9
May, 2018
tech_term_forensic_computer_400.jpg

Tech Term: Computer Forensics, Defined

tech_term_forensic_computer_400.jpg

Pop culture gives us an impression of what cyber investigations look like. Official-looking people, in impeccable suits, typing away at terminals and analyzing the data scrolling past them on their heads-up displays. In reality, computer forensics (as they are actually called) are a little less dramatic, and much more serious. For today’s tech term, we’ll dig into the field of computer forensics.

What are Computer Forensics, and What Are They Used For?
Computer forensics can be defined as the application of certain specialized techniques to locate and analyze the information on a computer or computer system, protecting it for use as evidence in a trial. Once the requisite warrants have been acquired, a forensic technician is tasked with isolating the device from outside influence by disconnecting it from the Internet before copying every file and poring over their contents for evidence.

The investigator must make a copy of these files so as to preserve the original evidence. Accessing a file can be enough to change it slightly, potentially rendering their evidence inadmissible.

Computer forensics can be leveraged in a wide variety of cases, as any given device may contain evidence of a crime to be, or that was, perpetrated, as well as effectively be the scene of the crime itself. An investigation dives deep, not only focusing on the presence of files, emails, or other documents pertinent to the case on the device, but also on an analysis of these items’ metadata, as it reveals when data appeared on a computer, when it was edited and saved last, and who the user was that carried out these actions.

These methods have been used to crack cases involving a dirty laundry list of crimes, as this sample of their uses suggests:

  • Intellectual Property Theft and Industrial Espionage
  • Employment Disputes
  • Bankruptcy Investigations
  • Inappropriate Email and Internet Usage in the Workplace
  • Regulatory Compliance
  • Forgeries and Fraud Investigations

Alternative Sources of Analysts
Of course, law enforcement are not the only bodies that maintain and utilize computer forensics labs. Six major companies, including Walmart, American Express, and Target, have accredited laboratories, and there are countless other independent labs that have not been accredited. These in-house labs can often outperform traditional law enforcement groups, as they are better able to keep their solutions on the cutting edge.

In fact, these labs are often recruited by law enforcement to assist in solving crimes. Target’s labs have announced in the past that they have assisted with “felony, homicide, and special-circumstances cases” on a volunteer basis for years, a spokesperson claiming in 2008 that a full quarter of cases worked by Target’s laboratory had nothing to do with the company.

How Does Your Technology Compare?
If you want a team on your side that will take as much care to protect your solutions as a computer forensics team does to track down cybercrime, give NuTech Services a call at 810.230.9455.

29
Jan, 2018
keyboard_gavel_400.jpg

Perpetrators of Three Major Cyber Crimes Have Pled Guilty

keyboard_gavel_400.jpg

Every so often, it’s nice to hear about when the good guys win and cybercriminals get their comeuppance. Three such cybercriminals have entered guilty pleas to charges related to major cybersecurity events.

Mirai
Mirai was a malware strain that creates a botnet out of enslaved Internet of Things devices. By leveraging the resources of these IoT devices, Mirai took down networks and websites. 20 and 21-year-olds Josiah White and Paras Jha have pled guilty for developing and leveraging Mirai.

The duo were co-founders of Protraf Solutions LLC, a company that would mitigate DDoS attacks. Their business model was to sell their solutions to their DDoS victims, or use the DDoS attack the old-fashioned way: as a means of collecting ill-gotten monies from those desperate enough to pay them to stop the attack. Along with 21-year-old Dalton Norman, White and Jha also used Mirai to power a click fraud scheme that net them about 200 Bitcoin, Norman alone netting 30.

Mirai ultimately went on to power one of the biggest attacks the world has ever seen, using IoT devices to take down Dyn, causing many major websites to go down.

Ultimately, the three young malware developers were each charged with click fraud conspiracy, earning each a $250,000 fine and a stay of up to five years in prison. Jha and White plead guilty to conspiracy charges for writing and using Mirai and were each sentenced to an additional 5 years in prison and $250,000 fine, as well as three years of supervised release.

NSA Data
An employee of the National Security Agency, Nghia Hoang Pho, pled guilty on December 17, 2017, to a charge of “willful retention of national defense information.” According to the United States Justice Department, Pho was hired in 2006 as a developer for the Tailored Access Operations unit. The Tailored Access Operations unit, or TAO unit, creates specialized hacking tools that are used to collect data from the information systems used by overseas targets.

Between 2010 and March of 2015, Pho removed classified data and stored it on his home computer, which utilized antivirus software from Kaspersky Lab. Kaspersky Lab is suspected of having been exploited by Russian hackers to steal documents, perhaps including the ones Pho removed and saved at home.

The United States Department of Homeland Security has since issued a directive that bans the use of Kaspersky software in federal agencies. Pho could face up to 10 years in prison and is scheduled for sentencing on April 6.

Yahoo
One of four men who faced indictment in March of 2017 has pled guilty to hacking into Yahoo and exposing the usernames, passwords, and account information for essentially every Yahoo user, with the number of victims counting to about one billion.

22-year-old Karim Baratov, a Canadian, has been charged with working for two members of the Federal Security Service of the Russian Federation. In his work for the FSB, Baratov hacked into 80 accounts, as well as a total of over 11,000 webmail accounts since 2010. Baratov also provided hacking services that enabled access to accounts with Google, Yahoo, and Yandex, via the use of spear-phishing through custom content and a malicious link.

For his activities, Baratov has pled guilty to a total of nine counts. One count, for aggravated identity theft, has a mandatory sentence of two years, while each of the other eight counts could net him 10 years in jail and a fine of $250,000. However, the federal sentencing guidelines established in the United States could reduce the final sentence considerably.

While it is nice to see those responsible for cybercrime paying their dues, it is even better for certain cybercrimes to be prevented in the first place. NuTech Services can help your business with that. Call us at 810.230.9455.

18
Sep, 2017
ponzi_pyradmid_money400.jpg

Cybercriminals Who Use This Malware Will Get A Nasty Surprise

ponzi_pyradmid_money400.jpg

Do you know what a botnet is and how it works? It’s basically a network of infected computers that can be used to perform Distributed Denial of Service attacks, overloading target networks and forcing them to endure downtime. They can also be used to distribute malware and other threats. What’s worse than this, you ask? Hackers can purchase botnets on the black market to use against their targets, but a new type of botnet strain is changing the way this works.

The black market is no stranger to sketchy sales. Users can pay with Bitcoin for the development of malware and other threats without knowing the first thing about hacking or technology. However, this convenience comes at a price, as any users of the new Cobian botnet now know. The malware involved–njRAT–surfaced in 2015 and includes a lot of terrifying features. Hackers can use a keylogger, webcam control, remote code execution, and even screensharing, just by shelling out some Bitcoins to a fellow hacker.

What these would-be hackers don’t know is that the developers include encrypted code which allows them access to the master control switch of the botnet. In other words, while users are purchasing their own botnets to use for whatever they want, full control of any botnets purchased is held solely by the developer of Cobian.

NakedSecurity describes the way that the botnet masks its presence, as well as how the threat activates when it’s time for its master to take over: “Cobian’s executable payload disguises itself as a Microsoft Excel file. Cobian’s secondary payload then checks to see if the second-level operator is online. If so, then the code that enables the author to acquire master control operates to evade detection. If the second-level operator is offline, the secondary payload acquires the address of the author’s command and control servers from Pastebin.”

It just goes to show that you can never trust a hacker–but you probably already knew that. This story should be a lesson for businesses that don’t suspect they are at threat of a hacking attack. If anyone can access threats like a botnet, you’ll need to step up your defenses to keep your business safe. NuTech Services can help with this task–to learn more, reach out to us at 810.230.9455.

8
Sep, 2017
fbi_cybersecurity_400.jpg

Essential Cybersecurity Tips From The FBI

fbi_cybersecurity_400.jpg

In 2016 former President of the United States Barack Obama passed the Cybersecurity National Action Plan that implemented near-term action and developed a longer-term strategy of bringing awareness and protections to public computing systems connected to the Internet. The strategy is to make an immediate effort to empower citizens to protect their own privacy, while also maintaining public safety and national and economic security, as many of the most critical systems this nation utilizes are networked on the web.

For the average small business, it is more crucial than ever to avoid the pitfalls that lay on the internet. Victims of cybercrime deal with an endless number of issues, including drops in revenue, data loss, downtime, and fines/restitution if they are unable to keep their networks secure. Below are a number of line-items that the Federal Bureau of Investigation recommends to keep your data secure, and to avoid becoming a victim of the most pressing malware on the Internet today: ransomware.

  • Raise Awareness: Ensure that you make a point to make your staff cognizant of the threat of a ransomware infection.
  • Updates and Patches: Make sure to patch your operating systems, software, and firmware on all of your digital assets.
  • Auto Update Security Software: Lean on enterprise-level antivirus and anti-malware software to conduct regular scans and catch potential malware.
  • Limit Super Users: Ensure that you don’t just hand out administrator access to your mission-critical systems. Managing access is one of the best ways to keep untrustworthy entities out of your network.
  • Access Control: As stated above, access control is essential to ensure that you know who can and should be in parts of your network. If your users only need read-specific information, they don’t need write-access to files or directories, mitigating risk.
  • Filters and Application Control: Deploy software restrictions to keep programs from executing from location where ransomware may be found. This includes temporary folders found to support Internet browsers and compression/decompression programs.
  • Data Backup & Disaster Recovery Plan: Create data redundancy by having a comprehensive backup and recovery plan in place.
  • Multiple Storages: Ensure that each storage unit is stand-alone to avoid major problems with backups and other forms of storage.

Governments absolutely have to have a strategic plan on how to deal with cybercrime, and as a solid practice, businesses should follow suit. If you want to make sure your strategies are top-level, visit https://www.fbi.gov/investigate/cyber/news to see what the FBI is doing to protect their computing infrastructure. For more great security information, subscribe to our blog.

27
Mar, 2017
watson_vs_cybercrime_400.jpg

Step Aside Sherlock, Supercomputer Watson is Investigating Cybercrime

watson_vs_cybercrime_400.jpg

When it comes to solving crime few are as well renowned as Sherlock Holmes. However, now Watson is stepping forward to strike back against cyber criminals–but not Dr. Watson, Holmes’ faithful companion. Instead, we’re referring to Watson, IBM’s renowned supercomputer.

After a year of being “trained” to spot cybercrime, Watson is now keeping an eye out for 40 organizations to further develop its ability to spot security threats. Thanks to Watson’s combined abilities of swiftly processing mounds of data and crunching the information found in stories about recent cyber attacks and analyzing against the industry’s best practices, the supercomputer is able to better identify and track high priority security concerns.

Watson wasn’t made ready to go on the hunt for criminal activity, however. In fact, when it was first taught the term “ransomware,” the computer was convinced that it was a place.

Now, thanks to a lot of data processing, Watson is ready for the next steps, much like a human student would be. The computer will sift through the security events of dozens of companies, analyzing them for patterns and identifying which constitute legitimate threats, and which can be chalked up to user error.

While there will be a learning curve for Watson, the abilities it has at identifying legitimate threats will only improve with time. In the meantime, you can’t afford to wait for Watson’s capabilities to come to your business.

Your business will need other resources at its disposal to ensure its network security. NuTech Services can provide those resources, along with other solutions to fit your IT needs. Call 810.230.9455 for more information.

6
Jan, 2017
ethics_of_hackers_400.jpg

Hack a Hospital and Get Blacklisted By Other Hackers

ethics_of_hackers_400.jpg

Hackers are notorious for committing cybercrimes and exploiting what seems like everybody and anybody. Yet, just as there exists honor among thieves, there’s an unwritten rule within the hacking community: leave hospitals alone.

Of course, if you’re familiar with the activity of hackers, then you’ve perhaps heard of stories of hospitals and healthcare institutions getting hacked. To be sure, any organization handling healthcare records makes for a tempting target to a hacker. These records contain very personal and sensitive information that can be sold for big bucks on the black market (this is one reason why protection laws such as HIPAA are put into place). However, if a hacker chooses to act on this impulse, they do so at the risk of being shunned by their own.

While it’s one thing to stealthily steal files from a hospital server unit, it’s even more of a dastardly deed for a hacker to unleash a ransomware attack on a hospital network. This is due to the fact that attacks like ransomware will disable a computer until a ransom is paid to the hackers. As you can imagine, if a hospital were to have any of its equipment taken offline, then patients in critical condition would be unable to receive the care they need until the system is back online. Potentially, a move like this could result in death.

What could motivate a hacker to attempt a hack where human life is on the line? For the hacker attempting such a hack, it’s perhaps because the crisis it creates makes for a higher chance of a payout. Compared to hacking a business that’s prepared for a ransomware attack and can afford to brush it off and lose a few hours or a few days-worth of data (depending on when the last backup was made), hospitals must act as quickly as possible to get their system back online, which very well could mean paying the hacker.

What’s worse, even if a hospital pays a hacker’s ransom, there’s still no guarantee that they will regain control of their system, which could translate to a significant loss of life. Given the possibility of such a sad situation, it’s easy to see why hackers will blacklist any of their peers known for going after hospitals. After all, where do the hackers go when they get sick? That’s right, the hospital.

To give you a hacker’s perspective on the matter, ZDNet references a forum where hackers discuss, get this, the ethics of hacking. “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong.”

While these words may be somewhat comforting for a hospital administrator to hear, keep in mind that there are some hackers who disregard any form of ethics altogether, so the risk is still there. Also, for the average SMB not associated with healthcare, there’s likely no “hacker’s code” protecting your organization from being targeted. In fact, regarding the typical SMB, hackers can build a pretty solid case on why they should pull the trigger on a hack attack.

Therefore, whether your business is in the crosshairs of hackers or not, every organization needs to be prepared and have a security solution in place that can withstand such attacks. This defense plan must include a way to defend against even ransomware, which means backing up your data with BDR and having a means to restore your backed up copy as quickly as possible so that downtime is at a minimum.

To make sure that your business is prepared for anything that a hacker throws at you, call NuTech Services today at 810.230.9455.

22
Aug, 2016
cyberwar_is_the_best_400.jpg

For NATO, Cyberspace is Today’s Frontlines

cyberwar_is_the_best_400.jpg

It’s clear that security professionals have waged war with hackers since the Internet’s inception, but NATO has reaffirmed that cybersecurity is not just a localized problem; it’s a nation-state-wide issue, and one that needs to be addressed. Just like land, air, and sea, cyberspace is now an operational domain, a place that can be considered a battlefield.

NATO has declared that cyberspace qualifies as an area where conflict can occur, (it surprisingly took this long). While many cyber attacks tend to be limited to only data infrastructures, there are plenty of instances where attacks have moved from the cyber realm to the physical world. Some examples include a Ukrainian electrical grid hack from just last year, as well as a supposed Iranian hack of a United States dam control system. In other words, technology systems have the capabilities to cause quite a bit of damage, like blackouts or shutting down critical systems.

NATO Secretary General Jens Stoltenberg made a valid observation concerning the decision to add cyberspace to the list of operational domains: “Cyber defence is part of collective defence. Most crises and conflicts today have a cyber dimension. So treating cyber as an operational domain would enable us to better protect our missions and operations.”

Technology has become such a commodity in today’s world that even warfare is assisted by it, through providing access to important data and applications. Networks that are used to deploy this data could be hacked, causing important information to be either lost or stolen; thus, putting real-world lives at risk. Plus, if a hacking attack rendered citizens without heat, electricity, and other necessities, it could redefine what the world thinks of as a war of attrition.

NATO plans on securing networks and focusing on helping other countries secure their own. Additionally, NATO wants to help others identify where attacks come from, and what can be done about them. In 2014, NATO changed its policies to allow them to respond to any attacks against nations involved with the organization, so this shows that cyber warfare could potentially become a major factor in ongoing conflicts in the future.

Granted, measures that could be put into place are easier to talk about than to actually implement. Cyber security is generally handled on a state level, and while the US and UK have invested heavily in cyber security, other countries tend to think of it as a low priority, or don’t foresee it affecting them in the near future.

This decision by NATO should drive the importance of cybersecurity in the workplace, and reaffirm that your organization needs to take a cautious and proactive stance. Additionally, you’ll need to use best practices in order to minimize the risks of working online, as you’ll probably realize far too late that you’ve been infiltrated by hackers. It’s in your best interest to take a preventative stance on network security, regardless of how much risk you feel your business is at.

To learn more about IT security, reach out to us at 810.230.9455.

11
Mar, 2016
b2ap3_thumbnail_cybercrime_black_market_400.jpg

Drugs, Assassins For Hire, Weapon Sales, and More: All Conveniently Found On the Web

b2ap3_thumbnail_cybercrime_black_market_400.jpgThe Internet is a fascinating and wonderful place full of great, informative resources and websites, but it’s also home to online markets for illegal and unethical practices. These hotbeds of criminal activity are a danger not only to your business, but to everyone who uses the Internet.

Specifically, the Internet (or what’s known as the “dark web”) is often used to anonymously distribute drugs, data, and other questionable activity. The Internet itself allows for anyone to take on a pseudo-anonymous nature, but there are other, much darker parts of the Internet that can only be accessed if you’re truly anonymous. Users who are using the anonymity browser Tor can go about their business on the dark web with little to fear. Many online black markets will only allow users to access them if they’re using Tor, primarily because they want to dodge law enforcement as much as possible.

Not all online black markets take this same precaution, though. Some illegal online markets don’t care about staying available to their buyers or hidden from the authorities, and will even sell to the common masses rather than hardened criminals. This sporadic and unpredictable behavior is one reason why everyone should be concerned about the dark web. Since these underground black markets are often available via the “surface web” (the part that the average user sees), this increases the range and scope of who criminals can target with their goods, which allows the cybercrime industry to thrive.

From Trend Micro via TechRepublic, here’s a chart detailing what the online crime market is primarily used for.

ib stats

Drugs are one of the biggest components of the online cybercrime industry, but stolen data dumps and crimeware are the second and third largest threats, respectively. A surprising factor, however, is the presence of illegal online arms manufacturing, and even assassinations. When you consider the fact that anyone can access these assets through the surface web, it’s a frightening concept indeed.

The North American underground dark web network is generally considered what’s called a “glass tank.” It might be useful for its intended purpose, but it’s so transparent and fragile that it can shatter and break at any given moment. Trend Micro reports that the life cycle of most black market sites is very short. The sites could be available one moment, and gone the next.

If you take away anything from this blog article, it’s that cybercriminals are as resourceful as they are slippery, and that they’ll use any means necessary to make a quick buck. This includes selling information they’ve stolen from businesses just like yours on the black market, or selling malicious code to would-be hackers. Business owners need to be exceptionally cautious when dealing with criminals on the Internet, simply due to the fact that they’ll attack for no other purpose other than to cause a little bit of chaos and to throw your sensitive data in the “for sale” window. It’s important to remember that there is, in fact, a market for your stolen data, and that hackers will do whatever it takes to breach your systems and make money off of your misfortune.

NuTech Services knows how to handle the security threats that your business faces every day, and we can outfit your network with the solutions required to eliminate and detect issues before they become bigger problems. Furthermore, we can protect your organization’s end-users from accessing infected or suspicious sites, like potentially malicious web pages, or those designed to sell questionable goods. Perhaps the best way we can protect your business is by offering enterprise-level security solutions, like firewalls, antivirus, content filtering, and spam blocking solutions, effectively mitigating the odds of your business falling prey to a hacking attack.

For more information, give us a call at 810.230.9455.

7
Mar, 2016
b2ap3_thumbnail_ransomware_hostage_400.jpg

Alert: New CryptoJoker Ransomware May Be the Worst Ransomware Yet

b2ap3_thumbnail_ransomware_hostage_400.jpgModern ransomware is exceptionally dangerous, even by malware standards. Ransomware is capable of locking down important files on a victim’s computer, displaying a massive threat to both business professionals and their networks, as well as the average PC user. While other types of ransomware like CryptoLocker and CryptoWall are somewhat manageable, a new variant called CryptoJoker makes it borderline impossible to recover your files.

Similar to other types of ransomware, CryptoJoker locks down the victim’s files through encryption, and will only decrypt the files once the ransom has been paid to the hacker in full. The ransom is generally paid in Bitcoin to preserve the anonymity of the crook holding your data. The idea is to strike fear into the hearts of their victims, and play on this fear to extort money from them for the safe return of their files. Ransomware like CryptoJoker is typically spread through email phishing scams, but in this case, CryptoJoker infects users through a phony PDF file.

ib cryptojoker

After the user has been infected by CryptoJoker and the ransomware has installed, it will scan all drives connected to the infected device. This includes all network drives connected to it. CryptoJoker then proceeds to encrypt specific file extensions, most of which are absolutely critical to your business’s continued functionality:

  • .txt
  • .doc
  • .docx
  • .xls
  • .xlsx
  • .ppt
  • .pptx
  • .odt
  • .jpg
  • .png
  • .csv
  • .sql
  • .mdb
  • .sln
  • .php
  • .asp
  • .aspx
  • .html
  • .xml
  • .psd
  • .java
  • .jpeg
  • .pptm
  • .pptx
  • .xlsb
  • .xlsm
  • .db
  • .docm
  • .sql
  • .pdf

CryptoJoker isn’t widely distributed, so you can breathe easy knowing that you probably won’t run into it anytime soon. Still, what would happen if you were to get infected? CryptoJoker isn’t something to laugh at; the quality of its encryption is military-grade AES-256 encryption, which makes it impossible, in most cases, to crack. Users are often left with no choice but to pay the ransom to CryptoJoker’s developers. Thus, the key to preventing ransomware from destroying your data is to prevent it from infiltrating your computer in the first place. If you do get infected by CryptoJoker, you better hope that you have a data backup solution that’s ready to work overtime.

If you don’t have a backup of your data available, you’re out of luck. Even in the worst case, though, you shouldn’t be paying criminals for the decryption key if you can help it. Just because they claim that they’ll give you the key in exchange for payment, doesn’t mean that they’ll stick to their word. There’s nothing stopping them from taking your money and leaving you high and dry. Other ransomware is notorious for taking payments and not decrypting your files, so it’s safe to say that you shouldn’t trust CryptoJoker either.

If you aren’t sure whether or not your security solution has what it takes to protect your organization from CryptoJoker, NuTech Services can help. We can arm your business with solutions that are designed to protect your systems from CryptoJoker and other ransomware before you get infected. In most cases, this is the best thing we can do for you; recovering your encrypted files is often borderline impossible.

For more information about cybersecurity best practices and how to protect your organization from ransomware, give NuTech Services a call at 810.230.9455.