Blog

December 4th, 2014

Security_Dec01_BWhile there are many different types of malware out there, the good news is that with many threats we know where they come from and their purpose. Recently, news broke of a new form of malware called Regin that is causing quite a stir in the security community, largely because it's tough to deal with and not much is actually known about it. This has naturally caused some security concerns for businesses, but what threat does this malware really pose for companies?

What exactly is Regin?

What is most interesting about Regin is that a number of security experts seem to not really fully understand it. They know that it exists, they know it is complex, and they know it is one of the most advanced pieces of malware ever created. But, they don't know what exactly it does, or where it comes from.

What we do know is that Internet security firm Symantec is credited with first bringing Regin to public attention, and that it has been around since at least 2008. So far, the company has said it is similar to the Stuxnet virus that was supposedly developed in (or by) the US and used to attack and subvert the Iranian nuclear program.

Regin is known to infect Windows-based computers and at its core is a backdoor trojan style of infection. From detected infections it is looks like the purpose of the malware is not to steal information but to gather intelligence and facilitate other types of attacks.

What makes this malware so powerful and disturbing is that it is much more advanced than other infections. Using various encryption methods it can hide itself extremely well, making it difficult to detect. It can also communicate with the hacker who deployed it in a number of different ways, thus making it a challenge to block or stop. As a result, it is far from easy to actually figure out what exactly this malware is doing and why.

Who has been infected?

According to various security experts we have been able to compile a list of companies and organizations that have been targeted to date. These include:
  • Telecommunications companies
  • Government institutions
  • Financial companies
  • Research companies
  • Individuals and companies involved in crypto-graphical and mathematical research
At the time of this article, no known attacks have been carried out against companies in the US, Canada, or the UK. The main countries targeted so far have been Russia and Saudi Arabia, along with a smaller number of infections in Malaysia, Indonesia, Ireland, and Iran. A total of 10-15 countries have been targeted since the malware was first discovered in 2008.

Is this a big deal for my company?

Just because your company is operating in a country that hasn't been affected thus far, doesn't mean that you aren't at risk of being attacked by this malware in the future. If you operate in any of the industries or sectors listed above, you could still be at risk, especially if you do business with clients in infected regions.

For now, however, it appears that Regin is only infecting larger government bodies and large companies outside of North America and much of Europe, so the chances of you being infected are relatively low. Although as with any threat, this can change at any moment.

What we recommend is that you ensure your antivirus and antimalware solutions are kept up to date and always switched on. You can rest assured that eventually experts will learn more and block this malware from infecting systems. Beyond this, working with an IT partner, like us, who can ensure that your valuable data and systems are secure, is also be a good idea. The same goes with watching what you download and any emails you open. If you don't know or trust the source, don't download any program, open an attachment, or read an email connected to it.

Looking to learn more about the security of your systems? Contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 22nd, 2014

Security_Nov17_BOver the past few years there have been a number of issues and rulings made by various courts in the US regarding the overall freedom of the Internet and how it is to be managed. By now, many of us have heard of Net Neutrality, but it may seem like an issue that won't affect small businesses. However, in mid-November, President Obama delivered his stance on the issue, thereby bringing it to the forefront of modern politics.

What is Net Neutrality?

In order to define Net Neutrality, we should first look at the main idea behind what the Internet is: a free and open medium where individuals can express and house thoughts, ideas, and more. It was founded on one principal, and one principal alone: All information and Internet traffic MUST be treated equally.

This free, open, and fair principle is what we call Net Neutrality. In practice, this idea prevents Internet providers, and even governments, from blocking legal sites with messages they disagree with, and restricting access to services and sites that don't meet their business needs.

What exactly is the issue?

At this time, major telecommunications companies providing Internet access are trying to push legislation through the US court systems that will essentially make it legal for them to throttle Internet speeds; asking other providers to pay fees in order to speed up access to sites and to even block some sites.

There are laws currently in place, set by the FCC (Federal Communications Commission), that prohibit providers from collecting, analyzing, and manipulating user traffic. In other words, according to the FCC, the role of the Internet providers should be to simply ensure traffic and data gets from one end of the network to the other.

Last year, it was uncovered that US telecommunications giant, and Internet Service Provider, Comcast demanded that Netflix pay them millions of dollars or they would limit the Internet speed of Comcast users trying to access the streaming service. Netflix tried to negotiate but the result was that Comcast did indeed cut user speeds. Netflix paid to avoid this from happening again. This act is an obvious breach of the main tenet of Net Neutrality: Equal access for everyone.

Combine this with the January 2014 ruling that the FCC had overstepped its bounds in regards to this topic and the increased lobbying by telecommunications giants against Net Neutrality, and you can quickly come to realize that the Internet as we know it is under threat.

How will this affect my business?

If nothing is done, there is a very high chance that you will be paying higher rates for Internet-based services (because the providers will be asking other companies to pay to guarantee speedy access which will then be passed along to you via higher rates). You may even be forced to use services you don't want to use because they offer better access speeds on your network.

Beyond this, because so many businesses rely on websites and the hosting companies that enable us to access them, there is a very real risk that these hosts may have access speeds cut. This in turn could mean that it will take more time for some users to access your website and services. Think of how you react when you can't access a website, you probably just search for another similar site which loads easily - now imagine this happening to your site. In other words, you could see a decrease in overall traffic and therefore profits.

What can I do about this?

First off, we highly recommend you visit The White House's site on Net Neutrality, and read the message that President Obama has recently posted there. To sum it up, he believes that Net Neutrality should be protected and the Internet should remain open and free. He has even laid out a plan with four rules that the FCC should enact and enforce:
  • No blocking - Internet providers are not to block access to any legal content.
  • No throttling - Internet providers cannot slow or speed up access speeds based on their preferences.
  • Increased transparency - The FCC is to be more transparent and push providers to follow the Net Neutrality rules.
  • No paid prioritization - There is to be a ban on providers insisting other companies pay to have equal access speeds.
You can bet that this plan will be met by stiff resistance both in government and by the telecommunications companies themselves. The FCC is an independent organization and it is up to them to select whether or not they want to enact President Obama's plan. One thing you can do is to publicly submit your comments to the FCC via this website. Any comments made will be seen by the FCC and are are publicly viewable. In the past, enough public pressure has been able to sway FCC decisions, so share this article and the links in it with everyone you know, asking them to take action as well.

What about other countries?

For now, the Net Neutrality battle is largely US based. The vast majority of Internet traffic starts or at least passes through the US. This means that if the telecommunications providers (many of whom own international subsidiary providers) can limit access to sites in the US it could very quickly become a world issue. Beyond this, other countries often follow laws that the US enacts, so it could only be a matter of time before we see similar bills passed in other countries.

In short, this is a major issue that could see the end of the Internet as we know it. If you would like to learn more about Net Neutrality and how you can help ensure the Internet remains free and open, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 14th, 2014

Security_Nov10_BIn October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this - CryptoWall - has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don't pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn't go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some "improvements" to the malware that make it more difficult to deal with for most users. These changes include:

  • Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
  • CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn't paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
  • Payment servers can't be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn't go after passwords or account names, so the usual changing of your passwords won't really help. The best ways to prevent this from getting onto your systems is:
  • Don't open any suspicious attachments - Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
  • Don't open emails from unknown sources - Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don't have an account with or bills from a utilities company you don't use. Chances are high that they contain some form of malware.
Should your files be attacked and encrypted by this malware, then the first thing you should do is to contact us. We can work with you to help find a solution that will not end up in you having to pay the ransom to recover your files.

If you are looking to learn more about CryptoWall malware and how to boost your security and protect your data and systems, then we could you your first line of tech defence.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 1st, 2014

Security_Oct27_BAs businesses continue to implement more and more Internet-based systems, there is always the risk that systems could be breached and security compromised. If you conduct business online, there are a number of measures you can take to ensure that your activities and your company’s vital information are secure. Here are five.

1. Use two-factor authentication whenever possible

Two-factor authentication, or two-step authentication as it is also known, is the idea of using two pieces of information to log into accounts: Your usual password and a code that is usually sent to a mobile device or generated by a code generator.

By utilising this safety feature, you can further increase the security of your accounts, largely because the chances of someone getting their hands on both the generated code and your password are slim.

Some sites don’t use a code and instead ask a question that needs to be answered every time you log in. If this is the case, make the question something that is difficult for a hacker to guess. For example, use your address from 10 years ago instead of your current address.

2. Audit who has access to what data

Between all of your online accounts and social media profiles you will likely be surprised at just how much information about you can be found online. There are a multitude of scare stories online, where someone has had their accounts hacked and identity stolen, largely because they had left pertinent information online without even thinking about it.

It is a good idea to audit what information you have online. This includes looking at the contact and personal information you have on social media profiles, account information, etc. Ideally, if it is not necessary information, then it shouldn’t be shared. As for social media profiles, make sure only the absolute basic personal information is online and limit who can see this information.

3. Watch what is posted on social media

Because of the nature of social media, we often feel the need to share our whole lives online. This can often lead to oversharing, and even sometimes oversharing of personal information. There are stories online of thieves monitoring social media for businesses posting about how they are going to be closed for a holiday, with all staff gone. Once a thief finds this information, they then break into the business without worrying about people being there.

If you are going to share information online, be sure to limit the potentially sensitive information that you post, especially if the content is shared with the public.

4. Change your passwords regularly

It seems like almost every week news breaks of a password or account information breach. What this translates to is the fact that your accounts are always facing a potential risk. Therefore, you should make it a habit to change your passwords on a regular basis.

Most experts recommend at least once every three months, but if there is a breach where your account information may have been leaked then naturally change your passwords straightaway.

To ensure maximum security, you should use a different password for each account, and keep these as separate as possible.

5. Work with an IT partner who can offer enhanced Internet security

Ensuring that your business is secure online can be an on-going battle that you will likely not win easily. One of the best steps to take is to work with an IT partner like us. We offer a variety of Internet security solutions that can help stop malware intrusions before they infect your systems, block access to potentially harmful sites, and even scan Internet-based email solutions. In other words, we can help improve your overall online security.

If you are looking to learn more about how we can help your business be secure online, contact us today.

Published with permission from TechAdvisory.org. Source.
Topic Security
October 10th, 2014

Security_Oct07_BIn late spring of this year news broke of the biggest security issue to date - Heartbleed. Many companies leapt to secure themselves from this, but the fallout from it is still being felt. That being said, there is a new, even bigger, security problem called Shellshock that all businesses need to now be aware of.

What exactly is Shellshock?

Shellshock is the name applied to a recently uncovered software vulnerability which could be exploited to hack and compromise untold millions of servers and machines around the world. At its heart, the Shellshock vulnerability is based on a program called Bash. This is a Unix-based command program that allows users to type actions that the computer will then execute. It can also read files called scripts that contain detailed instructions.

Bash is run in a text-based window called a shell and is the main command program used by OS X and Unix. If you have a Mac computer and want to see what Bash looks like, simply hit Command (Apple Key) + Spacebar and type in Terminal. In the text-based window that opens in Bash you can enter commands using the Bash language to get your computer to do something e.g., eject a disc, connect to a server, move a file, etc.

The problem with Bash however is that it was recently discovered that by entering a specific line of code '() { :; };)' in a command you could get a system to run any following commands. In other words, when this command is used, Bash will continue to read and execute commands that come after it. This in turn could lead to a hacker being able to gain full, yet unauthorized, access to systems without having to enter a password. If this happens, there is very little you can do about it.

Why is this such a big issue?

To be clear: Shellshock should not directly affect most Windows-based machines, instead it affects machines that use Unix and Unix-based operating systems (including OS X). So why is this so big a deal when the majority of the world uses Windows-based computers? In truth, the majority of end-users will be safe from this exploit. However, the problem lies with bigger machines like Web servers and other devices such as networking devices, and computers that have had a Bash command shell installed.

While most users have Windows-based computers, the servers that support a vast percentage of the Internet and many business systems run Unix. Combine this with the fact that many other devices like home routers, security cameras, Point of Sale systems, etc. run Unix and this is becomes a big deal.

As we stated above, hackers can gain access to systems using Bash. If for example this system happens to be a Web server where important user information is stored, and the hacker is able to use Bash to gain access and then escalate themselves to administrative status, they could steal everything. In turn this could lead to the information being released on to the Web for other hackers to purchase and subsequently use to launch other attacks - even Windows-based systems. Essentially, there are a nearly unlimited number of things a hacker can do once they have access.

If this is not dealt with, or taken seriously, we could see not only increased data breaches but also larger scale breaches. We could also see an increase in website crashes, unavailability, etc.

So what should we do?

Because Shellshock mainly affects back-end systems, there is little the majority of users can do at this time. That being said, there are many Wi-Fi routers and networks out there that do use Unix. Someone with a bit of know-how can gain access to these and execute attacks when an individual with a system using Bash tries to connect to Wi-Fi. So, it is a good idea to refrain from connecting to unsecured networks.

Also, if you haven't installed a Bash command line on your Windows-based machine your systems will probably be safe from this particular exploit. If you do have servers in your business however, or networking devices, it is worthwhile contacting us right away. The developers of Bash have released a partial fix for this problem and we can help upgrade your systems to ensure the patch has been installed properly.

This exploit, while easy to execute, will be incredibly difficult to protect systems from. That's why working with an IT partner like us can really help. Not only do we keep systems up-to-date and secure, we can also ensure that they will not be affected by issues like this. Contact us today to learn how we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 3rd, 2014

Security_Sep29_BBusiness owners and managers are becoming increasingly worried about the security of their systems and networks. While the vast majority have implemented some form of security, this may not be enough. In fact, we have helped a number of businesses with flawed security measures in place. The issue is, how do you know if your security is working sufficiently? Here are five common security flaws you should be aware of.

1. Open wireless networks

Wireless networks are one of the most common ways businesses allow their employees to get online. With one main Internet line and a couple of wireless routers, you can theoretically have the whole office online. This method of connecting does save money, but there is an inherent security risk with this and that is an unsecure network.

Contrary to popular belief, simply plugging in a wireless router and creating a basic network won't mean you are secure. If you don't set a password on your routers, then anyone within range can connect. Hackers and criminal organizations are known to look for, and then target these networks. With fairly simple tools and a bit of know-how, they can start capturing data that goes in and out of the network, and even attacking the network and computers attached. In other words, unprotected networks are basically open invitations to hackers.

Therefore, you should take steps to ensure that all wireless networks in the office are secured with passwords that are not easy to guess. For example, many Internet Service Providers who install hardware when setting up networks will often just use the company's main phone number as the password to the router. This is too easy to work out, so changing to a password that is a lot more difficult to guess is makes sense.

2. Email is not secure

Admittedly, most companies who have implemented a new email system in the past couple of years will likely be fairly secure. This is especially true if they use cloud-based options, or well-known email systems like Exchange which offer enhanced security and scanning, while using modern email transition methods.

The businesses at risk are those using older systems like POP, or systems that don't encrypt passwords (what are known as 'clear passwords'). If your system doesn't encrypt information like this, anyone with the right tools and a bit of knowledge can capture login information and potentially compromise your systems and data.

If you are using older email systems, it is advisable to upgrade to newer ones, especially if they don't encrypt important information.

3. Mobile devices that aren't secure enough

Mobile devices, like tablets and smartphones, are being used more than ever before in business, and do offer a great way to stay connected and productive while out of the office. The issue with this however is that if you use your tablet or phone to connect to office systems, and don't have security measures in place, you could find networks compromised.

For example, if you have linked your work email to your tablet, but don't have a screen lock enabled and you lose your device anyone who picks it up will have access to your email and potentially sensitive information.

The same goes if you accidentally install a fake app with malware on it. You could find your systems infected. Therefore, you should take steps to ensure that your device is locked with at least a passcode, and you have anti-virus and malware scanners installed and running on a regular basis.

4. Anti-virus scanners that aren't maintained

These days, it is essential that you have anti-virus, malware, and spyware scanners installed on all machines and devices in your company and that you take the time to configure these properly. It could be that scans are scheduled during business hours, or they just aren't updated. If you install these solutions onto your systems, and they start to scan during work time, most employees will just turn the scanner off thus leaving systems wide-open.

The same goes for not properly ensuring that these systems are updated. Updates are important for scanners, because they implement new virus databases that contain newly discovered malware and viruses, and fixes for them.

Therefore, scanners need to be properly installed and maintained if they are going to even stand a chance of keeping systems secure.

5. Lack of firewalls

A firewall is a networking security tool that can be configured to block certain types of network access and data from leaving the network or being accessed from outside of the network. A properly configured firewall is necessary for network security, and while many modems include this, it's often not robust enough for business use.

What you need instead is a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like us, in order for them to be most effective.

How do I ensure proper business security?

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means the focus can be on creating a successful company instead. Contact us today to learn more.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 20th, 2014

Security_Sep15_BToday’s technology advancement has one obvious parallel: increasing security threats. One such issue which has been growing both in number and intensity is data breach. And while many businesses have turned to the cloud in the hope of improving security, there is still a chance of a collision between data breaches and cloud usage. But don’t panic just yet, there are measures you can take to avoid the headache of a cloud and data security breach.

The cloud opens up some great tech advancements for businesses and is here to stay. However, as with all tech developments, you need to also be aware of any vulnerabilities and security issues as they change and develop at the same time too. If you use the cloud and want to proactively prevent cloud-and-data security breaches then here are five tips to follow:

  1. Know your cloud apps: Get a comprehensive view of the business readiness of apps and which ones render you more or less prone to a breach. Ask yourself these questions: Does an app encrypt data stored on the service? Does it separate your data from that of others so that your data is not exposed when another tenant has a breach? The idea here is to know exactly what each cloud service employed offers and how your company uses them.
  2. Migrate users to high-quality apps: Cloud-switching costs are low, which means that you can always change and choose apps that best suit your needs. If you find ones that don’t fit your criteria, take the time to talk to your vendor or switch; now more than ever you have choices, and the discovery process in step one will help you find out what these are.
  3. Find out where your data is going: Take a look at your data in the cloud. Review uploads, downloads, and data at rest in apps to get a handle on whether you have potential personally-identifiable information (PII), or whether you simply have unencrypted confidential data in or moving to cloud apps. You wouldn’t want cloud-and-data breaches with this critical data.
  4. Look at user activities: It’s important to understand not only what apps you use but also your data in the context of user activity. Ask yourself: From which apps are people sharing content? According to tech news source, VentureBeat, one-fifth of the apps they tracked enable sharing, and these aren’t just cloud storage apps, but range from customer-relationship management to finance and business intelligence. Knowing who’s sharing what and with whom will help you to understand what policies to best employ.
  5. Mitigate risk through granular policy: Start with your business-critical apps and enforce policies that matter to your organization in the context of a breach. For example, block the upload of information covered by certain privacy acts, block the download of PII from HR apps, or temporarily block access to vulnerable apps.
The key to preventing a cloud-and-data security breach lies in careful attention to your cloud applications and user activity. Analyzing your apps and looking into user activities might be time consuming, but the minimization of cloud-and-data security breaches makes this task worthwhile. Looking to learn more about today’s security? Contact us and let us manage and minimize your risks.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 5th, 2014

Security_Sep02_BEveryone today seems to be constantly relying on their smartphones to help complete daily tasks which has resulted in the need to recharge subsequently increasing. And when you’re far from your charger, public charging kiosks can seem like a good substitute. However, this can lead to juice jacking of your smartphone. If this is news to you then let’s find out what juice jacking is and how you can avoid it.

What’s juice jacking?

Regardless of the kind of smartphone you have, whether it’s an Android, iPhone or BlackBerry, there is one common feature across all phones: the power supply and the data stream pass over the same cable. This setup allows for juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.

The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device. However, on the other hand, it can also be as invasive as an injection of malicious code directly into your phone. According to security researchers at this year’s Black Hat security conference, your iPhone can be compromised within one minute of being plugged into a harmful charger.

Exposure to a malicious kiosk can also create a lingering security problem even without the immediate injection of malicious code. Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, sms database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime.

How do I avoid it?

The most effective precautions center around simply not charging your phone using a third-party system. Here are some tips to help you avoid using public kiosk charger:
  • Keep your devices topped off: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
  • Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one and throw it in your bag so you can charge your phone anytime you’re at the office or while on-the-go if you use a power bank.
  • Carry a backup battery: If you’re not keen on bringing a spare charger or power bank, you can opt to carry a full spare battery if your device has a removable battery.
  • Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
  • Power the phone down: This technique only works on phones on a model-by-model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
  • Use power only USB cables: These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission remaining. They will charge your device, but data transfer is made impossible.
Even the tiniest detail like charging your phone from a kiosk charger could affect the security of your device. While there are many substitutes to using a third-party system, ultimately the best defense against a compromised mobile device is awareness. Looking to learn more about today’s security and threats? Contact us today and see how we can help.
Published with permission from TechAdvisory.org. Source.

Topic Security
August 26th, 2014

Security_Aug18_BThe idea of Internet security is almost always being called into question. It seems like nearly every month there is a security breach where important information like usernames and passwords are stolen. The trend appears to be increasing, with an ever expanding number of accounts being hacked. In early August, news broke of possibly the biggest breach to date.

The latest big-scale breach

In early August, it emerged that a Russian hacker ring had amassed what is believed to be the biggest known collection of stolen account credentials. The numbers include around 1.2 billion username and password combinations, and over 500 million email addresses.

According to Hold Security, the company that uncovered these records, the information comes from around 420,000 sites. What is particularly interesting about this attack is that such a wide variety of sites were targeted when compared this with other attacks which tend to either attack large brand names or smaller related sites.

How did this happen?

Despite what many believe, this was not a one-time mass attack; all sites that were compromised were not attacked at the same time. Instead, the hacker ring – called the Cyber Vor – was likely working on amassing this data over months or longer. How they were able to amass this much information is through what’s called a botnet.

Botnets are a group of computers infected by hackers. When the hackers establish a botnet, they attack computers with weak network security and try to infect them with malware that allows the hacker to control the computer. If successful, users won’t even know their computer has been hacked and is being used by hackers.

Once this botnet is established, the hackers essentially tell the computers to try to contact websites to test the security. In this recent case, the computers were looking to see if the websites were vulnerable to a SQL injection. This is where hackers tell the computers in the botnet to look for fillable sections on sites like comment boxes, search boxes, etc. and input a certain code asking the website’s database to list the stored information related to that box.

If the Web developer has restricted the characters allowed in the fillable text boxes, then the code likely would not have worked. The botnet would notice this, and then move onto the next site. However, if the code works, the botnet notes this and essentially alerts the hacker who can then go to work collecting the data.

So, is this serious and what can I do?

In short, this could be a fairly serious problem. While 420,000 sites may seem like a large number, keep in mind that the Internet is made up of billions of websites. This means that the chances of your website’s data being breached by this ring are small. That being said, there is probably a good chance that one of the sites related to your website may have been breached.

So, it is a cause for concern. However, you can limit the chance of hackers gaining access to your information and a website’s information.

1. Change all of your passwords

It seems like we say this about once a month, but this time you really should heed this warning. With 1.2 billion username and password combinations out there, there is a chance your user name for at least one account or site has been breached.

To be safe, change all of your passwords. This also includes passwords on your computer, mobile devices, and any online accounts – don’t forget your website’s back end, or hosting service. It is a pain to do, but this is essential if you want to ensure your data and your website is secure from this attack.

2. Make each password different

We can’t stress this enough, so, while you are resetting your password you should aim to ensure that you use a different one for each account, site, and device. It will be tough to remember all of these passwords, so a manager like LastPass could help. Or, you could develop your own algorithm or saying that can be easily changed for each site. For example, the first letter of each word of a favourite saying, plus the first and last letter of the site/account, plus a number sequence could work.

3. Test your website for SQL injection

If you have a website, you are going to want to test all text boxes to see if they are secure against SQL injection. This can be tough to do by yourself, so it’s best to contact a security expert like us who can help you execute these tests and then plug any holes should they be found.

4. Audit all of your online information

Finally, look at the information you have stored with your accounts. This includes names, addresses, postal codes, credit card information, etc. You should only have the essential information stored and nothing else. Take for example websites like Amazon. While they are secure, many people have their credit card and billing information stored for easy shopping. If your account is hacked, there is a good chance hackers will be able to get hold of your card number.

5. Contact us for help

Finally, if you are unsure about the security of your accounts, business systems, and website, contact us today to see how our security experts can help ensure your vital data is safe and sound.

Published with permission from TechAdvisory.org. Source.
Topic Security
August 8th, 2014

Security_Aug05_BWhen it comes to business security, many small to medium business owners and managers often struggle to ensure that their systems and computers are secure from the various attacks and malware out there. While there are a million and one things you can do to secure systems, one of the most useful approaches is to be aware of common security threats. To help, here are five common ways your systems can be breached.

1. You are tricked into installing malicious software

One of the most common ways a system's security is breached is through malware being downloaded by the user. In almost every case where malware is installed the reason is because the user was tricked into downloading it.

A common trick used by hackers is to plant malware in software and then place this software on a website. When a user visits the site, they are informed that they need to download the software in order for the site to load properly. Once downloaded, the malware infects the system. Other hackers send emails out with a file attached, where only the file contains malware.

There are a nearly limitless number of ways you can be tricked into downloading and installing malware. Luckily, there are steps you can take to avoid this:

  • Never download files from an untrusted location - If you are looking at a website that is asking you to download something, make sure it's from a company you know about and trust. If you are unsure, it's best to avoid downloading and installing the software.
  • Always look at the name of the file before downloading - Many pieces of malware are often disguised with file names that are similar to other files, with only a slight spelling mistake or some weird wording. If you are unsure about the file then don't download it. Instead, contact us as we may be able to help verify the authenticity or provide a similar app.
  • Stay away from torrents, sites with adult content, and movie streaming sites - These sites often contain malware, so it is best to avoid them altogether.
  • Always scan a file before installing it - If you do download files, be sure to get your virus scanner to scan these before you open the apps. Most scanners are equipped do this, normally by right-clicking on the file and selecting Scan with….

2. Hackers are able to alter the operating system settings

Many users are logged into their computers as admins. Being an administrator allows you to change any and all settings, install programs, and manage other accounts.

If a hacker manages to access your computer and you are set up as the admin, they will have full access to your computer. This means they could install other malicious software, change settings or even completely hijack the machine. The biggest worry about this however, is if a hacker gets access to a computer that is used to manage the overall network. Should this happen, they could gain control over all the systems on the network and do what they please on it.

In order to avoid this, you should ensure that if a user doesn't need to install files or change settings on the computer, they do not have administrator access. Beyond this, installing security software like anti-virus scanners and keeping them up to date, as well as conducting regular scans, will help reduce the chances of being infected, or seeing infections spread.

3. Someone physically accesses your computer

It really feels like almost every security threat these days is digital or is trying to infect your systems and network from the outside. However, there are many times when malware is introduced into systems, or data is stolen, because someone has physically had access to your systems.

For example, you leave your computer on when you go for lunch and someone walks up to it, plugs in a USB drive with malware on it and physically infects your system. Or, it could be they access your system and manually reset the password, thereby locking you out and giving them access.

What we are trying to say here is that not all infections or breaches arrive via the Internet. What we recommend is to ensure that you password protect your computer - you need to enter a password in order to access it. You should also be sure that when you are away from your computer it is either turned off, or you are logged off.

Beyond that, it is a good idea to disable drives like CD/DVD and connections like USB if you don't use them. This will limit the chances that someone will be able to use a CD or USB drive to infect your computer.

4. It's someone from within the company

We have seen a number of infections and security breaches that were carried out by a disgruntled employee. It could be that they delete essential data, or remove it from the system completely. Some have even gone so far as to introduce highly destructive malware.

While it would be great to say that every business has the best employees, there is always a chance a breach can be carried out by an employee. The most effective way to prevent this, aside from ensuring your employees are happy, is to limit access to systems.

Take a look at what your employees have access to. For example, you may find that people in marketing have access to finance files or even admin panels. The truth is, your employees don't need access to everything, so take steps to limit access to necessary systems. Combine this with the suggestions above - limiting admin access and installing scanners - and you can likely limit or even prevent employee initiated breaches.

5. Your password is compromised

Your password is the main way you can verify and access your accounts and systems. The issue is, many people have weak passwords. There has been a steady increase in the number of services that have been breached with user account data being stolen. If a hacker was to get a hold of say your username, and you have a weak password, it could only be a matter of time before they have access to your account.

If this happens, your account is compromised. Combine this with the fact that many people use the same password for multiple accounts, and you could see a massive breach leading to data being stolen, or worse - your identity.

It is therefore a good idea to use a separate password for each account you have. Also, make sure that the passwords used are strong and as different as possible from each other. One tool that could help ensure this is a password manager which generates a different password for each account.

If you are looking to learn more about ensuring your systems are secure, contact us today to learn about how our services can help.

Published with permission from TechAdvisory.org. Source.

Topic Security