MSPNetworks Blog

There is an entire litany of stereotypes that are commonly linked to the term “hacker”… too many for us to dig into here, especially since they do little but form a caricature of just one form that today’s cybercriminal can take. Let’s go into the different varieties that are covered nowadays under the blanket term of “hacker,” and the threat that each pose to businesses today.

To give this list some semblance of sensible order, let’s go from the small fish up to the large players, ascending the ladder in terms of threats.

The Ethical Hacker

First and foremost, not all hackers are bad. Certified Ethical Hackers are high-profile cybersecurity experts that are designed to think like a cybercriminal. They can be employed to determine how secure your organization is. 

The Unintentional Hacker

We all make mistakes, and we can all get a little bit curious every now and then. Therefore, it stands to reason that this curiosity could get people into trouble if they were to find something—some mistake in its code or security—on a website. This is by no means uncommon, and the question of whether this kind of hacking should be prosecuted if the perpetrator reports their findings to the company has been raised by many security professionals.

Regardless, if someone can hack into a website without realizing what they are doing, what does that say about the security that is supposed to be protecting the website… or, by extension, a business’ network? Whether or not you take legal action, such events should never be glossed over and instead be addressed as growth opportunities for improving your security.

The Thrill Seeker

Each of the hackers we’ll cover here has their own motivation for hacking into a network. In this case, that motivation ties directly back to bragging rights (even if the hacker only ever brags about it to themselves). While these hackers were once far more common, the heightened accountability and legal consequences that such behaviors now bring have largely quashed the interest in such hacking. Many of those that would have once been interested in this kind of hacking are now focused on modifying hardware over software, turning to interest-based kits like the Raspberry Pi and others to scratch their “hacking” itch.

The Spammer

Adware—or a piece of software that hijacks your browser to redirect you to a website hoping to sell you something—is a real annoyance, as it wastes the user’s valuable time and energy. It also isn’t unheard of for otherwise well-known and legitimate companies to use it in their own marketing, despite the risk they run of having to pay regulatory fines due to these behaviors.

While the real damage that adware spamming can do may seem minimal, it is also important to put the nature of these efforts into perspective. An adware spammer will use the same tactics that other serious threats—things like ransomware and the like—are often spread through. If you’re finding your workstations suddenly inundated with adware, you are likely vulnerable to a much wider variety of threats than you might first assume.

The Botnet Recruiter

Some threats to your network aren’t even technically directed toward your business itself. Let me ask you this: would you see it as a threat to have your computing resources taken over and co-opted for another purpose? After all, the result is effectively the same as many more directly malicious attacks—greatly diminished productivity and efficiency.

This approach is quite literally how a botnet operates. Using specialized malware, huge numbers of otherwise unassociated machines can be taken under control and have their available resources directed toward some other means. A particularly famous example of a botnet’s power came just a few years ago, when a botnet was utilized to disrupt the services of Dyn, a DNS provider. This took popular websites like Twitter and Facebook down for several hours.

Missing or neglected patches are one of the simplest ways for a botnet to claim your resources as its own—particularly when login credentials haven’t been changed.

Hacktivists

While political activism can be a noble cause, the hacktivist goes about supporting their cause in a distinctly ignoble way. Operating in sabotage, blackmail, and otherwise underhanded tactics, a hacktivist that targets your company could do some serious damage—despite the good that most of these groups are truly attempting to do.

Of course, the law also doesn’t differentiate between different cybercrimes based on motive, making this form of protest particularly risk-laden for all involved.

The Miners

The recent cryptocurrency boom has seen a precipitous uprising in attacks that try to capitalize on the opportunity, using tactics that we have seen used for good and bad for many years now. Above, we discussed the concept of a botnet—where your computing resources were stolen to accomplish someone else’s goal. However, the practice of utilizing borrowed network resources is nothing new. The NASA-affiliated SETI (Search for Extraterrestrial Intelligence) Institute once distributed a screen saver that borrowed from the CPU of the computers it was installed on to help with their calculations.

Nowadays, cybercriminals will do a similar thing, for the express purpose of exploiting the systems they infect to assist them in hashing more cryptocurrency for themselves. The intensive hardware and utility costs associated with mining cryptocurrency often prohibit people from undertaking it on their own—so enterprising hackers will use their malware to find an alternative means of generating ill-gotten funds.

The Gamers

Despite the dismissive view that many have towards video games and their legitimacy, it is important to remember that the industry is worth billions (yes, with a “B”) of dollars, massive investments into hardware and hours poured into playing these games. With stakes that high, it is little wonder that there are some hackers that specifically target this industry. These hackers will steal in-game currency from their fellow players or launch their own distributed denial of service attacks to stifle the competition.

The Pros-for-Hire

The online gig economy has become well-established in recent years—where a quick online search can get you a professional to help you take care of your needs, whether that be for childcare or for car repairs or any other letter of the alphabet. Similar services exist for directed cybercrime efforts as well.

Using a combination of home-developed malware as well as examples that they’ve bought or stolen themselves, these professionals will license out their services for a fee. Whether it’s a governmental body seeking sensitive intel or a business seeking to undermine a competitor, these mercenaries can pose a significant threat against anyone who lands in their crosshairs.

The Thief

On a related note, a lot of modern cybercrime is simply a digitized version of crimes we have seen in years past. Without another stagecoach to hold up, highway robbery has simply been shifted to the information superhighway, the stick-‘em-up translated to ransomware, dating scams, or denial-of-service attacks. The overarching motivation behind most of these efforts is simple: illegitimate fiscal gain.

The Corporate Crook

Corporate spying is a decidedly more direct version of the pro-for-hire trend that we discussed above, where a hacker will target a business’ documents and resources to help their competition in any way they can. While there may not be honor among thieves, there can be amongst the businesses that these thieves will try to sell stolen data to, as some companies have reported the theft after being approached.

The Nation State

Finally, we come to perhaps the biggest threat out there to many: massive teams of professional, government-employed hackers working to undermine the operations and machinations of other nations—both in their governments and their industries. This is generally intended to put the other nation in a diminished position should hostilities ever erupt.

If you remember the 2014 satirical movie The Interview—and more pertinently, the hack that Sony Pictures suffered in retaliation for the film—you’re aware of a very recognizable example of this kind of threat actor.

Clearly, the idea of a hacker that so many have is far too minimalistic to be relied upon anymore… especially if you’re staking your company’s cybersecurity preparedness on it. That’s why MSPNetworks is here to help. Our professionals are well-versed enough in best practices to help prepare you to deal with a much more realistic cyberattack. You just have to reach out to us at (516) 403-9001 to get started.

Chances are, you not only have a smartphone, but that smartphone is also currently within arm’s reach. With these devices playing an increasingly important role in our personal and professional lives, these devices have proven to be a lucrative target for hackers to pursue. This week, our tip is meant to help you spot the warning signs that an application is hiding an attack.

Too Many Permissions

As careful as so many are with their data security, mobile applications can be a glaring blind spot. While access to certain files on the phone is required for certain applications to function, other applications should have no need for the data they request. Each application you use should have its requested permissions evaluated, and should one ask for too much, you need to reconsider using that app. This is also one of the reasons it is important to only source your applications from an established applications store—these app stores are vetted and regularly reviewed to catch malicious apps.

Battery Loss

Time for a basic physics lesson: the first law of thermodynamics states that the amount of energy in the universe is a set amount. This means that energy cannot be created or destroyed, only converted to a different form. While the battery in your phone is an imperfect example of this, the theory stands: if you don’t use it much, the phone should remain charged. So, if your phone suddenly drops in battery life seemingly without explanation, that’s a bad sign.

Malware could be the explanation you’re looking for. Running in the background, some mobile malware will collect assorted data. To find out which applications are responsible, it helps to check how much power different applications consume in your battery settings.

Passwords Stop Working

So, you type in your password, just as you always do, and press the enter key. Incorrect password. Whoops, you must have hit two keys at once or something, so you type it again. Incorrect again. Again and again, you type your password, making sure it is perfect, only to have it kickback.

This is an almost sure sign that your account has been taken over and your credentials changed. Reclaim the account if you can and reset passwords for all your accounts using best practices. It may also be wise to restore your device entirely from a backup to wipe any malware that may have been lurking.

MSPNetworks can help your company manage its entire technology infrastructure, down to the mobile devices that we so commonly see. Learn more about what we can offer you by calling (516) 403-9001.

The threat landscape is filled with more types of malware than ever. To keep your business’ network running effectively, it’s important to have a strategy to keep malware out. Today, we’ll talk about a few basics you should know to keep your cybersecurity strategy working properly.

Under A Thumb

Are you aware that there are readily available websites that are strictly devoted to providing the default factory passwords for devices of all types? With these passwords, and a little bit of knowledge about what hardware you have, people could access your network easily?

To combat this, you need to think about every single access point your business has and lock them down. Once they are locked down, you will also need to secure your online accounts and your physical location’s access points. To do this you should take time to document all of your network’s possible entry ways and do what you need to do to secure them. You can do this by ensuring that every access point is secured with different passwords (and two-factor authentication where possible).

Keep Your Antivirus Updated

The antivirus solution you use keeps out unwanted entities. But what happens when malicious entities aren’t recognized by the antivirus solution? That’s right, it passes right by, infiltrating your network. To avoid this scenario, you will want to ensure that your antiviruses, antimalware, and firewalls are all updated with the latest threat definitions. 

Keep a Backup

Most importantly, you may think you are in control, but it only takes one thing to slip by your defenses to complicate things. That’s why you will want to keep routine and periodic backups to ensure that if something does happen that you can restore from backup quickly and get back in business fast. 

Remember all it takes is one. MSPNetworks staff's professional technicians versed in the best practices and protocols of comprehensive data and network security. To talk to one of our knowledgeable IT experts about securing your business, call us today at (516) 403-9001.

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At MSPNetworks, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (516) 403-9001.

If you own an Asus laptop, there is a chance that a recent update could have installed malware, and we are urging anyone who has an Asus device reach out to us to have it looked at.

Numbers are still coming in as far as how widespread this issue is. As of Monday, cybersecurity firm Kaspersky Lab said potentially thousands of Asus computers were infected, but on Tuesday that number has potentially broken a million.

How Could My Asus Laptop Get Hacked?

This type of attack is called a Supply-Chain Compromise and is one of the most frightening kinds of cybersecurity threats out there. Asus’s software update system was compromised by hackers, putting a backdoor into consumer devices. The scariest part is that this backdoor was distributed last year and it’s just being noticed now.

The good news is this has given Asus plenty of time to plug up the security holes on their end, but if you own an Asus device there is still a chance that it is infected with malware from the initial attack.

What Do I Do Now?

First and foremost, no matter what brand of computer or laptop you have, you need to make sure you have antivirus, and that antivirus needs to be licensed and kept up-to-date.

If you have an Asus device, Asus has released an update in the latest version of their Live Update Software. They’ve also patched their internal systems to help prevent similar attacks from happening in the future. You’ll want to make sure you have Live Update 3.6.9 installed.

Asus has also released a security diagnostic tool that will check your system to see if it has been affected. Click here to download the tool.

We HIGHLY encourage you to reach out to MSPNetworks if you are running any Asus hardware. It’s better to be safe than sorry.

A lot is made about antivirus as a part of a comprehensive network security platform, but how does the system really work to eliminate threats? Today, we will take a look at an antivirus solution to show you how it goes about removing unwanted files and other code.

Your Technology May Fail, but You Can Still Succeed

Monday, 26 November 2018

Ricky Marine

MSPNetworks Blog Technology

If you’ve been in business for a while, there are devices on your network that see little to no use. Even for the most frugal business, due to the fact that technology eventually winds up being arbitrary thanks to the continued development (and deployment) of more powerful solutions, there will always be situations where you have devices that do nothing but take up space. You can reduce the chances of this happening by finding the right IT for the job the first time, while sparingly implementing only IT solutions that will provide a return on your investment.

If you’re trying to determine whether or not a piece of technology will help your business, you’ll first have to figure out how the technology will affect your product or service. If you think your business can properly utilize the technology to create more opportunities and improve efficiency as a whole, then it’s clear what you must do. On the other hand, if the solution doesn’t offer you obvious benefits, you’ll have to put more thought into whether or not you’ll actually want to implement it. An IT provider or technician can be of great benefit in this regard--especially when you’re facing IT troubles.

We’ll discuss some of the technology that you’ll find in today’s business environment, as well as when you know it might be on its way out.

Server Hard Drives
Your business probably has at least one server unit on-premise which relies on hard disk drives (HDD) in order to accomplish various tasks. These tend to last around three-to-five years, but they will also showcase various signs of failure before it actually strikes. Here are some of them:

• The drive is making strange noises (clicking, whirring, humming).
• Repeated crashes and software errors.
• Repeated disk errors.
• Strange computer behavior.

Keep in mind that these signs of trouble can also apply to just about any device that utilizes a HDD. Many computers these days have moved in the direction of solid-state drives (SSD) due to the plethora of benefits they provide, but they are constructed in a fundamentally different way. Monitoring them is the best way to ensure they don’t prematurely fail and cause a world of trouble for your organization. MSPNetworks can help you accomplish this in an easy and affordable way that won’t break your bottom line.

As far as some telltale signs of a failing SSD, here are a couple to think about:

• Recurring error messages
• Files that can’t be written or read
• Frequent crashes during the boot phase

Upgrading your hard drives and solid-state drives periodically can help you ensure minimal damage in the long run, but we always recommend having a quality data backup system in place as well to minimize downtime and the costs associated with it.

Networking Components
Businesses that suffer from networking problems can have significant difficulty keeping operations progressing at a smooth rate. If your employees need access to data or the Internet to do their jobs, they will simply get paid to do nothing in the event of a downtime incident. If you are experiencing issues with staying connected to the resources needed to stay productive, perhaps you need to investigate the issue at the source of the problem--either your router or the service provider.

Of course, it could also just be an internal networking issue, but this isn’t always easy to diagnose. If your business needs assistance with rooting out the cause of networking problems or inconsistencies with your IT infrastructure, MSPNetworks can help. To learn more, reach out to us at (516) 403-9001.

Tags:

Business Solutions Hardware Failure Malfunction Malware Security

0 Comments

Continue reading

Tech Term: Zero-Day

Wednesday, 07 November 2018

Ricky Marine

MSPNetworks Blog Security

You might hear the term “zero-day” when discussing security threats, but do you know what they actually are? A zero-day threat is arguably one of the most devastating and dangerous security issues your business could face, and if you’re not prepared, they could be the end of it.

Before anything else, it’s critical that you understand what makes the concept of a zero-day threat so terrifying. Vulnerabilities are flaws in software that can be used by hackers and cybercriminals to access important information or cause trouble. To do so, malware is used by the hacker, but they generally need an exploitable vulnerability to do so.

Defining Zero-Day Threats
Depending on how long a vulnerability is known by developers, they might have a timeline to resolve the issue by, provided that the attack isn’t currently being used by hackers to cause trouble for businesses. However, a vulnerability that is being used in the wild without a patch or update to resolve the issue means that developers effectively have zero days to respond to the issue without the threat of it being used by hackers.

Zero-day threats are often found by black-hat hackers rather than white-hat cybersecurity researchers who generally report threats to developers, so they can be patched properly. Under the most ideal circumstances, an update can be issued before criminals start to use the vulnerability to their advantage. Unfortunately, this doesn’t always happen, and hackers might be able to use these vulnerabilities.

Protecting Against These Threats
It might seem impossible to keep your business secure from zero-day threats, and to an extent, you’re right. The easiest and best way to keep your organization as secure as possible is to take proactive measures. This includes updating your business’ technology solutions as frequently as possible whenever a new patch or update is available. This ensures that you are as protected as possible when the moment does come.

One of the most interesting and notable trends regarding zero-day threats is how they are still successful after they have been turned into an n-day vulnerability. An n-day vulnerability is one that has been discovered and fixed, but if they aren’t resolved in time, a business can still be affected by them before long. The Equifax breach is a perfect example of this, as it was a vulnerability that had been discovered, reported, and patched earlier that year, yet Equifax failed to apply the patch on time.

All businesses need to consider zero-day threats a major problem, and if you don’t take proactive action against them now, you could be putting your business at risk. To learn more about how you can protect your business now, reach out to us at (516) 403-9001.

Tags:

Cybersecurity Malware Threats Vulnerability Zero-Day

0 Comments

Continue reading