As you may have seen on the news, on December 9^th, 2021, a zero-day exploit was observed targeting Log4j, a ubiquitous open-source logging tool. In short, Log4J is a logging tool for programs to track any errors that may occur within an application. The bug (known as Log4Shell) has affected thousands of various systems across the world including vendors such as Cisco, VMware, Twitter, Amazon, Google Cloud, IBM, and Microsoft. Though the vulnerability was announced recently, experts believe that hackers have been exploiting it since the beginning of the month, with the announcement inadvertently resulting in a surge of attacks. The Cybersecurity & Infrastructure Security Agency estimates that hundreds of millions of devices are likely affected, with some officials stating that this is one of the most serious threats they’ve seen in their career.

The discovered vulnerability, which has existed for approximately 8 years, allows a hacker to remotely take over a computer using this software, and in some cases, it is as easy as posting a certain message in a chat box, as was the case with Minecraft.  Now, hundreds of attempts to exploit it are being launched every minute, as hackers attempt to gain money and sensitive data through cryptomining malware and installing Cobalt Strike. The ubiquitous nature of Log4j makes the bug much more dangerous and likely longer-lasting than other software vulnerabilities because many organizations may not even be aware that the system is part of their network.

So, what does this mean for you?  The good news is that most of the affected applications are cloud-based applications, which makes it easier for companies and developers to update the component without having to touch millions of end-users’ devices. Software vendors will be applying these patches as soon as they become available. Additionally, look out for notifications from trusted sources that inform and allow you to update potentially vulnerable systems, as these updates should include a patch.

Should you have any questions about this vulnerability, please feel free to reach out to us at info@optfinity.com.

If you’re someone who owns a smart device (or expects to receive one this holiday season), you may be concerned about the security of these devices. Apple, Amazon, and Google home gadgets can be convenient ways to consume information or communicate with others, but given these companies’ controversial histories of recording and reviewing voice data without users’ consent, a healthy amount of suspicion is understandable. In 2019, Amazon, Google, and Apple all suspended human review of user audio recordings in the midst of user outrage over privacy concerns. Essentially, contractors were hired to listen to anonymized user audio clips to improve AI capabilities. Google in particular has been notoriously vague when attempting to explain whether or not the information from voice recording is shared with third parties for ad personalization.

Fortunately for owners of Google Home, Apple HomePod, or Amazon Echo devices, there are ways to stop strangers from listening to your voice commands.

• To stop Amazon employees from listening to your Alexa voice recordings:
  • Open the Alexa app
  • Settings > Alexa Privacy > Manage Your Alexa Data.
  • Now, select Choose How Long to Save Recordings > Don’t Save Recordings > Confirm
  • Finally, scroll down to Help Improve Alexa and turn the Use of Voice Recordings off
• To do this for your Google Home:
  • Open the Google Home app and click on your Profile Icon
  • Navigate to > My Activity > Saving Activity.
  • Now, turn Include Audio Recordings off
• To do this for your Apple iPhone or HomePod:
  • If you’ve chosen to opt-in to allow Apple to receive your audio data…
  • Go to Settings > Privacy > Analytics and Improvements > turn off Improve Siri & Dictation

If you’d like to ensure the privacy of your own devices (smart or not) feel free to reach out to us at info@optfinity.com.

In the past few weeks, hundreds of WordPress sites have experienced an onslaught of ransomware attacks. The hackers implement encryption notices and demand a ransom of 0.1 Bitcoin, which equates to roughly $5,500 dollars.   The hackers include a countdown timer and tell the website owners that they will delete their entire website, which for a small business can be very costly.

The interesting aspect of this attack though is that it is FAKE.

Researchers have discovered that the websites were in fact not encrypted. Instead, threat actors changed an installed plugin called Directorist to display a ransom note and countdown. Researchers have also noted that hackers used admin credentials to get into these sites, likely as the result of brute-force or stolen credentials purchased through the dark web. However, these attacks appear to be only a part of a much larger campaign, suggesting the latter to be the avenue through which criminals gained access to private information.

So, what can you do? If you’re a WordPress user, review the plugins you use, as WP Reset Pro, OptinMonster, and Hashthemes Demo Importer have all been discovered to have vulnerabilities that hackers could exploit. Additionally, watch for and install software patches and updates to decrease the possibility of your site being attacked. If you’d like to learn more about website development and ransomware protection, you can reach out to us at info@optfinity.com or call us at (703) 709-0400.

Happy Holidays! We hope your season is filled with family, friends, and delicious food. As the holidays approach, you’ll no doubt be thinking about partaking in Cyber Monday deals to prepare for the holidays. In 2020 alone, 72.4 million people shopped on Cyber Monday. Unsurprisingly, as Cyber Monday sales have increased over the past few years, the opportunity for scams and hackers have as well.

In fact, it has recently been revealed that over 4,000 online retailers have been compromised by hackers in an attempt to steal financial and personal information from customers through launching payment-skimming attacks. The majority of targets are small and medium-sized online retailers. For more information about how to shop safely online, check out the NCSC’s Active Cyber Defence programme report and continue reading for additional tips.

Here are some things to watch out for:

1. Evaluate the websites you use
   1. Beware copycat and fake websites- These types of websites are the most popular method scammers use to trick online customers into giving out personal and financial information. Keep an eye out for misspelled links, pixilated site images, sub-standard content, and faulty website functions to spot these types of scams.
   2. Shop on secure sites- To avoid unsecure sites that may not properly protect your personal and financial information, look for the padlock symbol within the URL line and a URL that begins with “HPPTS://” or “SHTTP://”. These indicate that the website is encrypted and has been secured with an SSL certificate. Additionally, you can visit the Better Business Bureau’s site to verify the website’s legitimacy.

2. Consider your methods of payment
   1. Use a credit card- When shopping online, using a credit card is preferrable, as it provides additional protections when compared to debit cards. Further, if someone makes a fraudulent purchase using your credit card information, you are only liable for the first $50 and even then, most credit card companies cover that. Additionally, a virtual credit card will provide even more protection, as this proxy for your credit card will change with each purchase you make.
   2. Keep an eye on your bank accounts- During the holiday season, regularly monitor your accounts for suspicious activity. You can also choose to be notified by your bank or credit card company if they notice strange activity on your account or to monitor all activity

3. Set a foundation of security
   1. Use unique passwords- Just under 50% of Americans use identical passwords repeatedly. This puts shoppers at an increased risk of hacking. Using a password manager is a great way to generate and implement the use of strong, unique passwords without having to remember all of them.
   2. Use a secure network- To avoid cybercriminals accessing your data, use your own phone’s cellular network or a private Wi-Fi connection in lieu of public Wi-Fi when shopping online.
   3. Ensure your software is up to date- Make sure that your security and device software has been updated prior to Cyber Monday shopping. These often contain patches that would otherwise allow hackers to access your data through vulnerabilities in older systems.

4. Extra: Shop happy!
   1. Don’t give into scarcity and fear when shopping online this holiday season. Cybercriminals recognize that playing on feelings, fears, and a sense of trust are important elements in gaining access to sensitive data. Look out for previously mentioned red flags when shopping for hard-to-find gifts and deals that seem too good to be true. Take a deep breath before you begin your Cyber Monday journey- a late gift is much less harmful than compromised data.

Shop safely and enjoy the holiday season! If you’d like to discuss your network security with us, you can reach out at info@optfinity.com.

The Transportation Security Administration (TSA) recently announced that it will soon implement new cybersecurity requirements on the railroad and airline industries. To many, this comes as no surprise, as critical infrastructure has been subject to a slew of high-profile cybersecurity attacks this past year. The new directives will all but waive existing voluntary cybersecurity measures for these industries in favor of a mandatory cybersecurity baseline. These new guidelines will be implemented by the end of the year, and fines will be imposed on noncompliant contractors and entities.

The Railroad Industry: Now, TSA will require higher-risk railroads to report cyber incidents to a federal agency. Creating cybersecurity point persons and contingency and recovery plans are also part of the forthcoming security directive.

The Airline Industry: As for the airline industry, the TSA will require designated cybersecurity coordinators and reports on cyber incidents to the Cybersecurity and Infrastructure Agency. Entities ordered to follow these new guidelines include critical US airport operators, passenger aircraft operators, and all-cargo aircraft operators.

Though many are familiar with the Colonial Pipeline hack that disrupted access to gas and created a hike in prices, different incidents’ have been of particular concern to policy makers. The Southeastern Pennsylvania Transportation Authority, Cape Cod’s ferry services, and New York City’s Metropolitan Transportation Authority have all been hit with similar malware in the past 2 years, demonstrating the importance of securing the nation’s critical transportation services. If you’re concerned about malware hitting your business, reach out to us at info@optfinity.com or call us at (703) 790-0400.

Many cybersecurity experts are now warning of a new ware called killware. Unlike ransomware and malware, which primarily aim to gain money and access to sensitive data, killware’s aim is to take lives. Authorities warn that these types of attacks could impact hospitals, transportation, law enforcement agencies, banks, and even the water supply. Hospitals specifically are of great concern to officials due to underreporting. As they increase their use of digital tools, they become more dependent on technology to deliver treatment and keep patients safe.

These types of attacks have already forced hospitals to cancel or defer procedures, including critical surgeries. This not only put lives at risk, but leaves hospitals vulnerable to HIPPA violation fines and liability lawsuits. Gartner estimates that the financial impact of cyber attacks resulting in fatalities will exceed $50 billion within the next few years.

Though authorities are now warning that killware will likely become more common and devastating in the near future, these types of attacks are not new.  In fact, a recent and prominent example of this occurred earlier this year. Hackers were able to infiltrate a Florida water treatment facility and alter its chemical mixture to a dangerous level before operators noticed and quickly changed the levels back to normal.

One of the best ways to protect your organization from these types of attacks is to implement a strong security policy and train employees to know the warning signs of a cyberattack. To learn more or implement a strong security policy in your organization, contact us at info@optfinity.com or via phone at (703) 790-0400.

In early October, an anonymous 4chan user posted a 125GB torrent link to the 4chan site containing breached data from the popular streaming platform Twitch. The hacker claimed that the intent of the leak was to “foster more disruption and competition in the online video streaming space”, suggesting that the breach was driven by spiteful intent.  Twitch has since confirmed the breach and stated that it is still working to comprehend the full impact of the incident.

So, what happened? According to Twitch, an error in a server configuration allowed the unknown hacker to maliciously gain access to sensitive reports and unreleased information. Fortunately, there has been no indication that login credentials were accessed and because the platform does not store full credit card numbers, full credit card numbers had not been retrieved. In an attempt to prevent similar breaches from occurring, Twitch has recently increased its bug bounty pay-outs from $3,000 to $5,000.

Bug bounties are deals offered by organizations and websites that promise monetary pay-outs in exchange for reporting bugs that may lead to security exploits and vulnerabilities. Twitch appears desperate to seal off any and all entry points, as labeling of the leak as “part one” suggests that more hacking attempts are likely. If you’re concerned about the security of your organization’s endpoints, feel free to contact us at info@optfinity.com or at (703) 790-0400.

Cybersecurity Awareness Month 2021: Week 3

Last week, we discussed email phishing and the red flags you need be aware of. This common yet effective method of harvesting personal data laid the foundation for attacks that target mobile devices. Though many people are aware of phishing email campaigns, not the same can be said about mobile phishing campaigns. Hackers use social engineering techniques to target services like Facebook, WhatsApp, SMS, and malicious apps to exploit users who are less suspicious of these new avenues of cybercrime.

Perhaps this explains why research has found that mobile users are three times more likely to fall victim to phishing attempts compared to desktop users. The goal of mobile phishing attempts is often the same as email phishing attempts, and as such, warrant awareness and attention. Below, we outline the four most common ways hackers are infiltrating mobile devices.

1. Malicious Apps

Hackers try to trick users into downloading malicious apps in two ways. One method involves using legitimate app stores like the iOS or Android stores. They use these markets to broadcast harmful apps that use phishing tactics to steal personal information. Though these stores constantly remove malicious apps, some are able to slip through the cracks amidst the torrents of official apps uploaded to these stores on a daily basis. Secondly, cybercriminals create unofficial app stores. Here, fraudulent apps mimicking legitimate ones are riddled with malware that activates only after they are installed.

These two means of infiltrating devices have become more common as corporate desktops have begun implementing pre-approved lists of software. This limits the success of hacking devices through application stores. Meanwhile, mobile devices can download any app from any network, broadening cybercriminals’ points of entry.

To keep yourself safe, never download apps from a browser; only use apps in your device’s official store. Within legitimate stores, keep an eye out for apps from unknown developers or those with few or negative reviews. Lastly, if an app is no longer supported by your device’s store, there’s probably a good reason it isn’t- so just delete it!

2. Smishing

Text messaging is an often-overlooked segment of organizational cybersecurity, making “smishing” (SMS phishing) a newly popular way of hacking into mobile devices. Further, the success of these attacks has only incentivized hackers to continue deploying smishing attacks, as open rates are at an astounding 98%. Smishing primarily exploits devices through encouraging users to click on a link. Opening these links either loads a fraudulent landing page that asks for a user’s login credentials, or secretly downloads spyware onto the device. Both tactics have been successful in gaining access to personal and corporate data. Be wary of links within texts, and if you are unsure if a link from a seemingly legitimate text is safe, reach out to the company it claims it’s from and confirm if they sent a text to your device from the number you have.  Always use the phone number from an official source and not one which has been sent to you.

3. Whishing

After hackers saw the success in smishing, they began launching phishing campaigns via a medium commonly used as an alternative to SMS messaging: WhatsApp. “Whishing”, or WhatsApp phishing, operates in the same way that smishing does; through sending malicious links over text. Whishing has risen in prevalence due to its relatively cheap and easy implementation. WhatsApp allows communication with anyone else on the app, enabling hackers to send mass phishing messages to a plethora of unsuspecting app users.

Whishing can be neutralized by using a web gateway to block connections to a phishing server, so make sure you are connected to your organization’s corporate network before inspecting any strange WhatsApp messages. Whether using a corporate or personal phone, never disclose sensitive information over Wi-Fi unless you know that the network is secure.

4. Social Media

Lastly, hackers use social media to exploit mobile devices. Malicious links can be embedded into posts that appear innocent and uploaded to many social media sites. Facebook, Twitter, Instagram, and even LinkedIn have been known to host these types of posts. The links within these posts redirect users to phishing sites that ask for sensitive credentials. Phishing posts may appear as ads, giveaways, or contests that seem too good to be true. When clicked on, they take users to phishing sites that look real, but are simply fronts for stealing data. Be wary of any post that urgently encourages you to click on a link, especially if it involves a purchase or giving out personal information like an address.

If you’re worried about hackers gaining sensitive information through mobile attacks, contact us about network security at info@optfinity.com.