by Felicien | Oct 28, 2017 | Education
Social engineering tactics let hackers take cyber attacks to a whole new level by focusing on a specific target. This kind of special attention and extra detail can often be just enough to fool users into clicking, downloading, or otherwise helping a hacker get exactly what they want.
Here are 5 of these scams you should know how to spot and avoid.
Phishing – The most common type of social engineering scam, phishing is typically done through email. By posing as a financial institution or government agency, hackers send out urgent-seeming emails that contain malicious attachments or embedded links that when clicked release malware onto your system.
Baiting – Like phishing, these emails often appear to come from a legitimate source. Rather than relying on scare tactics these emails instead offer the target some sort of incentive to open attachments or click on links, like a free gift card or a free mobile phone or tablet.
Tailgating – This low-tech tactic is still surprisingly common. By pretending to be a fellow employee who forgot their badge or a delivery person, a scammer will ask you to open a door for them that will allow them access to workstations or restricted areas.
Pretexting – Another form of phishing, this has a hacker pose as a C-level employee or a supervisor from another department and send an email asking for sensitive information like passwords. They might also send an attachment that contains a hidden malicious payload.
Quid Pro Quo – Much like baiting, this tactic has hackers pose as someone who can help the target with a task in exchange for information. Typically this ruse involves the hacker pretending to be IT support, offering to fix a non-existent problem in exchange for login credentials.
Contact {company} at {email} or {phone} to learn more about social engineering scams, and the steps you can take to protect your business from this type of cybercrime.
by Felicien | Oct 28, 2017 | Education
Alan owns a small business and he works hard every day to ensure his business is successful.
Alan has realized that to be successful, he must be 100% focused on the things that matter….
Things like…
… winning new business
…. keeping his customers happy
… managing his expenses
…..And of course ensuring his staff has everything they need to provide the best customer service
Alan has no time for computers and technology getting in the way of day-to-day operations.
This is where we come in.
In the past, Alan spent significant time and resources making sure all the technology being used within his operations was working. Unfortunately, this often didn’t work out well which negatively impacted Alan’s employees, Alan’s customers and ultimately Alan’s stress levels.
One day, Alan realized that there had to be a better way…
Alan finally recognized what he needed was an IT Support and Computer Services company he could trust.
So, Alan hired our team to take care of his team by making sure his computers, printers, emails and all his technology stays up and running. This allows Alan and his team to focus on their number one priority.. their customers.
Want to be more like Alan?
Simple, just contact us today!
We can help you focus on the things that really matter to your business
Give us a call or visit our website now to learn more!
by Felicien | Oct 27, 2017 | Education
Whether in business, at home or out at play we are connected to the internet all day, all the time.
We check our smartphones every five seconds. As a business, it’s much of the same thing. We are connected with the office, with clients, and with vendors. You might store your important data on the cloud such as client information and employee records.
Even your devices are now potential targets. A hacker could try and get into your smartphone and steal from your Apple Pay. Any device connected to the internet now could be a target: smartphone, tablet, Fitbit, or even your cars are all targets for cyber attacks.
RANSOMWARE
An email can be all a hacker needs to take over your system. Ransomware has been a popular means of getting into your network or computer and restricting access to files then making you pay to get them back. The “Locky” version of ransomware has been in the news as recently as early August 2017. Users are tricked into opening attachments such as DOCX, PDF, ZIP and JPG files. The attachment is really hiding the ransomware virus that immediately infects your system and hijacks files with a specific extension.
It changes the file names to a specific 16 letter and number combination file name with the “locky” file extension. Users get instructions to download a torrent browser where they must go to a site on the dark web. Here the hacker agrees to give the files back for money, usually up to one bitcoin (over $4,000).
ELECTRONIC MEDICAL RECORDS & DEVICES
Another real cyber threat pertains to the Healthcare industry. Electronic medical records (EMR) and smart medical devices are new technology that is at high risk for cyber attacks. According to Health IT News and HIMSS Analytics, 75% of hospitals surveyed have been or could have been hit by a ransomware attack. As the Healthcare industry adjusts to the benefits of having data online and at their fingertips, it comes with inherent challenges as well.
Connecting more devices to hospital networks can make the sensitive data more vulnerable than ever. Patient medical records contain such a wide range of information that they have become enticing to hackers. While the industry continues to get a handle on protecting such data, hackers will continue to exploit this.
Another real threat is devices that are attached to patients. Anything that uses Wi-Fi or Bluetooth could be vulnerable to hacker attacks. A hacker could change a patient’s insulin dose, send electrical signals to a patient or alter important monitoring data. Many devices in the Healthcare field have little to no monitoring that will continue to be a problem. And with much of it being regulated by the Food & Drug Administration (FDA), patching the software could be a lengthy process.
THIRD PARTY
Another increasingly common hacker attack victim is a third-party such as vendors and contractors. Securing important business data through a reliable MSP gives you peace of mind that you are doing everything you can to protect your business. But what about that construction foreman and his smartphone, or that vendor that has you sign for things on an iPad? Anyone of these could be vulnerable to a cyber attack and not even know it.
Hackers in 2013 stole the information of 110 million Target customers after exploiting a vulnerability in the chain’s refrigeration vendor. Similarly, Wendy’s was the victim of a cyber attack in 2015 when a third-party vendor was hacked, resulting in 1,025 Wendy’s locations being affected. Third-party vendors and contractors are a normal part of a modern business that is unlikely to go away, and as business becomes more reliant on them, then there needs to be more accountability across third-party vendors.
MOBILE PAYMENTS
How many of us use our phones to pay for stuff? It is so easy now to pay using Apple Pay, Samsung Pay, MasterPass, Wal-Mart Pay and more. This is a new frontier for hackers who work to find a way to crack into this form of payment. The number of companies offering these RFID (radio frequency identification) and NFC (near field communication) mobile payment platforms is increasing every day.
Some common ways hackers could try and gain access to your mobile payment information could be:
Man in the Middle Attacks – A third-party disrupts the connection between the customer and the merchant. This is usually another app trying to pose as the actual payment app.
Data Breaches – The merchant’s customer database is hacked and all the customer information is stolen. This data can then be used for identity theft or other malicious attacks.
Loss or Theft of Your Device – Your device is lost or stolen. Your payment information, as well as other data, is found by an unsavory character. This can result in the thief using your payment information for malicious purposes. They could also sell your data on the dark web.
If a hacker could gain access to this form of payment, imagine how much they could get from payment information to financial details. Plus, once they have hacked into your payment app, the next logical step is getting into your phone. For some, that’s game over.
by Felicien | Oct 27, 2017 | Education
There’s no denying that today information is more accessible and easier to obtain than ever before. From the internet, tablets, smartphones, and even your laptop information is everywhere and can be accessed from anywhere. But do we know all the ins and outs of making this “connect from anywhere” information stream work?
As a business owner, big or small, why would you put the pressure and stress of maintaining your own IT services as well as trying to run your company and turn a profit when you can let someone else take on that worry. Allow someone whose sole job is IT services handle things like data storage and server maintenance, allowing you to worry about other things like payroll or sales.
An IT services provider is equipped to handle issues that can lead to devastating downtime or loss of function. The service provider will have the knowledge and the current technologies to handle the problem and get you back up and running with minimal downtime or effect on your business. Plus, you do not have to use one of your salesmen to fix someone’s laptop or install a new server.
If you’re still on the fence as to why you should hire an outside source to maintain your IT services, take these points into consideration:
Efficient cost management
This is probably the number one reason any business would want to switch over to outsource your IT services. It lowers cost and frees up funds for other aspects of the business. Who doesn’t want to save money?
Reap the benefits of freed up resources
As a business owner, you have limited resources already, so why use up even more of those resources maintaining something that you know little about? So why not let someone else take over the management of your IT services, freeing up your resources for other aspects of your business. You can finally free up Bob from accounting to do his job and let an IT professional fix the busted laptops.
Share the risk burden
Another big positive of having a third-party company handling your IT services is that you share the infrastructure risk. This will allow you as a business to become more flexible and agile, allowing you to deliver better products over the long run. Again, this goes towards lowering costs and the stress of having to maintain a network when you may not understand all the ins and outs of a network.
Re-focus your priorities
Letting someone else handle the IT services allows you to focus more on your business. If you’re worried about your network or data storage issues you’re not focused on your business. It is not productive to split your time between six different computer issues and trying to make a sale to stay in the black.
Access to data management expertise
If you were an IT pro, you would be in the managed service provider business. So why try maintaining your own network? Allowing an MSP to maintain your network and handle your IT services gives you access to experts in the field who know the most efficient way to run data storage or supply you with the most up-to-date equipment for your computer network.
Using an outsourced IT company frees up your staff to do the job that they were hired to do, and to do what they do best and shine. With how rapidly tech changes, how is Bob from accounting supposed to keep up? Plus, the professionals that work for the outsourced IT company are experts in their field and are paid to keep up with the most up-to-date tech out there.
Now that you’ve seen the benefits of switching over to outsourced IT services, the next step is determining what you need to turn over to the IT professional. The easy answer is everything that has to do with techs, such as computer maintenance and networking. But there is much more to a smooth-running office than just computer failures.
An outsourced IT provider can handle many things for your business:
Data center operations,
Disaster recovery,
E-Commerce web design functions
Basic support services (help desks, etc.)
Security management,
E-Mail marketing management,
Virus protection,
Data backup and recovery,
Wireless support,
Purchase consulting,
And network architecture.
It is up to you to ensure that your business is running at its peak performance. Your employees need to be able to send and receive emails, order supplies and communicate with clients. If your staff couldn’t communicate with clients and vendors, how long would your business last? With the proper IT provider, you will have access to first-class technology, allowing you to streamline processes that make them more efficient and productive. This will help your company to be able to take advantage of opportunities much more quickly.
by Felicien | Oct 27, 2017 | Education
Migrating business data to the cloud has been like a universal cure for a lot of businesses.
Having vital information in the cloud allows a company to spend less on IT and infrastructure, which they can put into other projects. It also allows their employees to access that information from anywhere, discussing a job with clients onsite rather than being restricted to the office.
Financial Institutions, such as banks, accountants and wealth management offices are now looking into the viability of moving your financial information to the cloud. This could mean either public, private, hybrid or community clouds as a viable place to store data. Cloud-based business is becoming the norm today and allows for plenty of flexibility and scalability in storage. But this also presents a unique set of challenges and risks that have to be addressed.
Migrating this sensitive data has inherent external obstacles and risks that these organizations need to understand and plan for. There are also in-house factors that each individual organization must deal with. These in-house problems can lead to hasty planning that can result in poor implementation. Moving to the cloud for these organizations has to be seen as not a competitive advantage, but as a necessity. However, before making the move, these companies need to be aware of the benefits as well as the downfalls of each cloud type and what it does with their data. Some reasons for the delay in acceptance of the cloud include:
Security in the cloud. Public clouds offer smaller costs and discounts, but their data may not be as secure as they would like. Although many cloud operators receive security certifications and offer encryptions, they still may require another level of security for the cloud to be a consideration. Cloud access security brokers (CASB) may be another technology that financial institutions would need to adapt to make the cloud viable for their information. CASB is a service that would sit between the financial institution and the cloud infrastructure. It’s like a gatekeeper of sorts; it allows the organization’s security policies to reach beyond its own infrastructure to the cloud. “By 2020, 85% of large enterprises will use a cloud access security broker platform for their cloud services,” according to the “Gartner Market Guide for Cloud Access Security Brokers” from October 2016.
Visibility into the cloud. Financial institutions won’t even consider moving over to a cloud-based platform until they are assured to have the features that they want. Some of those features include auditing capability, transparency, and real-time log access. These financial institutions would require as much access and input into their cloud files as they do in their own onsite infrastructure. CASB, for instance, would give the institutions access to user data from their employees as well as anyone who accessed that information from any user or device.
Legal and compliance requirements. Financial organizations have to operate under a strict regulatory structure that imposes regulations on how they operate and how they secure their operations. Any potential issues could result in penalties if something is found during an audit. Organizations have to perform their due diligence for anything that is outsourced. Sending data to the cloud is considered a form of outsourcing. CASB’s help with security, too. They have the ability to perform highly sophisticated misuse and threat detection, as well as the option to block at the user, object and device level.
Availability of the cloud. The worry of availability of cloud vendors is a worry shared by financial organizations. What happens if a vendor goes out of business? What if the vendor services are down for extended periods of time and the organization loses access to its data? These are two big and very real concerns that organizations have to deal with. If an organization has time-sensitive agreements or settlement applications, will the platform be able to accommodate them? Then there is having to move platforms. If an organization has to move from one vendor to another, they most likely will have to pay to adapt to a new platform switch. While the applications that run in a cloud environment will run from one platform to another, the dashboards are usually specific to a platform, so a new dashboard would have to be adopted.
Is there a business purpose for the cloud? The most likely reason for a financial organization not adopting the cloud could be that they simply haven’t found a business reason to move to the cloud. Whether or not the cloud is the norm for everyone else and the technology of the future, if it doesn’t make sense right now for the organization to use it, then they won’t. As with any technology, it should be used to perform or achieve a business goal, not just to say you have the latest new technology.
So what is a financial organization to do? If the organization is considering the cloud, maybe they can try a smaller move of less critical data to a private cloud as a test. This could give them insight into the security of their data and the viability of the platform. Some organizations would then have the confidence to pursue the development of a cloud-based migration strategy.
by Felicien | Oct 27, 2017 | Education
A new and malicious strain of ransomware called Bad Rabbit, began spreading this past Tuesday October 24th, with most of the reported infections seen in Russia. However, because the Bad Rabbit virus is self-propagating, and can spread across corporate networks, international organizations should remain particularly vigilant.
A small number of infection attempts have been logged in Ukraine as well. CERT-UA, the Ukrainian Computer Emergency Response Team, said there had been a “massive distribution” of Bad Rabbit in the country. An earlier bulletin from the agency said the Odessa airport and Kiev subway had been affected by a cyber attack but didn’t specify if Bad Rabbit had been involved. It has since been confirmed that Bad Rabbit was, in fact, the culprit.
First Russia, Then Ukraine, Now the US: US Department of Homeland Security Issues Warning
Early Wednesday morning, leading anti-virus security company, Avast, reported that the Bad Rabbit virus had made its way to the US. Though specific breach details are difficult to come by, the US Department of Homeland Security (DHS) issued a warning about Bad Rabbit yesterday stating:
“US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”
DHS urged individuals and businesses to take notice and be vigilant in the face of this latest malware attack. To combat the threat, DHS is urging IT professionals to review US-CERT Alerts TA16-181A and TA17-132A, each of which describes recent ransomware events.
While cybercriminals can often be hard to track and prosecute, DHS is urging professionals to recognize the importance of making explicit reports in the case of an attack. The organization asked any potential victims of Bad Rabbit to report ransomware incidents to the Internet Crime Complaint Center (IC3) immediately.
Remember the Petya Virus Back in June? Bad Rabbit is Similar and Just as Malicious
Bad Rabbit has many similarities to the Petya virus outbreak of June 2017. Both malware families use a similar style of ransom demand and employ a self-spreading mechanism. Both threats also contain a component that targets the master boot record (MBR) of an infected computer, which overwrites the existing MBR.
However, while Petya uses the EternalBlue exploit to spread in addition to classic SMB network spreading techniques, Bad Rabbit doesn’t use EternalBlue and only employs the latter technique. Secondly, Petya was technically a wiper rather than ransomware, since there was no way of retrieving a decryption key. Our analysis of Bad Rabbit confirms that it is not a wiper and encrypted data is recoverable if the key is known.
One of the most notable aspects of Bad Rabbit is its use of at least three third-party open-source tools. Aside from Mimikatz, Bad Rabbit also uses the open-source encryption tool DiskCryptor to perform encryption. It also uses drivers from ReactOS, an open-source alternative to Windows, thus reducing the amount of detectable suspicious activity on an infected computer.
Breaking Down the Bad Rabbit: How Does the Malware Invade Business Networks
The initial infection takes hold of networks through drive-by downloads on compromised websites. The malware is disguised as a fake update to Adobe Flash Player, designed specifically to dupe victims into infecting their machines. The download originates from a domain named 1dnscontrol[dot]com, although visitors may have been redirected there from another compromised domain.
Once installed onto a victim’s computer, Bad Rabbit attempts to spread itself across their network via SMB (Server Message Block). In order to obtain the necessary credentials, Bad Rabbit comes packaged with a version of Mimikatz, a hacking tool capable of changing privileges and recovering Windows passwords in plaintext. The malware also uses a hardcoded list of commonly used default credentials to attempt to guess passwords for even easier access.
Once the Bad Rabbit gains access, the virus works swiftly to encrypt the contents of a computer and asks for a payment of 0.05 bitcoins, or about $280 (£213), according to recent reports. Even worse? Once the ransom demand has been made, a countdown begins flashing on the screen, urging victims to pay up before the clock runs out. If payment isn’t made before the clock-out, the ransom amount just gets higher.
However, take note of this word to the wise: victims are strongly encouraged not to pay ransom demands. Why not? For one, there is absolutely no guarantee that the payment will restore data access. Secondly, much like the refusal to negotiate with terrorists, refusing to pay the ransom discourages criminals from using similar attacks in the future. If victims don’t pay, cybercriminals will realize their attempts at robbery won’t pay off.
Endangered Data: Understanding How Bad Rabbit Deploys Encryption
Once it is installed, Bad Rabbit will search for and encrypt machine data. Bad Rabbit takes no prisoners once the invasion is complete and all files bearing the following extensions are up for grabs:
.3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1 .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip
Unlike most ransomware infections, the encrypted files aren’t given a special extension. Instead, to check if they have been already processed, the ransomware appends a special marker at the end of an encrypted file, a Unicode “encrypted” string.
Once individual files are encrypted, Bad Rabbit will then perform a full disk encryption. After the system is restarted, a ransom note is displayed, demanding bitcoin payment for decryption.
Symantec’s Swift Response: Protections in Place for Symantec Users
Symantec customers can breathe a sigh of relief knowing that they are indeed protected against Bad Rabbit activity. Symantec has a variety of anti-virus, advanced machine learning, behavior detection, network protection and data security tools in place to keep users safe. For full details, check out the list of Symantec protection updates below:
Antivirus Updates
BadRabbit
BadRabbit!g1
BadRabbit!g2
SONAR behavior detection technology Updates
Cryptlocker!g80
Advanced Machine Learning Updates
AdvML.B
Network Protection Products
Malware Analysis Appliance detects activity associated with BadRabbit
Customers with Webpulse-enabled products are protected against activity associated with Bad Rabbit
Data Center Security Products
Data Center Security Server anti-malware mechanisms protects customers
Data Center Security Server Advanced protects against the drive-by-download and Mimikatz
Staying Vigilant, Aware and Prepared: Staying Tuned in Is the Best Defence Against Cyber Infections
Business organizations are particularly vulnerable to threats like Bad Rabbit because of the infection mechanism they deploy. Once one computer on a network becomes infected, Bad Rabbit will attempt to copy itself to other computers on the network, which could potentially do serious damage to poorly secured networks.
As news around Bad Rabbit continues to develop, US business professionals should be on high alert – working deliberately to monitor and protect their business networks and implement security measures like those outlined by Symantec above. Be wary of Adobe Flash download prompts. Talk to other business professionals to spread the word.
If you’re worried you’ve been affected or could be affected, reach out to a local cybersecurity expert for guidance and consultation. When professionals band together proactively, cybercriminals can and will be stopped in their tracks. Until then, stay alert, stay vigilant and stay tuned for more Symantec updates.
