I received an interesting SMS on my personal mobile, and I thought I would run through a short post about understanding internet URLs, and recognizing a fairly straightforward fraudulent URL.

This is the message I received:

Whether or not I have an account with Commonwealth Bank is not the issue here, but the way text messages get wrapped around by our phone screens can be quite misleading, and for someone receiving this text who does bank with them, it might be quite tempting to follow such a link.  However, if I were to type this URL into my computer notepad, the actual URL becomes a little clearer:
http://my.netbank.commbank.com.au-rl.com/asp/?phone=614xxxxxxxx.

What originally looked like a my.netbank.commbank.com.au URL, now becomes my.netbank.commbank.com.au-rl.com.
 
But what if I don’t recognize this as a malicious domain name?
 
There are a number of ways to check online whether a URL is genuine, and many antivirus software providers offer free services to check URLs.  Take for instance, Trend Micro:

https://global.sitesafety.trendmicro.com

The first thing I want to point out here it the difference in the internet protocol being used between the SMS we received and Trend Micro’s website; the link in the SMS uses http, whereas Trend Micro uses https.  HTTP, by definition, is an insecure method of communication where all data transferred is sent in plain text.  In contrast, HTTPS uses “Secure” HTTP, an encrypted method of HTTP communication, whereby all data is transferred between the local browser and the web server in cipher text, reducing the probability of data being easily read and understood.  Look here for further information about HTTP vs HTTPS.

Banks should all now be using HTTPS on their external websites, and if you find that yours is only using HTTP, my first recommendation to you is to change banks now!

If we paste that URL into the Trend Micro “Is it safe?” text box and click “CHECK NOW”, we receive the following:

How did I know it was dangerous, even before checking?  To allow it to be at least minimally understandable, the Internet Domain Naming System (DNS) is broken down into different hierarchies.  Suffixes, like .au, .com, or .net, are the highest level domain, and any text that comes after the highest level domain must be separated by a forward-slash (or colon).  In this case, the “/” comes between “.com” and “asp”.  This then, marks the boundary between the internet domain name and data held on the web server hosting the page.

Domain hierarchies are built from the end, backwards, and each period “.” denotes a lower level domain, or subdomain.  So, in this case, progressively building up we get the following domain/subdomains:
.com
au-rl.com
com.au-rl.com
commbank.com.au-rl.com
netbank.commbank.com.au-rl.com
my.netbank.commbank.com.au-rl.com
 
We can see by doing it this way that the domain the SMS is trying to direct us to is not actually commbank.com.au, but instead au-rl.com.  Humans tend to read from left to right (at least, in Latin and Germanic based language cultures), whereas computers traditionally read from the right (think binary: 0101 = 3, not 10), which puts the typical user at a disadvantage when trying to parse URLs…

Anyway, if you have any doubt whatsoever, don’t click the link, but instead browse directly to your bank website using a link you trust.  Also, it may not have been obvious from the image above, but the SMS I was sent showed up on my phone as having come from myself!  And no, I didn’t actually send it to myself, not even for the purposes of creating this post :)

Although you might be as cautious as possible, accidents are a part of life.  Like “real life”, sooner or later you will have a computer “accident” no matter how cautious you are; whether that be unintentionally deleting data, hardware failure, or malicious events such as viruses or ransomware.  The sooner you deal with computer incidents, the more likely it is that you will be able to recover without much harm.  Recovering from data loss is something I’ll cover in a future post, but this one focuses on how you can you tell whether you have been a victim of a malicious attack, such as hacking.

SIGNS AND SYMPTOMS OF A HACK

• Unexpected credit card or bank withdrawals which you didn’t authorize.

• Your friends tell you that you’re sending them spam emails.
  

• Your password no longer works, or you are told it is an old one, even though you entered it correctly.

• Your computer keeps crashing, there are unknown icons in your taskbar, or strange windows pop up.
  

• Your internet browser opens sites you didn’t try to access.
  

• Your computer shows warnings that your files have been encrypted, and you need to pay money to get them back.
  

• You receive a warning that your computer is infected.  If you are in doubt as to whether it is a real warning, open your anti-virus software.
  

WHAT TO DO
The sooner you act, the better.  If the compromise is a work related issue, don’t attempt to fix the problem yourself; instead report it to your supervisor, manager, and/or IT department.  If it is your personal account which has been hacked, here are some suggestions for what to do:

• Keep backups.  However, this is a step you need to do beforehand.  Often, the only way to recover infected/encrypted files is by restoring from a previous backup.  Backups should be stored separately to your system; it is no good having backups on the same system which has just been infected by ransomware.
• For financial issues, contact your bank or credit provider (PayPal, Google Pay, Apple Wallet, etc) immediately.  Use a trusted method of contact, for example: use the phone number found on your bank statement or the back of your credit card rather than using phone numbers shown on your computer.
• Change your passwords.  Update the passwords for online accounts from a system you can be sure is secure, starting with the most important ones: e.g. email and banking.  Avoid using the same password for multiple providers, so if you have a number of different accounts utilize a password manager, such as 1Password, LastPass, or KeePass.
• Follow the recommendations of you anti-virus software.  If you don’t have one installed, find one.  There are plenty of antivirus options available, and many are free to use, such as AVG, Avira, Kaspersky, or Windows Defender.
  
• Reinstall your system.  Unfortunately, once a computer has been compromised, it is impossible to be absolutely sure that cleaning the infection will result in it being secure once again.  Unless you know exactly when and how the compromise occurred, even restoring from system backups may simply result in the same situation recurring.  In that case, completely reinstalling from scratch may be the wiser option, and restoring only personal files from backup.  If you have an old system, or the damage is particularly extensive, it may be cheaper and easier simply to replace it with a new one.  Also, whether you rebuild your existing one or buy a new system, ensure that you update with the latest security patches and virus definitions.
• Contact Law Enforcement. If there has been any threat to your person, or if you are a victim of identity crime, contact your local police and see the information here.

Several years ago, creating a cybersecure home was simple; most homes consisted of nothing more than a wireless network and several computers. Today, technology has become far more complex and is integrated into every part of our lives, from mobile devices and gaming consoles to your home thermostat and your refrigerator. Here are four simple steps for creating a cybersecure home.

Your Wireless Network
Almost every home network starts with a wireless (or Wi-Fi) network. This is what enables all your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. They both work the same way: by broadcasting wireless signals. The devices in your house can then connect via these signals. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it:

• Change the default administrator password to your Internet router or wireless access point. (Whichever one is controlling your wireless network.) The admin account is what allows you to configure the settings for your wireless network.
• Ensure that only people you trust can connect to your wireless network. Do this by enabling strong security. Currently, the best option is to use the security mechanism called WPA2. By enabling this, a password is required for people to connect to your home network, and once connected, their online activities are encrypted.
• Ensure the password used to connect to your wireless network is strong and that it is different from the admin password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.
• Many wireless networks support what is called a Guest Network. This allows visitors to connect to the Internet, but protects your home network, as they cannot connect to any of the other devices on your home network. If you add a guest network, be sure to enable WPA2 and a unique password for the network.

Not sure how to do these steps? Ask your Internet Service Provider or check their website, check the documentation that came with your Internet router or wireless access point, or refer to their respective website.

Your Devices
The next step is knowing what devices are connected to your wireless home network and making sure all of those devices are secure. This used to be simple when you had just a computer or two. However, almost anything can connect to your home network today, including your smartphones, TVs, gaming consoles, baby monitors, speakers, or perhaps even your car. Once you have identified all the devices on your home network, ensure that each one of them is secure. The best way to do this is ensure you have automatic updating enabled on them wherever possible. Cyber attackers are constantly finding new weaknesses in different devices and operating systems. By enabling automatic updates, your computer and devices are always running the most current software, which makes them much harder for anyone to hack into.

Passwords
The next step is to use a strong, unique password for each of your devices and online accounts. The key words here are strong and unique. Tired of complex passwords that are hard to remember and difficult to type? So are we. Use a passphrase instead. This is a type of password that uses a series of words that is easy to remember, such as “Where is my coffee?” or “sunshine-doughnuts-happy-lost”. The longer your passphrase is, the stronger. A unique password means using a different password for each device and online account. This way, if one password is compromised, all your other accounts and devices are still safe. Can’t remember all those strong, unique passwords? Don’t worry, neither can we. That is why we recommend you use a password manager, which is a special security program that securely stores all your passwords for you in an encrypted, virtual safe.
Finally, enable two-step verification whenever available, especially for your online accounts. Two-step verification is much stronger. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app on your smartphone that generates the code for you. Two-step verification is probably the most important step you can take to protect yourself online, and it’s much easier than you think.

Backups
Sometimes, no matter how careful you are, you may be hacked. If that is the case, often the only way you can recover your personal information is to restore from backup. Make sure you are doing regular backups of any important information and verify that you can restore from them. Most mobile devices support automatic backups to the Cloud. For most computers, you may have to purchase some type of backup software or service, which are relatively low- priced and simple to use.

This 'guest' post is taken from the January SANS' OUCH! Newsletter, and is shared here without modification under the Creative Commons License.  A pdf version can be downloaded from this link.

Welcome to Cyber Security Awareness Month!  Ok, so we’re already more than half way through the month, but how many of you knew that each year October is (Inter)national Cyber Security Month?

And what better way to start than by taking a moment to reconsider the basics of IT Security?  The following cartoon has been around for a while (original source unknown, but obtained from here), but is as much true today as it ever was.

The most advanced technologies can be brought into play, huge amounts of money can be spent protecting technology from every conceivable threat, but as soon as fallible humanity comes into the equation, all bets are off.  It doesn’t matter whether you are the lowliest peon in your workplace, or the CEO of a major multinational, we are all susceptible for, “to err is human”.

Although we all make mistakes, if we put good methods and practices in place, we will need to work much harder in order to truly mess things up.  The below infographic (edited from the version at staysafeonline.org) gives some good practical tips for home and business users alike, but we have to remember that security doesn’t belong only to the “professionals”, but starts with each and every one of us.

Cyber Security Starts at Home – with everyone online, even down to the youngest of infants, we need to make sure that all users learn to use the internet safely.

Keep Devices Up-to-Date – one of the best methods of protecting against malware is to keep your system up-to-date, whether that be the operating system, software or drivers.

Use Multi-Factor Authentication (MFA) – Passwords can be broken, so it is better to use additional methods to secure important data such as bank accounts and email.

Be Careful with Social Media – “Once online, always online”.  Think about what you put online today, because it may come back to haunt you.

Backup Your Important Data – Data loss, corruption, ransomware – these are all common ways to lose information, so backup your important data, and frequently.

Your Personal Information is Valuable – Be careful what you reveal, because everything you share about yourself online is worth something to someone.

Create Strong Passwords – This is true for all passwords, but especially home WiFi.  Once someone is in your home network, who knows what personal information they have access to?

Links: 
https://www.alienvault.com/blogs/security-essentials/i-am-dave
https://staysafeonline.org/wp-content/uploads/2018/09/NCSAM-2018-Week1.pdf