Cyberattacks are a serious threat to businesses and consumers, with large-scale attacks having nationwide effects, thus making national security a serious concern. Contact Nebula's security experts for a free security audit for your business. Kaspersky Lab’s investigation reports that more than 100 banks across the world suffered up to $1 billion losses from a cyber attack back in 2013, including financial institutions from Russia, the United States, China, Germany and Ukraine. Carbanak, the malware used in these attacks, infiltrated and extracted data and exploited weaknesses in Microsoft Office files sent through emails.

The 2017 Ponemon Cost of Data Breach study revealed that the global average cost of a data breach is $3.62 million, making breaches some of the most expensive threats organizations can face.

Cybersecurity Ventures predicts that by 2021, cybercrime damages will cost up to $6 trillion annually.

Forms and Impacts of Malware

Different forms of malware have existed throughout the years, and the most recent variants are much stronger and more aggressive than before. Here are some recent examples:

Ransomware Ransomware is a type of malware that locks the victim’s system, extracts data and encrypts it. The hacker will then threaten to publish the data or keep it in a perpetual lockdown unless the victim pays a ransom.

Recent examples are WannaCry and Petya. WannaCry shocked the world when it infected more than 200,000 computers in more than 150 countries. Within the initial hours of the attack, 48 National Health Service organizations in the UK had to turn patients away or delay medical procedures. In the U.S., FedEx delivery services were delayed. Spain’s major telecoms and gas companies also suffered, as well as France’s Renault. Even the Russian Interior Ministry and Megafon, a telecom company, were impacted. The hackers reportedly ransomed more than $1 billion, not including damages.

Petya was first discovered in 2016 and resurfaced in 2017, using designs from WannaCry to effectively target systems. While giant businesses such as Merck, Maersk and Rosnoft were affected the attack specifically targeted Ukraine. An infrastructure breach in the country resulted in disruption of power, airports, public transit and even its central bank; the breach caused unprecedented effects in both economy, civic welfare and national security.

Banking Trojans Banking trojans are highly specific forms of trojans written for the purpose of stealing confidential banking information; they wait in a victim’s system and steal login credentials.

Zeus is one of the most pervasive and damaging banking trojans to date. A 2010 white paper by Unisys reported that Zeus is responsible for 44 percent of banking attacks and infected 3.6 million computers in the United States alone. A total of 960 banks and almost 90% of Fortune 500 companies fell victim. The financial damages were estimated to be about $100 million. However, its real impact is still undetermined due to its scope.

Since the “retirement” of its creator in 2011 and the successive leak of its source code, Zeus has spawned many imitators and variants.

Point Of Sale (POS) Trojan A POS trojan targets both businesses and consumers; it steals customer data from electronic payment systems such as debit and credit cards. POS machines in stores are also vulnerable.

Kaptoxa is a famous trojan that exposed the payment data of more than 70 million Target customers. The trojan escaped most security detection at the time and managed to remain in POS machines for days.

Tips to Protect Your Business

Be Aware As a business owner, you should be the first one to know the types of cybersecurity threats your company might face. A false sense of security is often the source of weak systems. Knowing what is out there and how to protect your business is a necessity.

Secure Your Network Firewalls are your first line of defense against cyberattacks. Your business connects to the internet via different applications such as email, VoIP and media streaming. Your firewall should monitor threats coming from different connections. Also, consider setting up a private network to have more control over your security.

Invest in Security A simple installation of antivirus is not enough. Your business’ assets should be protected by multiple layers of security. Antivirus, anti-malware, and anti-ransomware suites are some of the tools your business should have. These applications can also evaluate the weakness of your security system.

Keep Everything Up to Date Once the security system is in place, make sure that you have regularly scheduled updates. Malware rapidly evolves and your security applications need patches and updates to detect any attacks from new forms of threats. Similarly, run a regular update of your system drivers, operating systems and applications.

Encrypt Your Data In case hackers breach your security, your next level of protection is encryption. Encryption encodes your data, making it useless to third-party attacks. Most software companies offer encryption applications suitable for your needs.

Protect Your Hardware While the internet poses immense threats, your hardware is not safe either. Stolen hard drives, laptops and even thumb drives with company information may just be the vulnerability the bad guys are waiting for. Strong security in your business premises is a necessity, protecting not only physical assets but your data as well.

Develop a Security Policy More often than not, it’s people who are the greatest security threats. An employee who accidentally clicks the wrong link may cost you your business. Integrate security policies in your company operations. Educate your employees about the threats and how to prevent them. Workshops are available to help you strengthen the knowledge of your colleagues and employees against cybersecurity attacks.

Enforce Strong Passwords Password security should be a strictly enforced. Anything accessed in the company, from emails to bank accounts, should be protected by a strong password. Typically, a strong password should be a sentence that is at least 12 characters long. Focus on sentences that are easy to remember and/or pleasant to think about – on many sites, you can even use spaces!

Have an Emergency Response Plan Even with all your protection, the worst can still happen. Set up company guidelines on how to detect possible attacks, what to do during attacks and how to proceed afterward. The sooner you stop the attack and contact the authorities, the less damage an attack will cause.

Back Up Your Files Backups, which should have their own security system, can save you the pain of starting from scratch. In case an attack happens, your next priority is to get your business back to normal operations as soon as possible. Regularly updated backups can help you get things running again with minor losses.

Conclusion

Small and medium-sized businesses are common targets of attacks, as they can be used as gateways to gain access to bigger companies. With today’s heavily connected world, an attack on another business can put yours at risk. Stay updated on the current cybersecurity threats and how to prevent them. Make sure your company is always ready for a cybersecurity attack.

Each month, Nebula Consulting posts vulnerability notes from CERT’s vulnerability database. Check back often for updates! 02 Oct 2017 - VU#973527 - Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities

Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests.

Please see the Google Security blog post for additional information.

Solution: Apply an update. Dnsmasq version 2.78 has been released to address these vulnerabilities.

12 Oct 2017 - VU#590639 - NXP Semiconductors MQX RTOS contains multiple vulnerabilities

The NXP Semiconductors MQX RTOS prior to version 5.1 contains a buffer overflow in the DHCP client, which may lead to memory corruption allowing an attacker to execute arbitrary code, as well as an out of bounds read in the DNS client which may lead to a denial of service.

A remote, unauthenticated attacker may be able to send crafted DHCP or DNS packets to cause a buffer overflow and/or corrupt memory, leading to denial of service or code execution on the device.

The NXP Semiconductors MQX real-time operating system (RTOS) prior to version 5.1 is vulnerable to the following: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2017-12718 CWE-125: Out-of-bounds Read - CVE-2017-12722

Solution: Apply an update. CVE-2017-12722 only affects MQX version 4.1 or prior. Affected users are encouraged to update to version 4.2 or later as soon as possible.

16 Oct 2017 - VU#228519 - Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages. Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.

An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.

Solution: Install updates. The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific vendor or product, check the Vendor Information section of this document or contact the vendor directly. Note that the vendor list below is not exhaustive.

16 Oct 2017 - VU#307015 - Infineon RSA library does not properly generate RSA key pairs

The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key.

CWE-310: Cryptographic Issues - CVE-2017-15361

Note that only RSA key generation is impacted. ECC is unaffected. RSA keys generated by other devices/libraries may also be used safely with this library.

Trusted Platform Modules (TPM) or smartcards may use this RSA library in their products. Infineon has provided a partial list of impacted vendors in a security advisory. Please see our list of impacted vendors below.

The researcher has released a summary of the work. Full details are expected at the ACM CCS conference in November 2017.

A remote attacker may be able recover the RSA private key from a victim's public key, if it was generated by the Infineon RSA library.

Solution: Apply an update. Check with your device manufacturer for information on firmware updates.

A security flaw in the WPA2 protocol was found and published by Belgian researchers on the morning of October 16th 2017. The protocol – normally used for securing modern Wi-Fi networks – has been broken to expose wireless internet traffic to potential eavesdropping and attacks. This vulnerability puts million of devices connected to Wi-Fi at risk for attacks. What has happened

In short, a combination of vulnerabilities in the WPA2 specification and its implementation was published. This combination allows an attacker to listen in on the data transmitted through Wi-Fi connections and potentially even inject data packets into them. This affects everything from Linux, Windows, iOS, Android, BSD and most likely some other platforms. Some sources claim that iOS and Windows are not affected, but according to the report written by the researcher behind these vulnerabilities, this is not true. It is possible to attack the access point directly which indirectly affects any device connected to it.

The vulnerability opens up for three attacks. The first attacks broadcast messages. While this is bad in itself, it’s not as devastating as the other two that have the potential to attack any message. The second attack targets an issue in the client. This affects Linux and Android according to the research paper, but could affect other systems as well. The third attack targets the access points. This means that any client connected could be attacked indirectly. Both of the latter attacks mean that an attacker can listen in on the traffic and could potentially even inject malicious content.

How do I know if I am affected?

If you are using Wi-Fi and have not received a security patch for this vulnerability, then you are most likely vulnerable. Unfortunately, the attack can be performed by just simulating background noise so there is not any reliable way to know if you are affected.

What to do?

• Look for updates for your OS. Most vendors should already be releasing security patches for these vulnerabilities (when reading the patch notes, keep an eye out for “KRACK attack” or “WPA2 nonce reuse”).
• If possible, use a cabled connection instead of Wi-Fi for your computer until a patch is out.
• Turn off Wi-Fi on your phone until you’ve patched your device.
• If possible, turn off the 802.11r feature in your router or device. Contact your access point vendor for information on how to disable this for your particular access point. In Linux you can remove this support in wpa_supplicant by removing FT-PSK and FT-EAP from your accepted protocols in wpa_supplicant.conf. (Note that Linux, Android and possibly other systems can be attacked through other means than the 802.11r feature.)
• Use application-level security like HTTPS, SSL, VPN etc.
• Be extra vigilant for anything that implies a broken trust chain, for example broken certificate warnings on websites or a missing lock in the address bar of your browser.

How do you patch your software?

• Your first priority should be to patch your clients (your phone and computer).
• Check with your router/access point vendor for patches to your router/APs firmware. Make sure to download them over a secure connection if you’re still on Wi-Fi.

Worth knowing for companies out there

• The attack requires the attacker to be in proximity to the Wi-Fi they are attacking. This means some locations will be reasonably safe.
• Mobile devices will be most vulnerable since they move from Wi-Fi to Wi-Fi automatically. Make sure these are patched or have their Wi-Fi turned off until that is possible.

How can this vulnerability be used by a hacker?

This vulnerability can let an attacker listen in on your network traffic and in some cases send fake network traffic. This opens up a very wide attack surface. An attacker could steal sensitive information or inject malicious data to infect the device it is attacking.

Sometimes the best thing to say about a wireless router in your house is that once it's set it, you forget it exists. As long as the devices that need the Wi-Fi connection can get on and function, that's all that matters, right?

Maybe, but we also live in the age of leaks, wiki and otherwise. If you're worried about the security of your home and by extension your personal data—especially from hackers who could casually sit in a car outside and get access to your systems—then you need to put a padlock on that wireless. You may also want to prevent others from using your network, and freeloaders alike.

So what do you do? Follow these tips and you'll be well ahead of most home Wi-Fi users. Nothing will make you 1,000 percent safe against a truly dedicated hack. Crafty social engineering schemes are tough to beat. But don't make it easy on them; protect yourself with these steps.

Change Your Router Admin Username and Password Every router comes with a generic username and password—if they come with a password at all. You need it the first time you access the router. After that, change them both. Immediately. The generic usernames are a matter of public record for just about every router in existence; not changing them makes it incredibly easy for someone who gets physical access to your router to mess with the settings.

If you forget the new username/password, you should probably stick to pencil and paper, but you can reset a router to its factory settings to get in with the original admin generic info.

Change the Network Name The service set identifier (SSID) is the name that's broadcast from your Wi-Fi to the outside world so people can find the network. While you probably want to make the SSID public, using the generic network name/SSID generally gives it away. For example, routers from Linksys usually say "Linksys" in the name; some list the maker and model number ("NetgearR6700"). That makes it easier for others to ID your router type. Give your network a more personalized moniker.

It's annoying, but rotating the SSID(s) on the network means that even if someone had previous access—like a noisy neighbor—you can boot them off with regular changes. It's usually a moot point if you have encryption in place, but just because you're paranoid doesn't mean they're not out to use your bandwidth. (Just remember, if you change the SSID and don't broadcast the SSID, it's on you to remember the new name all the time and reconnect ALL your devices—computers, phones, tablets, game consoles, talking robots, cameras, smart home devices, etc.

Activate Encryption This is the ultimate Wi-Fi no-brainer; no router in the last 10 years has come without encryption. It's the single most important thing you must do to lock down your wireless network. Navigate to your router's settings (here's how) and look for security options. Each router brand will likely differ; if you're stumped, head to your router maker's support site.

Once there, turn on WPA2 Personal (it may show as WPA2-PSK); if that's not an option use WPA Personal (but if you can't get WPA2, be smart: go get a modern router). Set the encryption type to AES (avoid TKIP if that's an option). You'll need to enter a password, also known as a network key, for the encrypted Wi-Fi.

This is NOT the same password you used for the router—this is what you enter on every single device when you connect via Wi-Fi. So make it a long nonsense word or phrase no one can guess, yet something easy enough to type into every weird device you've got that uses wireless. Using a mix of upper- and lowercase letters, numbers, and special characters to make it truly strong, but you have to balance that with ease and memorability.

Double Up on Firewalls The router has a firewall built in that should protect your internal network against outside attacks. Activate it if it's not automatic. It might say SPI (stateful packet inspection) or NAT (network address translation), but either way, turn it on as an extra layer of protection.

For full-bore protection—like making sure your own software doesn't send stuff out over the network or Internet without your permission—install a firewall software on your PC as well. Our top choice: Check Point ZoneAlarm PRO Firewall 2017; there a free version and a $40 pro version, which has extras like phishing and antivirus protection. At the very least, turn on the firewall that comes with Windows 8 and 10.

Turn Off Guest Networks It's nice and convenient to provide guests with a network that doesn't have an encryption password, but what if you can't trust them? Or the neighbors? Or the people parked out front? If they're close enough to be on your Wi-Fi, they should be close enough to you that you'd give them the password. (Remember—you can always change your Wi-Fi encryption password later.)

Use a VPN A virtual private network (VPN) connection makes a tunnel between your device and the Internet through a third-party server—it can help mask your identity or make it look like you're in another country, preventing snoops from seeing your Internet traffic. Some even block ads. A VPN is a smart bet for all Internet users, even if you're not on Wi-Fi. As some say, you need a VPN or you're screwed. Check our list of the Best VPN services.

Update Router Firmware Just like with your operating system and browsers and other software, people find security holes in routers all the time to exploit. When the router manufacturers know about these exploits, they plug the holes by issuing new software for the router, called firmware. Go into your router settings every month or so and do a quick check to see if you need an update, then run their upgrade. New firmware may also come with new features for the router, so it's a win-win.

If you're feeling particularly techie—and have the right kind of router that supports it—you can upgrade to custom third-party firmware like Tomato, DD-WRT or OpenWrt. These programs completely erase the manufacturer's firmware on the router but can provide a slew of new features or even better speeds compared to the original firmware. Don't take this step unless you're feeling pretty secure in your networking knowledge.

Turn Off WPS Wi-Fi Protected Setup, or WPS, is the function by which devices can be easily paired with the router even when encryption is turned because you push a button on the router and the device in question. Voila, they're talking. It's not that hard to crack, and means anyone with quick physical access to your router can instantly pair their equipment with it. Unless your router is locked away tight, this is a potential opening to the network you may not have considered.

4G LTE Internet is an under-utilized asset for your company’s network… and your sanity. As someone who’s owned a business telecom, Internet, and cloud brokerage, I’ve had my share of drama surrounding circuits taking too long to install. Whether it’s fiber taking a year to get built-out, or a T1 taking 6 weeks to install (when our customer’s business was relocating in 4), being at the mercy of an ISP’s unexplainable, bureaucratic timeline has been the most stressful part of my job.

Not far behind those bad experiences are the times I’ve had customers call me (in a panic), telling me their Internet circuit is completely down and they either do not have a backup or they have a ridiculously slow backup. And again, we are at the mercy of the ISP’s timeline, as the customer and I wait (as minutes seem like hours), for the Internet circuit to be restored.

Enter 4G LTE wireless Internet for business.

Here is why 4G is a great backup solution for your Internet circuit...

High bandwidth

Typical 4G LTE Internet speed ranges from 5-15M download and 1-5M upload. That’s decent speed but did you know you can bond multiple connections (via a Peplink or similar device), to get even faster speed?

Furthermore, if 4G XLTE is available in your company’s neighborhood, your business can typically get double the bandwidth (i.e. 40M/10M). Bond a second connection and you just created 80M download speed.

Inexpensive

A typical 4G LTE Wireless Internet connection is only going to cost your company between $50–$100/month. It’s about the same price as business-class cable, which is about as inexpensive as you’ll find these days for a high-bandwidth business Internet connection.

Availability

How many places have you been where the little “LTE” symbol on your phone disappears and it says “1x.” Not many. Maybe in the panic room you recently installed in your house— or in Yosemite — or a few other extremely remote areas.

4G is available almost everywhere a business could be. On top of that, there are ISP’s who specialize in 4G and can sell your company a 4G LTE Internet connection from the best-available provider servicing your company’s exact address.

Fast installation

4G LTE can be installed in a couple of days.

Out-of-Band Management

When your company’s remote site’s Internet goes down, are you “flying blind” trying to call an on-site employee and have them make changes to the router? Or maybe you’ve experienced the lightening-fast speed of using a POTS line to access a router, remotely?

If your company has 4G LTE for a backup — but you lose your primary Internet connection — not only is the Internet still “up,” but you also have high-speed access into the router for troubleshooting your primary circuit.