Foundations - The IT Blog for SMB

Foundations - The IT Blog for SMB

Recent Posts

Bad Rabbit - Ransomware

Posted by Alden Gleason on October 25, 2017 3:49:52 PM CDT

The U.S. government has issued a warning about a new ransomware attack that spread through Russia and Ukraine and into other countries around the world.

Read More

Topics: Bad Rabbit, Malware, Ransomeware, Managed Security, Security, Artificial Intelligence, MSSP

Going Phishing?

Posted by Alden Gleason on October 24, 2017 9:00:00 AM CDT
Phishing is a technique hackers use to convince individuals into giving up their usernames, passwords and other personal information. The concept is simple, send an email that looks official from a friend, colleague or service provider. That email contains a link to a login form that looks and behaves like websites we use everyday. The person receiving the email doesn’t think twice about entering their normal login. Now the hacker is now in possession of their stolen identity. The hack doesn’t stop there. Next the hackers will use the new stolen identify to convince others to login to their malicious website. The hack will continue to work up in an organization until they reach the credentials of top executives. These executives typically have access to internal documents, finical data, proprietary information and hold access to critical systems that support the organization.

Spearfishing is when an attacker focuses his efforts on one specific target. The hacker will collect personal details about a specific individual through their social media profiles, blogs and public databases. This will help them form a bait email that has a higher likelihood of success. Once someone has fallen victim, the hackers will install a backdoor into the users computer and begins exploring the network moving latterly from device to device. Once the attackers locate what they are looking for they will send a copy of the data to their servers. Many sophisticated attacks will attempt to remove traces and logs to prevent discovery of what has occurred.
 
Read More

Topics: Phishing, Malware, Managed Security, Security, Patches

802.11R VULNERABILITY FOR WIRELESS NETWORKS

Posted by Alden Gleason on October 16, 2017 5:48:25 PM CDT
Today a research paper titled "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available by imec-DistriNet Research Group. The paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols.

802.11r is a standard for improving the roaming experience of wireless client devices as they physically move. This technology enables client devices to automatically associate and disassociate to various access points based off physical location. The vulnerability abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This vulnerability affects numerous wireless products across the industry, and it is considered a critical security concern. We recommend all our customers patch their wireless infrastructures immediately or disable 802.11r until the patch can be applied. We also recommend customers install the Windows, MacOS and iOS updates related to these vulnerabilities. 

For more information please check out Cisco's websites:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-for-wireless-networks/
Read More

Topics: VULNERABILITY, 802.11, Security, Networks, Wireless, WiFi, Meraki

What is a Zero Day?

Posted by Alden Gleason on October 8, 2017 10:02:43 PM CDT

Zero Day:

A vulnerability that hasn’t been discovered by the software creator. The vulnerability was introduced during the creation of the software code unintentionally, and the software programmers are unaware of its existence. 

The Hackers
Zero day vulnerabilities are found typically by hackers. This introduces us to two types of hackers. White hat hackers are security professionals who are looking out for the general good of society. They are hacking to find undisclosed vulnerabilities so that they can turn them over to vendors to create software patches. Black hat hackers are known as dark side hackers. They are looking for software vulnerabilities that can turn a profit for them.

The Dark Web
Typically, Black hat hackers sell the vulnerabilities they find on the Dark web. The Dark web or Dark net is a small part of the deep web. The dark web is comprised of computers creating an overlay network. This network is inaccessible without the proper software running on your computer. By its nature, the distributed peer to peer network makes it very difficult to track and identify users. Search engines like Google do not index the Dark web, so websites are hidden and not easily discovered.

The Broker
Once the vulnerability is discovered, the hackers will locate a broker on the Dark web. These brokers work as a match maker between a hacker’s vulnerability and a threat actor. The broker will get paid a commission to sell the vulnerability to the threat actor. The broker builds his reputation from selling high profile exploits, and packages of zero days. Threat actors can be anyone, from an individual to a group of hacktivists and even goverments.
 
The Attack
Once the threat actor has acquired the vulnerability, the malicious payload is added to it. The zero day by its self doesn’t contain malicious code. Simpley put its a security hole that allows entry into the computer system. Malicious payloads often create botnets to attack other entities, encrypt files (ransomware), leaks preparatory or classified documents, or operates silently looking for specific targets.

A Zero Day is released before any security professionals know it exists. These vulnerabilities are the most dangerous because no patches have been developed, antivirus vendors do not have definitions to stop them, and Intrusion prevention systems do not have the rules to block them.

Read More

Topics: Security, Managed Security, Artificial Intelligence, Malware, Zero Day, 0 Day, MSSP, Patches