Archive for NEWS

A week in security (January 11 – January 17)

Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA.

Other cybersecurity news

Stay safe, everyone!

The post A week in security (January 11 – January 17) appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

What’s up with WhatsApp’s privacy policy?

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem? Are you at risk? Or should you keep using your apps as you were previously?

Setting the scene

WhatsApp users found themselves facing down an in-app notification this past week, letting them know of upcoming privacy policy changes. The message read:

By tapping Agree, you accept the new terms, which take effect on February 8, 2021. After this date, you’ll need to accept the new terms to continue using WhatsApp. You can also visit the Help Center if you would prefer to delete your account.

Generally, I’m somewhat suspicious whenever a trusted app starts popping messages, or anything else I wasn’t expecting. After the initial burst of “Is this genuine?”, follows the part where I try to dig out the parts that have changed and see how it compares to what went before.

What worked…

Giving users a bit of time to see the upcoming changes, and work out if they want to be part of it, is good and should be encouraged. Often, privacy policy and EULA changes spring from nowhere, giving little to no time at all to digest them. Regardless of how everything else about this notification panned out, WhatsApp should be applauded for giving everyone plenty of forewarning.

…and what didn’t

The key focus of concern around the update, was how data would be shared going forward. Aspects which people objected to included some data remaining on a device even after deleting an account, lines about “respecting privacy” being removed from the privacy policy, and things like phone numbers being shared with Facebook.

This would naturally be a cause for concern for some people.

The messaging fixer-upper

This situation wasn’t ideal for WhatsApp, who had to clarify the mixed messages spreading online. They stressed that the upcoming update is related to messaging businesses on WhatsApp. Messages are still subject to the same privacy they were previously, and neither WhatsApp nor Facebook can read your messages or hear your calls.

Additionally, more clarifications had to be made that the changes don’t apply to EU/EEA/UK regions despite people in those areas being shown the privacy policy popup. This is not ideal and raises questions as to why the notification was sent to everybody if it didn’t apply to everybody. All that tends to happen in those situations is people get confused and start to worry. What happens after that, is lots of articles appear explaining what to do if you want to switch to other services.

Writers have described this potential migration away from WhatsApp as “self-inflicted”, and that seems to be an accurate summary. Simply by having to explain the differences between forms of messaging, data collection is thrown into sharp relief. That is to say, you may not have known prior to this how much…or little…your favourite apps collect.

But now you do. The data collection genie is out of the bottle, and yet it may not matter too much.

Decisions, decisions

Ultimately, people will use what they feel most comfortable with. This misstep isn’t going to kill WhatsApp, and if you still want to use it, don’t worry. It won’t be going anywhere. As with all things, informed choices are the best choices. We regularly remind people that it’s time for a security password spring clean whenever a major breach takes place.

On a similar note, this may be a good time to brush up on all those T&Cs tied to your favourite apps. Dig into what they do, which pieces of data they collect and use. At the absolute minimum, ensure your messages are as secure as can be and that only you and the recipients can read them (look for “end-to-end encryption”). Some people are fine with data collection, for others it’s a deal breaker.

Ultimately, the decision is down to you.

The post What’s up with WhatsApp’s privacy policy? appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but you’re glad you did it where people don’t know you? Or maybe you wished you were somewhere like that, but alas…

That is what a Virtual Private Network (VPN) can do for you: it can put you in a place where you are unknown.

To determine if and when you need a VPN, you must define what your goal is. If your main goal is to improve your privacy online, then a VPN is one of the possible solutions. Privacy is a right that is yours to value and defend. If you don’t fall into the categories of people who say “I have nothing to hide” or “they already know everything about me” then you may care enough about your privacy to use a VPN.

For the latest Malwarebytes Labs reader survey we asked “Do you use a VPN?” 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs.

So, how does a VPN work?

In short and easy terms, a VPN acts as a middle-man between a user and the Internet. When the user wants to visit a site, they send information to the VPN over an encrypted connection, the VPN visits the site, and then it sends the data to the user over the same encrypted connection. These connections are not limited to web browsing, even though that is the first one that usually comes to mind.

In this post we will focus on the consumer using a VPN to browse the web. But it is good to know that many organizations use a VPN to allow secure, remote access to company resources. For example, an employee working from home can log in on a VPN to get access to systems, files or email, for example.

Hide your IP address

Your IP address is the address your home network uses on the Internet. It is usually assigned to you by your Internet Service Provider (ISP). The first thing a website you visit will receive is your IP address, because it’s the return address for the information that you requested. If you are using a VPN the website will receive the IP address of the VPN server instead. The VPN will reroute the information so that it reaches your screen, without the website ever seeing your IP address.

Not everyone is willing to share their IP address because it can be used to determine their approximate location, and to identify their ISP (who can, in turn, identify who the IP is assigned to).

Hide your traffic from your ISP

Speaking of which, people who distrust their ISP and don’t want them to know which sites they’re visiting, route their traffic through a VPN. The encrypted tunnel between the user and the VPN stops anyone, including their ISP, from seeing their traffic. And this isn’t a theoretical or unlikely problem: In the USA ISPs can sell information about their users’ browsing habits to the highest bidder.

If you use a VPN to hide your traffic from your ISP it’s important to keep in mind that you are now putting your trust in the hands of that VPN provider instead. In theory, the VPN provider can now track your online behavior.

Pretend to be in another country

Another reason we often hear for using a VPN, is when you want to pretend you are in another country. Certainly, a VPN is the easiest solution to accomplish that. Some websites or services are only available in certain territories (geofenced), so pretending to be somewhere you aren’t can give you access to resources that would otherwise be hidden from you.

no access for your country

Imagine being a foreign correspondent in a country where news media from abroad are blocked or redacted. Or you are having a vacation in a country where Facebook is forbidden, and you want to check up on your family and friends. That is where using a VPN comes in very handy. Keep in mind however that in many such countries the use of a VPN is forbidden as well and using one could get you into trouble.

Disadvantages of using a VPN

So far, we have discussed the advantages and reasons for choosing a VPN. Why does there always have to be a downside? In this case, it’s a typical you win some, you lose some scenario.

  • It can make browsing slower. Even though Internet traffic can theoretically move at the speed of light, taking a detour takes time. Using a VPN can have a performance impact that varies from hardly noticeable to considerable. Another point to research when you are deciding which one to use.
  • Some websites will block known VPN servers. Usually this is for reasons that would be grounds for not wanting to visit those sites anyway, but it can be annoying to disable your VPN for a specific site.
  • Some sites don’t work correctly. Some sites are designed without considering that a visitor might be using a VPN. This can sometimes result in a partial loss of the information being sent back and forth so you may have to fill out a form twice or you may have to temporarily disable the VPN to complete the data transaction.
  • Overconfidence can come back to bite you. Just because you are hiding behind a VPN, that doesn’t mean it’s impossible to find out who you are. And if your actions might put you in danger where you are using the VPN, some extra measures may be needed.

Choosing a VPN

To achieve the goal of enhancing privacy it is most important to choose a VPN that you can trust. A VPN provider that logs your activities and either sells them to advertisers or surrenders them to the authorities may not have the same goals as you do.

Another important feature for a VPN is that it encrypts the traffic between your computer and the VPN server, so that nobody can tap into the connection to find out what you are doing. That encryption stops at the VPN server, so anyone with access to that server can see see or modify the traffic. Again, putting too much trust in such a feature can prove to be misguided.

To go back to our comparison, even if they can’t conclusively prove that it was you, sometimes a strong suspicion can be just as damaging for your reputation.

Stay safe, everyone!

The post How a VPN can protect your online privacy appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

MSPs, have you picked the right PSA for you yet?

Not long ago, we helped MSPs pick the right remote monitoring and management (RMM) platform for them, and make it an essential part of their service toolkit. As you may recall, an RMM is a tool that helps MSPs do the work. And what better way to track the work—and other elements associated with it—than to have professional service automation (PSA) software do it for you?

“Do we really need a PSA?”

A PSA is, essentially, an all-in-one tool that helps MSPs manage an array of tasks, such as project management, collaboration, invoicing, ticketing, resource planning, and reporting and data analysis (to name a few), of every client project, throughout its lifecycle. It keeps all data and processes about a project available and linked in one place, so MSPs can see the big picture and waste no time making decisions or adjustments as needed. Some may think and liken PSA software to Enterprise Resource Planning (ERP) software for MSPs.

Many MSPs are realizing that they have little time and patience to waste on tedious and time-consuming tasks when they could have been doing more productive things. If you’re an organization that is just breaking into the MSP world, or already have years of experience, “Do we really need a PSA?” should no longer be the question you ask.

A PSA is not just a nice-to-have anymore. It has become an integral and critical platform that MSPs must have to scale effectively and profitably. What you should be asking instead is “Which PSA is right for my business?”

Benefits of using a PSA

Gone are the days when PSAs were akin to helpdesk software. They have evolved beyond merely managing support tickets and tasks. The modern-day PSA’s kit can offer (but is not limited to) the following benefits:

  • Significantly cut the time it takes to search for documentation
  • Reduced time spent on doing repetitive tasks
  • Improved service level agreements (SLAs)
  • Accurate tracking and recording of onsite services from start to finish
  • Automatic generation of billing statements
  • Efficient management of customer engagement
  • Automatic patching and system updating
  • Increased customer satisfaction
  • A uniform consolidation of data used to make mission critical decisions

Know that each PSA in the market right now offers different solutions and bundles, and that MSPs could be impacted by them differently as well.

Of course, not every benefit above is what MPSs would want.

Not all MSPs, for example, want a suite that automatically applies patches to the system, because they would rather do some rigorous testing themselves first, before deployment. Picking the right PSA eventually boils down to what your organization needs, what you want to automate and/or improve on, and what best fits into your business practices and processes.

PSA considerations for the smart MSP

Before MSPs can take a deep dive into implementing a PSA suite, they must realize that this is no easy feat. It is a time-consuming, disruptive, and sometimes expensive task to undertake. But patience and perseverance have their rewards. Here are three simple questions MSPs should ask when deciding which PSA to pick.

“How well does it integrate with our other tools?”

While a PSA houses all of an MSP’s data under one virtual roof and boasts an assortment of other tools for their employees to use, it’s not the only system the business uses. An MSP could have its own bespoke customer relationship management (CRM) tool or use other systems from third parties, too, such as an accounting, data backup and recovery, RMM, and, of course, endpoint security software. Make sure that the PSA of your choice can achieve deep integrations with the tools you rely on.

“Is it scalable?”

Every organization’s goal is to grow its customer base, making it especially important for MSPs to have a PSA that can scale with its growth. Pick a PSA that has been designed and built with scalability in mind, so it can cope with these “growing pains”.

On an additional note, you will want to know how the cost of the PSA will change as your business grows. Make sure that it’ll still be within a reasonable budget and sustainable in the long run.

“Will it help us achieve accountability and efficiency?”

One of the main reasons for using a PSA is to bridge those gaps that are inherently found in disparate systems used by different departments in an organization. A good PSA should be able to eradicate siloed data by tracking, recording, and reporting everything. This way, employees are expected to perform tasks efficiently and in a timely manner, clients are provisioned with the best resources to get issues resolved quickly, and bills are issued accurately.

“Can it provide data that’ll help us make informed decisions?”

A PSA can also help MSPs handle unforeseen hurdles, such as customer security issues, or delays in project deliveries. Your choice of PSA should be capable of not only collecting and keeping data from different departments but also processing, analyzing, and presenting it to your users in a way that shows trends, reveals problem points, and forecasts needs, so that you can make improvements, create plans months ahead, and effectively respond to security threats.

All we need is time

Of all the different assets MSPs must manage efficiently in order to be profitable and remain competitive, the most important is time. And what better way to manage time than to automate important but mundane daily tasks, so employees can make better use of their time and provide a higher level of security to customers. That said, the choice of investing or not investing in a PSA is no longer up for debate for MSPs. The benefits of having one as part of your toolkit just far outweighs the costs and initial challenges that naturally come with change. At the end of the day, you’ll be glad you went for one.

The post MSPs, have you picked the right PSA for you yet? appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →

Cybercriminals want your cloud services accounts, CISA warns

On January 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about several recent successful cyberattacks on various organizations’ cloud services.

What methods did the attackers use?

In the initial phase, the victims were targeted by phishing emails trying to capture the credentials of a cloud service account. Once the attackers had stolen a set of valid credentials, they logged into the compromised account and used it to send phishing emails to other accounts within the organization. Those phishing emails used links to what appeared to be existing files on the organization’s file hosting service.

In some cases, threat actors modified victims’ email rules. On one user’s account an existing rule was set up to forward mail to their personal account. The threat actors updated the rule to forward all email to their own accounts. In other cases, the attackers created new rules that forwarded mails containing certain keywords to their own accounts.

As an alternative to the phishing attempts, attackers also used brute force attacks on some accounts.

Perhaps most eye-catching of all though, in some cases multi-factor authentication (MFA) logins were defeated by re-using browser cookies. These attacks are called “pass-the-cookie” attacks and rely on the fact that web applications use cookies to authenticate logged-in users.

Once a user has passed an MFA procedure, a cookie is created and stored in a user’s browser. Browsers use the cookie to authenticate each subsequent request, to spare visitors from having to log in over and over again in the same session. If an attacker can capture an authentication cookie from a logged-in user they can bypass the login process completely, including MFA checks.

Who is behind these attacks on cloud services?

Even though the attacks that CISA noticed had some overlap in the tactics they used, it is unlikely that they were all done by the same group. While some were clear attempts at a business email compromise (BEC) attack, there could be other groups active that are after different targets.

Countermeasures

Educate users on cybersecurity in general and point out the extra risks that are involved in working from home (WFH). For these specific attacks, extra training to recognize phishing certainly wouldn’t hurt.

Use a VPN to access an organization’s resources, such as its file hosting service. The temptation to leave these resources openly accessible for remote employees is understandable, but dangerous.

Sanitize email forwarding rules or at least let the original receiver of the mail be notified when a forwarding rule has been applied. If there are rules against forwarding mails outside of the environment (and maybe there should be) it should not be too hard to block them.

Use MFA to access all sensitive resources. (It’s important to note that although the CISA report mentions a successful attack where MFA was bypassed, it also mentions unsuccessful attacks that were defeated by MFA.)

Ensure resources are only be accessible to people authorized to use them, and enable logging so you can review who has used their access.

Set the lifespan of authentication cookies to a sensible time. Find a balance between keeping session duration short, without annoying legitimate users and “allowing” attackers to use stale cookies to get access.

Verify that all cloud-based virtual machine instances with a public IP do not have open Remote Desktop Protocol (RDP) ports. Place any system with an open RDP port behind a firewall and require users to use a VPN to access it through the firewall.

IOCs

The CISA report also links to a downloadable copy of IOCs for those that are interested.

The post Cybercriminals want your cloud services accounts, CISA warns appeared first on Malwarebytes Labs.

Posted in: NEWS

Leave a Comment (0) →
Page 1 of 56 12345...»