Data Breach

Computer Culture Admin - Thursday, September 27, 2018
Hacked Protecting your customers from a Data Breach is a very real, very valid concern. With rapid implementation of the General Data Protection Regulation (GDPR) and Australia's new Notifiable Data Breach (NDB), companies across the world are having to react and adapt quickly, to secure their system from the risk of their customers data being exposed.

New Zealanders are not immune from hefty fines, penalties and sanctions in failing to protect information of their customers and it is only a matter of time before New Zealand law follows suit, to enforce its own set of laws around the way data is handled.

We will keep you updated as we learn more, however ensuring your systems and data are secure from hackers is an essential action with or without legislation. 


Computer Culture Admin - Thursday, September 27, 2018
HP Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using to bypass email filtering.

This highlights the battle that is raging behind the scenes between the cybercriminals and the good guys who we rely on to protect us. Cybercriminals have huge resources and are often backed by governments of rogue states.

As a consequence, phishers always find a way to bypass security protections in order to victimise users. Malice links can be embedded into genuine documents and every day, new and more sophisticated scams are being generated. Just over a month ago, the scammers were found using the ZeroFont technique to mimic a popular company and tricked users into giving away their personal and banking information.

We all need to be very vigilant, and if you have any suspicions, pick up the phone and call the originator of the email.

Destructive Ransomware

Computer Culture Admin - Thursday, September 27, 2018
The SamSam ransomware has made cybercriminals at least $6m since they started distributing the file-locking malware in late 2015 to encrypt data and backups. Their profits are still on the rise, netting around an additional $300,000 each month.

SamSam is different to other forms of ransomware; while other variants are spammed out to potential victims by email, SamSam attacks are thought to begin with a remote desktop protocol (RDP) compromise, either by brute force attacks, or credentials purchased on the dark web.

Once inside a compromised machine, the attackers seek out vulnerabilities which they exploit to spread across an organisation's network before encrypting files.

With a stranglehold on an entire network, the attackers then demand a huge bitcoin ransom payment in exchange for the decryption keys. The payments now regularly reach over $50,000.

SamSam requires a more hands-on technique than other forms of ransomware, but the time and effort is apparently paying off for the crooks.

The number of payments received per month throughout 2018 has peaked at 10, indicating a level of precision by the attackers.

Infected PDF's

Computer Culture Admin - Thursday, September 27, 2018
The Turla threat group, certainly Russian-speaking and widely attributed to Russian intelligence services, is back with a new scary phishing technique. These bad guys are sending emails with a malicious PDF payload that installs a hidden backdoor in the workstation.

The backdoor is a standalone dynamic link library that's able to install itself and interact with Outlook and other email clients. It exfiltrates data through email, which means that it evades detection by many commonly used data loss prevention products. The stolen data is enclosed in a PDF container, which also looks unproblematic to many security solutions.

Researchers who've tracked this latest evolution of Turla warn, there's no command-and-control server that can be taken down - the malware can be completely controlled via email, the data exfiltration can look entirely legitimate, and the ways in which the campaign modifies standard functions make it a stealthy and tough-to-eradicate infection.

The purpose of this malware is monitor to all incoming and outgoing emails from infected systems and to gather info about the sender, recipient, subject, and attachment name (if any). That data is then organised into logs that are sent to Turla operators.

The Outlook backdoor also checks all incoming email for PDFs that might contain commands from the attackers. It will accept commands from ANY threat actor that is able to encode them in the right format in a PDF document.

If the email address to which the malware typically transmits stolen data is blocked, the hacker can recover control of the backdoor simply by sending a rogue PDF with a new C2 address.

Shopping Trends

Computer Culture Admin - Thursday, September 27, 2018
Hacked NZ Post commissioned Datamine to carry out some research into shopping trends. The results provide an interesting overview of the state of play of bricks and mortar versus online shopping, and New Zealand versus international spend:

•  51.2% of global web traffic originated from mobile devices, up from 48.3% in the corresponding previous quarter

•  33% of all online product spend goes overseas. When adding digital services like Netflix, this increases to 45%. (Figures exclude tourism, utilities, etc)

•  8% of overall retail spend is online. Forecast to rise to 17.5% by 2021. 

  • Year on year growth of online was 13% in 2017, outstripping bricks and mortar retail growth of 0.9%.

•  In the USA, 44% of their 9% online spend was on Amazon.

•  In China, 25% of all retail sales will be online this year.

Mandatory data breach law - what this means for your business

Computer Culture Admin - Wednesday, August 29, 2018
Changes to the Privacy Act could force NZ businesses to notify people when they have a data breach.

Currently in NZ, if a cyber-attacker steals personal information from a company, the company doesn't legally have to alert those people who are affected or even tell the Privacy Commission. But thankfully, new privacy laws that were introduced into Parliament in March 2018 could make this a thing of the past.

One of the main changes to the Privacy Act, currently with the select committee, is a mandatory data breach notification which will force public and private sector agencies to notify affected individuals, and the Privacy Commissioner, if they experience a 'data breach which poses a risk of harm'. Failure to do so, could result in a fine of up to $10,000. This would encourage businesses to increase security around data storing and sharing, and potentially obtain insurance specific to cyber-security risks.

How do I prevent or minimise data breaches?

As a business, there are several things you can do to help you stay one step ahead of cyber- crime, such as:

• Learn how to identify and deal with cyber-attacks – Make sure you're up-to-date with the latest ways on how to identify, prevent, and minimise data breaches.
• Educate employees - Teach your staff the most secure ways of data sharing and storing, and how to identify and deal with data breaches.
• Evaluate your technology – Check if your software and hardware can adequately identify and deal with data breaches in real time.
• Analyse your data security - Ensure that IT and printer software and security is comprehensive, up-to-date and monitored on a 24/7 basis.
• Minimise the amount of personal information you hold – This can be a tough one, especially when it comes to marketing databases, but if you can, try and decrease the personal data your organisation stores.
• Encrypt and anonymise personal data – When you can, encrypt or anonymise personal information.

Cyber Attackers are Targeting Kiwi Work Printers

Computer Culture Admin - Wednesday, August 29, 2018
In the hacker world, printers are now seen as a 'weak link' into any business network, making them one of the easiest entry points for an attack. Printer breaches now make up 16 per cent of all cyber-attacks and result in millions of dollars being lost by companies each year. 

The reality is, that most businesses overlook print security with many network-connected printers having no restrictions or not being securely locked down. This can be things such as not changing their password or failing to make the password complex enough, such as using 'admin'.

Company printers are not only accessed by people across the business, but they offer network access, providing greater opportunities for attackers to compromise the device and, therefore the entire network. Hard drives, operating systems, memory storage and access to the internet are also factors that make printers vulnerable. What makes it worse, is that work printers are generally never switched off which offers hackers 24/7 access, meaning they are vulnerable all the time.

Technology advances have meant that hackers can use any free open source tool to upload malwares to printers these days, making it easy to get their foot in the door.

What can attackers do once they've hacked into your printer?
Once hackers are into your printer, there are so many different things they can do with access and information – they've not only got access to your network but also the files sent or printed.

The obvious one is they can see all information (sensitive or not) relating to your business and use this either for marketing purposes or use it against you (name and shame). They then use this information to make money in many ways, such as siphon from a bank account.

They can steal information or delete files. They can also stop you from getting access to certain things such as folders, or even your whole network, and companies can be forced to pay a ransom to get their access back.

How do you know if your work printers are exposed?
There are various ways to find out if you're exposed to thwart cyber-attacks, including educating employees on how to spot threats and what to do next. It's also important to check if you're exposed by having an expert check your printers.

Brands like HP do security assessments and can advise on your current infrastructure through their Print Security Advisory Service that is dedicated to helping companies defend themselves against cyber-attacks. HP have invested in building secure printer portfolios that are designed to detect and defend against cyber-attacks, some can even self-heal if they are breached. They can help you develop a print security plan, to help you address those risks and understand how to spot potential threats in the future.

Fortnite for Android Skips the Play Store, and that's a Huge Security Risk

Computer Culture Admin - Wednesday, August 29, 2018
Android gamers have been itching to get their hands on Fortnite ever since the game made the jump to iOS back in April. But the developer has now confirmed that to play it, they’ll have to go outside Google’s Play Store distribution service. 

The potential for unclear guidelines and abuse is unlimited. Malware and spyware developers have been posting fake Android downloads for “Fortnite” for months, even advertising them on YouTube. They’re hoping that gamers will throw away caution in order to install an unverified program, and open up their phone to data harvesting, ransomware attacks, cryptocurrency mining, and other unsavoury practices.

The games developer Epic Games, has boasted of Android users’ “freedom to install the software they choose,” and cautioned them to download only from trusted sources. That’s sage advice, but it’s advice that they are making it harder to follow.

If you’re a gamer looking to get your battle royale on via Android, and especially if you’re a parent whose kids are obsessed with the game, take extra care to make sure you don’t become a victim of Epic Games’ short-sighted lack of concern.

Information Technology Acronyms

Computer Culture Admin - Tuesday, July 17, 2018
The computer industry seems to have a disproportionate number of acronyms and to the lay person it must sound like we are talking a foreign language.

To help we have listed some of the common ones below:

 AD  Administrative Domain
 AMOLED          Active-Matrix Organis Light-Emitting Diode
 API  Application Programming Interface
 CERT  Computer Emergency Response Team 
 DHCP  Dynamic Host Configuration Protocol
 DoS  Denial of Service
 HDD  Hard Disk Drive
 HDMI  High-Definition Multimedia Interface
 GUI  Graphical User Interface
 LAN  Local Area Network
 NAS  Network-Attached Storage
 OS  Operating System
 PCI  Peripheral Component Interconnect
 PCIe  PCI Express
 PoE  Power over Ethernet
 PPP  Point-to-Point Protocol
 PPPoE  PPP over Ethernet
 RAID  Redundant Array of Independent Disks
 SATA  Serial ATA
 SSD  Solid State Drive
 TCP/IP  Transmission Control Protocol/Internet Protocol
 VoIP  Voice ofver Internet Protocol
 WLAN  Wireless Local Area Network

If you would like further punishment, follow this link:

Scam Phone Calls

Computer Culture Admin - Tuesday, July 17, 2018
Virus phone scam being run from call centres in India

The scam always starts the same way: the phone rings at someone's home, and the caller – usually with an Indian accent – asks for the householder, quoting their name and address before saying "I'm calling for Microsoft. We've had a report from your internet service provider of serious virus problems from your computer."

Dire forecasts are made that if the problem is not solved, the computer will become unusable.

The puzzled owner is then directed to their computer and asked to open a program called "Windows Event Viewer". Its contents are, to the average user, worrying: they look like a long list of errors, some labelled "critical". "Yes, that's it," says the caller. "Now let me guide you through the steps to fixing it."

The computer owner is directed to a website and told to download a program that hands over remote control of the computer, and the caller "installs" various "fixes" for the problem. And then it's time to pay a fee: £185 for a "subscription" to the "preventative service".

The only catch: there was never anything wrong with the computer, the caller is not working for Microsoft or the internet service provider, and the owner has given a complete stranger access to every piece of data on their machine.This scam has been going on quietly since 2008 but has abruptly grown in scale this year, is being run from call centres based in Kolkata, by teams believed to have access to sales databases from computer and software companies.Often, the victims are inexperienced or elderly, convinced by the apparent authority of the callers and the worrying contents of the Event Viewer. In fact, such "errors" are not indicative of any problems.

Microsoft denies any connection with the companies that call people up offering these services.

When The Guardian newspaper in the UK contacted Microsoft about these scams, Microsoft said it was "currently investigating a series of instances in which the business practices of an organisation within the Microsoft Partner Network [that] have given rise to significant concerns from a number of sources. We take matters such as these extremely seriously and will take any action that is appropriate once our investigation is complete."

Back to Top