Protect your Office 365 account against password hacking

By enabling Multi Factor Authentication (MFA) on your Office 365 accounts you can reduce the chance of a hacker getting access to your data

Recently we have seen more instances of Office 365 passwords being compromised to either:

  • Trick the user into transferring money into the attackers account.

  • Data encrypted and held for ransom.

  • Extortion

Good password practises and passwords is essential, but having a multiple authentication before having access to your data is another step the attacker has to take to gain access. Attackers will most likely pick and easier target when they encounter this.

Multi-Factor Authentication for Office 365 is a feature that prevents access to your data and email unless on a trusted device or through a second authentication.

Other features are also available on your Office 365 tenancy including: Azure AD integration, password policies and self service password reset

mr_robot-copy.gif


Bitcoin Extortion Password Scam

beware-of-password-scam-735x400.jpg

You may have recently received an email claiming hacking of your system where data, activity or login details were captured. The blackmailer then demands payment to a bitcoin address.

The emails that raise the most concern are the emails that contain user passwords. These passwords are normally collected from previous leaks where passwords were leaked or hacked.

We have recently recorded an increase in distribution of this email:


Hello!

My nickname in darknet is keir43. I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from <email address> is <password>

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $802 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): <Bitcoin Walled Address> As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours! After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere! Good luck!


What to do:

Most of these emails can be ignored, however if your email address and password has been previously leaked, it is advised to change your password on that site, and any other sites that use the same password.

Your passwords should be complex and unique, they should meet or exceed your company password policy requirements. In the absence of a complexity policy you can use this as a guide:


Poor, or weak, passwords have the following characteristics: 

  • Contain less than eight characters.

  • Can be found in a dictionary, including foreign language, or exist in a language slang, dialect, or jargon.

  • Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.

  • Contain work-related information such as building names, system commands, sites, companies, hardware, or software.

  • Contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.

  • Contain common words spelled backward, or preceded or followed by a number (for example, terces, secret1 or 1secret).

  • Are some version of “Welcome123” “Password123” “Changeme123”

To check if your details were previously leaked, you can use this website: https://haveibeenpwned.com/

if you are at all unsure, please feel free to call us

Security - Largest data breaches of 2017

Now we are in 2018, its time to look back at 2017 and the exploits that have had the biggest impact:

last year was an eye opening study in real-world repercussions for cyber security lapses. Executive firings, stock drops and class action settlements were among the knock on effects of a data breach.

  • Uber – Massive data breach of 57 million accounts. CSO Joe Sullivan and his deputy Craig Clark both lost their jobs for their roles in maintaining poor security standards and unethical handling of the breach debacle.

  • Equifax – Data Breach impacted 147 million customers. Following the public disclosure of the breach, the credit bureau lost a staggering $4 billion in market cap! This is living proof that data breaches impact stock prices. The CSO, CEO and CIO all stepped down from their roles. This story shows that public backlash against security blunders is now reaching the boardroom.
  • Securities Exchange Commission – The SEC released information about a breach that occurred last year of its EDGAR financial disclosure system that could potentially put at risk stock trading information. SEC Chair Jay Clayton was brought up in front of a senate panel to explain.
  • Anthem – The fallout from a class action against Anthem was the biggest on data breach settlements record! Following the breach of 80 million patient records, Anthem had to shell out $115 million in settlements.
  • UK NHS – This incident didn’t just put jobs or money at risk, it also put lives at risk too. The WannaCry outbreak in March caused an interruption in 16 different hospitals across the UK.
  • Yahoo – Although this was reported in 2016, the fallout from the breach continued when Verizon managed to secure a $350 million discount in their acquisition of Yahoo. Good thing too as after the deal went through Verizon discovered the breach actually impacted 3 billion users, not the 1 billion originally disclosed by Yahoo.
  • Marissa Mayer – The Yahoo fallout also affected the bank balance of the former CEO of Yahoo. Verizon forced her out early due to the breach. The board clearly made an example out of their leading executive. Mayer lost a $2 million bonus and up to $12 million in stock compensation as a result of how the company handled its data during her tenure.

The days of pretending that data breaches don't matter to the business or to executive job security are quickly drawing to a close. This past year has shown how real the implications can be for business viability, for the job prospects of top brass in charge when lapses occur, and even for the personal finances of CEOs when it all goes south.

Trend Antivirus has been making some massive movements in this space and just came out on top of NSS Labs 2017 Breach Detection Report with a 100% score. Let us know how you can better protect your data and IT assets from exploits.

Security - Meltdown and Spectre

2 new security vulnerabilities affecting every modern Intel processors has been discovered. These hardware bugs allow data, such has passwords and sensitive information, to be leaked to the attacker. 

The vulnerability allows the attacker to read the contents of the systems memory while the applications are running. this includes web browsers, email and business applications.

Cloud service providers have been frantically patching their systems to prevent data being stolen between its customers.


meltdown-text.png

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.


If you are wondering if you are affected by these exploits, the answer is probably yes.

What can you do to Mitigate this?

Patches and workarounds are available for these exploits, please contact ATS to discuss what is required to patch your infrastructure.