MailGuard has released a fantastic guide titled '4 Mind Games Cybercriminals Play In Email Scams'. This article explains how cybercriminals use sophisticated techniques to trick people, demonstrating how even cyber-savvy employees can fall for fake emails, revealing sensitive information or transferring huge amounts of cash.
Many of the online security breaches we have investigated over the last 12 months raise doubts about the integrity of the username and password used to secure access to an email account or remote access portal...
Because SSDs are designed to automatically overwrite unused disk space, some key artefacts relied upon in forensic investigations are deleted and automatically overwritten. This means that employers need to act quickly if they suspect departing employees may be stealing data or intellectual property. If you don’t move fast, key evidence could be deleted or compromised.
Cloud-based Office 365 has become one of the most common email platforms for small to mid-sized businesses — we see it every day. However, while Office 365 is a great option for businesses that don't want the responsibility of managing in-house email servers, it can also create a significant security risk to the business if it is implemented without appropriate security measures.
Recently, the Forensic IT team was called out to assist two businesses that were the victims of fraudulent transactions totalling several million dollars.
Through our investigations we uncovered evidence that the computer networks of these companies had been compromised through malware which compromised their financial systems and allowed fraudulent transactions.
Forensic Chatter - Don't be taken to the CCleaners!
This week we came across a statement from the owner of CCleaner (Piriform) admitting a recent version of the software had unknowingly been released loaded with malware with the potential to create a dangerous security breach.
Forensic Chatter - Mandatory Data Breach Reporting
In February next year, new legislation will come into effect requiring organisations to constantly monitor their systems for security breaches involving access, loss or disclosure of personal information. Called the Privacy Amendment (Notifiable Data Breaches) Act 2017, it will place responsibility on organisations to detect, investigate and report on any data breaches.
The Australian Signals Directorate (ASD) has released a guide to IT security titled ‘ASD’s Strategies to Mitigate Cyber Security Incidents’ publication. The guide which includes the “Essential Eight” is aimed at assisting organisations mitigate cyber security incidents caused by various cyber threats. Even though the guide is aimed at Government organisations, it is useful reading for all small – medium business.
With cybercrime costing Australian businesses upwards of $1 billion annually, Mailguard have published an interesting article that examines the key areas to consider when preparing your business to defend against online threats.
Mobile phones and tablets have the potential to carry a wealth of information and during investigations we are often asked what can be recovered from them. On many occasions the focus is on recovering deleted text messages.
Copying data from a mobile device is commonly referred to as an 'extraction' and there are different types of extractions available based on the make, model and operating system of the device.
Today, the biggest threat to business IT systems and data is malware; malicious software used to disrupt or shutdown computers, steal sensitive information or gain access or control of corporate networks.
Increasingly, we are being called in to help businesses that have been compromised by the inadvertent launching of hidden malware attached to innocent-looking emails
Australian Small to Medium Businesses Hit Hard By Cyberattacks
One in five Australian small and medium-sized businesses have been hit with a cyber-attack and 2016 saw an increase in Phishing scams and ransomware attacks.
Norton’s recent cyber security survey has found that many Australian SMBs are still ill-equipped or unwilling to assess and proactively secure their devices and data to minimise the threat and effect of cyber-attacks. Ransomware is still ‘King’ and the Aussie mantra of “She’ll be right mate – it can’t happen to me” seems to be a good reflection of many small business’ approach to cyber security.
The survey also found that a quarter of small businesses have no Internet security solution and that the Backup and recovery capability of many is very poor.
One of the most common forensic investigations we conduct often follows the departure of employees who say they have resigned and moved on to a 'new opportunity' or 'just to have a break'. Even though the employee states that leaving has nothing to do with moving to a competitor or starting their own business, the truth emerges some months later.
While Cellebrite stated that the data that had been stolen was only "basic contact information" it now appears that it contained much more including possible source code for the UFED mobile device used globally for analysis of mobile phones.
Forensic Chatter - Discovering Email in 'The Cloud'
With many businesses migrating their email to Microsoft's Office 365 'in the Cloud' the task of collecting email for the purpose of discovery or investigation is becoming more time consuming than ever before.
Since the Census website was brought down on 9 August (either by DDoS attack or system failure from unexpected real Census traffic) there has been a flood of speculation as to whether the website was properly designed knowing that it was going to be subject to global attention.
One of the main motivations for a system compromise is notoriety so it's not a quantum leap to understand that the Census would attract a lot of attention. This article from News.com.au provides a great overview of the fallout from the Census website.
FIN4 Hacking Group targets Firms for Stock Market Profit
FIN4 Hacking Group targets Firms for Stock Market Profit
A group of malicious hackers are using well-crafted spearphishing emails to target the email accounts of executives with access to confidential information.The group dubbed FIN4, has been operating since 2013 and is focused on gathering non-public information about merger and acquisition deals.FIN4 does not infect victim systems with malware. Their approach is to try and acquire the usernames and passwords of their targets in order to view confidential email correspondence.
Researchers from FireEye have published this flyer on the workings of FIN4.
An internal investigation by TeamViewer was launched last month after multiple complaints from users that their accounts had been accessed by “..criminals who used their highly privileged position to drain PayPal and bank accounts”.
TeamViewer have acknowledged that the number of account takeovers has been significant but claims that they have occurred because of compromises of other services such as LinkedIn and MySpace as well as the use of simple passwords.
TeamViewer users should activate Two Factor Authentication as a strengthened position against password compromise.
Following a breach of LinkedIn systems in 2012 where more than 6 million encrypted user passwords were exposed, LinkedIn has now revealed that the compromise has possibly affected more than 117 million user accounts. This follows a LinkedIn database of user account details including passwords being offered for sale online.