Network computer monitoring

Monthly archives for November, 2016

This new Mac attack can secretly monitor your webcam, microphone

A new app aims to prevent malware from recording video calls.

In recent years we’ve seen malware that targets webcams and microphones in an effort to secretly record what a person says and does.

Even the NSA has developed code that remotely switches on a person’s webcam.

But things are different when it comes to Mac malware, because each Apple laptop has a hard-wired light indicator that tells the user when it’s in use. At least you know you’re being watched.

(Image: Patrick Wardle)

That could change with a new kind of webcam piggyback attack, according to research by Synack’s Patrick Wardle, which he will present Thursday at the Virus Bulletin conference.
After examining a number of malware samples, Wardle believes that attackers can easily take advantage of the light indicator in most modern Macs to mask the malware from secretly recording your phone calls and video chats.

The “attack” works like this. The malware quietly monitor the system for user-initiated video sessions — like FaceTime or Skype video calls — then piggybacks the webcam or microphone to covertly record the session. Because the light is already on, there’s no visible indications of this malicious activity, which lets the malware record both the audio and video without risk of detection.

After all, it’s the phone and video calls that hackers and nation states want to hear, not the regular ramblings of a person sitting at their desk throughout the day.

Wardle told me in an email that when a person legitimately uses their webcam or microphone, it’s typically for more sensitive things, such as a journalist talking to a source, or an important business meeting with an executive, or even a person’s private FaceTime conversation with their partner — all of which could be invaluable for surveillance.

Enter his new tool, Oversight, which aims to block rogue webcam connections that piggyback off legitimate video calling apps, and alerts you when your microphone is in use.

If malware tries to piggyback off a webcam session, the app will alert the user — allowing them to block it. Wardle said that the tool will log the process, allowing security experts or system administrators to take a closer look.

The good news is that Wardle said he’s not aware of any Mac malware that exists to do this, but he noted it isn’t difficult to implement.

“It’s just a few lines [of code], and it doesn’t require any special privileges,” he said. “Currently, Mac malware such as Eleanor could easily implement this capability with this code.”

Wardle has put the app up for free on his website.


Internet usage monitoring becomes the norm in Brazil

Most organizations in the country monitor or block access to content during working hours

Monitoring staff Internet usage has become a common practice in Brazilian organizations, according to a study by the Brazilian Steering Committee.

The likelihood that a Brazilian company may be monitoring Internet browsing history of its employees increases according to its size.

According to they report, 38 percent of companies with up to 49 staff do so, with the percentage going up to 58 percent at firms employing 50-249 people and 73 percent at organizations with more than 250 staff.

Some 43 percent of the companies surveyed also prevent staff from accessing certain types of online content.

When it comes to blocked content, social networks top the list: such websites are blocked by 81 percent of large companies, while 48 percent of organizations employing less than 50 people also deny access to the likes of Facebook and Twitter.

At these organizations, websites with pornographic content top the list of unauthorized URLs (73 percent of employers block such sites) followed by games (65 percent), file downloads (49 percent), entertainment portals, news or sports websites (43 percent), personal email (37 percent) and communication services such as instant messaging (36 percent).



Monitoring SSL traffic now everyone’s concern: A10 Networks

As the uptake of SSL grows, Tim Blombery, systems engineer at A10 Networks, said threat actors are increasingly leveraging SSL-based encryption to hide malicious activity.

As usage of Secure Sockets Layer (SSL) moves beyond the login page or banking website and out into the wider web, Tim Blombery, Systems Engineer at security firm A10 Networks, believes monitoring SSL traffic should now be a concern for almost every company.

Blombery believes that encryption is necessary to protect online data in transit from being compromised, but noted threats are always evolving. With over half of the traffic on the internet now encrypted with SSL, he said bad actors are leveraging SSL-based encryption to hide malicious activity from existing security controls and technology.

Consequently, Blombery said this means enterprises have lost the ability to look at the traffic that is traversing their network, opening themselves up to attack.

“This is becoming an increasing vector for attacks and compromises of networks,” he said. “I think SSL offers a very pertinent threat at the moment.”

Blombery said attacks often arrive via the likes of a Gmail account, which is encrypted to the desktop, with someone unwittingly opening a file containing a cryptolocker.

“Off they go, they’ve compromised that particular system and potentially the entire network,” he said. “Having SSL visibility is vital for Australian enterprises and I think they’re just starting to get that idea.”

As it often takes a breach for someone to jump on board with a specific security solution, Blombery said more and more Australian businesses are starting to become aware of the need to monitor SSL traffic because they have either been affected or heard of someone who has been affected by this sort of attack.

“There are serious breaches regularly, but everyone’s breach is serious for them,” he said. “Even the smallest of companies needs to be security conscious these days.”
The hardware for SSL inspection is a device sitting on the perimeter taking the SSL offload, the company said, which decrypts traffic and then passes it on to the firewall or IPS.

“Once those devices do their job, they hand the traffic back to our device to re-encrpyt and send on to the destination — that’s traffic coming in or out,” Blombery said.
With mandatory breach reporting laws not yet in place in Australia, Blombery noted that even if there was an abundance of breaches due to SSL traffic not inspected, the public might not even know about it.

“For the individuals affected, you certainly want to know if your account or any account is being breached — you should be informed,” he added.

“A lot of people silly enough have the same password for everything or the same subset of passwords, so if a company you’re working with has been breached and you don’t have that visibility, then potentially all of your online identity can be compromised.”

A10 Networks recently completed its first acquisition, scooping up cloud application delivery firm Appcito.

“It really expands us into not just the cloud but as a cloud native company as well,” Blombery said. “Appcito brings load balancing as-a-service, in the cloud functionality that we’ll be able to tie in with our own existing infrastructure based functionality, and allow for common policy to support the applications whether they’re in the datacentre or in the public cloud somewhere.”

Blombery said Appcito is already embedded within A10 and are essentially the cloud decision of the organisation.


System Requirements

Both OsMonitor Server and Client can work on Windows 2000, Windows XP, Windows Server 2003/2008/2012, Windows Server 2012 R2, Vista,Windows 7, Windows 8/8.1, Windows 10. Include 32 bit and 64 bit.

Customer Review

We are now using your monitoring software, OsMonitor. It is a great software, we are able to block non-business website, monitor activities of our users, website visited and even snap shots. Majority of our need is provided by your software.