Tag Archive for: cybersecurity

Lessons learned from the WannaCry malware

WannaCry is one of the few malware campaigns to become a household name. It’s educated countless people on the reality of ransomware and the vulnerability of their data. If you’re still worried about whether you’re at risk, we’ve collected everything you need to know right here.

Ransomware review

Ransomware is a specific type of malware program that either encrypts or steals valuable data and threatens to erase it or release it publicly unless a ransom is paid. We’ve been writing about this terrifying threat for years, but the true genesis of ransomware dates all the way back to 1989.

This form of digital extortion has enjoyed peaks and troughs in popularity since then, but never has it been as dangerous as it is now. In 2015, the FBI reported a huge spike in the popularity of ransomware, and healthcare providers became common targets because of the private and time-sensitive nature of their hosted data.

The trend got even worse, and by the end of 2016 ransomware had become a $1 billion-a-year industry.

The WannaCry ransomware

Although the vast majority of ransomware programs rely on convincing users to click compromised links in emails, the WannaCry version seems to have spread via more technical security gaps. It’s still too early to be sure, but the security experts at Malwarebytes Labs believe that the reports of WannaCry being transmitted through phishing emails is simply a matter of confusion. Thousands of other ransomware versions are spread through spam email every day and distinguishing them can be difficult.

By combining a Windows vulnerability recently leaked from the National Security Agency’s cyber arsenal and some simple programming to hunt down servers that interact with public networks, WannaCry spread itself further than any malware campaign has in the last 15 years.

Despite infecting more than 200,000 computers in at least 150 countries, the cyberattackers have only made a fraction of what you would expect. Victims must pay the ransom in Bitcoins, a totally untraceable currency traded online. Inherent to the Bitcoin platform is a public ledger, meaning anyone can see that WannaCry’s coffers have collected a measly 1% of its victims payments.

How to protect yourself for what comes next

Part of the reason this ransomware failed to scare users into paying up is because it was so poorly made. Within a day of its release, the self-propagating portion of its programming was brought to a halt by an individual unsure of why it included a 42-character URL that led to an unregistered domain. Once he registered the web address for himself, WannaCry stopped spreading.

Unfortunately, that doesn’t help the thousands that were already infected. And it definitely doesn’t give you an excuse to ignore what cybersecurity experts are saying, “This is only the beginning.” WannaCry was so poorly written, it’s amazing it made it as far as it did. And considering it would’ve made hundreds of millions of dollars if it was created by more capable programmers, your organization needs to prepare for the next global cyberattack.

Every single day it should be your goal to complete the following:

  • Thorough reviews of reports from basic perimeter security solutions. Antivirus software, hardware firewalls, and intrusion prevention systems log hundreds of amateur attempts on your network security every day; critical vulnerabilities can be gleaned from these documents.
  • Check for updates and security patches for every single piece of software in your office, from accounting apps to operating systems. Computers with the latest updates from Microsoft were totally safe from WannaCry, which should be motivation to never again click “Remind me later.”
  • Social engineering and phishing may not have been factors this time around, but training employees to recognize suspicious links is a surefire strategy for avoiding the thousands of other malware strains that threaten your business.

Revisiting these strategies every single day may seem a bit much, but we’ve been in the industry long enough to know that it takes only one mistake to bring your operations to a halt. For daily monitoring and support, plus industry-leading cybersecurity advice, call us today.

Published with permission from TechAdvisory.org. Source.

/by

This fake Google app is really a phishing scam

If employee training and education isn’t an integral part of your cybersecurity strategy, a recent scam might force you to reconsider. Instead of relying on complicated programming code to steal and destroy data, hackers are increasingly relying on human errors to get the job done. Even well-trained users are falling for the most recent ploy, take a look.

Broadly defined, “phishing” is any form of fraud in which an attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

These messages prey on users who click links, images and buttons without thoroughly investigating where they lead to. Sometimes the scam is as simple as an image with a government emblem on it that links to a website containing malware. Just hovering your mouse over the image would be enough to see through it. But some phishing schemes are far more difficult to recognize.

The Google Defender scam

Recently, an email spread to millions of Gmail accounts that almost perfectly imitated a message from Google. The text read:

“Our security system detected several unexpected sign-in attempts on your account. To improve your account safety use our new official application “Google Defender”.

Below that was a button to “Install Google Defender”. What made this scheme so hard to detect is that the button actually links to a totally legitimate site…within Google’s own framework. When third-party app developers create Gmail integrations, Google directs users to an in-house security page that essentially says, “By clicking this you are giving Google Defender access to your entire inbox. Are you sure you want to do this?”

Even to wary users, the original message looks like it came from Google. And the link took them to a legitimate Google security page — anyone could have fallen for it. The Gmail team immediately began assuring users that they were aware of the scam and working on eradicating it and any potential copycats.

There’s no happy ending to this story. Although vendors and cybersecurity experts were able to respond to the crisis on the same day it was released, millions of accounts were still affected. The best way to prepare your business is with thorough employee training and disaster recovery plans that are prepared to respond to a breach. To find out how we can protect your business, call today.

Published with permission from TechAdvisory.org. Source.

/by

Sly phishing attack catching users off guard

You pay close enough attention to the links you click to avoid clicking on something like goolge.com or evrenote.com…right? Because if you’re not, you could end up exposing your computer or smartphone to a host of malware. The newest phishing attack strategy is the worst of all, and can catch even the most astute users off guard.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.

/by

Wikileaks’ charges of government spying

2017April6Security_CStaving off malicious cyber attackers is already a herculean task, so the last thing you need is to feel exposed from a totally new angle. That’s how many felt after Wikileaks’ accusations that the US government was spying on its citizens. However, the truth is a lot different from what the headlines would have you believe.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering — and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago.

But what about iOS — surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today.

Published with permission from TechAdvisory.org. Source.

/by

No Ransom: a place for free decryption

2017March22Security_CAlthough a ransomware infection might feel targeted, you’re not the only one who’s been infected. Ransomware is spreading at an alarming rate, but the further it goes, the more resources are allocated to fighting it. If your data is held hostage, always check these lists for free decryptors first.

The state of ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.

In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.

Zombie ransomware is easy to defeat

Not every type of infection is targeted to individual organizations. Some infections may happen as a result of self-propagating ransomware strains, while others might come from cyber attackers who are hoping targets are so scared that they pay up before doing any research on how dated the strain is.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

Prevention

But even when you can get your data back for free, getting hit with malware is no walk in the park. There are essentially three basic approaches to preventing ransomware. First, train your employees about what they should and shouldn’t be opening when browsing the web and checking email.

Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.

Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. If you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting against a never-ending stream of cyber attacks — hand it over to us and be done with it. Call today to find out more.

Published with permission from TechAdvisory.org. Source.

/by

Fileless malware: who are the targets?

2017March3Security_CBusiness owners have spent the last couple months fearful of cyber attacks from the “fileless malware” plastered across headlines. The reality of this new threat doesn’t actually call for panic…yet. Getting acquainted with this new malware today could save you from a headache in the future.

What is this new threat?

To oversimplify the matter, fileless malware is stored somewhere other than a hard drive. For example, with some incredibly talented programming, a piece of malware could be stored in your Random Access Memory (RAM).

RAM is a type of temporary memory used only by applications that are running, which means antivirus software never scans it on account of its temporary nature. This makes fileless malware incredibly hard to detect.

This isn’t the first time it’s been detected

Industry-leading cyber security firm Kaspersky Lab first discovered a type of fileless malware on its very own network almost two years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

Where is it now?

Apparently being infected by this strain of malware makes you an expert because Kaspersky Lab was the group that uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked towards obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyber attackers to withdraw undisclosed sums of cash from ATMs.

Am I at risk?

It is extremely unlikely your business would have been targeted in the earliest stages of this particular strain of malware. Whoever created this program is after cold hard cash. Not ransoms, not valuable data, and not destruction. Unless your network directly handles the transfer of cash assets, you’re fine.

If you want to be extra careful, employ solutions that analyze trends in behavior. When hackers acquire login information, they usually test it out at odd hours and any intrusion prevention system should be able to recognize the attempt as dubious.

Should I worry about the future?

The answer is a bit of a mixed bag. Cybersecurity requires constant attention and education, but it’s not something you can just jump into. What you should do is hire a managed services provider that promises 24/7 network monitoring and up-to-the-minute patches and software updates — like us. Call today to get started.

Published with permission from TechAdvisory.org. Source.

/by

5 great ways to prevent cyber-attacks

2017February15_Security_CAs technology consultants, we’re stuck between a rock and a hard place. We want to provide our clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most foundational aspects of our cyber-security would most likely put you to sleep before convincing you of our expertise. But if you really want to know, here are a few summaries of how we focus on proactive strategies rather than reactive ones.

Understand the threats you’re facing

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

  • Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
  • “Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
  • Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.
  • Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
  • Antivirus software that specializes in the threats most common to your industry.

As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security by giving us a call for a demonstration.

Published with permission from TechAdvisory.org. Source.

/by

Statistics for cyber security during 2016

2017january12_security_cAs cyber attacks continue to rise, businesses large and small need to stay one step ahead with IT services that keep them protected no matter what. What once were minor nuisances have now become advanced threats that can actually put you out of business. In fact, these cyber attack statistics will prove to you that you need managed services from a technology provider to remain safe and competitive.

The numbers

Small businesses are not at risk of being attacked, but worse, they’ve already fallen victim to cyber threats. According to Small Business Trends, 55 percent of survey respondents say their companies have experienced cyber attack sometime between 2015 and 2016. Not only that, 50 percent reported they have experienced data breaches with customer and employee information during that time, too. The aftermath of these incidents? These companies spent an average of $879,582 to fix the damages done to their IT assets and recover their data. To make matters worse, disruption to their daily operations cost an average of $955,429.

The attacks

So what types of attack did these businesses experience? The order from most to least common are as follows: Web-based attacks, phishing, general malware, SQL injection, stolen devices, denial of services, advanced malware, malicious insider, cross-site scripting, ransomware and others.

Why managed services?

Managed services is the most effective prevention and protection from these malicious threats. They include a full range of proactive IT support that focuses on advanced security such as around the clock monitoring, data encryption and backup, real-time threat prevention and elimination, network and firewall protection and more.

Not only that, but because managed services are designed to identify weak spots in your IT infrastructure and fix them, you’ll enjoy other benefits including faster network performance, business continuity and disaster recovery as well as minimal downtime. One of the best things about managed services is the fact that you get a dedicated team of IT professionals ready to assist with any technology problems you might have. This is much more effective and budget-friendly than having an in-house personnel handling all your IT issues.

Being proactive when it comes to cyber security is the only way to protect what you’ve worked hard to built. If you’d like to know more about how managed services can benefit your business, just give us a call, we’re sure we can help.

Published with permission from TechAdvisory.org. Source.

/by

Easy tips for preventing a costly data breach

2016november25_security_cBusiness technology has become one of the most important components for successful companies big and small. In an overwhelmingly digital landscape, businesses depend on IT for marketing, data storage, and financial transactions. And with that comes the need to secure every bit of private information cyber criminals might want to feast their eyes on. And while an outsourced security professional is a must, there are a few simple steps you can do yourself to get started. Check out five of our favorites here.

Limitation of lateral data transfers

Employees not being educated on data sharing and security is one of the biggest reasons for internal data breaches. It’s a good idea to limit access to important data and information by restricting access privileges to only a small number of individuals. Also, you can decide to use network segmentation to cut unnecessary communication from your own network to others.

Keeping your machines and devices updated

Internal breaches might also occur when employees work with unguarded or unprotected machines. They might unknowingly download malware, which normally wouldn’t be a problem if machines were properly managed. Updating your operating systems, antivirus software, business software, and firewalls as often as possible will go a long way toward solidifying your defense systems.

Use monitoring and machine learning to sniff out abnormalities

It’s not all on your employees, however. Network administrators should employ monitoring software to prevent breaches by analyzing what is “normal” behavior and comparing that to what appears to be suspicious behavior. Cyber criminals often hide in networks to exploit them over a long period of time. Even if you miss them the first time, you should monitor suspicious activity so you can recognize impropriety and amend security policies before it goes any further.

Creating strong security passwords and credentials

No matter how often we say it, there’s always room for improvement when it comes to your passwords and login procedures. In addition to text-based credentials, you should require other methods whenever possible. Great for fortifying your network, fingerprints and smart cards, for example, are much harder for cyber criminals to fake. Regardless of which factors are used, they must be frequently updated to prevent breaches, accidental or otherwise.

Security Insurance

In the end, no system is perfect. Zero-day attacks exploit unknown gaps in security, and human error, accidental or otherwise, can never be totally prevented. And for this reason, small businesses need to start embracing cyber insurance policies. These policies help cover the damages that might occur even under a top-of-the-line security infrastructure. Considerations for selecting a policy include legal fees, first and third-party coverage, and coverage for reputation rehabilitation.

The field of cyber security is overwhelming — even for seasoned IT professionals. But not for us. We spend our days researching and experimenting to craft the best security solutions on the market. If you’re interested in one of our cutting-edge cyber-security plans, call us today.

Published with permission from TechAdvisory.org. Source.

/by

Youth: the real tech-scam victims

2016november10_security_cScam artists will stop at nothing to make an extra buck, which means that people need to be vigilant about protecting their valuable information. While the phone is still a popular method of approach, the Internet has opened a new avenue for the scammer to attempt to steal your money. Keep reading to find out why younger consumers are more prone to falling for new scamming tactics.

Results Conclude Youth is more Gullible

Microsoft recently conducted a survey of 1000 computer users of all ages and from many of the largest countries in the world to find out how many of them had been scammed by phony “technicians” claiming to be employees of Microsoft or other major computer conglomerates. The results were startling when studied demographically. Researchers discovered that seniors, who were traditionally viewed as the major victims of such fraudulent schemes, were not the most likely group to fall for the scam.

Research indicated that although seniors were most likely to buy into a telephone scam, they still did not fall for the act as much as younger age groups. The study found, in fact, that between the ages of 18 and 24, people were 2.5 times more likely to fall for the scam than seniors. Those between the ages of 25 and 34 were three times more likely than seniors to be tricked.

The scam that the Microsoft company recently studied involved the following scenario: Either a person calls claiming to be a technical support technician, or an email or pop-up alerts you that your computer is locked or otherwise compromised. In order to fix the problem, you need to call someone and pay for a program or provide access to your computer so some purported technician can solve the problem “remotely.”

If you fall for this scam, you are giving them funds for a false program or access to your computer — which also allows them access to your personal data and the ability to install malware onto your system. The study revealed that two-thirds of those surveyed (around 660 people) had experienced the scam first-hand. One in five had listened long enough to hear the story, and 1 in 10 actually gave the scammer money.

Why the Younger Demographic Became Easy Victims

While older adults often respond more to phone calls, younger people have learned to ignore phone calls, saving them from being phone victims. However, because younger adults spend the majority of their time online and often remain acutely aware of the status of their computer and online presence, they are more prone to react to a pop-up or email claiming that their computer is in danger. Nearly 60% of the adults aged 18-24 in the study say they were exposed to the scam through pop-up ads or online correspondence.

The takeaway here is simple: Cybersecurity is about more than just firewalls and antivirus software. You need to shore up the human side of your protection protocols. The best way to start is by doing some quick research on social engineering in our previous blogs, but ultimately you’ll need something a little more thorough. Contact us today for more tips and to ask about scheduling a cybersecurity training for your employees.

Published with permission from TechAdvisory.org. Source.

/by