Eaton & Associates, as a Managed Service Provider (MSP), safeguarding our clients’ digital environments is vital. In recent developments, a concerning security breach has come to our attention, impacting iPhone users. One of the reasons individuals choose iPhones is for their robust security which is now being exploited by a clever cyber-attack.

According to a recent report from Russell Kent-Payne at Certo Software, hackers have devised a cunning method to circumvent Apple’s security measures by employing third-party custom keyboards. These malicious keyboards are being used as tools to spy on unsuspecting iPhone users, compromising their private messages, browsing history, and even passwords.

Certo Software initiated an investigation following multiple reports of cyberstalking incidents where the perpetrators seemed to possess intimate knowledge of the victims’ iPhone activities. Subsequently, the discovery was made that malicious third-party keyboards were present on all affected devices.

This attack distinguishes itself from more conventional techniques as it doesn’t require jailbreaking the target’s iPhone or gaining access to their iCloud account. Instead, it leverages third-party keyboards as a keylogger on exploited devices. Hackers discreetly capture and transmit all keystrokes made by an iPhone user through these manipulated keyboards.

This exploitation uses Apple’s TestFlight platform, normally used for testing iOS apps before being released on the App Store. By deploying malicious keyboards through TestFlight, hackers can evade Apple’s security scrutiny, as the platform lacks the stringent security checks applied to App Store apps.

To identify whether your iPhone has fallen victim to this security threat, take the following steps:

1. Open the Settings app on your iPhone.
2. Navigate to General, then Keyboard, and finally Keyboards.
3. Observe the list of standard keyboards, typically one in your language and another named “Emoji.”
4. If you notice an additional keyboard that you did not install, especially one with “Allow Full Access” enabled, exercise caution.

Should you discover an unrecognized custom keyboard, promptly remove it by:

1. Tapping on “Edit.”
2. Selecting the red minus button next to any unfamiliar keyboard.
3. Tapping “Delete” to eliminate the potential threat.

As your trusted MSP, we remain committed to keeping you informed about emerging threats and assisting you in fortifying your digital defenses against evolving cyber risks. Stay vigilant, and if you have concerns or require further assistance, do not hesitate to reach out to our dedicated support team.

Cybersecurity Alert – What is Quishing?

Quishing is a relatively new type of cybersecurity risk that has emerged in recent years and has been growing quickly. According to a ZDNet article ¹, the term “quishing” was first used to describe the use of QR (Quick Response) codes in phishing scams in 2023. QR codes, which are two-dimensional barcodes that can store various types of information, are used for quickly linking to websites, applications, making payments, accessing menus or other information quickly. As they store information horizontally and vertically, they can hold up to 100 times more information than a traditional bar code.

Quishing is derived from the words “QR” and “phishing”. Scammers use deceptive QR codes to lure people into visiting fraudulent websites that may look legitimate. Once on the site, the user is prompted to enter sensitive information such as personal identity data, credit card numbers, bank account details, and passwords. The scammers then use this information to steal your money and/or your identity. 

Tips to Prevent Being Compromised:

1. Only scan QR codes from trusted sources. Be wary of QR codes in public places or received through unsolicited messages.
2. Before entering any personal information, check the URL of the website you are visiting. Misspelled variations of the domain name or excessive hyphens can indicate a fraudulent website. The address should start with “https//” with a padlock icon in front of it to indicate it is a secure connection. Be very careful providing any sensitive information if you do not see the “https//” and padlock.
3. Use a QR Code Scanner with Built-In Security. Some QR code scanner apps come with built-in security features that can alert you if a scanned QR code leads to a potentially harmful website or application.
4. As the QR Code typically opens a browser, use a secure browser and malware protection that can detect fraudulent websites and warn you before you enter any sensitive information.
5. Keep your operating system, browser, and antivirus software up-to-date and ensure that you have the latest security patches installed.
6. Check for signs of tampering on signs with QR codes. If the code looks altered or damaged, do not scan it.
7. Stay informed about quishing, phishing and other cybersecurity threats. Educate yourself and your coworkers and family members about the risks and how to recognize potentially dangerous QR codes. Human error is a common cause of cybersecurity incidents.

By following these tips, you can protect yourself from quishing scams and keep your personal and financial information safe.

¹: https://www.zdnet.com/article/quishing-is-the-new-phishing-what-you-need-to-know/ 

Ensuring DOJ Compliance for MSP Providers in Police Department Managed Services

Managed service providers (MSPs) play a critical role in delivering compliant and reliable services to support the operations of police departments. Adhering to Department of Justice (DOJ) regulations is essential for protecting sensitive data, maintaining legal compliance, and establishing trust with law enforcement agencies. This article highlights the significance of DOJ compliance in MSPs serving police departments and emphasizes key considerations in this domain.

1. Security and Confidentiality: To ensure DOJ compliance, MSPs must implement robust security protocols, including encryption, access controls, and secure storage, to safeguard sensitive information within police departments.
2. Digital Forensics and Investigations: Adherence to DOJ compliance guidelines in digital forensics is crucial. MSPs should maintain the chain of custody, utilize approved tools, and document procedures to ensure the admissibility of digital evidence in legal proceedings.
3. Video Surveillance and Analytics: DOJ regulations regarding video retention, privacy, and analytics must be followed. MSPs should deploy secure video management platforms, employ facial recognition technologies, and adhere to DOJ guidelines for effective and compliant video surveillance within police departments.
4. Collaboration and Information Sharing: Facilitating secure interagency collaboration and information sharing is paramount. MSPs should provide compliant communication platforms, secure data repositories, and case management systems that meet DOJ standards for police departments.
5. Emergency Communication Systems: MSPs must ensure that emergency call centers, radio systems, and dispatch operations comply with DOJ requirements. This ensures reliable communication channels during critical situations within police departments.
6. Training and Documentation: Comprehensive training aligned with DOJ compliance guidelines is essential. MSPs should educate police department personnel on tool usage, data handling practices, and adherence to regulations. Clear documentation of training sessions, user guides, and policies further supports DOJ compliance efforts.

DOJ compliance is of utmost importance for MSPs serving police departments. By implementing specialized tools, robust security measures, and strict adherence to DOJ regulations, MSPs deliver reliable, compliant, and effective managed services. Upholding DOJ guidelines ensures the protection of sensitive data, maintains legal compliance, and fosters trust between MSPs and police departments.

Role-based access control (RBAC) is a method of restricting access to network resources based on a user’s role within an organization. This means that users are only granted access to the resources that they need to perform their job duties. This helps to protect sensitive data and critical systems from unauthorized access.

There are three main components of RBAC:

• Roles: Roles are defined sets of permissions that allow users to perform specific tasks. For example, a role might allow a user to access a particular application, view a certain set of data, or make changes to a server.
• Users: Users are assigned to one or more roles. This determines what resources they have access to.
• Permissions: Permissions are the specific actions that a user can perform within a role. For example, a user with the “administrator” role might have the permission to create new users, modify permissions, or delete files.

RBAC is a powerful tool for network security. It can help to:

• Protect sensitive data: By restricting access to sensitive data to only those users who need it, RBAC can help to prevent unauthorized access and data breaches.
• Reduce the risk of unauthorized changes: RBAC can help to reduce the risk of unauthorized changes to critical systems by limiting the number of users who have the permissions to make changes.
• Simplify access management: RBAC can simplify access management by making it easier to assign and revoke permissions.

There are a number of different ways to implement RBAC. Some common implementations include:

• Directory-based RBAC: This uses a directory service, such as Active Directory, to store role definitions and user assignments.
• Application-based RBAC: This uses an application’s own database to store role definitions and user assignments.
• Hybrid RBAC: This combines directory-based and application-based RBAC.

The best implementation for a particular organization will depend on the organization’s specific needs and requirements. If you are looking for a way to improve the security of your network, RBAC is a good option to consider. It can help to protect sensitive data, reduce the risk of unauthorized changes, and simplify access management.

Here are some additional benefits of using RBAC for network security:

• It can help to improve compliance with security regulations. Many regulations, such as PCI DSS and HIPAA, require organizations to implement certain security controls. RBAC can help organizations to meet these requirements by providing a way to control access to sensitive data.
• It can help to improve operational efficiency. By simplifying access management, RBAC can help organizations to reduce the time and effort required to manage user permissions. This can free up IT staff to focus on other tasks, such as improving security or developing new applications.

If you are considering implementing RBAC for network security, there are a few things you should keep in mind:

• You need to carefully and consistently define your roles and permissions. This will ensure that users only have access to the resources that they need to perform their job duties.
• You need to implement RBAC in a way that is scalable. As your organization grows, you need to be able to easily add new users and roles.
• You need to monitor your RBAC implementation to ensure that it is working properly. This will help you to identify any security vulnerabilities or configuration errors.

By following these tips, you can help to ensure that your RBAC implementation is effective and secure.

Eight Best Practices to Combat Ransomware:

Ransomware is a type of malicious software that can infect computer systems and encrypt critical files or data, effectively locking them until a ransom is paid. To protect your company from ransomware attacks, here are some best practices to consider:

1. Regularly Back Up Your Data: Ensure that your company’s critical data is regularly backed up, encrypted, and stored both onsite and off-site in secure locations. This can help you quickly recover data in case of an attack and reduce the likelihood of paying a ransom if you are successfully attacked.
2. Do Test Restores: Regularly do test restores of your local and remote backups to ensure everything works as planned and there are no unpleasant surprises when you need to recover data.
3. Keep Software Up to Date: Regularly update your company’s software and operating systems to ensure that known vulnerabilities are patched and cannot be exploited by attackers.
4. Use Anti-Malware: Use anti-malware software on all workstations and servers, scan regularly and ensure the anti-malware software is up to date.
5. Implement Firewalls: Firewalls act as a barrier between an internal network and the Internet, or other external networks, to prevent unauthorized access, protect against cyber threats and protect against malware.
6. Implement Security Awareness Training: Educate your employees on how to identify and avoid phishing emails and other common attack vectors. Train employees to recognize suspicious links, emails, and attachments, and to report them to IT personnel immediately.
7. Implement a Security Plan: Develop and implement a comprehensive security plan that includes regular testing, monitoring, and updating of security measures. Ensure that your plan covers all aspects of your company’s IT infrastructure and includes procedures for incident response, recovery, and communication with stakeholders.
8. Use Multi-Factor Authentication: Implement multi-factor authentication (MFA) for access to your company’s applications, systems, and services. This will add an effective extra layer of protection against unauthorized access.

By implementing these best practices, you can help reduce the likelihood of a ransomware attack on your company and minimize the impact of an attack if one does occur. E&A is here to help with any cybersecurity and ransomware mitigation questions you may have.