Network Security Archives - Page 4 of 6

Malvertising Rising and Malware Mayhem

by EstesCloud | Nov 5, 2020 | Cloud, Managed IT Services, Network Security, Security

What is Malvertising?

Malvertising is a pet name for malware that’s delivered through online advertising techniques. The ads look authentic. Often, legitimate third-party marketing companies distribute them to reputable websites. Cybercriminals circulate this malware by posing as advertising careerists. The trick’s in the click. A banner ad tempts the viewer into clicking the offer. A successful malvertising campaign has an attractive (and secretly infected) ad laced to a convincing call to action. Malvertising malware attacks via reputable advertising networks, so it’s a more challenging threat than typical adware.

Red Teaming and the Big Bad Ad

Malvertising is only one of many types of malware, and understanding this cyberthreat’s origins can help you prevent a security breach. So, before you click on a cute kitten in a banner ad or click a link that claims you won a free skiing trip to Colorado, consider if the offer is legit. Moreover, is it even possible?

Unfortunately, the online ads of a hacker often appear to be from a reputable source. For full protection, ad blockers can prevent a malicious ad from ever appearing in your web browser. But if you do click on an ad and get suspicious results, you can take some steps to save your system:

Report the incident to an IT specialist for investigation.
Scan your operating system immediately, looking for malicious software and fileless malware.
After all vulnerabilities are addressed, use advanced cybersecurity testing methods to ensure advanced attacks can’t penetrate your system.

Types of Malware

To demonstrate the importance of cybersecurity, let’s look at some of the most common types of malware infecting businesses this year. At the same time, let’s consider managed IT services that can solve the problem of cyberthreats. First, let’s ask a few questions to see if your devices are prepared for the disaster of a cyberattack:

Do you have an incident response policy?
Do you have a business continuity plan?
When disaster strikes, will your team know how to respond?
Can your team recognize different types of malware and respond intelligently to threats?

Viruses

Once a virus gets into a computer, it propagates by copying itself. Hence, it infects another program and then another, and this continues through a viral spread similar to a cold or flu outbreak. If you’ve installed a free version of an antivirus software, consider upgrading to a more comprehensive cyber security solution. You can’t remove all malware with a simple click of a button, so if you think you’ve been hit with a computer virus, consult with an IT expert. Meanwhile, alert colleagues that a virus has entered the building.

There are many types of malware that fall into the realm of “virus” and are therefore covered by antivirus programs. For example, you can pick up worms and trojans while browsing online or while opening emails. Fortunately, a click, a download or a similar user behavior is required to activate this type of malware. This means that we can proactively stop viruses by training users while protecting them with antivirus software. Cybersecurity awareness and training can help users interact with devices in ways that prevent the spread of computer viruses. Most importantly, you can keep your software, including anti-malware software, up to date and patched.

Spyware

If you imagine malware is a person, then spyware is the undercover intelligence of the hacking world. Primarily, it enters personal and business networks through legitimate downloads. It slips into the system undetected and then spies on your personal information, sharing your sensitive data with the people behind the cyberattack. Hackers frequently access accounts simply by guessing the username and password. Multi-factor authentication or an installation of a password manager can help prevent a spyware attack.

Similar to malvertising, spyware poses an internet security risk that is difficult for users to detect. Cybersecurity security specialists can help because they’re trained IT professionals who can see the trickery that is often invisible to you and other users. Once spyware is in your computer, it collects your information through a keystroke logger or a screen capture software. At the same time as it’s capturing your data, it can send it to a hacker via a portal like a malicious website. This data can then be used to launch a more advanced attack like ransomware.

Do you have spyware on any of your devices? A security audit and a workstation assessment can detect network threats and vulnerabilities. A dark web scan can determine if you’re at increased risk due to past data breaches.

Ransomware

The popularity of cryptocurrency encouraged the propagation of ransomware. In fact, ransomware now stands as the biggest cyberthreat for small businesses. Rather than destroying data, ransomware usually holds it hostage until the ransomed business owner pays a fee to free the system from the attacker. If the ransom isn’t paid, then the hacker will destroy or keep the data. This private information can end up on the dark web market, resulting in unknown and untraceable crimes. How does ransomware gain access to your network? This type of malware often begins with a malvertising click.

If attacked, should you pay the ransom? One of the great benefits of partnering with a managed IT services firm like EstesGroup is that you will have IT specialists helping you when and if you’re ever the target of a ransomware attack. Proactive IT strategy can prevent revenue lost to ransomware fees. When you deploy backup and disaster recovery solutions, you don’t have to budget to pay off the cybercriminal behind your ransomware. You can ignore the attack completely if your data is replicated through a cloud-based DRaaS solution. Rather that pay the hacker, you can contact your IT specialist to handle the problem for you. Additionally, you can prevent the problem with cybersecurity solutions. For example, we can completely block risky internet traffic that harbors ransomware.

Botware

Fear not the bots? Botware floods your devices with denial-of-service attacks. It buries its own method in mystery. If your computer’s CPU is in overdrive because of a botware installation running in the shadows, then you’ll notice an overactive fan and a higher electric bill. Botware can be difficult to detect but can create havoc by replicating itself into seemingly legitimate applications. Clear botware from your system with anti-malware services.

Malvertising & Malicious Adware

Malvertising attacks are on the rise. Pop-ups, widgets, apps, and toolbars all can infect computers. Clicks and other user interactions trigger malware infections. Fortunately, Google created tools and educational resources for users to easily understand and report a malvertising campaign.

Cybercriminals often use display advertisements to deceive users. Auto-redirecting ads work by tempting the viewer into a click that takes the victim to a phishing site. Advanced cybersecurity solutions can detect malicious code in these ads. However, corporate data is safest if ad blockers are installed.

A common malvertising trick tempts the viewer into a free security scan. During the scan, the cybercriminal gains access to the computer. Then, the hacker can install any type of malware. If you use a third-party marketing firm for your business, you might host malware through ads that appear legitimate. If this happens, Google will penalize your site. Therefore, take caution when using third-party marketing tools.

Marketing Mimicry: How You Become the Malware

Malicious advertising easily tricks you into a click, so keep vigilant, especially when interacting with display ads. Be sure to report any suspicious ads to Google. If the ad’s script contains suspicious code, including encrypted code, then remove the ad immediately and file a report. Display advertisements often distribute malware to businesses through auto-redirecting ads that lead to a phishing page. If you avoid the click bait, then you prevent malicious code from attacking your computer system. Here’s a malvertising play-by-play that gives you an example of how this type of malware attack might unfold:

You sign up for a third-party marketing service, and the company distributes banner ads to help you grow your business.
A cybercriminal creates an ad that’s infected with malicious code.
Someone sees your ad and clicks, and the malvertising ad redirects the victim to a phishing site.
The cybercrime victim spots the threat and reports your malicious advertising campaign to Google. As a result, you’re flagged by Google for hosting malware. In turn, this penalty hurts your online presence.

Magnificent Malware: And Then What Happens?

Malicious advertising harms businesses. It hits everything from law firms to real estate agencies. What will you do if you’re a victim of malicious click bait? First, you should report the attack. Then, you should create new cybersecurity policies that include ad verification steps. Be careful of all ads that you see online, especially if they appear in the form of pop-ups. For the safety of your business, consider blocking all ads and deploying robust malware protection across networks and devices.

If you see something that you think shouldn’t be in your software, give us a call, and we’ll help you analyze suspicious code. If your business depends on sensitive data, consider managed security solutions, including managed application hosting. Enterprise resource planning systems are complex and frequently targeted by cybercrime. EstesGroup combines IT with business application expertise to keep Epicor, Syspro, QuickBooks, Sage, and other ERP systems working optimally. We host large organizations on our secure server through virtual office technology.

Cloud Technology and Managed Application Hosting Protection

EstesCloud protects businesses from all types of malware. Our SECaaS (Security as a Service) solution lets you do the work only you can do, while our IT consultants protect your hard work. Our IT services cover every stage of business development, growth and change. In fact, our IT consultants work closely with our ERP specialists to build custom solutions for your technology infrastructure. For example, our Epicor consulting services complement our managed application hosting and managed security solutions for Department of Defense manufacturers.

Benefits of Managed IT Services For Your Business

by EstesCloud | Oct 23, 2020 | Cloud, Hosting, Managed IT Services, Network Security

Is IT at the heart of your company?

Imagine your company is a heart, and managed IT services provide the health benefits to sustain your entire business system. You do the work you love, and your customers, your employees, and your products keep the beat. Technology is the energy that feeds each beat, helping you keep your rhythm. On that note, let’s look at the top benefits of managed IT services and how outsourcing some of your technology infrastructure can bring new value to your business.

Benefits of managed IT services for IT networks

Attention from an IT managed services provider gives you freedom.

If you’re a small business owner, you might have core people wearing the hats of IT, without the time or resources to fully engage new technology. Whenever you supplement your internal resources with external IT consulting experts, you open up time to focus on what you do best. Likewise, you free your people, meaning they’ll have more time for creativity and thought leadership in your organization. By freeing your core team from the responsibilities attached to the fast-changing complexities of technology, you ensure focus on your products, your processes, and your customer service.

Risk management, as a central feature of IT solutions, ensures uptime.

Straightaway, one of the top benefits of managed IT services is that you don’t have to worry about your backups. Similarly, your cybersecurity infrastructure and your compliance adherence is always at its best. As a result, you experience more uptime. Less time is lost to researching the latest security software or the most recent regulations affecting your industry. Moreover, a managed services provider (MSP) provides a solid risk management plan:

Data management, including backup solutions and backup testing
Network care, including network administration and security
Systems and software support, including 24/7 incident response monitoring and assistance
User training and testing capabilities, including penetration testing and real-time analytics
Audit and assessment management, including planning and scheduling

Supporting in-house talent with out-house IT skillsets

You wouldn’t want to ask your employees to beat your heart for you. Many companies find themselves in this sort of “CPR for IT” scenario. A break-fix methodology might work for a glitch in your network. However, more robust attacks can quickly sap the life from your core.

Sooner or later, you’ll find yourself in a situation that needs a more heroic save. Eventually, an aging server or a spear phishing attack will make you consider outsourcing some of the more difficult technology management. Whether you’re looking at cybersecurity or private cloud hosting, a good MSP doesn’t only provide a mere lifeline for your business. Rather, a managed services provider should prevent attacks and disruption.

Partnership with proven IT consultants and solutions gives you predictable costs in a scalable and adaptable framework.

Why choose an outsourced IT service? An information technology scramble can feel similar to a panic attack. If you fall behind on patches or updates, either on the software side or the hardware end of things, you open yourself up to ever-evolving threats. One of the great benefits of managed IT services is lower risk, and this means increased stability for your IT budget. Furthermore, you can know your investment brings your business the top solutions available to your industry.

Your partnership with a consulting firm of technology experts gives you talent aligned with your unique needs. Service level agreements define the relationship and the commitment. An MSP partnership acts as your metronome, meaning your technology is predictable and always set at the pace you’d like to keep.

Advanced technology means the sky’s the limit for business growth and success.

If your heart’s wish is to be a Boeing or a Lockheed Martin but you only have 100 employees to set your pace, rather than 100,000+, then partnering with an MSP levels the playing field by integrating advanced technology early in your game.

Why not implement advanced IT solutions in-house?

Malware is the tip of the spear in cyberthreat management, and compliance goes far beyond CMMC or HIPAA. MSP consultants let you focus on core business initiatives, while your outsourced resources reduce risk at lower monthly costs than if you’d solo the challenge. Especially if you’re caught in a cycle of break-fix services, you know how unpredictable technology can be, and managed services takes all the worry out of IT.

An MSP opens your doors to highly qualified, certified and experienced IT technicians, engineers and architects. In the end, your managed services provider holds the responsibility of keeping your technology competitive and secure. New solutions can be implemented while you’re thinking about future products and new customers.

With cloud solutions on the rise, you can stay above the storm by utilizing a team specifically trained for virtualization. You can work in Loveland, Colorado (home to the EstesGroup headquarters), or you can work from any airport or hotel or office building in the nation.

Benefits of managed services for cloud solutions

Advanced persistent threats are moving businesses into the secure lining of cloud technology. Moreover, the cloud provides the most economical long-term infrastructure to scale your business. New challenges to data management surface daily. Cloud services prevent revenue loss by keeping you up-to-date and secure. Cloud-based IT circumvents natural disasters and human errors. Across systems and devices, your backups and your real-time data are secured against ransomware and other malicious attacks. This is especially true when considering complex cloud ERP architecture.

Due to complex sync and share capabilities, workers are empowered through remote enablement, including virtual office deployment. As a result, your business is keeping pace with new, mobile technology. Meanwhile, your sensitive information and valuable business assets (the heart of your business) are secured by SECaaS (security as a service) in the cloud. Remote monitoring keeps track of your hardware and software for you. With telemedicine on the rise, a managed services company enables privacy protection that exceeds regulations like HIPAA (Health Insurance Portability and Accountability). Unquestionably, the cloud makes compliance cost effective, and your in-house IT team is free from monitoring new governance and regulation.

EstesGroup tailors managed IT services through solutions that meet everything from basic needs to advanced requirements. In addition, our EstesCloud managed services provide private cloud hosting to support advanced IT needs, and we call our hosting platform ECHO. Our data centers protect sensitive data. Our IT services division is headquartered in Loveland, Colorado, but we have happy clients throughout the nation. Please ask to speak to them. EstesGroup also leverages the benefits of managed IT solutions with enterprise resource planning.

Learn more about managed IT

Learn more about what it means to be an MSP (Managed Services Provider) by chatting with us today. EstesGroup can Monitor, Protect, and Serve your business. See why companies choose managed IT by asking to talk to our happy customers.

How to Stop Social Engineering Attacks

by EstesCloud | Oct 16, 2020 | Cloud, Managed IT Services, Network Security, Security

Cybersecurity in the Ballot Box, the Bistro and the Bedroom

October is National Cybersecurity Awareness Month, a time when organizations across America join together to educate the public about cyberthreats like social engineering (especially phishing attacks). This year, it’s also the last full month to decide your vote for the 2020 election. As citizens consider the future of our country, we see the tech giants coming together to prevent election crime, while tech users struggle to keep up with device security. With online fraud on the rise, how do you know your business is protected from a cyberattack, especially when considering advanced techniques like social engineering?

How to stop social engineering attacks with access, login, passwords, security

Digital integrity continues to drive decisions in both the public and private sectors. Your online presence creates data that can be used to influence you. How many times have you seen an ad in your web browser and thought, “How in the world!? I was just thinking about that!” Because everything we do online can be tracked, documented, exchanged, and sold, we need to be aware of the risks. However, there’s no need to fear for your online safety. Our security consultants can quickly scan the dark web to see if your data is in the wrong hands.

National Cybersecurity Month comes to us from organizations that promote assertiveness, rather than paranoia. We don’t have to be afraid of our connectivity or our devices. On the contrary, we need to embrace them holistically and attentively (and with a little help from the cybersecurity experts).

How to stop social engineering attacks at work and at home

Do Your Part. #BeCyberSmart.

Home Connectivity: This week’s cybersecurity awareness theme is “Securing Devices at Home and Work.” When reviewing the year, did you spend time working from home? Did you have children suddenly in Zoom classes, rather than in a traditional classroom? Did you have the resources you need (virus, malware, and ransomware protection) to stay safe online?

Business Technology: Your business couldn’t operate without digital interactions with devices outside of your office walls. Furthermore, your business can’t operate without a dedicated plan for protecting employee and customer data. How do hackers get into your system? Common external penetration methods include baiting, phishing, and spear phishing.

Baiting: Curiosity killed the network

First of all, baiting attacks can begin with hardware or with software. For example, a hacker can leave a corrupted flash drive on your desk, and the attack begins with the physical action of a user plugging it into a laptop and then clicking through files that install malware throughout the system. How to stop this social engineering technique from attacking your business begins with employee cybersecurity awareness training.

October is a perfect month for bringing in external cybersecurity resources to help bolster your team. To begin, we can provide system assessments that surface hacker access points. Then, our engineers can test your users. For example, our security technicians can engineer a scareware drill to make users think they’re clicking to patch, when really they’re getting tricked into a click. If your employees understand the various forms of baiting, then you can prevent a data breach.

Phishing: The one that got away

Did you ever see a prompt to “click here” or “download now” from an email that was obviously fake? In the past, phishing emails were more obvious. A strange font or a missing signature was clue enough. Unfortunately, advanced social engineering technology now lets a cybercriminal twin a real user’s software behaviors.

Because phishing is the most common social engineering tactic, NIST recently developed the Phish Scale, a cybersecurity tool that helps businesses surface network vulnerabilities by assessing cues, click rates, and user interactions in regard to phishing email difficulty levels. This new method of testing phishing attempts assists cybersecurity experts by evaluating spoofed emails through advanced data analysis. CIOs, CISOs, and other technology experts can use this tool to optimize phishing awareness and training programs.

Spear Phishing: In IT together

Often, a phishing email comes to your inbox addressed specifically to you but without personal information as part of its composition. Therefore, signs of imitation are more easily observed. “Click to download” prompts hesitancy if the email comes with a generic invitation.

When an email comes through with more personalized data, like a personal email signature or an attached thread of coworkers, it can trick you into thinking the sender is legit. In this case, a hacker follows the digital footprints of a user and engineers that data to create a personalized phishing attack. Think of this as the Shakespeare of social engineering, and the play is written for you and with you as the inspiration.

When organizations create security strategies in an effort to prevent social engineering attacks, phishing prevention is always a sign of a thorough plan. When considering phishing emails, keep in mind that malware can stay undetected in a system for months before the IT department discovers the penetration. Spear phishing can prompt a sly malware that quickly infects an entire network.

Vote to Stop Cybercrime

At EstesGroup, we know how to stop social engineering attacks from harming your business. Furthermore, we know how to take the worry out of IT (with managed IT). Protecting everything from saved credentials to individual clicks, our cybersecurity experts defend your business while you do the work you love. Do your coworkers need practice in recognizing the fraudulent behaviors fueling social engineering attacks? October is a perfect month to initiate new security policies and procedures, and to test your cybersecurity plan.

EstesGroup is a 2020 National Cybersecurity Awareness Month Champion. We provide the most secure cloud solutions available to businesses. Read more about National Cybersecurity Month at the National Cyber Security Alliance (NCSA) or at the Cybersecurity & Infrastructure Security Agency (CISA).

Phishing prevention is a challenge even for tech companies. Our information security tips can help you avoid a data breach. Talk to our cybersecurity experts today about how you can protect your business.

Private Cloud Solutions For Businesses Webinar

5 Ways to Secure Remote Workers & Keep Your Data Safe

by EstesCloud | Aug 26, 2020 | Cloud, Managed IT Services, Network Security, Security

Cybersecurity: On-site and Remote

Cyberattacks can’t stop us from developing new technology solutions. As a result of the pandemic, 2020 increased the demand for ways to secure remote workers, devices, and networks. The numbers aren’t in yet, but some reports are claiming that 1 in every 5 workers will continue on with remote access to corporate data, and others are saying nearly 100% of workers will now operate outside of business campuses in one capacity or another. Fortunately, there are emerging cyber security solutions, including new ways to secure remote workers, in the woods or in the halls.

Ways to Secure Remote Workers via BYOD

Ransomware isn’t a person you can meet on the street. Or a monster. Or a beast. The cyberthreats we face often feel nebulous, confusing, and perhaps a bit mythical to even the most uneventful personalities. The BYOD (bring-your-own-device) culture that’s boomed as a result of social distancing immediately increased the need for more sophisticated approaches to cyber warfare. The digital landscape is infected. New threats emerge daily as cybersecurity experts rush to cure compromised users before attacks infiltrate national and global networks.

Fortunately, there are many ways to secure remote workers via BYOD-based endpoint security solutions. When dealing with remote devices, our cyber security consultants like to view circulating threats as something other than human. If you see a computer virus as a weapon, then you realize how easily dark web tools can be exchanged. For instance, a malware program is bought and sold like a set of knives. Therefore, we hunt for the knives, rather than focusing on an elusive hacker.

Malware spreads in milliseconds, often without the direct influence of people, and can take months to detect. Likewise, cyber threats often become a hidden danger that eventually attacks your entire network. For instance, you might unwittingly share it with your supply chain because you don’t know it exists. Your malware isn’t a malcontent in a hoodie. It might begin with a human, but it jumps devices without direct guidance, as initially programmed to do, often causing more damage than the cybercriminal expected.

Security measures involve many layers of cyber defense, especially when addressing remote connections:

Power in the Layers: This includes keeping your hardware strong and your network patched. Look for renowned technology solutions. Duct tape and magnets? Raspberry Pi backups? Look for the latest cybersecurity tools and save old tricks for the treehouse.
Monitor the Monitor: A secret code is no longer enough. A username and a password was never enough, so we’ve developed advanced monitoring and management solutions for your business. Watching the watcher keeps your data on watch for on-guard and on-time productivity.
Party with Your Partners: Celebrate your digital serenity with the calm crew of a trusted technology firm. The right managed IT alliance complements your core team, toasting cyberthreats so you have time for a toast.
Click-a-Little-Talk-a-Little: Train your team to be careful with clicking tendencies and to communicate about potential harm to your data.
Question Everything: Question us, question your team, question every click and download. Fill your day with virtual pauses, staying alert to cyber risks. Continually learn new ways to protect remote workers.

Your online safety is dependent on secure interactions

Your financial data, your business strategy, your critical tasks and personal stats are all under attack. How can you keep everything secured when the digital landscape is always shapeshifting? As your business grows more complex, perhaps depending on a complicated software like an Epicor ERP system, how do you keep IT remotely safe? AI and automation create worlds of benefits for businesses, but these new technologies get in the hands of nefarious hackers, and suddenly your entire social chain, the very vitality of your company, is at risk. The new ways of protecting remote workers won’t help you unless you stay on top of emerging threats. Fortunately, our IT security experts can install the best SaaS (security-as-a-service) solutions for your business, including private cloud hosting protections for remote networks.

Are you looks for new ways to secure remote workers?

Take our quiz to find out if you’re keeping your friends and colleagues safe.

Learn about the security of private cloud

Social Engineering Techniques: How Hackers Come Home

by EstesCloud | Aug 5, 2020 | Managed IT Services, Network Security, Security

Time to Learn Social Engineering Techniques

WELCOME HOME, MALWARE

TIME TO MAKE YOURSELF AT HOME

Human manipulation fuels social engineering techniques, and basic security measures, like anti-virus software, often can’t prevent innocent behaviors, like trust, from compromising your data. Hackers frequently penetrate corporate networks because employees open the door. Necessary to break the trust-manipulation cycle, advanced security solutions can detect, and even predict, social actions that lead to system infiltration. Advanced attacks that use subtle social engineering techniques often come and go without a trace, so how do you prevent sophisticated attackers from making themselves at home in your business?

A hacker’s “Welcome Home” sign might be on an open Wi-Fi network, or it might be on your personal computer, or even your phone. A social engineering attack taps into your life in a way that can feel “like home” to you. Soon, the person you trust takes over your “house” of data, and this can be at both home-life and corporate-life levels, at the same moment, since you might integrate work and home through the use of your mobile phone, laptop, smart watch, tablet (maybe even through a Wi-Fi enabled coffeemaker).

If you leave your doors unlocked, people might crash in your digital living room even while your computer is sleeping. If you have dozens or hundreds of employees, each human presents at least one door to your data. Multiply this by the average number of devices employees utilize for work optimization (desktops, laptops, mobile phones, tablets, smart televisions), and you’ll see that your business has hundreds of thousands of access points.

Businesses naturally have an “open door” culture. You want new clients. You want good growth and reputation to result from your offerings, and this means you have to interact with strangers on a daily basis. Stranger danger? Not if that stranger has the potential to become a favorite customer. This is why it’s critical to understand the nuances of social engineering techniques (or partner with a managed IT team that does).

Because companies leave their virtual doors open, they attract attacks that utilize simple social engineering strategies (no hacking genius required). Detecting these nefarious online behaviors often takes advanced cyber analytics, and preventing data breaches begins with training based on what is known about these cyberattack strategies. Flexible managed IT plans help businesses outsource specialized tasks in their cybersecurity plan.

Here are 3 ways hackers let themselves in and make themselves at home in your network:

Phishing

32% of security breaches begin with phishing attacks. If someone knows your email address, then you can receive a phishing email. How do you prevent these attacks when you’re a business owner constantly giving your email address to strangers? If you do any of the following behaviors, you’re at increased risk of a phishing attack:

You exchange business cards at conferences, trade shows and other social gatherings.
You publish your contact information on your website or on online social networking pages.
You use email to communicate with your employees, partners, customers and potential clients.
You respond to emails quickly, often overlooking small details in the delivery structure.

Exchanging

Save money. Save time. Download free software. Fill in a form or upload your business card and get free information. The bliss of the internet is free exchange. You can hop from one website to another, learning for free and networking for free, all from the comfort of your sofa, saving time and travel expense. Sadly, the risk of “free” malware comes with every exchange that happens in our connected online world. If you do any of the following online activities, you’re at increased risk of a social engineering attack:

You skip the fine print and click the download button before reviewing terms, agreements and privacy policies.
You see a website you like with content you want, so you freely give your name, address, phone number, and maybe even your employment information, in exchange for a download.
You download free apps and sign up for free trials.

Spying

Hackers often look over your shoulder to get the information they need to access your data. You might be at a coffeeshop talking to a friend while your unlocked phone sits cup-side. Maybe your phone is also on open Wi-Fi, leaving multiple open doors into your private life. E-espionage often happens at the places you love — your favorite deli, your downtown square — tranquil places, where you don’t feel a sense of vigilance. You are at risk of becoming a social engineering attack victim if you do any of the following activities:

You leave your laptop, phone, or tablet on the table when you see your friend in line at the coffeehouse and get up to say hello.
You turn password access off on your phone so that you don’t have to unlock it later.
You use public Wi-Fi networks.
You have the same password for multiple accounts so that you’ll always remember your login credentials.

If you got through these lists without a hitch, then you’ve taken the right steps to prevent social engineering techniques from ruining your life with ransomware. Unfortunately, the hackers could still carry you over your own threshold. Why? Because as soon as you add coworkers or friends to your contact list, and as soon as you begin to communicate using your devices, you introduce new risks. Because of the likelihood of a cyber security breach, you should always check your backups for malware, and always have a solid disaster recovery solution in place.

Learn how to secure supplier portals and other links along the cyber chain against the latest & greatest social engineering techniques.

Request a free consultation on cybersecurity best practices for manufacturers. Please chat with us now and our team will get you a complimentary technology assessment with our security experts.

EternalBlue Hacks & Tales from the Unpatched (Video)

by EstesCloud | Jul 22, 2020 | Managed IT Services, Network Security, Security

EternalBlue, which is an ancient set of hacks — ancient: going back three years — is still applicable, especially in regard to some of the technology and vulnerabilities that we are seeing today. EternalBlue is a software that the NSA developed to hack Windows machines. The goal was to break into a computer (without telling the owner “someone’s there”) — and then run a software of choice. Windows contains more than two millions lines of code, so nobody, even at Microsoft, really knows what it’s all doing, and vulnerabilities are found every day. EternalBlue hacks targeted some of those vulnerabilities.

Running Windows makes you vulnerable by default. Linux, Mac, Android, iPhone — they’re all vulnerable because we’ve reached the state of complexity in the operating systems that we choose to run that it’s just a matter of time before new ways are found to break into these systems. Online trickery happens, and people download malware thinking they’re getting a good piece of software. For example, there was once a program called Whack-a-Mole. It was known to have a Trojan in it, so if hackers were able to convince you “hey, this is the coolest game in town,” then your machine would be infected. When hackers are trying to break into a machine, whether through a means like Whack-a-Mole or through an EternalBlue hack, they’re trying to do it surreptitiously, invisibly. They don’t want you to know because, if you knew, you might do something like reboot. This led the hackers to ratchet up what we call the “persistence” of malware, so that maybe it could survive a reboot.

If you’ve ever had a browser toolbar appear in Internet Explorer, or Chrome or Firefox or Edge, or any other browser, that toolbar probably has the rights to see wherever you’re surfing and modify the webpages that you get back, and can even interact with you. A toolbar is a very visual indicator that “you’ve been hacked.” Is that toolbar interested in stealing your passwords and learning your PayPal login and modifying what you visit and how you see it? Maybe, maybe not. But it’s an indication that you’re running untrusted software. Going out to the web and downloading a piece of software because it looks interesting is almost a guaranteed way to get hacked.

WannaCry

Malware programmers write apps, publish them and they get downloaded, and in the background there’s a malware stealing passwords, modifying webpages, looking at your identity — those are all activities I would consider hacks — and that’s what EternalBlue is. In short, it leverages a vulnerability that the NSA found in the Microsoft SMB protocol. They found that if they hurled a packet that was the right size in the right shape, it would shove a square peg into a round hole, and the round hole wouldn’t know what to do, and so it would execute a buffer overflow attack. Windows wasn’t expecting a square peg in a round hole, so it would trip, fall down, and execute code of the attacker’s choice. EternalBlue hacks took advantage of a “round” Server Message Block (SMB) hole, and as that SMB failed, it could run a Trojan, or blue screen a computer, or download a piece of malware.

Less than thirty days after EternalBlue got into the hands of cybercriminals, a nasty bug called WannaCry was released to the world. It made you want to cry because it was ransomware. It used EternalBlue as the delivery exploit, so as soon as WannaCry got a foothold inside a corporate network, it would jump from machine to machine to machine and ransom. By the next year, EternalBlue hacks had cost companies and industries billions of dollars, and 65 countries have fallen to EternalBlue’s vulnerability and have been ransomed or hacked in some fashion. Why? Because even after Microsoft released a patch, millions of computers were unprotected because people didn’t patch.

Patching… and more than patching

Cybercriminals are continually waiting for time, opportunity, and tools to be able to successfully hack into your system. To prevent it, we do a number of things. We patch our machines, we turn on our firewalls, and we don’t let people be local administrators. We make sure our antivirus is current. But we need more than antivirus because hackers now have toolkits to program custom malware. They don’t have to know about EternalBlue hacks if they have a malware toolkit. These toolkits change malware by a byte or two bytes, which changes the signature of the program. As a result, the antivirus software, which is looking for signatures, can’t detect the malware. This designer malware is specifically written for a particular company. The malware is one-of-a-kind and still does the same EternalBlue exploit. Because of this dark web exchange of malware toolkits and designer ransomware, more robust cybersecurity measures, like endpoint security, are needed to keep our businesses safe.

IF Only Tech Time

Fridays – Noon (MT)

Answers to all things about IT

IF you did miss IT… did you miss IT!? No worries!

Watch a tech talk here!