Now that the holidays have come and gone, you might have a couple of new gadgets in your home or office that connect to the Internet. Depending on what these gadgets are, you might have a serious security issue sitting right in front of you without realizing it. Some devices that don’t normally connect to the Internet--also known as Internet of Things devices (IoT)--aren’t as secure as you’d like them to be, particularly in a business environment.
While modern security solutions have made great strides to protect businesses, there are still a lot of threats out there that can create problems for your organization. If you don’t take a proactive stance on security, you could potentially expose your network to incoming threats of all kinds. We’ll help your business understand what threats are out there, why they are dangerous, and what you can do to keep your organization secure.
It can be easy to underestimate the importance of monitoring your solutions, to adopt an “out of sight, out of mind” mentality. However, the benefits of persistent monitoring were recently thrust into the spotlight, when 24 spammers were arrested in October by the Delhi Police’s cyber cell for impersonating Microsoft support staff and duping American citizens.
If your business was breached, would it be better to keep it a secret, or should you disclose it to your clients? Uber has proven that trying to hide it is a mistake, and a costly one at that.
We continually cite just how important IT security is, but like most things, people may not completely understand just how crucial it is until it hits home. Otsego County, would seem to be too small of a place to attract a hacker’s attention, but the Otsego County county government network was reportedly attacked. County Information Technology Director Brian Pokorny said hackers gained access to the county website and other files through a zero-day vulnerability,
Every business in operation today needs to have some kind of comprehensive network security. Simply put, there are too many threats that can come in through an Internet connection for them to continue doing otherwise. The past year provides plenty of anecdotal proof of this fact, as a quick glance back can show.
Today, we’ve compiled some statistics that give these threats context, as well as a list of some of the most devastating hacks from the first half of 2018. Hopefully, these lists will put into perspective just how important building a network security strategy is for your company. Here are some statistics to help reinforce just how important cybersecurity is:In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.Nearly 1-in-3 organization have experienced some sort of cyberattack in the past.Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.100,000 organizations were infected with the WannaCry ransomware (400,000 machines).5.4 billion WannaCry attacks were blocked in 2017.The average monetary cost of a malware attack is $2.4 million.The average time cost of a malware is 50 days.Ransomware cost organization’s over $5 billion in 2017.20 percent of cyberattacks come from China, 11 percent from the United States, and six percent from the Russian Federation.Phone numbers are the most leaked information.21 percent of files are completely unprotected.41 percent of companies have over 1,000 sensitive files left unprotected.Ransomware is growing at 350 percent annually.IoT-based attacks are growing at about 500 percent per year.Ransomware attacks are expected to quadruple by 2020.7.7 percent of web requests lead to malware.There were 54 percent more types of malware in 2017 than there were in 2016.The cybersecurity market will be worth over $1 trillion by 2025.
If that isn’t scary enough, below are some of the attacks that have taken place in 2018. We’ve broken them down into public (individuals, governments, etc.), and private (businesses). Keep in mind all these events took place before the calendar turned to July:
Public JanuaryThe Department of Homeland Security was affected by a data breach that exposed information about 247,167 current and former employees.
MarchAtlanta, Georgia was targeted by a ransomware attack called SamSam. This resulted in a massive problem for their municipal infrastructure. The ransom price given was $51,000, but Atlanta’s leadership refused to meet these demands. Overall, the numbers show that Atlanta has spent more than 10 times that number in the fallout of the attack. Some estimates place the actual cost of this event at nearly $20 million.India’s national ID database, Aadhaar, leaked data of over a billion people. This is one of the largest data breaches in history. A user could pay 500 rupees, equal to about $7, to get the login credentials that allowed anyone to enter a person’s 12-digit code for their personal information. For 300 rupees, or about $4.20, users could also access software that could print an ID card for anyone associated with the database.Cambridge Analytica, a data analytics company that U.S. President Donald Trump used to help his campaign, harvested personal information from over 50 million Facebook users without asking for their permission. Facebook hasn’t called this a data breach, but Cambridge Analytica has since been banned from using the service thanks to this event.
Printers, along with every other piece of equipment that is on your network, require careful configuration and regular upkeep to ensure that they aren’t putting your data and users at risk. Security researchers recently discovered two massive vulnerabilities in HP Officejet All-in-One printers that make it incredibly easy for hackers to spread malware and gain access to a company’s network.
The term “hacker” is possibly one of the best-known technology-related terms there is, thanks to popular culture. Properties like The Girl with the Dragon Tattoo and the Die Hard franchise have given the layman a distinct impression of what a hacker is. Unfortunately, this impression isn’t always accurate. Here, we’ll discuss what real-life hackers are like, and the different varieties there are.
It doesn’t matter how much of a technology novice someone is, chances are, they’ve heard the term “hacker” before. A favorite character trope of Hollywood films and television dramas, these cybercriminals have appeared in productions like Die Hard and Mr. Robot with varying degrees of accuracy. Below, we explore what makes a hacker, and the kinds that exist in reality.
Cryptocurrencies are still one of the better known uses of blockchain technology, and though their values seem to have leveled off since the explosive growth they experienced a few months ago, that has not stopped people from seeking them out. Of course, where there’s money to be had, you’re sure to find cybercriminals.
Social media has been an emerging technology in recent years, and has produced many threats. Hackers have learned that they can take advantage of these communication mediums to launch dangerous new attacks on unsuspecting users. With enough ingenuity on a hacker’s part, they can potentially steal the identity of a social media user. Here are some of the best ways that your organization can combat identity theft through social media.
We are going to switch things up a bit and walk you through a retelling of a ransomware attack through the eyes of a business owner. Usually when we talk about these types of threats, we approach it from our perspective and talk about what you should do to prepare and what the threats are, but we wanted to try to show you what an event like this could feel like, for you, in your position, and in your own eyes. We hope that this will raise awareness of how crippling an event like this can be on your company, and we hope you let us know if this perspective helps you, your colleagues, and your staff get a more personal sense of what ransomware can do. Enjoy!
Hackers are always trying to find creative and new ways to steal data and information from businesses. While spam (unwanted messages in your email inbox) has been around for a very long time, phishing emails have risen in popularity because they are more effective at achieving the desired endgame. How can you make sure that phishing scams don’t harm your business in the future?
The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.
Few security problems are more dangerous than a network breach. Considering how much you could lose from an unexpected bout with a hacker, it’s no surprise that businesses are concerned. Yet, even some of the most troublesome threats like phishing attacks are often ignored. A new study introduces the groundbreaking thought that phishing attacks should be at the forefront of a business owner’s mind regarding network security.
If your business were to be struck by a Distributed Denial of Services (DDoS) attack, would it be able to recover in a timely manner? Do you have measures put into place to keep them from hampering your operations? While most organizations claim to have sufficient protection against these dangerous attacks, over half of them have simply proven to be ineffective against DDoS.
Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.
The 2016 United States presidential election was an ugly one for multiple reasons--chief among them the accusation that hacked voting machines could have altered the outcome of the election significantly. Thankfully, there are steps being taken to alleviate the worries that third parties might alter the outcome of such important events.
Dealing with disasters are a part of doing business. You know how difficult it is to recover from a devastating flood or storm. While businesses tend to suffer from these situations, countless individuals suffer every time a natural disaster hits. Just take a look at the United States in recent weeks. Even though you may want to donate to people suffering from hurricanes, there are illegitimate charities out there that want to make a quick buck off of your generosity.
On June 12th, the U.S. Department of Homeland Security issued a warning to power grid operators and electric utilities concerning a newly surfaced malware called CrashOverride (aka Industroyer). Only, it’s not entirely new. The world has seen this before and the fallout from it is concerning.
How much do you think a criminal would pay for your company’s sensitive data that’s been stolen by hackers? As it turns out, your data may not be worth as much as you may think, and that’s a bad thing for you and your business.
If fiscal reasons have stopped you from securing your network against ransomware thus far, you may want to reconsider your strategy. Not only are attacks still becoming more and more prevalent, but the developers of ransomware have lowered the price of admission for aspiring cyber criminals. Fortunately, there are some steps you can take to keep your business protected against a ransomware attack.
One thing that both fishing and phishing have in common is the use of lures. With the right lure, the chance of successfully catching the target improves. When it comes to the digital lures seen in phishing scams, research shows that social media is the most effective.
When you hear the term “hacker,” what do you imagine? You likely see what many see, a lone user hunched over a computer, creating chaos for chaos’ sake. However, this is a dangerously narrow view of those who qualify as “hackers.”
Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.
Is your business prepared to handle all kind of online threats? A recent study shows that it probably isn’t. According to the think tank Ponemon Institute, four out of five businesses don’t have the infrastructure or security experts they need to spot and prevent incoming cyber attacks from succeeding. This is a significant statistic that can’t be ignored, especially if you want to secure your business.
Visa customers have reason to worry as a new research paper in the academic journal IEEE Security & Privacy revealed a weak spot in online credit card security that allows hackers virtually unlimited hacking attempts at Visa accounts. What's worse, the vulnerability lies in the way merchants accept online payments, meaning that there's little the average Visa card customer can do to protect themselves.
The vulnerability lies in the fact that the Visa payment system allows users to attempt all possible permutations and combinations of expiration dates and CVV numbers across hundreds of websites. To exploit this vulnerability, hackers can use a technique called Distributed Guessing Attack (which is similar to a DDoS attack). When this technique is executed properly, a hacker can recover a credit card's security information in as little as six seconds.
How Does Distributed Guessing Attacks Work?
At the heart of the issue is the fact that an online Visa payment system allows a maximum of 20 attempts per card in order to guess credentials like card numbers, expiration dates, and CVV numbers. That number may sound reasonable enough, but considering that all of the various payment websites do not coordinate their security efforts regarding the attempted use of a particular credit card, nothing stops a hacker from simultaneously running number combinations through the payment system on several websites until a working expiration date and CVV number is found.
Considering that it only takes 1,000 attempts to crack a three character CVV number and only 60 attempts to guess the correct expiration date, a hacker doesn't have to attempt their guesswork on many sites before successfully gaining access to the funds associated with that Visa account. Essentially, it plays out like a twisted version of the classic game 20 Questions.
The average business owner may already be aware of what are called phishing attacks - scams that attempt to deceive and trick users into handing over sensitive credentials. However, not all phishing attacks are of the same severity, and some are only interested in hauling in the big catch. These types of attacks are called “whaling,” and are often executed in the business environment under the guise of executive authority.
In a bizarre reminder of why security best practices are so critical to the world of IT, it has been reported that one of the largest collections of hacked and stolen login details are currently making the rounds in the Russian black market.
Hackers have proven that they will do whatever it takes to get to your valuable assets, even if it means taking advantage of physical objects that work alongside a specific frequency. As it turns out, this is exactly how hacking a garage door works, and all it takes is a decade-old communications device to capture the frequency and unlock any garage door that utilizes it.
Any business that deals with online technology needs to be aware of the dangers that come with the territory. Hackers are more common nowadays than ever before, and organizations that don’t take a proactive approach to keeping threats out of their systems will have to suffer the consequences. Unfortunately, some organizations won’t be aware that they’ve been hacked until it’s far too late.
The Internet is a fantastic tool that has ushered in an era of productivity and connectivity that we could only previously have dreamed of. Unfortunately, like every great tool, it can be used for darker, malicious purposes. In the Internet’s case, it’s used for anonymous illegal activity, like drug trafficking or selling data on the black market.
2015 was a brutal year for major corporations, as one by one they fell victim to hacking attacks. Major organizations like Blue Cross Blue Shield, Anthem, and even the United States Office of Personnel became victims of major hacking campaigns. A fact that’s often lost amongst these details is that not all hackers use their skill for evil actions, even if they are still illegal.
Virtually every kind of online account requires a password. Yet, due to the aggressive nature of hackers, passwords alone are no longer enough to protect your information. The best way to approach network security is to have more protections in place than just a flimsy password.
Let’s say you get an email from a close friend. It looks like it’s legitimate, until you check the contents of the message. It’s an advertisement, or it’s trying to get you to click on a link to see something “important.” Regardless of what the content of the message is, you should probably slap that bad boy in the Spam section of your email inbox. You’ve just been the target of email spoofing, and it’s more common than you might think.
Whenever hackers show themselves, they always spell trouble. Whether it’s stealing credentials or completely taking over someone’s computer, a hacker has a plethora of targets and methods that can be irritating for the average PC user, or business executive. In fact, hackers are so crafty that they can even hack into hospital equipment.
Technology is often exploited by hackers for their benefit, but one avenue of attack that’s consistently neglected is the mobile device. Smartphones and tablets are arguably at greater risk than desktops and workstations due to them being exposed to more wireless networks. One of the greatest threats to these devices is the botnet, a threat that usually targets desktop computers, enslaving them and turning the machine against its owner (and the rest of the Internet).
One minute you’re browsing trusted sites on the Internet, the next, your PC freezes up and displays the dreaded blue screen of death, along with a fake tech support message. This strain of malware is duping plenty of computer users into calling the provided phone number, which only makes the situation worse.
One of the most masterful arts of deception that hackers use is the phishing attack, which attempts steal sensitive credentials from unwary victims. The anonymity afforded to criminals on the Internet is what makes this possible. Using phishing attacks, hackers attempt to steal credentials or personal records by forging their identities. What’s the best way to protect your business from these attacks?
We write about cyber security all of the time, and for good reason. You need to be sure that your organization’s defenses are bulletproof, or at least optimized for maximum security. A recent debacle in the United States serves as a reminder that even high-level, super-secret government accounts can be hacked, like this story from the Central Intelligence Agency (CIA).
This October is Cybersecurity Month! Some businesses think that they’re immune to hacking attacks because they’re “low profile” compared to huge corporations. However, the truth of the matter is that your organization is just as much at risk as they are. This month, take measures to keep your organization’s data safe, or risk losing everything in the fallout of a hacking attack.
Malware that targets ATMs isn’t a new concept. After all, ATMs use internal computers that can be hacked just the same as any old workstation. The prime difference is that hacking into an ATM allows for a direct dispensing of cash, rather than some crafty behind-the-scenes action. A new type of ATM malware, titled GreenDispenser, is a cause for concern in Mexico, and could spread to other countries if left unchecked.
Have you ever wondered what hackers do with all of the data they steal on a regular basis? Sure, they could go public with it like they did with the Ashley Madison and Sony hacks, or they could sell it and make some quick cash. Credentials like passwords, usernames, Social Security numbers, and more, can be sold for top dollar in illegal markets, but how much can your identity go for?
Ransomware is one of the most devastating computer viruses in today’s computing landscape. You may have heard of one of its most famous variations, Cryptolocker. It received a lot of attention when it dramatically hit the scene two short years ago. Thankfully, the threat from CryptoLocker has decreased after the GameOver Zeus botnet was taken down last year. Although, now we’ve got a new, more contagious strain of this ransomware to deal with known as Cryptowall.
One of the primary threats that business networks are trying to protect themselves from is malware. We’re all aware of how much damage a stray piece of malware can inflict on a business, as they can perform functions like lock down files, steal sensitive data, and distribute crippling viruses. In recent developments, studies are showing that malware is now involved in less than half of all reported hacking attacks, and that more sophisticated measures are now being taken to exploit unwary users.
It’s been two years since the world was introduced to CryptoLocker, a particularly-nasty ransomware that encrypts a computer’s data while giving the user a deadline to pay a ransom for the encryption key, or else have their data destroyed. What we’re seeing now is that the reach of CryptoLocker is extending beyond the average PC user; even gamers are getting owned by Cryptolocker.
For many Windows users, the fact that Microsoft is issuing Windows 10 incrementally came as a shock for those who patiently waited for its release date. While users wait, however, hackers are taking advantage of those who are less patient by creating a ransomware that disguises itself as a launcher for a Windows 10 download. So, while you sit and wait for your version of the latest OS, don’t fall prey to deals that seem too good to be true.
For argument’s sake, do you think society today relies too much on technology? In the Information Age, both businesses and governments have to be more careful than ever about how they approach cybersecurity. However, what would happen if a massive cyber war were to render any and all computing systems in the United States inert? Granted, such a powerful, in-depth attack is unlikely, but it’s sometimes fun (and frightening) to examine the worst-case scenario.
Since the dawn of the computing age, hackers have taken advantage of all sorts of tactics in order to crack systems and ruin lives. With the Internet of Things bringing connected devices from all over the place into the mix, there are more opportunities than ever to take advantage of unsuspecting users. In fact, even car computers are capable of being hacked.
Hackers are always coming up with new, unprecedented methods of hacking unsuspecting victims. Despite their best efforts, technology professionals have managed to keep up with threats, but this only forces threats to continue to innovate. In fact, some hackers are even capable of using radio signals to hack into an unconnected device and steal confidential corporate data.
In today’s society, we throw the word “hack,” around without a second thought. This is especially true in the realm of cyber security for businesses. Have you ever taken a moment to think about why the term “hacker” was chosen as the title for those who partake in sketchy online activity? What exactly makes a hacker, a hacker?
Normally in cybersecurity, we hear about hacking attacks and immediately sympathize with the victim. It’s usually an individual or a business that suffers the most; yet, a recent trend is showing that hackers are lashing out at one another in response to certain threats. In response to a hack from the cyberespionage group Naikon, another group, Hellsing, retaliated with their own attack.
Just like Silk Road (the illegal online black market designed to smuggle drugs around the world), there exists an online trade for zero-day exploits. Unsurprisingly, hackers find it exceptionally lucrative to sell these exploits for profit. Now, there’s a new marketplace where hackers can get their hands on these vulnerabilities, and it’s all thanks to the anonymity of the Darknet.
Arguably one of the most imperative assets for any government is an IT infrastructure, and in 2015, the U.S. government is realizing that security breaches are some of the most dangerous cyber threats to watch out for. As evidenced by the U.S. Department of Homeland Security, IT security is just as important as other matters of national security.
Most hacking attacks are the result of a flaw or vulnerability found within the code of a program or operating system, but we rarely take into account the ones that don’t. Hackers often take advantage of the human side of hacking as well, a process known as “social engineering.” This is usually the act of conning users into handing over personal information of their own free will, and it’s surprisingly effective.
Even the most innocent Internet user can fall victim to the stray hacking attack, and it’s all thanks to the manner in which malware reverse-engineers software. This process is how a hacker finds vulnerabilities in software. However, a new security concept might be able to protect software from the reverse-engineering method used by hackers.
One would assume that software preinstalled on a new PC is secure and has been properly vetted by the manufacturer. This is the case 99 percent of the time, but an exception has recently been discovered with the Superfish app, which came installed on new Lenovo computers sold between September and December of 2014. How can you protect your PC from this fishy security threat?
Probably one of the more dangerous hacks so far in 2015, healthcare-provider Anthem has been breached by hackers and its data accessed. The breach may have provided the hackers with up to 80 million sensitive customer records, including Social Security numbers, dates of birth, and much, much more.
A couple of big names stand out when it comes to hacking attacks, but the recent Sony hack has really taken the cake. The GOP, who call themselves the “Guardians of Peace,” have exposed a ton of details to the public, including the company’s budget, their plans for layoffs, and 3,800 employee Social Security numbers. Now, they’ve released even more information; this time, it’s leaked personal emails, and judging from the content of them, Sony never wanted them to see the light of day.
The Internet is up to its ears with threats and hackers, but some of the most annoying malicious entities are bots. These are systems which can gather information from all kinds of sources. While some aren’t malicious in nature (think SEO bots which gather data from websites), there are those that aren’t so innocent. These tend to fall into the hands of hackers and attempt to steal information or send spam.
When a virus infects your computer, you may not know about it until it’s too late. Like a biological virus, the damage it does to your system can be minimized if it’s caught early on. Stopping a computer virus early is possible if you know what symptoms to look for. Is your PC infected? Here are four signs you’ve been hacked.
This holiday season might leave technology and entertainment supergiant Sony with nothing but a big lump of coal in its stocking. In a high-profile hack, hackers continue to leak Sony’s employees’ sensitive information like Social Security numbers, passports, and even personal emails. This is obviously an issue for the company, but so is its lack of IT security, as shown by their passwords being stored in a folder named “Passwords.”
In the past, we’ve been known to go into detail about threats, vulnerabilities, and how to protect your business while online. Distributed denial of service (DDoS) attacks aren’t new in the technology world, but notorious hacking group Lizard Squad has somehow managed to take out Internet service for much of Sweden with a faulty DDoS attack; an unprecedented feat, especially for a ragtag group of irate gamers.
Hackers come in all shapes and sizes, with varied levels of skills to boot. The generic garden-variety hacker will probably only try to hack your email and send spam, or steal your personal information. However, there are much worse threats out there, like APT hackers. This week, we’ll cover how you can spot these wolves in sheep’s clothing.
Our minds often attribute unexplained phenomena with hauntings from ghosts. Most of the time, there's a perfectly good scientific explanation for what's going on. If you ever see your computer's cursor move on its own, your PC isn't haunted. Although, you might prefer a haunting to what's really happening; a hacker is probably stealing your data. Now that's scary!
The latest threats can put a damper on your business plan and put your company at risk. Therefore, it's only natural to protect yourself from them. This new threat in particular, Cryptowall 2.0, has the potential to do plenty of heavy-duty damage to your business's network, if given the opportunity.
A new threat, dubbed Sandworm by iSight Partners, has been discovered. It is a cyber espionage campaign dating back to at least 2009, and is said to be based in Russia. Sandworm uses a previously undiscovered zero-day vulnerability in Windows operating systems to steal information from government leaders and organizations.
Hackers are mysterious. Not much is known about them - until they get caught, at least. But until the divine hammer of justice is brought down upon them, they will continue to stalk the shadows and wait for us to unknowingly hand over our personal information. What they don't want you to know is that they generally act according to a few particular variables, and that it is possible to avoid their pitfalls.
When you were a kid, did you ever ask your parents for a cool new toy only to have your request denied because you were in the habit of breaking everything? Your parents would point out your destructive habit and tell you, "This is why we can't have nice things." As an adult, the coolest toy is the Internet and hackers want to break it.
Hackers have many different tools at their disposal to access your computer. Some of these tools can even control your machine! When a hacker controls your PC, your computer is now part of a network made up of other compromised devices that they control. This compromised network is known as a botnet, and you don't want to be part of it!
Are you aware of the value of your company's data? If you lost it all today, what would it cost your business in terms of productivity, downtime, and liability? Security precautions need to be taken in order to keep your data safe, including data backups. However, after you have a backup system in place, don't neglect the need to secure those backup files!