E-commerce sites continue to be hacked, Microsoft details how an organization was stung and CIRA offers free DNS service.
Welcome to Cyber Security Today. It’s Monday April 6th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
I’ve reported before about gangs that infect e-commerce web sites to skim off credit and debit card numbers. A security firm called RiskIQ has discovered a new technique that hides its code from being discovered on infected websites. So far it’s seen 19 unnamed sites infected with this new attack. This means web site administrators and companies that provide the credit card processing modules some companies buy for their sites still aren’t carefully watching for infection. Probably attackers are getting into these sites by suckering administrators to click on links in email that end up stealing passwords.
Microsoft has just issued a report on a successful attack that crippled an unnamed organization that started out this way: The attacker sent a bunch of infected emails to the organization’s staff. One employee clicked on the attachment, and that downloaded a file that stole his email and company passwords. That started a chain of events: The infection allowed the first victim’s email to send out messages to other employees. Those recipients assumed the message came from a colleague so they clicked on the link, infecting their computers. Within a few days almost every computer in the organization was infected. Then on a Saturday virus made all of the computers inoperable by making them run so fast they ate up all of the internet connection. According to the report, it cost the organization $1 million to clean their machines. The victim firm wasn’t named, but some media say it sounds like an attack reported publicly on a city in Pennsylvania. How did this happen? One problem was the IT and security department only scanned for malware in incoming emails. IT systems weren’t looking for suspicious email going between employees on the internal computer network. Another was that IT hadn’t implemented multifactor authentication for logins. These were two very costly mistakes.
Finally, one of the problems with the internet is it allows criminals to set up web sites that impersonate legitimate companies and spread malware. That’s because of a weakness in the Domain Name System, known for short as DNS. DNS is a sort of telephone book that translates familiar internet addresses, like “ITWorldCanada.com,” into the nine digits that’s the real internet address of the company. A good antivirus suite has defences including a strong firewall that can block you going to a malicious web site after you’ve clicked on a bad link. Businesses and governments pay for a DNS resolver service to protect employees. For those of you working at home who want this extra layer of security, there’s a free blocking service offered by the Canadian Internet Registry Authority. The C.I.R.A. is the body that regulates the .ca domain. You have to be able to open the set up page of your router. There are instructions at www.cira.ca. Look for Canadian Shield.
CIRA also has a free security guide for those of you who are new to working from home. Look under Resources and Cybersecurity Course.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon