Infosec Archives - Compute Forensics LTD London Computer & Mobile Phone Forensic Expert Witness Investigation Services

38% of Data Breaches Occur in Hotels, Why? 4 Reasons and 4 Solutions

Alistair Ewing — Thu, 28 Jun 2018 18:46:50 +0000

Hotels are an attractive target for criminals for a number of reasons. Trustwave, a cybersecurity firm studied data breaches in 24 countries and discovered that 38% of the breaches occurred at hotels. A number of top hotels such as Trump Hotels, Mandarin Oriental Hotel Group, Hard Rock Café, Starwood, Hilton and Hyatt have all been victim to breaches. Although large hotels have been targeted small hotels could be attractive too. Most breaches go undetected or are not reported creating havoc for the victims and for banks who are the ones liable to take the hit for the losses.

4 Reasons Why Hotels Are Exploited Commonly

Travellers make more purchases while travelling and take longer to notice anomalies. Business users just don’t mind as much as they won’t take the losses personally.
The information racked up by hotels about their guests coupled with poor network security mean that the hotel networks are stellar targets for a man in the middle attackers. They can sniff network traffic or hack the hotel booking system finding out the date of birth, passport numbers and other information about guests.
The hotel environment has many ripe payment terminals for exploits discovered at onsite shops, restaurants and spas. The relaxed demeanour of untrained staff and lax security mean these terminals can be exploited either by strapon devices and other techniques.
Open WIFI networks and lack of a VPN mean network traffic can be recorded with ease.

What Can You Do?

Use a VPN such as one by Private Internet Access while travelling.
Invest in monitoring systems that can detect breaches and perhaps train IT staff in data security.
Monitor your bank activity using Experian or similar.
Try a tool such as Rippleshot Siren that provides a unique overview of the status of all your locations, colour-coded by breach severity level, as well as personalised alerts whenever a location’s threat level changes, or otherwise needs your immediate attention.

If you are suspect a breach or are concerned about the security in your hotel then contact a computer forensic expert at Compute Forensics for a free telephone consultation.

Tips to Secure your Small Business

Alistair Ewing — Thu, 28 Jun 2018 18:38:22 +0000

DISCLAIMER: IF YOU HAVE HAD A BREACH DON’T ALERT ANYONE, DON’T USE AN IT DEPARTMENT THAT AREN’T TRAINED IN SECURITY, DON’T ANALYSE YOURSELF OR CHANGE ANY VOLATILE DATA AND CONTACT A SECURITY/DIGITAL FORENSICS FIRM IMMEDIATELY!

IT security is no joke. According to the Federation of Small Businesses owners lost 800 million GBP to cybercrime. The cost of preventing this colossal amount would have been a fraction of this loss. Some fixes need special consultancy and training such as penetration testing or if a breach has occurred digital forensics techniques may be required. Prevention is better than the cure. Many fixes are simple and don’t require much in cost and effort from you or your IT department.

I have summarised some tips below to help secure your small business.

Top Security Tips Summary

Use Anti-Virus/Firewalls/Anti-Malware/Active Monitoring This can be free for your small business so there is no excuse. Comodo is a great antivirus and can be used legally for small businesses. Sophos provides a great free firewall for small businesses as long as you keep the rules up to date and configure it correctly! Much active monitoring software exists, take a gander at Variato for example.

CCleaner By Piriform is worth having it allows admins to wipe disks that may hold IP so they may be recycled (Don’t wipe or reuse ex-employees data. Look at this article so you can find out why!). This is important as you don’t want insiders using data recovery software to find artefacts. It can also function to delete internet history and can wipe free space so old data can’t be discovered so you may not want this to be present on employees systems.

Shred Unwanted Documents You may want to use a digital shredder

Secure Your Website This can be done by patching, updating and ethically hacking to test the site to test the site’s security. Update the backend of your site and schedule regular tests. Test the applications on the site, design them with security in mind.

Backup Be sure to back everything up off your network before an event occurs. Make backups of servers and computers using Clonezilla, a free cloning software. Backup your website and if using WordPress use plugins such as ‘All In One WP Security & Firewall‘ that has built-in scanners and firewalls. Backup your assets the old fashioned way to cheap readily available external USB disks. Make sure these are encrypted, you can add encryption and passwords for these using Veracrypt. Store backups safely and if needed in a safe with limited access. Making regular backups that can be readily restored means your business can get up and running should ransomware or other threats strike. Your assets will be protected and the crash or hack will be a minor setback. It is important to save and cherish your intellectual property but keep it off any networks.

Due Diligence Consider employee background checks as can be carried out by companies such as Tendo Solutions.

Conserve Ex-Employee Data Be sure to preserve ex-employees hard disks in case of IP theft or unauthorised activity that you may need to use against them in the future. Consider a forensically imaging the disk and having a full computer forensic analysis on the data. You may need to hire a computer forensic expert to do this.

Use Strong Passwords Don’t use default passwords on devices, change the passwords on routers and similar. Use password creation websites such as Password Generator to generate a strong password. Don’t store passwords on post-it notes attached to your monitor!

Implement Two-Step Authentication Try to use an email service such as Gmail Business that has two step authentication where you can link a mobile phone with an account and use this device to generate a code after you enter a password as another layer of security. Even if some gets hold of one of your employee’s password while doing business in Hong Kong they can’t get into your account without the Authenticator application linked to a particular phone.

Mobile Phone Security Try to have all your employees phones preconfigured with encryption, a decent password and an anti-virus.

Virtual Private Network Try to have a VPN app installed and running at all times to protect your data while browsing on unsecured WIFI on a mobile phone or computer.

Encrypt Whole Disks Protect movable assets such as laptops by using Veracrypt to encrypt the disk before you even get to the Windows login, you could even us Bitlocker already built into Windows.

Training You employees need training in threat awareness and online security.

Look For Software and Hardware Keyloggers or Recorders Sometimes rogue employees may attach hardware devices to log keystrokes or indeed install software in order to do so. If they can do this they access to your passwords and activity.

Phishing Train your staff on phishing awareness and even try and bait your staff to see if they fall for spoofed emails or similar.

Restrict ‘Bring Your Own Devices’ This policy is risky as you have no way of knowing the integrity and security of your employee’s devices. Give staff their own devices preconfigured.

Updates Keep your software up to date and patched. Nothing is more useless than anti-virus that is 4 years out of date!-virus that is 4 years out of date!

Guest Networks Your companies WIFI and the network may be secure but plenty of juicy information can be sniffed using a man in the middle attack in the canteen on level 0’s free unsecured WIFI network. Again use a decent VPN.

Restrict Software Allowing employees to download software that hasn’t been vetted by anti-virus software or the IT department is a recipe for disaster.

Maintain Logs and Store Them Backup your server and other logs, encrypt them and keep them somewhere safe for a possible future analysis.

Thank you for reading. No single technique or guide will totally secure your business.

Please like and share this article.

Regards,

Alistair Ewing

Lower E-discovery Litigation Costs by Implementing a Decent ESI Governance Strategy

Alistair Ewing — Thu, 28 Jun 2018 18:31:45 +0000

Businesses need to be proactive and improve their processes of storage and release of information rather than be reactive. It is better to have essential retention and storage policies in the event of litigation. We have performed too many collections where the IT department has no idea where the data is stored; this is usually the case in smaller firms where they outsource the IT department. Having well organised easily locatable ESI electronically stored information will not only save you money and time in the likely event of litigation it may also have other effects such as being able to source key IP intellectual property assets in the event of an employee investigation or disastrous loss as the result of rogue malware or hardware failures.

What Businesses Need to Consider Before an E-discovery Exercise

Invest Time Preparing Now The amount of time spent organising a proper governance strategy and migrating to an E-discovery friendly office platform will significantly reduce costs in the future. It is a false economy not to invest time money and resources into this endeavour now.
Record Trail Policies of must be in place, you must record when they were approved and by whom. Example “We back up the exchange server every eight months, it is stored in this location and is deleted after X amount of time.” This will display to litigators that you are well organised leading to them giving you less hassle as the case progresses.
Deletion Policy It is not efficient to hold onto ESI forever, but you must adhere to retention that has met the regulatory requirement. The deletion should be documented by explaining why an archive was deleted and the action must conform to the particular need in your industry or country. Missing project emails, gaps in dates and undocumented deletions are all unacceptable.
Intentional Withholding is Hiding or withholding information will cause you added hassle and undermine you organisations credibility. You must explain why specific emails were withheld from a date range or a custodian’s data has been deleted before the time that has been allocated. If a forensic preview discovers ESI that was not disclosed after the pre-collection questionnaire this, it undermines the credibility of the company and can lead to further financial losses. I have worked on a case where a denied an email was sent by an ex-employee. Other custodians that have left the company emails were archived, but this person’s emails were not available. I was presented with a drive that they said this individual used. They were bluffing as no user profile belonging to this person existed; they handed me a computer that was never used by this individual. Additionally, they stated that they migrated servers and didn’t bring forward the custodian in question but the other employees that had left the company before this custodian exited had their PST email archive files in the migration in a PST backup folder. I discovered that the custodians PST file was on the server at some point, it had been present after examining migration logs and other records. As a result, they received a hefty fine for hiding this information and had to pay back the claim.
Standardisation of Backups I have worked on a case where sometimes emails were available on the server, others were in a backup folder, other on the custodian’s hard disk and even some in VHD disk clones. Having ESI in multiple areas is haphazard. Each forensic image had to have every archive and backup examined for case ESI. Users had the admin rights to take emails off the server when they backed up leading to fragmented loci of the documents and email files involved in the case. The outsourced IT firm engaged in the business had no backup policy in place. This leads to an expensive long drawn out investigation, extraction and comparison process to ensure I had the full range of emails and ESI. For the forensic collector, the process should be as simple as work files are stored on this location, backups here and the rest is on the server along with all the logs and audits. It should all be auditable and defensible. Only admins should be allowed to perform backup tasks and records must be kept to show a full transversal expired. If this isn’t the case, then the email system used should automatically retain all the emails sent and received regardless of the user actions.
Using BYOD in an Organisation Allowing your staff to use their own devices not only opens up the door to security risks but leads to the embarrassing prospect of having to encroach on their privacy and investigate their device to source potential ESI that may be stored in personal Gmail or online Outlook accounts. This lowers staff morale and gives the impression of lax policy. Just look at the recent Hilary Clinton scandal where she used personal email for government matters. A leak here could cost your company embarrassment for the sake of not allowing them to use their home mobile phone or computer. Just fork out for the devices. Prep and provide digital work items for staff that have been selected for security and retention in mind. iPhones backup to iCloud this way ESI can be retrieved from the iCloud location using iPhone Backup Extractor and searched for ESI even if the phone has a forgotten code or the custodian is unavailable. Configure laptops to retain data and perhaps install monitoring software that tells you if a specific non-complaint action has occurred.
Consider Migrating to Gmail or Office 365 for Business These cloud-based options reduce time in collecting ESI and retention can be performed via a click of a button in the settings. Make sure devices have two-step authentication and mobile devices synced with these services have decent passwords to enter your assets as you are exposed to the web using these services. In many ways, these webmail platforms can act as review tools in themselves allowing you to triage and keyword search specific projects involved in the case reducing preview time before a collection which can be done remotely. In some cases, this reduces costs for a manual data acquisition. It must be noted though these searches don’t recognise characters in documents and don’t have the raw power and options of tools like my personal favourite Nuix. The knock effect is this will improve efficiency and stability in your business compared to using something debunked such as Lotus Notes. The only drawback is your data is stored offsite in Google’s or Microsoft’s server this may go against clients wishes in specific sectors.
Keep Asset Lists for Data Mapping A simple spreadsheet detailing hard disk serial numbers, locations of ESI, users assigned to a domain and if more than one user uses a specific computer cuts time when handed to an E-discovery company as needed. It additionally saves costly second collection attempts because of gaps in the contiguous layout of the ESI concerning date range. It may even be used to produce directory listings periodically of all your devices so one can quickly find where ESI is stored. This can work in harmony with your security audit as well. Early case assessments can then be conducted with precision and promptly. Compute Forensics can aid in this.
Regional Issues Some multinationals have used a ‘one size fits all’ for all the countries they are based and have opened themselves up to litigation. The governance programme must be suited to the particular jurisdiction. It is worthwhile to consult a local lawyer to run through the nuances of that specific jurisdiction or industry.

Please contact me if you need any advice regarding this topic, a few days of consultation could save your firm a small fortune in the future. Add me as a connection a.ewing@compute-forensics.com. Like and share if you found this useful.