by Felicien | Jun 27, 2017 | Education
Reports have begun to pour in regarding a new ransomware infection currently wreaking havoc in Russia, Ukraine, France, Spain, and several other countries. This highly sophisticated Russian strain is known as Petya or Petrwrap, and it has been advancing on a scale comparable to the recent WannaCry ransomware infection. However, unlike WannaCry, this strain lacks both the errors WannaCry contained as well as lacking a kill-switch.
A wide range of businesses have reported being hit with this infection, with victims receiving the following message: “If you see this text, then your files are no longer accessible because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.” Sources state that the message appears as red text on a black background, and demands $300 worth of bitcoin in exchange for the decryption key.
While it has not been completely confirmed as of yet, Petya/Petrwrap looks to be taking advantage of the EternalBlue exploit, which was leaked by a group known as The Shadow Brokers. If EternalBlue sounds familiar to you, it should – it’s the same exploit WannaCry took advantage of.
Steps You Need to Take
If you haven’t already, you should be taking steps to protect your business against this exploit by installing the MS17-010 security update from Windows (which you can find here) and checking to see that your systems are fully patched. Like WannaCry, Petya/Petrwrap has the ability to compromise systems that are firewall protected. As this is a true worm, if the infection is able to reach a single computer within your network all of your systems and servers are at risk of becoming infected.
Take a moment to remind your staff that they need to be exercising extreme caution at all times when checking their email. If anything even slightly suspicious finds its way into an employee’s inbox, they need to know how to handle the situation and who to alert. All it takes is one mistake for your business to suffer serious damage, and events like this serve as an ugly reminder that a certain level of vigilance is required at all times to keep your business secure.
If you have concerns or want to find out more about what you can do to protect your business in the wake of this latest ransomware attack, please contact {company} right away at {email} or {phone}. Our team is here to help.
by Felicien | Jun 27, 2017 | Education
This is an article about the recent hack of the popular password manager OneLogin. We will briefly examine the impact this might have had on its users.
In a blog post, the chief security officer of OneLogin Mr. Alvaro Hoyos said that they were aware of unauthorized access to their data in the US data region. Following this, the company had reached out to customers to inform them.
He added that the company had managed to block the unauthorized access after the bleach and was corporating with law enforcers to try to seize the criminals.
Initially, the blog post was very short on details. For instance, the post did not mention that sensitive customer data had been obtained during the hack, which the company had only mentioned in the email they sent to their customers.
The email said that OneLogin believed the breach had affected all of their US customers and that all their sensitive data had been compromised.
In an update, the company said that the hacker had obtained access to Amazon Web Service keys and used the keys to gain access to an AWS API from an intermediate host with a smaller service provider within the US.
OneLogin confirmed that the attack began at 2 am (PT), but staff only realized unusual database activity a few hours later. Within a few minutes of realizing this, they shut down the system as well as all affected AWS keys used to create the hack.
According to the company, the hacker was able to access the database tables that hold all information pertaining to users, the various types of keys, and apps. OneLogin added that although most of their data was encrypted, they could not rule out the fact that the hacker may have obtained a way to decrypt the data. However, the spokesperson did not clarify which type of data is encrypted and which is not.
People Have some Hard Questions
Some people want the question of how hackers had accessed customer data, which could be decrypted. For instance, they wondered how OneLogin could have encrypted data and made the decryption method accessible enough for hackers to gain access to it.
For now, OneLogin is advising customers to change their passwords, create new OAuth tokens, and generate new API keys for their services. Additionally, it is advising customers to create new security certificates. The company added that data used by IT administrators, stored in the Secure Note feature and used in storing important network passwords could be decrypted.
How Many Were Affected
The company did not give figures on how many of its customers the breach affected. However, on its site, it serves some of the largest companies on earth including Dun & Bradstreet, ARM, Conde Nast, and the Carlyle Group. However, Dropbox has denied they are a customer of OneLogin.
How Does OneLogin Work?
OneLogin lets corporate users of its service gain access to multiple sites, web applications, and services using a single password. It is estimated that the company serves millions of users in over 2,000 countries in dozens of countries around the world.
It integrates hundreds of third-party services and apps such as Office 365, LinkedIn, Slack, Twitter, Google, and Amazon Web Services with a single sign-in feature.
This is the second time the company is suffering from a major hack of their system in two years. In August of 2016, it warned users that someone had accessed to its Secure Notes service. However, it denied that it had lost any customer data because of the hack.
How will It Proceed from Here
One Login said that they were working with a security firm to determine how the hack occurred. In addition, they said they wanted to verify how extensive the leak had been. They also added that they were working on a solution on how to prevent a similar hack in future. For now, the company says it cannot divulge much else because law enforcement is still investigating the incident.
OneLogin is by no means the only company in the US that offers the single sign-on feature. However, that is not to suggest that other companies have also been hacked. However, it does mean that other companies should take precaution when dealing with customer data. The prospect of getting access to so many high-value accounts with one hit makes them a prime target.
by Felicien | Jun 27, 2017 | Education
Digital transformation – is your business ready? Do you have a solid grasp of the true essence of the process? If not, it’s not too late – learn more here:
Digital transformation, disruption, and digitization. It can seem as though anywhere you look in business, those hot-button terms are at the center of every conversation. New technology, predictive analytics, and business optimization are all the rage. But few businesses have looked beyond the tech to the real-world differences this process will make in our businesses and everyday lives.
Some years ago, I remember reading a summary of Machiavelli’s The Prince to gain a better grasp of what this Renaissance mastermind had to say about the world. One piece, in particular, stood out, that if you can’t win the game using the existing rules, change the game. As digitization and digital transformation change the way we do business and interact your business “game” – the method by which you retain success – may also be changing drastically. If you don’t change your game to keep up with transformation and disruption in your industry, you may find your business left behind. What changes can you expect from the true essence of digital transformation?
How Will the True Essence of Digital Transformation Impact Your Company?
What is it – really?
Digital transformation is the result of combining inexpensive technology, pervasive network availability, supercomputing power, cloud computing and digital security. With these five aspects in place, everyday people expect to be more connected to life through their devices, whether that involves tracking a shipment, video chatting with a customer service rep, having their preferences follow them to your website from social media or expecting that you’ll know when an appliance needs repair instead of having to determine that for themselves.
It’s really easy to get caught up in the technology, but we must remember the human factor. At the start of popular use of the internet, customer interactions were much like ordering from a catalog. You filled in a form in some fashion, then submitted your payment and sometime later, you’d receive your purchase. As time went on, receiving tracking numbers and fulfillment dates became the norm.
With the advent of the digital revolution, business models began to change. Today’s largest taxi service, Uber, owns no taxis. AirBnB doesn’t own any lodgings. Apple, Google, and Amazon don’t own the rights to any music. These new business models require existing businesses to keep up and adapt to these changes or be left behind following the industry disruption.
Where is it taking us?
Tomorrow’s business is a dynamic, agile enterprise that is able to adapt to change in the market while remaining profitable and responsive to client demands. It will be expected to predict failures in machinery, future customer behavior and increasing demands for innovation. Simply opening another online storefront or marketing to a new social media page won’t suffice, you’ll need to set yourself apart through your products, your fan base, your company culture and the difference you make in the world.
How do you get there from here? Maybe you incorporate Facebook or Google+ sign in options for your website and ordering process, allowing you to update customers about their orders through social media. You could use Google Analytics to figure out not just a good advertising campaign but the best possible one. Market research may allow you to better focus on the exact persona of your best customers, helping you focus on only the most profitable sector of your market.
Why does it matter?
There have been many changes in the market as technology has advanced, so why should you worry about this change? IDC Energy predicts that by next year, a full third of the top-20 leading market share businesses will have been disrupted by competitors with new business models. It’s expected that by the end of this year, 45% of the world’s workforce will be contingent labor, many of which prefer to work from home. Deloitte has reduced human review of accounting documents by half using machine learning. Change is here, now. Customers expect to be the center of your business and process, not a simple revenue source.
Early adopters of digital transformation are also seeing increased market shares and revenues while lowering overhead costs. NTT DOCOMO, a telecom company, is already receiving 15% of its revenues from its Smart Life Suite. Early agribusiness adopters are seeing a 9% increase in revenue creation, a 26% improvement in profitability and a 12% increase in their market valuation. The question isn’t why does it matter, it’s can you afford to not care?
How do I get there from here?
Digital transformation can be a complex process, and you need to start with a good grasp of what needs to change in your IT department to make it work. Rather than being a supplier of services, your IT resources will become integrated into every part of your company. Innovation will be driven by a stronger cooperation and cooperative development from all areas of the company. To get there, you’re going to need to change the historical role of IT from being a side department that keeps things running smoothly to facilitating an enterprise-wide approach to digital transformation.
Your IT assets must play a central role in planning where your business will be in a year, five years or a decade. You’ll need visionaries capable of seeing what’s possible today and what innovations can take your company through the next twenty years. To develop solutions that work, you need IT personnel and solutions that focus on creating superior functionality for your employees and customers by breaking down what each person is doing, why they’re doing it and how it can be improved to streamline the process. If you need dynamic solutions in {city}, {company} is here to help. Please feel free to email us (link {email}) or call us at {phone} to get started.
by Felicien | Jun 26, 2017 | Education
The future has arrived where AI and human beings partner to improve business and quality of life.
Two of the themes Sci-Fi movie fans have always loved about the genre are “artificial intelligence” and “the future.” On the friendly side, the Stars Wars franchise played up the good-natured but sometimes annoying thinking robot C3P0. On the ominous side, Arnold Schwarzenegger earned his action bones as The Terminator, while underscoring the idea that the future is unwritten. Since most of us don’t interact with high-level AI on a daily basis, our feelings about thinking machines are based on ideas in popular culture. Artificial intelligence could be good or it could be dangerous. But whether we like it or not, AI is not a something in an alternative future because that future is now. One of the questions we’re asking at INTIVIX is: Can humans and AI improve business and quality of life together?
The Answer is Now
Amazon may have taken the first giant leap toward acclimating humankind to AI with the popular Alexa. More than 1.8 million people have embraced the affable little AI device that manages more than 3,000 tasks, talks to us in a pleasant voice and will even unlock our car. Alexa appears to be everyone’s new friend. But in terms of business efficiency, Alexa has also improved workplace productivity by shortening the time it takes to type in a Google search to just asking it a question. There’s no need to even switch web pages any longer thanks to our kindly AI. And that forms the basic intersection of how AI and humans can cohabitate in the workplace while jointly improving business efficiency.
There’s little doubt that Alexa has also improved people’s emotional comfort with AI in the home and workplace. No one lost their job because the tiny box provided quick answers and that helps set the stage for AI and humans to do bigger and better things together.
To that end, investment into AI technology has accelerated at a near-exponential level in recent years. Speculators dropped a paltry $282 million into development in 2011. But that has ballooned into $1.5 billion last year and more than 200 companies are drilling down on AI in ways that help workers. Like I said, the future is now.
Smart Analytics
All the analytics experts reading this, raise your hands. Apparently, not everyone has mastered analytics but AI could be changing that for you. Years ago, there were massive filing cabinets filled with paper and numbers and we hired people to make sense of it all. Today, we have databases that any designated coworker can access. Unfortunately, few can make sense of it because we don’t speak the language.
Emerging AI can translate “dataese” into English, Spanish or any language you program. By transforming information into a human narrative and being able to ask targeted questions, AI can turn all of us into analytics experts, to some degree. If we know the right questions to ask, AI can pull the answers from mass collected data. The human-AI relationship becomes symbiotic with the caveat that human beings are the creative minds and ultimate decision makers. In effect, AI just helps make us better and more knowledgeable about our respective field.
Changing Responsibilities
Millennials seem to have a higher comfort level working with AI than those with an eye toward retirement. There have always been cultural gaps between young and old. There was a time rock ‘n’ roll was considered immoral and good TV had to be PG. Maybe they were right. But I digress. The point is that Millennials have a forward-thinking perspective about AI and many believe it will reduce the need for tough labor while increasing opportunities for creativity. Think “Star Trek: Next Generation” where professional endeavors are pursued out of passion instead of paying the mortgage and utility bills. Consider these examples and how they may change human tasks and quality of life.
Robotics Automation: It’s true that manufacturing sectors have brought in human-replacing robotics to improve efficiency. Technology has always taken people out of tough manual labor. Think farm equipment replacing hand-picking crops or the Industrial Revolution automating weaving. The rise of AI is taking humans out of dangerous environments and back-breaking physical jobs and into thinking tasks. Stock Trading: Hedge funds and trading companies have already put AI to use generating algorithms and racking up profits. One company reportedly can replicate up to 1,800 days of trading in minutes. This doesn’t mean all those Wall Street traders shouting with hands in the air are going the way of the dinosaur. In fact, AI trading relies on human thought patterns to generate predictive models. It’s more likely that this AI product will open the door to more startup outfits and individual wealth. Again, it plays into the Millennial idea of machines doing the heavy lifting so that humans can pursue higher callings.
In many ways, we live at a unique time in history where the fears and realities of AI are sorting themselves out. On one hand, no one can dispute the fact that AI automation displaced physical labor in manufacturing. On the other hand, unemployment stands at a 16-year low. That means humans have not been kicked to the curb. It seems to point to improved wage-earning business environments where AI and other technologies co-exist with everyday people. Simply put, Alexa is our friend.
At CompNetSys, we provide innovative IT consulting and support services.
by Felicien | Jun 26, 2017 | Education
They are convenient, help you save time, energy and money, but smart home devices could pose a security risk for the unaware.
Here’s what to know before you opt for smart home technology.
Smart home technology is designed to help your home run more efficiently and to make it easier for you to access and control various features and devices. When you add or use smart home technology, you connect a smart device to your home network and other, existing devices. This interconnectivity allows these devices to work together and allows you to control parts of your home from a mobile device. While using smart home technology is fun and easy, it can elevate your risk of exploitation, identity theft, and cybercrime. Learning more about the ways smart home technology could expose you to risk can help you take action to ensure your home network is secure.
As consumers continue to adopt home automation and the Internet of Things (IOT) some clear risk issues are emerging. From home security systems to fun gadgets and even your appliances, here are some of the ways hackers are using automation to harm victims.
Camera Exploitation
Home security systems, smart doorbells and even fun applications like Amazon’s new Echo Look used cameras and feeds to improve access and functionality. Users can control cameras to view different areas of the home or to see who has arrived at the front door. A hacker wishing to access the home network and exploit it could find vulnerabilities within camera devices. Once inside, the cybercriminal could seize control of the camera and even intercept warning and security message. At least one company, Motorola, had issues when hackers were able to identify and exploit camera feeds. The camera, which was intended to help the homeowner, was used instead to spy on the homeowner and case the home. While this particular issue was corrected, any in-home device with a camera needs to be carefully monitored and secured to ensure it is not being exploited by others.
Smart Locks
They make it easy to get into your home, even if your hands are full, simply wave a RFID-equipped tag or enter a code to gain access. Hackers can exploit these security devices via the apps used to set them up. By offering a malware-loaded application that proposes to help improve security and improve battery life, researchers in a recent study were able to access and exploit common smart locks in seconds.
While this test was limited to Samsung smart lock technology and the company took steps to mitigate risk, the fact remains that the locks were easily bypassed. The “hackers” were able to choose alternative pin codes to gain access to the home and remove alerts that were designed to notify the homeowner of changes. If you use smart locks or other smart devices, be aware that third-party apps may not be there for your benefit at all.
Smart Doorbells
Find out who is at the door – and spot the guy stealing your packages, too. Smart doorbells are designed to enhance security, but doorbells like Ring can put your network at risk. A recent security test showed that hackers could exploit the doorbell to gain access to the entire Wi-Fi network; the hacker should simply remove Ring’s cover and press the reset button to be granted access. While Ring swiftly released an update, the existence of this major security flaw put early adopters at risk the moment they installed the doorbell.
Home Assistants
From Amazon’s Alexa to Google’s smart home assistants, the devices designed to make your life easier could also provide access to your home or result in costly errors. Whether the assistant allows an elderly family member with dementia to order dozens of new appliances or accepts an order from a child for multiple Barbies, your bank account can take a hit. A third party could easily access your device and order items for themselves, too.
As these devices become more sophisticated and include cameras, they can be used to exploit your network and privacy. Amazon’s Echo Look is designed to be placed in a changing area or closet and snap images of your clothing. A hacker could easily exploit this and have the perfect view of your changing area or bedroom.
Mitigate your Risk when Using Smart Home Technology
Be aware of what you are using: Make sure you know what the device does and what it is capable of doing. You may be installing that nanny cam to make sure your childcare provider is acting responsibly, but if others could exploit it as well, you need to make sure it is secure.
Update devices regularly: As security issues are identified, manufacturers make updates and patches to close loopholes and eliminate vulnerabilities. Updating your software regularly helps protect you from those who would exploit your network.
Be aware of phishing: A phishing scam could allow malware to enter your system and give the criminal control of everything from your oven to your in-house security feed. While many cybercriminals use malware to seize control and deliver ransomware to your computers, others can hide silently in your system, waiting for a chance to exploit your network. If you fall for a phishing scam, every device in your home could be impacted.
Choose strong passwords: Every device you have needs a strong password, even if it is not terribly convenient. Since any device could; potentially allow access, using “password” “123456” or other common choices increase your risk of exploitation.
Keep track of devices: If you lose your smartphone, Fitbit or tablet, the person who finds it can have legacy access to your entire home full of devices; you’ll need to check your security settings and change your passwords if you lose a controlling device.
Avoid third party applications: It may seem like a way to enhance your smart home, but downloading and using third-party apps could lead to trouble. Hackers create what seem like useful applications for your smart home products, but once you download these apps, your network is easily accessible to the creators of the app, boosting your risk considerably.
Smart home technology is designed to make your life easier and better, and being aware of the potential risks can help ensure that you get all the benefits of these innovative devices without any of the risks.
