Posts

7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defences phishing, Security, email security against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification
Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

2sv

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

security-key

Watch “The Key to working smarter faster and safer” on YouTube

 

2. Deploy Password Alert extension for Chrome
The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation” under both “User Settings” and “Public session settings.”

password-alert

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data
Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

api-permissions
4. Publish a DMARC policy for your organization
To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.5. Disable POP and IMAP access for those who don’t need it
The Gmail clients (AndroidiOSWeb) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.

By choosing to disable POP and IMAP, admins can ensure that all G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. POP and IMAP access can be disabled by admins at the organizational unit level.

Note: all third-party email clients including native mobile mail clients will stop working if POP and IMAP are disabled.

end-user-accessalert
6. Encourage your team to pay attention to external reply warnings
By default, Gmail clients (AndroidWeb) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled by the Admin console control in the “Advanced Gmail” setting.
external-warnings
7. Enforce the use of Android work profiles
Work profiles allow you to separate your organization’s apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.
android-settings
These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017, which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

Reference by Google.com

How to prevent Wannacry or WannaCrypt Ransomware

Best practices to prevent ransomware attacks:

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Establish a Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organisation’s website directly through browser
  • Restrict execution of PowerShell /WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging and transcription enabled. Send the associated logs to a centralised log repository for monitoring and analysis.
  • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA%, %PROGRAMDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations. Enforce application whitelisting on all endpoint workstations.
  • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.
  • Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organisation and can provide a hybrid approach when the organisation depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  • Maintain updated Antivirus software on all systems
  • Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
  • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf
  • Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)
  • Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
  • Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.
  • Network segmentation and segregation into security zones – help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.
  • Disable remote Desktop Connections, employ least-privileged accounts.
  • Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems, Check regularly for the integrity of the information stored in the databases.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications.
  • Enable personal firewalls on workstations.
  • Implement strict External Device (USB drive) usage policy.
  • Employ data-at-rest and data-in-transit encryption.
  • Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.
  • Individuals or organisations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

 

Reference by google.com

Beware of Spora – a professionally designed ransomware

Spora is a recent addition to the ransomware family that Quick Heal Lab has come across.  It is a file encryptor ransomware that encrypts a user’s files with strong encryption algorithm and demands a ransom. Spora is launched with a good infection routine, the capability to work offline, well-designed and managed payment portal dashboard, decryption key purchase options.

Infection Vector

Spora is delivered to the victim via spam emails containing a malicious .ZIP file as an attachment. This .ZIP file contains an HTML Application (‘.HTA’) file that pretends to be an invoice in .PDF or .DOC format, wearing double extensions to those files (e.g. <file_name>.pdf.HTA). As ‘Hide extensions for known file types’ option is marked checked by default in many systems, it increases the chances of getting trapped in opening an .HTA file by mistaking it for harmless file types.

Infection Routine

Spora has a multistage infection behavior. When a malicious .HTA file is executed, it drops and executes the below files into the system using VBScript program:

  • ‘%Temp%\close.js’
  • ‘%Temp%\doc_6d518e.docx’

• It is actually a file encryptor component that performs file encryption.
• doc_6d518e.docx is a corrupt file that is intentionally dropped and opened to keep the victim busy in viewing it while files are getting encrypted in the background.

spora ransomeware

Figure 1: Corrupt document to fool a victim

Spora was not found appending any extension to the encrypted files. When encryption is over, a ransom note is displayed (shown below), highlighting the uniquely generated ‘Infection ID’ and basic instructions.

spora ransomeware note

Figure 2. Spora ransom note with an infection ID

A .KEY file is dropped on the desktop, containing information about ‘encrypted-encryption keys’ used to encrypt files. In order for the victim to get complete access to the payment portal, they need to upload .KEY file to the portal to synchronize the infected computer with the payment portal. To do so, the below panel is provided.

spora ransomware key

Figure 3. Key upload panel on Spora payment portal

 

Once synchronized, the victim can choose from a number of purchase options available on a ‘My Purchase’ section of the portal.

 

spora ransomeware purchase

Figure 4. Decryptor purchase options

FULL RESTORE – With this, the user can have all their encrypted data restored.

IMMUNITY – With this, the user can buy immunity against future Spora attacks.

REMOVAL – With this, the user can have the Spora malware completely removed from their computer.

FILE RESTORE – Offers two options; decrypt two files for free or decrypt a selection of files for $30.

As you can see, Spora offers the victim with a variety of options to take care of the situation. For instance, a victim might be less likely to pay the ransom because they know they have safely backed up their data. However, they would still want to have the malware removed from the system – which gives the ‘Removal’ option.

Quick Heal Detection
Quick Heal antivirus successfully prevents Spora infections at multiple stages.

Quick Heal Email Protection successfully prevents download of the malicious .ZIP attachment which is the first stage of the infection.

Quick Heal detection

Figure 5. Quick Heal Email Protection

As shown in the image above, the malicious .HTA file has been successfully detected as ‘JS.Nemucod.BJF’ and deleted thereafter.

Quick Heal Anti-ransomware protection successfully detects potential file encryption activities and alerts the user

Quick Heal Anti-Ransomware alert

Figure 6. Quick Heal Anti-Ransomware alert

Quick Heal Behavior Detection System successfully detects malicious activities and alerts the user

Quick Heal Behavior Detection System alert

Figure 7. Quick Heal Behavior Detection System alert

Conclusion
It is not hard to guess that the creators of Spora have taken their time in developing this ransomware to make it effective, and professional at the same time.

A nicely designed decryptor portal dashboard, synchronization between the portal and infected system using a .KEY file, and multiple purchase option for decryption signify how attackers are using complex tactics in creating ransomware.

How to stay safe against such ransomware attacks

  • Never download attachments that arrive in emails from unknown or unexpected sources.
  • Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
  • Apply all recommended security updates (patches) to your Operating System, and programs like Adobe, Java, web browsers, etc.
  • Install an antivirus software that offers several layers of security. More importantly, keep the software up-to-date.

 

Reference by Quick Heal

Data Privacy Day – 10 tips to keep your data secure

Recognized annually on January 28th, Data Privacy Day is defined as a centered approach towards respecting privacy, safeguarding data, and enabling trust. It is a global effort to raise and promote awareness around protecting one’s data and privacy. With this thought in mind, we have put together these 10 security tips on Data Privacy Day.

10 Security Tips on Data Privacy Day

1. Change the passwords of your online accounts. Here are some tips to build strong and unique ones:

  • Use a mix of uppercase and lower letters
  • Use special characters
  • Use numbers
  • Use at least 8 characters

Also, here’s a fun way to create a password that is strong and can be easily remembered. First, think of a phrase or the title of your favorite book or movie; say, “The Girl With The Dragon Tatoo”. Now, take the first letter of every word in the title – this will give you tgwtdt. Capitalize a letter, add some numbers, and special characters – and you will have the ultimate password Tgwtdt#$8945B. We tested the strength of this password, and it seems that a hacker will take about 273 years to crack it. Find it out yourself – https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html

2. Take a back up of all your important data stored on your computer and mobile device. You can either take the backup over Cloud or an external hard drive. Taking regular data backups can save you from the aftermath of a virus attack or system crash – especially a ransomware infection. Ransomware is a malware that hijacks your data and demands money (ransom) to release it.

3. Data Privacy Day is not only about storing or saving data. It also advocates the importance of disposing of your information securely. Data that you delete from your computer or mobile device does not really get deleted permanently. It can still be recovered with advanced data recovery tools. So, while removing sensitive information, ensure it is gone forever. Know how to delete your data securely.

4. It is unsafe to store login ID and passwords, banking details, social security number, and other such sensitive information on your mobile device or computer. But, if you can’t help it, ensure that the data is encrypted. When you encrypt an information, it gets converted into an unreadable form, and can only be read by you. So, even if a situation arises wherein your data falls into the wrong hands, you can rest assured that it won’t get misused.

5. Just like you won’t hand over your wallet, ID card, or house key to a stranger, avoid sharing your personal information on the Internet; these could be unfamiliar websites, survey forms, online friends, unsolicited emails, and anything/anybody that asks for your information. When it comes to Data Privacy, it’s wise to be a miser in sharing your data.

6. Banking or shopping online using unsecured Wi-Fi networks can let attackers steal your personal and financial information. While using any such network, ensure it is accessible only with a login ID and password.

7. Before installing any mobile app, review its permissions carefully. Many a time, you may come across an app that asks for permissions that are not actually required for it to function on your device. For instance, if a simple Flash Light app is asking your permission to access your device’s Internet, contact details, photos, etc., then chances are it is a malicious or a potentially dangerous app. So, stay cautious against such threats.

8. One of the greatest threats to your data and privacy is phishing. Phishing is defined as an attempt to trick you into providing your personal or financial details so that the attacker can commit illegal acts using your name. Any unknown or unexpected communication (email, call, SMS, etc.) that carries a sense of urgency and requires you to provide your personal information should be treated as a phishing attack. Always ignore such communications and report them to the right authority.

9. With mobile devices becoming an integral part of our everyday lives, they store massive amounts of data about us, our friends and family members. More importantly, being smaller and compact, they are more vulnerable to theft. So, it is only logical to protect these devices with a PIN, fingerprint or a password. We do not recommend the Pattern Lock because they are easily noticeable and less secure. Also, it is wise to keep the Automatic Lock feature ON at all times.

10. While you follow all the steps mentioned above, also consider getting a trusted antivirus solution. The software that you choose must offer multiple layers of security that can block ransomware, fake, infected and phishing websites, emails designed for phishing attacks, malicious downloads, and unauthorized data storage devices.

 

Reference by Quick Heal

Ransoc – An unusual ransomware that threatens to expose your personal information

Mostly a ransomware encrypts your files and demands money in exchange for a key that can decrypt the data. And the payment is demanded in Bitcoins. Ransoc is different in the way it works and the medium it uses for the payment.

How does Ransoc work?
Once your computer is infected by Ransoc, it gathers your personal information from your Skype and social media profiles and scans your system for Torrent files and other sensitive information. It then displays a ransom note. Interestingly, the ransom note is customized for a particular user and has their social media details including their profile picture. The ransom note threatens the victim with a fake legal proceeding and also that the ‘sensitive’ information found on their computer will be made public if the ransom is not paid.

Now, two important points to note here:

  1. Ransoc, unlike other ransomware, does not encrypt any files on the infected computer.
  2. Reportedly, the ransom note is displayed only in a case where the ‘sensitive’ information found by the ransomware includes child pornography or illegally downloaded Torrent media files.

So basically, the creators of this ransomware are targeting the victim’s fear of facing legal complications and losing their reputation instead of their data.

Further, where all ransomware creators use Bitcoin to remain hidden from law enforcement, Ransoc asks its victims to pay via credit card; this kind of payment approach has been unheard of in ransomware attacks till now.

How Quick Heal helps?

Quick Heal’s Virus Protection proactively detects the ransomware as “Ransomware.TorLocker.PB5” and prevents it from performing any activity on your computer.

Quick heal Total Security Detected Ransomeware

How to stay safe from ransomware attacks

  • Never click on links or download attachments that arrive in emails from unwanted, unknown or unexpected sources.
  • Apply all recommended security updates (patches) to your Operating System, and programs like Adobe, Java, web browsers, etc.
  • Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
  • Avoid using outdated browser plugins or plugins that you do not use anymore.
  • Invest in an antivirus software that comes with several layers of security such as Web Security that blocks infected websites, Email Security that blocks infected emails, Phishing Protection that blocks fake websites, etc.
  • Always keep your antivirus software up-to-date to stay safe against new threats.

Reference by Quickheal

 

 

45 Killer Security Tips to Follow on Computer Security Day

30th November is observed as Computer Security Day all over the world.On this important day, we have lined out an exhaustive list of some of the best security tips on how to keep your digital lives safe, secure, and hackproof. So, let’s get cracking!

  • While revealing any personal or financial information on the Internet, ensure that the website’s URL begins with ‘https’ and is accompanied by a padlock symbol. These two elements indicate that you are on a secure website and that your information is safe.
  • While using free, unsecured WiFi networks or public cyber cafes, never shop or bank online, or login into online accounts.
  • Always go for long, unique, and hard-to-guess passwords. Keep different passwords for different online accounts.
  • Use Secure Browsing for your Facebook account.
  • Don’t bother selecting options that say ‘Keep me logged in’ or ‘Remember me’ on websites, especially when you are on public computers.
  • Prefer keeping a secondary email address for using it on websites that require you to share certain personal information. Also,  use your primary email address to stay in touch with people you know or are acquainted with.
  • Avoid using your official email address for social media sites or any other websites other than that of your organization.
  • For sites related to social media, music downloads, file sharing, etc., use an email address that you do not use for important communications such as those related to your bank, income tax, medical appointments, and the like.
  • Tighten your privacy settings on Facebook so that only your friends are notified about your activity.
  • While choosing a password, ensure that you are not using any kind of personal information such as your name, date of birth, address, pet’s name, street name and so on.
  • While using the Internet in a public place like restaurants, shopping malls, airports, etc., ensure that no one’s snooping on you from behind your back.
  • If you receive any emails that ask you for your personal or banking information, delete them straightaway. Exercise caution against links or attachments in unexpected or unsolicited emails. It is wise to verify any such communication with the sender first, before responding to them.
  • If there is any online account of yours which you are not using for a long time, have it removed or deactivated.
  • It is wise not to make your photos or videos public on the Internet. Keep them visible only to people you know personally.
  • Never respond to pop-up advertisements that may come up on your screen, no matter how inviting or genuine they may look. The safest way to close such pop-ups is from the task manager; press Alt+Ctrl+Delete.
  • Before downloading and installing any kind of free software, do a quick research on the software and the website hosting it. Reading user reviews about the same is also important.
  • Do not visit websites that you are not fully aware of or those that can be accessed from emails or mobile messages.
  • If you have downloaded a file online, ensure that you check its extension before clicking on it. Files with multiple extensions can be bad news for your computer.
  • Make it a point to log out once you are done. This is more essential when you are using a system in a cyber café.
  • Avoid responding to or clicking on social media posts that claim to show unusual content such as shocking videos or unseen events, etc. Always verify such news from genuine news websites.
  • It is advisable to access your bank’s website by typing its URL in the address bar. Never access the same from an email or SMS.
  • Secure your wireless network at home by changing its default password and using WPA2 encryption.
  • Always keep your computer’s operating system and other programs up-to-date and patched. It is advisable to keep Automatic Updates to ON.
  • If you can’t avoid using an unsecured WiFi connection for checking your emails or doing an online transaction, consider using a VPN (Virtual Private Network). This will ensure that your private details do not get snooped on by anyone.
  • Never download software/applications that come as attachments in emails, even if the emails look like that have been sent from a trusted source.
  • For online shopping, trust well-known and reputed websites that have been in the market for quite some time.
  • If you are installing any browser plugin, ensure that it is trusted and is a current one.
  • Protect your computer with a security software that offers multilayered protection from viruses, spyware, Trojans, malware, and online banking threats.
  • Increase your knowledge about cyber threats and cyber security; share the same with friends, family and acquaintances.
  • Always trust your instinct. If you think an online offer, or an email sounds too good to be true or suspicious, assume that it is.
  • If you are buying from an online website for the first time, it is advisable to choose the Cash On Delivery option, instead of making an upfront payment.
  • Ensure that you change your online banking passwords every 6 months, and never share them with anyone.
  • Avoid the option of saving your credit/debit card information on websites.
  • Any kind of financial details should not be shared on phone or email, even if the caller/sender seems genuine or appear to belong from a reputed organization.
  • Avoid downloading software from unverified publishers. Your system will always prompt you the information whether the publisher is verified or not before the software gets installed.
  • Always lock your computer and smartphone when not in use. Do not leave it unattended, especially in public places.
  • Create passwords that have a mix of uppercase and lowercase letters, numbers, and special characters. Also ensure that your password is at least 8 characters long.
  • Accept friend requests, on social media and other online platforms, only from people you know and are acquainted with.
  • Protect your smartphone and other mobile devices with a screen lock such as PIN or PASSWORD. Turn the automatic screen lock function ON.
  • Avoid rooting or jailbreaking your device; this makes your device more vulnerable to malware and attackers.
  • Install apps only from trusted and official sources like App Store, Google Play Store, etc.
  • Turn OFF Wi-Fi, Location Services, and Bluetooth when not in use.
  • Avoid sending or saving overly sensitive information like passwords, user IDs, banking information, etc., on your mobile device.
  • Avoid installing mobile apps that ask for unnecessary or more-than-required permissions.
  • Protect your mobile device with a reliable mobile security app that can automatically prevent installation of malicious apps, block infected or malicious websites and offers features such as anti-malware, anti-theft, location tracking, secure data backup, call & SMS blocking, etc.

 

Reference by Quick Heal

Beware of online fraudsters

Beware of online fraudsters trying to obtain your personal details

Portfolio Items