by Felicien | Oct 26, 2017 | Education
Starting on Tuesday, October 24th, reports of a new strand of ransomware dubbed Bad Rabbit, began appearing in Russia and Ukraine. The virus is a wide-reaching and fast-spreading malware infection that initially targeted media and government institutions in Europe.
The virus targeted institutional giants in Ukraine including a local airport, the Ministry of Infrastructure and Kiev’s public transportation system. Russia experienced similar hits to critical agencies including Interfax, a local news service that recently issued a statement to announce they had been hacked and were working to restore their network. Initial reports about the Bad Rabbit virus note that the virus is specifically attacking media outlets, and an additional Russian newsgroup, Fontanka.ru, was also affected.
“Our researchers have detected a number of compromised websites – all news or media sites,” said Russian security company Kaspersky in a recent blog. “Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the Not Petya and ExPetr attack. However, we cannot confirm officially that it is related to ExPetr.”
Regardless of its origins, experts agree that Bad Rabbit now joins NotPetya and WannaCry as another of 2017’s major ransomware-style malware epidemics.
Touching Down in the US: Bad Rabbit Spreads to North America and Has US Department of Homeland Security Taking Notice
Early Wednesday morning, leading anti-virus security company, Avast, reported that the Bad Rabbit virus had made its way to the US. Though specific breach details are difficult to come by, the US Department of Homeland Security (DHS) issued a warning about Bad Rabbit yesterday stating:
“US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”
DHS urged individuals and businesses to take notice and be vigilant in the face of this latest malware attack. To combat the threat, DHS is urging IT professionals to review US-CERT Alerts TA16-181A and TA17-132A, each of which describes recent ransomware events.
While cybercriminals can often be hard to track and prosecute, DHS is urging professionals to recognize the importance of making explicit reports in the case of an attack. The organization asked any potential victims of Bad Rabbit to report ransomware incidents to the Internet Crime Complaint Center (IC3) immediately.
So, How Does It Work? Understanding How Bad Rabbit Takes Business Networks Hostage
Bad Rabbit relies on fooling potential victims and having them play an active role in the infection. The initial virus installer masquerades as an Adobe Flash update. Interestingly, this malware contains a list of hardcoded Windows credentials, most likely to allow brute force entry into devices, on the network, according to SonicWall Capture Labs Threat researchers.
While the virus might sound like a goofy cartoon character, the impacts of this ransomware variant are no laughing matter. The Bad Rabbit virus works swiftly to encrypt the contents of a computer and asks for a payment of 0.05 bitcoins, or about $280 (£213), according to recent reports. Even worse? The domain then flashes a countdown on the screen, giving victims limited time to pay-up before the ransom price increases.
However, as a rule of thumb, anyone infected is discouraged from paying the ransom. For one, there is absolutely no guarantee that the payment will restore data access. Secondly, much like the refusal to negotiate with terrorists, refusing to pay the ransom discourages criminals from using similar attacks in the future. If victims don’t pay, cybercriminals will realize their attempts at robbery won’t pay off.
Are SonicWall Users Safe? SonicWall’s Swift Response to Bad Rabbit
SonicWall users rejoice! Yes, SonicWall Capture Labs has released signatures to protect users against Bad Rabbit malware. These protections are available for anyone with an active SonicWall Gateway Security subscription (GAV/IPS). In addition, SonicWall’s Capture Advanced Threat Protection (ATP) sandboxing service is designed to provide real-time protection against new strains of malware even before signatures are available on the firewall.
While SonicWall has protections in place, users should actively ensure their networks are set up correctly to prevent infection. First and foremost, SonicWall customers should immediately ensure they have the Capture Advanced Threat Protection sandbox service turned on with their next-generation firewalls.
Additionally, SonicWall users should ensure that the Block Until Verdict feature is activated. For Bad Rabbit protection, there is no need to update the signatures on SonicWall firewalls, as they are automatically propagated to the worldwide installation base upon deployment.
Stopping the Bad Rabbit: Ensuring SonicWall Features are Set Up to Protect
To confirm that SonicWall Capture ATP is enabled login to the firewall and navigate the following steps:
For SonicOS 6.2 and earlier click Capture ATP | Settings. Ensure that “Block file download until a verdict is returned” is enabled.
For SonicOS 6.5 and later click Manage | Security Services | Capture ATP. Ensure that “Block file download until a verdict is returned” is enabled.
To confirm your Gateway Anti-Virus has the latest signatures navigate to:
For SonicOS 6.2 and earlier click Security Services | Gateway Anti-Virus. Use the search box and type “”
For SonicOS 6.5 and later click Manage | Security Services | Gateway Anti-virus. In the lookup search string box type “BadRabbit.“
In addition to these specific and technical protections, SonicWall has released a list of general recommendations for everybody, regardless of their security vendor, including:
Ensure all OS patches are applied
Use a reliable and up-to-date anti-virus solution to protect end-points
Ensure firewall and endpoint firmware are current and reliable
To proactively identify and mitigate new threats, install network sandboxing
To stop pre-existing threats, deploy a next-generation firewall with a gateway security subscription
Don’t Let Cybercriminals Dupe You, Your Clients or Colleagues: Banding Together to Keep Bad Rabbit from Spreading
As news around Bad Rabbit continues to develop, US business professionals should be on high alert – working deliberately to monitor and protect their business networks and implement security measures like those outlined above. Be wary of Adobe Flash download prompts. Talk to other business professionals to spread the word.
If you’re worried you’ve been affected or could be affected, reach out to a local cybersecurity expert for guidance and consultation. When professionals band together proactively, cybercriminals can and will be stopped in their tracks. Until then, stay alert, stay vigilant and stay tuned for more SonicWall updates.
by Felicien | Oct 26, 2017 | Education
NotPetya Malware Refuses to Let Up – Latest Malware Variant Bad Rabbit Targets Business Owners and is Spreading Fast
Since Tuesday, reports of the Bad Rabbit ransomware virus have been flashing across news screens everywhere. The virus started its rampage in Europe, bubbling up in Russia, Ukraine, Turkey and Germany. However, the full extent of the virus’ reach still isn’t fully understood.
The virus targeted institutional giants in Ukraine including the Ministry of Infrastructure and Kiev’s public transportation system. Russia experienced similar hits to critical agencies including Interfax, a local news service that recently issued a statement to announce they had been hacked and were working to restore their network. Initial reports about the Bad Rabbit virus note that the virus is specifically attacking media outlets, and an additional Russian newsgroup, Fontanka.ru, was also affected.
Bad Rabbit Touches Down in the USA: US Department of Homeland Security Issues Warning
Since starting its path of destruction in Europe, several instances of the Bad Rabbit virus have now been reported in the US. Given the recent history of cybersecurity concerns, especially around Russia, the US Department of Homeland Security (DHS) isn’t taking any chances.
DHS released a statement earlier this week in reference to the attack:
“US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”
DHS urged individuals and businesses to take notice and be vigilant in the face of this latest malware attack. To combat the threat, DHS is urging IT professionals to review US-CERT Alerts TA16-181A and TA17-132A, each of which describes recent ransomware events.
Experts Weigh In: Is Bad Rabbit a Nasty By-Product of NotPetya or ExPetr?
Cybersecurity experts at Kaspersky and ESET have both noted that Bad Rabbit seems to have clear ties to recent malware pandemics NotPetya and/or ExPetr.
“Our researchers have detected a number of compromised websites – all news or media sites,” said Russian security company Kaspersky – now embroiled in a spying controversy, in a recent blog. “Based on our investigation, this is a targeted attack against corporate networks, using methods similar to those used in the ExPetr attack. However, we cannot confirm officially that it is related to ExPetr.”
Regardless of its origins, experts agree that Bad Rabbit now joins NotPetya and WannaCry as another of 2017’s major ransomware-style malware epidemics.
How Does It Work? Understanding How Bad Rabbit Takes Hold of Business Networks
Unlike other recent malware epidemics, which spread more passively, Bad Rabbit requires potential victims to download and execute a fraudulent Adobe Flash installation file. Once the phony download and installation is executed, machines and networks become infected with the malware.
In an interesting turn of events, it seems whoever created Bad Rabbit is a fan of the HBO hit, Game of Thrones. The malware infection makes reference to character Daenerys Targaryen and her dragons as well as Grey Worm, another beloved character. However, Bad Rabbit is anything but fantasy or fiction. The impacts of the infection are real-life disasters for any business or organization infected.
Computers infected with the malware direct the user to a .onion Tor domain where they are forced to pay .05 bitcoin (roughly $276 USD in exchange for the decryption and restored access to their data. Even worse? The domain then flashes a countdown on the screen, giving victims limited time to act before the ransom price increases. While this year has seen some instances of destructive malware disguised as ransomware, experts are still not full sure if Bad Rabbit actually collects a ransom and decrypts data in every case of infection. However, in a test case, a researcher was successful in having data restored once the ransom was paid.
Responding to Bad Rabbit: What to Do If You Get Infected and How to Prevent the Virus Proactively
First and foremost, as a rule of thumb, anyone infected is discouraged from paying the ransom. For one, there is absolutely no guarantee that the payment will restore data access. Secondly, much like the refusal to negotiate with terrorists, refusing to pay the ransom discourages criminals from using similar attacks in the future. If victims don’t pay, cybercriminals will realize their attempts at robbery are useless.
In terms of preventing the attack, some researchers have introduced promising options for proactive vaccination. Early Wednesday morning, a Massachusetts researcher from Cybereason, claimed that he has a vaccine to protect customers from Bad Rabbit. Following this short series of fool-proof steps will automatically vaccinate your company’s computers, laptops, and other devices, keeping them safe from Bad Rabbit invasion:
First, create two files: C:Windowsinfpub.dat& C:Windowscscc.dat.
Then, go into the each of the file’s properties and remove all permissions to both files. When doing this, remove the inheritance so the files do not inherit the perms of the C:Windows folder.
As news around Bad Rabbit continues to develop, US business professionals should be on high alert – working deliberately to monitor and protect their business networks. Be wary of Adobe Flash download prompts. Talk to other business professionals to spread the word. If you’re worried you’ve been affected or could be affected, reach out to a local cybersecurity expert for guidance and consultation. When professionals band together proactively, cybercriminals can and will be stopping in their tracks. Until then, stay alert and stay vigilant.
by Felicien | Oct 26, 2017 | Education
It’s a familiar story and every business has been there. Deadlines are looming, customer requests are at an all-time high and to-do lists are longer than ever. Then, management remembers there’s a pile of overdue accounting paperwork that needs to be delegated and payroll deadlines are around the corner. Suddenly, core business tasks and customer needs are taking a back seat to administrative accounting responsibilities. For business owners in any industry, this situation is less than ideal and can result in serious hits to productivity and client satisfaction.
Deploying Tech Tools: Streamlining Business Operations with Accounting Software
Accounting software – when used right – can help businesses in any industry optimize operations. By deploying accounting software solutions business owners position themselves to be more readily available for clients, with less valuable time wasted on administrative bookkeeping duties.
Running a small business is a huge commitment, and the last thing a small or medium business (SMB) owner needs is to spend all their balancing books. Owner-operators and their teams should concentrate on nurturing and scaling their business, and the right accounting software solutions can free professionals up to do just that.
Here are the top four ways accounting software can streamline business operations and position companies for increased productivity and growth:
Cuts Time-Waste and Saves Capital
As stated accounting software can help streamline accounting process in all areas of business. First and foremost, accounting software can take away the constant pressure on owner-operators, allowing them to automate tedious accounting tasks like payroll and bookkeeping.
Additionally, when it comes to filing annual business tax returns, accounting software can remove another headache from the to-do list. Instead of wasting time sitting around with an expensive tax lawyer, most accounting software solutions can export all the information needed for annual tax returns with the simple click of a button. From there, business owners can submit their own returns with less hassle and time wasted hunting down relevant numbers or paperwork.
Improves Reporting Capabilities
Accounting software allows business owners to simply pull up reports when they need them. Some accounting software solutions also offer the ability to deliver real-time reports, such as profit and loss stats, cash flow statements, balance sheets and data on outstanding debts. Such reports are essential for staying on top of business finances, but they can also help automate administrative tasks, like generating letters to request and collect overdue payments.
By carefully researching the capabilities of various accounting software solutions, SMBs can determine which features offer the most value for their specific business needs. Using technology to drive automation and make reports work for you? That’s a no-brainer, plain and simple.
Provides Data Access from All Devices – Anywhere, Anytime
In our fast-paced business world, it’s become second nature to manage work on the move, and many SMB owners depend on mobile devices to keep their finger on the pulse when out of the office. However, without a consistent connection to the business data network, keeping tabs can seem impossible. With cloud-based accounting software, business owners can access business information from anywhere, as long as there’s an internet connection.
Anytime access also means that business owners can input new data on the go, submitting invoices and payments as they happen. This, in turn, frees up time to pursue new leads and other business opportunities instead of rushing back to the office to file invoices and balance the books.
Optimized Business Processes and Increased Functionality
There is a myriad of additional accounting software features that can make an SMB owner’s life easier – and more cost-effective. For example, an especially useful one is the ability to sync up with your business bank account to check that entries are correct and flag any discrepancies early. Some products also include specialized payroll software to manage employee wages and payments effortlessly.
If you’re weighing the pros and cons of investing in accounting software for your business, consider how much time you could save and how your bottom line could benefit as a result. Make sure you also take the time to browse all available accounting software packages to find the right one for your business needs.
Convinced Yet? Check Out These Money & Time-Saving Accounting Software Solutions.
Quickbooks Online – The Leader for SMBs in All Industries
Intuit QuickBooks Online offers a wide range of features for SMB’s across any and all industries. This includes freelancers, consultants, online merchants, store and restaurant owners, service providers and more. Whether a business is just starting out, expanding or has a long-established presence, QuickBooks Online is jam-packed with all the basic and advanced features to meet business accounting needs. To learn more about the leading accounting software for SMB’s, check out the full scope of features here.
Freshbooks – The Mobile Computing Powerhouse
Most accounting software products have a mobile app, but business owners be warned: not all mobile apps are created equal. When it comes to mobile accounting capacity, FreshBooks wins for its ease of use, excellent customer service, and for offering all of the features small businesses need to manage their finances on the go. For full details on how Freshbooks makes on-the-go business accounting a breeze, check out the details here.
Xero – The ‘Mac’ Daddy of Accounting Software
Mac users are often faced with challenging software that is stripped down or is less intuitive than their Windows counterpart. Xero’s cloud-based accounting software, which is available for both PC and Mac, is a full-featured solution that doesn’t compromise on features or ease of use just because a business runs on Mac.
It can help business owners save time and simplify accounting by automating tasks and integrating with over 500 apps. Xero also comes with 24/7 email and live chat support and outbound phone assistance at no extra cost. For full details on Xero, check out this full review.
Investing in the Right Accounting Software: Know Your Needs, Do Your Research and Assess the Options
While we’ve listed some of the top options to meet modern business needs, there truly are countless accounting software options available for businesses of all shapes and sizes. Technology continues to offer incredible opportunities to drive optimization and productivity for business owners and accounting software solutions are no exception.
Business owners who are looking to streamline their accounting processes in order to save time, money and resources should put in some research to determine the most valuable options to meet their needs. However, there’s no doubt that choosing between a large variety of technical software options can be overwhelming.
As with any other business-tech decision, professionals who are having trouble deciding between accounting software solutions can always reach out to local IT experts for consultation and guidance. Because managed IT providers recommend and implement software for clients daily, they can often provide an inside scoop on which options are best suited for any given business.
If your business is ready to reduce wasted time and increase operational efficiency, take the time to seek out consultation and research so the software investments you make pay off big time.
by Felicien | Oct 26, 2017 | Education
Petya’s Latest Variant — Bad Rabbit — Leaves Companies in Shambles as It Spreads Worldwide; US Department of Homeland Security on Alert.
Early Wednesday morning, leading anti-virus security company, Avast, reported that the Bad Rabbit virus – a variant of Petya ransomware — had made its way to the US. Though specific breach details are difficult to come by, the US Department of Homeland Security (DHS) issued a warning about Bad Rabbit yesterday stating:
“US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”
DHS urged individuals and businesses to take notice and be vigilant in the face of this latest malware attack. To combat the threat, DHS is urging IT professionals to review US-CERT Alerts TA16-181A and TA17-132A, each of which describe recent ransomware events.
There is certainly no shortage of hacker activity as of late. Earlier this year, a ransomware variant called Petya spread across North America hitting corporate giants like Merck and FedEx. The virus is so serious that some affected companies we’re faced with the fact that their data was simply not recoverable. In fact, FedEx and other affected companies faced material financial impact in light of the attack. Merck also experienced financial losses of over $275 million, prompting many businesses to take a second look at cybersecurity insurance strategies.
by Felicien | Oct 25, 2017 | Education
Get to Know the Fast-Spreading Malware Threat Before It Gets to Know You
Earlier this year, a ransomware variant called Petya spread across North America hitting corporate giants like Merck and FedEx. The virus is so serious that some affected companies were faced with the fact that their data was simply not recoverable. In fact, FedEx and other affected companies faced material financial impact in light of the attack. Merck also experienced financial losses of over $275 million, prompting many businesses to take a second look at cybersecurity insurance strategies.
Petya’s Latest Variant: Bad Rabbit Ransomware Starts Rampage With Hits on Russian & Ukrainian Companies
Business owners took notice when Petya first hit the scene, but there’s good reason for professionals to stay on high-alert. Like most malware viruses, Petya has morphed into countless variants over time. The latest potential Petya variant has been dubbed Bad Rabbit and has already affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, of Kiev, according to BBC. Even worse, Bad Rabbit Shows no signs of stopping as it spreads rapidly across Russia, Ukraine, Germany and now into North America.
Touching Down in the US: Bad Rabbit Spreads to North America and Has US Department of Homeland Security Taking Notice
Early Wednesday morning, leading anti-virus security company, Avast, reported that the Bad Rabbit virus had made its way to the US. Though specific breach details are difficult to come by, the US Department of Homeland Security (DHS) issued a warning about Bad Rabbit yesterday stating:
“US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.”
DHS urged individuals and businesses to take notice and be vigilant in the face of this latest malware attack. To combat the threat, DHS is urging IT professionals to review US-CERT Alerts TA16-181A and TA17-132A, each of which describes recent ransomware events.
While cybercriminals can often be hard to track and prosecute, DHS is urging professionals to recognize the importance of making explicit reports in the case of an attack. The organization asked any potential victims of Bad Rabbit to report ransomware incidents to the Internet Crime Complaint Center (IC3) immediately.
So, How Does It Work? Understanding How the Bad Rabbit Virus Moves in and Takes Company Networks Hostage
Bad Rabbit might sound like a goofy cartoon character but the impacts of this ransomware variant are no laughing matter. The Bad Rabbit virus works swiftly to encrypt the contents of a computer and asks for a payment of 0.05 bitcoins, or about $280 (£213), according to recent reports.
The ransomware masquerades itself as a convincing update for Adobe Flash, and once downloaded it attempts to spread within victims’ networks, according to The Wall Street Journal. In reality, of course, the attacks “do not utilize any legitimate Flash Player updates nor are they associated with any known Adobe product vulnerabilities,” warns an Adobe spokeswoman.
Bad Rabbit in the US: How to Move Faster than the Virus to Protect Your Company’s Data and Continuity
In the face of this looming cyber threat, professionals have one question: how can I protect my business from the Bad Rabbit virus? Cybersecurity professionals across the country have been working to identify concrete ways to prevent the Bad Rabbit virus and help business owners stop the cybercriminals in their tracks. The leading ways to keep your company in the clear are listed below.
Vaccinate your Machines: Early Wednesday morning, a Massachusetts researcher from Cybereason, claimed that he has a vaccine to protect customers from Bad Rabbit. Following this short series of fool-proof steps will automatically vaccinate your company’s computers, laptops, and other devices, keeping them safe from Bad Rabbit invasion:
First, create two files: C:Windowsinfpub.dat& C:Windowscscc.dat.
Then, go into the each of the file’s properties and remove all permissions to both files. When doing this, remove the inheritance so the files do not inherit the perms of the C:Windows folder.
Monitor your Event Logs: Microsoft has also been working diligently to issue threat reports regarding Bad Rabbit. They refer to Bad Rabbit as Ransom:Win32/Tibbar.A. and state that Windows Defender can detect the ransomware using detections updates 255.29.0 and higher. So, the first step is ensuring the latest Defender updates have been installed on all your company machines.
Next, Microsoft states that since Bad Rabbit will clear the event logs and create various scheduled tasks under the names Drogon, Rhaegal and Viserion, business owners can monitor their event logs to proactively detect this type of malicious activity.
The key events that business owners should be looking for include:
Event 1102 – this indicates that the audit log has been cleared
Event 106 – this indicates that a scheduled task has been created.
System administrators can then attach a scheduled task to these events that will run a specified command if the events are detected. This command, for example, could require an email or alert to be sent to an administrator. If these events are detected proactively, they could offer an indication that the computer has been scheduled for a shutdown. Microsoft suggests business owners can then abort this process by using the shutdown-a command.
Reach out to Local IT Experts for Guidance and Support: When threatening and complicated reports of ransomware hit the news waves, it can understandably leave business owners feeling paralyzed – unsure of how to best implement strategies for prevention and protection. That’s where IT experts come in. Managed IT providers have the experience and resources necessary to help educate you and your staff members and reduce your chances of having data held hostage.
Although most IT providers are committed to providing information and resources that empower business owners to protect themselves, professionals should never have to face overwhelming cyber threats alone. Sometimes reaching out for support is the best way to protect your business and restore peace of mind.
If you’re worried about Bad Rabbit and its ability to take hold of your critical business data and not sure how to best protect your business, reach out to IT experts for most proactive cybersecurity support. Whatever you do, don’t wait to fall down the rabbit hole.
by Felicien | Oct 25, 2017 | Education
The three Titans, Google, Microsoft and Apple address security issues with KRACK.
Just when everyone thought Wi-Fi was safe, that illusion was recently shattered. Security researcher Mathy Vanhoef has discovered a vulnerability that he’s calling “KRACK.” The flaw is in the WPA2 protocol, and everyone’s Wi-Fi network is at risk of being hacked. The vulnerabilities include HTTP content injection, packet replay, decryption, TCP connection hijacking and more. Hackers could gain access to credit card numbers, photos, passwords, and emails. The WPA2 woes will have an impact on both home users and business users.
Apple, Google, and Microsoft
Microsoft was the first Titan to respond to the news. “We have released a security update to address this issue, says a Microsoft spokesperson in a statement to The Verge. Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected. Microsoft says the Windows updates released on October 10th protect customers, and the company withheld disclosure until other vendors could develop and release updates.” Apple is also on top of its game. Patches and fixes for tvOS, watchOS, macOS, and iOS are in beta and will be released in a software update shortly. Google is scrambling to fix the issue and will do patches on any affected devices over the next few weeks.
The new security flaw has been described, innovative and unprecedented, and it’s really up to the Titans to properly address the problem. Apple, Google, and Microsoft are fully aware that once they fix this vulnerability, another one will be on the horizon. Cybercriminals will always find and exploit vulnerabilities. It’s always an endless cycle.
Other smaller tech companies have also responded to the KRACK security bug. “Cisco also said it had published a security advisory to detail which products are affected, and a blog to help customers better understand the issue. Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available,” a spokesperson said. “Intel confirmed it was working with its customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability. It also released an advisory.”
What Consumers Should Do About the KRACK Security Bug
All Wi-Fi users should take steps to protect themselves and their devices. They must manage their router patches and settings. In addition, consumers should avoid using public Wi-Fi networks. Any security updates provided by Apple, Google, and Microsoft should be installed on both routers and devices. Norton offers a Wi-Fi vulnerability alert and privacy. It will encrypt traffic and protect against identity thieves. Your information will be invisible to hackers.
Public Wi-Fi is a top target for cybercriminals. It’s important to note that these Wi-Fi access points aren’t well secured. Airports, coffee shops, shopping centers, and hotels are prime hunting ground for hackers trying to steal personal information. KRACK is just another tool in the cybercriminals arsenal.
For consumers whose smartphones, PCs and routers don’t yet have updated solutions, there are still some steps that can be taken to protect online privacy. VPN software can offer protection since it encrypts all traffic. Although changing a Wi-Fi password won’t specifically prevent a KRACK attack, it’s still advisable.
How do attackers implement KRACK? There are several conditions that must be met. First, the cybercriminal must be within physical proximity of the user. Second, the user’s device must be wirelessly enabled. Third, the cybercriminal executes a man-in-the-middle to intercept traffic between the user’s device and the wireless access point.
Decades to Uncrack KRACK
It will take decades to uncrack KRACK. The challenges go way beyond a mere patch and are not limited to just tech devices. For example, the company Netgear took immediate action after the KRACK attack. Fixes were available for dozens of router models. But, the company makes over 1,000 router models. Each needs to be tested, and the company will need partners to do a full fix. How long will that take? These challenges aren’t unique to Netgear either. It just underscores how ill-prepared the industry is in this type of calamity. This just covers routers, too. What about Wi-Fi IoT devices? The KRACK vulnerability could affect security cameras, garage doors, and even appliances.
Keep in mind that “There is no evidence that the KRACK vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections, read a statement published by a Wi-Fi industry trade group. This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.” That should keep consumers and businesses from panicking.
All around, the key to fighting a cyberattack is in the hands of the top three Titans and other major players in the technology industry. New defensive strategies must be employed, and the public needs to be educated and updated on current threats when using technology for home or business. However, with Google, Apple, and Microsoft at the helm, we should all be in good hands.
