Daily Archives: November 14, 2019

#infosec | Boom in Lookalike Retail Domains

Source: National Cyber Security – Produced By Gregory Evans

New research into domains registered with a trusted TLS certificate has found lookalike domains outnumber legitimate retails sites by more than 2:1.

In a study conducted by researchers at Venafi, suspicious domains targeting 20 major retailers in the US, UK, France, Germany, and Australia were analyzed. Researchers found over 100,000 lookalike domains that use valid TLS certificates to appear safe and trustworthy. 

Threat actors use fake domains, cunningly rendered to appear legitimate, to steal personal data and financial information from unsuspecting online shoppers. The domains are created using URLs that vary by only a few characters from the addresses used by the genuine stores they are imitating.   

According to Venafi’s research, growth in the number of lookalike domains has more than doubled since 2018. Among the top 20 online German retailers, researchers detected almost four times more lookalike domains than authentic domains.

In America, just one of the country’s top 20 retailers had over 12,000 lookalike domains being used to con its customers. 

Researchers tied the increase in lookalike domains to the availability of free TLS certificates, such as the ones available from Let’s Encrypt, which were used by 84% of the lookalike domains. 

Jing Xie, senior threat intelligence analyst for Venafi, said: “No organization should rely exclusively on certificate authorities to detect suspicious certificate requests. For example, cyber attackers recently set up a lookalike domain for NewEgg, a website with over 50 million visitors a month. The lookalike domain used a trusted TLS certificate issued by the CA who followed all the best practices and baseline requirements. This phishing website was used to steal account and credit card data for over a month before it was shut down by security researchers.”

Researchers urged online retailers to protect their customers by searching for suspicious domains and reporting them to the anti-phishing service Google Safe Browsing and to the Anti-Phishing Working Group (APWG). 

Researchers see no end to the profitable practice of domain spoofing. 

“Ultimately, we should expect even more malicious lookalike websites designed for social engineering to pop up in the future,” concluded Xie. “In order to protect themselves, enterprises need effective means to discover domains that have a high probability of being malicious through monitoring and analyzing certificate transparency logs. This way they can leverage many recent industry advances to spot high-risk certificate registrations, crippling malicious sites before they cause damage by taking away their certificates.”


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Boom in Lookalike Retail Domains appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#cybersecurity | #hackerspace | 4 Steps to Managing EdTech Security Risks

Source: National Cyber Security – Produced By Gregory Evans

EdTech security risks create ransomware, account takeover, and data security risks for school districts

New EdTech supports innovation in teaching and enriches learning. However, that same technology can leave you vulnerable to cyberattacks. It poses risks to student privacy and safety, and increases the risks you must face in terms of data breaches and ransomware attacks. Many people say that school districts are facing a cybersecurity crisis. Fortunately, there are steps you can take to manage EdTech security risks.

“Shadow” EdTech

Investment in the EdTech sector is growing rapidly. As a result, the number of EdTech SaaS applications that are available to teachers, students, and staff is also growing. Most EdTech applications in use today represent shadow EdTech. Shadow EdTech refers to applications that users are connecting to district Google and/or Microsoft environments through OAuth that you don’t vet or manage from the IT department. Many times you may not even know someone is using them. These applications contribute to the complexity of your district’s IT use and make securing district information systems even more challenging.

Schools Are Targeted by Cybercriminals

Local governments are the most targeted organizations for cybercrime. Education ranks in second place. In July and August 2019, schools reported 160 security problems. That number is higher than the number of all incidents schools reported in 2018.

Years ago, you managed your operating systems, several apps, and a few hundred devices. Now, you’re in a world where your systems include many versions of operating systems, hundreds of apps, and possibly thousands of devices.

Is Reducing Complexity the Answer?

You know that school budgets are restricting your ability to grow your IT department. You certainly don’t have the staff to assign to halting the use of shadow EdTech, and you may not even want to. Therefore, it isn’t possible to put in an immediate fix by reducing the complexity of your environment. You must manage the EdTech security risks that the complexity creates.

How Cyberattacks Have Affected School Districts

Cyberattacks have affected school districts in a variety of ways. Reports show that from January through September 2018, over 500 schools experienced ransomware attacks. Schools in Connecticut were the hardest hit. The state of Louisiana took a unique approach when cybercriminals attacked their schools.

The governor of Louisiana, John Bel Edwards, declared a state of emergency after attacks on three school districts shortly before the new school year started. This approach had the advantage of activating several state and private incident response teams. Those teams helped the school districts recover from the attacks before the districts had to cancel any school days.

It’s difficult to obtain accurate information on the impact of cyberattacks because many school districts don’t report them publicly. Regardless of the numbers you choose to believe, there is a sharp increase in the number of ransomware attacks in 2019.

The problem is so pervasive that the FBI issued a public service announcement encouraging all School District IT teams to raise their awareness of cyber threats. The FBI is especially concerned because schools regularly collect confidential data including personally identifiable, biometric, behavioral, classroom, disciplinary, and medical information. In the wrong hands, this type of data can be devastating to the affected individuals.

Problems Caused by Risky EdTech

Every industry must protect against cloud security risks, and education is no different. Cybercriminals can gain access to your systems in a number of ways. Phishing is a popular tactic. The hackers send emails with infected attachments, and when an unsuspecting user opens the attachment, the infection spreads and allows the hackers access.

When school users login to EdTech apps using their school credentials, they’re creating a potential vulnerability in your systems through a number of OAuth risks. Users love OAuth because they can use one login to access a number of systems. Let’s say a teacher uses their school Google account credentials to login to a classroom management app that uses the OAuth platform. That connection, if not properly secured and maintained, can provide hackers with an access point into your schools’ systems.

Besides ransomware shutting entire districts down, there are other problems caused by EdTech security risks. These issues include:

  • Account Takeovers: Hackers can takeover accounts of teachers and students. The hackers may be able to make purchases using a credit card. They can use their account access to send phishing emails to other contacts and gain access to more accounts and information. Or, they may be able to take over a Facebook profile and send bullying messages to other students based on their personal information. They could also take over an email account for an administrator and wreak all kinds of havoc.
  • Data Loss: Hackers can destroy school records once they have access. They’ve also been known to redirect contractor payments to dummy accounts that the hackers control, and use employee information to steal tax returns. On a personal level, students, staff, and parents can face identity theft, a problem that can take years to resolve.
  • Classroom and Learning Disruption: Whether students are unable to access online lessons, or teachers are unable to prepare and present online lessons, the disruption to the classroom and learning opportunities is a significant problem. Flagstaff school district recently had to cancel school due to a ransomware attack that impacted building security, phones, and other systems.
[FREE OFFER] Identify Your District’s EdTech Security Risks With A FREE Risk Assessment! Learn More >>

Managing Your District’s EdTech Security Risks

A survey by the Consortium for School Networking (CoSN) found that system admins rank cybersecurity as both their number one priority and their top challenge. Finding ways to manage EdTech security risks must be a top priority in cybersecurity strategies across the education sector. Here are four steps you can take to address that priority.

1. 24/7 Monitoring

Monitor permission settings and potentially malicious apps that represent OAuth risks. Monitor the activity on your systems to identify abnormal behavior that could result from an account takeover. This activity could be unusual login locations and lateral phishing emails that could indicate an account takeover.

2. Schedule Automatic Action

Identify the EdTech and SaaS applications that are connected to your district G Suite or Office365 systems. Then, automatically classify their risk potential. Once identified, you can take action automatically or manually to sanction, prohibit, remove, or notify the offender. In some cases, more than one of those actions is appropriate.

If your monitoring uncovers a known malicious app, or you determine an app to be malicious, define a procedure for checking with the user. Find out if the user added the app on purpose, or if it could be a result of an account takeover. In this situation, it’s a good idea to suggest that the user reset their account password.

3. Update Your Cloud Safety Measures

Review your G Suite for Education security features to ensure that you’re using them to the fullest. And, conduct a cloud security audit to identify anything you may be missing.

4. Create an EdTech Policy Manual
It’s critical that everyone in your district understands the importance of protecting the security of your data. They should also be aware of the fact that cybercriminals are targeting K-12 institutions. Make sure the manual defines:

  • The EdTech that is approved for use
  • The minimum security and privacy requirements for new EdTech
  • The process for vetting new EdTech apps

Managing your EdTech security risks is one of the best weapons you have against cybercriminals. If your school district doesn’t have an automated system to identify and manage the EdTech apps that are connected to district G Suite and Office 365 environments, your defense isn’t as strong as it could be. Fortunately, identifying EdTech security risks in your environment doesn’t have to be difficult—or particularly expensive. Take the first step in identifying potential EdTech security risks with a free security risk assessment by ManagedMethods!

The post 4 Steps to Managing EdTech Security Risks appeared first on ManagedMethods.

*** This is a Security Bloggers Network syndicated blog from ManagedMethods authored by Katie Fritchen. Read the original post at: https://managedmethods.com/blog/edtech-security-risks/

Source link

The post #cybersecurity | #hackerspace |<p> 4 Steps to Managing EdTech Security Risks <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

4 Best Free Online Security Tools for SMEs in 2020

Source: National Cyber Security – Produced By Gregory Evans

online website security testing tools

Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in the UK, over 50,000 British SMEs could collapse next year following a cyberattack.

This article brings a list of free tools that are already being used to combat these alarming challenges and enabling SMEs to arm themselves against a wide range of cyber offenders.

Website Security Test with GDPR and PCI DSS Compliance Scan

The problem: It would be hard to come across an SME without a website, or at least a web page on the Internet. Such websites are habitually poorly protected, becoming low-hanging fruit for cybercriminals. Even if the website does not store or handle any payment transactions or otherwise sensitive information, once breached, access to it can be sold in Dark Web marketplaces from $5 to $500 depending on the website’s popularity, industry, and quality of visitors.

Cybercriminals will then exploit the website to send spam, proliferate spyware and ransomware, and distribute Remote Access Trojans (RAT) tailored to empty e-banking accounts of unwitting visitors. As well as reputational damage and falling sales, such unforeseeable incidents can likewise trigger protracted and expensive lawsuits from the victims, let alone fines and penalties imposable under GDPR and a mushrooming myriad of other privacy laws and regulations.

Worse, once your website is identified as a source of spam, malware, or DDoS attacks stemming from the breach, Google and other search engines will swiftly blacklist it. The integrity of your SEO efforts and Google Ads investment will vanish in minutes and for many months, while Google support will be reviewing your complaint to delist you from the dangerous websites’ purgatory. In most cases, however, your existing position in search results (SERP) will be irretrievably lost.

The tool: Our first free online tool is, therefore, a website security test that not only searches for web vulnerabilities, weaknesses, and configurations but also runs a GDPR and PCI DSS compliance scan:

website security scanner

The free test just requires a website URL to start; no registration or installation is required. The following non-intrusive and production-safe website security tests and checks will be performed:

  • In-depth CMS scan for 50,000+ known web security vulnerabilities
  • A full scan of WordPress, Drupal, Joomla and Magento plugins
  • Full scan for Open Source Software and its components
  • Check of privacy and security HTTP headers
  • Check of Content Security Policy (CSP)
  • Check for presence in Black Lists
  • Check for malware

On top of this, you will get a detailed assessment of the applicable requirements from the following compliance and regulatory standards:
Importantly, the free test is equipped with a quick OSINT discovery of your subdomains, providing broader visibility of External Attack Surface. The test likewise provides a free API if wanting to automate the testing or export vulnerability data into any existing cybersecurity solution or platform.

Mobile Application Security and Privacy Test

The problem: Mobile applications and ecosystems are bringing a steadily growing income to SMEs who are reaching new customers and markets across the globe with their products and services.

The emerging mobile marketplace is, however, not without its drawbacks and pitfalls. Insecure mobile apps, or a poorly implemented data encryption of transmitted data, may expose sensitive customer data, trigger reputational injury, and considerable financial losses. Some cases may even lead to lawsuits from belligerent clients and immense financial penalties from the data protection authorities and regulatory agencies.

Moreover, your app can be permanently banned from the Apple and Google Play stores, causing irreparable and protracted damages to your business.

The tool: To detect, mitigate, and prevent such undesirable consequences in a timely manner, we present a mobile security test for your iOS and Android applications:

website security scanner

The free test requires your mobile app to be uploaded, or if the application is already available in Google Play, just to type its name in the search box and select it from the list. No installation or registration is required to test on your mobile apps.

During the security scanning process, the following checks and tests will be conducted:

  • In-depth OWASP Mobile Top 10 security scan
  • Smart scan for hardcoded passwords and API keys
  • Holistic privacy check and inventory of application permissions
  • Dynamic (DAST) testing of your mobile application binary for security flaws
  • Static (SAST) testing of your mobile application source code for security flaws
  • In-depth Software Composition Analysis (SCA) for known Open Source Software (OSS) risks
  • Review encryption of the data sent to the mobile app backend (APIs and Web Services)
  • Malware and Cryptojacking scan

You will get a consolidated overview of your mobile application security and privacy with actionable excepts of problematic source code and recommendations on how to fix the issues. Additionally, you may use a free API to automate testing of your mobile apps before releasing a new version, for example.

SSL/TLS Encryption and Certificate Test with PCI DSS, NIST and HIPAA scan

The problem: The modern-day Internet would be impossible without encryption. Even beginners know that a green lock icon on the left side of the browser address bar is a good indicator of trust and confidence. Properly implemented SSL/TLS encryption and correctly installed SSL certificate may boost your online sales and provide you with a competitive advantage on the global market.

If you are running an e-commerce website and accept payments in credit cards, you likely adhere to strict security requirements imposed by PCI SSC on online merchants, including the most recent version of PCI DSS. Amid those 12 well-thought security requirements, due implementation of SSL/TLS encryption plays a notable role to safeguard credit card data from interception and theft.

The formidable GDPR also unambiguously requires a properly implemented encryption strategy whenever you process, store, or handle any Personally Identifiable Information (PII) of Europeans or European (EU) residents.

Recently, Google introduced an important amendment to its search and ranking algorithms, clearly giving preference to websites with flawless HTTPS encryption in accord with the industry best practices.

The tool: Let’s now have a look at this free SSL/TSL security test which is able to rapidly scan your website and its subdomains for all know encryption misconfigurations and related weaknesses:

website security scanner

In contrast to many other SSL security tests and online encryption validation tools, this one is capable of testing not only the HTTPS encryption but likewise fits well for email (e.g., POP3S, IMAPS, STARTTLS) and all other common SSL/TLS implementations on any port.

The test just requires your website or server name and then will rapidly conduct the following checks and scan for:

  • Over 30 known SSL/TLS implementation vulnerabilities including Poodle and Heartbleed
  • PCI DSS Requirements for SSL/TLS encryption, cipher suits, and SSL certificate
  • NIST Guidelines on SSL/TLS, including an in-depth check of all cipher suits
  • HIPPA Guidance on SSL/TLS hardening and implementation
  • Insecure (non-HTTPS) insertion of external web content
  • SSL certificate chain and CA check

Moreover, the test will enumerate all your subdomains discovered with non-intrusive OSINT reconnaissance. Eventually, you can seamlessly automate regular scanning by using the free API.

Domain Security Test

The problem: Phishing is probably one of the most prevalent and well-known problems that cost billions of dollars every year to inattentive or careless victims. With the skyrocketing increase of Business Email Compromise (BEC) attacks, also intertwined with so-called “CEO Fraud” emails, phishing prevention merits a special place in your cybersecurity strategy.

Domain attacks, including typosquatting and cybersquatting, impersonate your brand and trademarks in the digital space. They steal your visitors and website traffic, parasitizing on your goodwill and hard-won reputation. In small and rapidly growing markets, such freeloaders may undermine your marketing efforts and negate your previous success.

Last but not least, fake accounts in social networks that pretend to represent you or be somehow connected with your business may likewise bring a lot of reputational harm and loss of profit.

The tool: To tackle the foregoing challenges, you should try this phishing and domain security test:

website security scanner

All you need to commence the test is to enter your domain name. The test will meticulously crawl over 200,000,000 of the existing, or previously existing domains trying to find infringers, imposters and other digital parasites.

It will depict your domain security by delivering an up2date inventory of malicious domains and websites including:

  • All currently known phishing, malware and scam websites exploiting your brand
  • Fake accounts on Twitter, Facebook, and other social networks
  • Full list of typosquatted domains abusing your brand
  • Full list of cybersquatted domains abusing your brand

The test is likewise capable of identifying and distinguishing the websites and domains that belong or are operated by your organizations, marking them appearing in blue. While all other rogue domains will appear in red and require your attention for prompt takedown action.

Check these and other free security tests by ImmuniWeb® Community offering and stay secure in 2020!

The Original Source Of This Story: Source link

The post 4 Best Free Online Security Tools for SMEs in 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof