CyberCrime: Attack Prevention and Post-Exploitation Security
Recently; Insinia began investigating the TalkTalk hack involving what appears to be a number of teenage actors. At the time of writing this post (20:47 30/10/2015) all operators arrested have been under 18 years of age. Early reports are indicating that the vulnerability exploited was a simple SQL injection attack. This type of attack can be used to "dump" large amounts of database entries to a hacker. During our investigation we made contact with a seller on the Dark Web who was purporting to sell leaked TalkTalk data from the recent cyber attack. We were able to source a sample of five files, which we confirmed as TalkTalk customers. We immediately contacted all affected parties to notify them of our findings and to give them advice on how to react to this data breach. Verified information provided by the seller on the Dark Web includes: -: Full name -: Date of birth -: Full address (inc. post code) -: Phone number -: E-mail address -: Bank sort code -: Bank account number -: Bank name -: Type of sim card -: Type of subscription So what can you do if you've been a victim of this or another cyber attack? Firstly; change all of your online passwords immediately. If you can then change your e-mail address too. You can read our guide to creating a secure password here: HOW TO CREATE A SECURE PASSWORD
Secondly; contact your bank and ask them to change your account number immediately. Your bank will want to take steps to protect you so they should not have an issue in changing your account number.
Thirdly; monitor your credit report. Companies such as Experian and Equifax will notify you of suspicious activity, searches or new accounts on your credit file if you're signed up with them.
If practicable - change your phone number. Also endeavour to change as much of your leaked personal information as possible - the more you can change the better. Contact TalkTalk and advise them that you are one of the affected parties who has had your data leaked - we have notified TalkTalk of our investigation but they may still be unaware that your account has been breached. What else can I do to stay safe online?
There's a number of other tools and techniques that you can use to stay safe online. Disposable E-Mail Disposable e-mail is exactly as the name would suggest. When you sign up to a service then you use your temporary e-mail "mask". For example; if you're signing up to Amazon then you would sign up with YourNameAmazon@DisposableMailProvider.com. This means that your Amazon account sends all correspondance to your disposable address, which in turn automatically forwards that information to you. So how is this beneficial? If Amazon were to be hacked and you start getting spam / attacks from your disposable e-mail address (which is forwarding this spam to you automatically, thus notifying you), then simply dispose of your disposable mail and notify Amazon that they've been hacked. It completely protects your actual e-mail address in a couple of simple (and free) steps. Virtual Private Networks Using a VPN is a good way to secure your internet traffic. Rather than creating an unsecure connection to various parts of the internet; a VPN initiates a secure, encrypted tunnel between your computer and a VPN server. The VPN server then handles all requests and provides an "additional hop" between you and any nefarious activity. It also means that any data stream (including password etc) is sent "through the wire" securely, in an encrypted manner, making Man in the Middle attacks far more difficult for a would-be attacker. The illustration below shows an example of a VPN tunnel.
Password Managers I don't personally use a password manager, but a lot of people do and I wouldn't advise against it. It is however worth baring in mind that there's an element of risk with any central storage system for passwords. You must treat access to your "password vault" as a matter of high security. Digital Trends have done a nice article on the Top 5 Password Managers here: GUIDE TO TO THE TOP 5 PASSWORD MANAGERS
Two Factor Authentication If you didn't read about it in our Password Guide; Two Factor (Form) Authentication (TFA, 2FA) is a way of adding an additional layer of security to your accounts. Rather than just requiring a password; TFA requires a password and verification from an external, physical device. For example; when you log in to Google you would enter your e-mail and password as usual, but on the next page you'll be presented with a form to enter a code which is text to your mobile phone. This therefore means that any would be attacker would need your e-mail address, your password and access to your physical device to log in to a comprimised account. As long as your phone's in your pocket; you're relaitvely safe. You can also look at apps like Authy which automate elements of the Two Factor Authentication process.
Keep Software UPDATED! As soon as a security flaw, 0 day or other malicious action is discovered; there's usually a quick fix. These fixes are released as patches or updates, so make sure your computer is up to date and that you're downloading genuine updates from your operating system developer, not a malicious site! The update system of Microsoft and other software systems have all been known to be breached in the past. Use a good Anti-Virus All computers, servers, hosts etc all require good anti-virus. If you're not pro-active on port monitoring then it's probably best to go with a well known AV supplier. Symantec, Mcafee and AVG all have good reputations in the industry. But bare in mind that Anti-Virus software only usually stores the top 200 latest virus signatures, so they won't always be effective and don't always offer as much protection as they promise. Use a good Firewall / Switch / Router If you're really worried about external attacks then you can defend your home or office connection with a good physical firewall. By utilising something like a Netgear ProSafe FVS318G Firewall you provide an extra layer of security. The Netgear FVS318G uses Stateful Packet Inspection (SPI). Stateful Packet Inspection examines the entire content of incoming / outgoing data, not just the data packet header, providing more scrutanisation on all traffic to/from your network.
You can also use and configure switches to directly tap in to your network, and replacing your standard ISP router for something like an ASUS or Netgear router will innevitably provide better performance than your "out the box" mass produced ISP hardware. You can read a brilliant guide to the Top 10 Wireless Routers by PC Mag here: GUIDE TO TOP 10 WIRELESS ROUTERS
Don't open Unknown E-Mails or Attachments If you receive an e-mail from someone saying you've won a prize, you've got a long lost Uncle or you need to reset your banking password; chances are that someone's trying to "phish" for your information. General rule: If you're not expecting it; don't open it.
Hackers and scammers will distribute virus' and malicious software by sending out (sometimes highly targeted) mail shots to potential victims. These malicious e-mails could be pretending to be from a banking institute, Government agency, Solicitor or Doctor. By opening an e-mail you run the risk of activating a virus on your computer and providing hackers with further access. As a further defence - make sure you turn off all "auto-read" facilities on e-mail clients such as Outlook, Apple Mail etc. This function can sometimes auto-run a malicious virus that's made it through your spam / virus defences. Other Information:
Bare in mind that hackers and scammers will not just contact you under the guise of being from TalkTalk or other hacked organisations. You may get calls from people pretending to be BT, AOL, Banks etc. Every caller must be scrutinised and DO NOT confirm your details with ANYONE who you are suspicious of.
Barclays Bank have written a pretty comprehensive guide to scams and fraud techniques used by criminals. You can find it on the Barclays website here: FINANCIAL SCAMS AND HOW TO AVOID THEM If you're a victim of a cyber attack then don't feel like you're fighting this alone. Insinia are happy to give any advice to victims. Also TalkTalk, your bank, Experian and the Police can all help to advise you on the best steps on how to protect your identity and your accounts with them.