DMARC The Effective Email Authentication Best Practices.

You all may be familiar that the government mandated a strict DMARC policy for gov domains (including SPF, DKIM, and DMARC at p=reject), and moving all sites to secure “https” URLs: “Within one year. way back in October 16, 2018.

As a security vendor we see around 20% of our customers, institutions have implemented the strongest Domain-Based Message Authentication (DMARC) policy which means 80% have published no DMARC record at all.

Implementing simple, yet effective email authentication best practices DMARC helps to prevent certain types of spam and phishing attacks by verifying that the domain of the sender hasn’t been impersonated. However, it must be set to p=reject in order to prevent suspicious emails being sent to customer inboxes.

The need for improved anti-phishing measures is heightened. Here at OMNIQUAD, we recommend all our customers move towards full implementation of DMARC at a pace that allows for troubleshooting and feedback at each policy stage—from Monitor to Quarantine to Reject. By working with the right vendor, you can be sure that you have hold on every single email coming from your domain/domains, before you make a costly mistake.

References and sources:

Omniquad

‘Audio email’ phishing don’t be fooled by this

Spammer always come with new form of spam by now, using WAV ,MP3 audio files to send a stock pitch has surged this week. Today form of spam has risen from being virtually nonexistant to become 10 percent of all spam traffic.

Previously we have seen image spam” which used picture files to bypass filters following with  PDF file format. Now the audio WAV, MP3 version of the spam is spreading rapidly.

The malicious emails appear using a display name of “Notifications” along with the compromised email address of the sender. They are titled “You Have Received An AudioEmail”. The ‘To:’ field contains the same information as the ‘From:’ field.

The body of the message is in plain-text, and advises the recipient that they have received a new “Audio Email” from their address-book. A call back is required for this audio note, like below

 

audio

In the audio version, the user receives an WAV, MP3 file that is socially engineered with a name that invites clicking-either because it is a popular band name or title that seems personal.

However having Mailwall security Omniquad provide cloud hosted email filtering and security solutions for business & enterprise. Your account can be safely accessed through our secure customer web interface from anywhere, get secure today and join with us.

http://www.omniquad.com/contact-us.html

 

Spoofing Mail Header

Criminals are widely spamming out a malware campaign recently, where the display name is spoofed and sent from domains other than actual Bank ID.
The phishing email suggests that recipients should Download\View\Open the attachment.
Below is the screen capture of the phishing email:

HSBC

The link that they provide in the email leads to a spoofed website, which provides a fake HSBC form typically ask you to enter bank details to Download\View\Open the attachment, so that the phishers can capture your bank details.

When the use enters the bank details in the fake form, it redirects to a page where it says Error\File not available. As below:error

Omniquad is already blocking these type of fraudulent emails, this information is only to educate how scammers are trying to steal your bank details.

HSBC Bank never send their users emails requesting to Download\View\Open the attachment using personal details in this way.

Omniquad Customer Update – National Cyber-attack 12.05.2017

Hackers have been exploiting data stolen from the US government and performed multiple cyber-attack across the UK and also globally. The NHS in particular has been affected.

The attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, a remote code execution attack which takes advantage of a SMBv1 vulnerability in Windows. This vulnerability was patched by Microsoft on March 14, and machines that has not been updated since could potentially be at risk.

Omniquad is taking a multi-pronged approach with regards to both our web and email security solutions.

While this is a zero-hour threat scenario with a significant global outbreak, however our researchers are monitoring traffic patterns on 24/7/365 basis as normal and taking pro-active steps to mitigate the risk.

Omniquad managed security services – Mailwall for email security and Surfwall for web security are updated with threat-blocking intelligence information in near-real time.   The updates are based on directly observed malware traffic, data analytics, security partner data feeds and global reports.  We are monitoring the situation and will keep our customers informed if there are any specific concerns.

-The Omniquad Team

How simulating Cyber Threats

SC Magazine wrote a great article in November, “Acting out: Cyber simulation exercises”, explaining how role play can play an important part for businesses combating cyber threats.

The comparison to child’s play is good – just like children learn and develop new skills through role play, so can businesses learn through acting out cyber attack scenarios.

“While participants don’t get to dress up in cool super hero costumes or leap tall buildings in a single bound, they do take part in cyber exercises that, if properly executed, can sharpen and strengthen an organization’s response, making it more competent and resilient in the face of a real, live cyberattack.”

Many Internet security companies have developed similar strategies for helping clients learn how to deal with cyber threats, through education and role play. One example is Phishwise.

Phishwise is an end-user spear phishing vulnerability assessment, that will play out different phishing and spear-phishing scenarios. This helps organizations recognize the threat through experiencing it for themselves.  You can read more about Phishwise here.

Is subjecting your business and employees to phishing and spear-phishing scenarios really necessary? Perhaps a bit over the top? Not really.

95% of espionage
attacks involve Phishing.

Source: Verizon Data Breach Investigations Report – 2014

Businesses have good reason to let their employees engage in simulated cyber-attacks. They get to experience the attacks first hand, learn to distinguish between legitimate and scam emails, which in turn can prevent them from being taken in by email scams and cyber threats in future.

Cyber attakcs are not just an IT issue, it is a business issue, and as such should be taken seriously.

 

Protecting yourself, your pc and financial data from Cyber Attacks

You have probably read or seen it on the news. There will be a big cyber attack in two weeks. Not quite.

In brief, it is not that the attack will come in two weeks, the issue is that Russian and Ukranian criminals’ botnet that was due to distribute this particular attack has been interrupted by the FBI. They estimate that it will be up and running again in the next two weeks, so we have some time to prepare ourselves.  Nobody has been arrested, so the attack  has just been delayed.

What is this attack, and how can I protect myself and my computer?

Below we will look at what the attack consist of, and what you can do to protect yourself:

The attack is email borne and using various techniques to achieve its goal: Your financial data.  It is operating as a virus that spreads itself through email contact lists, so the email appears to come from a friend. It contains an attachment which could look innocent enough (like a voicemail, an invoice, etc), but has two pieces of malicious code, namely GameOver Zeus (“GOZ” or “GOZeus”) and CryptoLocker. (Note that this attack affects Windows users, so if your computer is running on a different platform, it wont affect you, this time.)

2 pieces of malicious software:

Game over Zeus

What is GameOver Zeus? GameOver Zeus is sophisticated edition of the familiar Zeus Trojan horse, and used peer-to-peer (P2P) technology to hide its own infrastructure. This makes it harder for harder for law enforcement and security vendors to stop it. They typically infect a computer via attachments or links in emails. If a user clicks on the link or attachment, GOZeus will install itself and sits there silently in the background monitoring activity and looking for financial data. GOZeus then tries to capture information such as bank details, which will be fed back to the criminals. It also sends itself to every contact in your email contact list. (So by not clicking on links and attachments, you not only prevent your own computer for being infected, you dont spread it any further either2. CryptoLocker

CryptoLocker

CryptoLocker is a ransomware. It locks all the files on your computer, and wont open them until you pay a ransom of around 200-300 pounds. Unless you pay up within 72 hours, your files will be destroyed. CryptoBlocker is set to kick off if GOZeus is not proving profitable enough.

What can you do to ensure you stay safe?

The NCA estimates that more than 15,500 computers in the UK are infected and “many more” are at risk. See the NCA website here for more information.

How to protect yourself:

  • Update your Windows – It is a good habit to ensure your operating system is up to date and with the latest Microsoft updates applied
  • Install a good antivirus protection and keep it updated – If you don’t have antivirus, it is a good idea to install some now, and to keep it updated
  • Run anti-malware – many antivirus products also contains malware protection, but if you are in doubt you can do an online malware scan free from many providers

Some general tips on staying safe:

  • If you don’t trust the source of an email, don’t open it, and don’t open any attachments and dont click on any links
  • If the email is from a friend, but looks a bit unusual, don’t open any attachments or click any links. Maybe send you friend a text or email asking if they sent an attachment for you to look at.
  • Dont reply, just delete any suspicious emails.

Remember, even if your email is protected in your place of work you still need to be as vigilant at home on your personal computer which may not have the same level of protection.

What Omniquad says about protecting their Mailwall customers:

We detect these threats with various means on an ongoing basis – from multiple third party antivirus products to our own internal pattern matching algorithms.  We also licence data feeds from other antispam sources.  we also have special rules in place to prevent any kind of executable from slipping through even if it is not detected by virus scans. Of course we update our signatures continuously to target new variants.”

As anybody working within information security knows, there are always attacks like this, and information security experts and vendors are working  to protect their users on an ongoing basis. We also know that no solution can guarantee a 100% protection over time – as there are always new threats emerging, and not everybody are updating their protection as regularly as they should.

It is therefore  important to be alert when checking your email, and vigilance should be a given just like looking to both sides when crossing the street is second nature.

Some links with more information:

Cert UK

Pc Pro best Free Antivirus Software

Get Safe Online

National Crime Agency

– The Omniquad Security Team

Omniquad Informs: BT Internet and Yahoo! Email Accounts Compromised – What to do?

BT Internet and Yahoo! Email Accounts Compromised

We have recently become aware of several issues associated with BT and Yahoo email accounts. Some of these accounts have become compromised by hackers and as a result their accounts are sending emails to their contacts which contain unauthorized and unsafe links to slimming pills and similar products.  This is obviously of huge concern.

If you have email security in place then it is worth checking with your provider to see if they are aware of the recent threat and to remove BT Internet and Yahoo accounts from your email ‘safe list’ for now.

Should you receive an email from a BT Internet or Yahoo account, even if it is from a trusted source, do not click on any links it may contain as you could compromise your computer and become a victim yourself. Instead, always check direct with the sender and if possible, ask them if they can re-send using a different email address. Never click on a suspicious looking link contained in an email as it could leave you exposed to malware.

BT is looking to replace Yahoo email with its own email service due to the ongoing security issues with Yahoo email.

Citadel Botnet Malware

The most damaging and infamous of all malware is the Citadel Botnet. The Citadel botnet is capable of accessing your computer and stealing sensitive information such as banking details; or locking your PC and demanding payment whilst in the guise of the FBI.

Despite co-ordinated efforts by Microsoft, Internet Service Providers and law enforcement agencies, many people still fall victim to such malware attacks. The problem is that by the time Press Releases are issued, warning people of a new threat, many users have unwittingly already fallen victim and an infection can go undetected for months.

Omniquad Surfwall checks all links against known malicious sites in real time, thus preventing any threat from even reaching your inbox. We track source IP addresses to ensure that they are reputable and our information is constantly being updated using leading security intelligence providers such as Spamhaus.

By running anti-virus programs concurrently we can also detect any weaknesses which is why we periodically change and update the anti-virus programs we run. To date we are in the process of rolling out a highly rated and well-known anti-virus product; BitDefender. BitDefender will add that vital layer of extra protection against botnets and they are fully away of the Citadel botnet threat (more about this particular malware can be found on their own website).

Every link received is checked against our dedicated, updated database of malicious websites as well as Google’s own database and even if the site appears to have a good reputation, we still scan the contents to give you double protection.

If your provider does not give you this protection then why not discover how Surfwall can protect you at home and at work – you can even sign up for a trial period. Meanwhile we would ask everyone to remain vigilant and ensure that your local network defenses are up to date and running correctly.

– Omniquad Security

 

Omniquad warns: Fake Speeding Ticket Emails carry W32.FakeHddRepair Trojan

There are currently emails with the subject line “Uniform Traffic Ticket” in circulation that claims to be from the New York State Department of Motor Vehicles.

The email in the example below claims the recipient was caught speeding in New York city at a certain time and recipient is charged of committing the violation “speed over 55 zone”. The email states that the victim is charged with a traffic offense and requesting that to print out the attached ticket and send it out to the town court of Chatam at a provided PO BOX.

In fact, the zipped file is not a speeding ticket but contains an .exe file which installs a Trojan on the recipient’s computer. The Trojan was identified as being W32.FakeHddRepair and which constantly displays hardware error messages.

From Microsoft Malware Protection Center has the following information about the W32.Fake Hdd Repair Trojan:

 Win32/FakeSysdef is a family of programs that claim to scan for hardware defects related to system memory, hard drives and over-all system performance. They scan the system, show fake hardware problems, and offer a solution to defrag the hard drives and optimize the system performance. They then inform the user that they need to pay money to download the fix module and to register the software in order to repair these non-existent hardware problems. One of the first variants was distributed as program named “HDD Defragmenter” hence the name “FakeSysdef” or “Fake System Defragmenter”.  

 

Fake speeding ticket email from New York State Department

This is the exe file:

fake speeding ticket exe file

These fake emails target motorists in New York, there is no reason to think the scammers will stick to New York, as the formula can easily be used for targeting people in other cities, states or districts.

Be cautious of any unsolicited email that claims to be from police or a government department and instructs you to open an attached file or follow a link. Such tactics are commonly used by criminals intent on distributing malware or tricking recipients into divulging personal and financial information via phishing scams.

– The Omniquad Security Team

Why Google+ Could Beat Facebook in the Social Networking War

Google+ VS Facebook

When social networking as a concept was unleashed onto a wider audience, it was largely aimed at young people and of those most were divided between MySpace and Bebo. Then Facebook came crashing onto the scene in 2004 and really there has been very little competition since.

Facebook seemingly offered it all; a way to share photos, interests, videos and opinions easily and quickly. People’s lives are now neatly compacted into Timelines and whatever you had to say, you would say it on Facebook.

Twitter was the only really serious competition but the services it offered were limited and so it was never seriously going to take over. Then in June 2011 Google Plus was launched and although it has had a slow start, nevertheless it does appear to be catching up with over 500 million users worldwide. So can it really take over from Facebook to become the world’s most popular social networking site?

Benefits of Google Plus

When Google+ was launched it was designed as an invitation only site, perhaps hoping to benefit from the buzz that was generated around Pinterest when that site was launched as invitation only. Back then it was better known as Google Circles before adopting the catchier Google+ (or G+) name later on in the year.

The invite only marketing ploy worked and soon the site was forced to open its doors to everyone over the age of 18 after experiencing what they termed as an “insane demand” for new accounts. The age limit was dropped to 13+ in the US and most European countries at the beginning of 2012.

Within Google+ you can organise your contacts into Circles, which means you can have family in one circle, friends in another and work colleagues in a third. This keeps your contacts separate and means that if you do decide to post those holiday snaps of yourself online, you can choose which circles to share them with and best of all, the names you give your circles will not be shown.

You can also filter what appears in your stream from nothing, some things, most things and everything. This stops your stream from becoming clogged up with irrelevant items.

Hangouts can be used to engage in group chats with one or more people, up to a maximum of 10 which is extremely useful for business conferencing or merely chatting with groups of friends. Other features include instant messaging, instant uploads, games, communities and so on.

Google Plus for Businesses and SEO

Word soon got around that having a Google+ account could improve your SEO in Google search results, especially with the Google Authorship feature. This verifies author identity, making it easier for writers to claim content they have written and for users to search for content written by the same author.

Other Google+ Business Tools include private sharing, administrative controls and integration of Hangouts with Gmail and Google Calendar.

Businesses also discovered that their Google+ profiles added credibility to their search result profiles with their latest Google+ activity also shown along with their profile picture.

Google+ Local is aimed at smaller businesses who want to show up in Google Maps and local searches.

Google Plus Privacy Issues

The beginning of 2012 saw the first rumblings of concern over Google+ and privacy issues. The concerns centred around the fact that Google, in its wisdom, added photos, posts, profiles, updates, etc from Google+ accounts to search results. This was great for those who used Google+ on a purely professional level as they saw their SEO results improve thanks to the inclusion of their profiles in search results, however many others were disgruntled that their personal information could now be freely searched on the internet. This also led to accusations that Google favoured its own social networking site over competitors such as Facebook.

Google say that users only see the social content of friends if they are logged into Google+ and only information you have made public will appear in those search results, so your holiday snaps could still be safe for now.

Some aspects of your Google+ profile can be used for advertising purposes such as the +1 option. If you +1 a comment or a post then this information is made public and can be used for ads. Essentially this means that if you +1 Preston Bike Shop then should one of your friends search for bike shops, Preston Bike Shop will feature higher in their search results and your +1 will be shown.

Users can hide the +1 tab on their profile if they want this information to remain private.

Google also came under fire for linking existing Picasa web albums to user accounts as many photos were made public that users had not intended to be so.

Google+ Privacy Settings

As with most social networking sites you do have some control over who sees what on your profile. With Google+ you can decide if anyone is able to see who your friends are, restrict your personal profile information and reduce the visibility of individual posts in your stream.

Going into your profile and then privacy settings does give you a choice of settings that enables you to make your profile as private or as public as possible. Options also appear every time you post an update so you can choose to make it public or seen by those in particular circles only, thus it’s easy to control who sees what.

Google still feels very ‘grown-up’ when compared to the likes of Facebook but it’s also easier on the eye, uncluttered with ads and doesn’t feature those annoying game requests. It might be a while before the younger generation switch but for businesses and those who are tired of the inane chatter of Facebook, Google+ is a welcome sight/site!

– The Omniquad Team

Has Facebook run its Course? Are problems within the social media platform too big to overcome?

Is Facebook Still Relevant Today?

Facebook was once the top dog of social media platforms and could seemingly do no wrong. That is, until it did. With issues surrounding privacy, security and controversy plus the fact that competition is hot on its heels in the form of the Google+, is Facebook still relevant to both business users and individuals? Does it still have the trust and loyalty of its members or are people hitting the ‘Unlike’ button on Facebook?

Facebook Facts

Facebook was launched in February 2004 and got off to a controversial start when the founder, Mark Zuckerberg, was sued by 3 of his former University colleagues over claims that he stole their ideas for the site. The matter was settled in court with a million dollar payoff. The drama was subsequently made into a film in 2010 called The Social Network.

The site spread from Harvard University to almost all Universities in the US and Canada and eventually in 2006 Facebook was extended to everyone aged 13 or older.

In August 2008, just under a year since it was made available to everyone, Facebook had attracted 100,000 users and eventually hit the 1 billion mark in October 2012, however in December of that year, UK users for Facebook actually dropped by 600,000 according to monitoring firm SocialBakers so could the bubble finally be set to burst?

How Useful is Facebook for Businesses?

Facebook was originally set up for individuals to share information with friends but that soon expanded and businesses realised the true potential of reaching out to a network of millions of prospective customers.

Business users can create pages on Facebook and promote their posts in order to build up a following. Facebook also uses data to help generate targeted ads. Businesses can encourage people to follow their page and share their posts and it is a useful way for companies to reach out to their intended audience.

However businesses beware – there have been some epic company Facebook fails due to bad management of their Facebook page. The biggest failure was by Nestle when they innocently requested that fans do not use any altered Nestle logos as their profile pics. What ensued was a playground spat between Nestle and hundreds of followers which did not do the company’s credentials much good at all.

More common are disasters featuring companies who do not respond to customers’ complaints such as the Nature Valley Facebook page. When someone asked if they used GM crops in their ingredients, Nature Valley refused to respond. There was no evidence to say that they did but their failure to respond to that and subsequent comments caused chaos on their page and quickly turned viral.

The power of social media such as Facebook is not to be underestimated.

New Facebook Features

In order to keep the website updated and relevant, Facebook has rolled out several new features recently. In 2010 a brand new timeline profile was introduced with gives basic information about you such as where you are from, where you work, your relationship status, etc along with a row of the most recently tagged photos of you.

Friends can now also be listed in groups such as family members, work colleagues, sports teams and so on.

Perhaps Facebook is taking note of popular sites such as Pinterest and Vimeo as the news stream and timeline feeds are now more visually orientated with larger photos and expanded snippets from texts. And in response to a call for better news feeds, Mark Zuckerberg used the phrase “personalised newspaper” to describe the new look site.

A brand new feature called Graph Search will also enable users to search their friends’ feeds, so if you wanted to see school photos of your friends you just type it into the new search feature and all the old school photos of your friends will come up! You will only see information which has been made publicly available however, private photos will stay private.

Facebook Privacy Issues and Security Concerns

Facebook has had its share of privacy issues and the new Graph Search tool mentioned above is the latest concern. Critics say it could be used to discover compromising information about members such as political groups or religious affinities. Facebook have reminded people about checking their privacy settings but this is one of the main concerns about the new feature.  If you are a business whose employees use Facebook and join a controversial political or religious group then this information could potentially spell trouble for your company.

In 2011 around 200,000 profiles were reportedly hacked and their news fees and profile pictures were replaced with pornographic images and sexual content. Facebook denied the claims.

In January 2013 it was discovered that over 16000 Facebook credentials had been stolen by a botnet.  The ‘PokerAgent’ botnet was apparently designed to collect Facebook log-on credentials, also gathering information on credit card details linked to the Facebook account and in particular Zynga Poker player stats, presumably with the intention to rob the victims.

Other areas of concern centre around phishing scams and malicious links which trick users into downloading potentially harmful viruses.  (Look out for Part II; we will cover this separately, as the topic is so big. Meanwhile, have a look at earlier blogs about this here)

As critics point to the loss of users’ rights to vote on policy along with a possible saturation of the market and the drop in member numbers in the UK, could Facebook be falling out of favour with its users? Well it certainly has to watch its back because waiting quietly in the wings is the increasingly popular Google+.

To Sum up

In summary, Facebook is a victim of both its own success and its need to make money through advertising.  The platform has enjoyed phenomenal growth, but it now looks like the growth is slowing.  Although Facebook can reach users with highly targeted ads, it is uncertain how much effect they have, other than annoying the users they try to entice – the ads are intrusive and take up too much of prime space on the pages.   The question is: how much do Facebook users really want to engage with advertisers on a medium they have chosen to engage with friends and family?  There is a price to pay for enjoying the fun and social features of Facebook, but is it too big?

The biggest concern though is security.  Amid hacking concerns and recent security breaches, the far most annoying risk to the users is that Facebook as a platform has been unable or unwilling to tackle the problems of virus and worms that spread on the site like wildfire. There is not much they can do to stop email phishing scams, and fake emails posing as official notifications. Facebook has a help center where you can look up information about scams and fake notifications, but it is sadly lacking and cumbersome to use.  User must look elsewhere for detailed information about what to do or how to spot fake emails.

With Google + gaining in popularity, it would be advisable for Facebook to start looking into how to solve issues that affect  their users’ enjoyment of the site, rather than only trying appease the shareholders.  When Facebook users start closing their accounts, they will have more to worry about than just how to make money from advertising, there will be fewer users to advertise to!