AI saves the day

AI lent a helping hand to one of our technical support teams last week to help Lineal save a local business from an email hack.

At 07:40 GMT on a seemingly normal week day, Barracuda Sentinel issued an alert to Lineal to say an account had been accessed from a suspicious location.  It seemed a malicious actor, appearing to be from Nigeria, compromised one of a client’s finance department email accounts, and created a forwarding/delete rule in the inbox.

Barracuda Sentinel’s AI email protection caught the account takeover attempt, and as a result, we were able to mitigate and resolve a significant threat to one of our customers. Barracuda Sentinel detects both account takeover attempts and attacks launched from compromised accounts.

Corporate account takeover presents a significant new threat to business. Hackers gain access to email accounts and use them as tools to launch subsequent targeted attacks, internally and against external targets – who themselves fall victim.

Account takeover or attacks that originate from these accounts are almost impossible to detect as they don’t use the usual impersonation techniques—they come from a legitimate account and appear to be from a trusted source, allowing the attacker to initiate sophisticated financial scams.

Lineal automatically picked up the alert & create an incident in Barracuda Sentinel.  Sentinel remediated the issue with an immediate password reset, disconnecting all active logon sessions for the user and deletion of any rules created during the incident time.  Within 40 minutes this potentially disastrous event was avoided.

Barracuda’s worldwide threat protection network automatically gathers intelligence from inboxes around the world to deliver award-winning security, checking both inbound and outbound email to stop the spread of cyber-threats and malicious communications.  To find out more visit our Barracuda Email Security page on our website.

This risk could have easily been mitigated by using any of Lineal’s services, such as:

  1. Using Multi-Factor Authentication (MFA) on the account,
  2. Barracuda Sentinel-type tools to alert/remediate on compromise,
  3. Having Azure P1/P2 licensing to allow the use of conditional access to prevent sign-ins from risky locations, untrusted countries, etc.

If you would like to find out more about Cybersecurity and how Lineal can help protect your business please contact us.


DNS Vulnerability: Your IT Team to the Rescue

July 14th: as Microsoft flag a ‘Critical’ Level-10 DNS vulnerability on Domain Name System (DNS) servers worldwide, Lineal engineers rush to patch the infrastructure of dozens of organisations overnight.

The Microsoft Security Response Center recently released details of CVE-2020-135, a ‘Critical Remote Code Execution’ weakness deemed ‘wormable’ (potentially spreading between devices automatically) affecting all Windows Server versions.

A grade of 10.0 is the highest possible severity level that can be assigned under the Common Vulnerability Scoring System Calculator. For comparison the WannaCry attack, which temporarily crippled the NHS in 2017, had a CVSS rating of 8.5.

Lineal staff use remote monitoring software to administer large numbers of client servers and devices, monitor hardware health and deploy patches more rapidly – and were quickly on the case overnight to patch the vulnerability as a special emergency.

dns vulnerability conversation

Within 8 hours we’d patched a large number of DNS servers – applying both an initial fix and further scheduled updates.

DNS is a naming technology which translates the identities of computers, servers and other networked devices into the IP addresses used for connecting on private and public IT networks.

dns how stuff works diagram

For this reason, DNS servers often have massive reach, and must be carefully protected to mitigate the risk of compromising an organisation’s technology on a huge scale – even across the globe.

Israeli IT security firm Checkpoint Software Technologies, who discovered the 17-year old hidden bug and reported it to Microsoft, argue ‘this is not just another vulnerability’ and risks handing an attacker ‘complete control of your IT’ if IT admins fail to address the issue urgently.

 

For IT expertise and support, please contact our team today.


WhatsApp Security Breach Patched

WhatsApp users have been asked to update their app version urgently following a major Whatsapp security breach.

The exploit is believed to be possible via a missed WhatsApp voice call, made possible by a software loophole recently introduced to limit message forwarding. Affected users would be unaware that their device might be compromised.

The Financial Times’ exclusive report links the breach to NSO Group, an Israeli private cybersecurity company whose private customer list is likely to include military, security and law enforcement clients.

Analysts believe the technique has probably so far only been used to ‘eavesdrop’ on high-profile targets with especially security-sensitive information, although today’s announcement raises the possibility that criminal third-parties may attempt to exploit the same vulnerability against ‘ordinary’ WhatsApp users such as civilians.

WhatsApp has utilised end-to-end encryption since 2016 across both Apple and Android smartphone devices, making it a common communication medium for personal use, but also for organised crime. There are more than 1.5 billion users worldwide, making WhatsApp security a truly global concern.

Smartphone users are being advised to update their copy of the App to the latest version – 2.19.134 on Android and 2.19.51 on iOS or newer.

 

For Mobile technology assistance and expertise – contact Lineal today.


773 Million Email Addresses Breached Online

Online Security breach website HaveIBeenPwned.com has detected the largest online breach of email addresses to date – nearly 773 million unique emails.

The 87GB of breached personal data, publicised by Microsoft Regional Director and cybersecurity expert Troy Hunt, was spotted last week via online file-hosting website MEGA under the ominous name “Collection #1”, and has now been removed.

The data itself, believed to be a terrifying aggregation of a large number of previous smaller data breaches, also contained more than 21 million identifiable plain-text passwords.

More than 140 million of the email addresses identified have never been seen before by HaveIBeenPwned.com, suggesting some of the personal data may originate from as yet undiscovered breaches.

Those affected by the breach are advised to change their passwords immediately, to prevent criminals potentially exploiting the data to access other online services where the user has registered with identical login credentials.

You can check if your email(s) (and potentially passwords) have been breached among the 773 million by clicking here.

For IT support and cybersecurity expertise, contact Lineal about your requirements today.


Google Plus to be Shut Down

Google Plus is to be shut down, following a data leak which put almost half a million user accounts at risk.

The tech giant announced on Monday that the consumer social media platform would be retired by the end of August 2019.

Launched in 2011, Google Plus has had a rocky history – spawning a comedic sub-genre focused around it’s slow adoption, weirdly vocal support from Google employees, and failure to compete with larger social media rivals such as Facebook.

Google’s own statement acknowledges this in harsh terms:

Google Plus

More controversial however have been recent security problems. This month the Wall Street Journal published details of a bug in the Google+ API which had allowed app developers to access user data without permission via their friends, (an almost identical vulnerability to that underlying 2018’s Facebook/Cambridge Analytica scandal which resulted in Facebook executives testifying before Congress – in Google’s case potentially exposing 496,951 Google+ user accounts.) Google estimate around 400 application developers would have had access to private profile data as a result of the bug.

First discovered in March shortly prior to GDPR coming into effect in the EU, Google was not legally bound to report the breach to all European users, but would now be required to do so within 72 hours from discovery under ICO rules, if a similar breach were to re-occur.

News outlets have linked Google’s failure to disclose the leak with the final decision to close the platform, despite Google’s insistence that widely known low user-engagement is behind the move. Existing Google+ users may choose to restrict security permissions or remove content, although the platform’s lack of success suggests many will allow ‘phantom’ accounts to be disregarded.

In overlapping new coverage, Google is expected to launch the newest version of its flagship android Pixel smartphone in just a few hours time.

For IT and security expertise, contact Lineal today.