A nice sign

This came from one of my customers that I do SEO for and it makes me feel good:

We currently have enough projects in the pipeline to keep us busy for the next 12-18 months, so keep doing what you're doing. Things are going great here. 

We can help you get leads and sales!

More to come!  

Now is the time to really look at e commece

 Brick and mortar stores are starting to fade fast. Any store that you have to visit is potentially a super spreader of the virus. I recently quoted a potential customer that had a salon a nice website but no one was coming! The bottom line is people still do not want to get out as much as we think. I recommend you look at having an e-commerce site and use this until the scare has left us which I hear could be more than a year still!

We are here if you need us!

More to come

Joe

The time is now to push e-commerce

 With Covid threatening a second wave, it is important to be thinking of building an e-commerce web site.

What can be done you ask? if you have a brick and mortar store, bring it online now and realize that life after Covid will not be the same as it was before. People are just now starting to get out and shop again but as they do it seems that the virus is spreading again. We have chosen to stay at home, we do shop and get our prescriptions but we will continue to wear our mask and to keep that six-foot distance! In the meantime, think about putting your items online and using the power of the web to sell the items. We offer e-commerce solutions that you would find to be affordable.  Write to me at jrossini@rossini.com and let me show you how we can help you make money and save your business!

More to come, visit www.rossini.com or www.marketyourbusinessnow.com for more information.

Talk soon.

Joe!

Now is the time for an e-commerce website

With this virus, people have stayed in and not gone out shopping a lot. The states are starting to open up your ability to shop but still, millions are being careful and shopping online. An easy to use e-commerce website can bring you leads and sales. What do you need to know:

Make the website responsive

Make sure it is easy to use and to navigate

Use good long tail keywords internally so the search engines will make it easy for people to find you

Make the site look attractive

And much more. we at rossini.com can help you have that web site that snaps and is easy to find. Visit us today at www.rossini.com for more information.

More to come soon!

Hacking our cars!!!

Vehicle hacking and data theft increases

Even before we get into the subject of self-driving cars, vehicles today are basically moving data factories. Modern cars are fitted with an array of GPS devices, sensors, and in-car communication and entertainment platforms that make them an increasingly profitable target for hackers and data thieves.

Criminals have learned to piggyback into private networks through connected home appliances and smart devices, thanks to the lack of security standards among the thousands of device manufacturers and service providers. Likewise, the automobile is likely to increasingly become the backdoor of choice in the coming years thanks to the growing amount of data they collect and store about our day-to-day lives. Attackers will have the choice of targeting either the vehicles themselves, perhaps using them to access email accounts and then personal information, or the cloud services where our data is routinely sent for storage and analysis. Large scale harvesting and resale of this data on the black market is highly lucrative for cybercriminals.

Another very real danger is that malicious actors could learn to compromise the digital controls and safety features of modern vehicles. The idea of hijacking autonomous cars and taking over their controls may seem far-fetched right now, but it’s a threat that’s being taken seriously by the automotive industry as well as lawmakers. During 2020, we’re likely to see more debate over this aspect of the safety of self-driving vehicles, as the regulatory framework that will allow them to operate on our roads continues to take shape.

Info provided by Bernard Marr

More on cyber attacks

“Criminals are getting more creative and hyper-focused on how they go about obtaining access to the things they need to conduct their crimes,” said Steve Ragan, the report’s principal author and Akamai security researcher. “Criminals targeting the financial services industry pay close attention to the defenses used by these organizations

, and adjust their attack patterns accordingly.”

Is there an answer to the onslaught of cyber attacks faced by financial services firms?

Shannon Simpson, cyber security and compliance director at Six Degrees, suggests an outsourced approach as one way to address security challenges. Read here

Additionally, August 2019 saw the largest credential attack against a financial service provider in Akamai’s history, which consisted of over 55 million login attempts, although this was not completely directed at APIs.

The same culprits of that incident caused another later that same month, this time targeting APIs directly and produced over 19 million attacks.

The most frequent type of attack on financial services, according to the report, was Local File Inclusion (LFI), which targets scripts running on servers to force the leak of sensitive information; this accounted for 47% of observed traffic.

SQL injection (SQLi) also made up a prominent proportion of attacks on financial services (36%).

The sector also faced a noteworthy amount of Distributed Denial of Service (DDoS) attacks; it ranked third in attack volume compared to other industries, coming in behind gaming and high-tech, but a leading proportion of 40% of unique DDoS targets were in financial services.

DDoS attacks: why size isn’t everything

Today’s DDoS attacks have evolved to become far more deceptive, complex and frequent than the simple, volumetric technique which gave the attack its name. Read here

“Security teams need to constantly consider policies, procedures, workflows, and business needs – all while fighting off attackers that are often well organised and well-funded,” Ragan continued. “Our data shows that financial services organisations are constantly improving by adopting fluid security postures, forcing criminals to change their tactics.”

Are you a ring user read this

Ring, 2FA, and a Win for Consumers

BY ASHLEY BOYD | FEB. 18, 2020 | ADVOCACY

Today, Amazon announced that two-factor authentication (2FA) is now mandatory for all Ring users. In recent months, several stories have emerged about Ring users being hacked, harassed, and spied on. This extra layer of security will help prevent further episodes.

This is positive news for consumers — and proves that even the mightiest tech companies will respond to consumer pressure. We often feel helpless about the state of online privacy and security. But when a movement of consumers, nonprofits, and journalists reaches critical mass, we can push consumer tech in a better direction.

The change comes on the heels of loud advocacy by Ring users and organizations like Mozilla and Electronic Frontier Foundation (EFF). In December, Mozilla launched a petition urging Amazon to mandate 2FA for all Ring devices, and over 8,000 consumers signed on. Meanwhile, EFF revealed that Ring shares personal data with an array of third parties. (In today’s announcement, Ring also said it is pausing certain third-party tracking and allowing users to opt out of targeted ads.)

There’s a lot of work ahead of us — both in the industry at large, and with Ring specifically. For example, extensive reporting has highlighted concerns about Ring’s ongoing partnerships with police departments across the U.S., and the way in which its Neighbors app can stoke fear, paranoia, and over-policing. But today, we’re applauding Amazon and Ring for listening to consumers and prioritizing its customers’ security.

Cyber security

New security issues and hacking techniques are emerging all the time making it impossible for businesses to completely future proof themselves from hackers. But organizations can take simple steps that can go a long way to improving security. These include putting in place strong patching and password policy, and enforcement of multi-factor authentication on every public-facing system.

Organizations should implement regular security testing of all potential attack vectors, especially if it’s something that’s changed. They need to ensure they put in place a security strategy and stick to it.

Perform awareness assessments, organize security audits, examine those controls, review that access list.

There is no room for complacency, cyber threats are changing daily, so it is more important than ever that businesses keep informed of the latest developments. A cyber attack should be seen as inevitable so security should always be at the forefront of company strategy, not an afterthought.

More on security:

97% of IT leaders majorly concerned by insider data breaches

An Egress study has found that 97% of IT leaders are concerned that data will be exposed by their own employees, leading to insider breaches 

Concerns around intentional compromise has risen within the past year.

This finding from Egress‘s Insider Data Breach Survey 2020, conducted by Opinion Matters, spelled a lack of reassurance for decision makers regarding insider breaches over the past 12 months.

Also, 78% of IT leaders surveyed said that employees have put data at risk accidentally within the last year, while 75% say that intentional compromise of data security has occurred.

While the former statistic has remained stable since 2019, the latter saw a 14% jump.

In the UK, 63% declared intentional data security compromise, while 68% said this was accidental. This contrasted with leaders in the Benelux region, 89% of whom said that data was put at risk intentionally, and 91% accidentally.

Egress CEO, Tony Pepper, said: “While they acknowledge the sustained risk of insider data breaches, bizarrely, IT leaders have not adopted new strategies or technologies to mitigate the risk.

Real-time data and cyber security: key to mitigating the risk

Kayla Matthews explores how access to real-time data can strengthen an organisation’s cyber security efforts in the face of increasing attacks. Read here

“Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable.

“The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches.

“They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”

The most common cause of company data risk, according to leaders, is the sharing of data to personal devices.

In regards to challenges, two proportions of 24% said a lack of employee security training, and a lack of effective security systems respectively, were to blame.

23%, meanwhile, blamed a lack of awareness, and 21% said that insider breaches were mainly caused by employee's rushing tasks.

In terms of what kinds of cyber attacks were causing breaches over the past year, 41% cited phishing attacks over email, while 31% said that employees had sent information to the wrong person.

More to come soon:

Info provided by:

Aaron Hurst

Retail under pressure

A great article about how the big boys are trying to keep up with our demands to get the products fast!

https://www.scmr.com/article/retail_under_pressure

What is social engineering?

This is a very interesting article from MalwareBytes and things that can have consequences for you.

What is social engineering?

https://www.malwarebytes.com/social-engineering/?utm_source=double-opt-in&utm_medium=email-internal-b2c&utm_campaign=EM-B2C-2020-January-newsletter-Issue2&utm_content=how-not-to-buy-drugs-on-internet

Iran cyber warning!!!

National Cyber Awareness System:

AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

01/06/2020 03:01 PM EST

Original release date: January 6, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions:

1. Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
2. Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.
3. Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below).
4. Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.

Technical Details

Iranian Cyber Threat Profile

Iran has a history of leveraging asymmetric tactics to pursue national interests beyond its conventional capabilities. More recently, its use of offensive cyber operations is an extension of that doctrine. Iran has exercised its increasingly sophisticated capabilities to suppress both social and political perspectives deemed dangerous to Iran and to harm regional and international opponents.
Iranian cyber threat actors have continuously improved their offensive cyber capabilities. They continue to engage in more “conventional” activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), but they have also demonstrated a willingness to push the boundaries of their activities, which include destructive wiper malware and, potentially, cyber-enabled kinetic attacks.
The U.S. intelligence community and various private sector threat intelligence organizations have identified the Islamic Revolutionary Guard Corps (IRGC) as a driving force behind Iranian state-sponsored cyberattacks–either through contractors in the Iranian private sector or by the IRGC itself.

Iranian Cyber Activity

According to open-source information, offensive cyber operations targeting a variety of industries and organizations—including financial services, energy, government facilities, chemical, healthcare, critical manufacturing, communications, and the defense industrial base—have been attributed, or allegedly attributed, to the Iranian government. The same reporting has associated Iranian actors with a range of high-profile attacks, including the following:

• Late 2011 to Mid-2013 – DDoS Targeting U.S. Financial Sector: In response to this activity, in March 2016, the U.S. Department of Justice indicted seven Iranian actors employed by companies performing work on behalf of the IRGC for conducting DDoS attacks primarily targeting the public-facing websites of U.S. banks. The attacks prevented customers from accessing their accounts and cost the banks millions of dollars in remediation. [1] 
• August/September 2013 – Unauthorized Access to Dam in New York State: In response, in March 2016, the U.S. Department of Justice indicted one Iranian actor employed by a company performing work on behalf of the IRGC for illegally accessing the supervisory control and data acquisition (SCADA) systems of the Bowman Dam in Rye, New York. The access allowed the actor to obtain information regarding the status and operation of the dam. [2]
• February 2014 – Sands Las Vegas Corporation Hacked: Cyber threat actors hacked into the Sands Las Vegas Corporation in Las Vegas, Nevada, and stole customer data, including credit card data, Social Security Numbers, and driver’s license numbers. According to a Bloomberg article from December 2014, the attack also involved a destructive portion, in which the Sands Las Vegas Corporation’s computer systems were wiped. In September 2015, the U.S. Director of National Intelligence identified the Iranian government as the perpetrator of the attack in a Statement for the Record to the House Permanent Select Committee on Intelligence. [3]
• 2013 to 2017 – Cyber Theft Campaign on Behalf of IRGC: In response, in March 2018, the U.S. Justice Department indicted nine Iranian actors associated with the Mabna Institute for conducting a massive cyber theft campaign containing dozens of individual incidents, including “many on behalf of the IRGC.” The thefts targeted academic and intellectual property data as well as email account credentials. According to the indictment, the campaign targeted “144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.” [4]

Mitigations

Recommended Actions

The following is a composite of actionable technical recommendations for IT professionals and providers to reduce their overall vulnerability. These recommendations are not exhaustive; rather they focus on the actions that will likely have the highest return on investment. In general, CISA recommends two courses of action in the face of potential threat from Iranian actors: 1) vulnerability mitigation and 2) incident preparation.

1. Disable all unnecessary ports and protocols. Review network security device logs and determine whether to shut off unnecessary ports and protocols. Monitor common ports and protocols for command and control activity.
2. Enhance monitoring of network and email traffic. Review network signatures and indicators for focused operations activities, monitor for new phishing themes and adjust email rules accordingly, and follow best practices of restricting attachments via email or other mechanisms.  
3. Patch externally facing equipment. Focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service on externally facing equipment.
4. Log and limit usage of PowerShell. Limit the usage of PowerShell to only users and accounts that need it, enable code signing of PowerShell scripts, and enable logging of all PowerShell commands.
5. Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network.

Patterns of Publicly Known Iranian Advanced Persistent Threats

The following mitigations and detection recommendations regarding publicly known Iranian advanced persistent threat (APT) techniques are based on the MITRE ATT&CK Framework. [5]

Iranian APT Technique	Mitigation and Detection
Credential Dumping	Mitigation Manage the access control list for "Replicating Directory Changes" and other permissions associated with domain controller replication. Consider disabling or restricting NTLM. Ensure that local administrator accounts have complex, unique passwords across all systems on the network. Limit credential overlap across accounts and systems by training users and administrators not to use the same password for multiple accounts. Detection Windows: Monitor for unexpected processes interacting with Isass.exe. Linux: The AuditD monitoring tool can be used to watch for hostile processes opening a maps file in the proc file system, alerting on the pid, process name, and arguments for such programs.
Obfuscated Files or Information	Mitigation Consider utilizing the Antimalware Scan Interface (AMSI) on Windows 10 to analyze commands after being processed/interpreted. Detection Windows: Monitor for unexpected processes interacting with Isass.exe. Linux: The AuditD monitoring tool can be used to watch for hostile processes opening a maps file in the proc file system, alerting on the pid, process name, and arguments for such programs.
Data Compressed	Mitigation Network intrusion prevention or data loss prevention tools may be set to block specific file types from leaving the network over unencrypted channels. Detection Process monitoring and monitoring for command-line arguments for known compression utilities. If the communications channel is unencrypted, compressed files can be detected in transit during exfiltration with a network intrusion detection or data loss prevention system analyzing file headers.
PowerShell	Mitigation Set PowerShell execution policy to execute only signed scripts. Remove PowerShell from systems when not needed, but a review should be performed to assess the impact to an environment, since it could be in use for many legitimate purposes and administrative functions. Disable/restrict the WinRM Service to help prevent uses of PowerShell for remote execution. Restrict PowerShell execution policy to administrators. Detection If PowerShell is not used in an environment, looking for PowerShell execution may detect malicious activity. Monitor for loading and/or execution of artifacts associated with PowerShell specific assemblies, such as System. Management.Automation.dll (especially to unusual process names/locations). Turn on PowerShell logging to gain increased fidelity in what occurs during execution (which is applied to .NET invocations).
User Execution	Mitigation Application whitelisting may be able to prevent the running of executables masquerading as other files. If a link is being visited by a user, network intrusion prevention systems and systems designed to scan and remove malicious downloads can be used to block activity. Block unknown or unused files in transit by default that should not be downloaded or by policy from suspicious sites as a best practice to prevent some vectors, such as .scr., .exe, .pif, .cpl, etc. Use user training as a way to bring awareness to common phishing and spearphishing techniques and how to raise suspicion for potentially malicious events. Detection Monitor the execution of and command-line arguments for applications that may be used by an adversary to gain Initial Access that require user interaction. This includes compression applications, such as those for zip files that can be used to Deobfuscate/Decode Files or Information in payloads. Anti-virus can potentially detect malicious documents and files that are downloaded and executed on the user's computer. Endpoint sensing or network sensing can potentially detect malicious events once the file is opened (such as a Microsoft Word document or PDF reaching out to the internet or spawning Powershell.exe) for techniques such as Exploitation for Client Execution and Scripting.
Scripting	Mitigation Configure Office security settings enable Protected View, to execute within a sandbox environment, and to block macros through Group Policy. Other types of virtualization and application microsegmentation may also mitigate the impact of compromise. Turn off unused features or restrict access to scripting engines such as VBScript or scriptable administration frameworks such as PowerShell. Detection Examine scripting user restrictions. Evaluate any attempts to enable scripts running on a system that would be considered suspicious. Scripts should be captured from the file system when possible to determine their actions and intent. Monitor processes and command-line arguments for script execution and subsequent behavior. Analyze Office file attachments for potentially malicious macros. Office processes, such as winword.exe, spawning instances of cmd.exe, script application like wscript.exe or powershell.exe, or other suspicious processes may indicate malicious activity.
Registry Run Keys/Startup Folder	Mitigation This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features. Detection Monitor Registry for changes to run keys that do not correlate with known software, patch cycles, etc. Monitor the start folder for additions or changes. Tools such as Sysinternals Autoruns may also be used to detect system changes that could be attempts at persistence, including listing the run keys' Registry locations and startup folders. To increase confidence of malicious activity, data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as network connections made for Command and Control, learning details about the environment through Discovery, and Lateral Movement.
Remote File Copy	Mitigation Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware or unusual data transfer over known tools and protocols like FTP can be used to mitigate activity at the network level. Detection Monitor for file creation and files transferred within a network over SMB. Monitor use of utilities, such as FTP, that does not normally occur. Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used.
Spearphishing Link	Mitigation Determine if certain websites that can be used for spearphishing are necessary for business operations and consider blocking access if activity cannot be monitored well or if it poses a significant risk. Users can be trained to identify social engineering techniques and spearphishing emails with malicious links. Detection URL inspection within email (including expanding shortened links) can help detect links leading to known malicious sites. Detonation chambers can be used to detect these links and either automatically go to these sites to determine if they're potentially malicious, or wait and capture the content if a user visits the link.
Spearphishing Attachment	Mitigation Anti-virus can automatically quarantine suspicious files. Network intrusion prevention systems and systems designed to scan and remove malicious email attachments can be used to block activity. Block unknown or unused attachments by default that should not be transmitted over email as a best practice to prevent some vectors, such as .scr, .exe, .pif, .cpl, etc. Some email scanning devices can open and analyze compressed and encrypted formats, such as zip and rar that may be used to conceal malicious attachments in Obfuscated Files or Information. Users can be trained to identify social engineering techniques and spearphishing emails. Detection Network intrusion detection systems and email gateways can be used to detect spearphishing with malicious attachments in transit. Detonation chambers may also be used to identify malicious attachments. Solutions can be signature and behavior based, but adversaries may construct attachments in a way to avoid these systems. Anti-virus can potentially detect malicious documents and attachments as they're scanned to be stored on the email server or on the user's computer.

References

[1] Department of Justice press release: Seven Iranians Working for Islamic Rev…

[2] Department of Justice press release: Seven Iranians Working for Islamic Rev…

[3] Bloomberg article: Now at the Sands Casino: An Iranian Hacker in Every Serv…

[4] Department of Justice press release: Nine Iranians Charged With Conducting …

[5] MITRE ATT&CK Framework

CISA Insights: Increased Geopolitical Tensions and Threats

Contact Information

CISA encourages recipients of this report to contribute any additional information that they may have related to this threat. For any questions related to this report, please contact CISA at

• 1-888-282-0870 (From outside the United States: +1-703-235-8832)
• CISAServiceDesk@cisa.dhs.gov (UNCLASS)
• us-cert@dhs.sgov.gov (SIPRNET)
• us-cert@dhs.ic.gov (JWICS)

CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on the CISA homepage at http://www.us-cert.gov/.

Revisions

• January 6, 2019: Initial version

---

This product is provided subject to this Notification and this Privacy & Use policy.

---

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@us-cert.gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.

OTHER RESOURCES:

Contact Us | Security Publications | Alerts and Tips | Related Resources

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences  |  Unsubscribe  |  Help

The rise of the robots

Did you know:

In logistics, robots can pay for themselves within three to nine months, and with lower purchase prices, easier-to-configure robots and greater capabilities of robots that can find their way around a building, even small- and mid-size companies can now more easily deploy robots and gain a fast return.

As pointed out in Material Handling & Logistics, there are many types of robots available to help with distribution center/fulfillment center operation tasks today. They can assist with loading, unloading, sorting, picking, transportation, storage, delivery and audits. They also use different forms of navigation tools such as rail, wire-guided, labels, magnet tape, laser, vision, geo-guidance and others.

Two areas deserve special attention:

Picking. The trend away from case or bulk movement handling toward single SKUs has been accelerated due to e-commerce. These types of goods-to-person systems have taken the form of forward pick, racked systems that use robotic vehicles to bring cases and totes of goods to stations and then return the item container back into storage. There is also an increasing use of robotic machines to perform the pick process to detect, reach out, grasp and place into a receptacle items to fulfill an order.

Sortation. There have not been that many applications of robots doing item sortation in the U.S. Up until now, AGVs (automated guided vehicles) have been used for case, pallet, bulk, or specialized container movement for many years across a wide range of industries and applications. However, there are now examples of AGVs that automatically read barcodes and then deliver items in a single pass to a designated order consolidation point.

These two areas are a focal point by companies to increase productivity and decrease labor expenses. An example is the retail giant Walmart that recently introduced robotic cleaners. The robots do a programmed set of routines and clean a store thus allowing for Walmart to save on labor by eliminating part of their cleaning crew expense!

Will there be more robots in retail or industry? You can bet on it as companies try to cut expenses and increase delivery times so as to keep that potential customer from going elsewhere!

More to come!

Joe Rossini