How SMBs can Lower Risks of Being a Victim of a Ransomware Attack

Ransomware Prevention

As small and medium businesses are more frequently becoming victims of cyber attacks, just 28% of SMBs, who were polled in a recent study, were actually concerned about ransomware. This must mean that small and medium businesses are taking security seriously, right? Wrong! That same study reported that 85% of SMBs have reported at least one cyber attack.

With ransomware becoming big business for cyber criminals, SMBs need to consider what they can do in order to protect themselves from being a victim of a ransomware attack in the first place. Given the recent uptick in ransomware attacks, let’s discuss options for reducing the risk of being a victim of ransomware.

Use Multi-factor Authentication

Using only a username and password to login is simply not secure anymore. Multi-factor authentication (MFA) adds a second, and sometimes third form of authentication. For example, you may login with your username and password, and then need to enter a 6-digit number that is available via an app on your phone, or a hardware token.

Ransomware attacks require a method for the attacker to initiate the ransomware on the target network. Today’s ransomware attacks involve an attacker gaining access to a network, stealing the data, and only then will they initiate the ransomware attack.

Using MFA on logins, especially remotely and on email systems, can make it more difficult for an attacker to gain a foothold.

Change passwords regularly and don’t reuse them

Password changes should be done regularly. This adds a moving target for an attacker who may have found one of your passwords in a data breach somewhere, especially if you don’t reuse passwords.

Control the use of Removable Storage Devices

Removable storage devices, such as USB drives and external hard drives, are the perfect weapon for the transport of Malware including ransomware which will replicate itself to external devices.

Controlling the use of these types of devices may involve something as simple as purchasing a standard USB and only allow its use, to something as complex as a Data Loss Prevention (DLP) solution that prohibits actions. Many anti-virus solutions, like BitDefender, also provide device security controls.

Make security awareness a priority

Clicking on a suspicious link, or entering credentials onto a credential phishing site could inevitably lead to the same results as above. There are many ways that attackers can use to gain access to your company’s computer network, and they should all be discussed and tested as part of a continuous security awareness solution. Topics might include:

  • Being aware of suspicious links
  • Not opening attachments from unknown senders
  • Secure password management using password managers
  • Secure use of removable storage devices

Have Backups

This technically won’t help you to lower the risks of being a victim of a ransomware attack, and you hope that you never have to use them, but, having backups might be critical to your recovery from a ransomware solution and should be taken at regular intervals. These backups should be stored offsite, onsite and on the cloud for the most protection.

No one is 100% safe from cyber attacks but we there are things that we can all do to help reduce the risk.

Cybersecurity Daily News for June 15, 2021

Writing

In today’s news; AmeriGas, US’s largest propane provider discloses data breach that impacted 123 employees and 1 resident; Why SMBs are under increasing attacks by cyber criminals; and REvil claims responsibility for Invenergy data breach.

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily news articles produced by Rogue Security Intelligence Services from a number of sources around the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for June 14, 2021

Writing

In today’s news; Volkswagon, Audi disclose data breach of 3.3 million customer records; the RCMP violated Privacy Act using facial AI; and a first hand look at a ransomware attack, recovery.

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily news articles produced by Rogue Security Intelligence Services from a number of sources around the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

DNS Security For Individuals and Small Businesses

What Is DNS?

DNS, or Domain Name System, is an Internet system that is completely decentralized, and provides a capability to translate IP Addresses (example: 172.217.12.163) to a Domain Name (example: roguesecurity.ca). The DNS system is the reason that we don’t have to type in the ip address for the website that we wish to visit, and instead are able to type in a friendly domain name that is more representative of the website. Whether I enter the domain name in my address bar, or the ip address for google.ca, I’ll be taken to the same website.

Many medium and large businesses operate their own DNS servers on their own network, but most small businesses and individuals rely on downstream DNS servers that may be owned by their Internet Service Provider (ISP) or perhaps they are using one of the many open DNS providers such as Google Public DNS.

How Does DNS Work?

Without going into too much detail, a DNS request is fairly simple.

  1. You enter a domain name, roguesecurity.ca, into the address bar of your web browser, and hit Enter.
  2. A request is sent to your designated DNS server with the domain, asking for details on the ip address.
  3. The DNS server receives the request and looks up the domain name in its table of information.
  4. If the DNS server finds a matching domain name, it sends the ip address of the domain back to your browser, which your browser uses to actually connect to the website.
    4a. If the DNS server is unable to find a matching domain name, or isn’t able to find an ip address, it will respond with an error.

DNS Cache: Our devices keep a history of DNS requests that we make in order to save some work when we revisit a website that you’ve previously visited. The DNS cache updates once in a while to make sure that you have the latest information, and can be emptied manually.

How Is DNS Attacked?

DNS, like most software, has vulnerabilities, exploits, and can cause issues when used inappropriately. DNS itself has existed since the 1980’s and even though it’s received numerous updates over the years, the underlying concepts really haven’t changed much. This has given people more time to understand the Domain Name System, and as an important aspect of how the Internet operates, is a very commonly attacked protocol.

The most direct of DNS attacks is when a cyber criminal gains access to your DNS server directly. However, it’s quite common to see host-based attacks on your local devices that include Cache Poisoning (aka Cache Spoofing). This is one of the most common types of DNS attacks and involves an attacker injecting malicious data into your devices DNS cache. If an attacker replaces the ip address of roguesecurity.ca in my local DNS cache with an ip address that connects to a malicious website, then every time I go to roguesecurity.ca I’ll be taken to the malicious website instead.

The Domain Name System can also be used to steal data. Let me explain. We know that we send a domain name each time that we send a request to a DNS server. DNS queries are simply strings, and strings can include data, including encoded data. DNS Tunneling is where an attacker includes data, either plain-text or encoded, in what appear to be normal looking DNS requests. The attacker needs to get these queries so this may also involve gaining access to an internal DNS server or modifying local DNS.

DNS servers are also perfect for generating DDOS attacks via DNS Flooding or NXDomain attacks. In these instances an attacker floods a DNS server with requests, or generates a large number of invalid requests in order to overwhelm the server with the goal of bringing it offline.

DNS Security

Use a Trusted Provider

The best protection from DNS-based attacks is to use a secure DNS provider that you trust. Google and Cloudflare are two companies that offer free DNS services to the general public, and are quite reliable.

Pi-hole

Most home users can’t afford and don’t need their own DNS server, but perhaps you have children and you like the idea of some extra security. That’s where Pi-hole comes in. Pi-hole is a software that acts as a DNS sinkhole and can be used to protect devices on your network from unwanted content, block ads, and even manage network device access.

Pi-hole originated on the Raspberry Pi, but can be installed on most Linux distributions.

Cybersecurity Daily News for June 13, 2021

Writing

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily news articles produced by Rogue Security Intelligence Services from a number of sources around the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for June 12, 2021

Writing

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily news articles produced by Rogue Security Intelligence Services from a number of sources around the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Privacy Policy Resources, Template Generators, and PIPEDA

Cameras

Did you know that, as a business, you may be required to abide by both provincial and federal privacy laws? Many provinces, such as Alberta, British Columbia, and Quebec have already introduced their own legislation for the collection, use, and disclosure of personal information that occurs while doing business in those provinces. For the rest of us, the Personal Information Protection and Electronic Documents Act (PIPEDA), probably applies.

PIPEDA applies to private-sector organizations across Canada that collect, use, or disclose personal information in the course of doing business. This information might include personally identifiable information (PII), such as names, telephone numbers, ethnicity, blood type, employee records, loan records, and even opinions, evaluations, and comments.

Is a Privacy Policy Important?

A privacy policy is a very important document if your website interacts with its visitors in any way shape or form. This includes not just contact forms, but also more indirect forms of interaction such as website analytics tracking.

As mentioned, a privacy policy is a simple document that is available on your website that outlines your organisation’s policies and procedures as they relate to the collection, use, storage and disclosure of personal information. A privacy policy is intended to advise the users of your website of the steps that your organisation takes in order to meet provincial or federal privacy regulations and outlines several key principles:

Although PIPEDA doesn’t include many details on what it considers, “against policy”, the Office of the Privacy Commissioner of Canada (OPC) has outlined several examples of what would be considered generally innappropriate.

  • Collecting, using or disclosing personal information in ways that are otherwise unlawful;
  • Profiling or categorizing individuals in a way that leads to unfair, unethical or discriminatory treatment contrary to human rights law;
  • Collecting, using or disclosing personal information for purposes that are known or likely to cause significant harm to the individual;
  • Publishing personal information with the intent of charging people for its removal;
  • Requiring passwords to social media accounts for the purpose of employee screening; and
  • Conducting surveillance on an individual using their own device’s audio or video functions.

Source: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/

PIPEDA Resources

The OPC website is probably the single best resource as it relates to PIPEDA. We’ve included some of the more relevant links here.

Privacy Policy Generators

Without further ado, let’s take a look at how we can quickly and easily get a privacy policy setup for your website.

These tools were designed to take basic inputs and generate a complete privacy policy for your website. I’ve only include links to tools that offer a free tier or are completely free.

Cybersecurity Daily News for June 11, 2021

Writing

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily news articles produced by Rogue Security Intelligence Services from a number of sources around the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for June 10, 2021

Writing

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily news articles produced by Rogue Security Intelligence Services from a number of sources around the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

CyberChef Cyber “Swiss-Army” Knife – Free Tool For Security Professionals

Cyber Chef Logo

CyberChef is a web-based tool that assists with carrying out a number of complex operations such as compressing or decompressing data, encrypting data, creating binary and hex dumps, extracting metadata, matching YARA rules, and so much more. It was created by the GCHQ or Government Communications Headquarters, which is an intelligence service in the United Kingdom. It’s completely open source and is available for anyone and everyone on GitHub.

CyberChef is an absolute must for any security operations analyst or security professional, and can save you time in almost every use case. That is why we at Rogue Security are proud to introduce the Rogue Security hosted, CyberChef instance!

Direct Link: https://cyberchef.roguesecurity.ca/

Disclaimer: Rogue Security will not take responsibility for any data that you use within the tool. Please make sure that you never place secret of confidential data into a tool that you do not have full trust on.

We are making CyberChef available to the general public because we believe that access to tools and resources is critical to the growth of Information Security and Cybersecurity.

CyberChef Interface

Cyberchef Interface
Cyberchef Interface

The CyberChef interface is made up of 4 areas:

1. Input — The Input field provides an area to enter or paste your text or file input.

2. Output — The Output field provides the outcome of your recipe.

3. Operations — The Operations menu provides you wish access to both simple and complex operations, in which will be performed against the input.

4. Recipe — In the Recipe field, you will use any number of Operations that will determine how your input will be processed.

We can use the Input Menu to upload folders and files. The plus ( + ) sign allows us to create multiple tabs for inputs. The Input window will also allow you to drag and drop files, or paste text directly.

Operations list in CyberChef
Operations list in CyberChef

The Operations menu gives you a list of both simple and complex operations that can be performed against

The screenshot to the right provides a list of operations categories that can be performed. I won’t go through the list because it’s extensive, but if you can think about a data manipulation technique then it’s probably here.

Operations can be hovered over to see additional details on what they do, and can be dragged into the recipe window for use against your input. Once your drag an operation into the recipe window, and as long as you have an input and the Auto Bake feature turned on, an output will automatically be generated in the Output window.

CyberChef Resources