections were identified in Japan, Taiwan, Russia, China and Hong Kong.

Kaspersky principal security researcher, Kurt Baumgartner, said these attacks are becoming more common: “Targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools.”

To avoid attacks,

1. Never install or accept software you are not sure about. If you are in doubt, call Sterling IT and we will quickly confirm the legitimacy of the application or pop up.

2. Use a phone company internet connection such as Vodafone, Telstra or Optus 3G/4G USB or Pocket wifi cards instead of shared services.

3. Ensure your antivirus is up to date.

4. NEVER open emails that you are not expecting with links or attachments.

 

Storm Season, Power Surges and UPS protection.

Posted on by Mark Pace

 

Are you protected against storms? (Sterling IT)
Are you protected against storms?

Electronic and computer based equipment need high quality, uninterrupted power supplies.

In Australia, particularly during summer months, excess strain is placed on our aging electrical infrastructure.  Adding to this is the unpredictable weather patterns associated with summer storms which can cause electrical surges and power outages for extended periods of time.

The best form of PC protection is at all times to be plugged into a quality UPS (Uninterruptible Power Supply). This is a surge protector and voltage regulator with a back up battery. The better ones actually talk to your PC via USB, so when power drops out, the UPS instructs the PC to close all programs safely and then shut down all under battery power. For Laptop users, this is not such great concern, however, plugging into a surge protector may just save your power adapter and in some severe cases your laptop.

With no UPS, if lucky enough to be home before a storm hits, you should power down your PC and unplug it from the wall. BUT, that isn’t all; the most vulnerable route for a voltage spike is through your telephone line. We have seen some pretty severe cases where a Lightening strike has merely passed a telephone pole, to completely render every device useless connected to the router by wire (Ethernet). EMF will surge down a phone line and through your equipment like an electrical Tsunami… It takes out everything in it’s path. The safest way of protecting your equipment during an electrical storm is to firstly disconnect your telephone line from the wall (this is your source of ADSL as well as telephone), and then shut down your computers and disconnect from the power. Unfortunately, even a moderate UPS is no protection against a huge EMF spike.

We also strongly recommend you have insurance to protect your for business interruption as well (Liaise with your broker or insurance company for this) as even with recovery of systems, the loss of income could be claimed.

Even with a UPS, we have found equipment to be affected. This can be due to massive spikes or phase drops as well as the surge coming from phone lines rather than electricity lines.

Some of the more sophisticated UPS’s on the market come with software which monitors the power usage and demand on a computer or server, if the power is off for any period of time, this software will log the users off, and close the programs, then shut down the server safely.

Size matters, having the correct UPS installed will ensure that the power requirements for the business are met and the key hardware protected.

It is also worth checking your UPS from time to time, to make sure that it is doing what it is supposed to. If you’re not sure what your needs are, please request that we check next time we are onsite or book in a health check.

If you do suffer a computer failure after a storm, contact us at  Sterling IT on (02) 9756 6866  and we’ll do our best to get you back on line.

“Sterling IT also provide insurance reports, quotation estimates and repairs or replacements.”

 

 

iOS malware discovered on unofficial Chinese download site

Posted on by Mark Pace

Researchers have discovered malware that affects Apple iOS devices such as iPhones and iPads connected via USB to an infected Mac OSX computer.

WireLurker, as it is called, is among just a few examples of malware that has been able to effectively target iOS devices. As a result, it has received significant media coverage. Apple has blocked apps identified as having the malware, and currently, the malware has been limited to fake apps on a third party download site, that is known to host pirated software, for Chinese users.

Although this is unlikely to affect Australian iOS users, it is a reminder that downloading pirated apps or software from untrusted sources is risky. It is also a reminder about the increasing attention Apple products receive from attackers.

About WireLurker

WireLurker is a form of malware called a Trojan, which can infect desktop or laptop computers if a fake app, hosted on the Chinese site, is downloaded. It then attempts to target and infect any iOS device connected to the computer via USB.

Malicious versions of well-known apps included Angry Birds, The Sims 3, International Snooker 2012, International Soccer 2014, Spider 3 and Bejeweled 3.

Once installed on your computer, the malware waits for you to connect your iPad or iPhone, before copying itself (or automatically generating malicious apps) on to your device. The malware can attempt to read and send your device’s serial number, phone number or other identifying information to a remote server controlled by the criminals.

If your device is jailbroken (modified to enable unofficial apps to be installed) other parts of the malware are installed and may attempt to extract information such as your message history, files, and address book.

An older strain of WireLurker has also been identified which targeted devices connected to Windows computers. The Windows version is older and less effective than the Mac OSX version. The Windows version has had very limited impact.

Apple has blocked these malicious apps, and most antivirus vendors have updated their products to address WireLurker malware. There is a very limited possibility of being affected by this malware.

Staying safe
• Do not download software or apps from untrusted sources. Sticking with Apple’s AppStore helps protect against downloading malicious software.
• Use security software for your computer and devices.
• Keep your system up-to-date.
• Do not Jailbreak your device.
• Do not connect or pair your device with untrusted computers.

Google’s public DNS goes offline 14th Oct 2014

Posted on by Mark Pace

Australian, NZ and SE Asian users affected.

Google’s public domain name system (DNS) service went offline yesterday in South East Asia and Australia/New Zealand regions, affecting a large number of users in the area.

Around 10pm AEST, users at the Whirlpool forum reported problems with reaching the Google DNS resolvers at the 8.8.8.8 and 8.8.4.4 Internet Protocol (IP) addresses and complained of experiencing packet loss.

The outage was confirmed by Yunhong Gu, the team lead of Google’s public DNS, who said the service was off-air for around half an hour at 1100 hours UTC.

Gu did not say what caused the problem, but a source at an Internet provider said traffic to the Google DNS servers took unusual long routes, going via Sydney to the United States, which in turn suggests a configuration change was being rolled out.

Google’s free to use public DNS service is used by a large number of organisations. In March last year, the company boasted that it served replies to 130 billion queries on average, peaking at 150 billion, from more than 70 millon unique IP addresses.

Just over a year ago, Google’s DNS service dropped out worldwide, causing web site loading to time out, as users’ systems were unable to translate domain names into IP addresses.

The public DNS service was briefly also rerouted in March this year, thanks to a configuration mistake by telco BT’s South American subsidiary.

Around the same time, Google also encountered an unspecified and unrelated issue when its Apps admin console refreshed continuously on loading.

That problem lasted about an hour, with Google apologising to Apps users for the inconvenience and assuring them that system reliability is a top priority at the web services provider.

Google has been contacted for comment.

 

Source : https://www.itnews.com.au

Cryptolocker attack but removed and all data recovered with zero data loss

Posted on by Mark Pace

Attack of one of the worst Trojans around.

Last week, for the very first time, one of Sterling IT’s customers was attacked with Cryptolocker virus.

When we had the alert, and then found client couldn’t access files, we thought it was just a corruption. Upon inspection, most files were renamed with .encrypted at the end and a HTML file explaining to pay a ransom to recover all the emails.

Sterling IT went into Disaster Recovery Mode (SITDR) and we were able to save the client from any data loss (even though EVERY file on 1x user PC plus most shares on the server were affected, as this user was in management and accounts security groups and shares). Using Shadow Protect and our monitoring systems, we were able to lock down the network, recover all files from DR backups and get the client back up and running.

It was first noticed because of Dropbox. As this company uses Dropbox for some business applications, and the infected user also had Dropbox access, ALL FILES were deleted. The only savior was one of the PCs was locally backed up which the files were recovered from there.  (we recommend using private sharing apps with Synology , synocloud,  rather than Dropbox as you have full control and is PRIVATE CLOUD).

How did this all happen?

Simple, opening an email with the Trojan. You might also ask about protection mechanisms we have.

First and foremost, the client recently moved to Microsoft Office 365. We would have thought that Microsoft anti-spam and antivirus would have maybe picked this up as first defense, but obviously didn’t. The second defense was a Fortigate firewall with antivirus scanning – been a great defense in general. And thirdly, antivirus and firewall on desktop.

Even with ALL these defenses, the Trojan still go through.

We have many clients sending us emails daily asking IS THIS SAFE? This is what we are here for, to help and protect our clients. Its FREE and QUICK!

REMEMBER :
PLEASE DO NOT CLICK ON EMAILS YOU DON’T KNOW OR/AND NOT EXPECTING.
IF UNSURE CONTACT STERLING IT.