Security

Malware & Ransomware Everywhere: What The Hack?!

If you’re stumbling across this post, you’ve likely been researching the latest events to hit the digital world, ransomware. Namely the WannaCry and the Petya ransomware attacks. I’ll spare the fluff and get into the meat. We thought it would be good to craft an article to help educated our clients and teams on what these threats really are. Although these types of attacks don’t directly impact search platforms, they have ramifications that impact several systems that are all interconnected; from healthcare to banks and financial institutions. As the term “ransomware” implies, these attacks encrypt vital systems and computer data to prevent users from accessing the information. The only remedy is to pay for the system to be decrypted by the same party that encrypted the computer or wipe the system clean. According to many cybersecurity experts, these malware attacks are only the beginning of a growing trend that proactive measures can help stem. How Did This Happen? Malware, ransomware, oh my! They all have the same mission, disrupt with the goal of generating funds to illicit individuals using their computer talents for ‘evil.’ As no one knows what they are really doing with the funds these efforts generate, we can only assume they are up to nefarious no-good with the ransoms or bot network generated revenue. With WannaCry and Petya, the vulnerabilities were identified in Microsoft and Microsoft Office operations. WannaCry (also known as Wanna Decrypt0r) leveraged an operating system vulnerability in outdated versions of the Microsoft operating system, including Windows XP, Windows 8, and Windows Server 2003 (ref. Fortified Health Security). And, although Microsoft had put a patch out for the vulnerability, some major organizations, such as the National Health Service, neglected to update, and were hit on May 12th. Petya (also known as Goldeneye and Petwrap) struck the European and Russian areas early today, quickly spreading through systems of networks worldwide, even as far as Australia. With Petya, the system made use of a Microsoft Office vulnerability (again, patched earlier this year CVE-2017-0199) and once it found it’s in, it altered the Master Boot Record. What made this ransomware even more dangerous is it’s ability to use the data on a networked computer to log into other networked computers and propagate further. Where Did These Infections Come From?! No one knows just yet. However, based on the code architecture and the way both of these malware attacks operate, it is known that they are built from knowledge gained from the National Security Agency leak of cyber tools. The NSA connection is based on programmed vulnerability, an exploit called EternalBlue, that would give the agency access to systems using the compromised programming. Worser still, there could be other programs waiting in the wings or mining data right now… (ref. The Verge). The Wrapper If you’ve been impacted, nothing less than a full factory restart will do. Having regular and secure offline backups is always a good plan. There are several methods for performing backups online as well. For enterprises, there are several resources focused on preventing and being proactive, offering do’s and don’ts with malware/ransomware. The best thing to do is either get a Mac or make sure your computers are updated regularly. Sh!+ will inevitably hit the fan, it’s unpreventable. Being prepared is always step zero. Backing up is step one....

Read More

Getting Hacked: A Cautionary Tale

If you’ve been in the IT industry for a few years, then you’ve had the wonderful experience of dealing with hackers. Whether it’s a small, simple hack into your theme to mess with your links to a larger infiltration to takeover your website, hacks are a common occurrence and one every website faces. ChocolateSEO is no different. Although we’ve been safe since our inception in 2012, our strong run was marred recently by a mid-level hack that crashed our hosting and lead to the hackers being able to verify ownership of C.SEO in Google Search Console. There are different types of attacks, Denial of Service (DoS), PHP injection,  brute force, and many others. For us, the attack started with a PHP injection following brute force attacks on our login screen. The goal was to erase any existing content, setup aliases to spam URLs using “chocolateseo.com” and submit a faulty sitemap to Google using the ChocolateSEO’s Google Search Console account. The “fake” sitemap contained over 1,000 spam URLs and was very well formatted. Real slick there smooth… By having the GSC setup properly, we were alerted immediately that someone had been verified as an owner of the account (using an HTML file). As no one else was recently added to the staff, this was a very red flag. Not to mention the email, ful56675@gmail.com, being unfamiliar to the team. However, scouring the site, we couldn’t find any files matching the HTML file used to verify this gmail address. Once we finished chatting with the hosting company and pulling server logs, changing all MySQL and website passwords; our co-founder, Savannah, was able to locate this wonderful little code in our blog header PHP file. In short, this cool but evil little code generates a page dynamically to match any verification page Google may request. The dark side of PHP… Now, the issue was that when we evaluated files, the modification dates on the files hadn’t been changed recently, so our first scans missed this change in our core file. After consulting sites like, SecurityWeek and Sucuri, we needed a solution that would check the website (and our clients’ sites) against the known repository versus checking the last modification dates. The solution we chose was WordFence based on the recommendations of a few good friends of C.SEO. The Wrapper Everyone knows that WP and PHP have their weak points, but offer a lot of great functionality. Eventually, we all hit snags like this. Being prepared and having some type of prevention are always a necessity in the IT world. For most websites, high-level encryption, RSA tokens, and secondary-verification may be a bit of overkill. But, having strong passwords, regular backups, file version controls, and programs that block login page attacks are all easy ways to avoid issues like the one we faced this past week. And to the blackhaters… use your powers for good. Not sure if they are really based in China, but according to Whois, they are, and they are just trying to make a yen–but there are better ways to do that then attacking little guys trying to make an honest...

Read More

Privacy Policies and Marketing

Working with lawyers and their clients, as I do with my current employer, means that we are required to use very ‘clear’ terms and language when publishing content. In the course of our work as an organization, we have to inform visitors to our lawyer websites of a number of terms & conditions, disclaimers, and policies. From the user’s point of view, this may seem cumbersome or text heavy, but it is necessary to protect them and our clients, the lawyers. The local courts and Bar Associations provide much of the regulations we and our lawyer clients follow. From our perspective as the marketing agency, we have a responsibility to provide users with accurate, credible information as it pertains to certain case types and litigation. When we produce content, it is often heavily cite filled with a number of clear guidelines for its usage. As for the language of the content itself, lawyers and their representatives have to communicate in very explicit ways – something as simple as using the words ‘car accident’ versus ‘automotive accident’ can carry a very different meaning depending on the context, so we have to follow a number of policies in writing content. As we collect case information and new clients, the information coming in is verified and disclosures have to be signed or consented to. In our policies, the information we collect goes through several layers of critics as we gather case information. Once it is verified, we give it to the lawyers to handle. But before we do anything for our clients, we have a five step process that happens internally that includes physical security validation and legal review. Primarily, we are effected by trademark, copyright, and legal regulations that govern how we communicate information to users. With each lawyer we market for, we have to identify any local, state, and federal laws that affect they way we portray them. For instance, some states require lawyers to us specific titles or designations when displaying their practice names, while others do not. There are a lot of memberships that help lawyers land new cases or show themselves as credible, many of these like the American Bar Association and National Association of Criminal Defense Lawyers have rules that members have to follow if they want to carry special...

Read More

Internet Privacy

The article, Privacy on the Internet: Issues and implications, offers a great statement from The Code of Canon Law when it states, “Information does not simply occur; it has to be sought.” Referring back to early articles and courses, there is a point at which raw data and details become information, then there is a transition from information into knowledge. This is why, in this learner’s opinion, information security and privacy are so important; with the smallest private details, malicious individuals or groups can wreck havoc. Individuals uninitiated to the risks the exist in the current technological climate may take online security for granted. Many individuals in society nowadays understand the dangers that are ever present because: 1) they have experienced some type of threat, exploit, invasion of privacy, or fraud 2) have had training or education concerning the dangers of the Internet age. Deeper in the article by Nguyen, talks about things such as dataveillance, data gathering, cookies and Internet privacy. For younger members of the household, there are a number of free services that can entice these users into sharing ‘little’ details or visiting seemingly safe websites that can install threats onto a home computer. Unbeknownst to an adult user, these threats may gather or watch for opportunities to steal very sensitive details as users enter information on websites. For this reason, it is necessary to have proper protections installed in the way of antivirus programs, authentication, restriction and website filters for not only younger users but overall. Nguyen, F. (2007). Privacy on the Internet: Issues and implications. Philippine Canonical Forum, 9,...

Read More

WEP and WPA

Clutterbuck, Rowlands, and Seamons offer a number of confidentiality ideas for improving data security on wireless local area networks (WLANs). Small to medium enterprises (SMEs) use WLANs as a means to for deployment of new assets and to communicate with the employees that are roaming. As with any wireless technology, there are a number of vulnerabilities intrinsic with the service. Wireless systems rely heavily on the IEEE standards as a means for handing data and with the standard comes a built-in solution for security known as wired equivalent privacy (WEP). WEP is a simple way for deploying a shared method of authentication. But obviously this may cause issues as the WEP key is shared with users. Another form of protection with Wi-Fi Protected Access (WPA) has a higher level of security but was closely similar to WEP. The authors also discuss a number of additional link-layer encryption one being Temporal Key Integrity Protocol (TKIP) and the other is CBC-MAC Protocol (CCMP). In the technical design of the network, the wireless security is only as strong as the wires and system it runs along. It is recommended to use HTTP security as a redundant method for protecting the data as it runs through the network. Clutterbuck, P., Rowlands, T., & Seamons, O. (2007). Auditing the data confidentiality of wireless local area networks. Electronic Journal of Information Systems Evaluation, 10(1),...

Read More

Mobile Devices and Security

Mobile devices offer a very unique situation for handling information security. As a relatively new technology, it is one of the leading edge technologies that is in its adolescence; not yet aged and mature with proper security metrics in place but not so young to be bleeding edge or unregulated. As the article by Friedman and Hoffman explains, there are a number of threats facing mobile devices, but little oversight and even less funding being contributed to develop clear user policies and enforcement measures. Primarily, the authors focus on defining the risks facing mobile devices, such as iPads, Pocket PCs, and smart phones, but they also discuss how a mobile device may be simply a carrier of a virus or malicious code that seeks to infect a laptop or desktop computer using the sync function common on most smart devices. To truly defend against the threats facing mobile devices and the systems they are often linked to, the Friedman and Hoffman suggest an in depth approach to information security. By layering user policies, security protocols, hardware security, and personal firewalls. Combining these different security structures into one architecture allow user level security measures to prevent malware from making it into the central network but, when implemented properly, can make users aware of situations that can create unsafe conditions anywhere. Most users are not aware of the threats facing them in the use of smart devices, mainly because businesses underestimate the threats these devices...

Read More