6 Tips to Protect Yourself From Ransomware

Security,
30
Aug 2016

ransomware-expert-tips-featured Ransomware is a fairly new security risk, but one which is on the rise and it’s vital that you know how to protect your data from ransomware attacks.

I’ve covered ransomware attacks on this blog on a number of occasions and detailed the damage it can do to businesses. It’s a particularly nasty evolution for hacking and one which often leaves you no option but to pay the ransom to decrypt your data.

Obviously, no business wants to find itself in the position where it has to give in to the hackers’ demands, so prevention is the key. And to help you get your defenses more secure, I’m going to share 6 tips to protect yourself from ransomware.

Backup Your Data

backup_banner_resized

If your data becomes the victim of a ransomware attack then it may seem as though you have no option but to pay the attackers to release your data. However, the simplest way to reduce the damage in this instance is to ensure that your most crucial data is backed up offline. This can be as simple as backing up data to portable storage devices.

Create Strong Passwords

To cut hackers off early on in their ransomware attacks, it’s crucial that you ensure your systems are protected by strong passwords. Whilst you might think that no one is going to predict that you’ve used your mother’s maiden name, it’s relatively easy to hack this through brute force. To make this harder, you should add numbers and symbols to prevent the password being cracked.

Identify Suspicious Email Attachments

Shackleton-Phishing

The most common route for ransomware to infiltrate your systems is through seemingly harmless email attachments. And it’s important that your staff know what makes for a suspicious attachment.

In particular, emails which contain attachments from senders you don’t recognize should always be double checked. However, you need to be aware that people in your contacts list could be hacked and then used to distribute the ransomware, so vigilance is always important.

Disable Macros

Many ransomware attacks involve Microsoft Office documents which are loaded with malicious macros which allow backdoor access into networks. Thankfully, Office documents will always give you the option to enable or disable macros; if you suspect that anything about the Office document doesn’t seem right then disable the macros or, more simply, just close the document.

Install Patches ASAP!

Ransomware loves finding vulnerabilities in software and this underlines the importance of installing updates released by software publishers. It may seem a little time consuming – particularly when you need to shut down your system – but it’s essential that you install all patches immediately to provide you with maximum protection.

Shut Down Your Network

Once a piece of ransomware has breached part of your network it can spread very quickly. Therefore, the best course of action may be to simply disconnect your network. This may cause a huge disturbance to your businesses activities, but it may be less painful than compromising your data. With the spread halted, you can then investigate your options for decrypting any affected data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Rushes Patch for Printers on Windows

Office IT, ,
23
Aug 2016

c04386354 Even in this so called ‘paperless’ age, almost every business still uses a printer on a daily basis, but did you know that even these can get hacked?

Yes, printers are vulnerable pieces of hardware which can allow hackers to gain access to your systems. And this recent scare was all down to a vulnerability identified in the Windows Print Spooler server. Luckily, this susceptibility was identified and Microsoft quickly released a patch to nip this matter in the bud.

However, it’s a troubling scenario given that we’re not used to our printers being used as a back door for hackers to take control of our networks, so I’ve decided to dig a little deeper into the story.

Hacking a Printer

doom_printer_hack

When a new printer is installed, the files required will be downloaded from the Windows Print Spooler server to get the printer up and running. Usually, the correct files will be downloaded and everything will go smoothly. However, Microsoft discovered a critical flaw which meant that Windows would not handle the installation correctly and this would lead to users not connecting securely to their printer.

This would leave a gap in security which would allow hackers to gain unauthorized system privileges and install their own malware files on users’ systems causing all kinds of security issues. There would also be the opportunity to carry out what’s known as a Man-in-the-Middle Attack which would allow the hackers to take control of information being transmitted by the infected PC and alter it.

Perhaps the most damaging effect of an attack like this is that printers tend to be behind firewalls, so any malicious activity would go unnoticed. What’s particularly worrying about this is that large numbers of PCs are usually connected to a printer, so the potential for infecting other PCs becomes greatly magnified.

Is Windows Secure?

Windows-10-Security

This vulnerability in Windows is particularly embarrassing for Microsoft given their high profile security hiccups recently such as a lack of WiFi security, so this latest threat doesn’t instill confidence in Microsoft’s approach to security. To make matters worse, this recently discovered flaw is an issue which affects operating systems going back to Vista which was released 10 years ago, so a huge number of PCs are at risk.

And it’s not the first time that Windows Print Spooler service has been exploited, so it raises some important questions about how Microsoft continue to monitor security vulnerabilities once they appear to have been solved.

Make Sure You’re Safe

The most important step you can take in combating security flaws such as this is to install all updates as soon as possible. It only takes a few seconds for a hacker to gain access to your systems, so it’s vital you don’t leave that install until the morning.

With vulnerabilities which are built into operating systems, of course, you can’t really put any blame on the end users, but it’s crucial that users look out for the following activity:

  • In this particular case, the ability for the hackers to set up a rogue printer on the network presented itself, so any unusual printer activity could indicate a security issue
  • Systems shutting down of their own accord and any ‘File Installation’ progress bars suddenly appearing could be evidence of malicious code being installed

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Wendy’s Getting Hacked Teaches Us a Valuable Lesson

Security
16
Aug 2016

wendys-623x425

At fast food restaurants you know what to expect: value and speed. Fast food joint Wendy’s, however, has also been unknowingly serving up credit card fraud.

In the last week, Wendy’s has had to contact customers who have used their credit cards in over 1,000 restaurants. That’s nearly 1 in 3 Wendy’s restaurants and it makes for a huge number of affected customers.

Wendy’s are currently unable to tell just how many customers have been affected, but they do know that this attack was delivered by malware. Now, we all love a bit of a fast food, but we most certainly do not love cyber-crime!

And that’s why I want to show you what happened to Wendy’s and how your own business can avoid a similar situation.

Wendy’s Attacked

The hackers have been able to take control of Wendy’s point of sale (POS) systems which are comprised of the cash register and credit card devices. Although it’s not been discovered how Wendy’s POS systems have been compromised, it’s been identified as a traditional malware attack.

It’s believed that malware has been used to infect franchised stores through the theft of login credentials. This could, for example, be through phishing methods whereby information is extracted by employees through dishonest means e.g. spoof emails from head office requesting login details for “security checks”.

Whatever the method, it’s been successful enough for hackers to then access the POS systems and, potentially, take sensitive credit card information about every single card which has passed through the systems. And you’ve seen the queues at Wendy’s, so you know that’s a lot of credit cards.

Wendy’s was first hacked in January 2016 following unusual activity on credit cards which had recently been used at a number of Wendy’s stores. Similar attacks have intensified recently and this has led to Wendy’s having to release a statement on the situation.

Protect Yourself and Your Customers

wendy_s-e1468008491980

Your customers are your businesses lifeblood, so it makes sense that you want to protect them and their finances. And the first line of defense is your staff, so it’s crucial that they’re well versed in how to deal with any suspicious activity they may encounter.

Hackers, you see, are unable to deploy their malware if they’re unable to breach your system’s defenses. And, for most businesses, this will be the good old fashioned ‘username’ and ‘password’ combination. It’s a popular choice as it’s a difficult combination to crack.

Employees, though, can quite innocently slip up and fall prey to the deceptive and sophisticated methods of hackers.  However, an increasingly popular way to reduce the impact of compromised login credentials is to employ multifactor authentication. This provides additional walls of defense such as requesting a unique code which is emailed to an employee when they need to access specific systems.

Final Thoughts

Wendy’s isn’t the first fast food chain to have credit card details stolen, but it’s certainly the biggest so far and this will send out alarm bells across the industry. It’s a troubling cyber-attack and another one which highlights the importance of a strong front line defense. Multifactor authentication is certainly useful, but a concentrated effort towards recognizing initial threats is key.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Old Operating Systems Cause Security Risk for Hospitals

Network
09
Aug 2016

NEW YORK - SEPTEMBER 5: A nurse prints out an EKG monitor reading in the emergency room at Coney Island Hospital September 5, 2002 in the Brooklyn borough of New York City. The public hospital serves a large multi-ethnic patient population including many Russians, Pakistanis and Central Americans residing in the South Brooklyn area. The emergency room receives approximately 60,000 patients each year. (Photo by Mario Tama/Getty Images)

The smooth running of a hospital is paramount to its patients’ health, but what happens when malware is used to breach the hospital’s systems?

Well, a new report by TrapX reveals that we now know the answer and that it’s turning into a serious threat. The main cause appears to manifest itself in the lax security provided by outdated operating systems such as Windows Vista and Windows XP.

Now, not only is this a threat to hospitals, but, as we’ve covered before, also to any business which switches on a PC during their working day. Seeing as that includes pretty much every business on the planet, it’s crucial that you understand this security threat.

Security Attacks on Hospitals

windows-xp-hacked-avast-100250879-orig

By using malware which has the external appearance of being an outdated piece of malware, hackers have been able to smuggle in extremely new pieces of code which older systems aren’t capable of defending themselves against.

An old piece of malware is employed as the carrier for this malicious code because newer PCs would be patched and not consider it a threat. However, once the hackers deliver their payload, they’re able to exploit older PCs on the network.

For example, hackers were able to run malware which, whilst not affecting PCs running Windows 10, was able to take control of a radiation oncology machine powered by Windows XP. Obviously, this could cause huge healthcare issues, but, this time at least, the attackers were not interested in damaging the equipment.

Instead, the hackers used this vulnerability to create entry points into the hospital system which would provide access to highly sensitive data. And this wasn’t just an isolated case; the study by TrapX monitored three attacks on different medical institutes and has advised that these types of attacks are escalating.

Protecting Your Business from Legacy Attacks

Choose-Between-Windows-XP-and-Windows-Vista-Step-8

Legacy attacks, which are attacks exploiting older operating systems, are well known for attacking the healthcare industry, but virtually any business which runs an outdated piece of software needs to remain vigilant.

And, unfortunately, it’s commonplace for businesses to fall behind on software upgrades due to costs, downtime or just old fashioned mistakes. The most pressing ramification from this scenario is that developers of operating systems eventually stop creating security patches for these older systems.

For a hacker, of course, this presents them with one of the easiest attacks they’re ever going to carry out. Remember, hackers will not cut you any slack. If they can get in, they will get in through the easiest route possible.

This is why it’s vital that you ensure your computer systems are as up to date as they can possibly be. Install ALL updates as soon as you’re prompted as this will give you the best possible chance to block opportunistic hackers.

What’s most important, though, is to keep an eye on the operating systems behind all your hardware. Make it a point to carry out an audit every couple of months to evaluate the operating systems behind the hardware you’re running.

And, if a piece of hardware is no longer supported by newer operating systems, then it’s time to consider replacing it. Sure, for a while, the older operating system it runs on will continue to receive updated patches, but at some point they will stop and your protection will become rapidly out of date.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Tech Support Scams Are on the Rise

Security,
02
Aug 2016

We all rely on tech support at some point during our working week, but hackers are now using this as a front to scam businesses out of thousands of dollars.

It’s a scam which is becoming so widespread that the FBI have stepped up and announced that, in the last three months, close to two and a quarter million dollars have been stolen from businesses. These losses are the result of just over 3,500 separate incidents, so they can’t be dismissed as isolated incidents.

The actual scam involves hackers impersonating tech support teams and taking control of users’ PCs, so this is a very deceitful scam and one which we need to investigate.

Understanding the Scam

mac-popup-tech-support-scam

This latest attempt at swindling businesses out of money is a particularly clever one as it preys on the anxiety of computer users. Those affected find that they will receive one of the following prompts which all demand handing over remote access:

  • A pop up message which states that viruses have been detected on the PC and that it’s under attack. A ‘helpful’ phone number is then provided for that individual to contact technical support.
  • A telephone call from a tech support employee – usually with a foreign accent – who claims to have evidence that the PC is infected and sending out error messages. This tech support employee will claim that they can help resolve the attack.
  • A ‘Blue Screen of Death’ will be displayed which warns that the PC has become infected and that the PC user needs to contact a technical support number.

All these methods lead to direct communication with a shady individual who will request that any mobile devices are connected to a PC to carry out detailed security scan. Naturally, these ‘scans’ always reveal numerous viruses and a fee is then demanded to eradicate these viruses.

Resisting the Tech Support Scam

internet-computer-securityAs you can see, from the amount of money stolen so far, this is a very serious scam, so you need to make sure that your employees know what to do if they’re affected. Therefore, you need to communicate the following advice:

  • Make sure that all security software is up to date. There have been some reports that security software has given alerts just before these scams have been attempted online.
  • Once one of the suspicious pop up messages or Blue Screens of Death are received, the user should shut down their device straight away. This will usually clear the intrusive demands for action.
  • The hackers will try and instill a sense of fear and urgency to scare users into making quick payments, so users must remain calm and disconnect the call.
  • Users must avoid giving over any remote access to unauthorized individuals who are posing as tech support employees. Reputable tech support teams will never demand this sort of access.

Final Thoughts

It’s important that PC users are aware that hacking doesn’t always involve downloading malicious software. Sometimes, the age old act of deception can be employed to create a sense of fear which leads to people making snap decisions and losing money as a result.

If you have been affected by this particular scam then you should report it at www.ic3.gov

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More