Coronavirus Malware Spreads Round the World

Ophtek, Phishing, Phishing Email, Security, Security Threats, , ,
18
Feb 2020

The coronavirus is the latest health scare to be spreading across the globe. Hackers, as clever as ever, are using this fear to spread malware.

Hackers are innovative criminals and are constantly on the lookout for exploits. Sometimes these are software vulnerabilities that leave back door opens. But these exploits can also take the form of social engineering. And this is how hackers are taking advantage of the panic caused by the coronavirus.

It’s always important to safeguard your defenses with the best security software, but this isn’t enough. Threats such as social engineering require a concerted effort to be made by individuals. So that’s why we’re going to take a look at the threat posed by the coronavirus malware.

What is the Coronavirus Malware?

The entire planet is preparing and educating themselves for the fight against the coronavirus. Naturally, this means that millions of people are heading online to learn more about the disease. Now, although the internet poses no threat to your physical health, the same cannot be said for your digital security. And this is because cyber criminals are disguising malware as educational documents on the coronavirus.

These documents, which have been detected as docx, pdf and mp4 variants, promise to be helpful. But, rather than containing useful information on the coronavirus, these documents actually contain a wide range of malware threats. So far, Kaspersky, have identified 10 file variants that include various Trojans and worms. However, given the on-going threat of the coronavirus, it’s likely that the number of malware threats will increase.

The most common method to spread this malware is through phishing emails. And, as with all social engineering, the bait is very convincing. The emails claim to be distributed by the Centers for Disease Control and Prevention, but this is a false claim. If you look a little closer you will discover that the domain these are sent from is incorrect. The official domain for the CDC is cdc.gov but these malicious emails actually originate from cdc-gov.org. These emails contain a link which, rather than taking you to an advice page, takes you to a fake web page that aims to steal your credentials.

How to Protect Yourself Against the Coronavirus Malware

Hackers are using a variety of methods to exploit the coronavirus to cause digital chaos. Infected documents threaten the security of your PC systems and phishing emails have the potential to steal personal information. Therefore, you need to protect yourself by following these best practices:

  • Only Open Trusted Files: The only files that you should ever open on a PC are ones that come from a trusted source. If there’s even the smallest doubt over the legitimacy of a file you shouldn’t download it. Always check with an IT professional before going any further. 
  • Always Hover Over Links: Emails, and websites, can easily display a web link which disguises its true destination. A link that, for example, claims it will send you to an official government website can easily send you somewhere else. However, if you hover your mouse cursor over a link, this will prompt a popup which displays exactly where it will take you. 
  • Install Security Software: A sure fire way to avoid the wrath of malicious websites is by working with security software. These applications are regularly updated with details of malicious websites and will put an instant block on visiting them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How to Avoid Cloud Migration Risks

Cloud, Cloud Storage, migration, Online Storage, Ophtek, , ,
11
Feb 2020

Cloud services are one of the hottest trends when it comes to IT and business. But it’s a new form of technology. And this means it comes loaded with risk.

The headlines regarding the boom in cloud computing have been plentiful and the future remains bright. Therefore, it’s an area of IT that your organization has to get on board with. After all, the benefits associated with the cloud are numerous. And they have the capacity to transform your organization into a stronger, more functional and more competitive business. So, it sounds pretty enticing, right?

But migrating your services to the cloud is a big step. There are many risks and factors to take into consideration. And that’s why we’ve put together this guide on how to avoid cloud migration risks.

What are the Risks?

There are a number of risks to consider when migrating to the cloud and these include:

  • Unauthorized Use of Services: One of the major risks of cloud computing is that cloud service providers allow additional services to be installed by default. And this is down to the self-service nature of the cloud. Therefore, employees with access with the cloud have the option to install unauthorized software. And this could soon led to malware being installed. 
  • Increase in Complexity: The complexity of the cloud can have a major impact on your IT resources. IT staff will be required to learn an entire new model of IT, so this will add extra strain to their workload. Perhaps most concerning is the lack of knowledge regarding cloud security. This weakness in security could pose a massive threat to your network. 
  • Data is Always at Risk: No cloud service provider is perfect. And your data will always be at some form of risk on their platform. The backup servers, for example, of a cloud based platform are just as vulnerable to acts of God and hackers. Data loss, therefore, cannot be eliminated and requires additional solutions.

How Do You Avoid these Risks?

Thankfully, all of these risks can be minimized. The key to success is planning in every aspect of the migration. So, make sure that your organization does the following:

  • Configure Slowly and Carefully: Migrating to the cloud is not something that can be rushed. You need to proceed slowly and ensure that everything is set up correctly. And this is most important when it comes to privileges. These need to be managed correctly to minimize the risk of unauthorized access causing major problems for your security.
  • Establish Prior Training: Cloud technology is relatively new and this has resulted in a lack of available skills being available. But this does not have to be a definitive situation for your business. So, the first step of your cloud migration should be to establish a training program. By proceeding in this manner you will ensure a hassle free migration.
  • Work with Multiple Backup Methods: You should never rely on just one form of data storage. And the cloud is no different. To minimize the risk of any data disasters it’s crucial that you work with multiple backup methods. It could be the difference between your data being available and your organization remaining functional.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Don’t Make these Common IoT Mistakes

Internet of things, IOT, IoT Attacks, Ophtek, Uncategorized, , ,
04
Feb 2020

The Internet of Things (IoT) has revolutionized device connectivity. But it’s an aspect of IT which is still in its infancy. And mistakes are common.

Eliminating these mistakes is an important factor in maximizing your productivity. After all, we live in a digital age. And it’s crucial that your IT systems are working to their full potential. Any drop off in productivity can harm the overall performance of your business. You need to retain an edge over your competitors, so mastering the IoT is crucial.

You may not be aware that you’re making mistakes with the IoT or you may not know how to rectify them. Either way you need a helping hand. And that’s why we’re going make sure you don’t make these common IoT mistakes.

Avoiding the Most Common IoT Mistakes

The IoT harnesses some complex technology, so it should come as no surprise that mistakes are common. However, these mistakes are relatively easy to fix:

  • Failing to Plan for Maintenance: IoT devices are like any other piece of machinery: they are prone to failure. And all it takes is for one device to fail to cause a massive drop in productivity. Scenarios such as this are why regular maintenance of your IoT needs to be built into your IT maintenance schedule. 
  • Ignoring Updates: The number of devices operating as part of the IoT is estimate to be just over 30 billion devices. That’s a lot of devices. And this has made them a target for hackers. But one of the simplest ways to protect your IoT devices is by installing any updates associated with them. Naturally, the number of devices means it can be difficult to monitor when updates are due. But, by running regular audits on your IoT devices, you can monitor for firmware and patches to maximize your security. 
  • Not Understanding the Importance of Data: IoT devices are fantastic for monitoring data, so it’s important that you take advantage of this. Vehicle tracking, for example, provides a wealth of information about the way in which your drivers are operating. And this data can be used to enhance their efficiency e.g. minimizing the risk of speeding offences and driving more economically. So you need to make sure that all IoT data is regularly analyzed.

By eliminating these common IoT mistakes you can make a significant difference to your organization’s productivity. IoT devices are only going to become more common in the workplace, so it’s important that you master this technology early on.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Keeping the IoT Secure with Shodan

IOT, IoT Attacks, IT Best Practices, Ophtek, ,
29
Jan 2020

The Internet of Things (IoT) is getting bigger and bigger. But this popularity is making it a target for hackers. Thankfully, Shodan is here to secure it.

It’s difficult to imagine life without the IoT; the sheer range of possibilities it opens up is astonishing. But it has also attracted a number of headlines due to its shortcomings in security. Naturally, the opportunity to strengthen security around IoT devices is one of great interest. And now there’s a website which promises to maximize your IoT security. Its name is Shodan and it could just revolutionize your device security.

Let’s take a look at what it is and how Shodan can keep the IoT secure.

What is Shodan?

Shodan is, in its simplest terms, a search engine for IoT devices. It’s similar to Google, but rather than searching for news on your favorite TV shows, you can use it find IoT devices. As long as a device is connected to the internet, Shodan should be able to find and identify it. And this applies to any IoT device be it a printer, security camera or refrigerator.

How Does Shodan Work?

The part of the internet that the IoT connects to is usually considered invisible, but all it takes is the right algorithm to analyze it. And this is what Shodan does. The overall mechanics of Shodan’s algorithm is complex, but here’s a breakdown of how it works:

  • Creates random IPv4 addresses which are used to identity network interfaces on a machine
  • Scans the internet for a real time list of connected IoT devices
  • Scans each device by checking a selection of available ports
  • Analyzes each port for a unique IPv4 address
  • Grabs a selection of metadata from the device which includes: usernames, passwords, geographical location and IP addresses

And all of this information can be displayed in the search results on Shodan.

Is Shodan a help or a Hindrance?

The amount of sensitive data that Shodan can expose is worrying. The last thing you want is for your usernames and passwords to be compromised. This could lead to grave consequences for your security. But is Shodan as scary as it sounds? Well, the truth is that it can actually enhance your IoT security.

Shodan is now a popular tool for security professionals to evaluate their IoT devices. And it’s most commonly used in the following ways:

  • Detecting Vulnerabilities: Shodan has a range of filters available that you can use to identify potential vulnerabilities in your IoT devices. This could include the use of default login credentials (these are the only login details that Shodan exposes) or which ports are currently open. By identifying these vulnerabilities with Shodan you can rectify them.
  • Track Exploits: Hackers are industrious characters and relish the challenge of identifying exploits. And the result is that IoT devices are constantly in their targets. Thankfully, Shodan is on hand to help. It does this by collecting together all known exploits for IoT devices and making them available. All a user has to do is use the Shodan search engine to search for specific terms and uncover any known exploits.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Use the 3-2-1 Backup Method to Protect Your Data

Backup, Backup and Recovery, Backup Strategies, Data Backup, Data Storage, Ophtek, , , , ,
28
Jan 2020

Hardware can easily become compromised, stolen or damaged. And this can leave you without crucial data. But the 3-2-1 backup method is here to help.

Data disasters are most often caused by hardware failure, human error or cyber-attacks. Regardless of the cause, your organization needs a good backup strategy in place. You need to be able to retrieve your data in the event of an emergency. Without a backup strategy you will struggle to recover and this will have a major impact on your productivity. And that’s why the 3-2-1 backup method has proved to be so popular with businesses.

Data protection has never been more important that today, so we’re going to take a look at how the 3-2-1 backup method can protect your data.

What is the 3-2-1 Backup Method?

The principle behind the 3-2-1 backup method lies in its name:

Let’s take a closer look at each part of the method to help you understand the thinking behind it:

  • Keeping at Least 3 Copies of Your Data: To keep just one backup copy of your data is careless. Say, for example, your data is compromised by ransomware. An option would be to retrieve your backup data from an external hard drive. But what if you discover this device has been damaged in some way? You need an alternative solution. And this could be accessing a USB drive or connecting to a cloud storage solution. The minimum number of copies you should keep is three, but there’s no maximum. You can keep three, five or fifty. 
  • Keeping 2 of these Copies on Local Devices: Onsite backups are essential for keeping your productivity in place. Data disasters are unpredictable and can have an instant impact. Therefore, you need to make sure that you have your backup data close to hand. This approach will allow you to quickly implement any compromised data and establish normal working practices. Again, it’s important to have more than one local backup available to safeguard against any technical issues. 
  • Keeping at Least 1 Copy Offsite: If you want to reap the benefits of a complete backup strategy you need to keep one copy offsite. Advances in cloud computing mean that it’s easier than ever to store data offsite. And this can pay dividends in the case of a local disaster. If, for example, you are hit by a hurricane or a flood, all your local backups could be damaged. It doesn’t matter if you’ve got three or three hundred. But if you keep at least one copy in the cloud you are ensuring comprehensive data protection is in place. 

Final Thoughts 

A good backup strategy is vital in protecting your data in the event of a data disaster. And it pays to be comprehensive in the manner in which you protect your data. The 3-2-1 backup method is the perfect way in which to achieve this.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 44 45 46 47 48 57