Month: June 2016
Recent research has highlighted the need for greater controls to prevent minors from accessing pornography. The UK’s Middlesex University recently conducted a study on 1,001 children between the ages of 11 and 16. The study revealed 28% of children aged either 11-12 had viewed online pornography, while the percentage increased to 65% for 15-16 year olds. 94% of those children had seen online pornography by the age of 14. In total, more than half of the children who took part in the survey – 53% – had viewed sexually explicit content online.
The survey showed that approximately one fifth of children who had seen pornography online had actively searched for it; however, 28% claimed to have viewed pornographic material accidentally, via popup windows that had appeared when surfing the Internet for instance.
More Must be Done to Prevent Minors From Accessing Pornography Online
Peter Wanless, chief executive of the NSPCC – The National Society for the Protection of Cruelty to Children – said, “A generation of children are in danger of being stripped of their childhoods at a young age by stumbling across extreme and violent porn online.”
The Children’s Commissioner for England, Anne Longfield is concerned. Not only about the number of children that are viewing age-inappropriate material online, but also how difficult it is for parents to control what their children can access online.
She points out that this is the first generation of children that have Internet-enabled devices. The technology has “taken the Internet from the front room, where parents can monitor use, to their bedrooms or the playground, where they can’t.”
Parents must take responsibility for controlling the web content that can be accessed on home networks. Businesses must also take steps to ensure that pornography cannot be viewed on public Wi-Fi networks.
Wanless says, “Some companies have taken the initiative when it comes to online safety, and we will continue to put pressure on those that have not yet done so.”
Blocking Access to Online Pornography with Web Filters
Any business that provides customers with access to their Internet via Wi-Fi hotspots should take steps to ensure that access to age-inappropriate material is restricted. Providing customers with unrestricted access to the Internet could potentially allow minors to accidentally or deliberately access online pornography.
Hotels, restaurants, coffee shops, shopping malls, retail outlets, and public Wi-Fi hotspots should have controls in place to block the accessing of pornography.
By implementing a web filtering solution, it quick and easy to prevent pornographic material from being viewed on the network. Many web filtering solutions, such as WebTitan Cloud for WiFi, can be easily configured to block pornographic material and pop-ups. WebTitan Cloud for WiFi can also be configured using blacklists, such as those issued by the Internet Watch Foundation. The IWF maintains a list of webpages known to contain child pornography and child abuse images.
If you want to prevent minors from accessing pornography while connected to your WiFi hotspots, contact the TitanHQ team today and find out how you can use WebTitan Cloud for WiFi to keep your Wi-Fi network secured.
Organizations can use the NIST Cybersecurity Framework to assess their cybersecurity programs, but many may discover they have not done nearly enough to reduce the risk of cyber incidents. Recent research conducted by RSA suggests that three quarters of companies have a significant cybersecurity risk exposure and are ill prepared to prevent and deal with cybersecurity attacks.
This is the second year that the RSA Cybersecurity Poverty Index has been produced, and the second year running that 75% of organizations have shown that they face a high risk of cyber incidents occurring.
The research shows that organizations are investing heavily in perimeter defenses, yet a majority have under-developed incident response capabilities. “We need to change the way we are thinking about security, to focus on more than just prevention – to develop a strategy that emphasizes detection and response,” said Amit Yoran, CEO of RSA.
RSA suggests that organizations that invest more heavily in detection and response technologies are in a much better position to defend against cyberattacks than organizations that concentrate on perimeter defenses. However, more than half of the organizations that took part in this year’s study have virtually non-existent incident response capabilities.
The study revealed that the risk of cyber incidents is not particularly well understood by many organizations, and that it often takes a security incident that negatively impacts the business before organizations implement appropriate defenses to defend against cyberattacks. In many cases, businesses simply do not understand how cyber risk can affect their organization and it takes a major incident to make that crystal clear. Organizations that regularly deal with cyber security incidents have a much better understanding of the need to boost defenses, and of the technology needed to shore up security.
Too Little Being Done by the Majority to Address the Risk of Cyber Incidents
The number of organizations taking part in this year’s study more than doubled. Study participants numbered 878 this year, and came from 81 countries around the world.
While organizations are still exposed to a high risk of cyber incidents, this year’s data show that things are improving. Many organizations now have more mature capabilities. This year, 7.4% of respondents said their organizations had advantaged capabilities compared to only 4.9% last year.
45% of respondents said their ability to assess and mitigate cybersecurity risk was virtually non-existent. Only a quarter (24%) of respondents classed their organization as being mature in this area.
Interestingly, the financial service industry, which is believed by many to have relatively advanced cybersecurity protections, was not rated as highly as expected. Last year, 33% of organizations in the financial services industry rated their capabilities as developed or advantaged, while this year only 26% rated their capabilities as such. The aerospace and defense industries had the highest rated organizations in this area (39%) while government organizations and the energy industry rated capabilities the lowest (18%).
EMEA organizations had the highest level of overall maturity with 29% of respondents from these countries rating their capabilities as advantaged or developed. APJ organizations came second with 26%, while organizations in the Americas were lowest at 23%.
This week saw a host of updates issued by Microsoft to address critical flaws in Windows, although 44 security vulnerabilities in total have been addressed in the updates. These vulnerabilities affect a wide range of its products including Windows, Internet Explorer, Edge, and many of its Microsoft Office products. The updates were spread across 16 security bulletins, 6 of which were rated by Microsoft as critical. The remaining patch bundles were marked as important.
Critical Flaws in Windows Addressed this Patch Tuesday
To address the latest critical flaws in Windows, all of the patches should be applied as soon as possible. However, some are more important than others and should be prioritized. MS16-071 is perhaps the most important, especially for organizations that run their DNS server on the same machine as their Active Directory server. This update addresses critical flaws in Windows Server 2012 and Windows Server 2012 R2.
MS16-071 addresses a single flaw in Microsoft’s DNS server; however, the flaw is highly serious. Malicious actors could potentially exploit this vulnerability which allows remote code execution if an attacker send malicious requests to the DNS server. The update modifies how the DNS servers handle requests.
Microsoft has also issued updates to address vulnerabilities in Internet Explorer – MS16-063 – and Microsoft Edge – MS16-068. These two flaws would allow an attacker to gain the same rights as the current user if that individual visits malicious websites configured to exploit the vulnerability.
MS16-070 should also be updated as a priority. This security bulletin addresses a number of flaws, one of which could be exploited via spam email. It addresses vulnerability CVE-2016-0025, which concerns the Word RTF format. This could be exploited to yield RCE to the attacker. Worryingly, an attacker could exploit the flaw without an email even being opened, should that message be viewed using message preview in Microsoft Outlook.
Adobe Flash Zero Day Being Actively Exploited
While all of these updates are important, there is an even bigger worry. A new zero-day vulnerability in Adobe Flash Player has been discovered by Kaspersky Lab researchers. Adobe has been alerted that an exploit already exists for CVE-2016-4171 and that it is being actively exploited in the wild. At present, the vulnerability is being exploited in targeted attacks on organizations by a new hacking group referred to by Kaspersky Lab as “ScarCruft.”
Earlier this week, Adobe said it will delay the issuing of updates in order to address this new vulnerability. CVE-2016-4171 affects Adobe Flash v 22.214.171.124 and previous Windows, Mac, Chrome OS, and Linux versions. Updates are expected to start rolling out today.
Researchers at FireEye have reported that the Angler Exploit Kit has been updated and that it is now capable of bypassing Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) protection – the first time this behavior has been observed in the wild.
Angler Exploit Kit Could be Used to Deliver any Malicious Payload
The Angler exploit kit is being used to exploit vulnerabilities in Silverlight and Adobe Flash plug-ins. If vulnerabilities are found, Angler downloads its malicious payload: TeslaCrypt ransomware. Teslacrypt was closed down a few weeks ago and the authors released a universal decryption key that can unlock all infections. Anti-virus firms have since developed tools that can be used to remove TeslaCrypt infections. However, it is probable that the Angler exploit kit will be updated to deliver other malicious payloads for which there is no known fix. Many distributors of TeslaCrypt have already transitioned to CryptXXX.
Currently EMET protections are only being bypassed on devices running Windows 7, although it is probable that attackers will soon develop EMET bypasses that work on more recent versions of Windows. That said, updating to later versions of Windows will help organizations improve their security posture. If an upgrade is not possible or practical, sys admins should ensure that patches are applied promptly. If possible, ActiveX should also be disabled as should Flash and Silverlight plugins. Uninstalling unnecessary software and disabling plugins will reduce the attack surface.
EMET was developed to prevent malicious actors from exploiting memory corruption vulnerabilities, and while this has proved effective at some preventing attacks, the bypass shows that Microsoft’s protection is not 100% effective. While EMET can be used to reduce the risk of ransomware and other malware infections, system admins should not rely on EMET alone. Multi-layered security defenses should be employed to keep networks protected, as this bypass clearly shows. It is still essential to use anti-virus and anti-malware software and to keep definitions up to date.
While efforts can be made to prevent exploit kits from taking advantage of vulnerabilities in plugins, enterprises can reduce risk further by stopping end users from visiting websites known to host exploit kits. By implementing a web filtering solution and restricting access to certain categories of website, enterprises can greatly enhance their security posture.
Microsoft has recently given Windows users a new incentive to upgrade to Windows 10: A ransomware worm called ZCryptor. The new ransomware variant exhibits worm-like capabilities and is able to self-replicate and infecting multiple devices. The malicious file-encrypting software infection will not be prevented by upgrading to the latest version of Windows, although additional protections are included in the Windows 10 release to make infection more difficult.
The new ransomware variant, called ZCryptor.A, is primarily distributed via spam email messages containing malicious macros, although the Microsoft security advisory indicates the ransomware worm is also installed via fake installers such as those claiming to update Adobe Flash to the latest version.
If ZCryptor is installed, the ransomware searches for removable drives and installs an autorun.inf file on the device. When the drive is disconnected and connected to another computer, the ransomware is able to spread, infecting a new machine.
The ZCryptor ransomware worm is capable of encrypting 88 different file types according to the Microsoft advisory, although some samples have been detected that are capable of infecting as many as 121 different files types.
Once installed, the ransomware generates a fake Windows alert indicating a removable drive cannot be detected. The pop-up will continue to be displayed while the ransomware is running and is communicating with its command and control server. The purpose of the pop-up is unclear, although presumably this is generated to prompt the user to disconnect the drive. This could be a ploy to get the victim to connect the removable drive to a different computer thus spreading the infection.
The ransomware worm displays an HTML window explaining that all personal files on the computer have been encrypted. A ransom demand of 1.2 Bitcoin is demanded ($500) for the decryption key to unlock the infection. Victims are given 4 days to pay the ransom or the ransom demand increases to 5 Bitcoin. The attackers claim that after 7 days the unique decryption key will be permanently destroyed, and all encrypted files will remain permanently locked.
While anti-virus software developers have been able to find vulnerabilities in a number of other ransomware variants and develop fixes, no known fix currently exists for a ZCryptor infection. Victims will either have to restore all of their files from a backup or will have to pay the ransom. Of course, there is no guarantee that the attackers will make good on their promise and will supply a valid decryption key.
Ransomware Worm Represents Next Stage of Malware Development
Many organizations now employ web filtering solutions such as WebTitan to block malicious URLs containing exploit kits. By blocking these attack vectors, it is becoming harder for cybercriminals to infect computers.
Spam filters have similarly been developed to be much more efficient and effective at blocking malicious spam email. SpamTitan now blocks 99.97% of spam, making it much harder for malicious attachments and links to reach end users.
Due to the improved cybersecurity protections in place in many organizations, ransomware developers have had to develop new methods to spread infections. The development of ransomware that exhibits worm-like behavior does not come as a surprise. Security researchers believe that these ransomware worms are likely to become much more common and that self-propagating ransomware and malware will soon become the norm.