CALL US: 216-397-4080  | CLIENT HELP DESK: 216-539-3686

I Have a Code

I Have A Code

Riverbank Ruminations; Observations from The Banks of The Technology River

Tom Evans ~  Ashton Engineer Emeritus

 

No, I don’t have a ‘cold’ with a stuffy nose. I have a code for you.

…. – – .–. … —… -..-. -..-. …- . .-. -.– .-.-.- -… .- -.. .-.-.- ..- .-. .-.. / .–. .-.. . .- … . / -.-. .-.. .. -.-. -.- / — .

If you are not up on your morse code, the preceding decodes to “https://very.bad.url please click me”. What does morse code have to do with computer/network security? For this blog, nothing directly, but it is involved in a targeted phishing campaign described in some detail over at BleepingComputer.com.  In this particular attack, the bad guys encode some information via morse code, decode it on demand to generate the needed information for the attack, and then generate some very targeted phishing emails.

I am very often impressed by the amount of effort the bad guys expend to hide what they are doing. This is a testament to the effort put in by the good guys to detect the bad guys. The bad guys need to go to greater and greater lengths to get the malicious payload into your network. Of course, this assumes you understand the risks and are taking steps to protect yourself.

Ask Some Basic Questions

This particular attack also showed me that some basics can help mitigate the sophistication of an attack. For example, look at the sample email from this attack. If this is an example of what the victim saw, what should be the first question the victim asks? “Do we do business with anyone who would use a Russian email address?” Some companies might answer yes to that, especially in countries other than the US. If the answer is no, the recipient should know to delete the email with prejudice.

What happens if the company does get legitimate emails from Russian email addresses? The next question is: “Is this how we get invoices?” or “Do I handle invoices for my company?”. Chances are the answer to one of these questions is no.  Again, delete with prejudice.

I am a big fan of training users in the art of detecting phishing emails. Phishing will be a part of the daily business world for the foreseeable future. There are some attacks that even a savvy user will have trouble detecting. That is where network protection needs to come into play. Do you have your users set up with least privilege access rights? Does everyone know the policies and procedures, especially those involving financial transactions? Who can process invoices? Who can make payments? Who can authorize wire transfers? Does everyone know that the CEO will NEVER send an email asking someone to run out and purchase $2000 worth of gift cards and ask for the numbers to be emailed to them?

If You’re Connected To The Internet, You’re At Risk

While there are a lot of technical defenses that can be thrown up, the bottom line is your network needs to be connected to the internet, so you will be exposed. If data can go out, bad guys can come in. Avoiding a cyber attack of some sort is a bit like being one of the fish is in a school. There is safety in numbers (maybe they will get the other guy) but it is only a matter of time before you get attacked. In some ways, you need to protect your network like you protect your building from fire.

In many buildings, you will see ‘No Smoking’ or ‘This is a smoke-free building’. Look up and you will see sprinkler heads. At various places on the walls, you will see fire extinguishers. You may see fire alarm boxes on the wall that allow someone to signal that a fire has broken out and which will alert the fire department.

In the same way, you want to alert your users to the dangers of cyberattacks. Help them understand the consequences of carelessness. Make sure the network and all its components are up to date with the latest patches. Current anti-virus software will help. Intelligent configuration of firewalls is a must these days. Encourage users to report any unusual activity on the network, no matter how trivial. Many attacks are preceded by reconnaissance and testing. Your users are on the network all day, so they may be able to spot things that seem off. Have a defined plan in case of an incident. Who gets notified first? Who is responsible for what part of recovery? Who can you call to assist in recovery? Keep in mind that many small businesses go out of business after an incident.

Morse code can be used to hide malicious code. Javascript can be used to hide malicious code, even PowerShell can hide malicious code. What is not hidden is the fact that the bad guys are out there and active. As has been said since the start of COVID-19, stay safe out there. Wash your hands, wear a mask, social distance and check your emails carefully. And in the meantime, call Ashton Technology Solutions for security training for your team, or security solutions for your network.  216 397-4080

 

 

 

Related Posts