19 Oct

Is malvertising the newest threat?

As you may remember, in May 2017 Equifax, a provider of consumer credit reports, said it experienced a data breach affecting over 140 million US consumers after hackers exploited a vulnerability on its website. That’s about 44 % of the US population! The data exposed in the hack included names, Social Security numbers, birth dates, addresses, and, in some cases even driver license numbers. Unfortunately, this wasn’t the last time Equifax’s website was breached. The site was maliciously manipulated last week, this time to deliver fraudulent Adobe Flash updates. Visitors who clicked the link had their computers infected with adware, which only three out of 65 antivirus providers managed to detect.

If you come to think of it, this is really worrying; the site which previously lost personal data of so many US citizens with a credit history was once again attacked, this time to trick visitors into installing malware, called by Symantec Adware.Eorezo. Usually, in order to avoid being caught, attackers provide malicious downloads only once to just a select number of people. Surprisingly, this time the bogus Flash download links were served to the same visitor at least three times in a row. The Equifax site was redirecting users to the centerbluray.info page which delivered MediaDownloaderIron.exe file. Sometimes browser was redirected to at least four domains before finally opening the Flash download file.

Unfortunately, only Panda, Symantec, and Webroot were able to detect the file as adware. Luckily for our customers Webroot is part of our Managed Services Provider package, so we know we keep you safe. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.

It’s not yet clear how the Flash download page got displayed. Researcher Kevin Beaumont in his twit suggested that Equifax was working with a third-party ad network or analytics provider that’s responsible for the redirects. This could mean that the breach isn’t on the Equifax site and may be affecting other websites as well.

Source: https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/

Share this
11 Oct

Disaster recovery vs. security recovery plans: Why you need separate strategies

Many enterprises blend their disaster recovery and security recovery plans into a single and easy-to-implement package. But such an approach not necessarily makes sense. Undoubtedly security and disaster plans are related but not always the same things. Disaster recovery and security recovery have inherently different objectives: the former is more about business continuity and the latter about information asset protection. With disaster recovery plans we tend to focus on data quality in the first place and with security plans we rely on capability of protective control, we focus on “protecting forward”.

Many SMBs combine their disaster and security strategies as a matter of convenience, lured by so many similarities of those plans. Both types of plans include procedures to minimize the impact of a malicious event, that are followed up by procedures to recover from that event, as well as procedure to test and return to business as usual operations. Furthermore, both disaster recovery and security plans have an option that allows to minimize the possibility of a similar event occurring once again.

But if we dive deeper, we will find that the disaster recovery and security plans are fundamentally different:

  • Disaster recovery plans focus on recovering IT operations and business continuity,
  • Security plans focus on preventing or limiting IT interruptions.

Security recovery strategies need to be revisited and updated more frequently than disaster recovery plans. Events such as fires, floods or blackouts are unpredictable but we generally understand their nature. Security threats are also unpredictable, but their nature is often hard to be understood. Nowadays new external cyber threats are mushrooming, they become more and more technically developed and harder to detect, that is why it’s more difficult to keep a security recovery plan up to date. The number of natural or man-made disasters that can possibly threaten our business is relatively static. Keeping that in mind, all SMBs should implement separate disaster recovery and security plans for best protection.

Share this

© 2017 Network it Easy, Inc. All rights reserved.