Category: News

How to fix WordPress site that has been hacked. Protect your site with iThemes Security Pro

Posted on by Mark Pace

 

Our external website got attacked yesterday (and not proud of it). We are very security conscious and hold NO data (customer or own) on our site excluding our blogs.
Even with strong admin passwords, we thought we were safe.
The only way we were safe is we make monthly off server backups.

We tried recovering some files but each time, there was a background script which would kill those newly updated files and replace with the ‘hacked page’.

We have now implemented a plugin called iThemes Security Pro.

This is a free plugin and is brilliant as allows so much configuration through a GUI (simple) interface, including renaming admin account, locking down php files plus much more.

It is also rated quote high and has over 700,000+ installs as well.

The main thing here is the fix was to restore from a backup after deleting ALL files on the host, then applying iThemes Security Pro

Make sure you backup, backup, backup. (iThemes Security Pro will do this for you as well)

If you need help with implementation of this, or assistance with a hacked website, comment here or contact Sterling IT.

Fake Email Warning : ISIS terrorist threat to Sydney comes in a legitimate looking email with malicious payload in attachment and/or link.

Posted on by Mark Pace

hackerFake Emails re ISIS threat
You are advised to be cautious about opening any emails you receive that refer to any ISIS threat.
New emails referring to ISIS terrorism activities carry a malicious attachment that can be used to infect your computer.

ACMA (“The Australian Communications and Media Authority”) is receiving a surge in reports of emails with the subject ‘ISIS attacks in Sydney?’. The emails request people to open an attached Word, RAR or other file by claiming the attachment includes an article naming the Sydney locations ISIS plans to attack in 2015.

Clicking on the attachment could result in malicious code being installed that allows an attacker to take control of your computer.

The email includes the contact details in an attempt to represent itself as a legitimate email. It is highly likely similar malicious emails are in circulation using references to high profile, terror-related events.

The full text of the malicious email is provided below:

Subject: ISIS attacks in sydney?
Body: ISIS has warned Australian Police today about new attacks in Sydney.
Attached the places in word file which ISIS planning to attack in Sydney this year 2015.
These terrorists have Australian Citizen why they attack us?
Read more in the detailed story in word file.
Please address any correspondence to:
[news address inserted here]
The switchboard number for [news] is:
[news phone number inserted here]
Telephone: [news phone number inserted here]
Email: [news email inserted here]

To stay safe, it is important that you do not click links in phishing emails or reply to the sender if you do not know them.
Source : Stay Smart Online , a Government initiative.

ISIS allegedly threats US government & staff hacked Twitter account

Posted on by Mark Pace

ISIS apparently defaces US Govt Twitter Account
The US Central Command Twitter account was hacked or at least defaced today apparently by ISIS (Islamic State of Iraq and Syria), posting tweets that threaten families of U.S. soldiers and claiming to have hacked into military PCs.

“We won’t stop!” one tweet read, “We know everything about you, your wives and children.”

“ISIS is already here,” read another, “we are in your PCs, in each military base.”

Initially the hackers replaced the Central Command avatar with a black and white graphic of a person with their head wrapped in a keffiyeh with the words, “CyberCaliphate” and “I love you ISIS,” next to it.

The US Central Command Twitter account was suspended about 1:05 p.m. US Eastern time.

One tweet included a link to a Pastebin post that bragged about the success of an ISIS-run CyberJihad being run by a CyberCaliphate. “While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you,” the post reads in part.

Other tweets appeared to list names of specific military personnel.

These listings apparently came from U.S. military phone directories that are posted online.

The Pentagon could not immediately confirm that ISIS had in fact hacked the account.

Sterling IT finalises Data Centre Move to NextDC in Brisbane with DOSG.

Posted on by Mark Pace

Sterling IT and its partner (DOSG) has finalised moves successfully to Next DC without any data loss or interruption during business hours.

Want to see the Next DC premises?    Visit our HOME PAGE and watch the video.

If you would like a demonstration on how we are saving our clients thousands on infrastructure, contact us for an onsite meeting and review.

CRITICAL WARNING – Help Desk Phishing and Trojan Emails circulating

Posted on by Mark Pace

NOTE: Even after sending 2 warnings in the last 2 weeks, we have had a large number of people click through the speeding fine email and get infected. All files got encrypted and lost (recovered with backups). Some people who received our email didn’t have an offsite backup strategy either. From $9 a month, protect your personal and business files, at home or at the office.

Again the golden rule is don’t open emails you are not expecting, hover over the link and see if genuine, call the sender and confirm they sent it otherwise contact us and we can assist.

The next wave of fake emails are coming from IT HELP DESK. Ensure your staff do not open any HELP DESK emails unless they come from a known person in your company or through our alert system, like this email.
Phishing attacks posing as emails from your company’s IT helpdesk are becoming increasingly common. These attacks attempt to gather your information for identity theft purposes and can also spread malware.

You should ensure that emails claiming to be from your IT helpdesk are legitimate before responding with information about your identity or your computer.

Indicators of IT helpdesk phishing emails

Signs of potentially fake emails include:

  • the sender address of the email should be from an expected or known IT helpdesk address in your company
  • emails that do not specify your company’s name, instead use generic terms such as ‘IT helpdesk’
  • incorrect company branding, for example, the wrong text, font or colour
  • a sense of urgency, using language such as ‘immediate downtime’ or ‘act immediately’
  • requests to install software onto your computer
  • requests for a password.

Poor use of language, spelling mistakes or incorrect grammar can also indicate the email is phishing.  The following is an example of a recent IT helpdesk phishing email:

Good morning,
We will be performing emergency maintenance on our network equipment.
Anticipated downtime will be approximately 60 minutes. This will affect both internet access and phone service.
Click on the below link and follow the instructions
 CLICK HERE:
We apologize for the inconvenience.
Thank you,
Help Desk
All Rights Reserved © 2014

This message attempts to send you to a website where identifying information is requested. Such information can be used to steal your identity or target your computer.

Other examples of phishing attacks such as these have attempted to spread malware in two possible ways.

The email could ask you to install software on your computer. Any requests such as this, to install software from the internet, should be considered suspicious. Most IT helpdesks will have systems in place for installing software on users computers.

The email could direct you to a website and attempt to install software without your knowledge. This is known as a drive-by-download and can happen simply by clicking the link in the email and visiting the website.

To stay safe, it is important that you do not click links in phishing emails or reply to the sender if you do not know them.

Information for IT helpdesks

IT helpdesks can also help stop users in their company from being attacked in this way. IT departments should ensure that clear procedures for safe communication with staff are in place and being used. These procedures may include:

  • updating email filters to stop phishing emails from being delivered to people’s inboxes
  • using a standardised format for sending helpdesk requests
  • employing a system to allow people to verify requests from outside their email. A commonly used example is the helpdesk ticketing system
  • including basic company information in helpdesk requests, such as the name of the company
  • sending all helpdesk requests from a single email address, such as helpdesk@company.com.au
  • ensure that staff are aware of IT requirements with plenty of notice. Limit the number of urgent requests made of staff
  • do not ask for unnecessary information in emails, and never require the user to provide their password.

It is important to ensure that staff are aware of basic rules for helpdesk requests. This allows staff to spot fake IT Helpdesk emails more easily.

Source : Stay Smart Online , a Government initiative.

————————————————————————————————————–

Advice for prevention
  • Do not open attachments if you are unsure of the contents or the email was unexpected.
  • Look for clues in the email content, usually most legitimate emails will address you by name and not something generic like ‘customer’ with vague wording.
  • Do not click on website links in emails until you have viewed the link location (do this by hovering over the link, this will display the link right at the bottom of Outlook). Instead of clicking the link, you are best to manually browse to the website via your web browser.
  • Make sure your anti-virus is updated regularly
  • Make sure your backups are current and working and backing up ALL critical data
If you get a virus, malware or Trojan.
  • Stop work
  • Immediately disconnect any network drives
  • Contact us

Please do forward this email on to your staff, friends and associates.

If in doubt or have any questions, please contact Sterling IT.

Regards,
Mark and the team at Sterling IT.
1300 763 699 (or 02 9756 6866)

Beware Apple iOS attacks using ‘Masque Attack’ techniques from uncertified apps

Posted on by Mark Pace

Researchers have discovered a technique that may enable attackers to substitute malware for a legitimate app on Apple iOS devices such as iPhones and iPads.

Although the risk of being subjected to a Masque Attack is low, it is another reminder not to download pirated apps or software from untrusted sources. It is also a reminder that Apple products are increasingly being targeted by attackers.

As many people believe you cannot get a virus/trojans/malware on Apple devices (more so on OSX), this is not true and Apple devices, due to their numbers, will and currently are being targeted. Sterling IT use and recommend Webroot and/or Trend Micro Antivirus to protect Apple Mac.

About Masque Attack

A Masque Attack can occur if a user downloads an app from a rogue source such as a link embedded in a phishing email or from an unofficial app site hosting fake ‘uncertified’ apps.

The Masque Attack takes advantage of a weakness in iOS security which can enable malware to be installed.

If a malicious app can be crafted to use the same ‘bundle identifier’ (an ID Apple uses to identify individual apps) as a legitimate app on your phone, Apple will not check its security certificate. It means that a malicious app can replace a legitimate app on your device.

A criminal using the Masque Attack technique will typically disguise their malware as a popular game or program for you to install. Only install via the APP STORE via your device.

Once installed it may be able to steal information from your device such as passwords or internet banking details and send them to a remote server controlled by criminals. Possible impacts include the malware being able to steal logon credentials; access sensitive data; avoid detection and steal Apple IDs and passwords.

Staying safe

  1. Do not download software or apps from untrusted sources. Sticking with Apple’s AppStore helps protect against downloading malicious software
  2. Do not click ‘install’ from pop ups when viewing a web page. Even if it tells you , that you have a virus. Most of these are traps.
    Sterling IT has posted MANY emails recently with relation to this and unfortunately we are still getting clients infected, even with prior warning.
  3. If your iOS device shows an ‘Untrusted App Developer’ alert when you open an app, click on ‘Don’t Trust’ and uninstall the app immediately.
  4. Use security software for all your computer and mobile devices.
  5. Keep your system up-to-date by downloading software updates as they are released.
  6. Do not connect or ‘pair’ your device with untrusted computers.

For FREE advice or any questions regards to this, please contact Sterling IT. You are better asking as prevention is better than cure!!