Most public spaces from coffee shops through to shopping malls now contain some form of public WiFi, but are these public networks 100% safe to use?

When your office based employees connect to the internet, they’re making this connection through your own network. And this means that you’re able to monitor all incoming and outgoing activity. Rather that monitoring which websites your employees are visiting, though, the main reason for monitoring these connections is to make sure that nothing malicious is entering your network. Remote workers, however, are likely to take advantage of public WiFi as a considerable amount of their work will be completed away from your work connection.

Due to the unique nature of each and every public WiFi network, it’s crucial that you understand the concerns surrounding these types of connections.

The Dangers of Public WiFi

Public WiFi may appear to be extremely convenient, but there are a number of security issues attached to connecting to public hotspots such as:

  • Lack of Details: When you connect to a public WiFi network there’s no way of knowing exactly what you’re connecting to. This, in itself, is a dangerous move and is one of the main reasons why public WiFi is frowned upon by security experts. 
  • WPA2 Vulnerability: Most public WiFi uses WPA2 encryption to protect data, but the security of WPA2 has been called into question over the last few years due to the discovery of a major vulnerability in its code. 
  • Malware Threat: Due to the lack of security surrounding public WiFi networks, it’s very easy for a hacker to position themselves in between the connection point and, for example, your laptop. This allows the hacker the opportunity to discreetly upload malware to your device and execute its malicious payload.

Should You Use Public WiFi?

Clearly, there are a number of risks involved in using public WiFi and the simplest way to avoid these dangers is by completely avoiding these connections. However, there are certain scenarios where it’s crucial that your remote employee needs to connect to whichever network is available. And in these cases you should follow these best practices:

  • Use a VPN: A virtual private network (VPN) is a service that creates an encrypted connection between your device and the remote server of your VPN. Any hacker who manages to intercept this connection will only be able to view a highly encrypted message which will be absolutely useless to them. 
  • Verify the Connection: One of the simplest ways to evaluate the connection on offer is to double check the legitimacy of the available connections with an employee at the location in question. At the very least they will be able to confirm whether the connection is genuine or fake. 
  • Use Anti-Malware Software: Protecting yourself with anti-malware software should be a given, but when people are using remote devices they fail to appreciate just how vulnerable these are. Even the simplest form of anti-malware software provides an effective defense, so make sure your device is protected.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


2018, just like 2017 before it, was a year packed full of cyber-security threats that our network defenses constantly tried to keep at bay.

However, the sheer number of attacks that were launched throughout 2018 meant that it was inevitable that breaches would take place. Perhaps your organization was one of the lucky ones, perhaps you were just too late to get on board with good security practices and found yourself hacked. Either way, it’s almost certain that you encountered at least one form of hacking during the year. And, hopefully, your organization managed to, at the very least, learn from the situation and improve your defenses.

With 2018 coming to a close, I decided it was a good time to take a look back over the major threats we experienced to see what we could learn and how we can prepare for 2019.

Ransomware

2017 is known by many security insiders as ‘The Year of Ransomware’ as it appeared to be in the headlines constantly. However, in 2018 there was a sharp drop in ransomware activity. By the end of Q2 2018, Malwarebytes reported that ransomware had fallen out of favor with hackers and was now only ranked as the sixth most popular form of malware. It’s suspected that this drop in activity can be put down to a rise in user awareness of ransomware scams and, perhaps most importantly, the fact that organizations rarely paid any ransom fees. The threat of ransomware, of course, still remains albeit much reduced and vigilance remains key to avoid disruption.

Cryptomining

One of the main reasons for ransomware’s fall in popularity during 2018 is down to the increase in popularity of cryptomining malware. Kaspersky revealed that while ransomware infections have dropped by 30%, cryptomining infections rose by 44.5% over the same 12 month period. And this change in fortunes shouldn’t come as a big surprise. All ransomware guarantees is that a ransom demand will be issued, no incoming funds are guaranteed as organizations often refuse to pay due to having backups. With cryptomining, however, once the infection is in place, the hackers can begin to reap small financial benefits fairly soon.

Phishing Emails

Despite the crude appearance and execution of phishing emails, they remain one of the most deceptive threats out there to organizations. Capable of extracting highly sensitive data, phishing emails have continued to enjoy popularity with scammers and hackers. Data from Kaspersky demonstrates that the proportion of spam in email traffic reached 53.49% in September 2018 – up from 47.7% in April 2018. And, through Kaspersky’s defenses alone, just over 137 million attempts to direct users to scam websites were carried out through phishing methods.

Preparing for 2019

There’s never time to rest on your laurels in cyber-security and the data above clearly underlines this fact. While the recent horror stories of ransomware may, to a degree, be muted, this method of hacking has very quickly been replaced with the more discreet techniques of cryptomining. And this is all without mentioning the gargantuan risk posed from phishing emails which remain as popular as ever. Going into 2019, it’s crucial that your organization is aware of the signs, symptoms and ramifications of all the major hacking techniques they may encounter while at work. Only then will you stand your best chance of being protected.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


British Airways recently had 385,000 online transactions hacked due to a code weakness on their payment processing pages. And customers were not happy.

Reputation is important for any organization, so limiting bad news is crucial to ensure that consumers can trust your brand. British Airways, however, have experienced a significant blow to their public image due to a recent hack which ransacked their customers’ confidential data. The attack that took place was an example of cross-site scripting, a method of hacking which may not grab as many headlines as ransomware and malware but is still very dangerous.

Processing online payments is part and parcel of any business with a digital presence these days, so I think it’s important we take a look at what happened to British Airways.

Who Hacked British Airways?

It’s believed that Magecart are the hacking group behind the British Airways hack due to the similar techniques used to execute the attack. Magecart first emerged in early 2016 and was linked to numerous hacks that affected online shops and sought to steal credit card details during online payment processing. Previously, Magecart had targeted third party payment processors rather than payment systems embedded within websites. However, the attack on British Airways demonstrated that Magecart were now developing tailored code to attack their targets’ websites directly.

How Did Magecart Launch Their Attack?

Unlike ransomware and malware, there was no need for Magecart to dispatch an email containing a malicious payload. Instead, they targeted the code of British Airways’ website. By exploiting weaknesses in the website’s code, Magecart were able to ‘inject’ 22 new lines of code into the British Airway’s website. And it was this small amount of code which made the hack so devastating.

Lying silently in the background, this new code would log keystrokes from the payment processing section and, once the victim hit the ‘submit’ button, it would transmit these keystrokes to the attackers’ server. Not only were credit card details compromised, but also a significant amount of sensitive, personal data. To help reduce the chances of being detected, the hackers even loaded their own server with an SSL security certificate to make it appear genuine. Sadly, it was far from genuine. The attack managed to remain undetected for 15 days and, as a result, managed to infiltrate a huge number of online transactions.

The Dangers of Cross-Site Scripting

Combating cross-site scripting attacks is not easy due to the difficulty in spotting previously unknown vulnerabilities contained within website codes. However, progress is always being made and it’s now possible to employ automated tools that can identify when the code behind a website has been changed remotely. Alternatively, disabling scripts on your website is a guaranteed remedy, but that comes with the headache of reduced functionality which could easily eat into your revenue.

Regardless of whether your website’s code is secure or not, the activities of Magecart are proof that hackers are looking for new and cunning ways to breach your defenses. What’s most important is that you monitor all network activity and analyze any activity which is unusual otherwise you could find yourself with a huge number of unhappy customers at your door.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Facebook has started to reveal more details regarding the hack they experienced in September 2018 which has put 30 million users’ data at risk.

One of the most popular websites on the planet, Facebook has managed to amass a mammoth user base which totals around 2.23 billion. As a result, Facebook is an organization which retains a near unparalleled amount of data on its servers. To say that it’s a target for hackers would be an understatement, it’s more like the holy grail for any hacker who’s ever picked up a keyboard. And now it’s been hacked.

Facebook may be a massive organization making billions of dollars in revenue every year, but this doesn’t mean they’re immune from security lapses. It’s a fact which highlights the importance of good cyber security for any organization operating in the digital sphere. Let’s take a look at what happened.

How Facebook Got Hacked

The techniques behind the Facebook hack are complex, but for a talented hacker the methods employed are relatively simple. Targeting in on three bugs in the Facebook code for the ‘View As’ section – which allows users to view their own profile as if they’re a different user – the hackers were able to obtain important ‘access tokens’. These access tokens are the pieces of code which ensure that users remain logged into Facebook without prompting for login information every time they try to access Facebook.

The hackers were able to build an initial pool of 400,000 accounts that they controlled with these access tokens. From here, the hackers began to harvest data from all these accounts and, when complete, used an automated process to hack into the accounts of friends listed on the initially compromised account. Moving from account to account in such a way ensured that the number of hacked accounts grew exponentially with the final figure totaling around 30 million hacked accounts. Sensitive and personal data, of course, is what hackers thrive on and within these 30 million accounts they found plenty.

15 million Facebook users found that the hackers were able to access their name and contact information, while another 14 million users had details compromised such as gender, current address, birth date and the last 10 places they checked in at. The remaining one million hacked accounts ‘merely’ had their access tokens compromised with no personal data being on offer to the hackers. Unfortunately, for Facebook users, it took nearly two weeks to bring the hack to a close. Unusual activity was first recorded on 14th September, but it wasn’t until 11 days later that Facebook was able to confirm an attack was taking place. Two days later the attack was shut down and new access tokens issued.

If Facebook Can Get Hacked

Facebook use their own code so, naturally, the exact hack that blighted their systems is unlikely to affect your organization. However, the vulnerability of software is a universal concern for any organization that faces the public digitally. As ever, the basics of good cyber security should be adhered to at all times such as:

  • Installing all updates at the point of issue
  • Regularly updating passwords to protect user accounts
  • Training your staff on the methods used to execute an attack

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Webcam-Hacking-1-e1467574476370

Due to changes in the way we communicate, microphones and webcams are now important business tools, but did you know that they can be hacked?

And, in particular, did you know that the CIA is keen to utilize this type of hack for its own surveillance activities and to corrupt recordings? This news has recently been leaked by WikiLeaks and, although it’s not surprising that the CIA use such tools, it’s a real concern as we’ve seen in the past that security agencies hacking arsenals aren’t completely secure.

How do microphones and webcams get hacked though? Well, seeing as so many organizations use them for video conferencing these days, it’s probably best that we take a quick look.

What is Dumbo?

The main objective of Dumbo is to provide a route into a monitoring capability of a PC that home security systems are not capable of detecting. Now, what’s interesting about Dumbo is that it can’t, at present, be transmitted through email; instead, for a PC to be hacked with Dumbo, the hacker would need direct access to the PC to connect a USB drive. Once this is installed and activated, it begins searching for webcams and microphones and, once identified, Dumbo can disable or mute the devices.

Dumbo also identifies any files that these devices are currently writing to and gives Dumbo the opportunity to delete or corrupt these files. With capabilities such as this, Dumbo has the potential to delete audio-visual evidence or, if necessary, create fake evidence. For all of this to take place, however, the USB drive needs to remain plugged in at all times, so this creates a situation where a hacker would need to work very quickly and be directly at the system they’re hacking.

black-webcam

The Dark Side of Dumbo

The CIA, of course, have certain regulations that they have to adhere to and are only working in the interests of national security, so Dumbo isn’t something that the average organization shouldn’t have to worry about. However, as we saw with the NSA hacking tools leak, anything is possible in this day and age. And just imagine what would happen if this type of malicious software fell into the wrong hands.

Not only could the security of your communications become highly compromised, but even security of your physical building could be at risk as many organizations use webcams for security monitoring. The one limitation of Dumbo is that it needs to be actively executed in-situ, so this makes it a difficult hack to pull off. However, this doesn’t mean that the hacker has to step foot in your premises. As we’ve shown in the past, hackers have several ways that they can get a USB stick into an organization and it can often be down to a curious employee finding a USB stick in a car park.

Being aware of your employees’ activities doesn’t mean that you can completely extinguish the threat of a hack – such as Dumbo – taking place, so it’s always important that you regularly monitor hardware for any unusual activity. And it doesn’t have to be a webcam or microphone, it could easily be a printer. Therefore, if a piece of hardware starts acting suspiciously, then it’s highly recommended that you isolate it from your network before investigating it.

As we get deeper into the 21st century, it would appear that the digital landscape is becoming less and less secure, but the truth is that the best way to defeat hackers is by vigilance. If you can ensure that hackers attempts are thwarted and monitored then you should find your PCs are safer than ever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More