Cybersecurity Blog

Use digital signatures with caution – 04/15/21

 

 

With everyone avoiding contact with other people at all costs, the use of digital signatures has become more common.  However, some forms of digital signatures are more secure than others.

Services like Adobe or Docusign encrypt your digital signature. This means if someone tries to access it without your password, all they will see is gobbly gook.  As long as you are careful with your passwords, your signature is secure with these types of services.

Other solutions for digital signatures are not as safe.   Pictures of your written signature stored unencrypted or emailed can easily be stolen.  If they are on your Google Drive, Onedrive or Dropbox this makes them even more vulnerable. Likewise, entering your signature into text fields in unencrypted forms is also dangerous.

Remember that your digital signature is used to verify your identify. You should treat it like you do your credit card number. If you wouldn’t store or transmit your credit card number using a particular method or service, then you shouldn’t store or transmit your signature that way either.

 

Keeping voicemail safe from breaches – 01/05/21

 

 

Happy New Year!!  Another year, another security concern. This time it isn’t your email, your workstation or your smart phone. This time it is your voicemail. Hackers are taking over voicemail accounts and using them to impersonate people, make thousands in long distance calls and by-pass two factor authentication. Not only does this cost organizations but it is also embarrassing and can lead to network compromise and data loss.

To prevent this, secure your voicemail just as you would your workstation. Use UNIQUE passwords/PINs at least 8 characters long. Remember you aren’t limited to just the 6 characters we are used to using. You can use up to 64 if you wish. Also, make sure your voicemail password/PIN is not a numeric version of any of your other passwords, your age, your birthday, your pets name or any other personal information.

Lastly keep your voicemail password/PIN secret. That means do not share it with colleagues nor leave it on a post-it on your phone. Once someone has your password/PIN, they can forward calls, change your greeting, make long distance calls, pretend to be you and generally cause problems while making you the fall guy. Even if they don’t have malicious intent, once someone gets ahold of your password/PIN they may not be as careful with it as you are.

If you are away on vacation and need someone else to cover for you, record a vacation message directing people to call your substitute directly. You can have calls forwarded automatically, but if no one answers a message is left on the voicemail that received the call, not the one that the call was forwarded to. If neither of these solutions will work for you contact the IT Service Desk, they will find one that does not involve the sharing of passwords/PINs.

 

Newsletter issued every second week over the summer – 06/18/20

 

 

We have decided to issue the newsletter every second week over the summer. With people going on vacation, readership tends to die down a bit at this time.  As we are super busy putting together new training materials, writing documentation and generally getting things sorted for September we thought we would step back from the newsletter a bit.

To keep you up to date on the latest phishing threats, we will continue to add new phishing emails to the Phish Bowl as they come in.   Please check it on the weeks that there is no newsletter to stay informed.

You can expect to receive the newsletter on the following dates:

June 19
July 3
July 17
July 31
August 14
August 28

The regular weekly newsletter will return September 4.

See you in two weeks!

 

The online training is changing – 04/24/20

 

If you haven’t completed your cybersecurity or PCI awareness training for 2020 yet, you might want to do that before the end of the month. We have a new training tool that we will be introducing July 1.  As a result we will be losing access to our current training videos and interactive pre-tests on April 30.

To tide us over until the new tool is rolled out, on April 29 I will be uploading new videos with quizzes. However, you will not have the ability to test out of the video and it will take longer to complete the training.  I apologize for the inconvenience, however you can look forward to more targeted training once the new tool is rolled out.

The good news is, you still have a few days to complete the current version of the training.  If you have any questions , please feel free to contact me at bpasteris@mtroyal.ca.

04/27/20  update: There has been some confusion around the security awareness training completion date. The deadline has not changed, you still have until June 30 to complete your mandatory training. The only difference is if you complete it before April 30, it will be easier.

How to prevent a two factor authentication compromise – 03/04/20

 

 

This week I posted an article telling the horrific tale of a Mount Royal employee who had their phone number ported to another carrier and their email compromised even though they had two factor authentication enabled on their email account.

How was this possible? The authentication method that they had used was an SMS message sent to their phone.  With this method, who ever has control over the phone number receives the authentication codes. The bad news is, if someone impersonates you and either asks for a new SIM card or moves your number to a different carrier they can get access to your email account.  The good news is, there is a way to stop this.

Instead of using a text message sent to your phone as your second step, use an authenticator app or authenticator key. An authenticator app generates an authentication code using wifi, while an authenticator key must be plugged in or waved near a device for you to login.  In both cases you have to be in physical possession of the second factor to get access to your account. Of course if your phone is stolen or your key is lost, you are locked out.  However you can print off backup codes and have an extra key available in case that happens.

 

Campuses seeing the “trusted friend” credential stealing attack – 09/06/19

 

 

With the start of the new school year scammers and hackers galore begin targeting students once again. Usually though, it is a complete stranger who is compromising our data not someone we trust. Welcome to 2019 when even your friends cannot be trusted to use your credentials for their personal gain.

A Canadian university has seen a student fall victim to a Snapchat credential stealing attack. The unfortunate student was asked by a trusted friend for their Snapchat credentials. When the student handed them over, their friend then send messages to all of his contacts. The messages explained that he was having trouble accessing a class timetable or a library resource and asked for the contact’s username and password to their school account so they could get the information.

Shortly after, the trusted friend attempted to use the victimized student’s credentials to login to their student account. The attempt was blocked and the account was locked down. As of the writing of this article, we are unaware if the trusted friend was sent any other credentials. However, the victimized student had to do some serious damage control with their friends on their contact list.

This is a gentle reminder not to trust anybody with your login credentials. Not your colleague, not your best friend, not your significant other nor that friend looking for help accessing information. If a friend  or colleague is asking for credentials so they can access information, send them to the IT Service Desk. They will be glad to help.

 

Is it spam or is it phishing? 05/23/19

 

 

I am truly delighted with the number of malicious emails that are being forwarded to abuse@mtroyal.ca.  The Mount Royal community is doing a great job of letting us know what to look for and helping us defend their data. There is one question that people keep asking though, what is the difference between Spam and a phishing email? I thought I would take a moment to clarify.

Spam email
  • Goal is to sell you something.
  • It is sent to hundreds or thousands of people at a time.
  • Reading the email does not generate an emotional response.
  • It may or may not contain links
  • Clicking on the links will take you to the organizations website.
Phishing email
  • Goal is to steal your data or use your workstation as a tool to access data on other people’s devices.
  • It can be sent to thousands of people or just one or two.
  • Reading the email generates an emotional response.
  • It may or may not contain links and or attachments.
  • Clicking on the link or opening an attachment takes you to a fake web page and/or loads malware onto your device.

The easiest way to determine if what you are dealing with is spam or phishing is by examining the purpose of the email. If it looks like they are trying to sell you something, then it is probably spam. If it looks like they are trying to confuse or trick you, then it is likely phishing.

Spam emails should be marked as spam by clicking the stop sign icon in the Gmail menu bar. Phishing emails should be forwarded to abuse@mtroyal.ca. If you aren’t sure which one it is, forward it to abuse@mtroyal.ca and we can let you know.

 

Your legitimate Android app may contain malware – 03/14/19

 

 

When developers create apps, they often include advertising in exchange for using the app for free. To make their lives easier, they will often use a software developer kit (SDK). This is a bunch of code designed to deliver ads that is created by another developer. Using a SDK can save developers tons of time so they can focus on the unique features of their app instead of reinventing the wheel.

Unfortunately one developer decided to add some special features to the SKD they created. The features turned the innocent adware into malware by hiding the app icon, sending users to specific web pages and opening the Play Store to specific apps. In other words, it made legitimate apps annoying as heck to use and difficult to get rid of. It also allowed the criminals to download apps behind the users back, making the legitimate apps dangerous as well.

This SDK was used in hundreds of apps, allowing the criminals to spread their malware throughout the Play Store and affecting almost 150 million users.

Affected apps

Snow Heavy Excavator Simulator
Hoverboard Racing
Real Tractor Farming Simulator
Ambulance Rescue Driving
Heavy Mountain Bus Simulator 2018
Fire Truck Emergency Driver
Farming Tractor Real Harvest Simulator
Car Parking Challenge
Speed Boat Jet Ski Racing
Water Surfing Car Stunt
Offroad Wood Transport Truck Driver 2018
Volumen booster & Equalizer
Prado Parking Adventure
Oil Tanker Transport Truck Driver
Monster Truck Demolition
Hummer taxi limo simulator
Excavator Wrecking Ball Demolition Simulator
Offroad Gold Transport Truck Driver 2018
Sea Animals Truck Transport Simulator
Water Surfing Motorbike Stunt
Police Chase
Police Plane Transporter
Ambulance Driver Extreme Rescue
Hovercraft Racer
Cars Transport Truck Driver 2018
Motorbike Pizza Delivery
Heavy Excavator – Stone Cutter Simulator
Bottle shoot archery
Offroad buggy car racing
Garbage Truck – City trash cleaning simulator
Tanks Attack
Dinosaur Park – Train Rescue
Pirate Ship Boat Racing 3D
Flying taxi simulator
Jetpack Water
Volumen Booster
Animal Farming Simulator
Monster Truck
Offroad jeep car racing
Flying Car Stunts On Extreme Tracks
Tractor Farming 2018
Impossible Farming Transport Simulator
Volumen Booster
Mustang Rally Championship
Deleted Photo Recovery
Speed Boat Racing
Super Cycle Jungle Rider
My name on Live Wallpaper
Magical Unicorn Dash
Super Cycle Jungle Rider
Love Caller Screen
Racing Car Stunts On Impossible Tracks
Racing Car Stunts On Impossible Tracks 2
Urban Limo Taxi Simulator
Tractor Farming Simulator
Camper Van Driving
Bottle Shoot Sniper 3D
Full Screen Incoming Call
Beard mustache hairstyle changer Editor
Volumen Booster
girlfriend photo editor
Mobile Number Tracker & Locator
Garden Photo Editor
Fortune Wheel
Farming Transport Simulator 2018
OffRoad Tractor Transport
my name on live wallpaper
Flying Ambulance Emergency Rescue
Mustang Driving Car Race
Waterpark Car Racing
Impossible Tracks – Extreme Trucks
Flying Motorbike Stunts
Fire Truck Emergency Rescue – Driving Simulator
Heavy Snow Excavator Snowplow Simulator
Water Skiing
Women Make Up and Hairstyle Photo Maker
Mountain Bus Simulator
Van Pizza
Truck Transport and Parking Simulator
Hoverboard Racing Spider Attack
Motorsport Race Championship
Demolition Derby
Love Caller with love ringtones
House Transport Truck – Moving Van Simulator
Heavy Excavator Stone Driller Simulator
Super Cycle Downhill Rider
Extreme Rally Championship
Missile Attack Army Truck
Caller Location & Mobile Location Tracker
Mobile number locator
My name on Live Wallpaper
City Metro Bus Pk Driver Simulator 2017
Full Screen Incoming Call
Man Casual Shirt Photo Suit
American muscle car race
Offroad Nuclear Waste Transport – Truck Driver
Mad Cars Fury Racing
High Wheeler Speed Race
Number Coloring
Camper Van Race Driving Simulator 2018
Unicorn Float – Speed Race
Dual Screen Browser
Harvest Timber Simulator
Hot Micro Racers
Lara Unicorn Dash
Wingsuit Simulator
Food Truck Driving Simulator
Dog Race Simulator
SUV car – parking simulator
Phone Finder
Phone number locator
Gallery Lock
Secret screen recorder
Face Beauty Makeup
Christmas letters to santa and three wise man
Deleted Files recovery
Dual Screen Browser
Broken Screen – Cracked Screen
Garden Photo Editor
Modi Photo Frame 2
Love Caller Screen
Anti Theft & Full Battery Alarm
Love Caller Screen 2
Voice reading for SMS. Whatsapp & text sms
Name on Pic-Name art
Speed Boat Racing
Train Driving Simulator
Super Cycle Rider
Racing Horse Championship 3D
Move App To SD Card 2016
Pop Toy Creator
Photo Live Wallpaper
Magical Unicorn Dash
Truck Wheel of Death
Live Translator
Volume Control Widget
World cup 2018 football shirt maker
Girlfriend Photo Editor 2
My Photo on Music Player
taxi
Garden Photo Editor
Fortune Wheel Deluxe
Extreme Motorcycle Racer
Offroad Snow Bike – Christmas Racing
Bottle Shoot
Photo Background Changer 2017
Offroad Christmas Tree Transport
Tank Transport Army Truck
Flag face paint: World Cup 2018
World Cup 2018 Teams Flags Live Wallpaper
Selfie Camera
Missile Attack Army Truck
Max Player
Flash Alert – Flash on Call
Photo Video Maker with Music
Brain Games & IQ Test
Audio Video Mixer
Pop Toy Creator 2
Flash on Call and SMS
Heart Photo Frames
Shayari 2017
Photo on Birthday Cake
Nature Photo Frames
Calendar 2018 Photo Frame
Christmas Truck Transport Simulator
Modern Santa – Christmas van drive
Change your voice
Moster vs Water
EDIT Flowers Photo Frames
Photo Video Maker with Music
Toilet Paper Race
Dog Crazy Race Simulator
Luxury Photo Frame
Bike Wheel of Death
World Famous Photo Frames
Heavy Snow Excavator Christmas Rescue
Deleted Files Recovery
Football Results & Stats Analyzer
3D Photo Frame Cube Live Wallpaper
Green Hill PhotoFrame
Christmas Magic Board
Animal Parts Photo Editor
DSLR Camera Blur
Car Photo Frame
Hands Slap Game
4D Maa Durga Live Wallpaper
Men Sweatshirt Photo Editor
Connect Letters. Words Game
Recover Deleted Pictures
Custom Radio Alarm Clock
Anti-spam Calls
Compatibility Test
Dual Screen Browser
Magic Glow Live Wallpaper
Porgy Virtual Pet
Tap the Ball
Clock Live Wallpaper
Royale Stats
Fire text photo frame
Christmas greetings card
Best App Lock
DJ Photo Frames
Auto Call redial
Guess the picture
ProfesionalRecorder

If you have one of these apps on your phone, you should uninstall it. If you are unable to locate the icon, you may have to do a factory reset to remove it.

Sources:

https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/

https://www.zdnet.com/article/almost-150-million-users-impacted-by-new-simbad-android-adware/?ftag=TRE-03-10aaa6b&bhid=28055350847712972261944156227810

 

Fake Norton Security scam loading malware onto computers – 02/19/19

 

 

Norton is reporting there is a new tech support scam that is impersonating their antivirus software.  This is how it works, after visiting a compromised or malicious website users see a dialog box popup titled Windows Alert. It warns the user that their PC may be infected and asks if they want a 10 second quick scan performed.

Once the user clicks OK in the dialog box, several new windows that look a lot like a Norton security scan start popping up. Of course the scan appears to find a virus and then asks you to download and install an antivirus update. If you proceed with their request,  an annoying piece of malware is downloaded onto your machine. Nasty business indeed!

Unfortunately, Norton is not the only piece of software the scammers are impersonating. These creative criminals have also been impersonating Microsoft 360, prompting users to download driver updates.

The good news is, with a little knowledge you can protect yourself from these types of scams.

What you need to know:

  • Files cannot be scanned for viruses using a website running inside a browser. Only an application running outside of a browser can perform virus scans.
  • You will not get virus scans from applications that are not installed on your computer. Your workstation does not have Norton antivirus installed on it.
  • Drivers are automatically updated on your workstation. You will never be prompted to update them manually.
  • Closing a suspicious dialog box can download malware onto your machine. Close the entire browser window instead.

If you are at home and get a dialog box alerting you of a possible virus infection:

  1. Close the browser window.
  2. Open your antivirus application.
  3. Run a virus scan

If you get virus warning on your workstation:

  1. Don’t click on anything and leave your machine on.
  2. Disconnect from the network.
  3. Call the IT Service Desk at 403-440-6000.

If you get prompted to update an application:

  1. Close the browser window.
  2. Open the application that needs updating.
  3. Select Check for updates from the Help menu.

If in doubt, please call the IT Service Desk. They are always happy to help.

 

Chrome can now tell you if your password is part of a data breach – 02/07/19

Google has released an extension for Chrome that lets you know if a password you are using is part of a known data breach. If you are one of my on- the-ball readers, your reaction should be somewhere between “Hold the phone” and “No flipping way”. After all, how the heck can they check if your password is part of a breach if it doesn’t actually read your password?

Well some clever people at Google have come up with a lovely little process that keeps everything nice and secure.  So how does it work? Basically when you login to a site they take your username, encrypt and hash it and then send it to Google. Their databases of unsafe passwords are searched. When they find possible matches, they download that encrypted information to your computer. Password Checkup then decrypts the account details and checks for a match. As the final matching is done on your machine, Google doesn’t not know your account details. All of that is kept from their preying eyes.

To install this handy little tool:

1.Open the Customize and Control menu in Chrome.
2. Select More tools. Another menu appears.
3. Select Extensions. The Extensions page appears.
4. Click the hamburger in the upper left corner to view the Main menu.

5. At the bottom of the  select Open Chrome Web Store.

6. Enter Password Checkup into the search field. Password checkup appears in the drop down list.
7. Select password checkup. The Password Checkup extension appears.

8. Click Add to Chrome. A confirmation dialog box appears.

9. Click Add extension.