Our Blog

We received a phishing email the other day and decided to open it in order to analyze it.

Here is the actual email:

The link points to a Google Drive location:

It may seem like an ordinary PDF file, but in fact it’s a VBS file (a visual basic script that when opened executes commands on your computer)

Here is the link opened in a browser:

Windows 10 is smart enough to warn you that the file is a virus!

However you can bypass the alert and save it:

There is a second warning but you can still download it. Some people in a hurry will just click on all warnings and will eventually open it.

On a windows 7 computer when using Internet Explorer things are much “simpler” for the bad guys:

You don’t get a warning that the file is a virus, you just get warned that the publisher is not verified. It sounds less harmful than a virus.

We opened the vbs file:

Here you can see the code that will be executed once the pdf is opened. Most of the code is “obfuscated”, in other words it’s written in a complicated way to make the contents impossible to understand. Once active, it will try to infect your computer and ask for ransom etc.

It’s clear that we need to have the latest updated versions of operating systems and browsers on our computers.

We also believe that shared locations such as Google Drive, Dropbox etc. have to be blocked. Anyone can open an account and upload malware. At the moment hosting companies allow all type of files to be stored.

The most important thing is to be proactive by keeping your people both up to date and educated on threats and security.

A new Ransomware virus has been discovered.

In order to protect yourself from this ransomware, or from any variant, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

All industries are targets, please see below for some examples:
An average user can be tricked. Sometimes even more power-users can be tricked due
to load of incoming emails.

Which industries are the main target for Ransomware attack?

Which industries are the main target for Ransomware attack?

The following examples are specifically targeted to the maritime industry.
If you are an IT, you can spot they are fake, but a person working in an office will consider
them legit and open the attachments.

Which industries are the main target for Ransomware attack?

Which industries are the main target for Ransomware attack?

Which industries are the main target for Ransomware attack?

Protect yourself from Ransomware :
RansomSaver – Free protection from Ransomware

All the information provided below is based on personal experience, I believe it makes it more appealing to the reader.

Are digital documents currently more secure than physical ones? How about in the future?

I own an e-ink reader it’s an amazing device, I can keep hundreds of articles and ebooks on it, also it has an excellent battery that lasts long.
 Last month my local library started sharing books online. I enrolled and also opened an account with a third party that protects the ebook’s from being copied. It’s called Digital Rights Management. The library allows you to “own” the book for a specific number of days. After the end of that period it expires and is no longer accessible.

I decided to see how long it would take me to remove the protection from the ebook. I knew that it was possible, but had never tried doing so myself.
 I downloaded a free ebook management software on my Mac, did some quick research and found an extension for this software that claimed to remove the DRM. All I had to do was drag and drop the file in to that software.
 The book was mine to keep. So much for the DRM, I though (The whole process took me less than an hour).

Are digital documents currently more secure than physical ones? How about in the future?

A client of ours wanted to know if they could remove the password from a document (that was in a portable format) and change it’s content. We replied that it would be difficult to do so and that it could destroy the format (to discourage them). However at the end of the day they came back with the solution by themselves. They downloaded a free software and removed
 the password. The document was an invoice, they wanted to increase the expense amount.

As for encrypted documents and protection levels, it all depends on the algorithm being used. The digital document may be well protected but secret services or even hackers may find a way to decrypt any document.

Personally I do not believe that digital documents are more secure than physical ones.

I just remembered a case back in the MS-DOS era, about a company that had a single computer hosting the accounting software system. It wasn’t even connected to the LAN! It was locked inside a room and only a designated person had access to it under a strict policy. It seemed like the optimum protection but just imagine the gap of information that this caused due to lack of exchanging information within the company.

I once developed an application for an organization that was collecting
 information. They had two networks one for the internet and one for their database system. There was no physical connection between the two networks, I guess you can understand why. Wouldn’t it be nice to be able to embed metadata in a biological or quantum state inside a document?

Disclaimer: We are against stealing other people’s intellectual property.

I hacked a University by mistake and I was not even a beginner hacker.

I hacked a University by mistake and I was not even a beginner hacker.

Like every other person I start my day with a cup of coffee while going online to read the news on
an online newspaper. That day on the top of the page there was a banner adverting a seminar hosted
by a specific University.

However next to the banner there was an error shown, including an IP address. The error also included
the name of a database. It was MySQL.

At that time (around 2005) I was developing a PHP application that was relying to a MySQL database
to store tables of information. There was a nice free application that would let you manage the database
called MySQL Workbench.

Without further thinking I opened MySQL Workbench typed the IP shown on the banner.

I was asked for a user name and a password. I typed the default user name which was root. I left the
password blank.

Simple as that. I was able to browse all tables of that database. Information regarding tutors, courses,
internal documents etc. There was even one table that had unencrypted passwords of third party
email accounts.

I did not know what to do!

I asked myself. Am I hacker now? Is it possible for an administrator to be that stupid?

And the answer is yes of course!

I closed the database connection. I did not change any data or kept any copy of the information.

Nowadays MySQL has safeguards that would not let that happen, even if an administrator is careless.

It’s the human factor that leaves the door open to the hackers.

As for the hackers their motivation can be political, recognition among friends or just money-money-money.

You can never be 100% protected online. But you can make a hackers life hard.

Eventually they will leave you for an easier target. Be prepared in advance!

Lets do a quiz together.

Q1:

You own a MAC and you search for something, your Safari browser downloads the file shown below. Do you install it ?

Q2:

You own a Windows computer and you receive the email shown below.
Do you click on the link ?

What virus protection company is the best for PCs, Cell phones, ETC?

 

Q3:

You receive an email from Apple regarding a recent purchase. you click on the link. It asks for your username and password. Will you type your credentials ?

 

If you answered yes to all three questions, then you definetely need to buy an Antivirus (More or less they all will do a good job)

If you answered no then (like me) you don’t need an antivirus. It’s so obvious that they are all fake and want to infect you.

Check the link shown on Q3, it does not even point to Apple web site.

The examples are 100% authentic, I receive such emails every day.
They are good examples of what people should avoid.

Educate yourself and your people next to you.
That is the best antivirus (with no expire date).

 

Can ransomware, virus’s and worms be used to hack ships? Are they specifically designed for that purpose?
(From a user on our Quora account)

Nowadays ships have local area networks and servers with special maritime software which are used to share documents, emails and various other data. There two ways for a virus to reach a ship.

The first way is via email, fortunately the satellite providers delivering the emails perform various scans, but there might be a loophole somewhere.

The second way is via the crew or even a surveyor, personal laptops and usb sticks with infections could be connected to the local network causing an infection within the network.

It is even possible for a ship owner to purchase a used vessel which already has infected computers. The ship can run on a tight schedule with minimum time in port, making it impossible for an IT engineer to visit and clean/check PCs.

Satellites have specific bandwidth and may provide an internet connection to a ship over a specific region (similar to the limitations of a mobile/cellular antenna) or a ship can be in a shipyard with interferences from metal structures blocking internet access.

It’s still too difficult and very expensive to remote access the computers on a vessel in order to update an antivirus or set policies.

Another major issue is communication in English with the crew as their language skills are to a basic standard.

As providers of services and software for maritime companies we had to come up with a different approach to solve the problem. We install antivirus software that can be off line updated using a CD.

We also prefer to setup Linux workstations that connect to a central location via RDP on a server, thus minimizing risks and making control and backup easier. Even removal of USB ports wherever possible or installing USB lock devices.
So far we’ve had many cases of infections that could be handled one way or another.

 

Fortunately no, there have not yet been specifically targeted ransomware cases for ships.
Shipping companies’ offices however are specifically targeted by ransomware and fake payment emails that seem to be from genuine sources such as a supplier. We had cases with clients being victims of cyber criminals pretending to be a vendor/suppler sending fake banking details and managing to get real money out of their accounting departments.

Cyber criminals are one step ahead of us IT engineers. It’s a $billion business per year. So they will find a way to get through.

Prevention is the best remedy. Keep your crew educated with written instructions or video presentations on how to protect themselves and the company.