4 Easy Ways to Secure Your Smartphone

apple-iphone-smartphone-desk

1. Use a secure lock screen

Establishing a lock screen passcode should be your first order of business as a smartphone owner, as it’s the first line of defense in securing your phone. So many people these days more or less live out of their phones, so when such personal information is at stake, it is important to take steps to protect it. At the very least, by setting up a passcode and short lock interval, you can make sure that any random person that picks up your phone will not be able to access your information.

Although you should choose a passcode that you can remember, try to avoid using common codes or easy guesses such as birthdays, anniversaries, etc.

2. Update software

Regardless of whether you run iOS, Android, Windows, etc. on your phone, it’s important to always ensure that you are running the latest version of the OS available. This is because vital security issues get addressed in these updates, so if you run your phone with an old OS, it may be compromised.

There was a vulnerability last year that meant that hackers could access an iOS device remotely via Wi-Fi without any user interaction. Basically, the issue was in a WebSheet component of iOS that is used when iPhone users connect to public WIFI networks that require them to go through a login page. It seems that Apple wasn’t doing enough validation to prevent malicious code running when the login page was loaded. Fortunately, iOS 10.2 resolved this issue.

3. Be mindful of apps and their sources

It can be incredibly tempting to micromanage your life with the variety of apps offered on Smartphones. The categories are vast, ranging from social media to productivity to banking to even personal health management and some of these apps can have incredible benefits. But what happens when you install an app from an untrusted source?

Earlier this year, millions of Android phone users unknowingly downloaded malware called HummingWhale. It has the capability of installing apps on your phone without the user’s permission and hiding the original app after it has already infected the phone, making it harder for users to clean up the mess left in the wake of this malware. All of these corrupt apps were in the app store using names of fake Chinese app developers.

Google Play is a little more vulnerable than Apple Store when it comes to malicious apps, however this could have been prevented if individuals knew to verify the sources of the apps they download. It’s important to always review app developers and the permissions apps seek before downloading them to your phone.

4. Turn off WIFI and Bluetooth when not in use

Ensure that any automatic WIFI connection setting is disabled, requiring you to grant permission to connect to any wireless networks. Similarly, although Bluetooth can be wonderful for convenience in terms of connecting to a remote headset, speakers, or what have you, always make sure that you have it disabled when it is not in use.

This is because the same technology that allows you to connect to WIFI networks and pair with Bluetooth items can be abused to grant malicious entities access to your device. A simple way to prevent vulnerabilities related to this is to just always be aware of what you are connecting your phone to.

If you have any questions or comments on this topic, please don’t hesitate to contact us!

This article was written by Kristina Weber, Content Supervisor of Centry Ltd.

A Story of the Korean Peninsula: 1910-1953

North Korea has headlined the media in the past couple weeks with the news of its capability to produce a nuclear warhead that can be carried by an Inter-Continental Ballistic Missile. The ongoing exchange of threats back and forth mark a historic moment of escalation in the tension of international relations, particularly as the President of the United States, Mr. Donald Trump, has promised to meet further threats from North Korea with “…fire and fury like the world has never seen…”

North Korea’s tenuous place in international relations is one that has evolved over time. In order to understand where these tensions have risen from, who the major players are, and what the future may yet hold, we must take a look back in time to evaluate the past. Most articles on this topic begin their discussion with the Post-WWII establishment of North and South Korea, focusing on the Kim family’s rise to power, but not necessarily the context of the early 20th century that paved the road for events to unfold in this way.

Korea Under Japan

Enter the twentieth century, when Korea was declared a Japanese protectorate with the Eulsa Treaty of 1905, and just a few years later annexed into Japan in 1910. This annexation lasted until the conclusion of World War II in 1945, and left a terrible legacy behind it. In his book Japanese Assimilation Policies in Colonial Korea, 1910-1945, Caprio discussed the way Japanese people of the time regarded Koreans: how their assimilation policies shifted between the desire to ‘teach’ Japanese culture as if it were from a place of superiority, and the prejudice in thinking Koreans could never live up to the standard. The reality of these policies is that they manifested in brutality and oppression, which illustrates the environment in which famous resistances arose, leading up to the March 1st Movement.

The March 1st Movement in 1919 was one of the earliest public displays of Korean resistance under Japanese rule. The leaders of the movement signed a document proclaiming the independence of Korea and liberty of the Korean people in witness of human equality, then sent it to the Governor General. This movement kicked off a series of public protests – some of which met violent ends. By the time the movement was suppressed one year later, 7,000 Koreans had been killed and 16,000 people had been wounded.

Laying the Foundations

The earliest roots of formation for the split of Korea that we know today began after the March 1st Movement, when the activist leaders fled to China, where they built ties with the Chinese Nationalist Government to gain support for the Provisional Government of Korea (KPG).

It wasn’t until the 1930s after Japan occupied Manchuria that China re-examined its connections to the exiled revolutionaries of Korea. After a meeting between Chiang Kai-shek and Kim Ku, they came to an agreement where if the Chinese government offered the KPG significant financial aid, it would ignite uprisings in places such as Japan, Korea, and Manchuria within the next two years. After this agreement, Kim Ku was informed that the Chinese hoped the Koreans would shift gears in their tactics to long-term preparations for a war of liberation. Around this time, a left-wing Korean group under the leadership of Kim Won-bong also began to receive assistance from the Chinese government. In time, the Chinese authorities were able to bring the two Korean groups together into a nominal unity by organizing them under the banner of the Korean Restoration Army.

Between July to December 1942, a Chinese committee reviewed the government’s Korea policy. After some proposals and feedback, they settled on a plan that would proscribe China’s leading role among the Allies in granting recognition to the KPG and determined responsibilities for financing the Koreans’ political and military activities in China. In return, the Koreans were tasked with a number of responsibilities, including intelligence collection, conducting psychological warfare within enemy troops, and enhancing their influence in Korea itself. However, this didn’t erase the faction-issues between Korean partisans, and 1942-1945 proved to be a period of political tumult for Koreans in China.

In 1943, a Far East Division memorandum predicted that Russia would eventually wish to occupy the ‘political vacuum’ in North China and Korea left in the wake of Japan’s defeat, and that such occupation would create an entirely new strategic situation with far reaching repercussions. After a meeting in Cairo, the United States government made an open pledge for Korean independence, which sparked planning for America’s military role in reconquering the Korean peninsula. In Recast All Under Heaven: Revolution, War, Diplomacy and Frontier China in the 20th CenturyLiu suggests that this marked a significant step in the attitude of America toward Korea, where it evolved from being overlooked to a definitive decision that the United States must itself become a leading influence in the region. This was further expounded upon at the Yalta conference, where it was agreed between Roosevelt and Stalin that the United States, China, the Soviet Union, and Great Britain must together oversee Korea before its independence. However, this prospect of such cooperation diminished in light of the rising tensions between the Soviet Union and other Allied countries in the final days of World War II. Instead of entrusting Korea to the ‘Big Four’, it became a point of issue between the United States and the Soviet Union. They partitioned Korea at the 38th parallel under the expectation that it would be a temporary solution.

Boiling Point: The Korean War (1950-1953)

The Korean War is remembered today as a proxy war between the United States and the Soviet Union that left massive collateral damage for the Korean people and defined their way of life for the decades afterward. Up until this point there had been a lot of rhetoric about the division of the globe and broad ideological concepts related to it, particularly with regard to the division of Germany.

These discussions reached their boiling point in June 1950, when the Soviet-backed Democratic People’s Republic of Korea (North) invaded the Republic of Korea (South) and pressed quickly into southern territory virtually unopposed. With the blessing of the United Nations, the United States responded to the crisis and committed air, sea, and infantry support to South Korea.

The war commenced with bad collateral damage to Korean civilians in the region, whether they were refugees escaping the Soviet protectorate or caught in the crossfire between the two sides. It wasn’t until the first few weeks of August that the United Nations Command (UNC) started to slow the progression of the North Korean troops. Refreshed with more troops, artillery pieces, antiaircraft guns, close-air-support aircrafts, rocket launcher and tanks, the UNC began to turn the tide of the conflict, leading to the famous amphibious counter-offensive at Incheon. They rapidly advanced toward the Yalu River, but in October 1950 were surprised by Chinese military invention on behalf of North Korea.

The war reached a critical point one year later. Despite the fact that they had lost some odd 500,000 casualties, the Chinese-North Korean armies had grown to 1.2 million soldiers. Meanwhile, the United Nations Command had grown as well, numbering 256,000 US ground troops, 500,000 ROKA, and 28,000 from other allied contingents in addition to the US FEAF. These developments meant that the leaders of both sides had to consider that peace could not be imposed by sheer military force. That said, these thoughts were slow developments realized over time as people fought and lost their lives.

This simultaneously opened up the gateway to negotiations and led to a war of attrition, where the front line was close to the 38th parallel. Near the end of 1951 that measures for the creation of a demilitarized zone were accepted. Both sides agreed upon this, but they got stuck on negotiating over prisoners of war. The initial assumption was that they would adhere to the Geneva Convention – that is, return any POWs to their homelands as quickly as possible after the war’s end.   It was the South Korean government that opposed this type of repatriation, as many POWs in the South had actually been South Korean citizens that were forced to fight with the KPA. In February 1952, President Truman ruled that no prisoner of war in UNC custody would be forced to return to North Korea or China against their will. Thus, Koreans that chose to go North would be exchanged on a ‘one for one’ policy until all 12,000 allied POWs were returned. A series of revolts broke out among the POWs, incited by northern infiltration that sought to ensure the return of POWs to the North. By the end of the year, all of the POWs had been segregated according to their repatriation, refugees resettled, and Chinese POWs sent to Cheju Island.

The war continued still into 1953, experiencing air warfare, guerilla operations, and atrocities committed against civilians. The battle of the Kaesong salient ended the hot war, and by May 1953, the negotiators had worked out details of the POW exchange. By July 1953, the two sides had reached an armistice and finalized the establishment of the Korean Demilitarized Zone, which has since been patrolled by forces from both sides.

North Korea and South Korea

Since the separation of the two countries, their relative peace has been marked by a series of skirmishes, abductions, attacks, and attempted assassinations on South Korean leaders.

The cold war has never truly ended on the Korean Peninsula. The two countries remain separated physically and ideologically by the DMZ that was established in the wake of the Korean War. While South Korea today is considered to be part of the western sphere of influence, North Korea has remained an autocratic communist state.

Similarly, the alliances of the Korean War haven’t faded, and as tensions continue to surmount between the United States and Russia and China, we should harbor no illusions that these will have a ripple effect across the old proxy war grounds of the Korean Peninsula.

This article was written by Kristina Weber, Content Supervisor of Centry Ltd. 

Are Your Phones Protected?

In the Cyber era, companies have been investing heavily into their data infrastructure, protecting information vaults, CRM databases and critical production management systems. But when is the last time someone took a look at the customer service center IP phone server? How about the phone bills accumulated by the desktop phones of the call center or personal office phones? Those same phones might be still on your desk, but you have not used them in months or even years.

Through our work with our customers, we have on multiple occasions witnessed that the primary data infrastructure components are well secured and under constant surveillance, but the support service infrastructure has been left unmaintained. One of these systems that we call a gray area system is the phone system, with many still viewing it as the ‘old landline’ system. They are, in most cases, run nowadays through Voice over Internet Protocol (VoIP) and managed with dedicated VoIP servers, enabling hundreds or even thousands of personal office desk phones to be connected through one main system.

The protection of these systems is often left unattended, which provides a lucrative opportunity for a mischievous individual. In this post, we are not diving deeper into the topics of possible eavesdropping or hacks targeting other data network components that can be accessed through the phone server.

Rather, what has been witnessed on many occasions is that the phone system has been utilized to call into pre-determined service numbers, with high per-call costs for the caller. The server has been automated to conduct these calls outside of office hours to minimize the possibility of detection. With automation and due to the payment scheme of tens of euros per connected call, thousands of calls can be made within a short period of time. The receiving end is on many occasions somewhere outside of EU and US, in countries with non-existent control against this type of fraud, such as Nigeria and other African countries. The service numbers set up can have costs as steep as 50 euros per call.

What usually reveals the attack is the phone bill at the end of the month. We are not talking here about any small change either. There have been cases in recent months where attackers were able to pile up these service charges into the hundreds of thousands of euros within one month. In some of these cases, the attackers were too greedy to make a systematic, long-drawn out process of it, and tried to leech as much money as possible within as short a time period as possible.

In these situations, the targeted entity contacts the phone operator to discuss possible refunds or discounts into the bill. What must be remembered is that there is no de facto requirement for the phone operator to hand out these concessions. They usually just give them purely out of their end goal of good customer service, as they want to keep their long-term customers. The bare minimum that the targeted company must pay for is at least the indirect costs relating to solving this issue. It will take a good chunk of the working time of multiple individuals to address these cases, including time away from their primary business function intended to bring in money for the company.

In the above situation, the attack was easy to recognize because of the massive charge in the phone bill at the end of the month. But what if the next attacker is equipped with a bit more patience? Their intention is not to gain short term profit, but to embed a long term scheme into multiple systems, racking up the profits consistently in the long term. Think to yourself, what amount of increase in the monthly phone bill would go unnoticed in your company? This increase in many cases can only be seen once, in the phone bills one month prior and one month after the attack. After that, the new end amount is the standard.

So, what can you do to protect yourself against money leaching out through automated service number calling?

  1. Block any international and service numbers at least outside of office hours.
  2. Conduct log inspections into call logs looking for: suspicious countries, call times, and extremely short durations.
  3. When installing new phone or network equipment, change the default passwords and ensure that “access attempt limitation” is turned on.
  4. Make sure that all system administrators have unique access credentials.
  5. Ask you service provider about its fraud monitoring capability; especially if they have real-time toll-fraud mitigation in place that would stop suspicious calls.
  6. Take the phone infrastructure into account in your data environment documentation and update it regularly.

This article was written by Vilho Westlund, a Security Manager of Centry Ltd. If you have any questions regarding this topic, please feel free to contact us via email at info@centry.global or through any of our social media platforms.

By Invitation Only: Shamoon, a Case Study

It’s early morning and you’re bleary-eyed at your desk, sipping some coffee. You open your email and a sea of unread emails is there to greet you. As you comb through these emails, you come across one from a vaguely unfamiliar address that asks you to take a look at a word doc. Maybe you’re tired, bored, or otherwise occupied with a bigger workload on your mind, but you skim the email and open up the attachment.

Whoops.

Even though it’s a Microsoft Word Document that looks harmless, you might have just invited a fox into the chicken coop. Regardless of whether the contents are a resume, a brochure, or anything else, the object of concern lies in what the doc contains: a malicious macro that paves the way for the Shamoon virus.

What is Shamoon?

Shamoon is best known for its devastating attacks against the Saudi energy sector in 2012 that wiped tens of thousands of computers by overwriting the master boot record. It returned in November 2016, when it hit at least six government entities in Saudi Arabia again, this time utilizing the photograph of Alan Kurdi, the 3-year-old Syrian refugee who drowned.

From Doc to Destruction

IBM’s X-Force IRIS team investigated the case of Shamoon and found the virus’ entry to be a Word document that contained a malicious macro that, when approved to run, would effectively enable the attackers to infiltrate the network by establishing communications to the attacking server and remote shell via something called PowerShell.

Basically, what happened was that the attackers sent a spear phishing email to employees at the target organization. In order for this first step to succeed, all that was required was a person within the company to open the attachment. As soon as the attachment is opened, it invokes PowerShell, which enables command access to the computer. Thus, the hackers are now able to communicate with the machine and remotely execute commands on it.

doc

Figure 1. Example Document of what Saudi Employees may have seen (SOURCE: X-Force IRIS)

With such access, the attackers could send additional tools and malware to other places on the network, which would familiarize them enough with the network to be able to mass-deploy the Shamoon virus, thus taking down thousands of computers.

How could this have been prevented?

Security is only as strong as its weakest link, and too often that vulnerable spot is not a fault of security software but rather human error. Attackers know this and orchestrate their plans accordingly. This is called social engineering, and it targets everyone. It’s important to remember that this doesn’t only happen to people who don’t know better. These attacks and executables can be quite sophisticated and even if you know the basics of protecting yourself online, it still may be possible to have a brief lapse in judgment that would invite a malware-laden attachment into your computer.

The moral of the story is to never think that these types of things wouldn’t target you, or that because you received awareness training in your workplace this wouldn’t happen on your watch. The best thing to do is to keep yourself constantly in check with complying with security requirements as well as taking a second look at what context these attachments are being sent in and who is their sender. And if you do have a lapse and click something you shouldn’t have, contact your IT department.  A good IT department will be happy that you alerted them, and take necessary steps to protect the network.  Awareness of Cyber Security isn’t a one-time lesson, it’s a consistent series of decisions.

Sources/Additional Info

https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/

https://www.symantec.com/connect/blogs/shamoon-back-dead-and-destructive-ever

http://www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR

This article was written by Kristina Weber and reviewed by Dave Ehman, Centry’s CTO. For more content like this, follow @CentryCyber on Twitter!