Blutone Technologies

Blog

  • The launch of .au domains & why securing one is important

    Australian web addresses are about to get shorter, for the first-time people will drop the .com part and instead just use dot-au, for example blutonetech.com.au becomes blutonetech.au. A shorter domain is easier for clients to remember and can help to boost your search engine ranking, but failing to secure your .au equivalent could cause problems.

    From 24 March, Australian entrepreneurs and businesses with an existing .com.au domain name can apply for priority status to register an exact domain name match with an .au extension (blutonetech.au). Eligible users have six months to complete the process before the .au domain name extension becomes available for the general population to purchase from 20 September.

     

    At the dawn of the world wide web, early adopters bought up domain names which led to quite a few battles over everything from MTV.com to McDonalds.com. Decades on, auDA the organisation that manages Australian domains, has decided to do things differently and roll out this change in stages to make things fairer and guard against what’s known as ‘cyber-squatting’.

     

    If someone else buys your domain name it’s near impossible to get back, could negatively impact your search engine rankings, and at worst someone else could use your business name for nefarious purposes. It’s expected that .au address will become the popular choice and securing your businesses digital identity as an earlier adopter could prove a competitive advantage.

     

    auDA CEO, Rosemary Sinclair AM, says providing “…consumers the opportunity to licence shorter, eye-catching names brings Australia in line with most other country code Top Level Domains including the United Kingdom (.uk), Canada (.ca), the USA (.us) and New Zealand (.nz).

     

    Adding “…the launch of .au direct is an exciting innovation, delivering enhanced opportunities for Australian Internet users”.

     

    From Thursday, people who can demonstrate they or their business have a connection to Australia, or those holding .com.au equivalents, will be able to purchase .au domains. Blutone Technologies strongly advises protecting your brand, and purchasing this new shorter domain name, thus blocking any competitor from making use of it. Please call 1300 660 139 for help securing your web address.

  • How Cybercriminals Are Taking Advantage of COVID-19

    In the wake of large-scale global events, cybercriminals are among the first to attempt to take advantage of the situation and seek financial gain. In February 2020, the World Health Organization (WHO) released an advisory warning of ongoing scams involving the ongoing outbreak of COVID-19 / Coronavirus. These scams aim to exploit people’s fear and uncertainty concerning the disease’s spread.

     

    How attackers exploit the Covid-19 crisis

     

    1. Phishing and social engineering scams

    Phishing is one of, if not the single most common attack techniques. Reports of email phishing campaigns using COVID-19-related lures surfaced almost immediately after confirmed infections began increasing in January 2020. Health organizations such as the WHO and US Centers for Disease Control and Prevention (CDC) have been prime targets for impersonation due to their perceived authority: Attackers have been observed tempting victims with URLs or document downloads using promises of important safety documentation or infection maps.

    COVID-19 has also been a popular topic of discussion on cybercriminal forums. For example, in February 2020, a user initiated a thread on the prestigious Russian-language cybercriminal forum XSS to advertise a new COVID-19-themed phishing scheme. The user advertised a method to deliver malware via an email attachment disguised as a distribution map of the virus’s outbreak, containing real-time data from the WHO. The map itself is an impersonation of a legitimate map created by the Johns Hopkins Center for Systems Science and Engineering (CSSE). The offering was priced at $200 for a “private build”, and if buyers also required a Java CodeSign certificate, the price would be $700.

     

    XSS post on COVID-19-related phishing scam

     

    Legitimate Johns Hopkins COVID-19 distribution map

     

    Another phishing scam, as detailed by Sophos, impersonated an official email correspondence from the WHO. The email contained a link to purported document on preventing the spread of the virus, but redirected victims to a malicious domain which attempted to harvest credentials. The email contained several grammatical and format errors, which can be used by attackers to narrow down their victims and bypass spam filters.

     

    Phishing scam impersonating the WHO (Source: Sophos)

     

    Organizations like the WHO or CDC are also not the only ones at risk of being impersonated. Since January 2020, the number of COVID-19-related domains registered has increased significantly: Digital Shadows has identified over 1,400 domains registered over the past three months. While many of these are likely legitimate and dedicated to providing information on the virus and its spread, it is almost certain that a portion have been created with malicious intent. Malicious domains can be used to spread misinformation, host phishing pages,  impersonate legitimate brands, and sell fraudulent or counterfeit items. In March 2020, the UK’s National Fraud Intelligence Bureau (NFIB) reported over 21 cases of COVID-19-related fraud schemes, resulting in losses of over £800,000 in the UK alone. The NFIB cited specific examples which included the fraudulent sale of face masks and sites which promised victims a map of COVID-19 infections near them in return for a bitcoin payment.

     

    COVID-19-related domains registered over the past six months (Source: Digital Shadows’ Shadow Search)

     

    2. Malicious apps

    Although Apple has placed limits on Covid-19-related apps in its App Store and Google has removed some apps from the Play store, malicious apps can still pose a threat to users.

    DomainTools uncovered a site that urged users to download an Android app that provides tracking and statistical information about Covid-19, including heat map visuals.

    However, the app is actually loaded with an Android-targeting ransomware now known as CovidLock. The ransom note demands $100 in bitcoin in 48 hours and threatens to erase your contacts, pictures and videos, as well as your phone's memory. An unlock token has reportedly been discovered.

    DomainTools reported the domains associated with CovidLock were previously used for distributing porn-related malware. “The long run history of that campaign, now looking disabled, suggests that this Covid-19 scam is a new venture and experiment for the actor behind this malware,” said Tarik Saleh, senior security engineer and malware researcher at DomainTools, in a blog post.

    Proofpoint also discovered a campaignsha asking users to donate their computing power a la SETI@Home but dedicated to Covid-19 research, only to deliver information-stealing malware delivered via BitBucket.

     

    3. Insecure endpoints and end users

    With large numbers of employees or even the entire businesses working remotely for an extended time, the risks around endpoints and the people that use them increase. Devices that staff use at home could become more vulnerable if employees fail to update their systems regularly.

    Working from home for long periods of time may also encourage users to download shadow applications onto devices or flout policies they would normally follow in the office.

    The International Association of Information Technology Asset Managers recommends that all IT assets being taken home be signed out and tracked, that companies provide policy and advice around how assets be used at home (especially if people are used to sharing devices with family), remind users of policies around connecting to public WiFi, and make sure they continue to update their software as needed.

     

    4. Vulnerabilities at vendors and third parties

    Every partner, customer and service provider in your ecosystem is likely going through all the same issues as your organisation. Liaise with critical parts of your third-party ecosystem to ensure they are taking measures to secure their remote workforce.

     

    Security priorities for remote working at scale

    Liviu Arsene, global cyber security researcher at Bitdefender, recommends that organisations take the following steps to ensure secure and stable remote working:

    • Bump up the number of simultaneous VPN connections to accommodate all remote employees
    • Set up and support conferencing software that ensures both a stable voice and video connection
    • Ensure all employees have valid credentials that don’t expire within less than 30 days as changing expired Active Directory credentials can be difficult when remote
    • Send out rules and guidelines regarding accepted applications and collaborative platforms so employees are aware of what is sanctioned and supported and what is not
    • Have gradual rollout procedures for deploying updates, as delivering them all at once to VPN-connected employees could create bandwidth congestions and affect inbound and outbound traffic
    • Enable disk encryption for all endpoints to reduce the risk of data loss on compromised devices
  • The simple way to spot a Phishing email

    A Phishing email is when a cybercriminal tries to trick email users by sending an email address from a manager, coworker or business partner. With the move to cloud mail services such as O365 and Gmail, it’s very easy for cybercriminals to target users and harvest their credentials.

    The first step is to look at the sender’s email address closely. Sometimes there are subtle differences in the address.

    For example:

    Real address: Joe@user.com

    Fake address: Joe@uzer.com

    Sometimes this is not clearly visible as it is masked so hovering with your mouse over the username can help unmask the real address.

    If the email has an embedded link, never click it but use the same technique and hover over it to see where it leads to. If the link says Microsoft.com and you hover over it and on the lower left side of the Outlook screen it says CyberCrimal.com, you will know its fake.

    Never open or download an email attachment unless you are 100% certain it’s safe.

    The last step, if you weren’t expecting the email and don’t know who it’s from, don’t click it. If it’s regarding something important, they will contact you again.

    I hope this helps.

Why Choose Us

  • Tech Expert on demand – for quick fixes 123
  • Solutions tailored to your needs
  • Tech Expert on-site – for those hands on solutions
  • Priority access for Entrepreneur and Business
  • Free Membership – to get you started
  • Remote concierge service
  • Free Tech Expert advice – to point you in the right direction
  • On-site concierge service
Contact Us Today