Cybercriminals are everywhere. Both domestically and around the world, countless hackers work day in and day out to penetrate the digital defenses of businesses just like yours, using a variety of proven, effective, and ever-evolving methods. Whether they infect your system with malware hidden in a seemingly innocuous email attachment or con an unsuspecting employee out of vital information through social engineering, the end results are the same: data loss, financial damages, lawsuits, reputational damage, bankruptcy, and worse.
Our team of certified system professionals understand how serious the modern threat of cybercrime is to businesses in your industry, which is why we’ve developed this whitepaper as a vital resource to show you how hackers think, what methods they use, and how you can stop them from victimizing your business. Without the right knowledge, tools, and technology to prevent hackers from stealing your information, your business is left prone to a major data breach.
A recently popular type of malware is the “ransomware” variety, which encrypts a victim’s files (making them unreadable) and only offers the key to recover them after a ransom has been paid. The unfortunate reality is that when it comes to your business’ vulnerability to ransomware and other types of malware, it’s not a matter of IF, it’s a matter of WHEN. There are simply too many varieties of ransomware to guarantee total safety for your business.
IT security can be a complicated and scary subject when it comes to modern cybercrime tactics such as ransomware. Most business owners cannot confidently claim that their business’ network is secure. Can you?
When it comes to ransomware, the most important consideration is email security, and often, it can be as simple as ensuring that you and your staff know what to look for.
The short answer is lack of awareness. Almost no hacking attempt can be a success without the victim playing at least some role in the process, such as:
The bottom line is that digital security begins and ends with the user. Regardless of how modern, expensive or well-recommended your security software is, one wrong move by a single employee can be all it takes to infect your system. But that’s not the only threat to your security…
Outdated, unsecured, and just plain faulty technology is just as likely to make you an ideal target for hackers as an unsuspecting employee is. A major part of the investment in new technology is that it comes prepared to handle all previously identified hacking threats and security loopholes. The older your technology is, the more vulnerable it is to new hacking techniques. Here are three vital considerations you should keep in mind when evaluating your current technology:
It’s a word you’ve probably heard a lot. You know it’s bad, and that you have software (anti-malware) designed to help you stop it. But in the end, if you don’t really understand how the enemy operates, how can you expect to defeat it?
Malware comes in many different forms and is used by hackers in a number of different ways. It can be used to steal information, locate vulnerabilities in your IT systems for a secondary attack, or simply to cause damage. While cybercriminals continue to innovate new forms of malware and the ways they use it, there are currently three main types that you should be familiar with:
While there are currently three basic forms of ransomware, cybercrime methodology is constantly evolving. In order to stay effective, hackers work non-stop to find new ways to deploy ransomware; keep in mind that best practices can quickly become outdated.
When developing your ransomware defense, keep these recommendations in mind:
Seems like a lot, right?
That can be a lot to handle for a business owner like yourself. You have clients to see to, employees to manage, and more on your plate every single day; should you really be expected to also oversee regular maintenance of your cybersecurity all on your own?
Of course not!
The best way to ensure that your business is kept safe is by outsourcing your cybersecurity management to a reliable and experienced Managed Services Provider like our Information Systems experts. For an easily budgeted monthly flat rate, you can enjoy the peace of mind that comes with knowing your business is safe from the whatever modern cybercriminals may throw at it.
The recent announcement of the vulnerabilities found in the Intel, ARM, and AMD processors has sparked a new phishing campaign and not the good kind of fishing with bait and largemouth bass. Although, these hackers are using a particular kind of bait.
While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.
Be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.
WHAT IS PHISHING?
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. The “ph” replaces the “f” in homage to the first hackers, the “phone phreaks” from the 1960’s and 1970’s. Virtually anyone on the internet has seen a phishing attack. Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.
Many phishing sites look just like the sites that they are impersonating. Often, the only difference in many spoofed sites is slight, and easily missed the difference in the URLs. Visitors can easily be manipulated into disclosing confidential information or credentials to the hacker if they can be induced to click the link. Even blacklisted phishing sites can often get by standard filters through the technique of time-bombing the URLs. Then the URL will lead to an innocent URL initially to get past the filters but then redirect to a malicious site.
Although malware is harder to get past filters, recently discovered and zero-day malware stands an excellent chance of getting through standard filters and being clicked on, especially if malware hides in a non-executable file such as a PDF or Office document. This is how many of the recent ransomware attacks were pulled off.
Now with Meltdown and Spectre looming over us, the average person is more susceptible to “quick fixes” and solutions to this issue.
Despite the lack of personalization, an astonishing 20% of recipients will click on basically anything that makes it to their inbox.
Spear phishing is an enhanced version of phishing that aims at specific employees of the targeted organization. The goal is usually to gain unauthorized access to networks, data, and applications. In contrast to the mass emailing of a phishing attack, which might see hundreds of attack messages sent out to random recipients within the space of a couple of hours, spear phishing is methodical and focused on a single recipient. Often the initial email will contain no URL or attachment. Instead, it will simply try to invoke the recipient into thinking that the sender is who they say they are. Only later on will the hacker request confidential credentials or information, or send a booby-trapped URL or attachment.
The additional customization and targeting of a spear phishing email, along with the lack of easily recognized blacklisted URLs or malware customization results in click-rates more than 50%!
Potentially every Intel processor sold in the last 10 years could have a critical security vulnerability that puts users at severe risk.
It’s often these days that poor IT security comes down to something like human error, and lack of awareness on the users’ part. It’s less often that there’s a widespread design flaw discovered in the technology itself, which is exactly what happened with Intel this week.
The Register published an article this week detailing how every Intel processor produced over the course of the last decade is affected by a design flaw that would allow malicious programs to access and read what should otherwise be protected areas of a device’s kernel memory. Kernel memory is dedicated to essential core components of an operating system and how they interact with the hardware.
Even worse, a foundational flaw like this can’t be patched with a simple, everyday update – the problem is in the hardware, which means it needs an OS-level overwrite for every single operating system (Windows, Linux, and macOS).
In a statement released January 3rd, Intel claimed that this flaw isn’t necessarily unique to their processers.
“Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
According to Intel CEO Brian Krzanich, Intel was informed about the security flaw by Google a few months ago. Although the extent of this flaw isn’t fully known to the public right now, it appears that developers are working hard to patch systems over the course of the next few weeks.
That said, the patching process won’t be easy, given that it will involve severing kernel memory from user processes. In a nutshell, that means users will face major performance lags, anywhere from 5 – 30%, depending on the specifics of the device.
The fix works by moving the kernel to a totally separate address space, making it nonexistent — and therefore, inaccessible — to a running process. Unfortunately, this separation process takes a lot of time to perform, as it forces the processor to dump cached data and reload from memory every time it switches between two separate addresses. The end result is an increase in the kernel’s overhead and a slower computer.
While it may not be noticeable for the average user on their home PC, this kind of lag will likely affect businesses using enterprise-grade cloud configurations the most. Be sure to keep an eye on this developing issue in order to ensure your Intel-based devices are properly patched.
As always, the best way to stay aware of threats like this, as well as protect against them, is to work with an expert partner. Our team of cybersecurity professionals will help you stay ahead of exposed vulnerabilities like these so that you can remain safe and focus on the work your business does.
Ransomware is now a household name, and there’s no going back. Even though cybercriminals have been using ransomware for years now, it wasn’t until the global WannaCry attack that awareness reached critical mass.
Doctors and nurses went to work as usual last May in the UK’s Central Manchester University Hospital, but when they went to turn on their computers, all computer systems began crashing. Messages began to pop up on their computer screens demanding $300 in Bitcoin in exchange for restored access – the WannaCry ransomware had struck.
Targeted Manchester hospitals claimed that no patient info was compromised, but they did have to suspend services. The BBC reported that other hospitals in London, Nottingham, Hertfordshire, and Blackburn had also been attacked and that some phone systems went down for a period of time. Doctors and nurses were forced to use pens and paper to keep track of patient information. Once medical organizations across the UK had realized what was happening, some of them disconnected from servers at the National Health Service to try and avoid being attacked.
Exploiting Microsoft’s Operating System
This is just one of the many stories that have unfolded over the last year where large organizations were targeted with one of the largest ransomware attacks in history, named “WannaCry”. Though experts did not know this at the time, WannaCry is a ransomware cryptoworm developed by North Korea and aimed at Microsoft operating systems.
Though it seems unbelievable, there have now been more than 100 attacks like this across 150 countries just this past year. Most anti-virus software makers have scrambled to get ahead of these attacks. Once Microsoft’s experts had found that the attacks took advantage of a Windows vulnerability, they quickly released patches for computers running all versions of the operating system, including older versions such as Windows XP, Windows Server 2003 and Windows 8.
Kurt Baumgartner, at the security firm Kaspersky Lab, explained how effective and how quickly WannaCry ransomware can strike.
“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Baumgartner. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”
Other experts in the field of Cyber Security found evidence that these attacks were made using a variation of the malware called, “Wanna Decryptor”. This program is a Trojan virus that utilizes AES-128 encryption to make all files inaccessible to users.
Though many of the ransomware attacks were launched against the UK, Russia, Taiwan, and Ukraine, global firms like FedEx have come under assault as well. Officials from Europol said that the attacks were of an “unprecedented level and require international investigation.”
Meanwhile, China reported a massive attack against PetroChina that took some time to resolve; as a result, customers were forced to pay cash at all PetroChina gas stations until the ransom had been paid.
Spain also reported an attack against Telefónica, a large telecom organization. Their experts were able to determine that the attacks were spread through a vulnerability called “EternalBlue.” Their IT department quickly created a patch to prevent the bug from spreading.
Controlled Folder Access For Windows 10
All of these attacks were launched against Windows-based systems, leaving IT security experts at Microsoft to take quick action to develop and release patches and other tools to stop cybercriminals. The fall updates to Windows 10 included many new improvements aimed at providing a much higher level of protection. One of these, known as Windows 10 FCU, has proven especially useful. Also known as Controlled Folder Access, this update protects files and folders from ransomware attacks using a simple methodology.
The exploit is based on the fact that most Windows programs have access to all files and folders on a computer system, which made it much too easy for hackers to gain access to those files and wreak havoc. Unrestricted access to files and folders might be convenient for users, but it opens the door to virus and ransomware attacks.
Customizing Your Operating System
Though many users are not aware, Windows gives you the ability to greatly customize your operating system, including the capability to take action to protect your data from hackers. Using Controlled Folder Access, you can modify access to your important data, so that these files are given an extra layer of protection. If any program tries to modify files that have been placed in the “protected folder”, they will be blocked. This feature is found in Windows Defender.
Follow these steps to enable Controlled Folder Access on your computer:
Granting manual access to programs
The most significant drawback to using this feature is that some of your favorite apps or programs may be blocked. The solution is simple: Manually grant access for these programs. Just below the toggle button, you’ll find a link called, “Allow an app through Controlled folder access”. Click on that and a new dialog box appears. Now click the “Plus” sign out beside “Add an allowed app”.
The familiar “Open a File” window on your computer will automatically open, giving you the ability to click on whatever file, folder or program you would like to exclude. Navigate to the EXE file and then click on “Open”. You have successfully added this program to your exclusions list.
This works for all your favorite programs like Photoshop, Dragon Naturally Speaking, and Quickbooks. Please note that Windows has its own list of “safe” programs that are already included, so there’s no need to grant manual access to programs like Excel and Publisher.
For more information about the latest IT security threats and how to protect you and your business against them, get in touch with our team of cyber security experts.