Authentic8 Blog Category: Security

How Do I Know If My Local Browser Extension Was Hijacked?

Illustration: How Do I Know If My Local Browser Extension Was Hijacked? - Authentic8 Blog

If you’ve installed add-ons or plugins with your browser (like the one that came with your computer), it could be a question you're asking yourself right now.

This week brought news that at least six more extensions for a popular browser were hijacked. Two similar attacks were uncovered only last week. In all these cases the hijackers “updated” the extensions to inject malicious code into web pages. More than a million local browser installations were affected.

*

At the risk of repeating myself - local browser add-ons put your data at risk. Browsers are targeted in more than 80 percent of online attacks because inherent design flaws and the security weaknesses of common internet protocols make them the most vulnerable component of your personal or business IT.

When connecting to a website, browsers indiscriminately fetch and process code from the web on the local computer. Malicious code may be hidden in a web app or passed through from an ad server on

So Much Leaking.

Illustration: So Much Leaking. - Authentic8 Blog

In the wake of the devastating WannaCry and NotPetya ransomware campaigns, it was hard to imagine that things could get more embarrassing for the IT profession.

That double whammy was possible because IT administrators left firewall ports 445 and 139 open, which allowed the ExternalBlue exploit to take hold. Thousands of companies around the world paid the price for IT's negligence.

Despite all the attention, many organizations still haven’t taken the simple step to close the obviously open ports.  Once they get hit, regulators and litigators will likely have a field day. Nobody can say IT wasn’t warned.

And now, just a few short weeks later, we learn that security researchers have discovered numerous preventable data leaks that exposed personal, sensitive data of hundreds of millions of users.  Where did they find this data?

On Amazon - where else?  The go-to web service for storing large amounts of data. Impacted organizations include:

The One IT Security Issue That Too Many Media Are Totally Missing

Illustration: The One IT Security Issue That Too Many Media Are Totally Missing - Authentic8 Blog

SECURITY, NEWS

Did you notice how some journalists ask one particular question at the end of an interview? It’s usually a good sign: "Is there anything I didn't ask you but should have?"

This question indicates curiosity to go past the obvious talking points. It shows the interviewer’s openness to considering new angles. We decided to rephrase and broaden that question and pose it to our InfoSec Luminaries:

"What's the one IT security issue that you wish journalists would cover more or better, and why?"

No media bashing or gripe-airing intended here. Reporting on IT security, computer crime, data protection and privacy - and getting it right - is tough enough. It looks like more fun from the outside (if you’re not  doing it yourself ) than it actually is. We get it.

But even those in the industry who enjoy stellar media coverage can point to an issue or two that deserves more attention than it is actually

Why Hollywood Should Disconnect from the Web

Illustration: Why Hollywood Should Disconnect from the Web - Authentic8 Blog

Production companies need to revise the way they access the internet or more major studios will fall victim to hackers because of web-borne attacks.

*

News of an unreleased Disney film (coincidentally about pirates) being held hostage by hackers marks the latest in many costly and embarrassing web-based attacks targeting content producers and their supporting vendors.

The causes of these data breaches have one thing in common: criminals gained unauthorized access via the web.

In the case of Sony, malware installed via an open port exfiltrated terabytes of sensitive data, including emails, contracts, and content. For Disney and Netflix, their breaches seem to have occurred because criminals targeted a production partner with weaker defenses.

Bottomline: The movie industry serves as another high-profile example of how valuable certain data -- in this case, intellectual property -- has become to criminal hackers and how easy it is to steal because of porous defenses.

Hackers thrive on Hollywood connections

Glitz and glamour aside, content producers are no different from other companies insofar as their operations depend on access to the web and working online with trusted partners.

From email apps to bookkeeping software to streaming video, the web now determines how most business is conducted - the movie and entertainment business included. But unfettered access to the web also leaves gaping holes for outside parties to attack.


Studio Access Hollywod-style: Hacked.

IT professionals face the impossible challenge of opening up the network to important web apps like Office 365 while simultaneously keeping all dangerous content out.

Further complicating matters, malicious code can piggyback on approved channels, e.g. nefarious attachments enter the studio through corporate email. Malvertising can take over the browser when a studio employee simply visits a media site whose online ad network has been compromised.


Hello Hollywood, disconnect from the web…

So how can production studios protect themselves better? Could they disconnect from the web without forfeiting its advantages?

Many organizations have considered virtualization as a possible solution -- i.e. any time a user needs access to the web, they connect to a virtual desktop and access the web through an intermediary.

There are numerous DIY instructions available online, some dating back over a decade. The problem with such a solution are the costs. They can overwhelm even the largest organizations. License fees for Virtual Machine/s (VM) and the OS, hardware spend, and expenses for regular updates to keep images current add up quickly.

Even if an organization is willing to accept those expenses as the cost of doing business, it is still saddled with the vulnerabilities of a regular endpoint device and browser, albeit virtualized now. Even a virtual desktop can be infected with ransomware, with very real consequences.

...without losing access: enter Silo

Silo, the secure virtual browser developed by Authentic8,  takes the best of virtualization and incorporates the benefits of the Software-as-a-Service model. Leading financial services providers, law firms and other security-sensitive organizations have chosen this "Browser-as-a-Service" approach to protect their digital assets.

Users get the security of a virtual browser running remotely. Administrators have a predictable cost model that includes maintenance and support. And online attackers don't get the red carpet treatment anymore.

This approach lets content producers tighten their network perimeter while still providing access to the web via Silo. With fewer authorized apps, IT can tightly monitor all traffic into and out of the organization, and the virtual remote browser isolates and neutralizes potentially dangerous web code outside the network before it can touch the local IT infrastructure.

We’ve seen other industries pass along tightened

WannaCry? Cry Over Too Much Complexity

Illustration: WannaCry? Cry Over Too Much Complexity - Authentic8 Blog

There’s plenty of blame to go around for WannaCry (a.k.a. Wcry, Wanna Decryptor), the ransomware that hit more than 200,000 organizations in 150 countries. Let’s focus on a driver behind this malware campaign that hasn't been widely discussed: complexity.

*

WannaCry encrypted files on Windows computers in hospitals, train stations, shipping hubs, automotive manufacturing plants and power companies (among others), then demanded a ransom - payable in BitCoin -  to unlock the files on the victim’s PC.

Once delivered to a Windows machine, this ransomware exploits a security hole in the file transfer protocol used in Microsoft networks. For in-depth information, I recommend the  Wcry US-CERT Alert and Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware on Troy Hunt’s blog.

Who’s behind it? We still don’t know. As for who’s to blame, let the finger pointing begin:

5 Must-Read Reports for IT Security Leaders in Financial Services

Thumbnail Infographic - Cyber Liablity Claims for Financial Institutions?SECURITY

In 2016, most attacks against financial services firms were unknowingly facilitated by “inadvertent actors,” reports IBM. That is, by insiders without malicious intent, such as employees or contractors, who simply clicked a bad link or downloaded the wrong attachment.

A November 2016 survey by Palo Alto, CA-based MetricSream, found that 66.2 percent of financial organizations faced at least one cybersecurity attack over the preceding year. In 33 percent of data breach attempts against financial services firms, the attackers succeeded, according to  Accenture [PDF], based on its own findings.

CIOs and CISOs in the financial services sector face mounting challenges. Cybersecurity talent shortage, outdated toolsets and new regulations make it difficult to ensure regulatory compliance and minimize risk across their organizations.

While the industry may have reversed the overall trend of year-over-year data breaches, as the ITRC Data Breach Report for 2016 [PDF] and the 2017 IBM X-Force Threat Intelligence Index (more below) indicate, this achievement has come at a price.

When URL Filtering Fails, This Secure Browser Has Your Back

Illustration: Infographic - Silo, the Remote Secure Enterprise Browser with Secure Web Gateway (SWG) IntegrationCORPORATE NEWS, SECURITY

Too frequently, URL filtering fails to catch malicious websites, or it blocks resources that employees need to do their job. With its new secure web gateway (SWG) integration Authentic8’s remote secure browser Silo now helps enterprises close this security gap.

*

Secure web gateway (SWG) solutions provide a generally reliable way for the enterprise to handle users’ web requests, allowing some sites to be accessed and others to be blocked.

To maintain security and efficiency, “generally” reliable may not be enough. A web resource that an employee needs may not have been crawled and categorized by the SWG vendor yet. Another URL may have been cataloged, yet somehow ended up in the wrong category. Or a resource that was approved earlier has since been infected with malware.

If the SWG allows users to access a potentially dangerous web resource without protection or security backstop, the consequences to the company could be disastrous.

Because regular browsers fetch and process all

How to Build Better Cybersecurity Habits in a Large Enterprise in Just Four Weeks

How to Build Better Cybersecurity Habits in a Large Enterprise in Just Four Weeks - InfoSec Luminary Lineup IllustrationSECURITY

“You have four weeks to create strong cybersecurity habits in a business with 500+ employees. What would you do, and why?”

Granted - such a request “may indicate a big problem in [the board’s] understanding of security,” as Fred Scholl (Monarch Information Networks) points out below, because in this scenario,  “[t]he CISO has failed to proactively educate leadership.”

We posed the question to our circle of InfoSec Luminary Lineup contributors anyway. Nothing focuses the mind like a deadline.

Jordan McQuown, CIO at LogicForce Consulting, writes in response: “[U]ser awareness, reinforcement and training are key to improving security habits.” So how do we get there, fast? Jordan reminds us that “[t]ypical attackers are looking for easy targets” - and provides ample advice how to frustrate their plans.

Richard Caplan (LeClairRyan) points out the importance “to clarify the rules and responsibilities” in such a concerted effort. And like Jordan McQuown , Joseph Raczynski (Thomson Reuters Legal) urges CISOs to

8 Must-have Features of a Secure Browser (2)

Illustration: Empty Canvas - 8 Must-have Features of a Secure Browser (2)SECURITY

Regular browsers, such as the one that came with your PC or mobile device, are leaking data on the internet like a sieve. The inherent vulnerabilities of the local browser model allow criminal hackers to infiltrate computers and steal or manipulate data.

Firewalls or antivirus software provide little or no protection against modern attackers and their tools. Browser add-ons, plugins and extensions promising “extra” security and privacy cannot be trusted. Their makers were even caught selling out private user data.

Because the “traditional” browser architecture is inherently unsafe and promoting data leakage,  a new generation of secure browsers has been developed for security-conscious companies and consumers.

Not all supposedly “secure” browsers are equal, and some are not secure at all. How can you tell the difference?

In this second part of “8 Must-Have Features of a Secure Browser” (read Part 1 here), we examine another four features and capabilities your browser must have to deserve the label “secure” for business or

Ransomware: Majority of U.S. Businesses Unprepared for Attacks

Thumbnail: Ransomware: Majority of U.S. Companies Unprepared for Ransomware Attack - Illustration for Authentic8 blog postSECURITY

A new survey shows that 66 percent of IT professionals identify ransomware as a serious threat. Yet only 13 percent say their company is prepared to handle it.

The research was conducted by The Ponemon Institute on behalf of Carbonite, a provider of cloud backup and restore solutions. Its findings are published in a report titled The Rise of Ransomware [PDF].

Surveyed were those responsible for containing ransomware infections within their organizations. Respondents included IT professionals and IT managers, who primarily report to the Chief Information Officer (CIO).

The report indicates that traditional methods like AV software have failed to stop the ransomware scourge. Most respondents indicated that they don’t consider current technologies sufficient to prevent ransomware infections, leading almost half of the surveyed companies (48 percent) to pay the ransom.

Traditional tools fail to stop ransomware

Ransomware is mainly spread through web-borne attacks. When users access the web through a regular browser, infected websites can drop and activate malicious