Category: Blog

Data Breach Costs Hilton $700,000 In Settlement

Hilton Hotels is in hot water, having recently been fined a hefty $700,000 in an agreement with the states of New York and Vermont over the company’s mishandling of a pair of recent data breaches.

According to official statements released by investigators, the company was found to have made two glaring errors: failing to maintain reasonable data security, and failing to notify victims of the data breach in a timely manner.

This second was seen as being particularly egregious, given that the company waited more than nine months before notifying its customers of the first of the two breaches. Eric T. Schneiderman, the Attorney General of the state of New York, said:

“Businesses have a duty to notify consumers in the event of a breach and protect their personal information as securely as possible.

Lax security practices like those we uncovered at Hilton put New Yorkers’ credit card information and other personal data at serious risk. My office will continue to hold businesses accountable for protecting their customers’ personal information.”

According to the particulars of the agreement, New York State will receive $400,000 of the damages, and Vermont will receive $300,000.

The lesson here is as simple as it is painful. If you don’t take proper precautions and implement reasonable security when it comes to protecting your customers’ data or inform your impacted customers in a timely fashion, you’ll eventually pay the consequences.

Those consequences took two forms. First and most obvious to the eye is the hefty fine itself. Although Hilton is a large corporation with deep pockets, $700,000 isn’t exactly pocket change, and it’s bound to sting. Second, the company lost an enormous amount of face with its customers and tarnished its image and reputation. The lost trust arising from their mishandling will take far longer to rebuild than it will for the company to make up the financial loss represented by the fine.

File this one away under how not to handle a data breach.

Latest Store With Payment Breach Is Forever 21

Unfortunately, another high-profile data breach has surfaced. The latest company to fall victim is US-based fashion retailer Forever 21, operating more than 800 stores in 57 countries.

The company became aware of the breach when they were notified of “unauthorized access to data from payment cards that were used at certain Forever 21 store locations.”

The investigation into the incident is ongoing, and we don’t have full details yet, but here’s what we know so far:

• Although the company had attempted to bolster security by implementing a token and encryption-based system that was designed to protect transaction data on the company’s point-of-sale system, an implementation issue at some store locations left POS equipment vulnerable, and these were the devices the hackers gained access to.

• Anyone who shopped at a Forever 21 location between March and October 2017 may have been impacted.

At this point, three significant pieces of information are missing. We do not yet know exactly which stores were impacted, nor how many of Forever 21’s customers may have seen their credit card information exposed, or what level of access the hackers may have had to the transaction data. We also don’t yet know if the group responsible got any personally identifiable information from the affected terminals.

The company’s official announcement regarding the breach included the following statement:

“Forever 21 immediately began an investigation of its payment card systems and engaged a leading security and forensics firm to assist. We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter.”

If you’ve shopped at any Forever 21 location during the timeframe mentioned above, be aware that your payment data may have been compromised. For now, the best thing you can do is monitor your credit card statements closely for any unusual activity and report it immediately if you find it.

Report Shows Small Percentage Of Employees Know About Ransomware

The statistics are alarming. Ransomware is fast becoming the favored hobby horse of hackers worldwide. Barely a week goes by that a new strain isn’t introduced into the wild, with expensive, and often tragic consequences. Right now, the average amount paid by office workers impacted by a ransomware attack is $1400, a figure that continues to creep higher.

What’s perhaps even more alarming, however, is the fact that although companies the world over have made a concerted effort to sound the alarm on the danger this type of software represents, no more than 30 percent of knowledge workers have any real understanding of the dangers that ransomware poses, according to Intermedia’s 2017 Data Vulnerability Report.

One of the most curious findings of the report was the fact that employees more often shoulder the costs of ransomware payments than employers do, with fully 59 percent of impacted employees paying the ransom out of their own pockets.

Unfortunately, small and medium-sized businesses are particularly vulnerable to this large and growing threat. Jonathan Levine, Intermedia’s CTO, had this to say on the topic:

“As ransomware continues to evolve and become more advanced, organizations of all sizes and types must acknowledge it as a very real threat. This is especially true for SMBs that may not have the resources, tools or training that larger organizations use to recognize, prevent and protect themselves from such attacks. Ransomware can infiltrate and shut down an entire business through just one infected computer. More often than not, SMBs feel they are forced to pay a ransom they can’t, but must afford, and hackers realize this.”

Perhaps worst and most distressing of all is the fact that 19 percent of the time, even when a ransom is paid, the files are never unlocked, making it a bad gamble. If you run a company of any size, make sure your employees from top to bottom fully appreciate the threat this attack vector poses.

Malware Infections Grow 4X In Just One Quarter

The world’s hackers have been busy according to the latest report by Comodo security, which tracks the total number of threats around the globe, quarter by quarter. The latest statistics are alarming, showing a massive jump in the total number of malware infections reported in the third quarter of 2017. Reports show nearly 400 million infections.

What’s worse is that the infections have spread to literally every corner of the globe. No nation is completely safe.

Digging more deeply into the statistics offered by Comodo, we find that the top five countries for malware infections this quarter were:

  • Russia
  • The United States
  • Poland
  • The United Kingdom
  • And Germany

These five nations combined accounted for fully 80 percent of the total number of infections reported.

Breaking the infections down by type, we find the following as the top 5:

  • Trojans (13.7 million)
  • Viruses (5.4 million)
  • Worms (2.8 million)
  • Backdoors (553,000)
  • And Packed Malware (284,000)

Diving even more deeply into the statistics yields more good information, including the fact that poorer nations tend to be afflicted more often by viruses and worms as these nations tend to use older, unpatched or unlicensed software. These types of infections tend to run rampant in Southeast Asia, Southeastern Europe, Africa and South America.

The report also details that the number of large-scale email phishing attacks is on the rise, due in no small part to the recent popularity of Locky and other strains of ransomware, with the largest phishing attack having been conducted from August to September 2017. According to the report:

“This attack was unique in its combination of sophistication and size, backed by a botnet spread across more than 11,000 IP addresses in 133 countries in just the first stage of the attack. Also, the malware was designed to avoid detection by sandboxing and artificial intelligence technologies common in many endpoint protection systems.”

All in all, it’s a fascinating, though disturbing read, and points to the rapidly increasing sophistication of the world’s hackers that will no doubt continue to spell trouble for security professionals around the globe.

Granting Photo Access In iPhone Might Allow Unauthorized Photographing

An Austrian software engineer named Felix Krause has made a disturbing discovery about iPhones using iOS11. Once an app has been given permission to access the device’s camera, it can take pictures and videos without alerting the user and upload them to the internet in real time.

Unfortunately, there are a lot of apps that users grant camera permissions to. Basically, any time you upload an avatar or post a picture with an app, you’ve got to give it camera permissions to do that.

Krause documented his findings in a short video presentation. As long as an app with camera permissions was in the foreground, it could snap photos literally every second, all without the user being alerted to what was going on.

Krause was quick to point out that he wasn’t naming names, and so far, at least, there are no known instances of malicious apps abusing this flaw, nor are any legitimate apps misusing it to anyone’s knowledge. The simple fact that it is possible, though, opens the door to a whole host of malicious apps that could, and that’s disturbing.

For the moment, there are really only two ways to address the issue: either go in and modify all your apps’ permissions so that they no longer have camera access, or use lens covers to make it so that your front and back cameras can’t record anything unless you specifically want them to.

Longer term, there are a number of things Apple could do to address the issue. The two simplest fixes would be introducing expiring permissions for apps to allow for more precise user controls, or introducing LED lights that would activate any time the camera was in use, thus giving the user a clear visual marker.

In any case, for the moment, it’s important to know that your phone may be watching and/or recording you.

More Bad News For OnePlus Phone Users

OnePlus phones have been getting plenty of bad press lately, thanks to malicious apps found to be factory-installed on a percentage of the devices, along with some intrusive data collection features the manufacturer has installed. As it turns out, though, the story gets worse.

Recently, a security researcher going by the alias “Elliot Alderson” discovered a factory-installed application called “Engineering Mode” that can perform a series of intrusive hardware diagnostic routines, and can even be used to root the device. What’s worse is that security flaws in the app make it easy for hackers to exploit.

Alderson believes that the likeliest scenario for the existence of the Engineering Mode application is that it was a diagnostic app installed and used at the factory to test OnePlus phones prior to shipment.  Somehow, the app was never uninstalled after the initial testing was completed, exposing OnePlus users to extreme danger of losing control over their devices and any data stored on them.

According to Alderson, all a hacker would need is physical access to the phone. Once he has it in hand, one simple command is all it takes to root the phone. Other researchers have independently verified Alderson’s findings. Since he first published them, the company has admitted their mistake and promised to remove Engineering Mode from all OnePlus phones in a future update, although no ETA has given for when that might occur.

If you currently own and use a OnePlus phone, be aware of this and use with caution. Keep on the lookout for the update from the manufacturer which will remove the “feature” for you, but if you’d rather not wait, you can go into the phone’s settings and manually remove it.

Physical security of smart devices has always been vitally important, but in the case of the OnePlus, that’s doubly true. Keep it close!

New Ransomware “BadRabbit” Starting To See Infections In The US

You may not have heard of the new strain of ransomware known as BadRabbit. If you haven’t, it’s because the overwhelming percentage of BadRabbit attacks have been occurring in Russia, which accounts for 71 percent of all known infections at present. Unfortunately, there have been a few infections reported in the United States, which may be a harbinger of things to come.

The new threat is functionally similar to NotPetya, which not only encrypts the files on a target system, but also then encrypts the file system, which gives the victim a lovely ransom lock screen before the OS can even boot up.

Fortunately, there are simple things you can do to help protect yourself from this latest threat.

Event Log Monitoring

Windows Defender is capable of recognizing the threat, provided you’re using detections update 1.255.29.0 or higher. If you haven’t updated to this version, do so immediately.

Once that is done, be aware that BadRabbit will schedule tasks using the names “Viserion,” “Rhaegal” and “Drogon.” If you see any of these, it’s a clear sign of an infection in process on your network. Administrators can attach scheduled tasks to events bearing these names, running specified commands should one of these be detected. For example: initiating a “shutdown -a” command.

Obviously, this stuff can be quite complicated. We would highly recommend you reach out to us to not only scan your network, but to also evaluate your entire network for potential threats or vulnerabilities. Ransomware is a real threat that is literally shutting down businesses, and this is on a global scale. If you aren’t being proactive against hackers, you can easily find yourself locked out of your own network.

BadRabbit is just the latest in hackers’ arsenal of ransomware and threats on your network. If you are as concerned as we are, give us a quick call.

Touch And Vibration May Be The Fingerprints Of The Future

Researchers at Rutgers University have hit upon a novel idea that could be a game-changer in terms of biometric identification. The team published a paper entitled “VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration,” and demonstrated a prototype of the device at the Association for Computing Machinery (ACM) conference in Dallas, Texas.

The new technology is a lesson in simplicity, consisting of a simple vibration motor and a receiver on most any solid surface (wood, metal, plastic, glass etc.). The motor sends vibrations to the receiver, and when the user touches the surface, the vibration waves are modified, creating a unique signature.

By itself, this isn’t terribly remarkable or exciting, because a single finger touching the surface in question doesn’t create a signature that’s unique enough for individual identification. On the other hand, combining that basic idea with the act of drawing a pattern or entering a PIN on a vibrating surface would create patterns of sufficient complexity to identify individual users, and that’s where the real magic is.

It should be noted that at this point, the technology isn’t ready for mass production, and the research team estimates that it’ll probably be another two years until it is. Among other things the group still needs to improve are:

• Accuracy – There’s not much more to be done on this front. The current model is 97 percent accurate, producing only three percent false positives. However, that last three percent is crucial.

• Sensitivity – At present, the most persistent complaint associated with using the new technology is that users often have to re-enter the PIN, or retrace the pattern multiple times before they can pass the device’s authentication checks.

• Weather – Ideally, these devices could be placed everywhere, but in order for that to become a reality, they’ll need to be tested in a wide range of temperatures and humidity levels, which hasn’t been done yet.

All in all, it’s an exciting new technology with tremendous possibilities. It’ll be interesting to see how well it is accepted by the market.

Epson Printer Having Issues? It Could Be A Microsoft Update

Do you have an older Epson printer that suddenly stopped working? If so, it may not be the printer at all, but a recent Windows update that lies at the heart of the issue.

German engineer Gunter Born tracked the problem to the following Microsoft Patches:

  • KB4048953 for Windows 10, Ver. 1607
  • KB4048954 for Windows 10, Ver. 1703
  • KB4048955 for Windows 10, Ver. 1709
  • KB4048957 for Windows Server 2012, R2
  • KB4048958 for Windows 8.1
  • KB4048959 for Windows Server 2012
  • And KB4048960 for Windows 7, Service Pack 1

These recent updates caused a malfunction where Epson dot matrix printers are not recognized if they are connected via USB cables.

Epson users noticed the problem immediately, of course, and the issue was reported on a wide range of support forums across the internet as users cast about desperately for a solution. Microsoft ended speculation into the matter fairly quickly, confirming the recent patches as the root cause of the issue, and promised that a patch to the patches was coming. As of now, though, we don’t have an ETA on when the fix can be expected.

In the interim, users can still make use of their printers by uninstalling the faulty updates. Gunter Born recommends running the following command in a cmd.exe window:

Wusa /uninstall /kb: xxxxx /quiet /warnrestart

If this command is run as Administrator, and “xxxxx” is swapped out for the faulty KB update you installed, printer functionality will be restored.

It’s far less than optimal, though, because those updates contained a variety of patches for security issues. However, if you need immediate access to that printer, until Microsoft issues a revised patch, it’s about the only option you’ve got. Just make sure your IT staff is aware so that they can be on the lookout for the update.

Large Number Of HP Models May Have Keyloggers

HP is in the news again. If you missed the initial story, earlier in the year, it was reported that an audio driver that came pre-installed on a number of HP laptops contained keylogging code that stored every key stroke made by the person using the machine to a human-readable file. Once discovered, HP issued a patch that removed the keylogging function and deleted the data file.

Now, an independent security researcher going by the name “ZwClose” has discovered more built-in keyloggers in 460 HP Notebook models and counting.

At issue is the SynTP.sys file, which is an integral part of the Synaptics Touchpad driver that ships with a great many HP Notebooks. Although the keylogger is disabled by default, a hacker could enable it using open source tools, simply by changing a registry value.

After HP was notified, the company released a security advisory, which included the following:

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”

Since the release of the security advisory, HP has issued a driver update that removes the code for all affected models, so from a business and security standpoint, there’s nothing to be done here.

In an era where privacy on the internet is under increasingly intense assault, however, it’s worth noting that this is the second time an issue like this has been tied to HP equipment, and that’s concerning.  Privacy matters, and if you’re concerned about it, then two such issues might be enough to make you start looking at some other vendor when it comes time to start replacing or upgrading your equipment.