Latest Posts

Latest Comments


Top security threats: September 2015


Posted by |

In reviewing recent security breaches, it appears that attacks are getting more sophisticated. Yet in the majority of cases some simple techniques were used to obtain valid credentials. Two factor authentication, usually a combination of something you know, such as a password and something that is dynamic, will prevent such attacks and should be considered for external facing critical systems. The second common factor in recent security breaches is the human element. Security awareness training is still vital, along with robust password and reset processes. Your staff should be trained to detect and act appropriately when faced with social engineering and other potentially phishing email and phone calls.  You should have a strong enforceable password policy across all systems.

In our blogs we always talk about the importance of patching and we think this cannot be overstated. Looking at September 2015 and the published vulnerabilities in the American NIST National Vulnerability Database we found some interesting facts. In September alone, 143 Adobe vulnerabilities were recorded, 14 new ones for Internet Explorer and 15 for Google Chrome. Ensure that your browser, Adobe reader and Adobe flash are getting updates automatically so they can be protected as soon as possible, as they are a common vector to be exploited.

These threats caught our eye this month:-

  • SYNful Knock: Attackers have targeted Cisco routers to replace their operating systems as a way to gain control. Access doesn't appear to have been gained through security flaws though, as the hackers are likely to have used valid security credentials to have gained access to the device. Having been detected in Ukraine, Philippines, Mexico and India, we should monitor how widespread it becomes. The mitigation includes a scanning tool from Cisco Systems to detect infected systems.
  • Lockerpin: As the latest in the line of CryptoLocker related Ransomware, this affects phones and enters the device to lock users out. A Mobile Device Management (MDM) system may be able to mitigate this and provide an alternative to a factory reset that would cause disruption and data loss for affected users.
  • WhatsApp: This popular app has experienced a new-found vulnerability, which although only affects the companion web interface, puts 200 million users at risk. An attacker sends a 'vCard' contact card via WhatsApp that contains a malicious code. Once opened the file can distribute malware. All an attacker needs is the phone number associated with the account. WhatsApp has since mitigated the vulnerability and patching is available for protection.



Post a comment

Comment submitted! Comments needs approval before being displayed.