Tag Archives: Virus

Wabash Valley Cyber Security Report 2015

Mission: To determine the current level of cyber security in the Wabash Valley between Terre Haute and Vincennes Indiana.

So when I began planning to investigate the state of cyber security in the Wabash Valley I thought that a few small businesses may have an insecure wireless router and possibly a small town government office or two. To my astonishment that was not the case. As my investigation continued I found so many insecure wireless routers that I decided to make that my main focus for this report. This wireless survey was done with a simple drive-by wireless security scan using freely available tools on my android smartphone. This was a safe scan that simply listed broadcasting WIFI routers. It does not connect to or hack into them. I drove from Terre Haute to Vincennes Indiana and found multiple businesses in each of the following categories and even some government offices that had old easily hackable wireless encryption settings. Actual locations will not be disclosed for obvious reasons.

Insurance Agencies

Law Offices

Certified Public Accountants (CPA’s)

Medical Clinics

Wealth Management Offices

Dentist Offices

City/County Government Offices

Probation Offices

Tax Advisors

Chiropractors

Fire Departments

Ambulance Services

Pharmacies

Newspaper Offices

New Car Dealerships

Technology Support Companies

And the list goes on…

So what? What’s the big deal?

Identity theft. That’s the big deal. Personally Identifiable Information exposed. Your customers bank accounts drained and their credit destroyed. And that is only one of the ‘big deals’. Consider company secrets, client lists, manipulated data, deleted data, even YOUR identity.

How are these businesses vulnerable? What is it about their wireless routers that leaves them exposed?

In a nutshell, not keeping pace with current cyber security best practices and ignoring the threats that we don’t see. Technically speaking, those routers are using old forms of encryption. Those old encryption algorithms have been easily hackable for years. Then there is WPS (WIFI Protected Setup). About half of all off the shelf wireless routers that have WPS enabled are also hackable. Some may take longer than others but the end result is the same. All of the business categories I listed above were using old encryption algorithms. Simple to hack. The list would be much longer if I included those using newer much more secure encryption – yet still have WPS enabled. Here is a link to a short article I wrote earlier about dealing with WPS: https://npgcomputers.com/how-to-keep-your-data-safe-from-wireless-hackers/

The results from approaching several of these businesses to let them know of the dangerous situation is equally stunning. Of the ten businesses and government offices that I spoke with in person, none of them had any idea of the problem. What’s more is few made any changes to secure their wireless routers. Many of them said they would correct it or knew of the issue and were in the process of securing them. I checked a few days later. No change. Maybe the person(s) in charge of those routers simply don’t understand the issue or choose to ignore it. At your peril.

Another disturbing fact to consider: since they are using a form of wireless encryption that has been easily hackable for years, how many have been hacked already and don’t even know it? How long has a black hat hacker been stealing customer information – your personal information and using it for nefarious purposes? Thieves don’t leave their calling card and say “Hey I broke in and stole your data”. They want to keep the dirty deed a secret so they can come back later and do it all over again.

Let’s suppose that the data at risk is nothing of value and no personal information is accessible. As a business owner, what is the value of customer perception? If the public were to become aware of your lax security practices how might that affect your bottom line? Security breaches are detrimental to any business. And not just the immediate financial costs. A tarnished reputation is hard to overcome. Regaining customer trust is certainly tough once personal information has been compromised.

Ok. As a small business owner myself, I know it’s hard to stay on top of all the latest technological changes and cyber security issues. Who has time, right? Most small business owners believe they are not a target because maybe they don’t have many valuable assets, but what that really means is they are easy targets since network security is probably not on the daily priority list.

If I can find out this level of information from simply driving by, then what other more in depth private information could the serious hackers already have?

Quoted from and article on Examiner.com:

…Wireless computer hacking of identity theft and payroll thefts totalling more than $3 million dollars in Seattle has landed the last defendant in federal prison.

Joshuah Allen Witt, 35, was found guilty with two other defendants for hacking into 50 businesses software using a wi-fi receiver that detects business wireless networks. They hacked into the security codes and accessed company computers, according to the Seattle Times online edition.

Termed “wardriving”, the defendants used a device that picked up wireless transmissions and were able to crack security codes that they had in a car. The defendant’s also broke into businesses to install malware on company computers.

Witt was sentenced to eight years on charges “that included conspiracy, aggravated identity theft and access-device fraud”, according to the Seattle Times report. Also reported was that the U.S. Secret Service’s Electronic Crimes Task Force broke the case after 2-1/2 years.

Wireless hacking has been going on for years. Not only do criminals use “wardriving” methods while driving around in cars with wi-fi hacking technology, but utilize “warparking”, another term to describe someone with laptop sitting in a car of a parking lot or street curb.” – http://www.examiner.com/article/wi-fi-hacking-seattle-cost-businesses-3-million

How many readers have the same password for almost everything? Exactly. Let’s assume the business is secure, what about the owners wireless router at home? A dedicated hacker could simply hack the home router waiting for a password to be captured. Once done, your world is his.

* Image excerpt from: http://mercatus.org/publication/information-sharing-no-panacea-american-cybersecurity-challenges

What about hospitals, medical clinics and the devices they use? They must be really secure, right?

Quoting a report posted on Kim Komando’s website concerning health care security:

…That sounds like a terrible movie plot. But, sadly, it’s a reality. We’ve been telling you that hospitals and all that lifesaving medical equipment they use, like pacemakers for your heart and blood gas analyzers (BPA), are vulnerable to hacker attacks. But, even we couldn’t guess how bad it really is.

Hospitals and their network-connected devices are so poorly protected that, in July, the Food and Drug Administration issued its first-ever cybersecurity advisory about a medical device.

Specifically, the Hospira Symbiq infusion pump, because it’s vulnerable to unauthorized users controlling the device. In other words, hacking it. It’s “precedent setting,” according to the FDA’s Center for Devices and Radiological Health…” – http://www.komando.com/happening-now/334445/hospitals-are-tragically-open-to-hacking

This report mostly covers the easy low hanging fruit that any hacker can pick from right outside your business. For example, once the router password is hacked the perpetrator can modify the router settings and redirect your internet browsing to malicious sites that try to install malware of all sorts on the computers including the infamous CryptoLocker Ransomware virus that holds your data hostage until you pay the ransom fee. Many other more complex, in depth wireless hacks exist and defeating them requires vigilance. More on these in the next report.

Malware is actually the most common threat I find on client computers. When I say most common, I mean 90% of every single computer I cleanup! But you have an antivirus like Norton or McAfee, so your safe right? Probably not. Most of those 90% that I check have Norton or McAfee – AND have multiple forms of malware / spyware / trojans / viruses that haven’t been caught. Some of that malware is just advertising junk. But some of it designed to steal your usernames, email addresses and passwords – or secretly give a hacker remote access into your computer. These threats can be even more dangerous than insecure wireless routers since it doesn’t require a hacker to be anywhere near your computer or business. Just clicking on the wrong email attachment or website link can infect your computer. These malware programs lay in wait, then capture your data and send it off to hackers unknown anywhere in the world. If you want to spend some time checking your own computers, I wrote an article outlining many of the in-depth steps used every day to detect and remove the sneakiest malware: https://npgcomputers.com/malware-removal-secrets-revealed-page-1/

So far we’ve only discussed business and government cyber security. There are far more home wireless routers that are using the same insecure wireless settings and have untold amounts of malware doing dubious things with sensitive personal data.

So what are some solutions?

For wireless, you can make things a little more difficult for the casual hacker by:

  • Enabling Proper Wireless Encryption
  • Disabling WPS
  • Making the SSID’s hidden
  • Changing the SSID’s
  • Using strong complex passwords
  • Changing the default admin password on the router
  • Educating employees about wireless hacker methods
  • Engaging a 24×7 cyber security remote monitoring service to keep an eye on router and computer security logs and alerts, and keep everything updated.

For malware:

  • Keeping Windows, Flash and Java patched and updated. That plugs many security holes.
  • NEVER run your machine as an administrator. Set up a standard user account and make it prompt you when it needs administrator privileges. This will keep you from getting infected by MANY malicious websites.
  • Having your computers put through an in-depth scan every 6 months by experts in malware detection and removal. Today’s malware is very invasive and requires advanced techniques to thoroughly find and remove.
  • Engaging a remote security monitoring company that can keep an eye on new infections in real time, taking action as needed.

For web based email, Facebook, Twitter and other online accounts:

  • Be sure to enable 2 step authentication. This really puts a dent in a hackers ability to take over your online accounts.
  • Use complex passwords.
  • Don’t use an open hotspot to check the accounts. Open hotspots make it much easier for hackers to listen in and capture passwords.
  • Use different passwords for each account.

These are just a few of the things needed to increase your protection level against so many ever present cyber threats. The list is long and ever evolving as the technology changes and hackers develop new ways to steal.

I hope this report sheds some light on many of the current cyber security issues that threaten our livelihood and how to deal with them. Do you have a security incident that has affected you or your company? If you can share it with us we will remove the confidential details and include it in our next article. It might prove very insightful to others. Send me an email at david@npgcomputers.com.

In the next cyber security article we’ll talk about:

  • The dangerous Evil Twin router
  • The infamous CryptoLocker ransomware
  • Phishing Attacks that con you into divulging private information
  • Keyloggers that steal passwords
  • How your company website may not be secure
  • Smartphones – Protecting them from Malware
  • And a recommended list of security minded, high performance wireless routers

Do you have concerns about your companies state of cyber security? Our security team helps organizations small and large stay safe from today’s nastiest hackers and avoid disaster.

What we do:

  • Make your Wireless Routers more secure
  • Cleanup and Secure Malware Infected Computers
  • Reduce the installation rate of new Malware threats
  • Provide a “2nd Set Of Security Eyes” to compliment your I.T. department
  • Train your employees to spot potential security issues
  • Perform external and internal penetration testing to search for new and unknown ways that Hackers/Data thieves might get into your network – then secure them and lock the door.
  • Work daily on the digital front line protecting clients from new threats, malware and data thieves

Questions or concerns? Contact me anytime:

Email: david@npgcomputers.com

Connect with me on LinkedIn: www.linkedin.com/in/daviddubree

Follow me on Twitter: @daviddubree

NPG Computers – Find us on Facebook and Twitter

Malware Removal Secrets Revealed – Page 1

If you’re like me you want to know all the FREE ways to make things work better BEFORE paying anyone to fix it, right?  Well now I want to share the best FREE tools AND correct processes I’ve found and have used for years to get the job done when removing viruses / malware and cleaning up customers computers, whether it’s a Windows laptop, tower, desktop or tablet.

Most Windows computers require 10 to 12 steps to PROPERLY clean them up. Anyone who claims to be a guru and can clean your computer up in a few minutes or even an hour probably has limited experience and knowledge in virus removal and protection. Proper cleanup means using ALL of the proper tools. Today’s viruses / malware / spyware / trojans are VERY sneaky and VERY good at hiding. A few minutes WILL NOT get the job done right.

By the way, 90% of every computer I have ever checked has some form of malware on it. So just because you don’t see any popups or your Anti-Virus says everything is good doesn’t mean your computer is not infected. Chances are it is.

Anyone can have tools to fix anything. But knowing how and when to use those tools separates the pros from the wannabe’s.

I suggest using a known clean thumb drive (flash drive) to download the tools on from a clean computer before starting the virus / malware removal process.

So I’ll start with the first tool I use on everyone’s computer as soon as they bring it in. It’s called RKILL. This tool will TRY to stop ANY bad process / virus that is already running. It won’t remove it, but by stopping the process / virus it’s MUCH easier to run the other tools that will actually remove it from your computer. You can download RKILL from bleepingcomputer.com. Just do a Google search like ‘RKILL Bleepingcomputer‘. It is usually the first or second result. ONLY click on the Blue ‘Download Now’ button. Sometimes there will be an Ad with a green download button, but it is only an Ad for something else. Fair warning.

To begin with, booting the computer into Safemode is highly recommended – if the virus will allow it. So how do you do that? The trick(for Windows XP thru 7) is to press F8 at the right time a few seconds after turning on the computer. It can take some practice for the first timer. So power up and start pressing F8 continuously. It may beep at you as the keyboard buffer fills up, but that’s OK. Soon you should see a text menu come up with several choices. Choose ‘Safemode With Networking’ and press Enter.  For Windows 8 or 10 use this link:  Windows 8 & 10 Safe Mode.   The computer will boot but all the icons will look big and maybe out of place. That’s OK. Now plug in your thumbdrive with the downloaded tools and give it a few seconds to recognize it and assign a drive letter to it. Click on ‘Computer’ or ‘My Computer’ depending your version of Windows. Two or more drive letters will be listed. One of those should be your system drive (usually C:) and one should be the thumbdrive (could be F: or any other letter). Double click on the thumbdrive to open it and display the tools you downloaded.

Once the files are displayed, right click on RKILL and choose ‘Run as Administrator’. If that is not an option then just choose ‘Open’. Click yes on any Windows security prompts that come up and allow it to continue. RKILL can take anywhere from a minute to twenty minutes or more to complete depending on how old the computer is and how badly infected it is. Once complete it will open a Log file to show you the results.

If RKILL completes and presents the log file (sometimes the log file is partially hidden behind some other window), then your ready to run the next tool – RogueKiller. We’ll discuss Step 2 in the next ‘How To’ post – Page 2.

If you have any questions feel free to comment on this post and I will do my best to help you out. Thanks!

We’re at 22 N. Main St. in Sullivan, IN. 812-268-0656. Just north of the courthouse square. Or email me: d a v i d  at  npgcomputers  d o t com.

Malware Removal Secrets Revealed – Page 2

Now that you have went through this initial process, the rest of the tools will be a piece of cake so I won’t bore you with the exact how-to’s. Just keep in mind that for many of the tools listed you may have to manually add a check to some of the ‘issues’ or malware they find, then click Remove (or Delete, etc.).

So here is the list, in order, of the required tools you should download and then Run as Administrator in SafeMode. Most if not all can be found on bleepingcomputer.com:

Rkill
RogueKiller (Check all tabs and select everything)
TDSSKiller
MBAR (MalwareBytes Anti-Rootkit)
ADWCleaner (allow it to reboot normally, then reboot into Safemode)
JRT (always reboot normally, then reboot into safemode after it runs)  No longer applicable
MBAM (MalwareBytes Anti-Malware)
ComboFix (only for XP, Vista and 7)
WISE Registry Cleaner (Choose fix everything that it finds)

Then open a command prompt as administrator and run ‘SFC / Scannow‘.
Then run Windows Update. Install all updates.
Open each internet browser (Internet Explorer, Chrome, Firefox, etc.) and check for any odd add-ons or extensions. Check the default home page. Check for odd search providers.

Now open Control Panel and go to Add/Remove Programs or Programs and Features depending on your version of windows. Scroll through the list of installed programs and check for anything that looks like a coupon/ad/bargain type of program. Most of those are garbage and most will get removed by ADWCleaner or JRT, but not always.

Once that is done, run ADWCleaner again.

Now check your Anti-Virus. Is it expired? If so uninstall it and download MalwareBytes Free Trial Avast Free Antivirus from avast.com or AVG Free Antivirus at avg.com. Now run a complete scan.

Open each web browser again and enable the antivirus extension when it asks you.

You should be good to go unless it’s royally fouled up. There are so many other issues that can come up it would be impractical to try and cover them all here. But the majority of malware/virus issues can be resolved by taking the steps outlined in this article.

Well, there it is. The skinny on a proper cleanup using nothing but freely available tools and your own blood, sweat and tears.

If you have any questions feel free to comment on this post and I will do my best to help you out. You can also reach me by email at: d a v i d  at  npgcomputers  d o t com. Have a great day!