2018 has been a year where malware, ransomware and data breaches have barely been out of the headlines, but what’s in store for cyber-security in 2019?

As long as there’s a digital landscape, hackers will continue to launch an array of attacks that take in numerous different techniques. And, most importantly, they will continue to evolve their methods to avoid detection and cause more damage to networks and the PCs on them. With this in mind, it’s perhaps the best time to take a look at the security trends which will be most important for your organizations defenses next year.

To help you get prepared for next year, we’re going take a look at some of the major security trends to look out for in 2019.

Backups will continue to be Crucial

With ransomware still remaining a prevalent and major threat to secure and essential data, backing up your data regularly and rigorously will be a vital task for all organizations. Backups may seem a costly affair in terms of budget and time, but it only takes one employee to fall victim to a ransomware scam for your entire network’s data to be compromised. And with new ransomware scams such as Zenis deleting backups, it’s essential that offsite and non-network backups are also held.

Coinminer Malware Remains a Threat

Cryptocurrency is still a lucrative business and mining for cryptocurrency continues to generate large amounts of cash. However, whilst this is perfectly legal and above board, the use of coinminer malware is far from legal or ethical. Due to the amount of processing power involved in mining for cryptocurrency, hackers are using malware to enslave PCs remotely and using their processor power to mine for cryptocurrencies. This form of malware has become harder to detect and more sophisticated throughout 2018, so expect it to evolve further in 2019.

The Hacking of IoT Devices will Increase

Close to 27 billion IoT devices will be connected in 2019 – an increase of nearly 3 billion compared to 2018 – so you can bet your bottom dollar that the number of attacks in this arena will increase accordingly. Unfortunately, many owners of IoT devices are still neglecting to change the default password to access these devices and this is giving hackers free rein to take control of them. Not only does the default password debacle remain an issue, but hackers are now designing malware to take advantage of vulnerabilities in IoT devices.

Security Training

Due to the threats already presented, security training will become paramount in 2019. As hackers evolve their methods of attack at a rapid pace, keeping your organization’s staff aware of these threats is one of the best forms of defense you can employ. Awareness training hammers home the basics of good security practices and you’ll find that these can also be used to combat the new threats which will no doubt go head to head with your security defenses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Defeating a particular strand of ransomware doesn’t mean it’s dead and buried; you only have to take a look at GandCrab to see how it can evolve.

GandCrab first emerged online at the start of 2018 and began to spread rapidly across the globe. Known as a Ransomware-as-a-Service (RaaS) attack, GandCrab has been able to continue causing chaos thanks to its code receiving regular updates. Now, as ransomware is such a pressing concern at the best of times, the realization that it can rapidly evolve is very troubling for anyone who heads online.

Due to the economic impact, not to mention the effect on productivity, that ransomware can cause to organizations, we’re going to take a close look at GandCrab to understand how and why it has evolved.

What is RaaS?

GandCrab is classed as a RaaS, but what exactly does this mean? Well, RaaS is built upon an attack where ransomware is written by cyber-criminals and then sold on to attackers who may not have the technical knowledge to write their own ransomware. Sometimes, however, the attackers may be perfectly capable of writing their own ransomware, but they don’t have the time and are just looking for a quick buck instead. Nonetheless, RaaS is highly popular due to the ease with which it can be deployed and the ready availability of the code. And this is exactly how GandCrab has been operating since the start of the year.

How Does GandCrab Operate?

Rather than concentrating on just one deployment method, GandCrab is particularly virulent thanks to its multifaceted approach which includes spam emails, exploit kits and malvertising. Once executed, GandCrab begins compiling information on the victim’s PC and scans for file extensions that it’s capable of encrypting. Early versions of GandCrab would encrypt files with a .CRAB extension, but the latest versions have begun encrypting files with 5 digit extensions that are randomly generated. GandCrab is also different to most other ransomware as it demands its ransom in Dash, a cryptocurrency which launched in 2015, rather than Bitcoin.

The Evolution of GandCrab

In total, there have been five versions of GandCrab released since its initial detection. Being a RaaS, the writers of GandCrab are keen to keep the money flowing in and this has fuelled their determination to update their product. Those who were infected by versions 1.0 and 1.1 were in luck early on as BitDefender managed to code a decryptor to retrieve files which had been compromised. However, this setback only served to inspire the hackers behind GandCrab to update the code significantly in GandCrab 2.0. Since then, less significant, but regular updates have allowed GandCrab to stay ahead of the security experts and keep their product bringing in its illicit income.

Can GandCrab be Defeated?

Despite the strength of GandCrab’s defenses, it appears that the security experts may be getting closer. Recent developments have seen BitDefender refining their decryptor software to unlock files encrypted by GandCrab versions 1, 4 and 5. Unfortunately, progress on decrypting files encrypted by versions 2 and 3 has been much slower and these files remain encrypted unless the victims are willing to pay the ransom. Ultimately, the best way for your organization to protect its data from the threat of ransomware such as GandCrab is by practicing best security practices and not having to decrypt any files whatsoever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


 

Cloud networks are the most important newcomers to storage and networking in a long, long time, but why are cloud networks at risk of being hacked in 2018?

With cloud network revenue set to hit $228 billion in 2019, it’s clear to see that cloud networks have become phenomenally successful and their popularity doesn’t appear to show any signs of slowing down. However, hackers are exceptionally interested in this new slice of digital real estate and, accordingly, are beginning to tailor attacks towards cloud providers. Naturally, new technology is prone to teething issues, but when there’s so much data at risk, it’s understandable that organizations may be a little concerned by the risk of cloud networks being hacked.

Let’s take a look at exactly why there’s a risk of your cloud network being hacked and having all its data compromised.

Hackers Like to Target Big and Sensitive Data

Cloud networks have been readily adopted by many organizations due to the vast benefits they offer, so it should come as no surprise that hackers have followed consumers to the cloud. Organizations are frequently storing entire databases packed full of confidential data which, to a hacker’s eyes, is the ultimate prize. Rather than embarking on time consuming hacking strategies which yield only one employee’s details, hackers are going to go straight to the cloud to obtain as much data as possible.

 

The Cloud Brings New Technology

While organizations are more than aware of firewalls and passwords, cloud networks bring a whole new range of technology that has shifted the goalposts of cyber-security. For example, the cloud is a virtual network rather than a physical network and, accordingly, can’t be treated in the same way as previous technology that organizations have used. New security tools are required to marshal data warehouses in the cloud and, at present, the level of knowledge is, even in many IT professionals, at a naive level.

Human Error is Always an Issue

Employees of any organization that accesses a cloud network are perhaps the biggest threat to cloud security. All it takes is one mistake for a hacker to gain access to your network and, if they access your cloud, this could have catastrophic effects for your organization’s data. As ever, the risk of falling for phishing scams puts the security of your cloud network at risk, but, as covered earlier, the new technology also brings a number of problems to the table such as configuration errors. Amazon, for example, exposed nearly 48 million data profiles earlier this year due to not configuring their cloud correctly.

The Danger of State Sponsored Attacks

Huge organizations that are integral to the running of the country have invested heavily in cloud networks to help store the vast amounts of data that they generate. The result of this is that hackers are continually searching for new and innovative ways to breach cloud security. While their main target may be major corporations, the knowledge that these hackers are gaining means that the ease with which cloud networks can be hacked is increasing. As this knowledge builds and builds, attacks on cloud networks will become easier to execute and more commonplace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More


Facebook has started to reveal more details regarding the hack they experienced in September 2018 which has put 30 million users’ data at risk.

One of the most popular websites on the planet, Facebook has managed to amass a mammoth user base which totals around 2.23 billion. As a result, Facebook is an organization which retains a near unparalleled amount of data on its servers. To say that it’s a target for hackers would be an understatement, it’s more like the holy grail for any hacker who’s ever picked up a keyboard. And now it’s been hacked.

Facebook may be a massive organization making billions of dollars in revenue every year, but this doesn’t mean they’re immune from security lapses. It’s a fact which highlights the importance of good cyber security for any organization operating in the digital sphere. Let’s take a look at what happened.

How Facebook Got Hacked

The techniques behind the Facebook hack are complex, but for a talented hacker the methods employed are relatively simple. Targeting in on three bugs in the Facebook code for the ‘View As’ section – which allows users to view their own profile as if they’re a different user – the hackers were able to obtain important ‘access tokens’. These access tokens are the pieces of code which ensure that users remain logged into Facebook without prompting for login information every time they try to access Facebook.

The hackers were able to build an initial pool of 400,000 accounts that they controlled with these access tokens. From here, the hackers began to harvest data from all these accounts and, when complete, used an automated process to hack into the accounts of friends listed on the initially compromised account. Moving from account to account in such a way ensured that the number of hacked accounts grew exponentially with the final figure totaling around 30 million hacked accounts. Sensitive and personal data, of course, is what hackers thrive on and within these 30 million accounts they found plenty.

15 million Facebook users found that the hackers were able to access their name and contact information, while another 14 million users had details compromised such as gender, current address, birth date and the last 10 places they checked in at. The remaining one million hacked accounts ‘merely’ had their access tokens compromised with no personal data being on offer to the hackers. Unfortunately, for Facebook users, it took nearly two weeks to bring the hack to a close. Unusual activity was first recorded on 14th September, but it wasn’t until 11 days later that Facebook was able to confirm an attack was taking place. Two days later the attack was shut down and new access tokens issued.

If Facebook Can Get Hacked

Facebook use their own code so, naturally, the exact hack that blighted their systems is unlikely to affect your organization. However, the vulnerability of software is a universal concern for any organization that faces the public digitally. As ever, the basics of good cyber security should be adhered to at all times such as:

  • Installing all updates at the point of issue
  • Regularly updating passwords to protect user accounts
  • Training your staff on the methods used to execute an attack

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Phishing is now so prevalent and sophisticated that even the biggest organizations on the planet are likely to be duped by phishing scams.

Immunity from such attacks is a difficult privilege to secure, so any organization that wants to remain productive needs to understand the threats out there. While you would expect most phishing attacks to target smaller, less secure organizations, this couldn’t be further from the truth. Instead, many hackers are taking on high profile organizations due to the challenge on offer and the publicity that such attacks bring.

Understanding how these businesses have been phished is crucial as it helps you to understand exactly why you need good security. To provide you with a foundation of knowledge, we’re going to look at some high profile organizations that have been phished.

Facebook and Google

Two of the biggest names in business on the planet, Facebook and Google found themselves at the center of the same phishing scam a couple of years ago.

Evaldas Rimasauskas, from Lithuania, used a simple phishing campaign whereby he posed as the head of a Taiwanese parts manufacturer called Quanta. Key to this scam was that Facebook and Google both used the genuine Quanta company to conduct business with. Through a combination of compromised emails, forged invoices and a lack of suspicion on the two tech giants’ behalf, around $100 million was paid out to Rimasauskas between 2013 – 2015.

Anthem

Anthem is one of the largest health insurance companies in the US and, as you can imagine, they hold a substantial amount of private and confidential data. However, in 2014 they lost nearly 78.8 million consumer records due to a phishing attack.

It’s believed that a foreign government was behind the attack, but the method employed was still ridiculously straightforward. An employee at an Anthem subsidiary opened a phishing email which allowed malicious content to be downloaded to the employee’s PC. Once these files were executed, hackers were able to take control of the PC by remote access and start making their way deep into the Anthem network. One of the sections that were of most interest was Anthem’s data warehouse where the hackers had access to customers’ medical histories, social security numbers and address details.

Snapchat

The popular social media app Snapchat found one of its employees being targeted by a spear phishing scam in 2016 which compromised confidential data.

A seemingly innocuous email was sent to Snapchat’s payroll department in February 2016 which claimed to have been written by the company’s CEO. The email requested that employee payroll information was forwarded on for internal reference. Unfortunately, one of the payroll employees did not realize this was a less than genuine request. A significant amount of personal information about former and current employees was then emailed to an external party. Due to the nature of the data obtained, hackers then had the potential to use it to engineer identity theft.

RSA Security

Even IT security companies aren’t safe from the threat of phishing emails as RSA security discovered back in 2011.

Hackers designed two separate emails which were sent to four employees at RSA’s parent company EMC. The emails, which appeared to be from a recruitment website, contained an attachment referred to as ‘2011 Recruitment plan.xls” in the email’s subject line. However, this was a malicious attachment and, upon clicking it, a zero-day vulnerability in Adobe Flash would be exploited and lead to the download of a backdoor virus onto the user’s PC. The hackers were then able to access RSA’s network where they had access to 44 million employee records.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More