Cyber Security Awareness Month

In honor of Cyber Security month I wanted to offer tips to help you keep your customer and business data safe.

1. Use strong passwords and employ additional authentication. You should require, unique passwords for employees, and that they can change them at least every 90 days. Consider a multifactor authentication scheme to add an additional layer of security. "Password1" is still the most commonly used password in the business setting.

2. Make security a priority for employees. Create well-defined security policies and best practices for your business, including appropriate Internet guidelines. Establish penalties for violating company cyber security policies, and update employees regularly on possible security issues. Be transparent with how cyber security affects your business.

3. Keep physical access to computers and servers secure. Ensure unauthorized individuals don’t use business computers by putting physical controls in place, i.e. away from customers. Require individual logins for employees, and lock up laptops when unattended. If you have a public computer for customers to use, put it on a separate, guest network

4. Limit install and admin authority on all systems. Make sure your operating system has its firewall enabled or install one yourself—they’re available free online. If you do business from home or have employees that do, create a policy to ensure the same for those connections. Records being compromised by external hacking have significantly increased from roughly 49 million in 2013 to 121 million and counting in 2015.

5. Secure your Wi-Fi. Make sure any Wi-Fi network that employees use for work is encrypted and secure. If you offer free Wi-Fi to customers, keep a separate network for the public and one for your business, and set up the business connection so that the SSID (network name) isn’t broadcast. Create and change passwords for both frequently, or tie them to the same username and password combination that employees use to log into their computers.

6. Update software regularly. Ensure your security software, Internet browser, and operating system are up to date to limit the possibility of security breaches; the majority of security breaches happen on outdated software. Consider setting programs to auto-update (preferably after business hours) if the option is available.

7. Define strong policies for mobile devices. If you or your employees are going to access sensitive data from mobile devices, ensure you have a strong policy around mobile access in place, including password protection for the device, data encryption, security apps, and reporting procedures for lost or stolen devices.

8. Limit employee access to sensitive data. Ensure employees are only allowed access to data essential for the duties of their job, and limit universal access to key personnel. Log all access to data and analyze those logs for strange behavior.

9. Keep important business data backed up. Regularly back up important business data and information, including documents, spreadsheets, databases, financial information, HR info, and accounting information. Install a scheme for automatic backup or perform a backup at least weekly, storing information offsite or in the cloud.

10. Purge or encrypt sensitive data. Purge customer credit card numbers and, expiration dates, and daily, and never store CVV2, PINs, PIN Blocks, or full track data codes daily. Maintain only the minimal data required for charge-backs and refunds.

11. Keep payment systems up-to-date and isolated. Ensure your credit and debit card readers are EMV-compliant, and work with your processing vendor and bank to ensure trusted anti-fraud systems and practices are in place. Isolate payment systems from less secure programs, i.e. don’t process payments and surf the Internet on the same machine.

12. Ensure a secure connection with TLS authentication. To abate customer fears about transaction security, make sure your ecommerce platform includes a strong Transport Layer Security (TLS) authentication scheme, such as Extended Validation, to authenticate the identity of your business while encrypting data in transit. Include prominently displayed trust signals (security seal) so customers know they’re safe shopping on your site.

13. Use multiple layers of security. Employ a firewall, then ensure contact forms, user registration and logins, and search queries are protected with extra layers of security to make sure your ecommerce site is protected from application-level cyber attacks like SQL injections and cross-site scripting.

New Malware Threat a Warning to Banks, Customers and ATMs

Beware Cash-Out Attacks, Banking Trojans Via Malvertising and POS Memory-Scraping Malware.

The new warnings center on three types of unrelated malicious code. For starters, malware has been spotted in the wild that is being used to drain cash from ATMs in Mexico, although security researchers warn that it could go global. The Shifu banking Trojan, meanwhile, has moved beyond Japan and is now being used to target customers of four U.K. banks. Finally, the notorious Neutrino crimeware has gotten an upgrade, allowing it to scrape POS device memory and steal payment-card data.

Cash-Out Attacks: GreenDispenser Malware

The newly spotted ATM cash-out malware has been dubbed "GreenDispenser," by cybersecurity firm Proofpoint, which says that while it has only seen the malware used to "cash out" ATMs in Mexico, the malicious code could soon spread to other countries "GreenDispenser provides an attacker [with] the ability to walk up to an infected ATM and drain its cash vault," Proofpoint security researcher Thoufique Haq says in a blog post. "When installed, GreenDispenser may display an 'out of service' message on the ATM, but attackers who enter the correct PIN codes can then drain the ATM's cash vault and erase GreenDispenser using a deep-delete process, leaving little if any trace of how the ATM was robbed." A deep delete in this case means that the malware not only deletes itself, but also employs Microsoft's sdelete to make it much more difficult for any malware-related bits and bytes to be recovered via later digital forensic analysis.

The malware resembles the PadPin - a.k.a. Tyupkin - ATM malware that first surfaced in March 2014, and which could be used to make an ATM dispense all of its money, in what's known as a "jackpotting" or cash-out attack, Proofpoint says, adding that it believes that installing the malware requires physical access to an ATM. Like PadPin, GreenDispenser is designed to interact with a set of standard programming interfaces, or APIs, that are built into most ATM host computers and components, known as XFS - which stands for "extensions for financial services"

Malvertising Attacks Now Serve Shifu Banking Trojan

The banking malware known as Shifu - after the Japanese word for thief - has returned, and is no longer just targeting Japanese banks. In a Sept. 25 blog post, the French researcher who maintains the Malware Don't Need Coffee blog, who goes by the name Kafeine, warns that in recent days, the malware has been spotted targeting four U.K. banks: Bank of Scotland, Halifax, Lloyds Bank and TSB. To date, it's not clear how many banking customers' systems may have been infected with the malware.

In August, IBM reported that it first saw Shifu being used for in-the-wild attacks, beginning at least in April. But Kafeine says that after cross-referencing his findings on Sept. 24 with security researchers at Fox-IT and Dell SecureWorks, they found that collectively they had been tracking Shifu since September 2014. "We were using a 'non public' name to talk about it," Kafeine reports.

In the United Kingdom, Shifu is being spread via malvertising attacks, Kafeine says. To date, it's not clear if these attacks are part of a campaign that has successfully served malicious advertising via multiple popular sites, including dating sites Plenty of Fish and Match.com

Neutrino Malware Targets POS Devices

Meanwhile, upgraded Neutrino - a.k.a. Kasidet - crimeware toolkit malware is also now targeting POS devices, report researchers RonJay Caragay and Michael Marcos at information security firm Trend Micro. Previously, the crimeware toolkit - which competes with Angler - was known in part for its ability to facilitate distributed denial of service attacks.

In a Sept. 24 blog post, Trend Micro says that new research has found that Neutrino version 2.9, which debuted in March, included for the first time the ability to steal credit card details - by "scraping" the RAM of infected devices, via a feature referred to as "ccsearch." But in July, it says, a cracked edition of version 3.6 of Neutrino - which had previously only been available via cybercrime markets, for a price - was leaked onto underground forums, meaning it is now available for free.

Trend Micro - which is headquartered in Japan - reports that based on data gathered from its users' antivirus software, the greatest number of recent Neutrino infections have been seen in Japan, followed by the United Kingdom, Taiwan, France and the United States. It warns that it saw a 1,288 percent spike in related malware detections between May and June, even before the malware became available for free in July. Neutrino, the security firm says, is designed to infect Windows systems via removable drives and network folders, and gives attackers the ability to use capture keystrokes and screenshots from infected systems, copy clipboard data, launch a remote shell, launch DDoS attacks, as well as steal data from POS device memory.

"Upgrading old malware to include POS RAM-scraping capabilities is a new technique in the threat landscape, but it's not surprising, given how lucrative stolen payment card data is," Trend Micro says. Furthermore, the release of the cracked, free version of Neutrino continues to lower the barriers to entry for payment-card-seeking criminals. "Scoring this tool is basically finding a valuable tool in a bargain bin and ending up not having to even pay for it," Trend Micro says